From 109c67c46df07c60949faa720dea8766875fa2b7 Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Sat, 25 Dec 2021 03:16:57 -0700 Subject: [PATCH 001/703] meson: don't try to guess versioned clang/llvm-strip bins for cross compile This should simplify overriding the program locations as the binary names should now not change if cross compiling. It's likely any attempts at autodetecting these in cross environments will be brittle at best so lets just disable it. (cherry picked from commit 4b7b73c7140b3c923064c6bf27a30b0e88a72f7a) --- meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 0b7c1918ad4..59c933b15d9 100644 --- a/meson.build +++ b/meson.build @@ -997,11 +997,11 @@ else # Support 'versioned' clang/llvm-strip binaries, as seen on Debian/Ubuntu # (like clang-10/llvm-strip-10) clang_bin = cc.get_id() == 'clang' ? cc.cmd_array()[0] : 'clang' - if clang_bin.contains('afl-clang') or clang_bin.contains('hfuzz-clang') + if meson.is_cross_build() or clang_bin.contains('afl-clang') or clang_bin.contains('hfuzz-clang') clang_bin = 'clang' endif clang = find_program(clang_bin, required : bpf_framework_required) - if clang.found() + if not meson.is_cross_build() and clang.found() llvm_strip_bin = run_command(clang, '--print-prog-name', 'llvm-strip', check : true).stdout().strip() else From 4d889024ef5ba1edc5d967a010a2551e0826e5d7 Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Fri, 24 Dec 2021 19:20:36 -0500 Subject: [PATCH 002/703] random-util: use ssize_t for getrandom return value This matches the prototype provided by glibc. (cherry picked from commit 289b41aae7356b7a6c72ff4a3476193a084ff33f) --- src/basic/missing_syscall.h | 3 ++- src/basic/random-util.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h index 0b0cc3cec2d..8267b1a90c1 100644 --- a/src/basic/missing_syscall.h +++ b/src/basic/missing_syscall.h @@ -78,7 +78,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) { /* ======================================================================= */ #if !HAVE_GETRANDOM -static inline int missing_getrandom(void *buffer, size_t count, unsigned flags) { +/* glibc says getrandom() returns ssize_t */ +static inline ssize_t missing_getrandom(void *buffer, size_t count, unsigned flags) { # ifdef __NR_getrandom return syscall(__NR_getrandom, buffer, count, flags); # else diff --git a/src/basic/random-util.c b/src/basic/random-util.c index c2be962355c..e117330857c 100644 --- a/src/basic/random-util.c +++ b/src/basic/random-util.c @@ -161,7 +161,6 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { static int have_syscall = -1; _cleanup_close_ int fd = -1; bool got_some = false; - int r; /* Gathers some high-quality randomness from the kernel (or potentially mid-quality randomness from * the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't block, unless the RANDOM_BLOCK @@ -220,18 +219,19 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { if (have_syscall != 0 && !HAS_FEATURE_MEMORY_SANITIZER) { for (;;) { - r = getrandom(p, n, + ssize_t l; + l = getrandom(p, n, (FLAGS_SET(flags, RANDOM_BLOCK) ? 0 : GRND_NONBLOCK) | (FLAGS_SET(flags, RANDOM_ALLOW_INSECURE) ? GRND_INSECURE : 0)); - if (r > 0) { + if (l > 0) { have_syscall = true; - if ((size_t) r == n) + if ((size_t) l == n) return 0; /* Yay, success! */ - assert((size_t) r < n); - p = (uint8_t*) p + r; - n -= r; + assert((size_t) l < n); + p = (uint8_t*) p + l; + n -= l; if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { /* Fill in the remaining bytes using pseudo-random values */ @@ -248,7 +248,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { /* Fill in the rest with /dev/urandom */ break; - } else if (r == 0) { + } else if (l == 0) { have_syscall = true; return -EIO; From 93ddabc26a7f21284cf761dd5ac5d279ecb6d657 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 26 Dec 2021 16:45:13 +0000 Subject: [PATCH 003/703] chrattr-util: return EOPNOTSUPP from chrattr_full if no other failure was observed When chattr_full tries to apply flags one-by-one, and one fails, record which errno was returned. But record EOPNOTSUPP(&friends) only if no other error is observed, and return it only in that case (otherwise keep returning ENOANO), so that callers can respond appropriately to EOPNOTSUPP vs more relevant errors. For example, this lets tmpfiles.d log at debug level when a filesystem flag cannot be applied because the filesystem does not support it, but at warning level if something else went wrong when applying it. Restores logging behaviour of tmpfiles.d to pre-250. Follow-up for: https://github.com/systemd/systemd/commit/c1631ee124a30abfb9c71e2a1534b8afffc3b6a7 Fixes: https://github.com/systemd/systemd/issues/21901 (cherry picked from commit 7c3b51c469140cdbc1b7e9a232af3f250fea3884) --- src/basic/chattr-util.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/basic/chattr-util.c b/src/basic/chattr-util.c index 807288a6498..eddde132aae 100644 --- a/src/basic/chattr-util.c +++ b/src/basic/chattr-util.c @@ -22,6 +22,7 @@ int chattr_full(const char *path, _cleanup_close_ int fd_will_close = -1; unsigned old_attr, new_attr; + int set_flags_errno = 0; struct stat st; assert(path || fd >= 0); @@ -109,6 +110,12 @@ int chattr_full(const char *path, log_full_errno(FLAGS_SET(flags, CHATTR_WARN_UNSUPPORTED_FLAGS) ? LOG_WARNING : LOG_DEBUG, errno, "Unable to set file attribute 0x%x on %s, ignoring: %m", mask_one, strna(path)); + + /* Ensures that we record whether only EOPNOTSUPP&friends are encountered, or if a more serious + * error (thus worth logging at a different level, etc) was seen too. */ + if (set_flags_errno == 0 || !ERRNO_IS_NOT_SUPPORTED(errno)) + set_flags_errno = -errno; + continue; } @@ -121,7 +128,10 @@ int chattr_full(const char *path, if (ret_final) *ret_final = current_attr; - return current_attr == new_attr ? 1 : -ENOANO; /* -ENOANO indicates that some attributes cannot be set. */ + /* -ENOANO indicates that some attributes cannot be set. ERRNO_IS_NOT_SUPPORTED indicates that all + * encountered failures were due to flags not supported by the FS, so return a specific error in + * that case, so callers can handle it properly (e.g.: tmpfiles.d can use debug level logging). */ + return current_attr == new_attr ? 1 : ERRNO_IS_NOT_SUPPORTED(set_flags_errno) ? set_flags_errno : -ENOANO; } int read_attr_fd(int fd, unsigned *ret) { From 0c7ef2c1667ee05dccec0cf4888403923173af79 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 27 Dec 2021 22:41:50 +0100 Subject: [PATCH 004/703] boot: Fix off-by-one NUL-termination (cherry picked from commit fab82756462fd0ce82836e3d95721954d7ab2527) --- src/boot/efi/bcd.c | 2 +- src/boot/efi/util.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/boot/efi/bcd.c b/src/boot/efi/bcd.c index 970c8b1c8ec..1f9f19ba639 100644 --- a/src/boot/efi/bcd.c +++ b/src/boot/efi/bcd.c @@ -316,6 +316,6 @@ TEST_STATIC CHAR16 *get_bcd_title(UINT8 *bcd, UINTN bcd_len) { /* The data should already be NUL-terminated. */ CHAR16 *title = (CHAR16 *) (bcd + description_value->data_offset); - title[description_value->data_size / sizeof(CHAR16)] = '\0'; + title[description_value->data_size / sizeof(CHAR16) - 1] = '\0'; return title; } diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 6db4ab39695..76e4eef1eb5 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -174,7 +174,7 @@ EFI_STATUS efivar_get(const EFI_GUID *vendor, const CHAR16 *name, CHAR16 **value return EFI_SUCCESS; /* Return buffer directly if it happens to be NUL terminated already */ - if (size >= sizeof(CHAR16) && buf[size/sizeof(CHAR16)] == 0) { + if (size >= sizeof(CHAR16) && buf[size / sizeof(CHAR16) - 1] == 0) { *value = TAKE_PTR(buf); return EFI_SUCCESS; } @@ -183,7 +183,7 @@ EFI_STATUS efivar_get(const EFI_GUID *vendor, const CHAR16 *name, CHAR16 **value val = xallocate_pool(size + sizeof(CHAR16)); CopyMem(val, buf, size); - val[size / sizeof(CHAR16)] = 0; /* NUL terminate */ + val[size / sizeof(CHAR16) - 1] = 0; /* NUL terminate */ *value = val; return EFI_SUCCESS; From a4e4c3377d05884c34cc89a0da9d4afe6d2884b4 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 27 Dec 2021 22:46:06 +0100 Subject: [PATCH 005/703] boot: Fix off-by-one offset sanity checks (cherry picked from commit c3c5b93a0c04c4940724b7babca92f4e75f49b98) --- src/boot/efi/bcd.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/boot/efi/bcd.c b/src/boot/efi/bcd.c index 1f9f19ba639..07948392ff0 100644 --- a/src/boot/efi/bcd.c +++ b/src/boot/efi/bcd.c @@ -117,14 +117,14 @@ static const Key *get_subkey(const UINT8 *bcd, UINT32 bcd_len, UINT32 offset, co assert(bcd); assert(name); - if ((UINT64) offset + sizeof(SubkeyFast) > bcd_len) + if ((UINT64) offset + sizeof(SubkeyFast) >= bcd_len) return NULL; const SubkeyFast *subkey = (const SubkeyFast *) (bcd + offset); if (subkey->sig != SIG_SUBKEY_FAST) return NULL; - if ((UINT64) offset + offsetof(SubkeyFast, entries) + sizeof(struct SubkeyFastEntry[subkey->n_entries]) > bcd_len) + if ((UINT64) offset + offsetof(SubkeyFast, entries) + sizeof(struct SubkeyFastEntry[subkey->n_entries]) >= bcd_len) return NULL; for (UINT16 i = 0; i < subkey->n_entries; i++) { @@ -146,14 +146,14 @@ static const Key *get_key(const UINT8 *bcd, UINT32 bcd_len, UINT32 offset, const assert(bcd); assert(name); - if ((UINT64) offset + sizeof(Key) > bcd_len) + if ((UINT64) offset + sizeof(Key) >= bcd_len) return NULL; const Key *key = (const Key *) (bcd + offset); if (key->sig != SIG_KEY) return NULL; - if ((UINT64) offset + offsetof(Key, key_name) + sizeof(CHAR8[key->key_name_len]) > bcd_len) + if ((UINT64) offset + offsetof(Key, key_name) + sizeof(CHAR8[key->key_name_len]) >= bcd_len) return NULL; if (*name) { @@ -175,21 +175,21 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if (key->n_key_values == 0) return NULL; - if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) > bcd_len) + if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) >= bcd_len) return NULL; const UINT32 *key_value_list = (const UINT32 *) (bcd + key->key_values_offset); for (UINT32 i = 0; i < key->n_key_values; i++) { UINT32 offset = *(key_value_list + i); - if ((UINT64) offset + sizeof(KeyValue) > bcd_len) + if ((UINT64) offset + sizeof(KeyValue) >= bcd_len) continue; const KeyValue *kv = (const KeyValue *) (bcd + offset); if (kv->sig != SIG_KEY_VALUE) continue; - if ((UINT64) offset + offsetof(KeyValue, name) + kv->name_len > bcd_len) + if ((UINT64) offset + offsetof(KeyValue, name) + kv->name_len >= bcd_len) continue; /* If most significant bit is set, data is stored in data_offset itself, but @@ -198,7 +198,7 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if (FLAGS_SET(kv->data_size, UINT32_C(1) << 31)) continue; - if ((UINT64) kv->data_offset + kv->data_size > bcd_len) + if ((UINT64) kv->data_offset + kv->data_size >= bcd_len) continue; if (strncaseeqa(name, kv->name, kv->name_len) && !name[kv->name_len]) @@ -228,7 +228,7 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key TEST_STATIC CHAR16 *get_bcd_title(UINT8 *bcd, UINTN bcd_len) { assert(bcd); - if (HIVE_CELL_OFFSET > bcd_len) + if (HIVE_CELL_OFFSET >= bcd_len) return NULL; BaseBlock *base_block = (BaseBlock *) bcd; From 630da18817d5096ba316153a021a3c6f6e51968f Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 27 Dec 2021 22:49:02 +0100 Subject: [PATCH 006/703] boot: Fix name length comparison (cherry picked from commit 2198a773916f0e4ecca01725118f1f5a6bbe27b1) --- src/boot/efi/bcd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/boot/efi/bcd.c b/src/boot/efi/bcd.c index 07948392ff0..44c544f8f71 100644 --- a/src/boot/efi/bcd.c +++ b/src/boot/efi/bcd.c @@ -19,6 +19,7 @@ # define UINT32 uint32_t # define UINT64 uint64_t # define UINTN size_t +# define strlena(s) strlen(s) # define strncaseeqa(a, b, n) strncaseeq((a), (b), (n)) # define TEST_STATIC static #endif @@ -157,7 +158,7 @@ static const Key *get_key(const UINT8 *bcd, UINT32 bcd_len, UINT32 offset, const return NULL; if (*name) { - if (strncaseeqa(name, key->key_name, key->key_name_len) && !name[key->key_name_len]) + if (strncaseeqa(name, key->key_name, key->key_name_len) && strlena(name) == key->key_name_len) name += key->key_name_len; else return NULL; @@ -201,7 +202,7 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if ((UINT64) kv->data_offset + kv->data_size >= bcd_len) continue; - if (strncaseeqa(name, kv->name, kv->name_len) && !name[kv->name_len]) + if (strncaseeqa(name, kv->name, kv->name_len) && strlena(name) == kv->name_len) return kv; } From 8b29809c116b3419ac7f0d876aafe3f9059180a8 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 27 Dec 2021 18:22:43 +0000 Subject: [PATCH 007/703] core: do not touch /run/systemd/systemd-units-load from user session instances Follow-up for: https://github.com/systemd/systemd/commit/15b9243c0d7f6d1531fa65dbc01bd11e8e6c12ca Fixes: https://github.com/systemd/systemd/issues/21911 (cherry picked from commit 4b3ad81bfafcd97acb06db463495e348d159d8e6) --- src/core/manager.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c index 9368a1dfa18..2946f580666 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1728,9 +1728,10 @@ static void manager_ready(Manager *m) { manager_catchup(m); /* Create a file which will indicate when the manager started loading units the last time. */ - (void) touch_file("/run/systemd/systemd-units-load", false, - m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME), - UID_INVALID, GID_INVALID, 0444); + if (MANAGER_IS_SYSTEM(m)) + (void) touch_file("/run/systemd/systemd-units-load", false, + m->timestamps[MANAGER_TIMESTAMP_UNITS_LOAD].realtime ?: now(CLOCK_REALTIME), + UID_INVALID, GID_INVALID, 0444); m->honor_device_enumeration = true; } From f47d962bb1c6882dbb5c675a786e394ebb368d24 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 29 Dec 2021 00:47:20 +0900 Subject: [PATCH 008/703] unti-file: fix symlinked drop-in directory handling This fixes a bug introduced by 95ef0eaf0d5cd43fcc8e9eb541f2c342f25f8f2f. Fixes #21920. (cherry picked from commit 7f304b856164a70b240d66d279fe66e7c8e8887d) --- src/basic/unit-file.c | 84 +++++++++++++++++++++++++++++++------------ 1 file changed, 61 insertions(+), 23 deletions(-) diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c index 30c632dfcef..faea92f66dd 100644 --- a/src/basic/unit-file.c +++ b/src/basic/unit-file.c @@ -236,6 +236,31 @@ bool lookup_paths_timestamp_hash_same(const LookupPaths *lp, uint64_t timestamp_ return updated == timestamp_hash; } +static int directory_name_is_valid(const char *name) { + const char *suffix; + + /* Accept a directory whose name is a valid unit file name ending in .wants/, .requires/ or .d/ */ + + FOREACH_STRING(suffix, ".wants", ".requires", ".d") { + _cleanup_free_ char *chopped = NULL; + const char *e; + + e = endswith(name, suffix); + if (!e) + continue; + + chopped = strndup(name, e - name); + if (!chopped) + return log_oom(); + + if (unit_name_is_valid(chopped, UNIT_NAME_ANY) || + unit_type_from_string(chopped) >= 0) + return true; + } + + return false; +} + int unit_file_build_name_map( const LookupPaths *lp, uint64_t *cache_timestamp_hash, @@ -287,50 +312,61 @@ int unit_file_build_name_map( FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { _unused_ _cleanup_free_ char *_filename_free = NULL; _cleanup_free_ char *simplified = NULL; + bool symlink_to_dir = false; const char *dst = NULL; char *filename; /* We only care about valid units and dirs with certain suffixes, let's ignore the * rest. */ - if (IN_SET(de->d_type, DT_REG, DT_LNK)) { + if (de->d_type == DT_REG) { + /* Accept a regular file whose name is a valid unit file name. */ if (!unit_name_is_valid(de->d_name, UNIT_NAME_ANY)) continue; - /* Accept a regular file or symlink whose name is a valid unit file name. */ - } else if (de->d_type == DT_DIR) { - bool valid_dir_name = false; - const char *suffix; - - /* Also accept a directory whose name is a valid unit file name ending in - * .wants/, .requires/ or .d/ */ if (!paths) /* Skip directories early unless path_cache is requested */ continue; - FOREACH_STRING(suffix, ".wants", ".requires", ".d") { - _cleanup_free_ char *chopped = NULL; - const char *e; + r = directory_name_is_valid(de->d_name); + if (r < 0) + return r; + if (r == 0) + continue; + + } else if (de->d_type == DT_LNK) { + + /* Accept a symlink file whose name is a valid unit file name or + * ending in .wants/, .requires/ or .d/. */ - e = endswith(de->d_name, suffix); - if (!e) + if (!unit_name_is_valid(de->d_name, UNIT_NAME_ANY)) { + _cleanup_free_ char *target = NULL; + + if (!paths) /* Skip symlink to a directory early unless path_cache is requested */ continue; - chopped = strndup(de->d_name, e - de->d_name); - if (!chopped) - return log_oom(); + r = directory_name_is_valid(de->d_name); + if (r < 0) + return r; + if (r == 0) + continue; - if (unit_name_is_valid(chopped, UNIT_NAME_ANY) || - unit_type_from_string(chopped) >= 0) { - valid_dir_name = true; - break; + r = readlinkat_malloc(dirfd(d), de->d_name, &target); + if (r < 0) { + log_warning_errno(r, "Failed to read symlink %s/%s, ignoring: %m", + *dir, de->d_name); + continue; } + + r = is_dir(target, /* follow = */ true); + if (r <= 0) + continue; + + symlink_to_dir = true; } - if (!valid_dir_name) - continue; } else continue; @@ -347,9 +383,11 @@ int unit_file_build_name_map( } else _filename_free = filename; /* Make sure we free the filename. */ - if (!IN_SET(de->d_type, DT_REG, DT_LNK)) + if (de->d_type == DT_DIR || (de->d_type == DT_LNK && symlink_to_dir)) continue; + assert(IN_SET(de->d_type, DT_REG, DT_LNK)); + /* search_path is ordered by priority (highest first). If the name is already mapped * to something (incl. itself), it means that we have already seen it, and we should * ignore it here. */ From 2a9efd85136e468f09d7fcccd494774f82ff005b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 29 Dec 2021 00:49:11 +0900 Subject: [PATCH 009/703] test: add testcases of symlinked drop-in directories (cherry picked from commit cf6562e4565c3055e1f387adadf2ff7fb0ce1688) --- test/units/testsuite-15.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh index 56ac1f774f8..0446e71c387 100755 --- a/test/units/testsuite-15.sh +++ b/test/units/testsuite-15.sh @@ -515,6 +515,25 @@ test_invalid_dropins () { return 0 } +test_symlink_dropin_directory () { + # For issue #21920. + echo "Testing symlink drop-in directory..." + create_services test15-a + rmdir /{etc,run,usr/lib}/systemd/system/test15-a.service.d + mkdir -p /tmp/testsuite-15-test15-a-dropin-directory + ln -s /tmp/testsuite-15-test15-a-dropin-directory /etc/systemd/system/test15-a.service.d + cat >/tmp/testsuite-15-test15-a-dropin-directory/override.conf < Date: Tue, 28 Dec 2021 22:42:03 +0900 Subject: [PATCH 010/703] network: ndisc: ignore route prefix to ::/0 Fixes #21912. (cherry picked from commit 80bfc3b901317ca7c1aaede0cd69150789a6e9be) --- src/network/networkd-ndisc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index 32cb536ee5e..f616f2c9bc7 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -612,6 +612,11 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { if (r < 0) return log_link_error_errno(link, r, "Failed to get route prefix length: %m"); + if (in6_addr_is_null(&dst) && prefixlen == 0) { + log_link_debug(link, "Route prefix is ::/0, ignoring"); + return 0; + } + if (in6_prefix_is_filtered(&dst, prefixlen, link->network->ndisc_allow_listed_route_prefix, link->network->ndisc_deny_listed_route_prefix)) { if (DEBUG_LOGGING) { _cleanup_free_ char *buf = NULL; From 202b1448aa1b83983d5cf9c7d44f09df0ed07d03 Mon Sep 17 00:00:00 2001 From: ksa678491784 Date: Tue, 28 Dec 2021 18:09:33 +0300 Subject: [PATCH 011/703] stub: Do not assume having DeviceHandle (cherry picked from commit 5204355861643a658a6d8e009b67e422cdb9194b) --- src/boot/efi/cpio.c | 6 ++++++ src/boot/efi/disk.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/boot/efi/cpio.c b/src/boot/efi/cpio.c index be0708aec43..74610cc1c7f 100644 --- a/src/boot/efi/cpio.c +++ b/src/boot/efi/cpio.c @@ -330,6 +330,12 @@ EFI_STATUS pack_cpio( assert(ret_buffer); assert(ret_buffer_size); + if (!loaded_image->DeviceHandle) { + *ret_buffer = NULL; + *ret_buffer_size = 0; + return EFI_SUCCESS; + } + root = LibOpenRoot(loaded_image->DeviceHandle); if (!root) return log_error_status_stall(EFI_LOAD_ERROR, L"Unable to open root directory."); diff --git a/src/boot/efi/disk.c b/src/boot/efi/disk.c index 6d3c8285a15..b7beac3d08b 100644 --- a/src/boot/efi/disk.c +++ b/src/boot/efi/disk.c @@ -10,7 +10,8 @@ EFI_STATUS disk_get_part_uuid(EFI_HANDLE *handle, CHAR16 uuid[static 37]) { EFI_DEVICE_PATH *device_path; _cleanup_freepool_ EFI_DEVICE_PATH *paths = NULL; - assert(handle); + if (!handle) + return EFI_NOT_FOUND; /* export the device path this image is started from */ device_path = DevicePathFromHandle(handle); From f85856c00d2968368084a54e459563b87dfc1f33 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 29 Dec 2021 12:04:46 +0900 Subject: [PATCH 012/703] manager: always close idle pipe when sending ready notification This fixes a bug introduced by 6d9326595592f98e8126eacb4176acd8c3516d5c. The commit makes several functions skipped if the manager is already in finished state, as > In manager_check_finished(), more steps are skipped if MANAGER_IS_FINISHED(). > Those steps are idempotent, but no need to waste cycles trying to do them > more than once. However, the idle pipe may be re-opened after manager is finished: manager_dispatch_run_queue() -> manager_watch_idle_pipe(). So, the closing the pipe is not idempotent here. Fixes #21889. (cherry picked from commit 9c1b17c3dc1541df02118ee3aaf6dd5dd540cdc2) --- src/core/manager.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c index 2946f580666..601e15f6892 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -3557,14 +3557,14 @@ void manager_check_finished(Manager *m) { manager_send_ready(m); + /* Notify Type=idle units that we are done now */ + manager_close_idle_pipe(m); + if (MANAGER_IS_FINISHED(m)) return; manager_flip_auto_status(m, false, "boot finished"); - /* Notify Type=idle units that we are done now */ - manager_close_idle_pipe(m); - /* Turn off confirm spawn now */ m->confirm_spawn = NULL; From d6d97abd7887f6927cf30f511b1ff41efdb1812c Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Tue, 28 Dec 2021 16:07:09 +0100 Subject: [PATCH 013/703] boot: Reject unaligned data The data seems to be properly aligned in real BCD stores, so it should be fine to just reject bad ones. Fixes: #21917 (cherry picked from commit 1cadb35fd68f0255e50627dffd25c83e7e2081e5) --- src/boot/efi/bcd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/boot/efi/bcd.c b/src/boot/efi/bcd.c index 44c544f8f71..85569deb09e 100644 --- a/src/boot/efi/bcd.c +++ b/src/boot/efi/bcd.c @@ -176,7 +176,8 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if (key->n_key_values == 0) return NULL; - if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) >= bcd_len) + if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) >= bcd_len || + (UINTN)(bcd + key->key_values_offset) % sizeof(UINT32) != 0) return NULL; const UINT32 *key_value_list = (const UINT32 *) (bcd + key->key_values_offset); @@ -266,7 +267,8 @@ TEST_STATIC CHAR16 *get_bcd_title(UINT8 *bcd, UINTN bcd_len) { CHAR8 order_guid[sizeof("{00000000-0000-0000-0000-000000000000}\0")]; if (displayorder_value->data_type != REG_MULTI_SZ || - displayorder_value->data_size != sizeof(CHAR16) * sizeof(order_guid)) + displayorder_value->data_size != sizeof(CHAR16[sizeof(order_guid)]) || + (UINTN)(bcd + displayorder_value->data_offset) % sizeof(CHAR16) != 0) /* BCD is multi-boot. */ return NULL; @@ -312,7 +314,8 @@ TEST_STATIC CHAR16 *get_bcd_title(UINT8 *bcd, UINTN bcd_len) { if (description_value->data_type != REG_SZ || description_value->data_size < sizeof(CHAR16) || - description_value->data_size % sizeof(CHAR16) != 0) + description_value->data_size % sizeof(CHAR16) != 0 || + (UINTN)(bcd + description_value->data_offset) % sizeof(CHAR16)) return NULL; /* The data should already be NUL-terminated. */ From c926189767e865fc191a21c67eb9e4916b06cf3e Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Wed, 29 Dec 2021 14:35:07 +0100 Subject: [PATCH 014/703] boot: Introduce helper macros for offset checking This fixes a subtle sizeof overflow on 32bit machines. (cherry picked from commit aa1d0f25873f737fb9306a12f9283872012f2d9a) --- src/boot/efi/bcd.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/boot/efi/bcd.c b/src/boot/efi/bcd.c index 85569deb09e..3eaabdd5387 100644 --- a/src/boot/efi/bcd.c +++ b/src/boot/efi/bcd.c @@ -112,20 +112,30 @@ assert_cc(offsetof(KeyValue, data_offset) == 8); assert_cc(offsetof(KeyValue, data_type) == 12); assert_cc(offsetof(KeyValue, name) == 20); +#define BAD_OFFSET(offset, len, max) \ + ((UINT64) (offset) + (len) >= (max)) + +#define BAD_STRUCT(type, offset, max) \ + ((UINT64) (offset) + sizeof(type) >= (max)) + +#define BAD_ARRAY(type, array, offset, array_len, max) \ + ((UINT64) (offset) + offsetof(type, array) + \ + sizeof((type){}.array[0]) * (UINT64) (array_len) >= (max)) + static const Key *get_key(const UINT8 *bcd, UINT32 bcd_len, UINT32 offset, const CHAR8 *name); static const Key *get_subkey(const UINT8 *bcd, UINT32 bcd_len, UINT32 offset, const CHAR8 *name) { assert(bcd); assert(name); - if ((UINT64) offset + sizeof(SubkeyFast) >= bcd_len) + if (BAD_STRUCT(SubkeyFast, offset, bcd_len)) return NULL; const SubkeyFast *subkey = (const SubkeyFast *) (bcd + offset); if (subkey->sig != SIG_SUBKEY_FAST) return NULL; - if ((UINT64) offset + offsetof(SubkeyFast, entries) + sizeof(struct SubkeyFastEntry[subkey->n_entries]) >= bcd_len) + if (BAD_ARRAY(SubkeyFast, entries, offset, subkey->n_entries, bcd_len)) return NULL; for (UINT16 i = 0; i < subkey->n_entries; i++) { @@ -147,14 +157,14 @@ static const Key *get_key(const UINT8 *bcd, UINT32 bcd_len, UINT32 offset, const assert(bcd); assert(name); - if ((UINT64) offset + sizeof(Key) >= bcd_len) + if (BAD_STRUCT(Key, offset, bcd_len)) return NULL; const Key *key = (const Key *) (bcd + offset); if (key->sig != SIG_KEY) return NULL; - if ((UINT64) offset + offsetof(Key, key_name) + sizeof(CHAR8[key->key_name_len]) >= bcd_len) + if (BAD_ARRAY(Key, key_name, offset, key->key_name_len, bcd_len)) return NULL; if (*name) { @@ -176,7 +186,7 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if (key->n_key_values == 0) return NULL; - if ((UINT64) key->key_values_offset + sizeof(UINT32[key->n_key_values]) >= bcd_len || + if (BAD_OFFSET(key->key_values_offset, sizeof(UINT32) * (UINT64) key->n_key_values, bcd_len) || (UINTN)(bcd + key->key_values_offset) % sizeof(UINT32) != 0) return NULL; @@ -184,14 +194,14 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key for (UINT32 i = 0; i < key->n_key_values; i++) { UINT32 offset = *(key_value_list + i); - if ((UINT64) offset + sizeof(KeyValue) >= bcd_len) + if (BAD_STRUCT(KeyValue, offset, bcd_len)) continue; const KeyValue *kv = (const KeyValue *) (bcd + offset); if (kv->sig != SIG_KEY_VALUE) continue; - if ((UINT64) offset + offsetof(KeyValue, name) + kv->name_len >= bcd_len) + if (BAD_ARRAY(KeyValue, name, offset, kv->name_len, bcd_len)) continue; /* If most significant bit is set, data is stored in data_offset itself, but @@ -200,7 +210,7 @@ static const KeyValue *get_key_value(const UINT8 *bcd, UINT32 bcd_len, const Key if (FLAGS_SET(kv->data_size, UINT32_C(1) << 31)) continue; - if ((UINT64) kv->data_offset + kv->data_size >= bcd_len) + if (BAD_OFFSET(kv->data_offset, kv->data_size, bcd_len)) continue; if (strncaseeqa(name, kv->name, kv->name_len) && strlena(name) == kv->name_len) From 0c4fe2e3dcde8225006a36cff643c112bd6c6523 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 30 Dec 2021 00:53:29 +0000 Subject: [PATCH 015/703] dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one() And pass it through to bus_wait_for_jobs() (cherry picked from commit 86980de64bf8c03505eec729808f52f3b3042998) --- src/mount/mount-tool.c | 6 +++--- src/nspawn/nspawn-register.c | 2 +- src/run/run.c | 6 +++--- src/shared/bus-wait-for-jobs.c | 4 ++-- src/shared/bus-wait-for-jobs.h | 2 +- src/shared/tests.c | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c index b0ea45debc2..dd0afc6e111 100644 --- a/src/mount/mount-tool.c +++ b/src/mount/mount-tool.c @@ -601,7 +601,7 @@ static int start_transient_mount( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet); + r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); if (r < 0) return r; } @@ -710,7 +710,7 @@ static int start_transient_automount( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet); + r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); if (r < 0) return r; } @@ -875,7 +875,7 @@ static int stop_mount( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet); + r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); if (r < 0) return r; } diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c index 2e6c12b3b7e..c78bead4a4b 100644 --- a/src/nspawn/nspawn-register.c +++ b/src/nspawn/nspawn-register.c @@ -313,7 +313,7 @@ int allocate_scope( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, false); + r = bus_wait_for_jobs_one(w, object, false, NULL); if (r < 0) return r; diff --git a/src/run/run.c b/src/run/run.c index 42c4e1b46b5..92c19b6a327 100644 --- a/src/run/run.c +++ b/src/run/run.c @@ -1229,7 +1229,7 @@ static int start_transient_service( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet); + r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); if (r < 0) return r; } @@ -1465,7 +1465,7 @@ static int start_transient_scope(sd_bus *bus) { if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet); + r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); if (r < 0) return r; @@ -1685,7 +1685,7 @@ static int start_transient_trigger( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet); + r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); if (r < 0) return r; diff --git a/src/shared/bus-wait-for-jobs.c b/src/shared/bus-wait-for-jobs.c index e4a3ab9a956..0cd47d57870 100644 --- a/src/shared/bus-wait-for-jobs.c +++ b/src/shared/bus-wait-for-jobs.c @@ -323,12 +323,12 @@ int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path) { return set_put_strdup(&d->jobs, path); } -int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet) { +int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args) { int r; r = bus_wait_for_jobs_add(d, path); if (r < 0) return log_oom(); - return bus_wait_for_jobs(d, quiet, NULL); + return bus_wait_for_jobs(d, quiet, extra_args); } diff --git a/src/shared/bus-wait-for-jobs.h b/src/shared/bus-wait-for-jobs.h index 68c9d604ad2..5acf8b9241d 100644 --- a/src/shared/bus-wait-for-jobs.h +++ b/src/shared/bus-wait-for-jobs.h @@ -11,6 +11,6 @@ int bus_wait_for_jobs_new(sd_bus *bus, BusWaitForJobs **ret); BusWaitForJobs* bus_wait_for_jobs_free(BusWaitForJobs *d); int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path); int bus_wait_for_jobs(BusWaitForJobs *d, bool quiet, const char* const* extra_args); -int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet); +int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args); DEFINE_TRIVIAL_CLEANUP_FUNC(BusWaitForJobs*, bus_wait_for_jobs_free); diff --git a/src/shared/tests.c b/src/shared/tests.c index 175b6d5499c..b00006b41a2 100644 --- a/src/shared/tests.c +++ b/src/shared/tests.c @@ -247,7 +247,7 @@ static int allocate_scope(void) { if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, false); + r = bus_wait_for_jobs_one(w, object, false, NULL); if (r < 0) return r; From b59615dc76cf82bd1fca301220ee0b7961cbcacd Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 30 Dec 2021 00:54:32 +0000 Subject: [PATCH 016/703] systemd-run: ensure error logs suggest to use '--user' when appropriate Before: $ systemd-run --service-type=notify --user false Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code. See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details. After: $ systemd-run --service-type=notify --user false Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code. See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details. Fixes https://github.com/systemd/systemd/issues/21933 (cherry picked from commit 466f2351bbb5c0fdc9f153e35506570e59b14c5f) --- src/run/run.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/run/run.c b/src/run/run.c index 92c19b6a327..ff24373847c 100644 --- a/src/run/run.c +++ b/src/run/run.c @@ -1229,7 +1229,7 @@ static int start_transient_service( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); if (r < 0) return r; } @@ -1465,7 +1465,7 @@ static int start_transient_scope(sd_bus *bus) { if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); if (r < 0) return r; @@ -1685,7 +1685,7 @@ static int start_transient_trigger( if (r < 0) return bus_log_parse_error(r); - r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); if (r < 0) return r; From 19bb2b8443598e80a4da391e70211d6576b2a144 Mon Sep 17 00:00:00 2001 From: Noel Kuntze Date: Thu, 30 Dec 2021 12:49:23 +0100 Subject: [PATCH 017/703] network: complete example for xfrm setup (cherry picked from commit 0d03e672a97c6ee85f563648e1ff40c88ce81d85) --- man/systemd.network.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index d4f03427464..22aa30492de 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -4697,6 +4697,7 @@ MACVTAP=macvtap-test # /etc/systemd/network/27-xfrm.netdev [NetDev] Name=xfrm0 +Kind=xfrm [Xfrm] InterfaceId=7 From 747b4f1ff8aac3a1b800b0a7ac0edef4af34da70 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 00:11:01 +0900 Subject: [PATCH 018/703] sysusers: use filename if /proc is not mounted During system install, /proc may not be mounted yet. Fixes RHBZ#2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=2036217). (cherry picked from commit b78d7f246899687a1697cdcebe93d8512c5e7c4b) --- src/sysusers/sysusers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 015e3a9ae40..07a65a2ebc1 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -284,7 +284,7 @@ static int make_backup(const char *target, const char *x) { /* Copy over the access mask. Don't fail on chmod() or chown(). If it stays owned by us and/or * unreadable by others, then it isn't too bad... */ - r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid); + r = fchmod_and_chown_with_fallback(fileno(dst), dst_tmp, st.st_mode & 07777, st.st_uid, st.st_gid); if (r < 0) log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup); From 17227e81ab8a9bdfac679d450ed35434435a6ff8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 00:31:51 +0900 Subject: [PATCH 019/703] nss-systemd: fix required buffer size calculation This also fixes the pointer assigned to the gr_mem element of struct group. Fixes a bug introduced by 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534. Fixes #21935. (cherry picked from commit 1e65eb8f9b7d567462030b2e625998d77677e636) --- src/nss-systemd/nss-systemd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 1840a0d5083..7aea3652c41 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -236,7 +236,7 @@ static enum nss_status copy_synthesized_group( required = strlen(src->gr_name) + 1; required += strlen(src->gr_passwd) + 1; - required += 1; /* ...but that NULL still needs to be stored into the buffer! */ + required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ if (buflen < required) { *errnop = ERANGE; @@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( /* String fields point into the user-provided buffer */ dest->gr_name = buffer; dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; - dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; + dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; *dest->gr_mem = NULL; return NSS_STATUS_SUCCESS; From c4165dac8877b99de5de2baec31c1ae9820c88bb Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 02:08:56 +0900 Subject: [PATCH 020/703] network: wireguard: warn about invalid allowed IP addresses But handle them gracefully. Otherwise, when the route to the address is being configured, kernel refuse the route. Note that kernel's wireguard module handle e.g. 192.168.10.3/24 as 192.168.10.0/24. Fixes #21929. (cherry picked from commit af670fc635d1b7cd987fdb1acaf35d74c370e73f) --- src/network/netdev/wireguard.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index e5cfb35c959..af91dc62576 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -686,6 +686,7 @@ int config_parse_wireguard_allowed_ips( for (const char *p = rvalue;;) { _cleanup_free_ char *word = NULL; + union in_addr_union masked; r = extract_first_word(&p, &word, "," WHITESPACE, 0); if (r == 0) @@ -705,13 +706,23 @@ int config_parse_wireguard_allowed_ips( continue; } + masked = addr; + assert_se(in_addr_mask(family, &masked, prefixlen) >= 0); + if (!in_addr_equal(family, &masked, &addr)) { + _cleanup_free_ char *buf = NULL; + + (void) in_addr_prefix_to_string(family, &masked, prefixlen, &buf); + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Specified address '%s' is not properly masked, assuming '%s'.", word, strna(buf)); + } + ipmask = new(WireguardIPmask, 1); if (!ipmask) return log_oom(); *ipmask = (WireguardIPmask) { .family = family, - .ip = addr, + .ip = masked, .cidr = prefixlen, }; From d83bdf711eea488282843b14f42c63fb8b50225e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 02:15:40 +0900 Subject: [PATCH 021/703] test-network: add testcase for invalid AllowedIPs= (cherry picked from commit 14b451f20aaffa25f7091a7f1240aa711459b13e) --- test/test-network/conf/25-wireguard.netdev | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-network/conf/25-wireguard.netdev b/test/test-network/conf/25-wireguard.netdev index 16f63d00bd7..4fed38e57a1 100644 --- a/test/test-network/conf/25-wireguard.netdev +++ b/test/test-network/conf/25-wireguard.netdev @@ -12,7 +12,7 @@ RouteMetric=456 [WireGuardPeer] PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA= -AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24 +AllowedIPs=fd31:bf08:57cb::/48,192.168.26.3/24 #Endpoint=wireguard.example.com:51820 Endpoint=192.168.27.3:51820 PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M= From dedf981ff4f5291d3b49ef58cf612d500905c8b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 Dec 2021 14:51:44 +0100 Subject: [PATCH 022/703] meson: fix detection of libcryptsetup functions Meson would generate the following compile test: #define crypt_set_metadata_size meson_disable_define_of_crypt_set_metadata_size #include #undef crypt_set_metadata_size #ifdef __cplusplus extern "C" #endif char crypt_set_metadata_size (void); #if defined __stub_crypt_set_metadata_size || defined __stub___crypt_set_metadata_size fail fail fail this function is not going to work #endif int main(void) { return crypt_set_metadata_size (); } This works fine when the identifier being queried is an actual function. But crypt_token_max() is an inline function, so getting the address would fail, leading to a false negative result. Complation would fail because the function would be defined twice. With this patch, the check is changed to include the header: #include #include #if defined __stub_crypt_set_metadata_size || defined __stub___crypt_set_metadata_size fail fail fail this function is not going to work #endif int main(void) { void *a = (void*) &crypt_set_metadata_size; long long b = (long long) a; return (int) b; } which seems to work correctly. (cherry picked from commit aac8071730bd0bca3c2289bda628b1ef7a2591d2) --- meson.build | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/meson.build b/meson.build index 59c933b15d9..c6f71673f13 100644 --- a/meson.build +++ b/meson.build @@ -1182,12 +1182,15 @@ if want_libcryptsetup != 'false' and not skip_deps required : want_libcryptsetup == 'true' or want_libcryptsetup_plugins == 'true') have = libcryptsetup.found() - conf.set10('HAVE_CRYPT_SET_METADATA_SIZE', - have and cc.has_function('crypt_set_metadata_size', dependencies : libcryptsetup)) - conf.set10('HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY', - have and cc.has_function('crypt_activate_by_signed_key', dependencies : libcryptsetup)) - conf.set10('HAVE_CRYPT_TOKEN_MAX', - have and cc.has_function('crypt_token_max', dependencies : libcryptsetup)) + foreach ident : ['crypt_set_metadata_size', + 'crypt_activate_by_signed_key', + 'crypt_token_max'] + have_ident = have and cc.has_function( + ident, + prefix : '#include ', + dependencies : libcryptsetup) + conf.set10('HAVE_' + ident.to_upper(), have_ident) + endforeach else have = false libcryptsetup = [] @@ -1195,8 +1198,14 @@ endif conf.set10('HAVE_LIBCRYPTSETUP', have) if want_libcryptsetup_plugins != 'false' and not skip_deps - have = (cc.has_function('crypt_activate_by_token_pin', dependencies : libcryptsetup) and - cc.has_function('crypt_token_external_path', dependencies : libcryptsetup)) + have = (cc.has_function( + 'crypt_activate_by_token_pin', + prefix : '#include ', + dependencies : libcryptsetup) and + cc.has_function( + 'crypt_token_external_path', + prefix : '#include ', + dependencies : libcryptsetup)) else have = false endif From cd76e5956a19bb6b82d7f6cba1c4f07930a30eda Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 06:05:21 +0900 Subject: [PATCH 023/703] udev: fix ID_NET_NAME_MAC= udev property This fixes a bug introduced by eaba9bb3e69635d2c490c5e1b0d262b763753e1d. The commit mistakenly drops 'x' in ID_NET_NAME_MAC, and adds colons. The colons were dropped by the commit dfa4876c417e2a9935d58100d44d94bb41cd5bfb, but the missing 'x' was not added at that time. Follow-up for dfa4876c417e2a9935d58100d44d94bb41cd5bfb. (cherry picked from commit 60e930fc3e6eb8a36fbc184773119eb8d2f30364) --- src/udev/udev-builtin-net_id.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c index d9d395cb2f8..65e003eb15e 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c @@ -1018,7 +1018,7 @@ static int builtin_net_id(sd_device *dev, sd_netlink **rtnl, int argc, char *arg if (names_mac(dev, &info) >= 0) { char str[ALTIFNAMSIZ]; - xsprintf(str, "%s%s", prefix, HW_ADDR_TO_STR_FULL(&info.hw_addr, HW_ADDR_TO_STRING_NO_COLON)); + xsprintf(str, "%sx%s", prefix, HW_ADDR_TO_STR_FULL(&info.hw_addr, HW_ADDR_TO_STRING_NO_COLON)); udev_builtin_add_property(dev, test, "ID_NET_NAME_MAC", str); log_device_debug(dev, "MAC address identifier: hw_addr=%s → %s", HW_ADDR_TO_STR(&info.hw_addr), str + strlen(prefix)); From 9c8bc0451ab2393f3b9b689e46e1b05e9f6dad35 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 06:59:42 +0900 Subject: [PATCH 024/703] nss-systemd: fix alignment of gr_mem Follow-up for 1e65eb8f9b7d567462030b2e625998d77677e636. Fixes #21935. (cherry picked from commit 420a35c1fadfb4d67be6316436233d98b5688de5) --- src/nss-systemd/nss-systemd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 7aea3652c41..36486b96e39 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -238,7 +238,7 @@ static enum nss_status copy_synthesized_group( required += strlen(src->gr_passwd) + 1; required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ - if (buflen < required) { + if (buflen < ALIGN(required)) { *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } @@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( /* String fields point into the user-provided buffer */ dest->gr_name = buffer; dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; - dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; + dest->gr_mem = ALIGN_PTR(stpcpy(dest->gr_passwd, src->gr_passwd) + 1); *dest->gr_mem = NULL; return NSS_STATUS_SUCCESS; From a473bfb4332ad6b0a0894135c4de0f8cc324d378 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 09:13:00 +0900 Subject: [PATCH 025/703] nss-myhostname: do not apply non-zero offset to null pointer Fixes https://github.com/systemd/systemd/issues/21935#issuecomment-1003216503. (cherry picked from commit 92e9df9ca031b9b04487a46afd986ab3122183fd) --- src/nss-myhostname/nss-myhostname.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c index 3536c5fc837..67b1554d278 100644 --- a/src/nss-myhostname/nss-myhostname.c +++ b/src/nss-myhostname/nss-myhostname.c @@ -39,10 +39,8 @@ enum nss_status _nss_myhostname_gethostbyname4_r( const char *canonical = NULL; int n_addresses = 0; uint32_t local_address_ipv4; - struct local_address *a; size_t l, idx, ms; char *r_name; - unsigned n; PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); @@ -136,7 +134,9 @@ enum nss_status _nss_myhostname_gethostbyname4_r( } /* Fourth, fill actual addresses in, but in backwards order */ - for (a = addresses + n_addresses - 1, n = 0; (int) n < n_addresses; n++, a--) { + for (int i = n_addresses; i > 0; i--) { + struct local_address *a = addresses + i - 1; + r_tuple = (struct gaih_addrtuple*) (buffer + idx); r_tuple->next = r_tuple_prev; r_tuple->name = r_name; From 2c99c399363830bb3360f1b68817dc9ffc921de4 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Sat, 1 Jan 2022 16:37:27 +0100 Subject: [PATCH 026/703] boot: Use objcopy to align sections Not aligning these can create gaps in the section table. Some firmware does not handle this nicely resulting in secure boot signature fails. Using objcopy ensures that any new sections in the future will be properly aligned. Fixes: #21956 (cherry picked from commit 75747c8a399967fa5d815a8f70f724436d035652) --- src/boot/efi/meson.build | 1 + src/boot/efi/secure-boot.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 97f0e7607a8..e10e51cf4e3 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -378,6 +378,7 @@ foreach tuple : [['systemd_boot.so', systemd_boot_efi_name, systemd_boot_objects '-j', '.sdata', '-j', '.sdmagic', '-j', '.text', + '--section-alignment=512', efi_format, '@INPUT@', '@OUTPUT@'], install : true, diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c index efea1457195..ab2d256031a 100644 --- a/src/boot/efi/secure-boot.c +++ b/src/boot/efi/secure-boot.c @@ -30,7 +30,7 @@ SecureBootMode secure_boot_mode(void) { } #ifdef SBAT_DISTRO -static const char sbat[] _used_ _section_ (".sbat") _align_ (512) = +static const char sbat[] _used_ _section_(".sbat") = "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md\n" SBAT_PROJECT ",1,The systemd Developers," SBAT_PROJECT "," PROJECT_VERSION "," PROJECT_URL "\n" SBAT_PROJECT "." SBAT_DISTRO "," STRINGIFY(SBAT_DISTRO_GENERATION) "," SBAT_DISTRO_SUMMARY "," SBAT_DISTRO_PKGNAME "," SBAT_DISTRO_VERSION "," SBAT_DISTRO_URL "\n"; From 1598b410541c53e9ec496e4e3590bbd4024f5646 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Sun, 2 Jan 2022 20:05:58 +0100 Subject: [PATCH 027/703] ci: Test efi binaries for section table gaps (cherry picked from commit bbbf1c3d3229d328f1bcbf039db8e15e221a1d85) --- .github/workflows/build_test.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index 5dc54771bae..5b18784461a 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -131,6 +131,12 @@ for args in "${ARGS[@]}"; do fatal "'meson compile' failed with $args" fi + for loader in build/src/boot/efi/*.efi; do + if sbverify --list "$loader" |& grep -q "gap in section table"; then + fatal "$loader: Gaps found in section table" + fi + done + git clean -dxf success "Build with $args passed in $SECONDS seconds" From 7e338876577cb328632ce3e7753c0130b54dd7a2 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 3 Jan 2022 03:48:10 +0900 Subject: [PATCH 028/703] syscalls: update syscall definitions (cherry picked from commit 0c718b1a67cd0d3512eafeb4659458694bf3865b) --- src/basic/syscalls-alpha.txt | 2 +- src/basic/syscalls-ia64.txt | 2 +- src/basic/syscalls-loongarch64.txt | 1 + src/basic/syscalls-m68k.txt | 2 +- src/basic/syscalls-mips64.txt | 2 +- src/basic/syscalls-mips64n32.txt | 2 +- src/basic/syscalls-mipso32.txt | 2 +- src/basic/syscalls-powerpc.txt | 2 +- src/basic/syscalls-powerpc64.txt | 2 +- src/basic/syscalls-s390.txt | 2 +- src/basic/syscalls-s390x.txt | 2 +- src/basic/syscalls-sparc.txt | 2 +- 12 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/basic/syscalls-alpha.txt b/src/basic/syscalls-alpha.txt index 7d170ad4123..5aef86b09e0 100644 --- a/src/basic/syscalls-alpha.txt +++ b/src/basic/syscalls-alpha.txt @@ -106,7 +106,7 @@ ftruncate 130 ftruncate64 futex 394 futex_time64 -futex_waitv +futex_waitv 559 futimesat 454 get_kernel_syms 309 get_mempolicy 430 diff --git a/src/basic/syscalls-ia64.txt b/src/basic/syscalls-ia64.txt index 8770b1035f5..3d646f6d175 100644 --- a/src/basic/syscalls-ia64.txt +++ b/src/basic/syscalls-ia64.txt @@ -106,7 +106,7 @@ ftruncate 1098 ftruncate64 futex 1230 futex_time64 -futex_waitv +futex_waitv 1473 futimesat 1285 get_kernel_syms get_mempolicy 1260 diff --git a/src/basic/syscalls-loongarch64.txt b/src/basic/syscalls-loongarch64.txt index e14e19fe199..8b10af64db0 100644 --- a/src/basic/syscalls-loongarch64.txt +++ b/src/basic/syscalls-loongarch64.txt @@ -106,6 +106,7 @@ ftruncate 46 ftruncate64 futex 98 futex_time64 +futex_waitv 449 futimesat get_kernel_syms get_mempolicy 236 diff --git a/src/basic/syscalls-m68k.txt b/src/basic/syscalls-m68k.txt index 39b7b6b0c1b..ef7295db2f6 100644 --- a/src/basic/syscalls-m68k.txt +++ b/src/basic/syscalls-m68k.txt @@ -106,7 +106,7 @@ ftruncate 93 ftruncate64 194 futex 235 futex_time64 422 -futex_waitv +futex_waitv 449 futimesat 292 get_kernel_syms 130 get_mempolicy 269 diff --git a/src/basic/syscalls-mips64.txt b/src/basic/syscalls-mips64.txt index f558345e949..1f7ff567be3 100644 --- a/src/basic/syscalls-mips64.txt +++ b/src/basic/syscalls-mips64.txt @@ -106,7 +106,7 @@ ftruncate 5075 ftruncate64 futex 5194 futex_time64 -futex_waitv +futex_waitv 5449 futimesat 5251 get_kernel_syms 5170 get_mempolicy 5228 diff --git a/src/basic/syscalls-mips64n32.txt b/src/basic/syscalls-mips64n32.txt index 3aebb159b85..7e1ad9637dc 100644 --- a/src/basic/syscalls-mips64n32.txt +++ b/src/basic/syscalls-mips64n32.txt @@ -106,7 +106,7 @@ ftruncate 6075 ftruncate64 futex 6194 futex_time64 6422 -futex_waitv +futex_waitv 6449 futimesat 6255 get_kernel_syms 6170 get_mempolicy 6232 diff --git a/src/basic/syscalls-mipso32.txt b/src/basic/syscalls-mipso32.txt index 4a14b35dc4a..c0c262fd1ab 100644 --- a/src/basic/syscalls-mipso32.txt +++ b/src/basic/syscalls-mipso32.txt @@ -106,7 +106,7 @@ ftruncate 4093 ftruncate64 4212 futex 4238 futex_time64 4422 -futex_waitv +futex_waitv 4449 futimesat 4292 get_kernel_syms 4130 get_mempolicy 4269 diff --git a/src/basic/syscalls-powerpc.txt b/src/basic/syscalls-powerpc.txt index a9bdd9ad8f9..2f085161e1a 100644 --- a/src/basic/syscalls-powerpc.txt +++ b/src/basic/syscalls-powerpc.txt @@ -106,7 +106,7 @@ ftruncate 93 ftruncate64 194 futex 221 futex_time64 422 -futex_waitv +futex_waitv 449 futimesat 290 get_kernel_syms 130 get_mempolicy 260 diff --git a/src/basic/syscalls-powerpc64.txt b/src/basic/syscalls-powerpc64.txt index c267c04a06d..85e53422eeb 100644 --- a/src/basic/syscalls-powerpc64.txt +++ b/src/basic/syscalls-powerpc64.txt @@ -106,7 +106,7 @@ ftruncate 93 ftruncate64 futex 221 futex_time64 -futex_waitv +futex_waitv 449 futimesat 290 get_kernel_syms 130 get_mempolicy 260 diff --git a/src/basic/syscalls-s390.txt b/src/basic/syscalls-s390.txt index d56fd524ce2..a25093c7be3 100644 --- a/src/basic/syscalls-s390.txt +++ b/src/basic/syscalls-s390.txt @@ -106,7 +106,7 @@ ftruncate 93 ftruncate64 194 futex 238 futex_time64 422 -futex_waitv +futex_waitv 449 futimesat 292 get_kernel_syms 130 get_mempolicy 269 diff --git a/src/basic/syscalls-s390x.txt b/src/basic/syscalls-s390x.txt index b31acb673e7..b4b798f9df0 100644 --- a/src/basic/syscalls-s390x.txt +++ b/src/basic/syscalls-s390x.txt @@ -106,7 +106,7 @@ ftruncate 93 ftruncate64 futex 238 futex_time64 -futex_waitv +futex_waitv 449 futimesat 292 get_kernel_syms 130 get_mempolicy 269 diff --git a/src/basic/syscalls-sparc.txt b/src/basic/syscalls-sparc.txt index 8fdf3b35940..a382e75c24b 100644 --- a/src/basic/syscalls-sparc.txt +++ b/src/basic/syscalls-sparc.txt @@ -106,7 +106,7 @@ ftruncate 130 ftruncate64 84 futex 142 futex_time64 422 -futex_waitv +futex_waitv 449 futimesat 288 get_kernel_syms 223 get_mempolicy 304 From cd88d010e862d26ce816eb3bd6735a80999ac41e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 3 Jan 2022 03:44:50 +0900 Subject: [PATCH 029/703] missing-syscall: add __NR_openat2 (cherry picked from commit d96ad9e8cb9fc8a9adfeebf69a645b809705daa0) --- src/basic/missing_syscall_def.h | 66 +++++++++++++++++++++++++++++++++ src/basic/missing_syscalls.py | 1 + 2 files changed, 67 insertions(+) diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h index 84d41d9fd31..d078bf70df3 100644 --- a/src/basic/missing_syscall_def.h +++ b/src/basic/missing_syscall_def.h @@ -700,6 +700,72 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); # endif #endif +#ifndef __IGNORE_openat2 +# if defined(__aarch64__) +# define systemd_NR_openat2 437 +# elif defined(__alpha__) +# define systemd_NR_openat2 547 +# elif defined(__arc__) || defined(__tilegx__) +# define systemd_NR_openat2 437 +# elif defined(__arm__) +# define systemd_NR_openat2 437 +# elif defined(__i386__) +# define systemd_NR_openat2 437 +# elif defined(__ia64__) +# define systemd_NR_openat2 1461 +# elif defined(__loongarch64) +# define systemd_NR_openat2 437 +# elif defined(__m68k__) +# define systemd_NR_openat2 437 +# elif defined(_MIPS_SIM) +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define systemd_NR_openat2 4437 +# elif _MIPS_SIM == _MIPS_SIM_NABI32 +# define systemd_NR_openat2 6437 +# elif _MIPS_SIM == _MIPS_SIM_ABI64 +# define systemd_NR_openat2 5437 +# else +# error "Unknown MIPS ABI" +# endif +# elif defined(__powerpc__) +# define systemd_NR_openat2 437 +# elif defined(__riscv) +# if __riscv_xlen == 32 +# define systemd_NR_openat2 437 +# elif __riscv_xlen == 64 +# define systemd_NR_openat2 437 +# else +# error "Unknown RISC-V ABI" +# endif +# elif defined(__s390__) +# define systemd_NR_openat2 437 +# elif defined(__sparc__) +# define systemd_NR_openat2 437 +# elif defined(__x86_64__) +# if defined(__ILP32__) +# define systemd_NR_openat2 (437 | /* __X32_SYSCALL_BIT */ 0x40000000) +# else +# define systemd_NR_openat2 437 +# endif +# elif !defined(missing_arch_template) +# warning "openat2() syscall number is unknown for your architecture" +# endif + +/* may be an (invalid) negative number due to libseccomp, see PR 13319 */ +# if defined __NR_openat2 && __NR_openat2 >= 0 +# if defined systemd_NR_openat2 +assert_cc(__NR_openat2 == systemd_NR_openat2); +# endif +# else +# if defined __NR_openat2 +# undef __NR_openat2 +# endif +# if defined systemd_NR_openat2 && systemd_NR_openat2 >= 0 +# define __NR_openat2 systemd_NR_openat2 +# endif +# endif +#endif + #ifndef __IGNORE_pidfd_open # if defined(__aarch64__) # define systemd_NR_pidfd_open 434 diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py index 1fbd619789c..2694e83b988 100644 --- a/src/basic/missing_syscalls.py +++ b/src/basic/missing_syscalls.py @@ -16,6 +16,7 @@ 'move_mount', 'name_to_handle_at', 'open_tree', + 'openat2', 'pidfd_open', 'pidfd_send_signal', 'pkey_mprotect', From c563e3ef7761f89ac4643df08ef59c054f2d0135 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 3 Jan 2022 03:47:27 +0900 Subject: [PATCH 030/703] seccomp-util: include missing_syscall_def.h to make __SNR_foo mapped to __NR_foo Fixes #21969. (cherry picked from commit e83156c264d149e8f92f05b4d777317824a430f1) --- src/shared/seccomp-util.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 7d2c52e1886..b70ad1f7ea7 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -3,13 +3,16 @@ #include #include #include -#include #include #include #include #include #include +/* include missing_syscall_def.h earlier to make __SNR_foo mapped to __NR_foo. */ +#include "missing_syscall_def.h" +#include + #include "af-list.h" #include "alloc-util.h" #include "env-util.h" @@ -1736,13 +1739,11 @@ int seccomp_memory_deny_write_execute(void) { if (r < 0) continue; -#ifdef __NR_pkey_mprotect r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect), 1, SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC)); if (r < 0) continue; -#endif if (shmat_syscall > 0) { r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall, @@ -2063,7 +2064,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { else any = true; -#if SCMP_SYS(open) > 0 r = seccomp_rule_add_exact( seccomp, SCMP_ACT_ERRNO(EPERM), @@ -2075,7 +2075,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { log_debug_errno(r, "Failed to add filter for open: %m"); else any = true; -#endif r = seccomp_rule_add_exact( seccomp, @@ -2213,7 +2212,6 @@ static int block_open_flag(scmp_filter_ctx seccomp, int flag) { /* Blocks open() with the specified flag, where flag is O_SYNC or so. This makes these calls return * EINVAL, in the hope the client code will retry without O_SYNC then. */ -#if SCMP_SYS(open) > 0 r = seccomp_rule_add_exact( seccomp, SCMP_ACT_ERRNO(EINVAL), @@ -2224,7 +2222,6 @@ static int block_open_flag(scmp_filter_ctx seccomp, int flag) { log_debug_errno(r, "Failed to add filter for open: %m"); else any = true; -#endif r = seccomp_rule_add_exact( seccomp, From 1c4c566d8602bdcbd56d94ddb5539d2235b0a0a6 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Sun, 2 Jan 2022 14:37:32 +0100 Subject: [PATCH 031/703] boot: Do not warn if an initializing driver returns EFI_ABORTED Fixes: #21965 (cherry picked from commit 8fb16fee96a1563738e7fa784fc45d152b8c2694) --- src/boot/efi/drivers.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/boot/efi/drivers.c b/src/boot/efi/drivers.c index ce5cf3dcd74..61df20e24a3 100644 --- a/src/boot/efi/drivers.c +++ b/src/boot/efi/drivers.c @@ -43,8 +43,13 @@ static EFI_STATUS load_one_driver( return log_error_status_stall(EFI_INVALID_PARAMETER, L"Image %s is not a driver, refusing: %r", fname); err = BS->StartImage(image, NULL, NULL); - if (EFI_ERROR(err)) - return log_error_status_stall(err, L"Failed to start image %s: %r", fname, err); + if (EFI_ERROR(err)) { + /* EFI_ABORTED signals an initializing driver. It uses this error code on success + * so that it is unloaded after. */ + if (err != EFI_ABORTED) + log_error_stall(L"Failed to start image %s: %r", fname, err); + return err; + } TAKE_PTR(image); return EFI_SUCCESS; From 7c789948602a69440c9ca91ffad194b5641036f2 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 03:48:17 +0900 Subject: [PATCH 032/703] hostname-setup: gracefully handle kernel with empty CONFIG_DEFAULT_HOSTNAME Previously, sethostname_idempotent_full() calls gethostname_full() with GET_HOSTNAME_ALLOW_NONE and GET_HOSTNAME_ALLOW_LOCALHOST flags. That intended to get any values set by kernel. But, that does not work, as the hostname may be empty. Let's simplify the logic. The function sethostname_idempotent_full() intends to set the requested hostname only when the current hostname is different from the requested one. So, no check in getostname_full() is required. Hence, simply use the result of uname() here. Fixes #21896. (cherry picked from commit d8d6b2275f7b7a5b58c6b0d89b78c927333c6af9) --- src/shared/hostname-setup.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/shared/hostname-setup.c b/src/shared/hostname-setup.c index 1329b0d1894..0fac0ecab71 100644 --- a/src/shared/hostname-setup.c +++ b/src/shared/hostname-setup.c @@ -20,16 +20,13 @@ #include "util.h" static int sethostname_idempotent_full(const char *s, bool really) { - _cleanup_free_ char *buf = NULL; - int r; + struct utsname u; assert(s); - r = gethostname_full(GET_HOSTNAME_ALLOW_NONE | GET_HOSTNAME_ALLOW_LOCALHOST, &buf); - if (r < 0) - return r; + assert_se(uname(&u) >= 0); - if (streq(buf, s)) + if (streq_ptr(s, u.nodename)) return 0; if (really && From 9f5372ce4c61d0f786f613458de676dca503c4b2 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 03:56:59 +0900 Subject: [PATCH 033/703] hostname-util: drop GET_HOSTNAME_ALLOW_NONE flag and always refuse "(none)" The flag is now only used in test-sysctl-util.c, and it should be replaced with uname(), because of the same reason as the previous commit. (cherry picked from commit 9383fa08bd263277d9a17a8999c3497458f273e3) --- src/basic/hostname-util.c | 3 +-- src/basic/hostname-util.h | 7 +++---- src/test/test-sysctl-util.c | 9 ++++++--- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c index 1d0640e0756..136fb3e5956 100644 --- a/src/basic/hostname-util.c +++ b/src/basic/hostname-util.c @@ -46,8 +46,7 @@ int gethostname_full(GetHostnameFlags flags, char **ret) { assert_se(uname(&u) >= 0); s = u.nodename; - if (isempty(s) || - (!FLAGS_SET(flags, GET_HOSTNAME_ALLOW_NONE) && streq(s, "(none)")) || + if (isempty(s) || streq(s, "(none)") || (!FLAGS_SET(flags, GET_HOSTNAME_ALLOW_LOCALHOST) && is_localhost(s)) || (FLAGS_SET(flags, GET_HOSTNAME_SHORT) && s[0] == '.')) { if (!FLAGS_SET(flags, GET_HOSTNAME_FALLBACK_DEFAULT)) diff --git a/src/basic/hostname-util.h b/src/basic/hostname-util.h index 0d1574db9e3..d435bed50ea 100644 --- a/src/basic/hostname-util.h +++ b/src/basic/hostname-util.h @@ -9,10 +9,9 @@ #include "strv.h" typedef enum GetHostnameFlags { - GET_HOSTNAME_ALLOW_NONE = 1 << 0, /* accepts "(none)". */ - GET_HOSTNAME_ALLOW_LOCALHOST = 1 << 1, /* accepts "localhost" or friends. */ - GET_HOSTNAME_FALLBACK_DEFAULT = 1 << 2, /* use default hostname if no hostname is set. */ - GET_HOSTNAME_SHORT = 1 << 3, /* kills the FQDN part if present. */ + GET_HOSTNAME_ALLOW_LOCALHOST = 1 << 0, /* accepts "localhost" or friends. */ + GET_HOSTNAME_FALLBACK_DEFAULT = 1 << 1, /* use default hostname if no hostname is set. */ + GET_HOSTNAME_SHORT = 1 << 2, /* kills the FQDN part if present. */ } GetHostnameFlags; int gethostname_full(GetHostnameFlags flags, char **ret); diff --git a/src/test/test-sysctl-util.c b/src/test/test-sysctl-util.c index 6464a7965b2..8bd3c26152f 100644 --- a/src/test/test-sysctl-util.c +++ b/src/test/test-sysctl-util.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include + #include "sd-id128.h" #include "errno-util.h" @@ -38,7 +40,8 @@ TEST(sysctl_normalize) { } TEST(sysctl_read) { - _cleanup_free_ char *s = NULL, *h = NULL; + _cleanup_free_ char *s = NULL; + struct utsname u; sd_id128_t a, b; int r; @@ -63,8 +66,8 @@ TEST(sysctl_read) { s = mfree(s); assert_se(sysctl_read("kernel/hostname", &s) >= 0); - assert_se(gethostname_full(GET_HOSTNAME_ALLOW_NONE|GET_HOSTNAME_ALLOW_LOCALHOST, &h) >= 0); - assert_se(streq(s, h)); + assert_se(uname(&u) >= 0); + assert_se(streq_ptr(s, u.nodename)); r = sysctl_write("kernel/hostname", s); assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS); From 72f95a1342234a65417e052809228f75c5afed48 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 4 Jan 2022 01:55:03 +0900 Subject: [PATCH 034/703] elf-util: executable argument for parse_elf() may be NULL Fixes assertion triggered by parse_package_metadata() and json_build(). (cherry picked from commit d090049c01d9939b12989a74b1edc5fee75c1710) --- src/shared/elf-util.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c index dafd219bb25..104a35cc771 100644 --- a/src/shared/elf-util.c +++ b/src/shared/elf-util.c @@ -384,6 +384,7 @@ static int parse_buildid(Dwfl_Module *mod, Elf *elf, const char *name, StackCont int r; assert(mod || elf); + assert(name); assert(c); if (mod) @@ -610,19 +611,20 @@ static int parse_elf(int fd, const char *executable, char **ret, JsonVariant **r elf_type = "coredump"; } else { _cleanup_(json_variant_unrefp) JsonVariant *id_json = NULL; + const char *e = executable ?: "(unnamed)"; bool interpreter_found = false; - r = parse_buildid(NULL, c.elf, executable, &c, &id_json); + r = parse_buildid(NULL, c.elf, e, &c, &id_json); if (r < 0) return log_warning_errno(r, "Failed to parse build-id of ELF file: %m"); - r = parse_package_metadata(executable, id_json, c.elf, &interpreter_found, &c); + r = parse_package_metadata(e, id_json, c.elf, &interpreter_found, &c); if (r < 0) return log_warning_errno(r, "Failed to parse package metadata of ELF file: %m"); /* If we found a build-id and nothing else, return at least that. */ if (!package_metadata && id_json) { - r = json_build(&package_metadata, JSON_BUILD_OBJECT(JSON_BUILD_PAIR(executable, JSON_BUILD_VARIANT(id_json)))); + r = json_build(&package_metadata, JSON_BUILD_OBJECT(JSON_BUILD_PAIR(e, JSON_BUILD_VARIANT(id_json)))); if (r < 0) return log_warning_errno(r, "Failed to build JSON object: %m"); } From bdcc3b0713f4c50d09857083c4ae27e8fb3acaad Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 4 Jan 2022 02:02:12 +0900 Subject: [PATCH 035/703] elf-util: add missing assertion (cherry picked from commit 80b241f2ec98509cbc89d2fb1626403167a832fb) --- src/shared/elf-util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c index 104a35cc771..4d93e7eabaa 100644 --- a/src/shared/elf-util.c +++ b/src/shared/elf-util.c @@ -685,6 +685,8 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha _cleanup_free_ char *buf = NULL; int r; + assert(fd >= 0); + r = dlopen_dw(); if (r < 0) return r; From e4d4c5f9eecb9600d60e08c5093765996acff4a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Jan 2022 09:24:03 +0100 Subject: [PATCH 036/703] coredump: do not crash if we failed to acquire exe path The COREDUMP_EXE attribute is "optional", i.e. we continue to process the crash even if we didn't acquire it. The coredump generation code assumed that it is always available: #5 endswith at ../src/fundamental/string-util-fundamental.c:41 [ endswith() is called with NULL here, and an assertion fails. ] #6 submit_coredump at ../src/coredump/coredump.c:823 #7 process_socket at ../src/coredump/coredump.c:1038 #8 run at ../src/coredump/coredump.c:1413 We use the exe path for loop detection, and also (ultimately) pass it to dwfl_core_file_report(). The latter seems to be fine will NULL, so let's just change our code to look at COMM, which should be more reliable anyway. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2036517. (cherry picked from commit c790632cabf5691b0910fc6b7a5c6af31a7786aa) --- src/coredump/coredump.c | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index 9e0dafb1ce9..6a6e9765d4a 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -813,16 +813,19 @@ static int submit_coredump( return log_error_errno(r, "Failed to drop privileges: %m"); /* Try to get a stack trace if we can */ - if (coredump_size > arg_process_size_max) { + if (coredump_size > arg_process_size_max) log_debug("Not generating stack trace: core size %"PRIu64" is greater " "than %"PRIu64" (the configured maximum)", coredump_size, arg_process_size_max); - } else if (coredump_fd >= 0) + else if (coredump_fd >= 0) { + bool skip = startswith(context->meta[META_COMM], "systemd-coredum"); /* COMM is 16 bytes usually */ + (void) parse_elf_object(coredump_fd, context->meta[META_EXE], - /* fork_disable_dump= */endswith(context->meta[META_EXE], "systemd-coredump"), /* avoid loops */ + /* fork_disable_dump= */ skip, /* avoid loops */ &stacktrace, &json_metadata); + } log: core_message = strjoina("Process ", context->meta[META_ARGV_PID], @@ -857,21 +860,24 @@ static int submit_coredump( (void) iovw_put_string_field(iovw, "COREDUMP_PACKAGE_JSON=", formatted_json); } - JSON_VARIANT_OBJECT_FOREACH(module_name, module_json, json_metadata) { - JsonVariant *package_name, *package_version; + /* In the unlikely scenario that context->meta[META_EXE] is not available, + * let's avoid guessing the module name and skip the loop. */ + if (context->meta[META_EXE]) + JSON_VARIANT_OBJECT_FOREACH(module_name, module_json, json_metadata) { + JsonVariant *t; - /* We only add structured fields for the 'main' ELF module */ - if (!path_equal_filename(module_name, context->meta[META_EXE])) - continue; + /* We only add structured fields for the 'main' ELF module, and only if we can identify it. */ + if (!path_equal_filename(module_name, context->meta[META_EXE])) + continue; - package_name = json_variant_by_key(module_json, "name"); - if (package_name) - (void) iovw_put_string_field(iovw, "COREDUMP_PACKAGE_NAME=", json_variant_string(package_name)); + t = json_variant_by_key(module_json, "name"); + if (t) + (void) iovw_put_string_field(iovw, "COREDUMP_PACKAGE_NAME=", json_variant_string(t)); - package_version = json_variant_by_key(module_json, "version"); - if (package_version) - (void) iovw_put_string_field(iovw, "COREDUMP_PACKAGE_VERSION=", json_variant_string(package_version)); - } + t = json_variant_by_key(module_json, "version"); + if (t) + (void) iovw_put_string_field(iovw, "COREDUMP_PACKAGE_VERSION=", json_variant_string(t)); + } /* Optionally store the entire coredump in the journal */ if (arg_storage == COREDUMP_STORAGE_JOURNAL && coredump_fd >= 0) { @@ -1181,7 +1187,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { if (r < 0) return r; - /* The following are optional but we used them if present */ + /* The following are optional, but we use them if present. */ r = get_process_exe(pid, &t); if (r >= 0) r = iovw_put_string_field_free(iovw, "COREDUMP_EXE=", t); @@ -1191,7 +1197,6 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { if (cg_pid_get_unit(pid, &t) >= 0) (void) iovw_put_string_field_free(iovw, "COREDUMP_UNIT=", t); - /* The next are optional */ if (cg_pid_get_user_unit(pid, &t) >= 0) (void) iovw_put_string_field_free(iovw, "COREDUMP_USER_UNIT=", t); From cd686fe4c719bfb894bd24d673c51f19cea64643 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Jan 2022 17:53:29 +0100 Subject: [PATCH 037/703] basic/log: allow errno values higher than 255 When the support for "synthetic errno" was added, we started truncating the errno value to just the least significant byte. This is generally OK, because errno values are defined up to ~130. The docs don't really say what the maximum value is. But at least in principle higher values could be added in the future. So let's stop truncating the values needlessly. The kernel (or libbpf?) have an error where they return 524 as an errno value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would confusingly truncate this to 12 (ENOMEM). It seems much nicer to let strerror() give us "Unknown error 524" rather than to print the bogus message about ENOMEM. (cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93) --- src/basic/log.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/basic/log.h b/src/basic/log.h index 3bec4131a79..7218b4bf718 100644 --- a/src/basic/log.h +++ b/src/basic/log.h @@ -31,10 +31,10 @@ typedef enum LogTarget{ * used a regular log level. */ #define LOG_NULL (LOG_EMERG - 1) -/* Note to readers: << and >> have lower precedence than & and | */ +/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */ #define SYNTHETIC_ERRNO(num) (1 << 30 | (num)) #define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1) -#define ERRNO_VALUE(val) (abs(val) & 255) +#define ERRNO_VALUE(val) (abs(val) & ~(1 << 30)) /* The callback function to be invoked when syntax warnings are seen * in the unit files. */ From 0776365d77600a342375ad8966f46119c0b3dbbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Jan 2022 18:38:23 +0100 Subject: [PATCH 038/703] meson: generate better arch defines for clang bpf compilation The code assume that meson's cpu_family can be mapped directly to '-D____'. This works in a surprising number of cases, but not for a few architectures. PPC uses "powerpc", and RISC-V omits the trailing underscores. ARM and RISC-V require a second define too. Fixes #21900. (I don't think this matters too much: we need *something* so that gnu/stubs.h can be successfully included. But we don't actually call syscalls or depend too much on the host environment, so things should be fine as long as we don't get a compilation error.) (cherry picked from commit e897b07f97cf25e092a4cc8e1144e06564b45d53) --- src/core/bpf/meson.build | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/core/bpf/meson.build b/src/core/bpf/meson.build index cd0cd3230b4..c2465a845f4 100644 --- a/src/core/bpf/meson.build +++ b/src/core/bpf/meson.build @@ -13,7 +13,25 @@ clang_flags = [ '-c', ] -clang_arch_flag = '-D__@0@__'.format(host_machine.cpu_family()) +# Generate defines that are appropriate to tell the compiler what architecture +# we're compiling for. By default we just map meson's cpu_family to ____. +# This dictionary contains the exceptions where this doesn't work. +# +# C.f. https://mesonbuild.com/Reference-tables.html#cpu-families +# and src/basic/missing_syscall_def.h. +cpu_arch_defines = { + 'ppc' : ['-D__powerpc__'], + 'ppc64' : ['-D__powerpc64__', '-D_CALL_ELF=2'], + 'riscv32' : ['-D__riscv', '-D__riscv_xlen=32'], + 'riscv64' : ['-D__riscv', '-D__riscv_xlen=64'], + 'x86' : ['-D__i386__'], + + # For arm, assume hardware fp is available. + 'arm' : ['-D__arm__', '-D__ARM_PCS_VFP'], +} + +clang_arch_flags = cpu_arch_defines.get(host_machine.cpu_family(), + ['-D__@0@__'.format(host_machine.cpu_family())]) if meson.version().version_compare('>= 0.58') libbpf_include_dir = libbpf.get_variable('includedir') @@ -24,7 +42,7 @@ endif bpf_o_unstripped_cmd = [ clang, clang_flags, - clang_arch_flag, + clang_arch_flags, '-I.' ] From 402280118fe082122437638f53a0019c4aea81aa Mon Sep 17 00:00:00 2001 From: Marco Scardovi Date: Sat, 1 Jan 2022 15:20:45 +0100 Subject: [PATCH 039/703] make HP 15s-eq0xxx changes specific to sku9MG38EA#ABZ Signed-Off-By: Marco Scardovi (cherry picked from commit 7bd3d6e35a6de8b1bf93e2fae28a64f0c7ffd2ac) --- hwdb.d/60-keyboard.hwdb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb index 2c1cdebc35e..b614a22c8cf 100644 --- a/hwdb.d/60-keyboard.hwdb +++ b/hwdb.d/60-keyboard.hwdb @@ -561,8 +561,8 @@ evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHPElitex21013G3:* KEYBOARD_KEY_92=brightnessdown KEYBOARD_KEY_97=brightnessup -# HP Laptop15s-eq0xxx -evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHPLaptop15s-eq0*:* +# HP Laptop 15s-eq0023nl +evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHPLaptop15s-eq0*:sku9MG38EA#ABZ:* KEYBOARD_KEY_9d=102nd # Greater than/Less than # Elitebook From 697ec43fc5b0dcefbad92e5616eaa5f3407d407f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Jan 2022 10:39:53 +0100 Subject: [PATCH 040/703] hwdb: fix check for uppercasedness of match patterns The check was added in 77547d5313ea916d2fb64ca5a8812734e9b50f92, but it doesn't work as expected. Because the second part is wrapped in Optional(), it would silently "succeed" when the lowercase digits were in the second part: >>> from parse_hwdb import * >>> g = 'v' + upperhex_word(4) + Optional('p' + upperhex_word(4)) >>> g.parseString('v04D8pE11C*') (['v', '04D8', 'p', 'E11C'], {}) >>> g.parseString('v04D8pe11c*') (['v', '04D8'], {}) The following matches are OK: usb:v0627p0001:*QEMU USB Keyboard* usb:v0627p0001:* usb:v0627p0001* usb:v0627* (cherry picked from commit 1a37237e2ffe6dfe142224a9d9e8b24135e93244) --- hwdb.d/parse_hwdb.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py index 941adf28f77..0268bf9580d 100755 --- a/hwdb.d/parse_hwdb.py +++ b/hwdb.d/parse_hwdb.py @@ -212,21 +212,23 @@ def check_matches(groups): # This is a partial check. The other cases could be also done, but those # two are most commonly wrong. - grammars = { 'usb' : 'v' + upperhex_word(4) + Optional('p' + upperhex_word(4)), - 'pci' : 'v' + upperhex_word(8) + Optional('d' + upperhex_word(8)), + grammars = { 'usb' : 'v' + upperhex_word(4) + Optional('p' + upperhex_word(4) + Optional(':')) + '*', + 'pci' : 'v' + upperhex_word(8) + Optional('d' + upperhex_word(8) + Optional(':')) + '*', } for match in matches: prefix, rest = match.split(':', maxsplit=1) gr = grammars.get(prefix) if gr: + # we check this first to provide an easy error message + if rest[-1] not in '*:': + error('pattern {} does not end with "*" or ":"', match) + try: gr.parseString(rest) except ParseBaseException as e: error('Pattern {!r} is invalid: {}', rest, e) continue - if rest[-1] not in '*:': - error('pattern {} does not end with "*" or ":"', match) matches.sort() prev = None From 5c14fde3ba2b73d2d09066c6356feeb1fd28f44d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 4 Jan 2022 10:47:57 +0100 Subject: [PATCH 041/703] hwdb: make usb match patterns uppercase Those patterns were always supposed to be uppercase. (cherry picked from commit cc1746bbedb3c508cb39ce9c299f4f098bebb1a8) --- hwdb.d/70-analyzers.hwdb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hwdb.d/70-analyzers.hwdb b/hwdb.d/70-analyzers.hwdb index 4865f0b6693..1c56bd6e9fa 100644 --- a/hwdb.d/70-analyzers.hwdb +++ b/hwdb.d/70-analyzers.hwdb @@ -12,7 +12,7 @@ # Total Phase ########################################################### # Aarvark I2C/SPI Host Adapter -usb:v0403pe0d0* +usb:v0403pE0D0* ID_SIGNAL_ANALYZER=1 # Beagle Protocol Analyzers @@ -29,5 +29,5 @@ usb:v1679p3001* # Power Delivery Analyzers usb:v1679p6003* -usb:v0483pdf11* +usb:v0483pDF11* ID_SIGNAL_ANALYZER=1 From fe16ab6b39c9ca0840e5aba2e92bd3ad3dd85210 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Mon, 3 Jan 2022 10:14:39 +0100 Subject: [PATCH 042/703] hwdb: Allow end-users root-less access to TL866 EPROM readers As is currently done in the upstream minipro tool: https://gitlab.com/DavidGriffith/minipro/-/tree/master/udev (cherry picked from commit f097f4ab896ea81e76b5764e218d7c644bfda199) --- hwdb.d/70-analyzers.hwdb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hwdb.d/70-analyzers.hwdb b/hwdb.d/70-analyzers.hwdb index 1c56bd6e9fa..899ece3a012 100644 --- a/hwdb.d/70-analyzers.hwdb +++ b/hwdb.d/70-analyzers.hwdb @@ -31,3 +31,14 @@ usb:v1679p3001* usb:v1679p6003* usb:v0483pDF11* ID_SIGNAL_ANALYZER=1 + +########################################################### +# XGecu +########################################################### +# TL866A/CS +usb:v04D8pE11C* + ID_SIGNAL_ANALYZER=1 + +# TL866II+ +usb:vA466p0A53* + ID_SIGNAL_ANALYZER=1 From 7b2f8845cda8443fe09319ec15f4c6719d4a73c7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 11:33:26 +0900 Subject: [PATCH 043/703] resolve: add missing initialization of libgcrypt Fixes #21951. (cherry picked from commit e28df39269e03d49f540ebfe6b2e507d0f26c844) --- src/resolve/resolved-dns-dnssec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 738259481d9..5c2e936163d 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -1402,6 +1402,8 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, if (md_algorithm < 0) return -EOPNOTSUPP; + initialize_libgcrypt(false); + _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL; size_t hash_size = gcry_md_get_algo_dlen(md_algorithm); From 0e29d6ef44ce6ba3664eae394253e2612ac1f18b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 15:09:43 +0900 Subject: [PATCH 044/703] sd-boot: select newest kernel entry matching with the default glob pattern This fixes a bug introduced by 0c674ce5f24a6e52561ec6520e43a1ca45d90f01. Fixes #22004. (cherry picked from commit e37d30f334830fab4decd52ef3c17fa09b7b0d92) --- src/boot/efi/boot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 17d14a5dace..e4d18312568 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1638,9 +1638,9 @@ static INTN config_entry_find(Config *config, const CHAR16 *needle) { if (!needle) return -1; - for (UINTN i = 0; i < config->entry_count; i++) + for (INTN i = config->entry_count - 1; i >= 0; i--) if (MetaiMatch(config->entries[i]->id, (CHAR16*) needle)) - return (INTN) i; + return i; return -1; } From 6f1f99a35d7af644bc6c0fd5a64ada6981e939e4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 3 Jan 2022 05:03:45 +0900 Subject: [PATCH 045/703] test-repart: disable pager (cherry picked from commit 31cf58864d3f437c7e3f0497df0fef85130f159d) --- src/partition/test-repart.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/partition/test-repart.sh b/src/partition/test-repart.sh index 525be8e56ad..eb7012f59ec 100755 --- a/src/partition/test-repart.sh +++ b/src/partition/test-repart.sh @@ -213,6 +213,6 @@ else fi echo "### Testing json output ###" -"$repart" "$D/zzz" --size=3G --dry-run=no --seed="$SEED" --definitions="$D/definitions" --json=help -"$repart" "$D/zzz" --size=3G --dry-run=no --seed="$SEED" --definitions="$D/definitions" --json=pretty -"$repart" "$D/zzz" --size=3G --dry-run=no --seed="$SEED" --definitions="$D/definitions" --json=short +"$repart" "$D/zzz" --size=3G --dry-run=no --seed="$SEED" --definitions="$D/definitions" --no-pager --json=help +"$repart" "$D/zzz" --size=3G --dry-run=no --seed="$SEED" --definitions="$D/definitions" --no-pager --json=pretty +"$repart" "$D/zzz" --size=3G --dry-run=no --seed="$SEED" --definitions="$D/definitions" --no-pager --json=short From 80f1b9ab545ec295836b3543e97323ca6048383f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 3 Jan 2022 05:13:59 +0900 Subject: [PATCH 046/703] test-repart: append /sbin and /usr/sbin to $PATH= to make sfdisk can be found Fixes #21972. (cherry picked from commit 329a5b91d9ec780b2ce84ee336448291a568ae0d) --- src/partition/test-repart.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/partition/test-repart.sh b/src/partition/test-repart.sh index eb7012f59ec..d50a79a15e1 100755 --- a/src/partition/test-repart.sh +++ b/src/partition/test-repart.sh @@ -8,6 +8,8 @@ set -o pipefail repart="${1:?}" test -x "$repart" +PATH=$PATH:/sbin:/usr/sbin + D="$(mktemp --tmpdir --directory "test-repart.XXXXXXXXXX")" # shellcheck disable=SC2064 From b4c57e1b1c249f28f13a86637d8854c920bcf26d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 18:26:46 +0900 Subject: [PATCH 047/703] backlight: ignore error if the backlight device is already removed Fixes #21997. (cherry picked from commit f0f65087834198d4dabf8b389ddc34223400aab7) --- src/backlight/backlight.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c index fd92135fc75..5a3095cbbab 100644 --- a/src/backlight/backlight.c +++ b/src/backlight/backlight.c @@ -395,8 +395,16 @@ static int run(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Not a backlight or LED device: '%s:%s'", ss, sysname); r = sd_device_new_from_subsystem_sysname(&device, ss, sysname); - if (r < 0) - return log_error_errno(r, "Failed to get backlight or LED device '%s:%s': %m", ss, sysname); + if (r < 0) { + bool ignore = r == -ENODEV; + + /* Some drivers, e.g. for AMD GPU, removes acpi backlight device soon after it is added. + * See issue #21997. */ + log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r, + "Failed to get backlight or LED device '%s:%s'%s: %m", + ss, sysname, ignore ? ", ignoring" : ""); + return ignore ? 0 : r; + } /* If max_brightness is 0, then there is no actual backlight device. This happens on desktops * with Asus mainboards that load the eeepc-wmi module. */ From bdaa1b2dda8502871ccf48c4a937a735f1b008f1 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 5 Jan 2022 10:24:20 +0000 Subject: [PATCH 048/703] journal: Log a better message when we're rotating because a file is full The previous message was confusing errors. When we're rotating because we've reached the file size limit, let's log a better message. Fixes #22007. (cherry picked from commit eff79e4e22e7c745fea259c4414f685363d9f16a) --- src/journal/journald-server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index a244d9c5e7e..1382feada6d 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -853,7 +853,10 @@ static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, size_t n return; } - log_info_errno(r, "Failed to write entry (%zu items, %zu bytes), rotating before retrying: %m", n, IOVEC_TOTAL_SIZE(iovec, n)); + if (r == -E2BIG) + log_debug("Journal file %s is full, rotating to a new file", f->file->path); + else + log_info_errno(r, "Failed to write entry (%zu items, %zu bytes), rotating before retrying: %m", n, IOVEC_TOTAL_SIZE(iovec, n)); server_rotate(s); server_vacuum(s, false); From c86461782f65106f22224616eb7b7d20fb741ad7 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 5 Jan 2022 10:46:39 +0000 Subject: [PATCH 049/703] journal: Log filename when we fail to write an entry (cherry picked from commit 5b4a634a03c54a4d18b01686ac86b1133b54a939) --- src/journal/journald-server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 1382feada6d..9bfe22906a5 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -856,7 +856,7 @@ static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, size_t n if (r == -E2BIG) log_debug("Journal file %s is full, rotating to a new file", f->file->path); else - log_info_errno(r, "Failed to write entry (%zu items, %zu bytes), rotating before retrying: %m", n, IOVEC_TOTAL_SIZE(iovec, n)); + log_info_errno(r, "Failed to write entry to %s (%zu items, %zu bytes), rotating before retrying: %m", f->file->path, n, IOVEC_TOTAL_SIZE(iovec, n)); server_rotate(s); server_vacuum(s, false); @@ -868,7 +868,7 @@ static void write_to_journal(Server *s, uid_t uid, struct iovec *iovec, size_t n log_debug("Retrying write."); r = journal_file_append_entry(f->file, &ts, NULL, iovec, n, &s->seqnum, NULL, NULL); if (r < 0) - log_error_errno(r, "Failed to write entry (%zu items, %zu bytes) despite vacuuming, ignoring: %m", n, IOVEC_TOTAL_SIZE(iovec, n)); + log_error_errno(r, "Failed to write entry to %s (%zu items, %zu bytes) despite vacuuming, ignoring: %m", f->file->path, n, IOVEC_TOTAL_SIZE(iovec, n)); else server_schedule_sync(s, priority); } From 3af61b9224904370826423309759856a1e6257b6 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 5 Jan 2022 12:06:52 +0100 Subject: [PATCH 050/703] test: use full date & time when checking for coredumps Otherwise we might hit a window where the coredump happens before midnight, but we check for it after midnight, which yields no results. E.g.: ``` $ coredumpctl --no-legend --no-pager --file system.journal Wed 2022-01-05 01:00:06 CET 359 0 0 SIGABRT journal /usr/bin/udevadm n/a $ coredumpctl --since 23:59:55 --no-legend --no-pager --file system.journal No coredumps found. $ coredumpctl --since "2022-01-04 23:59:59" --no-legend --no-pager --file system.journal Wed 2022-01-05 01:00:06 CET 359 0 0 SIGABRT journal /usr/bin/udevadm n/a ``` (cherry picked from commit 1b51599f29d245f2214349498bf2c1f0aa36873f) --- test/units/testsuite-17.03.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/units/testsuite-17.03.sh b/test/units/testsuite-17.03.sh index fecfd17952f..91f0211bca1 100755 --- a/test/units/testsuite-17.03.sh +++ b/test/units/testsuite-17.03.sh @@ -26,7 +26,7 @@ teardown() { } run_test() { - since="$(date +%T)" + since="$(date '+%F %T')" SYSTEMD_LOG_LEVEL=debug udevadm trigger --verbose --settle --action add /dev/null From fb9bbbee6a3c09b75817f9f343176fa2170fdb31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 Jan 2022 15:10:33 +0100 Subject: [PATCH 051/703] logind: do not propagate error in delayed action If the action failed, we should log about the issue, and continue. Exiting would bring the graphical session down, which of course is not appreciated by users. As documented in previous commits, a non-negative return from the callback doesn't matter, so the callback is simplified a bit. Fixes #21991. (cherry picked from commit 8207b8321bbbcbd19a345deb77d455d98e6ffb84) --- src/login/logind-dbus.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index a97d8262343..c05c0d02cca 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1654,7 +1654,6 @@ static int execute_shutdown_or_sleep( } int manager_dispatch_delayed(Manager *manager, bool timeout) { - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; Inhibitor *offending = NULL; int r; @@ -1686,10 +1685,9 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) { manager->action_unit = NULL; manager->action_what = 0; - return r; } - return 1; + return 1; /* We did some work. */ } static int manager_inhibit_timeout_handler( @@ -1698,13 +1696,11 @@ static int manager_inhibit_timeout_handler( void *userdata) { Manager *manager = userdata; - int r; assert(manager); assert(manager->inhibit_timeout_source == s); - r = manager_dispatch_delayed(manager, true); - return (r < 0) ? r : 0; + return manager_dispatch_delayed(manager, true); } static int delay_shutdown_or_sleep( From 4c0ed19c520a8944f68f613edc3acbd0471dcc81 Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Tue, 4 Jan 2022 23:43:10 -0500 Subject: [PATCH 052/703] test-watchdog: mark as unsafe If something goes wrong with this test it may result in an unsafe system restart. Let's avoid running it automatically. See https://github.com/systemd/systemd/issues/22001. (cherry picked from commit 70652c2a6fa9c06c7faac62f41c72e2e4eaa9340) --- src/test/meson.build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/meson.build b/src/test/meson.build index 9a1c481f226..48001d17ecc 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -551,7 +551,8 @@ tests += [ [], core_includes, '', 'manual'], - [['src/test/test-watchdog.c']], + [['src/test/test-watchdog.c'], + [], [], [], '', 'unsafe'], [['src/test/test-sched-prio.c'], [libcore, From c33d10d230d5f8eeb1123fea76a1a11a8e03e0b2 Mon Sep 17 00:00:00 2001 From: Pigmy-penguin <88971276+Pigmy-penguin@users.noreply.github.com> Date: Thu, 6 Jan 2022 17:01:38 +0100 Subject: [PATCH 053/703] userdbctl: fix "Password OK" shown even when password is empty or locked (#21308) userdbctl: fix "Password OK" shown even when password is empty or locked (cherry picked from commit cd933f14bd70d8311799972ca71280a733eb1d6a) --- TODO | 3 --- src/basic/user-util.h | 4 ++++ src/shared/user-record-show.c | 24 +++++++++++++++++++++--- 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/TODO b/TODO index 51903c45210..47ae975b3ed 100644 --- a/TODO +++ b/TODO @@ -4,9 +4,6 @@ Bugfixes: manager or system manager can be always set. It would be better to reject them when parsing config. -* userdbctl: "Password OK: yes" is shown even when there are no passwords - or the password is locked. - * Jun 01 09:43:02 krowka systemd[1]: Unit user@1000.service has alias user@.service. Jun 01 09:43:02 krowka systemd[1]: Unit user@6.service has alias user@.service. Jun 01 09:43:02 krowka systemd[1]: Unit user-runtime-dir@6.service has alias user-runtime-dir@.service. diff --git a/src/basic/user-util.h b/src/basic/user-util.h index ab1ce48b2df..bc76de6b411 100644 --- a/src/basic/user-util.h +++ b/src/basic/user-util.h @@ -114,6 +114,10 @@ int is_this_me(const char *username); const char *get_home_root(void); +static inline bool hashed_password_is_locked_or_invalid(const char *password) { + return password && password[0] != '$'; +} + /* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */ #define PASSWORD_LOCKED_AND_INVALID "!*" diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c index 5335e640701..7c2751f3a7b 100644 --- a/src/shared/user-record-show.c +++ b/src/shared/user-record-show.c @@ -132,10 +132,28 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) { break; } - printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal()); - break; + if (strv_isempty(hr->hashed_password)) { + if (hr->incomplete) /* Record might be incomplete, due to privs */ + break; + printf(" Password OK: %sno%s (none set)\n", ansi_highlight(), ansi_normal()); + break; + } + if (strv_contains(hr->hashed_password, "")) { + printf(" Password OK: %sno%s (empty set)\n", ansi_highlight_red(), ansi_normal()); + break; + } + bool has_valid_passwords = false; + char **p; + STRV_FOREACH(p, hr->hashed_password) + if (!hashed_password_is_locked_or_invalid(*p)) { + has_valid_passwords = true; + break; + } + if (has_valid_passwords) + printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal()); + else + printf(" Password OK: %sno%s (locked)\n", ansi_highlight(), ansi_normal()); } - if (uid_is_valid(hr->uid)) printf(" UID: " UID_FMT "\n", hr->uid); if (gid_is_valid(hr->gid)) { From 75dac89443fd31a4ec8325722e21f02e38ae642f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Jan 2022 10:29:13 +0100 Subject: [PATCH 054/703] core/bpf: avoid unnecessary initialization of variables, tighten scope No funtional change. (cherry picked from commit 92698b0f9e34d69bc97e9ed8830eafaa06f41a46) --- src/core/bpf-lsm.c | 37 +++++++++++++------------------------ 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 8af2da0288d..8689efb1412 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -105,9 +105,7 @@ static int mac_bpf_use(void) { return 0; } - const char *p = lsm_list; - - for (;;) { + for (const char *p = lsm_list;;) { _cleanup_free_ char *word = NULL; r = extract_first_word(&p, &word, ",", 0); @@ -181,7 +179,7 @@ int lsm_bpf_supported(void) { } int lsm_bpf_setup(Manager *m) { - struct restrict_fs_bpf *obj = NULL; + struct restrict_fs_bpf *obj; _cleanup_(bpf_link_freep) struct bpf_link *link = NULL; int r; @@ -207,7 +205,6 @@ int lsm_bpf_setup(Manager *m) { } int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list) { - int inner_map_fd = -1, outer_map_fd = -1; uint32_t dummy_value = 1, zero = 0; const char *fs; const statfs_f_type_t *magic; @@ -216,7 +213,7 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo assert(filesystems); assert(u); - inner_map_fd = sym_bpf_create_map( + int inner_map_fd = sym_bpf_create_map( BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(uint32_t), @@ -225,7 +222,7 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo if (inner_map_fd < 0) return log_unit_error_errno(u, errno, "Failed to create inner LSM map: %m"); - outer_map_fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash); + int outer_map_fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash); if (outer_map_fd < 0) return log_unit_error_errno(u, errno, "Failed to get BPF map fd: %m"); @@ -266,8 +263,6 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo } int lsm_bpf_cleanup(const Unit *u) { - int fd = -1; - assert(u); assert(u->manager); @@ -277,7 +272,7 @@ int lsm_bpf_cleanup(const Unit *u) { if (!u->manager->restrict_fs) return 0; - fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash); + int fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash); if (fd < 0) return log_unit_error_errno(u, errno, "Failed to get BPF map fd: %m"); @@ -350,10 +345,10 @@ int lsm_bpf_parse_filesystem( } NULSTR_FOREACH(i, set->value) { - /* Call ourselves again, for the group to parse. Note that we downgrade logging here (i.e. take - * away the FILESYSTEM_PARSE_LOG flag) since any issues in the group table are our own problem, - * not a problem in user configuration data and we shouldn't pretend otherwise by complaining - * about them. */ + /* Call ourselves again, for the group to parse. Note that we downgrade logging here + * (i.e. take away the FILESYSTEM_PARSE_LOG flag) since any issues in the group table + * are our own problem, not a problem in user configuration data and we shouldn't + * pretend otherwise by complaining about them. */ r = lsm_bpf_parse_filesystem(i, filesystems, flags &~ FILESYSTEM_PARSE_LOG, unit, filename, line); if (r < 0) return r; @@ -363,16 +358,10 @@ int lsm_bpf_parse_filesystem( * we want to allow it, then remove it from the list. */ if (!(flags & FILESYSTEM_PARSE_INVERT) == !!(flags & FILESYSTEM_PARSE_ALLOW_LIST)) { r = set_put_strdup(filesystems, name); - if (r < 0) - switch (r) { - case -ENOMEM: - return flags & FILESYSTEM_PARSE_LOG ? log_oom() : -ENOMEM; - case -EEXIST: - /* Already in set, ignore */ - break; - default: - return r; - } + if (r == -ENOMEM) + return flags & FILESYSTEM_PARSE_LOG ? log_oom() : -ENOMEM; + if (r < 0 && r != -EEXIST) /* When already in set, ignore */ + return r; } else free(set_remove(*filesystems, name)); } From 428425ddc6a8bbc656def875e21a690d5f984f1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Jan 2022 11:14:18 +0100 Subject: [PATCH 055/703] core/bpf: tighten handling of return values, improve messages The code was written unidiomatically, using r as a boolean value, and confusing errno and r in some places. AFAICS, there wasn't any actual problem: even in the one place where errno was used instead of r, it would almost certainly be initialized. It seems that some libbpf functions set errno, while others return the error, possibly encoded. Since there are almost no docs, the only way to know is to read the code of the function. To make matters worse, there is a global libbpf_mode which can be set to change the convention. With LIBBPF_STRICT_DIRECT_ERRS in libbpf_mode, some functions set errno while others return a negative error, and the only way to know is to read the code, except that the split is now different. We currently don't set LIBBPF_STRICT_DIRECT_ERRS, but even the possibility makes everything harder to grok. This is all very error-prone. Let's at least add some asserts to make sure that the returned values are as expected. (cherry picked from commit b7cba81553d0d958f23182ba9ab1739842ff9f5a) --- src/core/bpf-lsm.c | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 8689efb1412..79d17b0751e 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -64,10 +64,10 @@ static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) { /* TODO Maybe choose a number based on runtime information? */ r = sym_bpf_map__resize(obj->maps.cgroup_hash, CGROUP_HASH_SIZE_MAX); - if (r != 0) - return log_error_errno(r, - "Failed to resize BPF map '%s': %m", - sym_bpf_map__name(obj->maps.cgroup_hash)); + assert(r <= 0); + if (r < 0) + return log_error_errno(r, "Failed to resize BPF map '%s': %m", + sym_bpf_map__name(obj->maps.cgroup_hash)); /* Dummy map to satisfy the verifier */ inner_map_fd = sym_bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(uint32_t), 128, 0); @@ -75,11 +75,13 @@ static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) { return log_error_errno(errno, "Failed to create BPF map: %m"); r = sym_bpf_map__set_inner_map_fd(obj->maps.cgroup_hash, inner_map_fd); + assert(r <= 0); if (r < 0) return log_error_errno(r, "Failed to set inner map fd: %m"); r = restrict_fs_bpf__load(obj); - if (r) + assert(r <= 0); + if (r < 0) return log_error_errno(r, "Failed to load BPF object"); *ret_obj = TAKE_PTR(obj); @@ -99,9 +101,8 @@ static int mac_bpf_use(void) { r = read_one_line_file("/sys/kernel/security/lsm", &lsm_list); if (r < 0) { - if (errno != ENOENT) - log_debug_errno(r, "Failed to read /sys/kernel/security/lsm, ignoring: %m"); - + if (r != -ENOENT) + log_notice_errno(r, "Failed to read /sys/kernel/security/lsm, assuming bpf is unavailable: %m"); return 0; } @@ -110,21 +111,17 @@ static int mac_bpf_use(void) { r = extract_first_word(&p, &word, ",", 0); if (r == 0) - break; + return 0; if (r == -ENOMEM) return log_oom(); if (r < 0) { - log_debug_errno(r, "Failed to parse /sys/kernel/security/lsm, ignoring: %m"); + log_notice_errno(r, "Failed to parse /sys/kernel/security/lsm, assuming bpf is unavailable: %m"); return 0; } - if (streq(word, "bpf")) { - cached_use = 1; - break; - } + if (streq(word, "bpf")) + return cached_use = 1; } - - return cached_use; } int lsm_bpf_supported(void) { From 95a43a476f31f917bc4703d0ca0e07978bb7b7a7 Mon Sep 17 00:00:00 2001 From: Julia Kartseva Date: Wed, 5 Jan 2022 16:34:56 -0800 Subject: [PATCH 056/703] bpf: do not freeze if bpf lsm fails to set up BPF LSM is cgroup unaware and it's set up is happening in core manager. It occures that the current implementation is too restrictive and causes pid 1 to freeze. Instead: * in bpf_lsm_setup set manager->restrict_fs pointer last, so it is an indicator that the set up was successful * check for manager->restrict_fs before applying unit options (cherry picked from commit 299d9417238e0727a48ebaabb5a9de0c908ec5c8) --- src/core/bpf-lsm.c | 15 +++++++++------ src/core/execute.c | 7 +++++++ src/core/manager.c | 2 +- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 79d17b0751e..e0333963c53 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -176,7 +176,7 @@ int lsm_bpf_supported(void) { } int lsm_bpf_setup(Manager *m) { - struct restrict_fs_bpf *obj; + _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL; _cleanup_(bpf_link_freep) struct bpf_link *link = NULL; int r; @@ -186,17 +186,16 @@ int lsm_bpf_setup(Manager *m) { if (r < 0) return r; - m->restrict_fs = obj; - - link = sym_bpf_program__attach_lsm(m->restrict_fs->progs.restrict_filesystems); + link = sym_bpf_program__attach_lsm(obj->progs.restrict_filesystems); r = sym_libbpf_get_error(link); if (r != 0) return log_error_errno(r, "Failed to link '%s' LSM BPF program: %m", - sym_bpf_program__name(m->restrict_fs->progs.restrict_filesystems)); + sym_bpf_program__name(obj->progs.restrict_filesystems)); log_info("LSM BPF program attached"); - m->restrict_fs->links.restrict_filesystems = TAKE_PTR(link); + obj->links.restrict_filesystems = TAKE_PTR(link); + m->restrict_fs = TAKE_PTR(obj); return 0; } @@ -210,6 +209,10 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo assert(filesystems); assert(u); + if (!u->manager->restrict_fs) + return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), + "Restrict filesystems BPF object is not set, BPF LSM setup has failed?"); + int inner_map_fd = sym_bpf_create_map( BPF_MAP_TYPE_HASH, sizeof(uint32_t), diff --git a/src/core/execute.c b/src/core/execute.c index e3b9134c3d6..4c96c30cf47 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1732,9 +1732,16 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) { #if HAVE_LIBBPF static bool skip_lsm_bpf_unsupported(const Unit* u, const char* msg) { + assert(u); + assert(u->manager); + if (lsm_bpf_supported()) return false; + /* lsm_bpf_setup succeeded */ + if (u->manager->restrict_fs) + return false; + log_unit_debug(u, "LSM BPF not supported, skipping %s", msg); return true; } diff --git a/src/core/manager.c b/src/core/manager.c index 601e15f6892..12c49e7fca4 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -933,7 +933,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported()) { r = lsm_bpf_setup(m); if (r < 0) - return r; + log_warning_errno(r, "Failed to setup LSM BPF, ignoring: %m"); } #endif } From 435bd3077ab807e61f2777626edb540dae1025f5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 08:05:26 +0900 Subject: [PATCH 057/703] util: move on_ac_power() from util.c -> udev-util.c (cherry picked from commit 06795b02e386763ca919bb4cd03990b9036e2e0a) --- src/ac-power/ac-power.c | 2 +- src/basic/util.c | 60 ------------------------------------- src/basic/util.h | 2 -- src/shared/condition.c | 2 +- src/shared/udev-util.c | 62 +++++++++++++++++++++++++++++++++++++++ src/shared/udev-util.h | 2 ++ src/test/test-condition.c | 1 + 7 files changed, 67 insertions(+), 64 deletions(-) diff --git a/src/ac-power/ac-power.c b/src/ac-power/ac-power.c index c4bfe7cb18e..12379df344f 100644 --- a/src/ac-power/ac-power.c +++ b/src/ac-power/ac-power.c @@ -3,7 +3,7 @@ #include #include "main-func.h" -#include "util.h" +#include "udev-util.h" static bool arg_verbose = false; diff --git a/src/basic/util.c b/src/basic/util.c index 3aecb22fc4d..d7ef382737e 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -6,7 +6,6 @@ #include "alloc-util.h" #include "build.h" -#include "dirent-util.h" #include "env-file.h" #include "env-util.h" #include "fd-util.h" @@ -115,65 +114,6 @@ void in_initrd_force(bool value) { saved_in_initrd = value; } -int on_ac_power(void) { - bool found_offline = false, found_online = false; - _cleanup_closedir_ DIR *d = NULL; - int r; - - d = opendir("/sys/class/power_supply"); - if (!d) - return errno == ENOENT ? true : -errno; - - FOREACH_DIRENT(de, d, return -errno) { - _cleanup_close_ int device_fd = -1; - _cleanup_free_ char *contents = NULL; - unsigned v; - - device_fd = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC); - if (device_fd < 0) { - if (IN_SET(errno, ENOENT, ENOTDIR)) - continue; - - return -errno; - } - - r = read_virtual_file_at(device_fd, "type", SIZE_MAX, &contents, NULL); - if (r == -ENOENT) - continue; - if (r < 0) - return r; - - delete_trailing_chars(contents, NEWLINE); - - /* We assume every power source is AC, except for batteries. See - * https://github.com/torvalds/linux/blob/4eef766b7d4d88f0b984781bc1bcb574a6eafdc7/include/linux/power_supply.h#L176 - * for defined power source types. Also see: - * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ - if (streq(contents, "Battery")) - continue; - - contents = mfree(contents); - - r = read_virtual_file_at(device_fd, "online", SIZE_MAX, &contents, NULL); - if (r == -ENOENT) - continue; - if (r < 0) - return r; - - delete_trailing_chars(contents, NEWLINE); - - r = safe_atou(contents, &v); - if (r < 0) - return r; - if (v > 0) /* At least 1 and 2 are defined as different types of 'online' */ - found_online = true; - else - found_offline = true; - } - - return found_online || !found_offline; -} - int container_get_leader(const char *machine, pid_t *pid) { _cleanup_free_ char *s = NULL, *class = NULL; const char *p; diff --git a/src/basic/util.h b/src/basic/util.h index f5434c96418..94804f28e3f 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -20,8 +20,6 @@ int prot_from_flags(int flags) _const_; bool in_initrd(void); void in_initrd_force(bool value); -int on_ac_power(void); - /* Note: log2(0) == log2(1) == 0 here and below. */ #define CONST_LOG2ULL(x) ((x) > 1 ? (unsigned) __builtin_clzll(x) ^ 63U : 0) diff --git a/src/shared/condition.c b/src/shared/condition.c index 44e26775db8..68fbbf643a9 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -50,9 +50,9 @@ #include "string-table.h" #include "string-util.h" #include "tomoyo-util.h" +#include "udev-util.h" #include "uid-alloc-range.h" #include "user-util.h" -#include "util.h" #include "virt.h" Condition* condition_new(ConditionType type, const char *parameter, bool trigger, bool negate) { diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 27dfd11a6a7..73ca886fb30 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -2,6 +2,7 @@ #include #include +#include #include #include @@ -9,10 +10,12 @@ #include "device-nodes.h" #include "device-private.h" #include "device-util.h" +#include "dirent-util.h" #include "env-file.h" #include "errno-util.h" #include "escape.h" #include "fd-util.h" +#include "fileio.h" #include "log.h" #include "macro.h" #include "parse-util.h" @@ -579,3 +582,62 @@ int udev_queue_init(void) { return TAKE_FD(fd); } + +int on_ac_power(void) { + bool found_offline = false, found_online = false; + _cleanup_closedir_ DIR *d = NULL; + int r; + + d = opendir("/sys/class/power_supply"); + if (!d) + return errno == ENOENT ? true : -errno; + + FOREACH_DIRENT(de, d, return -errno) { + _cleanup_close_ int device_fd = -1; + _cleanup_free_ char *contents = NULL; + unsigned v; + + device_fd = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC); + if (device_fd < 0) { + if (IN_SET(errno, ENOENT, ENOTDIR)) + continue; + + return -errno; + } + + r = read_virtual_file_at(device_fd, "type", SIZE_MAX, &contents, NULL); + if (r == -ENOENT) + continue; + if (r < 0) + return r; + + delete_trailing_chars(contents, NEWLINE); + + /* We assume every power source is AC, except for batteries. See + * https://github.com/torvalds/linux/blob/4eef766b7d4d88f0b984781bc1bcb574a6eafdc7/include/linux/power_supply.h#L176 + * for defined power source types. Also see: + * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ + if (streq(contents, "Battery")) + continue; + + contents = mfree(contents); + + r = read_virtual_file_at(device_fd, "online", SIZE_MAX, &contents, NULL); + if (r == -ENOENT) + continue; + if (r < 0) + return r; + + delete_trailing_chars(contents, NEWLINE); + + r = safe_atou(contents, &v); + if (r < 0) + return r; + if (v > 0) /* At least 1 and 2 are defined as different types of 'online' */ + found_online = true; + else + found_offline = true; + } + + return found_online || !found_offline; +} diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h index 276686da808..8d21dc43647 100644 --- a/src/shared/udev-util.h +++ b/src/shared/udev-util.h @@ -53,6 +53,8 @@ int udev_resolve_subsys_kernel(const char *string, char *result, size_t maxsize, int udev_queue_is_empty(void); int udev_queue_init(void); +int on_ac_power(void); + #if HAVE_SYS_SDT_H /* Each trace point can have different number of additional arguments. Note that when the macro is used only diff --git a/src/test/test-condition.c b/src/test/test-condition.c index 4b22784d178..c872a6c2b9d 100644 --- a/src/test/test-condition.c +++ b/src/test/test-condition.c @@ -33,6 +33,7 @@ #include "strv.h" #include "tests.h" #include "tomoyo-util.h" +#include "udev-util.h" #include "uid-alloc-range.h" #include "user-util.h" #include "virt.h" From dbfaed242ef889b62598938c622879fdd893a8d6 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 08:29:00 +0900 Subject: [PATCH 058/703] udev-util: re-implement on_ac_power() with sd-device (cherry picked from commit 01d4ad3bde9efbbc5856846fea328ee9bbcef87e) --- src/shared/udev-util.c | 73 ++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 34 deletions(-) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 73ca886fb30..800493afe9e 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -2,7 +2,6 @@ #include #include -#include #include #include @@ -10,12 +9,10 @@ #include "device-nodes.h" #include "device-private.h" #include "device-util.h" -#include "dirent-util.h" #include "env-file.h" #include "errno-util.h" #include "escape.h" #include "fd-util.h" -#include "fileio.h" #include "log.h" #include "macro.h" #include "parse-util.h" @@ -584,60 +581,68 @@ int udev_queue_init(void) { } int on_ac_power(void) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; bool found_offline = false, found_online = false; - _cleanup_closedir_ DIR *d = NULL; + sd_device *d; int r; - d = opendir("/sys/class/power_supply"); - if (!d) - return errno == ENOENT ? true : -errno; + r = sd_device_enumerator_new(&e); + if (r < 0) + return r; - FOREACH_DIRENT(de, d, return -errno) { - _cleanup_close_ int device_fd = -1; - _cleanup_free_ char *contents = NULL; - unsigned v; + r = sd_device_enumerator_allow_uninitialized(e); + if (r < 0) + return r; - device_fd = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC); - if (device_fd < 0) { - if (IN_SET(errno, ENOENT, ENOTDIR)) - continue; + r = sd_device_enumerator_add_match_subsystem(e, "power_supply", true); + if (r < 0) + return r; - return -errno; - } + FOREACH_DEVICE(e, d) { + const char *val; + unsigned v; - r = read_virtual_file_at(device_fd, "type", SIZE_MAX, &contents, NULL); - if (r == -ENOENT) + r = sd_device_get_sysattr_value(d, "type", &val); + if (r < 0) { + log_device_debug_errno(d, r, "Failed to read 'type' sysfs attribute, ignoring: %m"); continue; - if (r < 0) - return r; - - delete_trailing_chars(contents, NEWLINE); + } /* We assume every power source is AC, except for batteries. See * https://github.com/torvalds/linux/blob/4eef766b7d4d88f0b984781bc1bcb574a6eafdc7/include/linux/power_supply.h#L176 * for defined power source types. Also see: * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ - if (streq(contents, "Battery")) + if (streq(val, "Battery")) { + log_device_debug(d, "The power supply is battery, ignoring."); continue; + } - contents = mfree(contents); - - r = read_virtual_file_at(device_fd, "online", SIZE_MAX, &contents, NULL); - if (r == -ENOENT) + r = sd_device_get_sysattr_value(d, "online", &val); + if (r < 0) { + log_device_debug_errno(d, r, "Failed to read 'online' sysfs attribute, ignoring: %m"); continue; - if (r < 0) - return r; + } - delete_trailing_chars(contents, NEWLINE); + r = safe_atou(val, &v); + if (r < 0) { + log_device_debug_errno(d, r, "Failed to parse 'online' attribute, ignoring: %m"); + continue; + } - r = safe_atou(contents, &v); - if (r < 0) - return r; if (v > 0) /* At least 1 and 2 are defined as different types of 'online' */ found_online = true; else found_offline = true; + + log_device_debug(d, "The power supply is currently %s.", v > 0 ? "online" : "offline"); } + if (found_online) + log_debug("Found at least one online non-battery power supply, system is running on AC power."); + else if (!found_offline) + log_debug("Found no offline non-battery power supply, assuming system is running on AC power."); + else + log_debug("All non-battery power supplies are offline, assuming system is running with battery."); + return found_online || !found_offline; } From 7a003166fb7cb7af0791f4888c37084b512054be Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 09:10:35 +0900 Subject: [PATCH 059/703] udev-util: ignore USB-C ports in power source mode when detecting system is running on AC power Fixes #21988. (cherry picked from commit 795e86b4f1e8a1fd440f8c817621779c6aedbdb5) --- src/shared/udev-util.c | 72 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 800493afe9e..56c28773ced 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -580,6 +580,66 @@ int udev_queue_init(void) { return TAKE_FD(fd); } +static int device_is_power_sink(sd_device *device) { + _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; + bool found_source = false, found_sink = false; + sd_device *parent, *d; + int r; + + assert(device); + + /* USB-C power supply device has two power roles: source or sink. See, + * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-typec */ + + r = sd_device_enumerator_new(&e); + if (r < 0) + return r; + + r = sd_device_enumerator_allow_uninitialized(e); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_subsystem(e, "typec", true); + if (r < 0) + return r; + + r = sd_device_get_parent(device, &parent); + if (r < 0) + return r; + + r = sd_device_enumerator_add_match_parent(e, parent); + if (r < 0) + return r; + + FOREACH_DEVICE(e, d) { + const char *val; + + r = sd_device_get_sysattr_value(d, "power_role", &val); + if (r < 0) { + if (r != -ENOENT) + log_device_debug_errno(d, r, "Failed to read 'power_role' sysfs attribute, ignoring: %m"); + continue; + } + + if (strstr(val, "[source]")) { + found_source = true; + log_device_debug(d, "The USB type-C port is in power source mode."); + } else if (strstr(val, "[sink]")) { + found_sink = true; + log_device_debug(d, "The USB type-C port is in power sink mode."); + } + } + + if (found_sink) + log_device_debug(device, "The USB type-C device has at least one port in power sink mode."); + else if (!found_source) + log_device_debug(device, "The USB type-C device has no port in power source mode, assuming the device is in power sink mode."); + else + log_device_debug(device, "All USB type-C ports are in power source mode."); + + return found_sink || !found_source; +} + int on_ac_power(void) { _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; bool found_offline = false, found_online = false; @@ -617,6 +677,18 @@ int on_ac_power(void) { continue; } + /* Ignore USB-C power supply in source mode. See issue #21988. */ + if (streq(val, "USB")) { + r = device_is_power_sink(d); + if (r <= 0) { + if (r < 0) + log_device_debug_errno(d, r, "Failed to determine the current power role, ignoring: %m"); + else + log_device_debug(d, "USB power supply is in source mode, ignoring."); + continue; + } + } + r = sd_device_get_sysattr_value(d, "online", &val); if (r < 0) { log_device_debug_errno(d, r, "Failed to read 'online' sysfs attribute, ignoring: %m"); From 11f3040d0a1eee663acedda1bdb9aa450c22f2a4 Mon Sep 17 00:00:00 2001 From: Markus Weippert Date: Tue, 4 Jan 2022 13:56:11 +0100 Subject: [PATCH 060/703] homed: stop before stopping dbus Otherwise, systemd-homed-active.service will fail to deactivate all homes because homectl can no longer talk to homed if dbus stops first. As a result, /home cannot be umounted. Doing this on systemd-homed-active.service instead works as well, but systemd-homed will exit 1 if dbus is already shut down. (cherry picked from commit e00a25a7b41bd45ab73b47cbd94b3af909b8f8a1) --- units/systemd-homed.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in index b03c6879c9a..c2f8548897e 100644 --- a/units/systemd-homed.service.in +++ b/units/systemd-homed.service.in @@ -12,7 +12,7 @@ Description=Home Area Manager Documentation=man:systemd-homed.service(8) Documentation=man:org.freedesktop.home1(5) -After=home.mount +After=home.mount dbus.service [Service] BusName=org.freedesktop.home1 From d0e98b7a1211412dccfcf4dcd2cc0772ac70b304 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 5 Jan 2022 14:07:14 -0800 Subject: [PATCH 061/703] kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT This restores the preference order from before 9e82a74. The code previous to that change 'preferred' /boot over /boot/efi; that commit changed it to check /boot/efi before checking /boot. Changing this precedence could (and did, for me) have unexpected effects - it seems safer to leave it how it was. Signed-off-by: Adam Williamson (cherry picked from commit a5307e173bf86d695fe85b8e15e91126e8618a14) --- src/kernel-install/kernel-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install index b358b03b2ff..d85852532b6 100755 --- a/src/kernel-install/kernel-install +++ b/src/kernel-install/kernel-install @@ -108,7 +108,7 @@ fi [ -z "$MACHINE_ID" ] && MACHINE_ID="Default" [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do - for pref in "/efi" "/boot/efi" "/boot"; do + for pref in "/efi" "/boot" "/boot/efi" ; do if [ -d "$pref/$suff" ]; then BOOT_ROOT="$pref" break 2 From 7ca41c509e6549abbfc753e560c822b5e32a63cc Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 19:24:46 +0900 Subject: [PATCH 062/703] fstab-generator: skip root directory handling when nfsroot is requested Fixes RHBZ#2037233 (https://bugzilla.redhat.com/show_bug.cgi?id=2037233). (cherry picked from commit 77b8e92de8264c0b656a7d2fb437dd8d598ab597) --- src/fstab-generator/fstab-generator.c | 59 ++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c index 63113ea659c..4b254b087df 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -10,6 +10,7 @@ #include "fileio.h" #include "fstab-util.h" #include "generator.h" +#include "in-addr-util.h" #include "log.h" #include "main-func.h" #include "mkdir.h" @@ -691,6 +692,57 @@ static int parse_fstab(bool initrd) { return r; } +static int sysroot_is_nfsroot(void) { + union in_addr_union u; + const char *sep, *a; + int r; + + assert(arg_root_what); + + /* From dracut.cmdline(7). + * + * root=[:][:] + * root=nfs:[:][:], + * root=nfs4:[:][:], + * root={dhcp|dhcp6} + * + * mount nfs share from :/, if no server-ip is given, use dhcp next_server. + * If server-ip is an IPv6 address it has to be put in brackets, e.g. [2001:DB8::1]. NFS options + * can be appended with the prefix ":" or "," and are separated by ",". */ + + if (path_equal(arg_root_what, "/dev/nfs") || + STR_IN_SET(arg_root_what, "dhcp", "dhcp6") || + STARTSWITH_SET(arg_root_what, "nfs:", "nfs4:")) + return true; + + /* IPv6 address */ + if (arg_root_what[0] == '[') { + sep = strchr(arg_root_what + 1, ']'); + if (!sep) + return -EINVAL; + + a = strndupa(arg_root_what + 1, sep - arg_root_what - 1); + + r = in_addr_from_string(AF_INET6, a, &u); + if (r < 0) + return r; + + return true; + } + + /* IPv4 address */ + sep = strchr(arg_root_what, ':'); + if (sep) { + a = strndupa(arg_root_what, sep - arg_root_what); + + if (in_addr_from_string(AF_INET, a, &u) >= 0) + return true; + } + + /* root directory without address */ + return path_is_absolute(arg_root_what) && !path_startswith(arg_root_what, "/dev"); +} + static int add_sysroot_mount(void) { _cleanup_free_ char *what = NULL; const char *opts, *fstype; @@ -708,9 +760,12 @@ static int add_sysroot_mount(void) { return 0; } - if (path_equal(arg_root_what, "/dev/nfs")) { + r = sysroot_is_nfsroot(); + if (r < 0) + log_debug_errno(r, "Failed to determine if the root directory is on NFS, assuming not: %m"); + else if (r > 0) { /* This is handled by the kernel or the initrd */ - log_debug("Skipping root directory handling, as /dev/nfs was requested."); + log_debug("Skipping root directory handling, as root on NFS was requested."); return 0; } From 41134e766aa2a0f6f013d46689215c5ec86a7e5d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 5 Jan 2022 22:06:03 +0900 Subject: [PATCH 063/703] fstab-generator: also skip other network filesystems and live image (cherry picked from commit 155e1bb4e7cf87191007488cf6a68a558a16eca1) --- src/fstab-generator/fstab-generator.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c index 4b254b087df..9b32383a766 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -769,6 +769,21 @@ static int add_sysroot_mount(void) { return 0; } + if (startswith(arg_root_what, "cifs://")) { + log_debug("Skipping root directory handling, as root on CIFS was requested."); + return 0; + } + + if (startswith(arg_root_what, "iscsi:")) { + log_debug("Skipping root directory handling, as root on iSCSI was requested."); + return 0; + } + + if (startswith(arg_root_what, "live:")) { + log_debug("Skipping root directory handling, as root on live image was requested."); + return 0; + } + if (streq(arg_root_what, "tmpfs")) { /* If root=tmpfs is specified, then take this as shortcut for a writable tmpfs mount as root */ From c6e4d8d9bd5d94f95d99b143540b86b020d64db1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 6 Jan 2022 19:04:54 +0900 Subject: [PATCH 064/703] meson: install test-network-generator-conversion.sh even if networkd is not enabled Follow-up for 987dd89c775815831ae21736fe60aef59cb7a6fa. (cherry picked from commit b322e683acf3ca3c86ea38be8a8b20a29459ec5f) --- test/meson.build | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/test/meson.build b/test/meson.build index 7d94032d09e..95e61f827cf 100644 --- a/test/meson.build +++ b/test/meson.build @@ -127,11 +127,9 @@ if install_tests install_mode : 'rwxr-xr-x', install_dir : testsdir) - if conf.get('ENABLE_NETWORKD') == 1 - install_data('test-network-generator-conversion.sh', - install_mode : 'rwxr-xr-x', - install_dir : testsdir) - endif + install_data('test-network-generator-conversion.sh', + install_mode : 'rwxr-xr-x', + install_dir : testsdir) endif ############################################################ From 7dbfdefca31b2035e7c871f4e866442158429213 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 6 Jan 2022 20:12:27 +0900 Subject: [PATCH 065/703] test: add test cases for fstab-generator (cherry picked from commit 8cc8a073a834f3882b17115cd3e9a81f6a105898) --- meson.build | 9 ++++- test/meson.build | 8 ++++ test/test-fstab-generator.sh | 38 +++++++++++++++++++ test/test-fstab-generator/.gitattributes | 1 + .../sysroot.mount | 1 + .../test-01-dev-nfs.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-02-dhcp.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-03-dhcp6.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-04-nfs.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-05-nfs4.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-06-ipv4.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-07-ipv6.input | 1 + .../sysroot.mount | 1 + .../test-08-implicit-nfs.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-09-cifs.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-10-iscsi.input | 1 + .../sysroot.mount | 1 + test/test-fstab-generator/test-11-live.input | 1 + .../50-root-device.conf | 5 +++ .../sysroot.mount | 1 + .../sysroot.mount | 1 + .../test-12-dev-sdx.expected/sysroot.mount | 14 +++++++ .../systemd-fsck-root.service | 16 ++++++++ .../test-12-dev-sdx.input | 1 + .../50-root-device.conf | 5 +++ .../sysroot.mount | 1 + .../sysroot.mount | 1 + .../test-13-label.expected/sysroot.mount | 14 +++++++ .../systemd-fsck-root.service | 16 ++++++++ test/test-fstab-generator/test-13-label.input | 1 + .../50-root-device.conf | 5 +++ .../sysroot.mount | 1 + .../sysroot.mount | 1 + .../test-14-uuid.expected/sysroot.mount | 14 +++++++ .../systemd-fsck-root.service | 16 ++++++++ test/test-fstab-generator/test-14-uuid.input | 1 + .../50-root-device.conf | 5 +++ .../sysroot.mount | 1 + .../sysroot.mount | 1 + .../test-15-partuuid.expected/sysroot.mount | 14 +++++++ .../systemd-fsck-root.service | 16 ++++++++ .../test-15-partuuid.input | 1 + .../sysroot.mount | 1 + .../sysroot.mount | 1 + .../test-16-tmpfs.expected/sysroot.mount | 12 ++++++ test/test-fstab-generator/test-16-tmpfs.input | 1 + 54 files changed, 244 insertions(+), 1 deletion(-) create mode 100755 test/test-fstab-generator.sh create mode 100644 test/test-fstab-generator/.gitattributes create mode 120000 test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-01-dev-nfs.input create mode 120000 test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-02-dhcp.input create mode 120000 test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-03-dhcp6.input create mode 120000 test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-04-nfs.input create mode 120000 test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-05-nfs4.input create mode 120000 test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-06-ipv4.input create mode 120000 test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-07-ipv6.input create mode 120000 test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-08-implicit-nfs.input create mode 120000 test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-09-cifs.input create mode 120000 test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-10-iscsi.input create mode 120000 test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-11-live.input create mode 100644 test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-device.target.d/50-root-device.conf create mode 120000 test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount create mode 120000 test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-12-dev-sdx.expected/sysroot.mount create mode 100644 test/test-fstab-generator/test-12-dev-sdx.expected/systemd-fsck-root.service create mode 100644 test/test-fstab-generator/test-12-dev-sdx.input create mode 100644 test/test-fstab-generator/test-13-label.expected/initrd-root-device.target.d/50-root-device.conf create mode 120000 test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount create mode 120000 test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-13-label.expected/sysroot.mount create mode 100644 test/test-fstab-generator/test-13-label.expected/systemd-fsck-root.service create mode 100644 test/test-fstab-generator/test-13-label.input create mode 100644 test/test-fstab-generator/test-14-uuid.expected/initrd-root-device.target.d/50-root-device.conf create mode 120000 test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount create mode 120000 test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-14-uuid.expected/sysroot.mount create mode 100644 test/test-fstab-generator/test-14-uuid.expected/systemd-fsck-root.service create mode 100644 test/test-fstab-generator/test-14-uuid.input create mode 100644 test/test-fstab-generator/test-15-partuuid.expected/initrd-root-device.target.d/50-root-device.conf create mode 120000 test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount create mode 120000 test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-15-partuuid.expected/sysroot.mount create mode 100644 test/test-fstab-generator/test-15-partuuid.expected/systemd-fsck-root.service create mode 100644 test/test-fstab-generator/test-15-partuuid.input create mode 120000 test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount create mode 120000 test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount create mode 100644 test/test-fstab-generator/test-16-tmpfs.expected/sysroot.mount create mode 100644 test/test-fstab-generator/test-16-tmpfs.input diff --git a/meson.build b/meson.build index c6f71673f13..e07875a0543 100644 --- a/meson.build +++ b/meson.build @@ -2123,7 +2123,7 @@ executable( install : true, install_dir : systemgeneratordir) -executable( +exe = executable( 'systemd-fstab-generator', 'src/fstab-generator/fstab-generator.c', include_directories : includes, @@ -2132,6 +2132,13 @@ executable( install : true, install_dir : systemgeneratordir) +if want_tests != 'false' + test('test-fstab-generator', + test_fstab_generator_sh, + # https://github.com/mesonbuild/meson/issues/2681 + args : exe.full_path()) +endif + if conf.get('ENABLE_ENVIRONMENT_D') == 1 executable( '30-systemd-environment-d-generator', diff --git a/test/meson.build b/test/meson.build index 95e61f827cf..8de1043e170 100644 --- a/test/meson.build +++ b/test/meson.build @@ -12,6 +12,9 @@ if install_tests install_subdir('test-execute', exclude_files : '.gitattributes', install_dir : testdata_dir) + install_subdir('test-fstab-generator', + exclude_files : '.gitattributes', + install_dir : testdata_dir) install_subdir('test-path', exclude_files : '.gitattributes', install_dir : testdata_dir) @@ -83,6 +86,7 @@ if install_tests install_dir : testdata_dir) endif +test_fstab_generator_sh = find_program('test-fstab-generator.sh') test_network_generator_conversion_sh = find_program('test-network-generator-conversion.sh') test_systemd_tmpfiles_py = find_program('test-systemd-tmpfiles.py') hwdb_test_sh = find_program('hwdb-test.sh') @@ -127,6 +131,10 @@ if install_tests install_mode : 'rwxr-xr-x', install_dir : testsdir) + install_data('test-fstab-generator.sh', + install_mode : 'rwxr-xr-x', + install_dir : testsdir) + install_data('test-network-generator-conversion.sh', install_mode : 'rwxr-xr-x', install_dir : testsdir) diff --git a/test/test-fstab-generator.sh b/test/test-fstab-generator.sh new file mode 100755 index 00000000000..a27c397cce1 --- /dev/null +++ b/test/test-fstab-generator.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -ex + +if [[ -n "$1" ]]; then + generator=$1 +elif [[ -x /usr/lib/systemd/system-generators/systemd-fstab-generator ]]; then + generator=/usr/lib/systemd/system-generators/systemd-fstab-generator +elif [[ -x /lib/systemd/system-generators/systemd-fstab-generator ]]; then + generator=/lib/systemd/system-generators/systemd-fstab-generator +else + exit 1 +fi + +src="$(dirname "$0")/testdata/test-fstab-generator" + +for f in "$src"/test-*.input; do + echo "*** Running $f" + + ( + out=$(mktemp --tmpdir --directory "test-fstab-generator.XXXXXXXXXX") + # shellcheck disable=SC2064 + trap "rm -rf '$out'" EXIT INT QUIT PIPE + + # shellcheck disable=SC2046 + SYSTEMD_LOG_LEVEL=debug SYSTEMD_IN_INITRD=yes SYSTEMD_PROC_CMDLINE="fstab=no $(cat "$f")" $generator "$out" "$out" "$out" + + if [[ -f "$out"/systemd-fsck-root.service ]]; then + # For split-usr system + sed -i -e 's:ExecStart=/lib/systemd/systemd-fsck:ExecStart=/usr/lib/systemd/systemd-fsck:' "$out"/systemd-fsck-root.service + fi + + if ! diff -u "$out" "${f%.input}.expected"; then + echo "**** Unexpected output for $f" + exit 1 + fi + ) || exit 1 +done diff --git a/test/test-fstab-generator/.gitattributes b/test/test-fstab-generator/.gitattributes new file mode 100644 index 00000000000..6df434f423c --- /dev/null +++ b/test/test-fstab-generator/.gitattributes @@ -0,0 +1 @@ +* generated diff --git a/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-01-dev-nfs.input b/test/test-fstab-generator/test-01-dev-nfs.input new file mode 100644 index 00000000000..50a1230b744 --- /dev/null +++ b/test/test-fstab-generator/test-01-dev-nfs.input @@ -0,0 +1 @@ +root=/dev/nfs nfsroot=192.168.0.1:/nfsroot/root1:rw diff --git a/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-02-dhcp.input b/test/test-fstab-generator/test-02-dhcp.input new file mode 100644 index 00000000000..5aa159bafb6 --- /dev/null +++ b/test/test-fstab-generator/test-02-dhcp.input @@ -0,0 +1 @@ +root=dhcp diff --git a/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-03-dhcp6.input b/test/test-fstab-generator/test-03-dhcp6.input new file mode 100644 index 00000000000..f4c998ecdbd --- /dev/null +++ b/test/test-fstab-generator/test-03-dhcp6.input @@ -0,0 +1 @@ +root=dhcp6 diff --git a/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-04-nfs.input b/test/test-fstab-generator/test-04-nfs.input new file mode 100644 index 00000000000..6d2fb39db18 --- /dev/null +++ b/test/test-fstab-generator/test-04-nfs.input @@ -0,0 +1 @@ +root=nfs:/nfsroot/root1:rw diff --git a/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-05-nfs4.input b/test/test-fstab-generator/test-05-nfs4.input new file mode 100644 index 00000000000..0584069b96f --- /dev/null +++ b/test/test-fstab-generator/test-05-nfs4.input @@ -0,0 +1 @@ +root=nfs4:/nfsroot/root1:rw diff --git a/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-06-ipv4.input b/test/test-fstab-generator/test-06-ipv4.input new file mode 100644 index 00000000000..a4866630241 --- /dev/null +++ b/test/test-fstab-generator/test-06-ipv4.input @@ -0,0 +1 @@ +root=192.168.0.1:/nfsroot/root1:rw diff --git a/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-07-ipv6.input b/test/test-fstab-generator/test-07-ipv6.input new file mode 100644 index 00000000000..92b292c3d83 --- /dev/null +++ b/test/test-fstab-generator/test-07-ipv6.input @@ -0,0 +1 @@ +root=[2001:db8::1]:/nfsroot/root1:rw diff --git a/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-08-implicit-nfs.input b/test/test-fstab-generator/test-08-implicit-nfs.input new file mode 100644 index 00000000000..12aaa3fe90d --- /dev/null +++ b/test/test-fstab-generator/test-08-implicit-nfs.input @@ -0,0 +1 @@ +root=/nfsroot/root1:rw diff --git a/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-09-cifs.input b/test/test-fstab-generator/test-09-cifs.input new file mode 100644 index 00000000000..9d4af6a8356 --- /dev/null +++ b/test/test-fstab-generator/test-09-cifs.input @@ -0,0 +1 @@ +root=cifs://username:password@192.168.0.1:/cifsroot diff --git a/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-10-iscsi.input b/test/test-fstab-generator/test-10-iscsi.input new file mode 100644 index 00000000000..99327b1ff2b --- /dev/null +++ b/test/test-fstab-generator/test-10-iscsi.input @@ -0,0 +1 @@ +root=iscsi:username:password@servername::::tgt diff --git a/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-11-live.input b/test/test-fstab-generator/test-11-live.input new file mode 100644 index 00000000000..81f60ab24be --- /dev/null +++ b/test/test-fstab-generator/test-11-live.input @@ -0,0 +1 @@ +root=live:http://example.com/liveboot.img diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-device.target.d/50-root-device.conf b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-device.target.d/50-root-device.conf new file mode 100644 index 00000000000..47c42322235 --- /dev/null +++ b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-device.target.d/50-root-device.conf @@ -0,0 +1,5 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Requires=dev-sdx1.device +After=dev-sdx1.device diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/sysroot.mount new file mode 100644 index 00000000000..8f8ef486173 --- /dev/null +++ b/test/test-fstab-generator/test-12-dev-sdx.expected/sysroot.mount @@ -0,0 +1,14 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Documentation=man:fstab(5) man:systemd-fstab-generator(8) +SourcePath=/proc/cmdline +Before=initrd-root-fs.target +Requires=systemd-fsck-root.service +After=systemd-fsck-root.service +After=blockdev@dev-sdx1.target + +[Mount] +What=/dev/sdx1 +Where=/sysroot +Options=ro diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/systemd-fsck-root.service b/test/test-fstab-generator/test-12-dev-sdx.expected/systemd-fsck-root.service new file mode 100644 index 00000000000..7f914fdd145 --- /dev/null +++ b/test/test-fstab-generator/test-12-dev-sdx.expected/systemd-fsck-root.service @@ -0,0 +1,16 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Description=File System Check on /dev/sdx1 +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +BindsTo=dev-sdx1.device +Conflicts=shutdown.target +After=initrd-root-device.target local-fs-pre.target dev-sdx1.device +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/systemd/systemd-fsck /dev/sdx1 +TimeoutSec=0 diff --git a/test/test-fstab-generator/test-12-dev-sdx.input b/test/test-fstab-generator/test-12-dev-sdx.input new file mode 100644 index 00000000000..8aa56b5774a --- /dev/null +++ b/test/test-fstab-generator/test-12-dev-sdx.input @@ -0,0 +1 @@ +root=/dev/sdx1 diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-root-device.target.d/50-root-device.conf b/test/test-fstab-generator/test-13-label.expected/initrd-root-device.target.d/50-root-device.conf new file mode 100644 index 00000000000..eada96c231f --- /dev/null +++ b/test/test-fstab-generator/test-13-label.expected/initrd-root-device.target.d/50-root-device.conf @@ -0,0 +1,5 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Requires=dev-disk-by\x2dlabel-Root.device +After=dev-disk-by\x2dlabel-Root.device diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-13-label.expected/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/sysroot.mount new file mode 100644 index 00000000000..98698d5968a --- /dev/null +++ b/test/test-fstab-generator/test-13-label.expected/sysroot.mount @@ -0,0 +1,14 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Documentation=man:fstab(5) man:systemd-fstab-generator(8) +SourcePath=/proc/cmdline +Before=initrd-root-fs.target +Requires=systemd-fsck-root.service +After=systemd-fsck-root.service +After=blockdev@dev-disk-by\x2dlabel-Root.target + +[Mount] +What=/dev/disk/by-label/Root +Where=/sysroot +Options=ro diff --git a/test/test-fstab-generator/test-13-label.expected/systemd-fsck-root.service b/test/test-fstab-generator/test-13-label.expected/systemd-fsck-root.service new file mode 100644 index 00000000000..a1327396ca1 --- /dev/null +++ b/test/test-fstab-generator/test-13-label.expected/systemd-fsck-root.service @@ -0,0 +1,16 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Description=File System Check on /dev/disk/by-label/Root +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +BindsTo=dev-disk-by\x2dlabel-Root.device +Conflicts=shutdown.target +After=initrd-root-device.target local-fs-pre.target dev-disk-by\x2dlabel-Root.device +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/systemd/systemd-fsck /dev/disk/by-label/Root +TimeoutSec=0 diff --git a/test/test-fstab-generator/test-13-label.input b/test/test-fstab-generator/test-13-label.input new file mode 100644 index 00000000000..75a3696c417 --- /dev/null +++ b/test/test-fstab-generator/test-13-label.input @@ -0,0 +1 @@ +root=LABEL=Root diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-root-device.target.d/50-root-device.conf b/test/test-fstab-generator/test-14-uuid.expected/initrd-root-device.target.d/50-root-device.conf new file mode 100644 index 00000000000..67b84692b06 --- /dev/null +++ b/test/test-fstab-generator/test-14-uuid.expected/initrd-root-device.target.d/50-root-device.conf @@ -0,0 +1,5 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Requires=dev-disk-by\x2duuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device +After=dev-disk-by\x2duuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-14-uuid.expected/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/sysroot.mount new file mode 100644 index 00000000000..999acb0b23e --- /dev/null +++ b/test/test-fstab-generator/test-14-uuid.expected/sysroot.mount @@ -0,0 +1,14 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Documentation=man:fstab(5) man:systemd-fstab-generator(8) +SourcePath=/proc/cmdline +Before=initrd-root-fs.target +Requires=systemd-fsck-root.service +After=systemd-fsck-root.service +After=blockdev@dev-disk-by\x2duuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.target + +[Mount] +What=/dev/disk/by-uuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7 +Where=/sysroot +Options=ro diff --git a/test/test-fstab-generator/test-14-uuid.expected/systemd-fsck-root.service b/test/test-fstab-generator/test-14-uuid.expected/systemd-fsck-root.service new file mode 100644 index 00000000000..59455602875 --- /dev/null +++ b/test/test-fstab-generator/test-14-uuid.expected/systemd-fsck-root.service @@ -0,0 +1,16 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Description=File System Check on /dev/disk/by-uuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7 +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +BindsTo=dev-disk-by\x2duuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device +Conflicts=shutdown.target +After=initrd-root-device.target local-fs-pre.target dev-disk-by\x2duuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/systemd/systemd-fsck /dev/disk/by-uuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7 +TimeoutSec=0 diff --git a/test/test-fstab-generator/test-14-uuid.input b/test/test-fstab-generator/test-14-uuid.input new file mode 100644 index 00000000000..676246a8baa --- /dev/null +++ b/test/test-fstab-generator/test-14-uuid.input @@ -0,0 +1 @@ +root=UUID=3f5ad593-4546-4a94-a374-bcfb68aa11f7 diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-device.target.d/50-root-device.conf b/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-device.target.d/50-root-device.conf new file mode 100644 index 00000000000..583f47c5a92 --- /dev/null +++ b/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-device.target.d/50-root-device.conf @@ -0,0 +1,5 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Requires=dev-disk-by\x2dpartuuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device +After=dev-disk-by\x2dpartuuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-15-partuuid.expected/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/sysroot.mount new file mode 100644 index 00000000000..d10fb6ef761 --- /dev/null +++ b/test/test-fstab-generator/test-15-partuuid.expected/sysroot.mount @@ -0,0 +1,14 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Documentation=man:fstab(5) man:systemd-fstab-generator(8) +SourcePath=/proc/cmdline +Before=initrd-root-fs.target +Requires=systemd-fsck-root.service +After=systemd-fsck-root.service +After=blockdev@dev-disk-by\x2dpartuuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.target + +[Mount] +What=/dev/disk/by-partuuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7 +Where=/sysroot +Options=ro diff --git a/test/test-fstab-generator/test-15-partuuid.expected/systemd-fsck-root.service b/test/test-fstab-generator/test-15-partuuid.expected/systemd-fsck-root.service new file mode 100644 index 00000000000..aa1d455ecd0 --- /dev/null +++ b/test/test-fstab-generator/test-15-partuuid.expected/systemd-fsck-root.service @@ -0,0 +1,16 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Description=File System Check on /dev/disk/by-partuuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7 +Documentation=man:systemd-fsck-root.service(8) +DefaultDependencies=no +BindsTo=dev-disk-by\x2dpartuuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device +Conflicts=shutdown.target +After=initrd-root-device.target local-fs-pre.target dev-disk-by\x2dpartuuid-3f5ad593\x2d4546\x2d4a94\x2da374\x2dbcfb68aa11f7.device +Before=shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/lib/systemd/systemd-fsck /dev/disk/by-partuuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7 +TimeoutSec=0 diff --git a/test/test-fstab-generator/test-15-partuuid.input b/test/test-fstab-generator/test-15-partuuid.input new file mode 100644 index 00000000000..d59490d8443 --- /dev/null +++ b/test/test-fstab-generator/test-15-partuuid.input @@ -0,0 +1 @@ +root=PARTUUID=3f5ad593-4546-4a94-a374-bcfb68aa11f7 diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 120000 index 00000000000..0c969cdbd4a --- /dev/null +++ b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount @@ -0,0 +1 @@ +../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/sysroot.mount new file mode 100644 index 00000000000..6bd9a07f2c4 --- /dev/null +++ b/test/test-fstab-generator/test-16-tmpfs.expected/sysroot.mount @@ -0,0 +1,12 @@ +# Automatically generated by systemd-fstab-generator + +[Unit] +Documentation=man:fstab(5) man:systemd-fstab-generator(8) +SourcePath=/proc/cmdline +Before=initrd-root-fs.target + +[Mount] +What=rootfs +Where=/sysroot +Type=tmpfs +Options=rw diff --git a/test/test-fstab-generator/test-16-tmpfs.input b/test/test-fstab-generator/test-16-tmpfs.input new file mode 100644 index 00000000000..0d36184eb18 --- /dev/null +++ b/test/test-fstab-generator/test-16-tmpfs.input @@ -0,0 +1 @@ +root=tmpfs From d08f6ff204c8525f7533875128468afb8be60ae0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Jan 2022 15:23:55 +0100 Subject: [PATCH 066/703] seccomp: move arch_prctl to @default It was reported as used by the linker: > [It is] called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start. > My local call stack (with LTO): > > #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2) > #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2) > #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2) > #3 _start (/usr/lib64/ld-linux-x86-64.so.2) > > Looking through the source, I think it's this (links for glibc 2.34): > - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features. > - Then init_cpu_features calls get_cet_status. > - At last, get_cet_status invokes arch_prctl. Fixes #22033. (cherry picked from commit 5f02870a74aa3a758115cc9bd6d68f239caf8453) --- src/shared/seccomp-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index b70ad1f7ea7..32bd8aa73bd 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -286,6 +286,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .name = "@default", .help = "System calls that are always permitted", .value = + "arch_prctl\0" /* Used during platform-specific initialization by ld-linux.so. */ "brk\0" "cacheflush\0" "clock_getres\0" @@ -715,7 +716,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .name = "@process", .help = "Process control, execution, namespacing operations", .value = - "arch_prctl\0" "capget\0" /* Able to query arbitrary processes */ "clone\0" "clone3\0" From d1612a7163b2c2fa2499738040da39ab24ef1b63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Jan 2022 09:52:19 +0100 Subject: [PATCH 067/703] man: add missing example title in systemd.network(5) Also rename the file to match the example being extended. (cherry picked from commit 55ac274ef4c1661f3053ae3a709202c918365f3b) --- man/systemd.network.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 22aa30492de..197e0dad1da 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -4554,10 +4554,10 @@ Bridge=bridge0 - + Bridge port with VLAN forwarding -# /etc/systemd/network/20-bridge-slave-interface-vlan.network +# /etc/systemd/network/25-bridge-slave-interface-1.network [Match] Name=enp2s0 From 76e23c1cbe4dfd4276d50856f54b18410ea49b30 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 9 Jan 2022 14:00:25 +0000 Subject: [PATCH 068/703] test: store empty files rather than symlinks for test-fstab-generator Dangling symlinks get pruned when packaging up the installation directory. Just store empty files instead, and compare the names rather than the content for .requires/.wants - the filename is what is important anyway, the content is ignored. Fixes #22059 (cherry picked from commit e683878c0f03a4ffa123e37b27933fbf7e144901) --- test/test-fstab-generator.sh | 6 ++++-- .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-root-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-root-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-root-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-root-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - .../initrd-root-fs.target.requires/sysroot.mount | 1 - .../initrd-usr-fs.target.requires/sysroot.mount | 1 - 22 files changed, 4 insertions(+), 23 deletions(-) mode change 120000 => 100644 test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount mode change 120000 => 100644 test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount diff --git a/test/test-fstab-generator.sh b/test/test-fstab-generator.sh index a27c397cce1..0c977645e3f 100755 --- a/test/test-fstab-generator.sh +++ b/test/test-fstab-generator.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # SPDX-License-Identifier: LGPL-2.1-or-later -set -ex +set -e if [[ -n "$1" ]]; then generator=$1 @@ -30,7 +30,9 @@ for f in "$src"/test-*.input; do sed -i -e 's:ExecStart=/lib/systemd/systemd-fsck:ExecStart=/usr/lib/systemd/systemd-fsck:' "$out"/systemd-fsck-root.service fi - if ! diff -u "$out" "${f%.input}.expected"; then + # We store empty files rather than symlinks, so that they don't get pruned when packaged up, so compare + # the list of filenames rather than their content + if ! diff -u <(find "$out" -printf '%P\n' | sort) <(find "${f%.input}.expected" -printf '%P\n' | sort); then echo "**** Unexpected output for $f" exit 1 fi diff --git a/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount deleted file mode 120000 index 0c969cdbd4a..00000000000 --- a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount +++ /dev/null @@ -1 +0,0 @@ -../sysroot.mount \ No newline at end of file diff --git a/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount b/test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount new file mode 100644 index 00000000000..e69de29bb2d From 8ec64d07783616a23dfff5911f13d5611e213d6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Jan 2022 19:24:49 +0100 Subject: [PATCH 069/703] bpf: actually skip RestrictFileSystems= when not supported Units would fail to start, incl. systemd-journald.service and systemd-udevd.service. Since unit->manager->restrict_fs will be set if and only if we can use it, we can just check for that and remove the other checks. Follow-up for 299d9417238e0727a48ebaabb5a9de0c908ec5c8. (cherry picked from commit 46004616a12dcdaf11020b8d58f956a006c9d9cf) --- src/core/execute.c | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index 4c96c30cf47..16f346f3396 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1731,21 +1731,6 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) { #endif #if HAVE_LIBBPF -static bool skip_lsm_bpf_unsupported(const Unit* u, const char* msg) { - assert(u); - assert(u->manager); - - if (lsm_bpf_supported()) - return false; - - /* lsm_bpf_setup succeeded */ - if (u->manager->restrict_fs) - return false; - - log_unit_debug(u, "LSM BPF not supported, skipping %s", msg); - return true; -} - static int apply_restrict_filesystems(Unit *u, const ExecContext *c) { assert(u); assert(c); @@ -1753,8 +1738,11 @@ static int apply_restrict_filesystems(Unit *u, const ExecContext *c) { if (!exec_context_restrict_filesystems_set(c)) return 0; - if (skip_lsm_bpf_unsupported(u, "RestrictFileSystems=")) + if (!u->manager->restrict_fs) { + /* LSM BPF is unsupported or lsm_bpf_setup failed */ + log_unit_debug(u, "LSM BPF not supported, skipping RestrictFileSystems="); return 0; + } return lsm_bpf_unit_restrict_filesystems(u, c->restrict_filesystems, c->restrict_filesystems_allow_list); } @@ -3975,13 +3963,11 @@ static int exec_child( } #if HAVE_LIBBPF - if (MANAGER_IS_SYSTEM(unit->manager) && lsm_bpf_supported()) { - int bpf_map_fd = -1; - - bpf_map_fd = lsm_bpf_map_restrict_fs_fd(unit); + if (unit->manager->restrict_fs) { + int bpf_map_fd = lsm_bpf_map_restrict_fs_fd(unit); if (bpf_map_fd < 0) { *exit_status = EXIT_FDS; - return log_unit_error_errno(unit, r, "Failed to get restrict filesystems BPF map fd: %m"); + return log_unit_error_errno(unit, bpf_map_fd, "Failed to get restrict filesystems BPF map fd: %m"); } r = add_shifted_fd(keep_fds, ELEMENTSOF(keep_fds), &n_keep_fds, bpf_map_fd, &bpf_map_fd); From 3c5c13f82c760c7067bb189484e1f672ff6713f6 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Sun, 9 Jan 2022 14:22:15 +0100 Subject: [PATCH 070/703] boot-timestamps: Discard firmware init time when running in a VM Fixes: #22060 (cherry picked from commit f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e) --- src/shared/boot-timestamps.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/shared/boot-timestamps.c b/src/shared/boot-timestamps.c index 8786e89c0ee..e00b37aa327 100644 --- a/src/shared/boot-timestamps.c +++ b/src/shared/boot-timestamps.c @@ -5,11 +5,13 @@ #include "efi-loader.h" #include "macro.h" #include "time-util.h" +#include "virt.h" int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_timestamp *loader) { usec_t x = 0, y = 0, a; int r; dual_timestamp _n; + bool use_firmware = true; assert(firmware); assert(loader); @@ -24,6 +26,10 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time r = efi_loader_get_boot_usec(&x, &y); if (r < 0) return r; + + /* If we are running in a VM, the init timestamp would + * be equivalent to the host uptime. */ + use_firmware = detect_vm() <= 0; } /* Let's convert this to timestamps where the firmware @@ -33,12 +39,14 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time * the monotonic timestamps here as negative of the actual * value. */ - firmware->monotonic = y; - loader->monotonic = y - x; - - a = n->monotonic + firmware->monotonic; - firmware->realtime = n->realtime > a ? n->realtime - a : 0; + if (use_firmware) { + firmware->monotonic = y; + a = n->monotonic + firmware->monotonic; + firmware->realtime = n->realtime > a ? n->realtime - a : 0; + } else + firmware->monotonic = firmware->realtime = 0; + loader->monotonic = y - x; a = n->monotonic + loader->monotonic; loader->realtime = n->realtime > a ? n->realtime - a : 0; From 1d5687278cdd556939375937ab2b4e5be349e5aa Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 4 Jan 2022 10:03:49 +0100 Subject: [PATCH 071/703] systemctl: Fix --show timestamp (cherry picked from commit 2dbb54788ee8d4c3d84e1af309335ad3c3885f1a) --- src/systemctl/systemctl-logind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c index 2d2043f1772..114641cdc7a 100644 --- a/src/systemctl/systemctl-logind.c +++ b/src/systemctl/systemctl-logind.c @@ -398,7 +398,7 @@ int logind_show_shutdown(void) { log_info("%s scheduled for %s, use 'shutdown -c' to cancel.", action, - FORMAT_TIMESTAMP_STYLE(arg_when, arg_timestamp_style)); + FORMAT_TIMESTAMP_STYLE(elapse, arg_timestamp_style)); return 0; #else From 47741ff9eae6311a03e4d3d837128191826a4a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Nov 2021 15:55:45 +0100 Subject: [PATCH 072/703] shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit (cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11) --- src/shared/rm-rf.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c index fd54b2ccaf9..6dbdc648eae 100644 --- a/src/shared/rm-rf.c +++ b/src/shared/rm-rf.c @@ -124,7 +124,7 @@ static int rm_rf_children_inner( const struct stat *root_dev) { struct stat st; - int r; + int r, q = 0; assert(fd >= 0); assert(fname); @@ -142,7 +142,6 @@ static int rm_rf_children_inner( if (is_dir) { _cleanup_close_ int subdir_fd = -1; - int q; /* if root_dev is set, remove subdirectories only if device is same */ if (root_dev && st.st_dev != root_dev->st_dev) @@ -178,23 +177,15 @@ static int rm_rf_children_inner( * again for each directory */ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); - r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); - if (r < 0) - return r; - if (q < 0) - return q; - - return 1; - - } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { - r = unlinkat_harder(fd, fname, 0, flags); - if (r < 0) - return r; - - return 1; - } + } else if (flags & REMOVE_ONLY_DIRECTORIES) + return 0; - return 0; + r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags); + if (r < 0) + return r; + if (q < 0) + return q; + return 1; } int rm_rf_children( From 664529efa9431edc043126013ea54e6c399ae2d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Nov 2021 16:56:42 +0100 Subject: [PATCH 073/703] shared/rm_rf: refactor rm_rf() to shorten code a bit (cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69) --- src/shared/rm-rf.c | 53 ++++++++++++++++++++-------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c index 6dbdc648eae..48fdf083484 100644 --- a/src/shared/rm-rf.c +++ b/src/shared/rm-rf.c @@ -249,7 +249,7 @@ int rm_rf_children( } int rm_rf(const char *path, RemoveFlags flags) { - int fd, r; + int fd, r, q = 0; assert(path); @@ -281,49 +281,42 @@ int rm_rf(const char *path, RemoveFlags flags) { } fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); - if (fd < 0) { + if (fd >= 0) { + /* We have a dir */ + r = rm_rf_children(fd, flags, NULL); + + if (FLAGS_SET(flags, REMOVE_ROOT)) + q = RET_NERRNO(rmdir(path)); + } else { if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) return 0; if (!IN_SET(errno, ENOTDIR, ELOOP)) return -errno; - if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) + if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) return 0; - if (FLAGS_SET(flags, REMOVE_ROOT)) { - - if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { - struct statfs s; - - if (statfs(path, &s) < 0) - return -errno; - if (is_physical_fs(&s)) - return log_error_errno(SYNTHETIC_ERRNO(EPERM), - "Attempted to remove files from a disk file system under \"%s\", refusing.", - path); - } - - if (unlink(path) < 0) { - if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) - return 0; + if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { + struct statfs s; + if (statfs(path, &s) < 0) return -errno; - } + if (is_physical_fs(&s)) + return log_error_errno(SYNTHETIC_ERRNO(EPERM), + "Attempted to remove files from a disk file system under \"%s\", refusing.", + path); } - return 0; + r = 0; + q = RET_NERRNO(unlink(path)); } - r = rm_rf_children(fd, flags, NULL); - - if (FLAGS_SET(flags, REMOVE_ROOT) && - rmdir(path) < 0 && - r >= 0 && - (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) - r = -errno; - - return r; + if (r < 0) + return r; + if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) + return q; + return 0; } int rm_rf_child(int fd, const char *name, RemoveFlags flags) { From 911516e1614e435755814ada5fc6064fa107a105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 30 Nov 2021 22:29:05 +0100 Subject: [PATCH 074/703] shared/rm-rf: loop over nested directories instead of instead of recursing To remove directory structures, we need to remove the innermost items first, and then recursively remove higher-level directories. We would recursively descend into directories and invoke rm_rf_children and rm_rm_children_inner. This is problematic when too many directories are nested. Instead, let's create a "TODO" queue. In the the queue, for each level we hold the DIR* object we were working on, and the name of the directory. This allows us to leave a partially-processed directory, and restart the removal loop one level down. When done with the inner directory, we use the name to unlinkat() it from the parent, and proceed with the removal of other items. Because the nesting is increased by one level, it is best to view this patch with -b/--ignore-space-change. This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. The issue was reported and patches reviewed by Qualys Team. Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. (cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1) --- src/shared/rm-rf.c | 159 +++++++++++++++++++++++++++++++-------------- 1 file changed, 112 insertions(+), 47 deletions(-) diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c index 48fdf083484..6cc4265737b 100644 --- a/src/shared/rm-rf.c +++ b/src/shared/rm-rf.c @@ -52,7 +52,6 @@ static int patch_dirfd_mode( } int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) { - mode_t old_mode; int r; @@ -116,12 +115,13 @@ int fstatat_harder(int dfd, return 0; } -static int rm_rf_children_inner( +static int rm_rf_inner_child( int fd, const char *fname, int is_dir, RemoveFlags flags, - const struct stat *root_dev) { + const struct stat *root_dev, + bool allow_recursion) { struct stat st; int r, q = 0; @@ -141,9 +141,7 @@ static int rm_rf_children_inner( } if (is_dir) { - _cleanup_close_ int subdir_fd = -1; - - /* if root_dev is set, remove subdirectories only if device is same */ + /* If root_dev is set, remove subdirectories only if device is same */ if (root_dev && st.st_dev != root_dev->st_dev) return 0; @@ -155,7 +153,6 @@ static int rm_rf_children_inner( return 0; if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { - /* This could be a subvolume, try to remove it */ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); @@ -169,13 +166,16 @@ static int rm_rf_children_inner( return 1; } - subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); + if (!allow_recursion) + return -EISDIR; + + int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); if (subdir_fd < 0) return -errno; /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type * again for each directory */ - q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); + q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); } else if (flags & REMOVE_ONLY_DIRECTORIES) return 0; @@ -188,62 +188,127 @@ static int rm_rf_children_inner( return 1; } +typedef struct TodoEntry { + DIR *dir; /* A directory that we were operating on. */ + char *dirname; /* The filename of that directory itself. */ +} TodoEntry; + +static void free_todo_entries(TodoEntry **todos) { + for (TodoEntry *x = *todos; x && x->dir; x++) { + closedir(x->dir); + free(x->dirname); + } + + freep(todos); +} + int rm_rf_children( int fd, RemoveFlags flags, const struct stat *root_dev) { - _cleanup_closedir_ DIR *d = NULL; + _cleanup_(free_todo_entries) TodoEntry *todos = NULL; + size_t n_todo = 0; + _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ int ret = 0, r; - assert(fd >= 0); + /* Return the first error we run into, but nevertheless try to go on. + * The passed fd is closed in all cases, including on failure. */ + + for (;;) { /* This loop corresponds to the directory nesting level. */ + _cleanup_closedir_ DIR *d = NULL; + + if (n_todo > 0) { + /* We know that we are in recursion here, because n_todo is set. + * We need to remove the inner directory we were operating on. */ + assert(dirname); + r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags); + if (r < 0 && r != -ENOENT && ret == 0) + ret = r; + dirname = mfree(dirname); + + /* And now let's back out one level up */ + n_todo --; + d = TAKE_PTR(todos[n_todo].dir); + dirname = TAKE_PTR(todos[n_todo].dirname); + + assert(d); + fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ + assert(fd >= 0); + } else { + next_fd: + assert(fd >= 0); + d = fdopendir(fd); + if (!d) { + safe_close(fd); + return -errno; + } + fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have + * the right descriptor even if it were to internally invalidate the + * one we passed. */ + + if (!(flags & REMOVE_PHYSICAL)) { + struct statfs sfs; + + if (fstatfs(fd, &sfs) < 0) + return -errno; + + if (is_physical_fs(&sfs)) { + /* We refuse to clean physical file systems with this call, unless + * explicitly requested. This is extra paranoia just to be sure we + * never ever remove non-state data. */ + + _cleanup_free_ char *path = NULL; + + (void) fd_get_path(fd, &path); + return log_error_errno(SYNTHETIC_ERRNO(EPERM), + "Attempted to remove disk file system under \"%s\", and we can't allow that.", + strna(path)); + } + } + } - /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed - * fd, in all cases, including on failure. */ + FOREACH_DIRENT_ALL(de, d, return -errno) { + int is_dir; - d = fdopendir(fd); - if (!d) { - safe_close(fd); - return -errno; - } + if (dot_or_dot_dot(de->d_name)) + continue; - if (!(flags & REMOVE_PHYSICAL)) { - struct statfs sfs; + is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; - if (fstatfs(dirfd(d), &sfs) < 0) - return -errno; + r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); + if (r == -EISDIR) { + /* Push the current working state onto the todo list */ - if (is_physical_fs(&sfs)) { - /* We refuse to clean physical file systems with this call, unless explicitly - * requested. This is extra paranoia just to be sure we never ever remove non-state - * data. */ + if (!GREEDY_REALLOC0(todos, n_todo + 2)) + return log_oom(); - _cleanup_free_ char *path = NULL; + _cleanup_free_ char *newdirname = strdup(de->d_name); + if (!newdirname) + return log_oom(); - (void) fd_get_path(fd, &path); - return log_error_errno(SYNTHETIC_ERRNO(EPERM), - "Attempted to remove disk file system under \"%s\", and we can't allow that.", - strna(path)); - } - } + int newfd = openat(fd, de->d_name, + O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); + if (newfd >= 0) { + todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; + fd = newfd; + dirname = TAKE_PTR(newdirname); - FOREACH_DIRENT_ALL(de, d, return -errno) { - int is_dir; + goto next_fd; - if (dot_or_dot_dot(de->d_name)) - continue; + } else if (errno != -ENOENT && ret == 0) + ret = -errno; - is_dir = - de->d_type == DT_UNKNOWN ? -1 : - de->d_type == DT_DIR; + } else if (r < 0 && r != -ENOENT && ret == 0) + ret = r; + } - r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); - if (r < 0 && r != -ENOENT && ret == 0) - ret = r; - } + if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) + ret = -errno; - if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) - ret = -errno; + if (n_todo == 0) + break; + } return ret; } @@ -335,5 +400,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) { if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) return -EINVAL; - return rm_rf_children_inner(fd, name, -1, flags, NULL); + return rm_rf_inner_child(fd, name, -1, flags, NULL, true); } From f9370f91881a5bc5bf9c8b0ed8d56deb87437079 Mon Sep 17 00:00:00 2001 From: Julia Kartseva Date: Fri, 7 Jan 2022 15:02:57 -0800 Subject: [PATCH 075/703] bpf: check if lsm link ptr is libbpf error BPF_RAW_TRACEPOINT_OPEN is expected to work only on x86 and x86_64, since BPF trampoline is implemented only on these architectures. Attach probing by bpf_program__attach_lsm already happens in `bpf_lsm_supported`. The resulting pointer can store libbpf error and that is the case for unsupported architectures. Add libbpf error check to `bpf_lsm_supported` so execution does not reach the point where unit startup fails. (cherry picked from commit f409aa5c6363144c9711226319614f3b248d9828) --- src/core/bpf-lsm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index e0333963c53..4ca082a0050 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -45,10 +45,11 @@ static bool bpf_can_link_lsm_program(struct bpf_program *prog) { assert(prog); link = sym_bpf_program__attach_lsm(prog); - if (!link) - return -ENOMEM; - return 1; + /* If bpf_program__attach_lsm fails the resulting value stores libbpf error code instead of memory + * pointer. That is the case when the helper is called on architectures where BPF trampoline (hence + * BPF_LSM_MAC attach type) is not supported. */ + return sym_libbpf_get_error(link) == 0; } static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) { From 617c67a039b25139e5516aa48931c7024c6f8dc5 Mon Sep 17 00:00:00 2001 From: Julia Kartseva Date: Sun, 9 Jan 2022 21:35:35 -0800 Subject: [PATCH 076/703] bpf: fix bpf_can_link_lsm_program condition Since bpf_can_link_lsm_program return value is boolean, the expression `r < 0` is always false. (cherry picked from commit ccfc534deed2f3873c967851497af10d8a1ee01c) --- src/core/bpf-lsm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 4ca082a0050..83f3199349c 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -167,9 +167,9 @@ int lsm_bpf_supported(void) { if (r < 0) return supported = 0; - r = bpf_can_link_lsm_program(obj->progs.restrict_filesystems); - if (r < 0) { - log_warning_errno(r, "Failed to link BPF program. Assuming BPF is not available: %m"); + if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) { + log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "Failed to link BPF program. Assuming BPF is not available"); return supported = 0; } From e9a0404b7656c012565bfde2ba7fdc4baeff7b7d Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 10 Jan 2022 11:16:26 +0100 Subject: [PATCH 077/703] boot: Fix readdir_harder() on VirtualBox Fixes: #22073 (cherry picked from commit ed3abbfbde674bd163cb1c64d9e31dd24e352f85) --- src/boot/efi/boot.c | 4 ++-- src/boot/efi/util.c | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index e4d18312568..889516787b3 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1572,7 +1572,7 @@ static void config_load_entries( _cleanup_freepool_ CHAR8 *content = NULL; err = readdir_harder(entries_dir, &f, &f_size); - if (f_size == 0 || EFI_ERROR(err)) + if (EFI_ERROR(err) || !f) break; if (f->FileName[0] == '.') @@ -2007,7 +2007,7 @@ static void config_entry_add_linux( CHAR8 *key, *value; err = readdir_harder(linux_dir, &f, &f_size); - if (f_size == 0 || EFI_ERROR(err)) + if (EFI_ERROR(err) || !f) break; if (f->FileName[0] == '.') diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 76e4eef1eb5..71639721b77 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -596,7 +596,12 @@ EFI_STATUS readdir_harder( * the specified buffer needs to be freed by caller, after final use. */ if (!*buffer) { - sz = offsetof(EFI_FILE_INFO, FileName) /* + 256 */; + /* Some broken firmware violates the EFI spec by still advancing the readdir + * position when returning EFI_BUFFER_TOO_SMALL, effectively skipping over any files when + * the buffer was too small. Therefore, start with a buffer that should handle FAT32 max + * file name length. + * As a side effect, most readdir_harder() calls will now be slightly faster. */ + sz = sizeof(EFI_FILE_INFO) + 256 * sizeof(CHAR16); *buffer = xallocate_pool(sz); *buffer_size = sz; } else From 9a109a9a11a827b575994ff298de57747a41bed9 Mon Sep 17 00:00:00 2001 From: lincoln auster Date: Tue, 11 Jan 2022 03:47:31 -0700 Subject: [PATCH 078/703] sd-bus/man: document EBUSY error in bus_message_read (#21954) * sd-bus/man: document EBUSY error in bus_message_read The EBUSY error can be returned from sd_bus_exit_container(), and, if that happens, it will be propogated upwards towards bus_message_read. In terms of documentation, this means that bus_message_read's man page can't just include the error text for sd_bus_message_read_basic, as reading basic types exclusively doesn't have the potential for this error. sd_bus_message_read_basic's error documentation isn't incorrect when applied to sd_bus_message_read, it's just incomplete. While EBUSY is documented in sd_bus_message_open_container.xml, it's explanation is unique to the sd_bus_message_exit_container function and makes for poor documentation of the general read API. (cherry picked from commit a1a03fa54bfb45315eefaa49ceb38a21aceafde8) --- man/sd_bus_message_read.xml | 18 +++++++++++++++++- man/sd_bus_message_read_basic.xml | 6 +++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/man/sd_bus_message_read.xml b/man/sd_bus_message_read.xml index 0b921258dc5..aa325f39c29 100644 --- a/man/sd_bus_message_read.xml +++ b/man/sd_bus_message_read.xml @@ -172,7 +172,23 @@ On success, these functions return a non-negative integer. On failure, they return a negative errno-style error code. - + + Errors + + Returned errors may indicate the following problems: + + + + + + + -EBUSY + + When reading from a container, this error will be returned if unread elements + are left in the container. + + + diff --git a/man/sd_bus_message_read_basic.xml b/man/sd_bus_message_read_basic.xml index bd5a149a263..55951430e6e 100644 --- a/man/sd_bus_message_read_basic.xml +++ b/man/sd_bus_message_read_basic.xml @@ -199,21 +199,21 @@ Returned errors may indicate the following problems: - + -EINVAL Specified type string is invalid or the message parameter is NULL. - + -ENXIO The message does not contain the specified type at current position. - + -EBADMSG The message cannot be parsed. From 527c9002b532043755b2718822ef56bb5de7ccaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Jan 2022 10:49:37 +0100 Subject: [PATCH 079/703] bootctl: split out the check whether sd-boot is installed (cherry picked from commit d9f048b5d113b85b65093f582a8153f79110c49e) --- src/boot/bootctl.c | 65 +++++++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 27 deletions(-) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index e1e56cf923e..e21a183baf1 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -1382,6 +1382,39 @@ static void print_yes_no_line(bool first, bool good, const char *name) { name); } +static int are_we_installed(void) { + int r; + + r = acquire_esp(/* privileged_mode= */ false, /* graceful= */ false, NULL, NULL, NULL, NULL); + if (r < 0) + return r; + + /* Tests whether systemd-boot is installed. It's not obvious what to use as check here: we could + * check EFI variables, we could check what binary /EFI/BOOT/BOOT*.EFI points to, or whether the + * loader entries directory exists. Here we opted to check whether /EFI/systemd/ is non-empty, which + * should be a suitable and very minimal check for a number of reasons: + * + * → The check is architecture independent (i.e. we check if any systemd-boot loader is installed, + * not a specific one.) + * + * → It doesn't assume we are the only boot loader (i.e doesn't check if we own the main + * /EFI/BOOT/BOOT*.EFI fallback binary. + * + * → It specifically checks for systemd-boot, not for other boot loaders (which a check for + * /boot/loader/entries would do). */ + + _cleanup_free_ char *p = path_join(arg_esp_path, "/EFI/systemd/"); + if (!p) + return log_oom(); + + log_debug("Checking whether %s contains any files…", p); + r = dir_is_empty(p); + if (r < 0 && r != -ENOENT) + return log_error_errno(r, "Failed to check whether %s contains any files: %m", p); + + return r == 0; +} + static int verb_status(int argc, char *argv[], void *userdata) { sd_id128_t esp_uuid = SD_ID128_NULL, xbootldr_uuid = SD_ID128_NULL; int r, k; @@ -1880,41 +1913,19 @@ static int verb_remove(int argc, char *argv[], void *userdata) { } static int verb_is_installed(int argc, char *argv[], void *userdata) { - _cleanup_free_ char *p = NULL; int r; - r = acquire_esp(/* privileged_mode= */ false, /* graceful= */ false, NULL, NULL, NULL, NULL); + r = are_we_installed(); if (r < 0) return r; - /* Tests whether systemd-boot is installed. It's not obvious what to use as check here: we could - * check EFI variables, we could check what binary /EFI/BOOT/BOOT*.EFI points to, or whether the - * loader entries directory exists. Here we opted to check whether /EFI/systemd/ is non-empty, which - * should be a suitable and very minimal check for a number of reasons: - * - * → The check is architecture independent (i.e. we check if any systemd-boot loader is installed, not a - * specific one.) - * - * → It doesn't assume we are the only boot loader (i.e doesn't check if we own the main - * /EFI/BOOT/BOOT*.EFI fallback binary. - * - * → It specifically checks for systemd-boot, not for other boot loaders (which a check for - * /boot/loader/entries would do). */ - - p = path_join(arg_esp_path, "/EFI/systemd/"); - if (!p) - return log_oom(); - - r = dir_is_empty(p); - if (r > 0 || r == -ENOENT) { + if (r > 0) { + puts("yes"); + return EXIT_SUCCESS; + } else { puts("no"); return EXIT_FAILURE; } - if (r < 0) - return log_error_errno(r, "Failed to detect whether systemd-boot is installed: %m"); - - puts("yes"); - return EXIT_SUCCESS; } static int parse_timeout(const char *arg1, char16_t **ret_timeout, size_t *ret_timeout_size) { From 96826c48ad0ed620f7a47195fc98c520318be442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Jan 2022 10:56:50 +0100 Subject: [PATCH 080/703] bootctl: do not update sd-boot if it wasn't installed in the first place Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2038289. (cherry picked from commit 49927ad81313b77eab09749520d20a8f4ba7cc96) --- src/boot/bootctl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index e21a183baf1..1bcb4d16899 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -1791,6 +1791,17 @@ static int verb_install(int argc, char *argv[], void *userdata) { if (r < 0) return r; + if (!install) { + /* If we are updating, don't do anything if sd-boot wasn't actually installed. */ + r = are_we_installed(); + if (r < 0) + return r; + if (r == 0) { + log_debug("Skipping update because sd-boot is not installed in the ESP."); + return 0; + } + } + r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL); if (r < 0) return r; From 2176cec5ec95b8134fda9699160a5916818587d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Jan 2022 13:23:27 +0100 Subject: [PATCH 081/703] nss: drop dummy setup_logging() helpers log_parse_environment() stopped being a macro in 9fdee66f2d9. As reported by @bauen1 in https://github.com/systemd/systemd/issues/22020, the comment was out of date. (cherry picked from commit 56a5f4969b96529c82ec8cc08db4fa8e9c61e7b9) --- src/nss-mymachines/nss-mymachines.c | 7 +------ src/nss-systemd/nss-systemd.c | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c index 44715bb3e5d..781fd48d72e 100644 --- a/src/nss-mymachines/nss-mymachines.c +++ b/src/nss-mymachines/nss-mymachines.c @@ -22,14 +22,9 @@ #include "signal-util.h" #include "string-util.h" -static void setup_logging(void) { - /* We need a dummy function because log_parse_environment is a macro. */ - log_parse_environment(); -} - static void setup_logging_once(void) { static pthread_once_t once = PTHREAD_ONCE_INIT; - assert_se(pthread_once(&once, setup_logging) == 0); + assert_se(pthread_once(&once, log_parse_environment) == 0); } #define NSS_ENTRYPOINT_BEGIN \ diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 36486b96e39..c6c00c40e64 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -116,14 +116,9 @@ static GetentData getsgent_data = { .mutex = PTHREAD_MUTEX_INITIALIZER, }; -static void setup_logging(void) { - /* We need a dummy function because log_parse_environment is a macro. */ - log_parse_environment(); -} - static void setup_logging_once(void) { static pthread_once_t once = PTHREAD_ONCE_INIT; - assert_se(pthread_once(&once, setup_logging) == 0); + assert_se(pthread_once(&once, log_parse_environment) == 0); } #define NSS_ENTRYPOINT_BEGIN \ From 27d141acdf8b2e4e27f2776ca9ae1b0bfdb1ed2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Jan 2022 13:36:39 +0100 Subject: [PATCH 082/703] nss: only read logging config from environment variables log_parse_environment() uses should_parse_proc_cmdline() to determine whether it should parse settings from the kernel command line. But the checks that should_parse_proc_cmdline() apply to the whole process, and we could get a positive answer also when log_parse_environment() was called from one of the nss modules. In case of nss-modules, we don't want to look at the kernel command line. log_parse_environment_variables() that only looks at the environment variables is split out and used in the nss modules. Fixes #22020. (cherry picked from commit a7d15a24659770b0fa9f4cd26fc7bbb17765cbb7) --- src/basic/log.c | 16 ++++++++++------ src/basic/log.h | 1 + src/nss-mymachines/nss-mymachines.c | 2 +- src/nss-resolve/nss-resolve.c | 2 +- src/nss-systemd/nss-systemd.c | 2 +- 5 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/basic/log.c b/src/basic/log.c index 7bc2f280073..12071e2ebd3 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -1189,14 +1189,9 @@ static bool should_parse_proc_cmdline(void) { return getpid_cached() == p; } -void log_parse_environment(void) { +void log_parse_environment_variables(void) { const char *e; - /* Do not call from library code. */ - - if (should_parse_proc_cmdline()) - (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); - e = getenv("SYSTEMD_LOG_TARGET"); if (e && log_set_target_from_string(e) < 0) log_warning("Failed to parse log target '%s'. Ignoring.", e); @@ -1222,6 +1217,15 @@ void log_parse_environment(void) { log_warning("Failed to parse log tid '%s'. Ignoring.", e); } +void log_parse_environment(void) { + /* Do not call from library code. */ + + if (should_parse_proc_cmdline()) + (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); + + log_parse_environment_variables(); +} + LogTarget log_get_target(void) { return log_target; } diff --git a/src/basic/log.h b/src/basic/log.h index 7218b4bf718..1e2bec16468 100644 --- a/src/basic/log.h +++ b/src/basic/log.h @@ -82,6 +82,7 @@ int log_open(void); void log_close(void); void log_forget_fds(void); +void log_parse_environment_variables(void); void log_parse_environment(void); int log_dispatch_internal( diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c index 781fd48d72e..c64e79bdff8 100644 --- a/src/nss-mymachines/nss-mymachines.c +++ b/src/nss-mymachines/nss-mymachines.c @@ -24,7 +24,7 @@ static void setup_logging_once(void) { static pthread_once_t once = PTHREAD_ONCE_INIT; - assert_se(pthread_once(&once, log_parse_environment) == 0); + assert_se(pthread_once(&once, log_parse_environment_variables) == 0); } #define NSS_ENTRYPOINT_BEGIN \ diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c index 6b0c762d032..e857d42db68 100644 --- a/src/nss-resolve/nss-resolve.c +++ b/src/nss-resolve/nss-resolve.c @@ -22,7 +22,7 @@ static JsonDispatchFlags json_dispatch_flags = 0; static void setup_logging(void) { - log_parse_environment(); + log_parse_environment_variables(); if (DEBUG_LOGGING) json_dispatch_flags = JSON_LOG; diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index c6c00c40e64..e87f1d31b34 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -118,7 +118,7 @@ static GetentData getsgent_data = { static void setup_logging_once(void) { static pthread_once_t once = PTHREAD_ONCE_INIT; - assert_se(pthread_once(&once, log_parse_environment) == 0); + assert_se(pthread_once(&once, log_parse_environment_variables) == 0); } #define NSS_ENTRYPOINT_BEGIN \ From 32f33c9474ab89061d799a92a1273b106468e8c6 Mon Sep 17 00:00:00 2001 From: yangmingtai <961612727@qq.com> Date: Tue, 11 Jan 2022 20:22:11 +0800 Subject: [PATCH 083/703] fix test-string-util failed when locale is not utf8 (cherry picked from commit 647082cf7f07a87c65601626e86c3ed9f78fb387) --- src/test/test-string-util.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c index 57cd03e4e2f..071b3913618 100644 --- a/src/test/test-string-util.c +++ b/src/test/test-string-util.c @@ -166,33 +166,33 @@ TEST(cellescape) { assert_se(streq(cellescape(buf, 1, "\020"), "")); assert_se(streq(cellescape(buf, 2, "\020"), ".")); assert_se(streq(cellescape(buf, 3, "\020"), "..")); - assert_se(streq(cellescape(buf, 4, "\020"), "…")); + assert_se(streq(cellescape(buf, 4, "\020"), is_locale_utf8() ? "…" : "...")); assert_se(streq(cellescape(buf, 5, "\020"), "\\020")); - assert_se(streq(cellescape(buf, 5, "1234\020"), "1…")); - assert_se(streq(cellescape(buf, 6, "1234\020"), "12…")); - assert_se(streq(cellescape(buf, 7, "1234\020"), "123…")); - assert_se(streq(cellescape(buf, 8, "1234\020"), "1234…")); + assert_se(streq(cellescape(buf, 5, "1234\020"), is_locale_utf8() ? "1…" : "1...")); + assert_se(streq(cellescape(buf, 6, "1234\020"), is_locale_utf8() ? "12…" : "12...")); + assert_se(streq(cellescape(buf, 7, "1234\020"), is_locale_utf8() ? "123…" : "123...")); + assert_se(streq(cellescape(buf, 8, "1234\020"), is_locale_utf8() ? "1234…" : "1234...")); assert_se(streq(cellescape(buf, 9, "1234\020"), "1234\\020")); assert_se(streq(cellescape(buf, 1, "\t\n"), "")); assert_se(streq(cellescape(buf, 2, "\t\n"), ".")); assert_se(streq(cellescape(buf, 3, "\t\n"), "..")); - assert_se(streq(cellescape(buf, 4, "\t\n"), "…")); + assert_se(streq(cellescape(buf, 4, "\t\n"), is_locale_utf8() ? "…" : "...")); assert_se(streq(cellescape(buf, 5, "\t\n"), "\\t\\n")); - assert_se(streq(cellescape(buf, 5, "1234\t\n"), "1…")); - assert_se(streq(cellescape(buf, 6, "1234\t\n"), "12…")); - assert_se(streq(cellescape(buf, 7, "1234\t\n"), "123…")); - assert_se(streq(cellescape(buf, 8, "1234\t\n"), "1234…")); + assert_se(streq(cellescape(buf, 5, "1234\t\n"), is_locale_utf8() ? "1…" : "1...")); + assert_se(streq(cellescape(buf, 6, "1234\t\n"), is_locale_utf8() ? "12…" : "12...")); + assert_se(streq(cellescape(buf, 7, "1234\t\n"), is_locale_utf8() ? "123…" : "123...")); + assert_se(streq(cellescape(buf, 8, "1234\t\n"), is_locale_utf8() ? "1234…" : "1234...")); assert_se(streq(cellescape(buf, 9, "1234\t\n"), "1234\\t\\n")); - assert_se(streq(cellescape(buf, 4, "x\t\020\n"), "…")); - assert_se(streq(cellescape(buf, 5, "x\t\020\n"), "x…")); - assert_se(streq(cellescape(buf, 6, "x\t\020\n"), "x…")); - assert_se(streq(cellescape(buf, 7, "x\t\020\n"), "x\\t…")); - assert_se(streq(cellescape(buf, 8, "x\t\020\n"), "x\\t…")); - assert_se(streq(cellescape(buf, 9, "x\t\020\n"), "x\\t…")); + assert_se(streq(cellescape(buf, 4, "x\t\020\n"), is_locale_utf8() ? "…" : "...")); + assert_se(streq(cellescape(buf, 5, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); + assert_se(streq(cellescape(buf, 6, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); + assert_se(streq(cellescape(buf, 7, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); + assert_se(streq(cellescape(buf, 8, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); + assert_se(streq(cellescape(buf, 9, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); assert_se(streq(cellescape(buf, 10, "x\t\020\n"), "x\\t\\020\\n")); assert_se(streq(cellescape(buf, 6, "1\011"), "1\\t")); From 2b075f74cb23ba838a29c4b5b898437c8294ddf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jan 2022 10:33:10 +0100 Subject: [PATCH 084/703] NEWS: adjust links to moved pages All those pages contain a redirect at the top of the page, so it doesn't make much sense to tell people to take the detour. Linking directly will also increase the search rankings of the new pages. (cherry picked from commit a794a4d87219367e8b24469fcafce83a9f224080) --- NEWS | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 0a32e99be54..f010959be74 100644 --- a/NEWS +++ b/NEWS @@ -10698,7 +10698,7 @@ CHANGES WITH 211: also supports LUKS-encrypted partitions now. With this in place, automatic discovery of partitions to mount following the Discoverable Partitions Specification - (https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec) + (https://systemd.io/DISCOVERABLE_PARTITIONS/) is now a lot more complete. This allows booting without /etc/fstab and without root= on the kernel command line on systems prepared appropriately. @@ -12203,7 +12203,7 @@ CHANGES WITH 198: only in conjunction with Gummiboot, but could be supported by other boot loaders too. For details see: - https://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface + https://systemd.io/BOOT_LOADER_INTERFACE * A new generator has been added that automatically mounts the EFI System Partition (ESP) to /boot, if that directory @@ -12279,7 +12279,7 @@ CHANGES WITH 198: * A new tool kernel-install has been added that can install kernel images according to the Boot Loader Specification: - https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec + https://systemd.io/BOOT_LOADER_SPECIFICATION * Boot time console output has been improved to provide animated boot time output for hanging jobs. @@ -12369,7 +12369,7 @@ CHANGES WITH 197: of these policies is now the default. Please see this wiki document for details: - https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames + https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html * Auke Kok's bootchart implementation has been added to the systemd tree. It is an optional component that can graph the @@ -13368,7 +13368,7 @@ CHANGES WITH 183: * A framework for implementing offline system updates is now integrated, for details see: - https://www.freedesktop.org/wiki/Software/systemd/SystemUpdates + https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html * A new service type Type=idle is available now which helps us avoiding ugly interleaving of getty output and boot status @@ -13736,7 +13736,7 @@ CHANGES WITH 38: * Processes with '@' in argv[0][0] are now excluded from the final shut-down killing spree, following the logic explained in: - https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons + https://systemd.io/ROOT_STORAGE_DAEMONS/ * All processes remaining in a service cgroup when we enter the START or START_PRE states are now killed with From 26271c128ae2b519ecf25ad6cc07e9cf4051c92b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jan 2022 10:33:57 +0100 Subject: [PATCH 085/703] README: link to the new page Lennart's blog is now mostly of historical interest, and the wiki landing page has been replaced by systemd.io. (cherry picked from commit 2777a4a3bfe153cb675d3d66b383a26043c187b8) --- README | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README b/README index 6d5b91bbb26..f47a884542c 100644 --- a/README +++ b/README @@ -1,10 +1,7 @@ systemd System and Service Manager -DETAILS: - http://0pointer.de/blog/projects/systemd.html - WEB SITE: - https://www.freedesktop.org/wiki/Software/systemd + https://systemd.io GIT: git@github.com:systemd/systemd.git @@ -19,6 +16,11 @@ IRC: BUG REPORTS: https://github.com/systemd/systemd/issues +OLDER DOCUMENTATION: + + http://0pointer.de/blog/projects/systemd.html + https://www.freedesktop.org/wiki/Software/systemd + AUTHOR: Lennart Poettering Kay Sievers From e7ed0ba895e53109c1d6f225d7d53605cad8bd8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jan 2022 10:39:00 +0100 Subject: [PATCH 086/703] docs: use https:// for fd.o links (cherry picked from commit 931bc1957b13817fcb0ffe69958dd562202c8e4c) --- TODO | 2 +- docs/CONTAINER_INTERFACE.md | 2 +- docs/DISCOVERABLE_PARTITIONS.md | 6 +++--- docs/JOURNAL_FILE_FORMAT.md | 14 +++++++------- docs/PREDICTABLE_INTERFACE_NAMES.md | 2 +- docs/_config.yml | 2 +- man/org.freedesktop.login1.xml | 4 ++-- man/org.freedesktop.systemd1.xml | 2 +- man/sd_bus_set_description.xml | 2 +- man/systemd-logind.service.xml | 4 ++-- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/TODO b/TODO index 47ae975b3ed..8c5074902a1 100644 --- a/TODO +++ b/TODO @@ -816,7 +816,7 @@ Features: Note that we start initrd-fs.target and initrd-cleanup.target there, so a straightforward ConditionPathExists= is not enough. -* docs: bring http://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date +* docs: bring https://www.freedesktop.org/wiki/Software/systemd/MyServiceCantGetRealtime up to date * add a job mode that will fail if a transaction would mean stopping running units. Use this in timedated to manage the NTP service diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md index 7caa9eeea95..1332ed3e470 100644 --- a/docs/CONTAINER_INTERFACE.md +++ b/docs/CONTAINER_INTERFACE.md @@ -8,7 +8,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later # The Container Interface Also consult [Writing Virtual Machine or Container -Managers](http://www.freedesktop.org/wiki/Software/systemd/writing-vm-managers). +Managers](https://www.freedesktop.org/wiki/Software/systemd/writing-vm-managers). systemd has a number of interfaces for interacting with container managers, when systemd is used inside of an OS container. If you work on a container diff --git a/docs/DISCOVERABLE_PARTITIONS.md b/docs/DISCOVERABLE_PARTITIONS.md index ca4c6ca8108..b375106afd7 100644 --- a/docs/DISCOVERABLE_PARTITIONS.md +++ b/docs/DISCOVERABLE_PARTITIONS.md @@ -31,8 +31,8 @@ for specific uses. This has many benefits: descriptive information about partitions tables. Note that the OS side of this specification is currently implemented in -[systemd](http://systemd.io/) 211 and newer in the -[systemd-gpt-auto-generator(8)](http://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html) +[systemd](https://systemd.io/) 211 and newer in the +[systemd-gpt-auto-generator(8)](https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html) generator tool. Note that automatic discovery of the root only works if the boot loader communicates this information to the OS, by implementing the [Boot Loader @@ -164,7 +164,7 @@ Other GPT type IDs might be used on Linux, for example to mark software RAID or LVM partitions. The definitions of those GPT types is outside of the scope of this specification. -[systemd-id128(1)](http://www.freedesktop.org/software/systemd/man/systemd-id128.html)'s +[systemd-id128(1)](https://www.freedesktop.org/software/systemd/man/systemd-id128.html)'s `show` command may be used to list those GPT partition type UUIDs. ## Partition Names diff --git a/docs/JOURNAL_FILE_FORMAT.md b/docs/JOURNAL_FILE_FORMAT.md index 2bfc7a10ca0..c2a9780f410 100644 --- a/docs/JOURNAL_FILE_FORMAT.md +++ b/docs/JOURNAL_FILE_FORMAT.md @@ -9,9 +9,9 @@ SPDX-License-Identifier: LGPL-2.1-or-later _Note that this document describes the binary on-disk format of journals only. For interfacing with web technologies there's the [Journal JSON -Format](http://www.freedesktop.org/wiki/Software/systemd/json). For transfer +Format](https://www.freedesktop.org/wiki/Software/systemd/json). For transfer of journal data across the network there's the [Journal Export -Format](http://www.freedesktop.org/wiki/Software/systemd/export)._ +Format](https://www.freedesktop.org/wiki/Software/systemd/export)._ The systemd journal stores log data in a binary format with several features: @@ -32,30 +32,30 @@ keep this document up-to-date and accurate. Instead of implementing your own reader or writer for journal files we ask you to use the [Journal's native C -API](http://www.freedesktop.org/software/systemd/man/sd-journal.html) to access +API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) to access these files. It provides you with full access to the files, and will not withhold any data. If you find a limitation, please ping us and we might add some additional interfaces for you. If you need access to the raw journal data in serialized stream form without C API our recommendation is to make use of the [Journal Export -Format](http://www.freedesktop.org/wiki/Software/systemd/export), which you can +Format](https://www.freedesktop.org/wiki/Software/systemd/export), which you can get via "journalctl -o export" or via systemd-journal-gatewayd. The export format is much simpler to parse, but complete and accurate. Due to its stream-based nature it is not indexed. _Or, to put this in other words: this low-level document is probably not what you want to use as base of your project. You want our [C -API](http://www.freedesktop.org/software/systemd/man/sd-journal.html) instead! +API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) instead! And if you really don't want the C API, then you want the [Journal Export -Format](http://www.freedesktop.org/wiki/Software/systemd/export) instead! This +Format](https://www.freedesktop.org/wiki/Software/systemd/export) instead! This document is primarily for your entertainment and education. Thank you!_ This document assumes you have a basic understanding of the journal concepts, the properties of a journal entry and so on. If not, please go and read up, then come back! This is a good opportunity to read about the [basic properties of journal -entries](http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html), +entries](https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html), in particular realize that they may include binary non-text data (though usually don't), and the same field might have multiple values assigned within the same entry. diff --git a/docs/PREDICTABLE_INTERFACE_NAMES.md b/docs/PREDICTABLE_INTERFACE_NAMES.md index ae16d7211de..ffc681bda45 100644 --- a/docs/PREDICTABLE_INTERFACE_NAMES.md +++ b/docs/PREDICTABLE_INTERFACE_NAMES.md @@ -62,7 +62,7 @@ Does this have any drawbacks? Yes, it does. Previously it was practically guaran You basically have three options: 1. You disable the assignment of fixed names, so that the unpredictable kernel names are used again. For this, simply mask udev's .link file for the default policy: `ln -s /dev/null /etc/systemd/network/99-default.link` -1. You create your own manual naming scheme, for example by naming your interfaces `internet0`, `dmz0` or `lan0`. For that create your own `.link` files in `/etc/systemd/network/`, that choose an explicit name or a better naming scheme for one, some, or all of your interfaces. See [systemd.link(5)](http://www.freedesktop.org/software/systemd/man/systemd.link.html) for more information. +1. You create your own manual naming scheme, for example by naming your interfaces `internet0`, `dmz0` or `lan0`. For that create your own `.link` files in `/etc/systemd/network/`, that choose an explicit name or a better naming scheme for one, some, or all of your interfaces. See [systemd.link(5)](https://www.freedesktop.org/software/systemd/man/systemd.link.html) for more information. 1. You pass the `net.ifnames=0` on the kernel command line ## How does the new naming scheme look like, precisely? diff --git a/docs/_config.yml b/docs/_config.yml index d5430312616..412db1f413f 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: LGPL-2.1-or-later title: systemd baseurl: "" # the subpath of your site, e.g. /blog/ -url: "http://systemd.io" # the base hostname & protocol for your site +url: "https://systemd.io" # the base hostname & protocol for your site permalink: /:title/ diff --git a/man/org.freedesktop.login1.xml b/man/org.freedesktop.login1.xml index a301879ff7a..d25287b18b1 100644 --- a/man/org.freedesktop.login1.xml +++ b/man/org.freedesktop.login1.xml @@ -621,7 +621,7 @@ node /org/freedesktop/login1 { whether the inhibit shall be consider mandatory or whether it should just delay the operation to a certain maximum time. The method returns a file descriptor. The lock is released the moment this file descriptor and all its duplicates are closed. For more information on the inhibition logic see - Inhibitor Locks. + Inhibitor Locks. @@ -644,7 +644,7 @@ node /org/freedesktop/login1 { that should be done shortly before shutdown/sleep, in conjunction with delay inhibitor locks. After completion of this work they should release their inhibition locks in order to not delay the operation any further. For more information see - Inhibitor Locks. + Inhibitor Locks. diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 31485935a4b..b433f2066cd 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1427,7 +1427,7 @@ node /org/freedesktop/systemd1 { properties contains properties of the unit, specified like in SetUnitProperties(). aux is currently unused and should be passed as an empty array. See the - New Control Group + New Control Group Interface for more information how to make use of this functionality for resource control purposes. diff --git a/man/sd_bus_set_description.xml b/man/sd_bus_set_description.xml index ce6b8d387d8..0c38c16128f 100644 --- a/man/sd_bus_set_description.xml +++ b/man/sd_bus_set_description.xml @@ -141,7 +141,7 @@ specification, informing the receiving side that the caller is prepared to wait for interactive authorization, which might take a considerable time to complete. If this flag is set, the user may be queried for passwords or confirmation via - polkit or a similar + polkit or a similar framework. sd_bus_get_allow_interactive_authorization() returns true if diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml index 746c9163b47..0bffbbb3817 100644 --- a/man/systemd-logind.service.xml +++ b/man/systemd-logind.service.xml @@ -43,7 +43,7 @@ used. Providing polkit-based + url="https://www.freedesktop.org/wiki/Software/polkit">polkit-based access for users for operations such as system shutdown or sleep @@ -92,7 +92,7 @@ Writing Display Managers. If you are interested in writing a desktop environment that makes use of logind, please have look at - Writing + Writing Desktop Environments. From 944d8d9050b96e690054224e796254dfc18e6681 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jan 2022 10:42:22 +0100 Subject: [PATCH 087/703] policy files: adjust landing page link (cherry picked from commit d6e2c1ab7158d52425d3cb72459c5624db12368c) --- src/core/org.freedesktop.systemd1.policy.in | 2 +- src/home/org.freedesktop.home1.policy | 2 +- src/hostname/org.freedesktop.hostname1.policy | 2 +- src/import/org.freedesktop.import1.policy | 2 +- src/locale/org.freedesktop.locale1.policy | 2 +- src/login/org.freedesktop.login1.policy | 2 +- src/machine/org.freedesktop.machine1.policy | 2 +- src/network/org.freedesktop.network1.policy | 2 +- src/portable/org.freedesktop.portable1.policy | 2 +- src/resolve/org.freedesktop.resolve1.policy | 2 +- src/timedate/org.freedesktop.timedate1.policy | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/core/org.freedesktop.systemd1.policy.in b/src/core/org.freedesktop.systemd1.policy.in index 74721c516fc..f34b2d5bf0c 100644 --- a/src/core/org.freedesktop.systemd1.policy.in +++ b/src/core/org.freedesktop.systemd1.policy.in @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Send passphrase back to system diff --git a/src/home/org.freedesktop.home1.policy b/src/home/org.freedesktop.home1.policy index 10ad7c283a9..71253e04e90 100644 --- a/src/home/org.freedesktop.home1.policy +++ b/src/home/org.freedesktop.home1.policy @@ -7,7 +7,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Create a home area diff --git a/src/hostname/org.freedesktop.hostname1.policy b/src/hostname/org.freedesktop.hostname1.policy index 7d28c395cff..dacea0ff0ac 100644 --- a/src/hostname/org.freedesktop.hostname1.policy +++ b/src/hostname/org.freedesktop.hostname1.policy @@ -14,7 +14,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Set hostname diff --git a/src/import/org.freedesktop.import1.policy b/src/import/org.freedesktop.import1.policy index 9736816e332..e88a6e8ae6a 100644 --- a/src/import/org.freedesktop.import1.policy +++ b/src/import/org.freedesktop.import1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Import a VM or container image diff --git a/src/locale/org.freedesktop.locale1.policy b/src/locale/org.freedesktop.locale1.policy index f12ca0970a4..ed98c4aa095 100644 --- a/src/locale/org.freedesktop.locale1.policy +++ b/src/locale/org.freedesktop.locale1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Set system locale diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy index 80ebb39f302..df906b0e737 100644 --- a/src/login/org.freedesktop.login1.policy +++ b/src/login/org.freedesktop.login1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Allow applications to inhibit system shutdown diff --git a/src/machine/org.freedesktop.machine1.policy b/src/machine/org.freedesktop.machine1.policy index ddf5ec05c6d..5e43cb6e244 100644 --- a/src/machine/org.freedesktop.machine1.policy +++ b/src/machine/org.freedesktop.machine1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Log into a local container diff --git a/src/network/org.freedesktop.network1.policy b/src/network/org.freedesktop.network1.policy index 9e27f728bc4..c39f20655dc 100644 --- a/src/network/org.freedesktop.network1.policy +++ b/src/network/org.freedesktop.network1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Set NTP servers diff --git a/src/portable/org.freedesktop.portable1.policy b/src/portable/org.freedesktop.portable1.policy index 17e22b01552..09f9028dc50 100644 --- a/src/portable/org.freedesktop.portable1.policy +++ b/src/portable/org.freedesktop.portable1.policy @@ -7,7 +7,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Inspect a portable service image diff --git a/src/resolve/org.freedesktop.resolve1.policy b/src/resolve/org.freedesktop.resolve1.policy index 08615ec6a40..2408bb9e387 100644 --- a/src/resolve/org.freedesktop.resolve1.policy +++ b/src/resolve/org.freedesktop.resolve1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Register a DNS-SD service diff --git a/src/timedate/org.freedesktop.timedate1.policy b/src/timedate/org.freedesktop.timedate1.policy index c4e71b07530..4a770c08e6d 100644 --- a/src/timedate/org.freedesktop.timedate1.policy +++ b/src/timedate/org.freedesktop.timedate1.policy @@ -16,7 +16,7 @@ The systemd Project - http://www.freedesktop.org/wiki/Software/systemd + https://systemd.io Set system time From 704d859eeb20fea27cec10c7c6cdb47c59413138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 12 Jan 2022 11:32:53 +0100 Subject: [PATCH 088/703] man+docs: adjust links to the new page (cherry picked from commit 717e92ceb96471251f8242ad4f4c45cc2c68ecc9) --- docs/JOURNAL_FILE_FORMAT.md | 16 +++++++--------- docs/PORTABILITY_AND_STABILITY.md | 2 +- man/journalctl.xml | 4 ++-- man/systemd-coredump.xml | 2 +- man/systemd-journal-gatewayd.service.xml | 22 ++++++++-------------- man/systemd-journal-remote.service.xml | 2 +- man/systemd.journal-fields.xml | 9 ++++----- 7 files changed, 24 insertions(+), 33 deletions(-) diff --git a/docs/JOURNAL_FILE_FORMAT.md b/docs/JOURNAL_FILE_FORMAT.md index c2a9780f410..f9c9fcb314c 100644 --- a/docs/JOURNAL_FILE_FORMAT.md +++ b/docs/JOURNAL_FILE_FORMAT.md @@ -7,11 +7,9 @@ SPDX-License-Identifier: LGPL-2.1-or-later # Journal File Format -_Note that this document describes the binary on-disk format of journals -only. For interfacing with web technologies there's the [Journal JSON -Format](https://www.freedesktop.org/wiki/Software/systemd/json). For transfer -of journal data across the network there's the [Journal Export -Format](https://www.freedesktop.org/wiki/Software/systemd/export)._ +_Note that this document describes the binary on-disk format of journals only. +For interfacing with web technologies there's the [Journal JSON Format](https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-json-format). +For transfer of journal data across the network there's the [Journal Export Format](https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format)._ The systemd journal stores log data in a binary format with several features: @@ -39,8 +37,8 @@ some additional interfaces for you. If you need access to the raw journal data in serialized stream form without C API our recommendation is to make use of the [Journal Export -Format](https://www.freedesktop.org/wiki/Software/systemd/export), which you can -get via "journalctl -o export" or via systemd-journal-gatewayd. The export +Format](https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format), which you can +get via `journalctl -o export` or via `systemd-journal-gatewayd`. The export format is much simpler to parse, but complete and accurate. Due to its stream-based nature it is not indexed. @@ -48,8 +46,8 @@ _Or, to put this in other words: this low-level document is probably not what you want to use as base of your project. You want our [C API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) instead! And if you really don't want the C API, then you want the [Journal Export -Format](https://www.freedesktop.org/wiki/Software/systemd/export) instead! This -document is primarily for your entertainment and education. Thank you!_ +Format or Journal JSON Format](https://systemd.io/JOURNAL_EXPORT_FORMATS) instead! +This document is primarily for your entertainment and education. Thank you!_ This document assumes you have a basic understanding of the journal concepts, the properties of a journal entry and so on. If not, please go and read up, diff --git a/docs/PORTABILITY_AND_STABILITY.md b/docs/PORTABILITY_AND_STABILITY.md index 674fe89b945..0b92fda27b6 100644 --- a/docs/PORTABILITY_AND_STABILITY.md +++ b/docs/PORTABILITY_AND_STABILITY.md @@ -100,7 +100,7 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy | [Network](https://www.freedesktop.org/software/systemd/man/systemd.network.html) & [Netdev file format](https://www.freedesktop.org/software/systemd/man/systemd.netdev.html) | File format | yes | yes | no | no | - | no | | [Link file format](https://www.freedesktop.org/software/systemd/man/systemd.link.html) | File format | yes | yes | no | no | - | no | | [Journal File Format](https://systemd.io/JOURNAL_FILE_FORMAT) | File format | yes | yes | - | maybe | - | no | -| [Journal Export Format](https://www.freedesktop.org/wiki/Software/systemd/export) | File format | yes | yes | - | yes | - | no | +| [Journal Export Format](https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format) | File format | yes | yes | - | yes | - | no | | [Cooperation in cgroup tree](https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups) | Treaty | yes | yes | libvirt | yes | libvirt | no | | [Password Agents](https://systemd.io/PASSWORD_AGENTS) | Socket+Files | yes | yes | - | yes | - | no | | [udev multi-seat properties](https://www.freedesktop.org/software/systemd/man/sd-login.html) | udev Property | yes | yes | X11, gdm | no | - | no | diff --git a/man/journalctl.xml b/man/journalctl.xml index 4be2ed3476e..9e784f3d3c5 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -301,7 +301,7 @@ serializes the journal into a binary (but mostly text-based) stream suitable for backups and network transfer (see - Journal Export Format + Journal Export Format for more information). To import the binary stream back into native journald format use systemd-journal-remote8. @@ -314,7 +314,7 @@ formats entries as JSON objects, separated by newline characters (see Journal JSON Format for more + url="https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-json-format">Journal JSON Format for more information). Field values are generally encoded as JSON strings, with three exceptions: Fields larger than 4096 bytes are encoded as null values. (This diff --git a/man/systemd-coredump.xml b/man/systemd-coredump.xml index bb84cf5f939..cb9f47745ba 100644 --- a/man/systemd-coredump.xml +++ b/man/systemd-coredump.xml @@ -79,7 +79,7 @@ It is also possible to invoke systemd-coredump with option. In this case, systemd-coredump expects a journal entry in the journal - Journal Export Format + Journal Export Format on standard input. The entry should contain a MESSAGE= field and any additional metadata fields the caller deems reasonable. systemd-coredump will append additional metadata fields in the same way it does for core dumps received from the kernel. In this mode, no core diff --git a/man/systemd-journal-gatewayd.service.xml b/man/systemd-journal-gatewayd.service.xml index 5f4a0dbeff1..609d05037f3 100644 --- a/man/systemd-journal-gatewayd.service.xml +++ b/man/systemd-journal-gatewayd.service.xml @@ -212,9 +212,8 @@ Entries are formatted as JSON data structures, one per line (like journalctl --output json). - See Journal - JSON Format for more information. + See Journal JSON Format + for more information. @@ -233,13 +232,10 @@ application/vnd.fdo.journal - Entries are serialized into a binary (but - mostly text-based) stream suitable for backups and network - transfer - (like journalctl --output export). - See Journal - Export Format for more information. + Entries are serialized into a binary (but mostly text-based) stream suitable for + backups and network transfer (like journalctl --output export). See Journal Export Format + for more information. @@ -303,10 +299,8 @@ Examples - Retrieve events from this boot from local journal - in Journal - Export Format: + Retrieve events from this boot from local journal in + Journal Export Format: curl --silent -H'Accept: application/vnd.fdo.journal' \ 'http://localhost:19531/entries?boot' diff --git a/man/systemd-journal-remote.service.xml b/man/systemd-journal-remote.service.xml index bea0936d666..e66e0f1e9c3 100644 --- a/man/systemd-journal-remote.service.xml +++ b/man/systemd-journal-remote.service.xml @@ -42,7 +42,7 @@ systemd-journal-remote is a command to receive serialized journal events and store them to journal files. Input streams are in the - Journal Export Format, + Journal Export Format, i.e. like the output from journalctl --output=export. For transport over the network, this serialized stream is usually carried over an HTTPS connection. diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index 554b517235b..241d60f673c 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -515,11 +515,10 @@ Address Fields During serialization into external formats, such as the - Journal - Export Format or the Journal - JSON Format, the addresses of journal entries are + Journal Export Format + or the + Journal JSON Format, + the addresses of journal entries are serialized into fields prefixed with double underscores. Note that these are not proper fields when stored in the journal but for addressing metadata of entries. They cannot be written as part of From 19fbd7764da2e23a89e27b4d95afd77b99f4be87 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Mon, 10 Jan 2022 12:35:46 +0100 Subject: [PATCH 089/703] xdg-autostart-service: Ignore missing desktop-sepcific condition binary If a desktop specific ExecCondition= binary does not exist, this just means that the desktop environment is not available. As such, it is not an error condition that should prevent the service from being installed in the .wants target. Fix this by simply returning zero. (cherry picked from commit 6d0aef1dd15088e7379681b3bd93c3cb450f3c55) --- src/xdg-autostart-generator/xdg-autostart-service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xdg-autostart-generator/xdg-autostart-service.c b/src/xdg-autostart-generator/xdg-autostart-service.c index 241a5b3cfd6..c60a9d81ac0 100644 --- a/src/xdg-autostart-generator/xdg-autostart-service.c +++ b/src/xdg-autostart-generator/xdg-autostart-service.c @@ -485,7 +485,7 @@ static int xdg_autostart_generate_desktop_condition( log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, "%s not found: %m", test_binary); fprintf(f, "# ExecCondition using %s skipped due to missing binary.\n", test_binary); - return r; + return 0; } e_autostart_condition = cescape(condition); From 556f46aa3b17f4ed6768521137405297c8a99d35 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 12 Jan 2022 14:44:50 +0000 Subject: [PATCH 090/703] journal: Skip data objects with invalid offsets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We already skip invalid objects, but don't yet skip invalid offsets. Let's skip these as well to improve robustness when we're dealing with corrupted journals. Before: ``` ➜ systemd git:(main) build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ Failed to get journal fields: Cannot assign requested address -- No entries -- ``` After: ``` ➜ systemd git:(main) ✗ build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ Dec 09 08:32:38 snowball3 NetworkManager[911]: [1639038758.1464] device (wlp1s0): supplicant interface state: scanning -> authenticating Dec 09 08:32:38 snowball3 kernel: wlp1s0: send auth to ec:a9:40:79:fb:ad (try 1/3) Dec 09 08:32:38 snowball3 kernel: wlp1s0: authenticate with ec:a9:40:79:fb:ad Dec 09 08:32:38 snowball3 wpa_supplicant[1003]: wlp1s0: SME: Trying to authenticate with ec:a9:40:79:fb:ad (SSID='UPC949397B' freq=5500 MHz) ``` (cherry picked from commit df207ccb7be02b1ca6bdd0a2066a898e5b24ee86) --- src/libsystemd/sd-journal/sd-journal.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c index f51ecbfc53d..4a46b7f4fba 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -2303,8 +2303,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** p = le64toh(o->entry.items[i].object_offset); le_hash = o->entry.items[i].hash; r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); - if (r == -EBADMSG) { - log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); + if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { + log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", i); continue; } if (r < 0) @@ -2448,8 +2448,8 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t p = le64toh(o->entry.items[j->current_field].object_offset); le_hash = o->entry.items[j->current_field].hash; r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); - if (r == -EBADMSG) { - log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); + if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { + log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", j->current_field); continue; } if (r < 0) From d72db2d7ca83ac06259f674ce5690ca9d9ea8f9c Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 13 Jan 2022 13:26:25 +0000 Subject: [PATCH 091/703] journal: Don't discard -b arg when followed by -e Allowing -e to be used to view the last logs of a previous boot seems like a useful feature so let's not discard -b options anymore when followed by -e. Fixes #22107 (cherry picked from commit 4d6455c0754e31ddc9590c7b9c9a373d82ec0ed4) --- src/journal/journalctl.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index d564d542d48..3c4a7c0a7a5 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -552,8 +552,6 @@ static int parse_argv(int argc, char *argv[]) { arg_lines = 1000; arg_boot = true; - arg_boot_id = SD_ID128_NULL; - arg_boot_offset = 0; break; From bc56b640f63719fbd6c76a072496f87c69040320 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 13 Jan 2022 20:13:03 +0900 Subject: [PATCH 092/703] sd-dhcp6-client: ignore broken non-critical options The commit b89a3758e92894162e3c2dcb594a55acff3274d5 made the validity check of the received message stricter. E.g. if the client received a message with broken NTP server option, then the entire message is dropped. This relaxes the check. If some non-critical options are broken, then ignore the options, but the message itself is still accepted. Fixes #22099. (cherry picked from commit 0ac9daa4a169f627f5b3f85a4cdcdbd2c2b2e2ca) --- src/libsystemd-network/sd-dhcp6-client.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index d3c667974dc..8150227d7e1 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -1261,35 +1261,35 @@ static int client_parse_message( case SD_DHCP6_OPTION_DNS_SERVERS: r = dhcp6_lease_add_dns(lease, optval, optlen); if (r < 0) - return r; + log_dhcp6_client_errno(client, r, "Failed to parse DNS server option, ignoring: %m"); break; case SD_DHCP6_OPTION_DOMAIN_LIST: r = dhcp6_lease_add_domains(lease, optval, optlen); if (r < 0) - return r; + log_dhcp6_client_errno(client, r, "Failed to parse domain list option, ignoring: %m"); break; case SD_DHCP6_OPTION_NTP_SERVER: r = dhcp6_lease_add_ntp(lease, optval, optlen); if (r < 0) - return r; + log_dhcp6_client_errno(client, r, "Failed to parse NTP server option, ignoring: %m"); break; case SD_DHCP6_OPTION_SNTP_SERVERS: r = dhcp6_lease_add_sntp(lease, optval, optlen); if (r < 0) - return r; + log_dhcp6_client_errno(client, r, "Failed to parse SNTP server option, ignoring: %m"); break; case SD_DHCP6_OPTION_CLIENT_FQDN: r = dhcp6_lease_set_fqdn(lease, optval, optlen); if (r < 0) - return r; + log_dhcp6_client_errno(client, r, "Failed to parse FQDN option, ignoring: %m"); break; From ab7379956801ab69ba98cee6f63b39a87e52d075 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 13 Jan 2022 20:19:01 +0900 Subject: [PATCH 093/703] sd-dhcp6-client: expose client_parse_message() To introduce tests for the function in later commits. (cherry picked from commit 16de849fd866c9b75b269ed902c7d591df983174) --- src/libsystemd-network/dhcp6-internal.h | 7 +++++++ src/libsystemd-network/sd-dhcp6-client.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h index 31482d77175..f9434098566 100644 --- a/src/libsystemd-network/dhcp6-internal.h +++ b/src/libsystemd-network/dhcp6-internal.h @@ -11,6 +11,7 @@ #include "sd-event.h" #include "sd-dhcp6-client.h" +#include "dhcp6-protocol.h" #include "hashmap.h" #include "list.h" #include "macro.h" @@ -130,6 +131,12 @@ int dhcp6_network_bind_udp_socket(int ifindex, struct in6_addr *address); int dhcp6_network_send_udp_socket(int s, struct in6_addr *address, const void *packet, size_t len); +int client_parse_message( + sd_dhcp6_client *client, + DHCP6Message *message, + size_t len, + sd_dhcp6_lease *lease); + const char *dhcp6_message_type_to_string(int s) _const_; int dhcp6_message_type_from_string(const char *s) _pure_; const char *dhcp6_message_status_to_string(int s) _const_; diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 8150227d7e1..706904c7202 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -1124,7 +1124,7 @@ static int client_ensure_iaid(sd_dhcp6_client *client) { return 0; } -static int client_parse_message( +int client_parse_message( sd_dhcp6_client *client, DHCP6Message *message, size_t len, From 2a7279f226c2737c690e9363e4fe1e63c3f57d17 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 13 Jan 2022 18:55:51 +0900 Subject: [PATCH 094/703] test: voidify test functions This also drops unnecessary arguments, and unbreak several lines. (cherry picked from commit 37408dd2644e5c337774ccb02f2fc9c31aabeefe) --- src/libsystemd-network/test-dhcp6-client.c | 101 ++++++--------------- 1 file changed, 30 insertions(+), 71 deletions(-) diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index 055b0c9dee1..26025a2fa4f 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -37,7 +37,7 @@ static int test_client_message_num; static be32_t test_iaid = 0; static uint8_t test_duid[14] = { }; -static int test_client_basic(sd_event *e) { +static void test_client_basic(sd_event *e) { sd_dhcp6_client *client; int v; @@ -108,11 +108,9 @@ static int test_client_basic(sd_event *e) { assert_se(sd_dhcp6_client_detach_event(client) >= 0); assert_se(!sd_dhcp6_client_unref(client)); - - return 0; } -static int test_parse_domain(sd_event *e) { +static void test_parse_domain(void) { uint8_t *data; char *domain; char **list; @@ -154,11 +152,9 @@ static int test_parse_domain(sd_event *e) { data = (uint8_t []) { 0 , 0 }; r = dhcp6_option_parse_domainname_list(data, 2, &list); assert_se(r < 0); - - return 0; } -static int test_option(sd_event *e) { +static void test_option(void) { uint8_t packet[] = { 'F', 'O', 'O', 'H', 'O', 'G', 'E', 0x00, SD_DHCP6_OPTION_ORO, 0x00, 0x07, @@ -232,11 +228,9 @@ static int test_option(sd_event *e) { assert_se(*out == 'B'); assert_se(memcmp(packet, result, sizeof(packet)) == 0); - - return 0; } -static int test_option_status(sd_event *e) { +static void test_option_status(void) { uint8_t option1[] = { /* IA NA */ 0x00, 0x03, 0x00, 0x12, 0x1a, 0x1d, 0x1a, 0x1d, @@ -370,8 +364,6 @@ static int test_option_status(sd_event *e) { assert_se(r >= 0); assert_se(pd.addresses); dhcp6_lease_free_ia(&pd); - - return 0; } static uint8_t msg_advertise[198] = { @@ -434,7 +426,7 @@ static uint8_t fqdn_wire[16] = { 0x05, 'i', 'n', 't', 'r', 'a', 0x00 }; -static int test_advertise_option(sd_event *e) { +static void test_advertise_option(sd_event *e) { _cleanup_(sd_dhcp6_lease_unrefp) sd_dhcp6_lease *lease = NULL; DHCP6Message *advertise = (DHCP6Message *)msg_advertise; size_t len = sizeof(msg_advertise) - sizeof(DHCP6Message), pos = 0; @@ -455,8 +447,7 @@ static int test_advertise_option(sd_event *e) { assert_se(dhcp6_lease_new(&lease) >= 0); assert_se(advertise->type == DHCP6_MESSAGE_ADVERTISE); - assert_se((be32toh(advertise->transaction_id) & 0x00ffffff) == - 0x0fb4e5); + assert_se((be32toh(advertise->transaction_id) & 0x00ffffff) == 0x0fb4e5); while (pos < len) { DHCP6Option *option = (DHCP6Option *)&advertise->options[pos]; @@ -495,16 +486,14 @@ static int test_advertise_option(sd_event *e) { assert_se(optval == &msg_advertise[179]); assert_se(!memcmp(optval, &msg_advertise[179], optlen)); - assert_se(dhcp6_lease_set_serverid(lease, optval, - optlen) >= 0); + assert_se(dhcp6_lease_set_serverid(lease, optval, optlen) >= 0); break; case SD_DHCP6_OPTION_PREFERENCE: assert_se(optlen == 1); assert_se(!*optval); - assert_se(dhcp6_lease_set_preference(lease, - *optval) >= 0); + assert_se(dhcp6_lease_set_preference(lease, *optval) >= 0); break; case SD_DHCP6_OPTION_ELAPSED_TIME: @@ -538,26 +527,20 @@ static int test_advertise_option(sd_event *e) { assert_se(opt_clientid); sd_dhcp6_lease_reset_address_iter(lease); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) >= 0); + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) >= 0); assert_se(!memcmp(&addr, &msg_advertise[42], sizeof(addr))); assert_se(lt_pref == 150); assert_se(lt_valid == 180); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) == -ENOMSG); + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) == -ENOMSG); sd_dhcp6_lease_reset_address_iter(lease); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) >= 0); + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) >= 0); assert_se(!memcmp(&addr, &msg_advertise[42], sizeof(addr))); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) == -ENOMSG); + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) == -ENOMSG); sd_dhcp6_lease_reset_address_iter(lease); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) >= 0); + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) >= 0); assert_se(!memcmp(&addr, &msg_advertise[42], sizeof(addr))); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) == -ENOMSG); + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) == -ENOMSG); assert_se(dhcp6_lease_get_serverid(lease, &opt, &len) >= 0); assert_se(len == 14); @@ -578,8 +561,6 @@ static int test_advertise_option(sd_event *e) { r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs); assert_se(r == 1); assert_se(!memcmp(addrs, &msg_advertise[159], r * 16)); - - return 0; } static int test_check_completed_in_2_seconds(sd_event_source *s, uint64_t usec, void *userdata) { @@ -615,7 +596,7 @@ static void test_client_solicit_cb(sd_dhcp6_client *client, int event, sd_event_exit(e, 0); } -static int test_client_send_reply(DHCP6Message *request) { +static void test_client_send_reply(DHCP6Message *request) { DHCP6Message reply; log_debug("/* %s */", __func__); @@ -629,13 +610,10 @@ static int test_client_send_reply(DHCP6Message *request) { memcpy(&msg_reply[44], &test_iaid, sizeof(test_iaid)); - assert_se(write(test_dhcp_fd[1], msg_reply, sizeof(msg_reply)) - == sizeof(msg_reply)); - - return 0; + assert_se(write(test_dhcp_fd[1], msg_reply, sizeof(msg_reply)) == sizeof(msg_reply)); } -static int test_client_verify_request(DHCP6Message *request, size_t len) { +static void test_client_verify_request(DHCP6Message *request, size_t len) { _cleanup_(sd_dhcp6_lease_unrefp) sd_dhcp6_lease *lease = NULL; bool found_clientid = false, found_iana = false, found_serverid = false, found_elapsed_time = false, found_fqdn = false; @@ -714,16 +692,13 @@ static int test_client_verify_request(DHCP6Message *request, size_t len) { pos += sizeof(*option) + optlen; } - assert_se(found_clientid && found_iana && found_serverid && - found_elapsed_time); + assert_se(found_clientid && found_iana && found_serverid && found_elapsed_time); sd_dhcp6_lease_reset_address_iter(lease); assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) == -ENOMSG); - - return 0; } -static int test_client_send_advertise(DHCP6Message *solicit) { +static void test_client_send_advertise(DHCP6Message *solicit) { DHCP6Message advertise; log_debug("/* %s */", __func__); @@ -737,13 +712,10 @@ static int test_client_send_advertise(DHCP6Message *solicit) { memcpy(&msg_advertise[26], &test_iaid, sizeof(test_iaid)); - assert_se(write(test_dhcp_fd[1], msg_advertise, sizeof(msg_advertise)) - == sizeof(msg_advertise)); - - return 0; + assert_se(write(test_dhcp_fd[1], msg_advertise, sizeof(msg_advertise)) == sizeof(msg_advertise)); } -static int test_client_verify_solicit(DHCP6Message *solicit, size_t len) { +static void test_client_verify_solicit(DHCP6Message *solicit, size_t len) { bool found_clientid = false, found_iana = false, found_elapsed_time = false, found_fqdn = false; size_t pos = 0; @@ -805,12 +777,9 @@ static int test_client_verify_solicit(DHCP6Message *solicit, size_t len) { assert_se(pos == len); assert_se(found_clientid && found_iana && found_elapsed_time); - - return 0; } -static void test_client_information_cb(sd_dhcp6_client *client, int event, - void *userdata) { +static void test_client_information_cb(sd_dhcp6_client *client, int event, void *userdata) { sd_event *e = userdata; sd_dhcp6_lease *lease; const struct in6_addr *addrs; @@ -843,18 +812,14 @@ static void test_client_information_cb(sd_dhcp6_client *client, int event, assert_se(sd_dhcp6_client_stop(client) >= 0); assert_se(sd_dhcp6_client_set_information_request(client, false) >= 0); - assert_se(sd_dhcp6_client_set_callback(client, - test_client_solicit_cb, e) >= 0); + assert_se(sd_dhcp6_client_set_callback(client, test_client_solicit_cb, e) >= 0); assert_se(sd_dhcp6_client_set_local_address(client, &address) >= 0); assert_se(sd_dhcp6_client_start(client) >= 0); - } -static int test_client_verify_information_request(DHCP6Message *information_request, - size_t len) { - +static void test_client_verify_information_request(DHCP6Message *information_request, size_t len) { _cleanup_(sd_dhcp6_lease_unrefp) sd_dhcp6_lease *lease = NULL; size_t pos = 0; bool found_clientid = false, found_elapsed_time = false; @@ -905,16 +870,12 @@ static int test_client_verify_information_request(DHCP6Message *information_requ sd_dhcp6_lease_reset_address_iter(lease); - assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, - <_valid) == -ENOMSG); - - return 0; + assert_se(sd_dhcp6_lease_get_address(lease, &addr, <_pref, <_valid) == -ENOMSG); } int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address, const void *packet, size_t len) { - struct in6_addr mcast = - IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT; + struct in6_addr mcast = IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT; DHCP6Message *message; log_debug("/* %s */", __func__); @@ -955,7 +916,7 @@ int dhcp6_network_bind_udp_socket(int ifindex, struct in6_addr *local_address) { return test_dhcp_fd[0]; } -static int test_client_solicit(sd_event *e) { +static void test_client_solicit(sd_event *e) { sd_dhcp6_client *client; struct in6_addr address = { { { 0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01 } } }; int val; @@ -998,8 +959,6 @@ static int test_client_solicit(sd_event *e) { assert_se(!sd_dhcp6_client_unref(client)); test_dhcp_fd[1] = safe_close(test_dhcp_fd[1]); - - return 0; } int main(int argc, char *argv[]) { @@ -1010,11 +969,11 @@ int main(int argc, char *argv[]) { test_setup_logging(LOG_DEBUG); test_client_basic(e); - test_option(e); - test_option_status(e); + test_parse_domain(); + test_option(); + test_option_status(); test_advertise_option(e); test_client_solicit(e); - test_parse_domain(e); return 0; } From d44050a015f1febbef9835a8804c3362d300286b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 13 Jan 2022 20:19:46 +0900 Subject: [PATCH 095/703] test: add testcase for broken NTP server option For issue #22099. (cherry picked from commit 95c514e9a50925e3c85f3c3e510fd31caffd5c57) --- src/libsystemd-network/test-dhcp6-client.c | 51 ++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index 26025a2fa4f..bcd0134a8d5 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -366,6 +366,56 @@ static void test_option_status(void) { dhcp6_lease_free_ia(&pd); } +static void test_client_parse_message_issue_22099(void) { + static const uint8_t msg[] = { + /* xid */ + 0x07, 0x7c, 0x4c, 0x16, + /* status code (zero length) */ + 0x00, 0x0e, 0x00, 0x00, + /* NTP servers (broken sub option and sub option length) */ + 0x00, 0x38, 0x00, 0x14, 0x01, 0x00, 0x10, 0x00, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xde, 0x15, 0xc8, 0xff, 0xfe, 0xef, 0x1e, 0x4e, + /* client ID */ + 0x00, 0x01, 0x00, 0x0e, 0x00, 0x02, 0x00, 0x00, 0xab, 0x11, 0x5c, 0x6b, 0x90, 0xec, 0xda, 0x95, + 0x15, 0x45, + /* server ID */ + 0x00, 0x02, 0x00, 0x0a, 0x00, 0x03, 0x00, 0x01, 0xdc, 0x15, 0xc8, 0xef, 0x1e, 0x4e, + /* preference */ + 0x00, 0x07, 0x00, 0x01, 0x00, + /* DNS servers */ + 0x00, 0x17, 0x00, 0x10, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde, 0x15, 0xc8, 0xff, + 0xfe, 0xef, 0x1e, 0x4e, + /* v6 pcp server */ + 0x00, 0x56, 0x00, 0x10, 0x2a, 0x02, 0x81, 0x0d, 0x98, 0x80, 0x37, 0x00, 0xde, 0x15, 0xc8, 0xff, + 0xfe, 0xef, 0x1e, 0x4e, + /* IA_NA */ + 0x00, 0x03, 0x00, 0x28, 0xcc, 0x59, 0x11, 0x7b, 0x00, 0x00, 0x07, 0x08, 0x00, 0x00, 0x0b, 0x40, + /* IA_NA (iaaddr) */ + 0x00, 0x05, 0x00, 0x18, 0x2a, 0x02, 0x81, 0x0d, 0x98, 0x80, 0x37, 0x00, 0x6a, 0x05, 0xca, 0xff, + 0xfe, 0xf1, 0x51, 0x53, 0x00, 0x00, 0x0e, 0x10, 0x00, 0x00, 0x1c, 0x20, + /* IA_PD */ + 0x00, 0x19, 0x00, 0x29, 0xcc, 0x59, 0x11, 0x7b, 0x00, 0x00, 0x07, 0x08, 0x00, 0x00, 0x0b, 0x40, + /* IA_PD (iaprefix) */ + 0x00, 0x1a, 0x00, 0x19, 0x00, 0x00, 0x0e, 0x10, 0x00, 0x00, 0x1c, 0x20, 0x3a, 0x2a, 0x02, 0x81, + 0x0d, 0x98, 0x80, 0x37, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + static const uint8_t duid[] = { + 0x00, 0x00, 0xab, 0x11, 0x5c, 0x6b, 0x90, 0xec, 0xda, 0x95, 0x15, 0x45, + }; + _cleanup_(sd_dhcp6_client_unrefp) sd_dhcp6_client *client = NULL; + _cleanup_(sd_dhcp6_lease_unrefp) sd_dhcp6_lease *lease = NULL; + + log_debug("/* %s */", __func__); + + assert_se(sd_dhcp6_client_new(&client) >= 0); + assert_se(sd_dhcp6_client_set_iaid(client, 0xcc59117b) >= 0); + assert_se(sd_dhcp6_client_set_duid(client, 2, duid, sizeof(duid)) >= 0); + + assert_se(dhcp6_lease_new(&lease) >= 0); + + assert_se(client_parse_message(client, (DHCP6Message*) msg, sizeof(msg), lease) >= 0); +} + static uint8_t msg_advertise[198] = { 0x02, 0x0f, 0xb4, 0xe5, 0x00, 0x01, 0x00, 0x0e, 0x00, 0x01, 0x00, 0x01, 0x1a, 0x6b, 0xf3, 0x30, @@ -972,6 +1022,7 @@ int main(int argc, char *argv[]) { test_parse_domain(); test_option(); test_option_status(); + test_client_parse_message_issue_22099(); test_advertise_option(e); test_client_solicit(e); From 34e5084c14627fbb39225baca350ab0231a0dcaf Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Thu, 13 Jan 2022 12:32:07 +0100 Subject: [PATCH 096/703] boot: Fix invalid free LocateDevicePath() advances the device path pointer, making it invalid when freed. (cherry picked from commit 41b74a18b2879e37b1e084f7ab6bd276ce30c6c9) --- src/boot/efi/shim.c | 5 +++-- src/boot/efi/xbootldr.c | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c index 3ce6af42f94..fd9c489478d 100644 --- a/src/boot/efi/shim.c +++ b/src/boot/efi/shim.c @@ -118,13 +118,14 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT if (!dev_path) return EFI_OUT_OF_RESOURCES; - status = BS->LocateDevicePath(&FileSystemProtocol, &dev_path, &h); + EFI_DEVICE_PATH *dp = dev_path; + status = BS->LocateDevicePath(&FileSystemProtocol, &dp, &h); if (EFI_ERROR(status)) return status; /* No need to check return value, this already happened in efi_main() */ root = LibOpenRoot(h); - dev_path_str = DevicePathToStr(dev_path); + dev_path_str = DevicePathToStr(dp); if (!dev_path_str) return EFI_OUT_OF_RESOURCES; diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c index 81aa7f61eef..4972877d209 100644 --- a/src/boot/efi/xbootldr.c +++ b/src/boot/efi/xbootldr.c @@ -286,7 +286,8 @@ EFI_STATUS xbootldr_open(EFI_HANDLE *device, EFI_HANDLE *ret_device, EFI_FILE ** hd->SignatureType = SIGNATURE_TYPE_GUID; } - err = BS->LocateDevicePath(&BlockIoProtocol, &partition_path, &new_device); + EFI_DEVICE_PATH *dp = partition_path; + err = BS->LocateDevicePath(&BlockIoProtocol, &dp, &new_device); if (EFI_ERROR(err)) return err; From 7f3e962f085542805b5ae63075eda0881f54ffed Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Thu, 13 Jan 2022 14:29:46 +0100 Subject: [PATCH 097/703] boot: Don't try to free loaded_image EFI_LOADED_IMAGE is a protocol pointer and thus, we shouldn't try to free it. (cherry picked from commit acd28f39126289dd0cb76efc79def673c27c4d04) --- src/boot/efi/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 889516787b3..0286914b8be 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -2341,7 +2341,7 @@ static void config_load_all_entries( } EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - _cleanup_freepool_ EFI_LOADED_IMAGE *loaded_image = NULL; + EFI_LOADED_IMAGE *loaded_image; _cleanup_(FileHandleClosep) EFI_FILE *root_dir = NULL; _cleanup_(config_free) Config config = {}; CHAR16 *loaded_image_path; From 6a6182c3f42807921cc7c36d84010485b5d7eed1 Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Thu, 13 Jan 2022 18:47:08 +0100 Subject: [PATCH 098/703] man: Add more details about desktop file processing In particular, mention the contract the generator has with external ExecCondition= binaries that may be provided by desktop environments. But, also mention all the other relevant keys. In particular X-systemd-skip= is important to be documented. (cherry picked from commit 048d46999995847095e3b7a513ba0627e0179dec) --- man/systemd-xdg-autostart-generator.xml | 49 +++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/man/systemd-xdg-autostart-generator.xml b/man/systemd-xdg-autostart-generator.xml index 4d153c30403..bafe6e9c2d3 100644 --- a/man/systemd-xdg-autostart-generator.xml +++ b/man/systemd-xdg-autostart-generator.xml @@ -41,6 +41,55 @@ systemd.special7 for more details. + XDG autostart may be conditionalized using both standardized and non-standardized keys. + In order to handle these, the generator may create one or more ExecCondition= entries. + For non-standardized keys, well-known helper binaries provided by Desktop Environments are used. + All external helpers must detect their corresponding desktop environment and + must return success when run in a different environment. + This is important as all ExecCondition= directives must succeed for an application to be started. + + + + Special XDG desktop file entries that are processed + + + + + + + Entry + Handling + + + + + Hidden=, X-systemd-skip= + No service will be generated if set to true + + + OnlyShowIn=, NotShowIn= + ExecCondition= using systemd-xdg-autostart-condition + + + TryExec= + No service will be generated if the binary does not exist or cannot be executed + + + AutostartCondition= (GNOME extension) + ExecCondition= using gnome-systemd-autostart-condition + + + X-GNOME-Autostart-Phase= + No service will be generated if set to any value + + + X-KDE-autostart-condition= + ExecCondition= using kde-systemd-start-condition + + + +
+ systemd-xdg-autostart-generator implements systemd.generator7. From ef108015f34d31d290ed4286a16ce42dddd742e7 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 12 Jan 2022 17:31:57 +0000 Subject: [PATCH 099/703] journal: Remove unused arguments from journal_file_next_entry_for_data() (cherry picked from commit f2eceb5268f0d26d53db5f9dad318dd45fd900bd) --- src/journal/test-journal.c | 8 +++--- src/libsystemd/sd-journal/journal-file.c | 32 +----------------------- src/libsystemd/sd-journal/journal-file.h | 2 +- src/libsystemd/sd-journal/sd-journal.c | 6 ++--- 4 files changed, 9 insertions(+), 39 deletions(-) diff --git a/src/journal/test-journal.c b/src/journal/test-journal.c index 11647504e91..3afe66db894 100644 --- a/src/journal/test-journal.c +++ b/src/journal/test-journal.c @@ -76,17 +76,17 @@ static void test_non_empty(void) { assert_se(le64toh(o->entry.seqnum) == 1); assert_se(journal_file_find_data_object(f->file, test, strlen(test), NULL, &p) == 1); - assert_se(journal_file_next_entry_for_data(f->file, NULL, 0, p, DIRECTION_DOWN, &o, NULL) == 1); + assert_se(journal_file_next_entry_for_data(f->file, p, DIRECTION_DOWN, &o, NULL) == 1); assert_se(le64toh(o->entry.seqnum) == 1); - assert_se(journal_file_next_entry_for_data(f->file, NULL, 0, p, DIRECTION_UP, &o, NULL) == 1); + assert_se(journal_file_next_entry_for_data(f->file, p, DIRECTION_UP, &o, NULL) == 1); assert_se(le64toh(o->entry.seqnum) == 3); assert_se(journal_file_find_data_object(f->file, test2, strlen(test2), NULL, &p) == 1); - assert_se(journal_file_next_entry_for_data(f->file, NULL, 0, p, DIRECTION_UP, &o, NULL) == 1); + assert_se(journal_file_next_entry_for_data(f->file, p, DIRECTION_UP, &o, NULL) == 1); assert_se(le64toh(o->entry.seqnum) == 2); - assert_se(journal_file_next_entry_for_data(f->file, NULL, 0, p, DIRECTION_DOWN, &o, NULL) == 1); + assert_se(journal_file_next_entry_for_data(f->file, p, DIRECTION_DOWN, &o, NULL) == 1); assert_se(le64toh(o->entry.seqnum) == 2); assert_se(journal_file_find_data_object(f->file, "quux", 4, NULL, &p) == 0); diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index 505e4f728df..22b848d2f35 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -2810,7 +2810,6 @@ int journal_file_next_entry( int journal_file_next_entry_for_data( JournalFile *f, - Object *o, uint64_t p, uint64_t data_offset, direction_t direction, Object **ret, uint64_t *ret_offset) { @@ -2820,7 +2819,6 @@ int journal_file_next_entry_for_data( int r; assert(f); - assert(p > 0 || !o); r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d); if (r < 0) @@ -2830,29 +2828,7 @@ int journal_file_next_entry_for_data( if (n <= 0) return n; - if (!o) - i = direction == DIRECTION_DOWN ? 0 : n - 1; - else { - if (o->object.type != OBJECT_ENTRY) - return -EINVAL; - - r = generic_array_bisect_plus_one(f, - le64toh(d->data.entry_offset), - le64toh(d->data.entry_array_offset), - le64toh(d->data.n_entries), - p, - test_object_offset, - DIRECTION_DOWN, - NULL, NULL, - &i); - - if (r <= 0) - return r; - - r = bump_array_index(&i, direction, n); - if (r <= 0) - return r; - } + i = direction == DIRECTION_DOWN ? 0 : n - 1; for (;;) { r = generic_array_get_plus_one(f, @@ -2872,12 +2848,6 @@ int journal_file_next_entry_for_data( return r; } - /* Ensure our array is properly ordered. */ - if (p > 0 && check_properly_ordered(ofs, p, direction)) - return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), - "%s data entry array not properly ordered at entry %" PRIu64, - f->path, i); - if (ret_offset) *ret_offset = ofs; diff --git a/src/libsystemd/sd-journal/journal-file.h b/src/libsystemd/sd-journal/journal-file.h index b90e3a608ac..39e91d71c45 100644 --- a/src/libsystemd/sd-journal/journal-file.h +++ b/src/libsystemd/sd-journal/journal-file.h @@ -214,7 +214,7 @@ void journal_file_save_location(JournalFile *f, Object *o, uint64_t offset); int journal_file_compare_locations(JournalFile *af, JournalFile *bf); int journal_file_next_entry(JournalFile *f, uint64_t p, direction_t direction, Object **ret, uint64_t *offset); -int journal_file_next_entry_for_data(JournalFile *f, Object *o, uint64_t p, uint64_t data_offset, direction_t direction, Object **ret, uint64_t *offset); +int journal_file_next_entry_for_data(JournalFile *f, uint64_t data_offset, direction_t direction, Object **ret, uint64_t *offset); int journal_file_move_to_entry_by_seqnum(JournalFile *f, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset); int journal_file_move_to_entry_by_realtime(JournalFile *f, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset); diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c index 4a46b7f4fba..7a6cc4aca35 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -611,9 +611,9 @@ static int find_location_for_match( /* FIXME: missing: find by monotonic */ if (j->current_location.type == LOCATION_HEAD) - return journal_file_next_entry_for_data(f, NULL, 0, dp, DIRECTION_DOWN, ret, offset); + return journal_file_next_entry_for_data(f, dp, DIRECTION_DOWN, ret, offset); if (j->current_location.type == LOCATION_TAIL) - return journal_file_next_entry_for_data(f, NULL, 0, dp, DIRECTION_UP, ret, offset); + return journal_file_next_entry_for_data(f, dp, DIRECTION_UP, ret, offset); if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id)) return journal_file_move_to_entry_by_seqnum_for_data(f, dp, j->current_location.seqnum, direction, ret, offset); if (j->current_location.monotonic_set) { @@ -624,7 +624,7 @@ static int find_location_for_match( if (j->current_location.realtime_set) return journal_file_move_to_entry_by_realtime_for_data(f, dp, j->current_location.realtime, direction, ret, offset); - return journal_file_next_entry_for_data(f, NULL, 0, dp, direction, ret, offset); + return journal_file_next_entry_for_data(f, dp, direction, ret, offset); } else if (m->type == MATCH_OR_TERM) { uint64_t np = 0; From 5b44d30087b910d269b6ad90d42cbe0e15474274 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 12 Jan 2022 18:10:54 +0000 Subject: [PATCH 100/703] journal: Fix entry array iteration corruption checks Previously, we'd try to handle corruption by bumping the index even if it was an entry array object that was corrupted (which we can't deal with). Now, we only try to deal with corrupted entry objects by moving the corruption handling into generic_array_get(). On top, we also add an additional check for -EADDRNOTAVAIL which can also be caused by corrupted journal data. (cherry picked from commit 8d801e35cb155faa08235a5af8b4d6ad60715837) --- src/libsystemd/sd-journal/journal-file.c | 152 ++++++++++++----------- 1 file changed, 81 insertions(+), 71 deletions(-) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index 22b848d2f35..ef4c261096f 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -2099,14 +2099,35 @@ static void chain_cache_put( ci->last_index = last_index; } +static int bump_array_index(uint64_t *i, direction_t direction, uint64_t n) { + assert(i); + + /* Increase or decrease the specified index, in the right direction. */ + + if (direction == DIRECTION_DOWN) { + if (*i >= n - 1) + return 0; + + (*i)++; + } else { + if (*i <= 0) + return 0; + + (*i)--; + } + + return 1; +} + static int generic_array_get( JournalFile *f, uint64_t first, uint64_t i, + direction_t direction, Object **ret, uint64_t *ret_offset) { - Object *o; - uint64_t p = 0, a, t = 0; + Object *o, *e; + uint64_t p = 0, a, t = 0, k; int r; ChainCacheItem *ci; @@ -2123,35 +2144,64 @@ static int generic_array_get( } while (a > 0) { - uint64_t k; - r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); if (r < 0) return r; k = journal_file_entry_array_n_items(o); - if (i < k) { - p = le64toh(o->entry_array.items[i]); - goto found; - } + if (i < k) + break; i -= k; t += k; a = le64toh(o->entry_array.next_entry_array_offset); } + /* If we've found the right location, now look for the first non-corrupt entry object (in the right + * direction). */ + + while (a > 0) { + /* In the first iteration of the while loop, we reuse i, k and o from the previous while + * loop. */ + if (i == UINT64_MAX) { + r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); + if (r < 0) + return r; + + k = journal_file_entry_array_n_items(o); + if (k == 0) + break; + + i = direction == DIRECTION_DOWN ? 0 : k - 1; + } + + do { + p = le64toh(o->entry_array.items[i]); + + r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &e); + if (r >= 0) + goto found; + if (!IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) + return r; + + /* OK, so this entry is borked. Most likely some entry didn't get synced to + * disk properly, let's see if the next one might work for us instead. */ + log_debug_errno(r, "Entry item %" PRIu64 " is bad, skipping over it.", i); + } while (bump_array_index(&i, direction, k) > 0); + + t += k; + a = le64toh(o->entry_array.next_entry_array_offset); + i = UINT64_MAX; + } + return 0; found: /* Let's cache this item for the next invocation */ chain_cache_put(f->chain_cache, ci, first, a, le64toh(o->entry_array.items[0]), t, i); - r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o); - if (r < 0) - return r; - if (ret) - *ret = o; + *ret = e; if (ret_offset) *ret_offset = p; @@ -2164,16 +2214,18 @@ static int generic_array_get_plus_one( uint64_t extra, uint64_t first, uint64_t i, + direction_t direction, Object **ret, uint64_t *ret_offset) { Object *o; + int r; assert(f); if (i == 0) { - int r; - r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); + if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) + return generic_array_get(f, first, 0, direction, ret, ret_offset); if (r < 0) return r; @@ -2186,7 +2238,7 @@ static int generic_array_get_plus_one( return 1; } - return generic_array_get(f, first, i-1, ret, ret_offset); + return generic_array_get(f, first, i - 1, direction, ret, ret_offset); } enum { @@ -2710,25 +2762,6 @@ int journal_file_compare_locations(JournalFile *af, JournalFile *bf) { return CMP(af->current_xor_hash, bf->current_xor_hash); } -static int bump_array_index(uint64_t *i, direction_t direction, uint64_t n) { - - /* Increase or decrease the specified index, in the right direction. */ - - if (direction == DIRECTION_DOWN) { - if (*i >= n - 1) - return 0; - - (*i) ++; - } else { - if (*i <= 0) - return 0; - - (*i) --; - } - - return 1; -} - static bool check_properly_ordered(uint64_t new_offset, uint64_t old_offset, direction_t direction) { /* Consider it an error if any of the two offsets is uninitialized */ @@ -2777,24 +2810,9 @@ int journal_file_next_entry( } /* And jump to it */ - for (;;) { - r = generic_array_get(f, - le64toh(f->header->entry_array_offset), - i, - ret, &ofs); - if (r > 0) - break; - if (r != -EBADMSG) - return r; - - /* OK, so this entry is borked. Most likely some entry didn't get synced to disk properly, let's see if - * the next one might work for us instead. */ - log_debug_errno(r, "Entry item %" PRIu64 " is bad, skipping over it.", i); - - r = bump_array_index(&i, direction, n); - if (r <= 0) - return r; - } + r = generic_array_get(f, le64toh(f->header->entry_array_offset), i, direction, ret, &ofs); + if (r <= 0) + return r; /* Ensure our array is properly ordered. */ if (p > 0 && !check_properly_ordered(ofs, p, direction)) @@ -2830,23 +2848,14 @@ int journal_file_next_entry_for_data( i = direction == DIRECTION_DOWN ? 0 : n - 1; - for (;;) { - r = generic_array_get_plus_one(f, - le64toh(d->data.entry_offset), - le64toh(d->data.entry_array_offset), - i, - ret, &ofs); - if (r > 0) - break; - if (r != -EBADMSG) - return r; - - log_debug_errno(r, "Data entry item %" PRIu64 " is bad, skipping over it.", i); - - r = bump_array_index(&i, direction, n); - if (r <= 0) - return r; - } + r = generic_array_get_plus_one(f, + le64toh(d->data.entry_offset), + le64toh(d->data.entry_array_offset), + i, + direction, + ret, &ofs); + if (r <= 0) + return r; if (ret_offset) *ret_offset = ofs; @@ -3789,7 +3798,8 @@ int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot_id, u r = generic_array_get_plus_one(f, le64toh(o->data.entry_offset), le64toh(o->data.entry_array_offset), - le64toh(o->data.n_entries)-1, + le64toh(o->data.n_entries) - 1, + DIRECTION_UP, &o, NULL); if (r <= 0) return r; From 18aff8c85720606e05826045b6799d19a7dcf08a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 15 Jan 2022 13:38:30 +0100 Subject: [PATCH 101/703] sd-device: silence gcc warning with newest gcc (cherry picked from commit 376ee2c312b87951028a0adff96b1052f32475fa) --- src/libsystemd/sd-device/sd-device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index 94ea61cc8da..b163a0fb6bb 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -1392,7 +1392,7 @@ int device_read_db_internal_filename(sd_device *device, const char *filename) { _cleanup_free_ char *db = NULL; const char *value; size_t db_len; - char key; + char key = '\0'; /* Unnecessary initialization to appease gcc-12.0.0-0.4.fc36 */ int r; enum { From 417622f42bd4ae9017dfe17db44d11e2e79362c1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 16 Jan 2022 15:53:13 +0900 Subject: [PATCH 102/703] network: wireguard: do not add routes to AllowedIPs= by default As setting such routes may break existing setups. Closes #21964. (cherry picked from commit cfe1237f3859c0cb19b98a47870f49942d5537d9) --- man/systemd.netdev.xml | 2 +- src/network/netdev/wireguard.c | 10 ++-------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 0aec58fc81a..c7199889f06 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1572,7 +1572,7 @@ networkd.conf5, or a number in the range 1…4294967295. When off the routes to the addresses specified in the AllowedIPs= setting will not be configured. - Defaults to main. This setting will be ignored when the same setting is + Defaults to off. This setting will be ignored when the same setting is specified in the [WireGuardPeer] section. diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index af91dc62576..2b26a92f5d9 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -895,13 +895,8 @@ int config_parse_wireguard_route_table( assert(data); assert(userdata); - if (isempty(rvalue)) { - *table = RT_TABLE_MAIN; - return 0; - } - - if (streq(rvalue, "off")) { - *table = 0; + if (isempty(rvalue) || streq(rvalue, "off")) { + *table = 0; /* Disabled. */ return 0; } @@ -1061,7 +1056,6 @@ static void wireguard_init(NetDev *netdev) { assert(w); w->flags = WGDEVICE_F_REPLACE_PEERS; - w->route_table = RT_TABLE_MAIN; } static void wireguard_done(NetDev *netdev) { From 0874eaefa30555a28f9f15cfc8a909afa07f01a7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 16 Jan 2022 15:59:45 +0900 Subject: [PATCH 103/703] network: wireguard: also accept negative boolean values to disable adding routes RouteTable=off was introduced to provide consistency with wg-quick command. This makes the RouteTable= settings accepts other negative boolean values. (cherry picked from commit e135559d805e749a0a1f8d1396cf71f6edd94831) --- man/systemd.netdev.xml | 16 ++++++++-------- src/network/netdev/wireguard.c | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index c7199889f06..b4b7fc0b435 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1566,14 +1566,14 @@ RouteTable= The table identifier for the routes to the addresses specified in the - AllowedIPs=. Takes the special value off, one of the - predefined names default, main, and - local, names defined in RouteTable= in + AllowedIPs=. Takes a negative boolean value, one of the predefined names + default, main, and local, names + defined in RouteTable= in networkd.conf5, or a number in the range 1…4294967295. When off the routes to the addresses specified in the AllowedIPs= setting will not be configured. - Defaults to off. This setting will be ignored when the same setting is - specified in the [WireGuardPeer] section. + Defaults to false. This setting will be ignored when the same setting is specified in the + [WireGuardPeer] section. @@ -1673,9 +1673,9 @@ RouteTable= The table identifier for the routes to the addresses specified in the - AllowedIPs=. Takes the special value off, one of the - predefined names default, main, and - local, names defined in RouteTable= in + AllowedIPs=. Takes a negative boolean value, one of the predefined names + default, main, and local, names + defined in RouteTable= in networkd.conf5, or a number in the range 1…4294967295. Defaults to unset, and the value specified in the same setting in the [WireGuard] section will be used. diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index 2b26a92f5d9..88f668753a5 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -895,7 +895,7 @@ int config_parse_wireguard_route_table( assert(data); assert(userdata); - if (isempty(rvalue) || streq(rvalue, "off")) { + if (isempty(rvalue) || parse_boolean(rvalue) == 0) { *table = 0; /* Disabled. */ return 0; } @@ -947,7 +947,7 @@ int config_parse_wireguard_peer_route_table( return 0; } - if (streq(rvalue, "off")) { + if (parse_boolean(rvalue) == 0) { peer->route_table = 0; /* Disabled. */ peer->route_table_set = true; TAKE_PTR(peer); From 9f43dde134b6ee0290259ba302ec0149822690fc Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 16 Jan 2022 20:19:19 +0900 Subject: [PATCH 104/703] core: update log message Fixes CID#1469009. (cherry picked from commit cc8943b84ad5ffb6d327404ff577d9d185a5c316) --- src/core/restrict-ifaces.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/core/restrict-ifaces.c b/src/core/restrict-ifaces.c index 7650031434e..0132c3c877e 100644 --- a/src/core/restrict-ifaces.c +++ b/src/core/restrict-ifaces.c @@ -19,9 +19,12 @@ static struct restrict_ifaces_bpf *restrict_ifaces_bpf_free(struct restrict_ifac DEFINE_TRIVIAL_CLEANUP_FUNC(struct restrict_ifaces_bpf *, restrict_ifaces_bpf_free); -static int prepare_restrict_ifaces_bpf(Unit* u, bool is_allow_list, +static int prepare_restrict_ifaces_bpf( + Unit* u, + bool is_allow_list, const Set *restrict_network_interfaces, struct restrict_ifaces_bpf **ret_object) { + _cleanup_(restrict_ifaces_bpf_freep) struct restrict_ifaces_bpf *obj = NULL; _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; char *iface; @@ -50,9 +53,10 @@ static int prepare_restrict_ifaces_bpf(Unit* u, bool is_allow_list, SET_FOREACH(iface, restrict_network_interfaces) { uint8_t dummy = 0; int ifindex; + ifindex = rtnl_resolve_interface(&rtnl, iface); if (ifindex < 0) { - log_unit_warning_errno(u, ifindex, "Couldn't find index of network interface: %m. Ignoring '%s'", iface); + log_unit_warning_errno(u, ifindex, "Couldn't find index of network interface '%s', ignoring: %m", iface); continue; } From 44198d7ddb426c482a0706622f040690a671a1c2 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 16 Jan 2022 15:32:27 +0900 Subject: [PATCH 105/703] core: add missing dependency DBus properties Follow-up for 0bc488c99ab2ed3464237607e381f4d72cd321d5. Also sort dependency properties to make them match the definition of `enum UnitDependency` in basic/unit-def.h. Fixes #22133. (cherry picked from commit adc1b76c30940da2f3fb11275f5b0e54ebbcd7f1) --- docs/TRANSIENT-SETTINGS.md | 1 + man/org.freedesktop.systemd1.xml | 32 ++++++++++++++++++++++---------- src/core/dbus-unit.c | 6 ++++-- 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md index 7bab5ec1544..2c893cad6e4 100644 --- a/docs/TRANSIENT-SETTINGS.md +++ b/docs/TRANSIENT-SETTINGS.md @@ -34,6 +34,7 @@ Most generic unit settings are available for transient units. ✓ PropagatesReloadTo= ✓ ReloadPropagatedFrom= ✓ PartOf= +✓ Upholds= ✓ JoinsNamespaceOf= ✓ RequiresMountsFor= ✓ StopWhenUnneeded= diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index b433f2066cd..bd69a00b57c 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1649,6 +1649,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as PartOf = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly as Upholds = ['...', ...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as RequiredBy = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as RequisiteOf = ['...', ...]; @@ -1657,6 +1659,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as BoundBy = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly as UpheldBy = ['...', ...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as ConsistsOf = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as Conflicts = ['...', ...]; @@ -1667,14 +1671,14 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as After = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") - readonly as OnFailure = ['...', ...]; - @org.freedesktop.DBus.Property.EmitsChangedSignal("const") - readonly as OnFailureOf = ['...', ...]; - @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as OnSuccess = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as OnSuccessOf = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly as OnFailure = ['...', ...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly as OnFailureOf = ['...', ...]; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as Triggers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as TriggeredBy = ['...', ...]; @@ -1820,16 +1824,20 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + - + - + + + @@ -1948,6 +1956,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + @@ -1956,6 +1966,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + @@ -1966,14 +1978,14 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { - - - - + + + + diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index f7a1210a345..eef491740cf 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -872,19 +872,21 @@ const sd_bus_vtable bus_unit_vtable[] = { SD_BUS_PROPERTY("Wants", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("BindsTo", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PartOf", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("Upholds", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("RequiredBy", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("RequisiteOf", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("WantedBy", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("BoundBy", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("UpheldBy", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ConsistsOf", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Conflicts", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ConflictedBy", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Before", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("After", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("OnFailure", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("OnFailureOf", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("OnSuccess", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("OnSuccessOf", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("OnFailure", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("OnFailureOf", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Triggers", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("TriggeredBy", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PropagatesReloadTo", "as", property_get_dependencies, 0, SD_BUS_VTABLE_PROPERTY_CONST), From 5cc70d1759fa892d7e3e950f4bd82f1168308300 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 16 Jan 2022 12:44:52 +0000 Subject: [PATCH 106/703] man: change 'allow[s] to' -> 'allow[s] one to' Lintian is opinionated about this and we get nagged (cherry picked from commit 6eed65d455e9e76b020acbd858c20eafa43cebf8) --- man/org.freedesktop.resolve1.xml | 2 +- man/systemd.netdev.xml | 2 +- man/systemd.network.xml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml index b8fff5a502a..72beffc2881 100644 --- a/man/org.freedesktop.resolve1.xml +++ b/man/org.freedesktop.resolve1.xml @@ -506,7 +506,7 @@ node /org/freedesktop/resolve1 { /etc/hosts. Moreover, it is set for all LLMNR or mDNS RRs which originate from the local host. Applications that require authenticated RR data for operation should check this flag before trusting the data. Note that systemd-resolved will never return - invalidated data, hence this flag simply allows to discern the cases where data is known to be + invalidated data, hence this flag simply allows one to discern the cases where data is known to be trusted, or where there is proof that the data is "rightfully" unauthenticated (which includes cases where the underlying protocol or server does not support authenticating data). diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index b4b7fc0b435..f49f3e84217 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -2064,7 +2064,7 @@ HopPenalty= - The hop penalty setting allows to modify + The hop penalty setting allows one to modify batctl8 preference for multihop routes vs. short routes. This integer value is applied to the TQ (Transmit Quality) of each forwarded OGM (Originator Message), thereby propagating the diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 197e0dad1da..a98157d9cda 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -362,7 +362,7 @@ Trust= - Takes a boolean. Allows to set trust mode of the virtual function (VF). When set, VF + Takes a boolean. Allows one to set trust mode of the virtual function (VF). When set, VF users can set a specific feature which may impact security and/or performance. When unset, the kernel's default will be used. @@ -371,7 +371,7 @@ LinkState= - Allows to set the link state of the virtual function (VF). Takes a boolean or a + Allows one to set the link state of the virtual function (VF). Takes a boolean or a special value auto. Setting to auto means a reflection of the physical function (PF) link state, yes lets the VF to communicate with other VFs on this host even if the PF link state is down, @@ -2038,7 +2038,7 @@ Table=1234 FallbackLeaseLifetimeSec= - Allows to set DHCPv4 lease lifetime when DHCPv4 server does not send the lease + Allows one to set DHCPv4 lease lifetime when DHCPv4 server does not send the lease lifetime. Takes one of forever or infinity. If specified, the acquired address never expires. Defaults to unset. @@ -3234,7 +3234,7 @@ Token=prefixstable:2002:da8:1:: SyncJumpWidth= Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the - synchronization jump width, which allow to define the CAN bit-timing in a hardware + synchronization jump width, which allow one to define the CAN bit-timing in a hardware independent format as proposed by the Bosch CAN 2.0 Specification. TimeQuantaNSec= takes a timespan in nanoseconds. PropagationSegment=, PhaseBufferSegment1=, From 33aba4c50a7a3df4ad9e40f5ff07f0d05df5cb48 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 16 Jan 2022 18:41:10 +0000 Subject: [PATCH 107/703] systemd-stdio-bridge: add manpage (cherry picked from commit cf18de1b265d06b8f72646a11a469e1191826030) --- man/rules/meson.build | 1 + man/systemd-stdio-bridge.xml | 78 ++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 man/systemd-stdio-bridge.xml diff --git a/man/rules/meson.build b/man/rules/meson.build index ca19dc73e76..b689b1c1af6 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -962,6 +962,7 @@ manpages = [ ['systemd-sleep.conf', '5', ['sleep.conf.d'], ''], ['systemd-socket-activate', '1', [], ''], ['systemd-socket-proxyd', '8', [], ''], + ['systemd-stdio-bridge', '1', [], ''], ['systemd-stub', '7', ['linuxaa64.efi.stub', 'linuxia32.efi.stub', 'linuxx64.efi.stub'], diff --git a/man/systemd-stdio-bridge.xml b/man/systemd-stdio-bridge.xml new file mode 100644 index 00000000000..bef61cb7cfe --- /dev/null +++ b/man/systemd-stdio-bridge.xml @@ -0,0 +1,78 @@ + + + + + + + + systemd-stdio-bridge + systemd + + + + systemd-stdio-bridge + 1 + + + + systemd-stdio-bridge + D-Bus proxy + + + + + systemd-stdio-bridge + OPTIONS + + + + + Description + + systemd-stdio-bridge may be used as a STDIO or socket-activatable + proxy to a given D-Bus endpoint. + + + + + Options + + The following options are understood: + + + + + + + Path to the bus address. Default: unix:path=/run/dbus/system_bus_socket + + + + + + + + + + + + + Exit status + + On success, 0 is returned, a non-zero failure code otherwise. + + + + See Also + + dbus-daemon1, + dbus-broker1, + D-Bus, + sd-bus3, + systemd1 + + + + From 8c4badc4450866b1f0a52fa4e575341c7efaf88e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Jan 2022 11:43:48 +0100 Subject: [PATCH 108/703] man: enhance the description of systemd-stdio-bridge I hope that this fixes the comment https://github.com/systemd/systemd/pull/22141#issuecomment-1013960371 > As someone who doesn't know what this prog does The listing in the man page is sorted according to logical use: all the options setting the address are now together. (cherry picked from commit b7bb58ef70b0c876941a1c31ed4e2f5f1dc5ed0e) --- man/systemd-stdio-bridge.xml | 28 +++++++++++++++++++++------- src/stdio-bridge/stdio-bridge.c | 2 +- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/man/systemd-stdio-bridge.xml b/man/systemd-stdio-bridge.xml index bef61cb7cfe..002a91b1299 100644 --- a/man/systemd-stdio-bridge.xml +++ b/man/systemd-stdio-bridge.xml @@ -31,9 +31,23 @@ Description - systemd-stdio-bridge may be used as a STDIO or socket-activatable - proxy to a given D-Bus endpoint. - + systemd-stdio-bridge implements a proxy for a D-Bus endpoint. It expects to + receive an open connection to a bus when started, and will also connect to a (different) bus as a + client. It will then act as a server on the first connection, and forward messages between the two + busses. This program is suitable for socket activation: the first connection may be a pipe or a socket + and must be passed as either standard input, or as an open file descriptor according to the protocol + described in + sd_listen_fds3. The + second connection will be made by default to the local system bus, but this can be influenced by the + , , , and + options described below. + + sd-bus3 uses + systemd-stdio-bridge to forward D-Bus connections over + ssh1, + or to connect to the bus of a different user, see + sd_bus_set_address3. + @@ -42,6 +56,10 @@ The following options are understood: + + + + @@ -52,9 +70,6 @@ - - - @@ -70,7 +85,6 @@ dbus-daemon1, dbus-broker1, D-Bus, - sd-bus3, systemd1 diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c index b45f7912cbe..5d4ffa5e323 100644 --- a/src/stdio-bridge/stdio-bridge.c +++ b/src/stdio-bridge/stdio-bridge.c @@ -28,7 +28,7 @@ static bool arg_user = false; static int help(void) { printf("%s [OPTIONS...]\n\n" - "STDIO or socket-activatable proxy to a given DBus endpoint.\n\n" + "Forward messages between two D-Bus busses via a pipe or socket.\n\n" " -h --help Show this help\n" " --version Show package version\n" " -p --bus-path=PATH Path to the bus address (default: %s)\n" From fdcb1bf67371615f12c4b11283f2bd6a25bda019 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 15 Jan 2022 03:37:40 +0900 Subject: [PATCH 109/703] kernel-install: also remove modules.builtin.alias.bin Fixes RHBZ#2016630. (cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca) --- src/kernel-install/50-depmod.install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install index 2fd959865f2..fd00c436322 100644 --- a/src/kernel-install/50-depmod.install +++ b/src/kernel-install/50-depmod.install @@ -36,7 +36,7 @@ case "$COMMAND" in remove) [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" - exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} + exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} ;; *) exit 0 From 7fc41274e6720c655b68f0266a5d9168e5b1980a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 17 Jan 2022 11:44:44 +0100 Subject: [PATCH 110/703] stdio-bridge: make the error more straightforward (cherry picked from commit a80f17844ef1d7c622d17cb4b41eb337d438fffb) --- src/stdio-bridge/stdio-bridge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c index 5d4ffa5e323..1a2099a8d1b 100644 --- a/src/stdio-bridge/stdio-bridge.c +++ b/src/stdio-bridge/stdio-bridge.c @@ -125,7 +125,7 @@ static int run(int argc, char *argv[]) { in_fd = SD_LISTEN_FDS_START; out_fd = SD_LISTEN_FDS_START; } else - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Illegal number of file descriptors passed."); + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "More than one file descriptor was passed."); is_unix = sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 && From 1b003bbc806198dbdd57b405d968f30565495e70 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 13 Jan 2022 00:09:38 +0900 Subject: [PATCH 111/703] pid1,cgroup-show: ignore -EOPNOTSUPP in cg_read_pid() The function is called in recursion, and cgroup.procs in some subcgroups may not be read. Fixes #22089. (cherry picked from commit 1fb50408ce23e67e0be94ead69c891d26b4823e2) --- src/core/dbus-unit.c | 8 ++++++-- src/shared/cgroup-show.c | 17 ++++++++++++----- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index eef491740cf..1128c42ad94 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -1314,11 +1314,15 @@ static int append_cgroup(sd_bus_message *reply, const char *p, Set *pids) { for (;;) { pid_t pid; + /* libvirt / qemu uses threaded mode and cgroup.procs cannot be read at the lower levels. + * From https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#threads, + * “cgroup.procs” in a threaded domain cgroup contains the PIDs of all processes in + * the subtree and is not readable in the subtree proper. */ r = cg_read_pid(f, &pid); + if (IN_SET(r, 0, -EOPNOTSUPP)) + break; if (r < 0) return r; - if (r == 0) - break; if (is_kernel_thread(pid) > 0) continue; diff --git a/src/shared/cgroup-show.c b/src/shared/cgroup-show.c index 40bc2bff051..48dd4d80013 100644 --- a/src/shared/cgroup-show.c +++ b/src/shared/cgroup-show.c @@ -89,7 +89,6 @@ static int show_cgroup_one_by_path( _cleanup_fclose_ FILE *f = NULL; _cleanup_free_ char *p = NULL; size_t n = 0; - pid_t pid; char *fn; int r; @@ -102,7 +101,18 @@ static int show_cgroup_one_by_path( if (!f) return -errno; - while ((r = cg_read_pid(f, &pid)) > 0) { + for (;;) { + pid_t pid; + + /* libvirt / qemu uses threaded mode and cgroup.procs cannot be read at the lower levels. + * From https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html#threads, + * “cgroup.procs” in a threaded domain cgroup contains the PIDs of all processes in + * the subtree and is not readable in the subtree proper. */ + r = cg_read_pid(f, &pid); + if (IN_SET(r, 0, -EOPNOTSUPP)) + break; + if (r < 0) + return r; if (!(flags & OUTPUT_KERNEL_THREADS) && is_kernel_thread(pid) > 0) continue; @@ -113,9 +123,6 @@ static int show_cgroup_one_by_path( pids[n++] = pid; } - if (r < 0) - return r; - show_pid_array(pids, n, prefix, n_columns, false, more, flags); return 0; From 02482cb698fd56b7c205917271fc81712426d9e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Dec 2021 12:55:40 +0100 Subject: [PATCH 112/703] meson: move efi file lists closer to where they are used The goal is to have the detection of features and paths done first, and then the build target constructions second. (cherry picked from commit 65dcf9f9a0d877de0dc53558547462a7f1750c78) --- src/boot/efi/meson.build | 104 +++++++++++++++++++-------------------- 1 file changed, 51 insertions(+), 53 deletions(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index e10e51cf4e3..1125c64ea3c 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -99,59 +99,6 @@ if efi_lds == '' subdir_done() endif -efi_headers = files(''' - bcd.h - console.h - cpio.h - devicetree.h - disk.h - drivers.h - graphics.h - linux.h - measure.h - missing_efi.h - pe.h - random-seed.h - shim.h - splash.h - util.h - xbootldr.h -'''.split()) - -common_sources = ''' - assert.c - devicetree.c - disk.c - graphics.c - measure.c - pe.c - secure-boot.c - util.c -'''.split() - -systemd_boot_sources = ''' - bcd.c - boot.c - console.c - drivers.c - random-seed.c - shim.c - xbootldr.c -'''.split() - -stub_sources = ''' - cpio.c - initrd.c - splash.c - stub.c -'''.split() - -if efi_arch[1] in ['ia32', 'x86_64'] - stub_sources += 'linux_x86.c' -else - stub_sources += 'linux.c' -endif - conf.set10('HAVE_GNU_EFI', true) conf.set_quoted('EFI_MACHINE_TYPE_NAME', efi_arch[0]) @@ -332,6 +279,57 @@ if efi_cc_version.contains('clang') and efi_cc_version.split('.')[0].split(' ')[ efi_ldflags += ['-Wl,-T,' + efi_lds, '-Wno-unused-command-line-argument'] endif +############################################################ + +efi_headers = files( + 'bcd.h', + 'console.h', + 'cpio.h', + 'devicetree.h', + 'disk.h', + 'drivers.h', + 'graphics.h', + 'linux.h', + 'measure.h', + 'missing_efi.h', + 'pe.h', + 'random-seed.h', + 'shim.h', + 'splash.h', + 'util.h', + 'xbootldr.h') + +common_sources = [ + 'assert.c', + 'devicetree.c', + 'disk.c', + 'graphics.c', + 'measure.c', + 'pe.c', + 'secure-boot.c', + 'util.c'] + +systemd_boot_sources = [ + 'bcd.c', + 'boot.c', + 'console.c', + 'drivers.c', + 'random-seed.c', + 'shim.c', + 'xbootldr.c'] + +stub_sources = [ + 'cpio.c', + 'initrd.c', + 'splash.c', + 'stub.c'] + +if efi_arch[1] in ['ia32', 'x86_64'] + stub_sources += 'linux_x86.c' +else + stub_sources += 'linux.c' +endif + systemd_boot_objects = [] stub_objects = [] foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources From b72a7e85a91defce45b76e3d832a555bad37b0ff Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Tue, 28 Dec 2021 13:10:39 +0100 Subject: [PATCH 113/703] boot: Build BCD parser only on arches supported by Windows (cherry picked from commit 77fcf28cb88b302453b4c991a6571cb37f10634d) --- src/boot/efi/boot.c | 2 ++ src/boot/efi/meson.build | 21 ++++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 0286914b8be..83358406f25 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1941,6 +1941,7 @@ static void config_entry_add_osx(Config *config) { } static void config_entry_add_windows(Config *config, EFI_HANDLE *device, EFI_FILE *root_dir) { +#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) _cleanup_freepool_ CHAR8 *bcd = NULL; CHAR16 *title = NULL; EFI_STATUS err; @@ -1961,6 +1962,7 @@ static void config_entry_add_windows(Config *config, EFI_HANDLE *device, EFI_FIL config_entry_add_loader_auto(config, device, root_dir, NULL, L"auto-windows", 'w', title ?: L"Windows Boot Manager", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"); +#endif } static void config_entry_add_linux( diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 1125c64ea3c..f98dbf68d26 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -310,7 +310,6 @@ common_sources = [ 'util.c'] systemd_boot_sources = [ - 'bcd.c', 'boot.c', 'console.c', 'drivers.c', @@ -330,6 +329,18 @@ else stub_sources += 'linux.c' endif +# BCD parser only makes sense on arches that Windows supports. +if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64'] + systemd_boot_sources += 'bcd.c' + tests += [ + [['src/boot/efi/test-bcd.c'], + [], + [libzstd], + [], + 'HAVE_ZSTD'], + ] +endif + systemd_boot_objects = [] stub_objects = [] foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources @@ -387,14 +398,6 @@ endforeach ############################################################ -tests += [ - [['src/boot/efi/test-bcd.c'], - [], - [libzstd], - [], - 'HAVE_ZSTD'], -] - test_efi_disk_img = custom_target( 'test-efi-disk.img', input : [efi_stubs[0][0], efi_stubs[1][1]], From fb7a7692609a5790d6d89f3396a4ba3e68f40f96 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 7 Jan 2022 21:55:50 +0100 Subject: [PATCH 114/703] meson: Use files() for source lists for boot and fundamental This fixes build reproducibility as otherwise the full path of the source files ends up in the output binary. (cherry picked from commit b3c5a7074cd434bc02c4b560afe933d3df24759e) --- src/boot/efi/meson.build | 29 +++++++++++++++++------------ src/fundamental/meson.build | 22 +++++++++------------- 2 files changed, 26 insertions(+), 25 deletions(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index f98dbf68d26..ea4f024a171 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -297,9 +297,10 @@ efi_headers = files( 'shim.h', 'splash.h', 'util.h', - 'xbootldr.h') + 'xbootldr.h', +) -common_sources = [ +common_sources = files( 'assert.c', 'devicetree.c', 'disk.c', @@ -307,31 +308,34 @@ common_sources = [ 'measure.c', 'pe.c', 'secure-boot.c', - 'util.c'] + 'util.c', +) -systemd_boot_sources = [ +systemd_boot_sources = files( 'boot.c', 'console.c', 'drivers.c', 'random-seed.c', 'shim.c', - 'xbootldr.c'] + 'xbootldr.c', +) -stub_sources = [ +stub_sources = files( 'cpio.c', 'initrd.c', 'splash.c', - 'stub.c'] + 'stub.c', +) if efi_arch[1] in ['ia32', 'x86_64'] - stub_sources += 'linux_x86.c' + stub_sources += files('linux_x86.c') else - stub_sources += 'linux.c' + stub_sources += files('linux.c') endif # BCD parser only makes sense on arches that Windows supports. if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64'] - systemd_boot_sources += 'bcd.c' + systemd_boot_sources += files('bcd.c') tests += [ [['src/boot/efi/test-bcd.c'], [], @@ -344,9 +348,10 @@ endif systemd_boot_objects = [] stub_objects = [] foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources - o_file = custom_target(file.split('/')[-1] + '.o', + # FIXME: replace ''.format(file) with fs.name(file) when meson_version requirement is >= 0.59.0 + o_file = custom_target('@0@.o'.format(file).split('/')[-1], input : file, - output : file.split('/')[-1] + '.o', + output : '@0@.o'.format(file).split('/')[-1], command : [efi_cc, '-c', '@INPUT@', '-o', '@OUTPUT@', efi_cflags], depend_files : efi_headers + fundamental_headers) if (fundamental_source_paths + common_sources + systemd_boot_sources).contains(file) diff --git a/src/fundamental/meson.build b/src/fundamental/meson.build index 287f0fe36ad..f927788c3ad 100644 --- a/src/fundamental/meson.build +++ b/src/fundamental/meson.build @@ -8,20 +8,16 @@ fundamental_headers = files( 'macro-fundamental.h', 'sha256.h', 'string-util-fundamental.h', - 'types-fundamental.h') - -sources = ''' - bootspec-fundamental.c - efivars-fundamental.c - string-util-fundamental.c - sha256.c -'''.split() + 'types-fundamental.h', +) # for sd-boot -fundamental_source_paths = [] -foreach source : sources - fundamental_source_paths += meson.current_source_dir() / source -endforeach +fundamental_source_paths = files( + 'bootspec-fundamental.c', + 'efivars-fundamental.c', + 'sha256.c', + 'string-util-fundamental.c', +) # for libbasic -fundamental_sources = files(sources) + fundamental_headers +fundamental_sources = fundamental_source_paths + fundamental_headers From c0d79c93ccca0318cb38d3c48d11f2144730841f Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Wed, 19 Jan 2022 16:37:25 +0100 Subject: [PATCH 115/703] boot: Use -ffile-prefix-map when present This should make sure the stub elf binary is reproducible. Fixes: #22157 (cherry picked from commit 1bc8417cfeeebb48b16039f26e0c75937784e75e) --- src/boot/efi/meson.build | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index ea4f024a171..da64205bb57 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -209,7 +209,17 @@ if get_option('b_lto') endif foreach arg : get_option('c_args') - if arg in ['-Werror', '-g', '-ggdb', '-O1', '-O2', '-O3', '-Og', '-Os', '-DNDEBUG', '-flto', '-fno-lto'] + if arg in [ + '-DNDEBUG', + '-fno-lto', + '-g', '-ggdb', + '-O1', '-O2', '-O3', '-Og', '-Os', + '-Werror', + ] or arg.split('=')[0] in [ + '-ffile-prefix-map', + '-flto', + ] + message('Using "@0@" from c_args for EFI compiler'.format(arg)) efi_cflags += arg endif From 86cb29e9f6949dd611d544ffdbbb9eb972408835 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 21 Jan 2022 18:34:04 +0100 Subject: [PATCH 116/703] boot: Only build with debug symbols in developer mode The debug symbols are of very limited use in proper deployments unlike with regular userspace. Unless someone goes through the pain of setting up an EFI debugger (assuming their firmware even supports this in the first place) any provided debug symbols will just be useless. Debugging under QEMU is possible, but even then it is non-trivial to set up, so anyone willing to go that far can just build in developer mode. Meanwhile, at least x86 firmware tends to refuse binaries that contain debug symbols. We do strip the files when converted to PE anyway, but the elf file needs to stay around on other arches as objcopy does not support PE as input there. Also, the generated debug symbols seem to be not reproducible when building with LTO. Whether this is an issue in tooling or our side is unclear. This works around this issue. Fixes: #22157 (cherry picked from commit 76fb85316e9c629b79762457d9515cb632112a6a) --- src/boot/efi/meson.build | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index da64205bb57..2c283b8c7b6 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -194,7 +194,7 @@ efi_cflags += cc.get_supported_arguments({ if get_option('werror') efi_cflags += ['-Werror'] endif -if get_option('debug') +if get_option('debug') and get_option('mode') == 'developer' efi_cflags += ['-ggdb', '-DEFI_DEBUG'] endif if get_option('optimization') != '0' @@ -212,13 +212,15 @@ foreach arg : get_option('c_args') if arg in [ '-DNDEBUG', '-fno-lto', - '-g', '-ggdb', '-O1', '-O2', '-O3', '-Og', '-Os', '-Werror', ] or arg.split('=')[0] in [ '-ffile-prefix-map', '-flto', - ] + ] or (get_option('mode') == 'developer' and arg in [ + '-DEFI_DEBUG', + '-g', '-ggdb', + ]) message('Using "@0@" from c_args for EFI compiler'.format(arg)) efi_cflags += arg From 1baffb6080c1da9c493dad708c99e5408c5039c4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 11 Jan 2022 20:56:40 +0900 Subject: [PATCH 117/703] network: dhcp6: do not request address if UseAddress=no Fixes #22068. (cherry picked from commit d5f8fd5b00e938710b5e80396f8b3fab59dd6d00) --- src/network/networkd-dhcp6.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/network/networkd-dhcp6.c b/src/network/networkd-dhcp6.c index 9e903669933..e591043111d 100644 --- a/src/network/networkd-dhcp6.c +++ b/src/network/networkd-dhcp6.c @@ -646,9 +646,15 @@ static int dhcp6_configure(Link *link) { r = sd_dhcp6_client_set_prefix_delegation(client, link->network->dhcp6_use_pd_prefix); if (r < 0) - return log_link_debug_errno(link, r, "DHCPv6 CLIENT: Failed to %s prefix delegation: %m", + return log_link_debug_errno(link, r, "DHCPv6 CLIENT: Failed to %s requesting prefixes to be delegated: %m", enable_disable(link->network->dhcp6_use_pd_prefix)); + /* Even if UseAddress=no, we need to request IA_NA, as the dhcp6 client may be started in managed mode. */ + r = sd_dhcp6_client_set_address_request(client, link->network->dhcp6_use_pd_prefix ? link->network->dhcp6_use_address : true); + if (r < 0) + return log_link_debug_errno(link, r, "DHCPv6 CLIENT: Failed to %s requesting address: %m", + enable_disable(link->network->dhcp6_use_address)); + if (link->network->dhcp6_pd_prefix_length > 0) { r = sd_dhcp6_client_set_prefix_delegation_hint(client, link->network->dhcp6_pd_prefix_length, From 4ef7122f3c3328aa01e1ed187a793e7b1595ee87 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 19 Jan 2022 00:27:45 +0000 Subject: [PATCH 118/703] sysext: use LO_FLAGS_PARTSCAN when opening image Jan 17 12:34:59 myguest1 (sd-sysext)[486]: Device '/var/lib/extensions/myext.raw' is loopback block device with partition scanning turned off, please turn it on. Fixes https://github.com/systemd/systemd/issues/22146 (cherry picked from commit 70a5c6dce0872b3bb0a39be250adde86a0c8f35c) --- src/sysext/sysext.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 5abf1bb4183..60789e0f2c1 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -2,6 +2,7 @@ #include #include +#include #include #include @@ -529,7 +530,11 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { if (verity_settings.data_path) flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; - r = loop_device_make_by_path(img->path, O_RDONLY, 0, &d); + r = loop_device_make_by_path( + img->path, + O_RDONLY, + FLAGS_SET(flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN, + &d); if (r < 0) return log_error_errno(r, "Failed to set up loopback device for %s: %m", img->path); From 0dab9e5f057380322755e90ee4d35716d5bf6232 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 19 Jan 2022 00:01:48 +0000 Subject: [PATCH 119/703] dissect-image: validate extension-release even if the host has only ID in os-release A rolling distro won't set VERSION_ID or SYSEXT_LEVEL in os-release, which means we skip validation of ExtensionImages. Validate even with just an ID, the lower level helper already recognizes and accepts this use case. Fixes https://github.com/systemd/systemd/issues/22146 (cherry picked from commit 37361f46d571ad0b71ef99dec6a9b76edbab38bb) --- src/shared/dissect-image.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 39a7f4c3f28..14519ead703 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3534,9 +3534,9 @@ int verity_dissect_and_mount( /* If we got os-release values from the caller, then we need to match them with the image's * extension-release.d/ content. Return -EINVAL if there's any mismatch. * First, check the distro ID. If that matches, then check the new SYSEXT_LEVEL value if - * available, or else fallback to VERSION_ID. */ - if (required_host_os_release_id && - (required_host_os_release_version_id || required_host_os_release_sysext_level)) { + * available, or else fallback to VERSION_ID. If neither is present (eg: rolling release), + * then a simple match on the ID will be performed. */ + if (required_host_os_release_id) { _cleanup_strv_free_ char **extension_release = NULL; r = load_extension_release_pairs(dest, dissected_image->image_name, &extension_release); From 179bd47f04c538ed1f2c1de2cf2c18f17b027a51 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 19 Jan 2022 00:08:57 +0000 Subject: [PATCH 120/703] core: refuse to mount ExtensionImages if the base layer doesn't at least have ID in os-release We can't match an extension if we don't at least have an ID, so refuse to continue (cherry picked from commit 78ab2b5064a0f87579ce5430f9cb83bba0db069a) --- src/core/namespace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core/namespace.c b/src/core/namespace.c index c549dcc96be..ecbd23833c6 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1151,6 +1151,8 @@ static int mount_image(const MountEntry *m, const char *root_directory) { NULL); if (r < 0) return log_debug_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); + if (isempty(host_os_release_id)) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); } r = verity_dissect_and_mount( From 740dd39e070b3b827cbac37df2a40d61bd9cdb89 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 20 Jan 2022 05:24:31 +0900 Subject: [PATCH 121/703] resolve: fix assertion triggered when r == 0 Fixes #22178. (cherry picked from commit 98b1eb711cfc70776fefd3d4ec437a6a4f9aeff2) --- src/resolve/resolved-etc-hosts.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-etc-hosts.c b/src/resolve/resolved-etc-hosts.c index 9af3a27bb10..a8da6c3d881 100644 --- a/src/resolve/resolved-etc-hosts.c +++ b/src/resolve/resolved-etc-hosts.c @@ -109,7 +109,10 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) { r = dns_name_is_valid_ldh(name); if (r <= 0) { - log_warning_errno(r, "/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); + if (r < 0) + log_warning_errno(r, "/etc/hosts:%u: Failed to check the validity of hostname \"%s\", ignoring: %m", nr, name); + else + log_warning("/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); continue; } From 0456e3aaaae7c21a037f4d3c758463c3ba4d167c Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Wed, 19 Jan 2022 10:40:46 -0800 Subject: [PATCH 122/703] oomd: fix race with path unavailability when killing cgroups There can be a situation where systemd-oomd would kill all of the processes in a cgroup, pid1 would clean up that cgroup, and systemd-oomd would get ENODEV trying to iterate the cgroup a final time to ensure it was empty. systemd-oomd sees this as an error and immediately picks a new candidate even though pressure may have recovered. To counter this, check and handle path unavailability errnos specially. Fixes: #22030 (cherry picked from commit 2ee209466bb51f39ae9df7fec4d5594ce8cfa3f0) --- src/oom/oomd-util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c index 64ea8cf7e43..b54bf483d60 100644 --- a/src/oom/oomd-util.c +++ b/src/oom/oomd-util.c @@ -196,7 +196,14 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); else r = cg_kill(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); - if (r < 0) + + /* The cgroup could have been cleaned up after we have sent SIGKILL to all of the processes, but before + * we could do one last iteration of cgroup.procs to check. Or the service unit could have exited and + * was removed between picking candidates and coming into this function. In either case, let's log + * about it let the caller decide what to do once they know how many PIDs were killed. */ + if (IN_SET(r, -ENOENT, -ENODEV)) + log_debug_errno(r, "Error when sending SIGKILL to processes in cgroup path %s, ignoring: %m", path); + else if (r < 0) return r; r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); From c4d89cd602b94ab3baac746395c797ec4da43679 Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Wed, 19 Jan 2022 13:26:01 -0800 Subject: [PATCH 123/703] oomd: handle situations when no cgroups are killed Currently if systemd-oomd doesn't kill anything in a selected cgroup, it selects a new candidate immediately. But if a selected cgroup wasn't killed, it is likely due to it disappearing or getting cleaned up between the time it was selected as a candidate and getting sent SIGKILL(s). We should handle it as though systemd-oomd did perform a kill so that it will check swap/pressure again before it tries to select a new candidate. (cherry picked from commit 914d4e99f43761f1ce77b520850cf096aa5196cd) --- src/oom/oomd-manager.c | 10 +++++++--- src/oom/oomd-util.c | 11 +++++------ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c index 9f4f083ab9a..b0a81474ccf 100644 --- a/src/oom/oomd-manager.c +++ b/src/oom/oomd-manager.c @@ -410,7 +410,7 @@ static int monitor_swap_contexts_handler(sd_event_source *s, uint64_t usec, void if (r < 0) log_notice_errno(r, "Failed to kill any cgroup(s) based on swap: %m"); else { - if (selected) + if (selected && r > 0) log_notice("Killed %s due to memory used (%"PRIu64") / total (%"PRIu64") and " "swap used (%"PRIu64") / total (%"PRIu64") being more than " PERMYRIAD_AS_PERCENT_FORMAT_STR, @@ -518,9 +518,13 @@ static int monitor_memory_pressure_contexts_handler(sd_event_source *s, uint64_t if (r < 0) log_notice_errno(r, "Failed to kill any cgroup(s) under %s based on pressure: %m", t->path); else { - /* Don't act on all the high pressure cgroups at once; return as soon as we kill one */ + /* Don't act on all the high pressure cgroups at once; return as soon as we kill one. + * If r == 0 then it means there were not eligible candidates, the candidate cgroup + * disappeared, or the candidate cgroup has no processes by the time we tried to kill + * it. In either case, go through the event loop again and select a new candidate if + * pressure is still high. */ m->mem_pressure_post_action_delay_start = usec_now; - if (selected) + if (selected && r > 0) log_notice("Killed %s due to memory pressure for %s being %lu.%02lu%% > %lu.%02lu%%" " for > %s with reclaim activity", selected, t->path, diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c index b54bf483d60..cef7519a74b 100644 --- a/src/oom/oomd-util.c +++ b/src/oom/oomd-util.c @@ -206,6 +206,9 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { else if (r < 0) return r; + if (set_isempty(pids_killed)) + log_debug("Nothing killed when attempting to kill %s", path); + r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); if (r < 0) log_debug_errno(r, "Failed to set user.oomd_kill on kill: %m"); @@ -231,8 +234,6 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char continue; r = oomd_cgroup_kill(sorted[i]->path, true, dry_run); - if (r == 0) - continue; /* We didn't find anything to kill */ if (r == -ENOMEM) return r; /* Treat oom as a hard error */ if (r < 0) { @@ -245,7 +246,7 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char if (!selected) return -ENOMEM; *ret_selected = selected; - return 1; + return r; } return ret; @@ -271,8 +272,6 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, continue; r = oomd_cgroup_kill(sorted[i]->path, true, dry_run); - if (r == 0) - continue; /* We didn't find anything to kill */ if (r == -ENOMEM) return r; /* Treat oom as a hard error */ if (r < 0) { @@ -285,7 +284,7 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, if (!selected) return -ENOMEM; *ret_selected = selected; - return 1; + return r; } return ret; From 494e3c0def197abd4ec88f7b0c3ba331a708d81e Mon Sep 17 00:00:00 2001 From: Martin Wilck Date: Fri, 21 Jan 2022 10:44:26 +0100 Subject: [PATCH 124/703] udevadm: cleanup_dir: use dot_or_dot_dot() which is safer than just checking dent[0]. Also, fix two style issues. (cherry picked from commit 28d6e8545151d413f8614db9fa790f9f9edbb045) --- src/udev/udevadm-info.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c index 740434bb419..cb5e74a1b61 100644 --- a/src/udev/udevadm-info.c +++ b/src/udev/udevadm-info.c @@ -232,12 +232,14 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { if (depth <= 0) return; + assert(dir); + FOREACH_DIRENT_ALL(dent, dir, break) { struct stat stats; - if (dent->d_name[0] == '.') + if (dot_or_dot_dot(dent->d_name)) continue; - if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) != 0) + if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) continue; if ((stats.st_mode & mask) != 0) continue; From ef7ceef26adb714ef44b2fbc07a219c05a012b42 Mon Sep 17 00:00:00 2001 From: Martin Wilck Date: Thu, 20 Jan 2022 14:31:45 +0100 Subject: [PATCH 125/703] udevadm: cleanup-db: don't delete information for kept db entries devices with the db_persist property won't be deleted during database cleanup. This applies to dm and md devices in particular. For such devices, we should also keep the files under /run/udev/links, /run/udev/tags, and /run/udev/watch, to make sure that after restart, udevd has the same information about the devices as it did before the cleanup. If we don't do this, a lower-priority device that is discovered in the coldplug phase may take over symlinks from a device that persisted. Not removing the watches also enables udevd to resume watching a device after restart. Signed-off-by: Martin Wilck (cherry picked from commit 7ec624147a41d80f8e492c9fe19a24e2cda58c25) --- src/udev/udevadm-info.c | 62 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 3 deletions(-) diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c index cb5e74a1b61..018a52ada80 100644 --- a/src/udev/udevadm-info.c +++ b/src/udev/udevadm-info.c @@ -256,6 +256,62 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { } } +/* + * Assume that dir is a directory with file names matching udev data base + * entries for devices in /run/udev/data (such as "b8:16"), and removes + * all files except those that haven't been deleted in /run/udev/data + * (i.e. they were skipped during db cleanup because of the db_persist flag). + * Returns true if the directory is empty after cleanup. + */ +static bool cleanup_dir_after_db_cleanup(DIR *dir, DIR *datadir) { + unsigned int kept = 0; + + assert(dir && datadir); + + FOREACH_DIRENT_ALL(dent, dir, break) { + struct stat data_stats, link_stats; + + if (dot_or_dot_dot(dent->d_name)) + continue; + if (fstatat(dirfd(dir), dent->d_name, &link_stats, AT_SYMLINK_NOFOLLOW) < 0) { + if (errno != ENOENT) + kept++; + continue; + } + + if (fstatat(dirfd(datadir), dent->d_name, &data_stats, 0) < 0) + (void) unlinkat(dirfd(dir), dent->d_name, + S_ISDIR(link_stats.st_mode) ? AT_REMOVEDIR : 0); + else + /* The entry still exists under /run/udev/data */ + kept++; + } + + return kept == 0; +} + +static void cleanup_dirs_after_db_cleanup(DIR *dir, DIR *datadir) { + + assert(dir && datadir); + + FOREACH_DIRENT_ALL(dent, dir, break) { + struct stat stats; + + if (dot_or_dot_dot(dent->d_name)) + continue; + if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) + continue; + if (S_ISDIR(stats.st_mode)) { + _cleanup_closedir_ DIR *dir2 = NULL; + + dir2 = fdopendir(openat(dirfd(dir), dent->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)); + if (dir2 && cleanup_dir_after_db_cleanup(dir2, datadir)) + (void) unlinkat(dirfd(dir), dent->d_name, AT_REMOVEDIR); + } else + (void) unlinkat(dirfd(dir), dent->d_name, 0); + } +} + static void cleanup_db(void) { _cleanup_closedir_ DIR *dir1 = NULL, *dir2 = NULL, *dir3 = NULL, *dir4 = NULL, *dir5 = NULL; @@ -265,11 +321,11 @@ static void cleanup_db(void) { dir2 = opendir("/run/udev/links"); if (dir2) - cleanup_dir(dir2, 0, 2); + cleanup_dirs_after_db_cleanup(dir2, dir1); dir3 = opendir("/run/udev/tags"); if (dir3) - cleanup_dir(dir3, 0, 2); + cleanup_dirs_after_db_cleanup(dir3, dir1); dir4 = opendir("/run/udev/static_node-tags"); if (dir4) @@ -277,7 +333,7 @@ static void cleanup_db(void) { dir5 = opendir("/run/udev/watch"); if (dir5) - cleanup_dir(dir5, 0, 1); + cleanup_dir_after_db_cleanup(dir5, dir1); } static int query_device(QueryType query, sd_device* device) { From 88c8a48dfdc8bba6266b527cad5f441226c71c98 Mon Sep 17 00:00:00 2001 From: YmrDtnJu Date: Fri, 21 Jan 2022 18:21:27 +0100 Subject: [PATCH 126/703] Fix journald audit logging with fields > N_IOVEC_AUDIT_FIELDS. ELEMENTSOF(iovec) is not the correct value for the newly introduced parameter m to function map_all_fields because it is the maximum number of elements in the iovec array, including those reserved for N_IOVEC_META_FIELDS. The correct value is the current number of already used elements in the array plus the maximum number to use for fields decoded from the kernel audit message. (cherry picked from commit df4ec48f45f518b6926e02ef4d77c8ed1a8b4e2c) --- src/journal/journald-audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c index a8e3b175ac4..ea535a27af7 100644 --- a/src/journal/journald-audit.c +++ b/src/journal/journald-audit.c @@ -399,7 +399,7 @@ void process_audit_string(Server *s, int type, const char *data, size_t size) { z = n; - map_all_fields(p, map_fields_kernel, "_AUDIT_FIELD_", true, iovec, &n, ELEMENTSOF(iovec)); + map_all_fields(p, map_fields_kernel, "_AUDIT_FIELD_", true, iovec, &n, n + N_IOVEC_AUDIT_FIELDS); server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, LOG_NOTICE, 0); From a060a16c706f2dd2bf48b325082b9181500e253d Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Sat, 22 Jan 2022 15:02:04 +0100 Subject: [PATCH 127/703] sd-event: workaround maybe-uninitalized warning in sd_event_add_inotify() With LTO, the compiler might think that the variable is uninitialized (from NetworkManager's fork, with gcc-11.2.1-1.fc35): src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c: In function 'sd_event_add_inotify': src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c:2120: error: 's' may be used uninitialized in this function [-Werror=maybe-uninitialized] 2120 | *ret = s; | src/libnm-systemd-core/src/libsystemd/sd-event/sd-event.c:2102: note: 's' was declared here 2102 | sd_event_source *s; | lto1: all warnings being treated as errors In particular, that would happen for codepaths where event_add_inotify_fd_internal() returns `-errno`, and the compiler cannot be sure that the returned value will be negative. Technically, the compiler is right, but we rely on libc functions to set errno correctly, so this only happens in code paths, where something bad already happend. While LTO is prone to such false warnings, we are largely able to build systemd without warnings. So it is feasible and we should make the effort of working around warnings as they appear. (cherry picked from commit 2091c779314133d8a4b68283b255d7388a5ec5ff) --- src/libsystemd/sd-event/sd-event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index dd257eadfe8..82056998bd6 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -2095,7 +2095,7 @@ _public_ int sd_event_add_inotify( sd_event_inotify_handler_t callback, void *userdata) { - sd_event_source *s; + sd_event_source *s = NULL; /* avoid false maybe-uninitialized warning */ int fd, r; assert_return(path, -EINVAL); From a727941affa7821592d503c8a5033c92d615f64c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 21 Jan 2022 13:08:19 +0100 Subject: [PATCH 128/703] core/namespace: allow using ProtectSubset=pid and ProtectHostname=true together If a service requests both ProtectSubset=pid and ProtectHostname=true then it will currently fail to start. The ProcSubset=pid option instructs systemd to mount procfs for the service with subset=pid which hides all entries other than /proc/. Consequently trying to interact with the two files /proc/sys/kernel/{hostname,domainname} covered by ProtectHostname=true will fail. Fix this by only performing this check when ProtectSubset=pid is not requested. Essentially ProtectSubset=pid implies/provides ProtectHostname=true. (cherry picked from commit 1361f015773e3b4d74e382edf1565f3315a3396b) --- src/core/namespace.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core/namespace.c b/src/core/namespace.c index ecbd23833c6..e55e9df702c 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -2157,14 +2157,19 @@ int setup_namespace( goto finish; } + /* Note, if proc is mounted with subset=pid then neither of the + * two paths will exist, i.e. they are implicitly protected by + * the mount option. */ if (ns_info->protect_hostname) { *(m++) = (MountEntry) { .path_const = "/proc/sys/kernel/hostname", .mode = READONLY, + .ignore = ignore_protect_proc, }; *(m++) = (MountEntry) { .path_const = "/proc/sys/kernel/domainname", .mode = READONLY, + .ignore = ignore_protect_proc, }; } From 09936a7ec92c859b3c4c9520ecd49c2909a8b35c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 24 Jan 2022 10:12:57 +0100 Subject: [PATCH 129/703] core/namespace: s/normalize_mounts()/drop_unused_mounts() Rename the normalize_mounts() helper to drop_unused_mounts. All the helpers called in there get rid of mounts that are unused for a variety of reasons. And whereas the helpers are aptly prefixed with "drop" the overall helper isn't and instead uses "normalize". Make it more obvious what the helper actually does by renaming it from normalize_mounts() to drop_unused_mounts(). Readers of code calling this helper will immediately see that it will get rid of unused mounts. Link: https://github.com/systemd/systemd/issues/22206 (cherry picked from commit fbf90c0d5cadc5d1e95485f770f45a7d4cd39daa) --- src/core/namespace.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index e55e9df702c..e2e88b0eb63 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1578,7 +1578,14 @@ static size_t namespace_calculate_mounts( ns_info->private_ipc; /* /dev/mqueue */ } -static void normalize_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { +/* Walk all mount entries and dropping any unused mounts. This affects all + * mounts: + * - that are implicitly protected by a path that has been rendered inaccessible + * - whose immediate parent requests the same protection mode as the mount itself + * - that are outside of the relevant root directory + * - which are duplicates + */ +static void drop_unused_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { assert(root_directory); assert(n_mounts); assert(mounts || *n_mounts == 0); @@ -1684,7 +1691,7 @@ static int apply_mounts( if (!again) break; - normalize_mounts(root, mounts, n_mounts); + drop_unused_mounts(root, mounts, n_mounts); } /* Now that all filesystems have been set up, but before the @@ -2250,7 +2257,7 @@ int setup_namespace( if (r < 0) goto finish; - normalize_mounts(root, mounts, &n_mounts); + drop_unused_mounts(root, mounts, &n_mounts); } /* All above is just preparation, figuring out what to do. Let's now actually start doing something. */ From 5b20a2b19c847b8ad8b354f1b735fbbaf88d2f8f Mon Sep 17 00:00:00 2001 From: Arfrever Frehtes Taifersar Arahesis Date: Thu, 27 Jan 2022 00:00:00 +0000 Subject: [PATCH 130/703] logind.conf: Fix name of option: RuntimeDirectoryInodes -> RuntimeDirectoryInodesMax (cherry picked from commit a42a93830fcc18da073a5ac06f93c386efc9109d) --- src/login/logind.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in index 2d084e134df..926bd6cfe98 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in @@ -39,7 +39,7 @@ #IdleAction=ignore #IdleActionSec=30min #RuntimeDirectorySize=10% -#RuntimeDirectoryInodes=400k +#RuntimeDirectoryInodesMax=400k #RemoveIPC=yes #InhibitorsMax=8192 #SessionsMax=8192 From 530a18d49361ade6d3f09abb78f8f901753a4cda Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 11:53:49 +0900 Subject: [PATCH 131/703] sd-dhcp-server: refuse too large packet to send Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134. (cherry picked from commit 71df50a9734f7006bc1ac8be59ca81c797b39c35) --- src/libsystemd-network/sd-dhcp-server.c | 3 +++ ...z-dhcp-server-relay-message-4972399731277824 | Bin 0 -> 65508 bytes 2 files changed, 3 insertions(+) create mode 100644 test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index ea98060ea20..d1a0bbd0b79 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -311,6 +311,9 @@ static int dhcp_server_send_unicast_raw(sd_dhcp_server *server, memcpy(&link.ll.sll_addr, &packet->dhcp.chaddr, ETH_ALEN); + if (len > UINT16_MAX) + return -EOVERFLOW; + dhcp_packet_append_ip_headers(packet, server->address, DHCP_PORT_SERVER, packet->dhcp.yiaddr, DHCP_PORT_CLIENT, len, -1); diff --git a/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 b/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 new file mode 100644 index 0000000000000000000000000000000000000000..e902b6989b419428fa0114c973b148fbe583c871 GIT binary patch literal 65508 zcmeHQO^Xyq7_QnGHe|g?!~_DVcn}G3nRRFO0}pY$Wa3jnmhk?a_5|05v50Z;< z1A(xFv7AqGrXhzLPhg%F5=s4Qd=bvy4)*Yw9z zZ$0%^b-mR?(XdwPvQk6J$<0WqDAFTJX*r;pPQLo0xf(^0?8x@Xn?A1uE5-~N`~Nl~ zhtGuH?fz))UzyNS`-2uF0t}NYi=vLRRHC7)k&K;Yz z5Ai&kd6AE?nV$zJxnc|PGo`*nj-Oq&D@#{5M^dG4&m4&|K2!Qgx7vgvHRjv;6O>OP zUKu6u`sm=g5t$Yx617$MQ9b$PF0TP{AgERfP$atKe_n^KxF=V`K1)576{ilF@5puC zUqzev0zUJ7f5_^t62;#O#n6SqfJ487Kt2DI6?y7t&sLu%Kf`1BR?lRv#!%W7m|djw+iBtgIV@ zAghzr$?9bFfkJ?+PFC-L09l=^K2V%STb-=lfzxQKlhw)U-Lm@RWM#ZMFDmP5j=b>cA*6fKJ?Xv!0;GG=eYbQk6IRLUFCGE1dIwJH&WJxyn-G1L zQ`uROo&^dv!<8lsm3>o`eSdXoY`ivhU}}1@HZ@V1tWH(NsQraUfZD$)+TV*SgLmmz zPWczf+ui-vuVF>X!?_nVTm6fgdlI({>;CfAWAD!q9ezz*As)zMDD~dRD=Ly*^>?%R z{-LHl$HCyE^mLtD$gQU-pOE_Ku0NfF(ti!yTI^EtuK0vtKEIs*mb7GdmX&!Gll-qb z=a1hlH4zJZ0mhD*s=k45zdAa)pU+=wyrx=I2(?RT2P0ya5}$cf2HUM zIQk;1iv>bf&qe^8MxVsM>|}Madf^cutE0Mt)5+>N2mm0mI#7U+)eFyQ9DyOL+p0=d z&qn|N^@r6*v=;r74VTLC^{}^qOXXzZMOOE)a9o|XdL9D(V|5{PxAGrZJ(Hd~C6d)M z5hAOT)oH7DK!B_c1cGn`Mi>2EAz3}e>Vvc%Y3jC@_2+c}2afE^5MKv-4>)j?i5a^XWOcH72L#CKKp+Thbb{A0EgKv1qzUU8ZcwNHg+4ZTbhZ~w(6F?bSnnn zv!2P~1iwm^Ge(Np&Z3pAEEAQ;hQIGb0|s11RtE}@ezJNdN3}^Lt7n3akK#)jbr+{1?PH2gbp|IWU|9sOPFA;l4cnFFqGXu}03dct z1Fw_S$?AnifUHhd?|=XflhuI&gsfh8PNS_(R<~7^wt7AS0Eny(6d+`EvU=eWAgkM| zn$KyR7yy9C>OcWPRxdoK^<=AGR`1{&YgUG3x~)-IQpta&OG|QdxBC!Eqk%m3LnvC? zU(6ywWX1*fxYzBYC#EmnJ$3qc$xqW#^7Rxsi@ejfQ+e&lwLPuO>bP|N_wpOR``O= zqMO=~2sB@?6&(RzdpT`FI5hM163shM8qK>v>|}Madf^cutE0M#ZM>~ny%#$@FRwAu zk8l%d#fw5bDWdCer#O6O$y`~w=Xy5PwQG&lhl_K^W&;VX4@Kj8>Q%AdupUF7!WO3R z{JOcS4!g6@%MIo#TkCDp9e8L`-YMu$3$_ zaOZxQvn`eOK-`d<+VS|`eLFJbpiRT4lOy?4>V_X!)LM2vw5OIxEY^)t?!n%Hcv>f`=W!aRkE7ml1O_NT$m&Aef`c80 zvxtz@3x@z%-B#6jpg2srvbbRK7g-$uk=20$gse_hFFXQdbz4=*>iGx&AhJ48fRNP- z&uJWiA*SXo8BS2QSRh6vXf&iBy%Ui|(>7aHi!9A00o^9~h z<{8Bgix(dOws~yxIv{|T1^a9R8WiUMptohP;6HhCB$y_Nj3%X4rt414eRIEidqLx#7$K}Yv%4A%QOlz5w ms+1UNDFta4jrEG`)UNv3W$G~9mo9->FvVI#b}H<0Wd8%4hT`V{ literal 0 HcmV?d00001 From 9f596964f6e403b089450dc083724b48fb4b4bb1 Mon Sep 17 00:00:00 2001 From: Donald Chan Date: Fri, 28 Jan 2022 22:53:46 +0000 Subject: [PATCH 132/703] basic: mac_[selinux,smack]_apply_fd does not work when applying labels Commit a7fdc6c introduced a regression where file descriptors are opened using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail with a -EBADF (Bad file descriptor) error. Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and call setxattr() or setfilecon() instead. Signed-off-by: Donald Chan (cherry picked from commit a718364e9d9242cc2111c9860f2ab5bb9bb26db9) --- src/shared/selinux-util.c | 2 +- src/shared/smack-util.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c index a1359a5bfd3..67ea8581422 100644 --- a/src/shared/selinux-util.c +++ b/src/shared/selinux-util.c @@ -346,7 +346,7 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) { assert(label); - if (fsetfilecon(fd, label) < 0) + if (setfilecon(FORMAT_PROC_FD_PATH(fd), label) < 0) return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path)); #endif return 0; diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index b8434b068ca..0df1778cb2d 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -95,9 +95,9 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { return 0; if (label) - r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0); + r = setxattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr), label, strlen(label), 0); else - r = fremovexattr(fd, smack_attr_to_string(attr)); + r = removexattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr)); if (r < 0) return -errno; From 426807c54b9500b806eaaf50d32c7c936510706c Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 29 Jan 2022 02:08:39 +0000 Subject: [PATCH 133/703] sd-dhcp-lease: fix an infinite loop found by the fuzzer (cherry picked from commit 86b06c666be8b7afb45541d35aa4d0ecb38056d1) --- src/libsystemd-network/sd-dhcp-lease.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index ab131701fbc..bc6591a39b1 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -492,10 +492,8 @@ static int lease_parse_routes( route->option = SD_DHCP_OPTION_STATIC_ROUTE; r = in4_addr_default_prefixlen((struct in_addr*) option, &route->dst_prefixlen); - if (r < 0) { - log_debug("Failed to determine destination prefix length from class based IP, ignoring"); - continue; - } + if (r < 0) + return -EINVAL; assert_se(lease_parse_be32(option, 4, &addr.s_addr) >= 0); route->dst_addr = inet_makeaddr(inet_netof(addr), 0); From ba335f6f40b58ea4050471a5051ceacfbff71f08 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 29 Jan 2022 03:18:31 +0000 Subject: [PATCH 134/703] tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains (cherry picked from commit 998ec39b1d20a40453a3b47f7eb68feacefd65d9) --- ...-from-555a2b073b8d208655b68c294f8dfd592a11e50a | Bin 0 -> 243 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a diff --git a/test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a b/test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a new file mode 100644 index 0000000000000000000000000000000000000000..87345bf0ecc3709922b94da7b66176cdeb858b33 GIT binary patch literal 243 zcmZQ%VE7LN3?T3sOffPt*fTH~+cJU02ojbI7Z^+!m6?oL7??oBDWDFh7!nhQF{X^= y<&3CuP@y+WOqPt6ObiaXjJ8aS%*KpH3}y_Lj0_OfOsNbOVB6qU;&1{sX8{150U3G# literal 0 HcmV?d00001 From 7dc0f80588f371a62a56a75bf27eab2c515becf3 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 29 Jan 2022 03:16:40 +0000 Subject: [PATCH 135/703] sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains ================================================================= ==81071==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x51245c in __interceptor_reallocarray (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51245c) #1 0x7f01440c67e6 in strv_push /home/vagrant/systemd/build/../src/basic/strv.c:435:13 #2 0x7f01440ca9e1 in strv_consume /home/vagrant/systemd/build/../src/basic/strv.c:506:13 #3 0x7f01440ca9e1 in strv_extend /home/vagrant/systemd/build/../src/basic/strv.c:558:16 #4 0x5806e3 in dhcp_lease_parse_search_domains /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:900:21 #5 0x57c1be in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:727:21 #6 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33 #7 0x571c6a in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:376:13 #8 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13 #9 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:74:16 #10 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379) #11 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f) #12 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade) #13 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86) #14 0x7f0142fff55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) (cherry picked from commit 9591c0a8b3496d0e5cbbfe7c75161ba80089c143) --- src/libsystemd-network/sd-dhcp-lease.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index bc6591a39b1..5a40eb94d32 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -905,7 +905,7 @@ int dhcp_lease_parse_search_domains(const uint8_t *option, size_t len, char ***d pos = next_chunk; } - *domains = TAKE_PTR(names); + strv_free_and_replace(*domains, names); return cnt; } From e697fa60073f4359e4062a7c6b0b9f5b0edc73f9 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Sun, 30 Jan 2022 23:40:05 +0100 Subject: [PATCH 136/703] basic: update CIFS magic Kernel commit dea2903719283c156b53741126228c4a1b40440f exposed (and renamed) CIFS_MAGIC_NUMBER as CIFS_SUPER_MAGIC along with SMB2_SUPER_MAGIC. This fixes the following build fail on current Fedora Rawhide: ``` ../src/basic/meson.build:389:8: ERROR: Problem encountered: found unknown filesystem(s) defined in kernel headers: Filesystem found in kernel header but not in filesystems-gperf.gperf: CIFS_SUPER_MAGIC Filesystem found in kernel header but not in filesystems-gperf.gperf: SMB2_SUPER_MAGIC ``` (cherry picked from commit bbe53713455be38c0a587626439fd171f28c77fc) --- src/basic/filesystems-gperf.gperf | 4 ++-- src/basic/missing_magic.h | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/basic/filesystems-gperf.gperf b/src/basic/filesystems-gperf.gperf index 08c8c445105..e8c5357f914 100644 --- a/src/basic/filesystems-gperf.gperf +++ b/src/basic/filesystems-gperf.gperf @@ -40,7 +40,7 @@ ceph, {CEPH_SUPER_MAGIC} cgroup2, {CGROUP2_SUPER_MAGIC} # note that the cgroupfs magic got reassigned from cpuset cgroup, {CGROUP_SUPER_MAGIC} -cifs, {CIFS_MAGIC_NUMBER} +cifs, {CIFS_SUPER_MAGIC, SMB2_SUPER_MAGIC} coda, {CODA_SUPER_MAGIC} configfs, {CONFIGFS_MAGIC} cramfs, {CRAMFS_MAGIC} @@ -109,7 +109,7 @@ selinuxfs, {SELINUX_MAGIC} shiftfs, {SHIFTFS_MAGIC} smackfs, {SMACK_MAGIC} # smb3 is an alias for cifs -smb3, {CIFS_MAGIC_NUMBER} +smb3, {CIFS_SUPER_MAGIC} # smbfs was removed from the kernel in 2010, the magic remains smbfs, {SMB_SUPER_MAGIC} sockfs, {SOCKFS_MAGIC} diff --git a/src/basic/missing_magic.h b/src/basic/missing_magic.h index 7d9320bb6dc..c104fcfba31 100644 --- a/src/basic/missing_magic.h +++ b/src/basic/missing_magic.h @@ -38,9 +38,14 @@ #define XFS_SB_MAGIC 0x58465342 #endif -/* Not exposed yet. Defined at fs/cifs/cifsglob.h */ -#ifndef CIFS_MAGIC_NUMBER -#define CIFS_MAGIC_NUMBER 0xFF534D42 +/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ +#ifndef CIFS_SUPER_MAGIC +#define CIFS_SUPER_MAGIC 0xFF534D42 +#endif + +/* dea2903719283c156b53741126228c4a1b40440f (5.17) */ +#ifndef SMB2_SUPER_MAGIC +#define SMB2_SUPER_MAGIC 0xFE534D42 #endif /* 257f871993474e2bde6c497b54022c362cf398e1 (4.5) */ From ae8bc570a81e1286eb5b59a77ef179a500b95f9d Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 28 Jan 2022 22:56:10 +0000 Subject: [PATCH 137/703] core: don't fail on EEXIST when creating mount point systemd[1016]: Failed to mount /tmp/app1 (type n/a) on /run/systemd/unit-extensions/1 (MS_BIND ): No such file or directory systemd[1016]: Failed to create destination mount point node '/run/systemd/unit-extensions/1': File exists (cherry picked from commit 9d6d4c305ab8d65aab7f546450d7331f760b7259) --- src/core/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index e2e88b0eb63..77f16f96bd1 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1380,7 +1380,7 @@ static int apply_one_mount( (void) mkdir_parents(mount_entry_path(m), 0755); q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755); - if (q < 0) + if (q < 0 && q != -EEXIST) log_error_errno(q, "Failed to create destination mount point node '%s': %m", mount_entry_path(m)); else From 47da2d8e2984786bf306de234313cc2774741353 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 28 Jan 2022 15:40:09 +0000 Subject: [PATCH 138/703] boot: Don't require a machine ID to be available Regression introduced in https://github.com/systemd/systemd/pull/21807. Fixes #22224 (cherry picked from commit 17e2e8073f3d387035595fcf6c3aa27acb24e2dc) --- src/boot/bootctl.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index 1bcb4d16899..edc9ef4be96 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -141,7 +141,7 @@ static int load_install_machine_id_and_layout(void) { if (isempty(s)) { r = sd_id128_get_machine(&arg_machine_id); - if (r < 0) + if (r < 0 && !IN_SET(r, -ENOENT, -ENOMEDIUM)) return log_error_errno(r, "Failed to get machine-id: %m"); } else { r = sd_id128_from_string(s, &arg_machine_id); @@ -170,7 +170,7 @@ static int settle_install_machine_id(void) { bool layout_non_bls = arg_install_layout && !streq(arg_install_layout, "bls"); if (arg_make_machine_id_directory < 0) { - if (layout_non_bls) + if (layout_non_bls || sd_id128_is_null(arg_machine_id)) arg_make_machine_id_directory = 0; else { r = path_is_temporary_fs("/etc/machine-id"); @@ -180,6 +180,10 @@ static int settle_install_machine_id(void) { } } + if (arg_make_machine_id_directory > 0 && sd_id128_is_null(arg_machine_id)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Machine ID not found, but bls directory creation was requested."); + if (arg_make_machine_id_directory > 0 && layout_non_bls) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "KERNEL_INSTALL_LAYOUT=%s is configured, but bls directory creation was requested.", @@ -982,9 +986,8 @@ static int remove_subdirs(const char *root, const char *const *subdirs) { static int remove_machine_id_directory(const char *root) { assert(root); assert(arg_make_machine_id_directory >= 0); - assert(!sd_id128_is_null(arg_machine_id)); - if (!arg_make_machine_id_directory) + if (!arg_make_machine_id_directory || sd_id128_is_null(arg_machine_id)) return 0; return rmdir_one(root, SD_ID128_TO_STRING(arg_machine_id)); From b9e144629bdb7c3d4535fb0a0ad8639140a25034 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 30 Jan 2022 05:36:56 +0900 Subject: [PATCH 139/703] bus-util: retrieve bus error from message The error in argument is not input, but used for output. (cherry picked from commit 853b94863cf26d084454edd63ce987cc7ab0505a) --- src/shared/bus-wait-for-units.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/shared/bus-wait-for-units.c b/src/shared/bus-wait-for-units.c index 29620e0d1b3..c867f1cbfd0 100644 --- a/src/shared/bus-wait-for-units.c +++ b/src/shared/bus-wait-for-units.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "bus-error.h" #include "bus-map-properties.h" #include "bus-wait-for-units.h" #include "hashmap.h" @@ -288,19 +289,22 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error return 0; } -static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *error) { +static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { WaitForItem *item = userdata; + const sd_bus_error *e; int r; assert(item); - if (sd_bus_error_is_set(error)) { + e = sd_bus_message_get_error(m); + if (e) { BusWaitForUnits *d = item->parent; d->has_failed = true; - log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s", - item->bus_path, error->message); + r = sd_bus_error_get_errno(e); + log_debug_errno(r, "GetAll() failed for %s: %s", + item->bus_path, bus_error_message(e, r)); call_unit_callback_and_wait(d, item, false); bus_wait_for_units_check_ready(d); From 81e59411161078f4f90d80e2e111755adc16db33 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 30 Jan 2022 05:38:01 +0900 Subject: [PATCH 140/703] core/unit: use bus_error_message() at one more place (cherry picked from commit 33322185554799b08e94aca036dd109aaee52408) --- src/core/unit.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c index b1f1f5c82cf..af6cf097fcc 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3441,8 +3441,12 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu e = sd_bus_message_get_error(message); if (e) { - if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) - log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); + if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) { + r = sd_bus_error_get_errno(e); + log_unit_error_errno(u, r, + "Unexpected error response from GetNameOwner(): %s", + bus_error_message(e, r)); + } new_owner = NULL; } else { From 048487c094a149e99b4067c8cd2d3974a8f17397 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 30 Jan 2022 05:38:35 +0900 Subject: [PATCH 141/703] login: use bus_error_message() at one more place (cherry picked from commit 80c8c786a314bceba180fac5506e72aa48c0764a) --- src/login/logind-user.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 6d250be321a..6d61b55c2b0 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -359,15 +359,19 @@ static void user_start_service(User *u) { static int update_slice_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { _cleanup_(user_record_unrefp) UserRecord *ur = userdata; + const sd_bus_error *e; + int r; assert(m); assert(ur); - if (sd_bus_message_is_method_error(m, NULL)) { - log_warning_errno(sd_bus_message_get_errno(m), + e = sd_bus_message_get_error(m); + if (e) { + r = sd_bus_error_get_errno(e); + log_warning_errno(r, "Failed to update slice of %s, ignoring: %s", ur->user_name, - sd_bus_message_get_error(m)->message); + bus_error_message(e, r)); return 0; } From 9c560d201527ee064ae11784d6538ae544926181 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 1 Feb 2022 12:37:51 +0100 Subject: [PATCH 142/703] pid1: pass PAM_DATA_SILENT to pam_end() in child Fixes: #22318 (cherry picked from commit 7feb2b5737ad110eb3985e8e9d8189f18d1c5147) --- src/core/execute.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index 16f346f3396..94225c4cce2 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1342,7 +1342,9 @@ static int setup_pam( ret = 0; child_finish: - pam_end(handle, pam_code | flags); + /* NB: pam_end() when called in child processes should set PAM_DATA_SILENT to let the module + * know about this. See pam_end(3) */ + (void) pam_end(handle, pam_code | flags | PAM_DATA_SILENT); _exit(ret); } @@ -1377,7 +1379,7 @@ static int setup_pam( if (close_session) pam_code = pam_close_session(handle, flags); - pam_end(handle, pam_code | flags); + (void) pam_end(handle, pam_code | flags); } strv_free(e); From 9b2954b79435eaf54be208acdce8026b83bdc249 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 1 Feb 2022 13:49:56 +0100 Subject: [PATCH 143/703] execute: use _cleanup_ logic where appropriate (cherry picked from commit 46e5bbab5895b7137b03453dee08bd1c89c710e9) --- src/core/execute.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index 94225c4cce2..aefae6b7c55 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1182,10 +1182,11 @@ static int setup_pam( }; _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; + _cleanup_strv_free_ char **e = NULL; pam_handle_t *handle = NULL; sigset_t old_ss; int pam_code = PAM_SUCCESS, r; - char **nv, **e = NULL; + char **nv; bool close_session = false; pid_t pam_pid = 0, parent_pid; int flags = 0; @@ -1382,9 +1383,7 @@ static int setup_pam( (void) pam_end(handle, pam_code | flags); } - strv_free(e); closelog(); - return r; #else return 0; From 14567dc93d5c498bfaadd28478f59952f6da320c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 1 Feb 2022 13:50:13 +0100 Subject: [PATCH 144/703] execute: line break comments a bit less aggressively (cherry picked from commit cafc5ca147cb05b90bd731661d8594c299601f79) --- src/core/execute.c | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index aefae6b7c55..0660094aa97 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1257,8 +1257,7 @@ static int setup_pam( goto fail; } - /* Block SIGTERM, so that we know that it won't get lost in - * the child */ + /* Block SIGTERM, so that we know that it won't get lost in the child */ assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0); @@ -1270,18 +1269,16 @@ static int setup_pam( if (r == 0) { int sig, ret = EXIT_PAM; - /* The child's job is to reset the PAM session on - * termination */ + /* The child's job is to reset the PAM session on termination */ barrier_set_role(&barrier, BARRIER_CHILD); /* Make sure we don't keep open the passed fds in this child. We assume that otherwise only * those fds are open here that have been opened by PAM. */ (void) close_many(fds, n_fds); - /* Drop privileges - we don't need any to pam_close_session - * and this will make PR_SET_PDEATHSIG work in most cases. - * If this fails, ignore the error - but expect sd-pam threads - * to fail to exit normally */ + /* Drop privileges - we don't need any to pam_close_session and this will make + * PR_SET_PDEATHSIG work in most cases. If this fails, ignore the error - but expect sd-pam + * threads to fail to exit normally */ r = maybe_setgroups(0, NULL); if (r < 0) @@ -1293,20 +1290,16 @@ static int setup_pam( (void) ignore_signals(SIGPIPE); - /* Wait until our parent died. This will only work if - * the above setresuid() succeeds, otherwise the kernel - * will not allow unprivileged parents kill their privileged - * children this way. We rely on the control groups kill logic - * to do the rest for us. */ + /* Wait until our parent died. This will only work if the above setresuid() succeeds, + * otherwise the kernel will not allow unprivileged parents kill their privileged children + * this way. We rely on the control groups kill logic to do the rest for us. */ if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) goto child_finish; - /* Tell the parent that our setup is done. This is especially - * important regarding dropping privileges. Otherwise, unit - * setup might race against our setresuid(2) call. + /* Tell the parent that our setup is done. This is especially important regarding dropping + * privileges. Otherwise, unit setup might race against our setresuid(2) call. * - * If the parent aborted, we'll detect this below, hence ignore - * return failure here. */ + * If the parent aborted, we'll detect this below, hence ignore return failure here. */ (void) barrier_place(&barrier); /* Check if our parent process might already have died? */ @@ -1351,19 +1344,19 @@ static int setup_pam( barrier_set_role(&barrier, BARRIER_PARENT); - /* If the child was forked off successfully it will do all the - * cleanups, so forget about the handle here. */ + /* If the child was forked off successfully it will do all the cleanups, so forget about the handle + * here. */ handle = NULL; /* Unblock SIGTERM again in the parent */ assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0); - /* We close the log explicitly here, since the PAM modules - * might have opened it, but we don't want this fd around. */ + /* We close the log explicitly here, since the PAM modules might have opened it, but we don't want + * this fd around. */ closelog(); - /* Synchronously wait for the child to initialize. We don't care for - * errors as we cannot recover. However, warn loudly if it happens. */ + /* Synchronously wait for the child to initialize. We don't care for errors as we cannot + * recover. However, warn loudly if it happens. */ if (!barrier_place_and_sync(&barrier)) log_error("PAM initialization failed"); From c4357f31da66b1917d3612d02c28adb300d4b0c6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 1 Feb 2022 13:50:28 +0100 Subject: [PATCH 145/703] execute: document that the 'env' param is input *and* output (cherry picked from commit 421bb42d1b366c00392ef5bbab6a67412295b6dc) --- src/core/execute.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/execute.c b/src/core/execute.c index 0660094aa97..ee455e5dbb4 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1171,7 +1171,7 @@ static int setup_pam( uid_t uid, gid_t gid, const char *tty, - char ***env, + char ***env, /* updated on success */ const int fds[], size_t n_fds) { #if HAVE_PAM From 1ef56ad928df3a8fb45b9dcdf3950035a6f699b7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 1 Feb 2022 13:00:51 +0900 Subject: [PATCH 146/703] network: xfrm: refuse zero interface ID Since kernel 5.17-rc1, 5.16.3, and 5.15.17 (more specifically, https://github.com/torvalds/linux/commit/8dce43919566f06e865f7e8949f5c10d8c2493f5) the kernel refuses to create an xfrm interface with zero ID. (cherry picked from commit fd11005951920a0cee96f0c56f36d9ff8bc66a41) --- man/systemd.netdev.xml | 2 +- src/network/netdev/xfrm.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index f49f3e84217..04c00beb28a 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1985,7 +1985,7 @@ InterfaceId= Sets the ID/key of the xfrm interface which needs to be associated with a SA/policy. - Can be decimal or hexadecimal, valid range is 0-0xffffffff, defaults to 0. + Can be decimal or hexadecimal, valid range is 1-0xffffffff. This is mandatory. diff --git a/src/network/netdev/xfrm.c b/src/network/netdev/xfrm.c index 4b7e73b37a7..ef5e735b2ba 100644 --- a/src/network/netdev/xfrm.c +++ b/src/network/netdev/xfrm.c @@ -14,6 +14,7 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa x = XFRM(netdev); + assert(x); assert(link || x->independent); r = sd_netlink_message_append_u32(message, IFLA_XFRM_LINK, link ? link->ifindex : LOOPBACK_IFINDEX); @@ -27,10 +28,28 @@ static int xfrm_fill_message_create(NetDev *netdev, Link *link, sd_netlink_messa return 0; } +static int xfrm_verify(NetDev *netdev, const char *filename) { + Xfrm *x; + + assert(netdev); + assert(filename); + + x = XFRM(netdev); + + assert(x); + + if (x->if_id == 0) + return log_netdev_warning_errno(netdev, SYNTHETIC_ERRNO(EINVAL), + "%s: Xfrm interface ID cannot be zero.", filename); + + return 0; +} + const NetDevVTable xfrm_vtable = { .object_size = sizeof(Xfrm), .sections = NETDEV_COMMON_SECTIONS "Xfrm\0", .fill_message_create = xfrm_fill_message_create, + .config_verify = xfrm_verify, .create_type = NETDEV_CREATE_STACKED, .iftype = ARPHRD_NONE, }; From a5fc827b3a775f8553c95381ed49649beb86c5ea Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 1 Feb 2022 13:26:40 +0900 Subject: [PATCH 147/703] test-network: set xfrm interface ID This also unifies two tests for xfrm, and checks the output of 'ip link' command. Fixes #22329. (cherry picked from commit 020483b248b45b15eb93d2ae322d7f211c61e44d) --- .../conf/25-xfrm-independent.netdev | 1 + test/test-network/conf/25-xfrm.netdev | 5 ++++- .../netdev-link-local-addressing-yes.network | 2 +- test/test-network/conf/xfrm.network | 2 +- test/test-network/systemd-networkd-tests.py | 20 ++++++++++--------- 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/test/test-network/conf/25-xfrm-independent.netdev b/test/test-network/conf/25-xfrm-independent.netdev index b2378849d16..b54c659d833 100644 --- a/test/test-network/conf/25-xfrm-independent.netdev +++ b/test/test-network/conf/25-xfrm-independent.netdev @@ -4,4 +4,5 @@ Kind=xfrm Name=xfrm99 [Xfrm] +InterfaceId=0x99 Independent=yes diff --git a/test/test-network/conf/25-xfrm.netdev b/test/test-network/conf/25-xfrm.netdev index 353bfb70037..8e1d5c81221 100644 --- a/test/test-network/conf/25-xfrm.netdev +++ b/test/test-network/conf/25-xfrm.netdev @@ -1,4 +1,7 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [NetDev] Kind=xfrm -Name=xfrm99 +Name=xfrm98 + +[Xfrm] +InterfaceId=0x98 diff --git a/test/test-network/conf/netdev-link-local-addressing-yes.network b/test/test-network/conf/netdev-link-local-addressing-yes.network index 0cc9cfa96b0..ea1811bbfdd 100644 --- a/test/test-network/conf/netdev-link-local-addressing-yes.network +++ b/test/test-network/conf/netdev-link-local-addressing-yes.network @@ -18,7 +18,7 @@ Name=geneve99 Name=ifb99 Name=ipiptun99 Name=nlmon99 -Name=xfrm99 +Name=xfrm98 xfrm99 Name=vxlan98 Name=hogehogehogehogehogehoge diff --git a/test/test-network/conf/xfrm.network b/test/test-network/conf/xfrm.network index c8526017335..19f22146f8a 100644 --- a/test/test-network/conf/xfrm.network +++ b/test/test-network/conf/xfrm.network @@ -4,4 +4,4 @@ Name=dummy98 [Network] IPv6AcceptRA=no -Xfrm=xfrm99 +Xfrm=xfrm98 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index cc450aeb961..af9a49b6383 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -871,6 +871,7 @@ def test_delete_links(self): class NetworkdNetDevTests(unittest.TestCase, Utilities): links_remove_earlier = [ + 'xfrm98', 'xfrm99', ] @@ -1759,20 +1760,21 @@ def test_tunnel_independent_loopback(self): @expectedFailureIfModuleIsNotAvailable('xfrm_interface') def test_xfrm(self): copy_unit_to_networkd_unit_path('12-dummy.netdev', 'xfrm.network', - '25-xfrm.netdev', 'netdev-link-local-addressing-yes.network') + '25-xfrm.netdev', '25-xfrm-independent.netdev', + 'netdev-link-local-addressing-yes.network') start_networkd() - self.wait_online(['xfrm99:degraded', 'dummy98:degraded']) + self.wait_online(['dummy98:degraded', 'xfrm98:degraded', 'xfrm99:degraded']) - output = check_output('ip link show dev xfrm99') + output = check_output('ip -d link show dev xfrm98') print(output) + self.assertIn('xfrm98@dummy98:', output) + self.assertIn('xfrm if_id 0x98 ', output) - @expectedFailureIfModuleIsNotAvailable('xfrm_interface') - def test_xfrm_independent(self): - copy_unit_to_networkd_unit_path('25-xfrm-independent.netdev', 'netdev-link-local-addressing-yes.network') - start_networkd() - - self.wait_online(['xfrm99:degraded']) + output = check_output('ip -d link show dev xfrm99') + print(output) + self.assertIn('xfrm99@lo:', output) + self.assertIn('xfrm if_id 0x99 ', output) @expectedFailureIfModuleIsNotAvailable('fou') def test_fou(self): From 2b04d3b3fcc0ae9a6c9c2165222206248e8e1754 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 31 Jan 2022 05:04:52 +0900 Subject: [PATCH 148/703] sd-dhcp-lease: fix reading unaligned memory The destination address was read twice, one is for prefixlen, and other is for destination address itself. And for prefixlen, the address might be read from unaligned buffer. This also modernizes the code. (cherry picked from commit 7b868543072bb9073174a4ae46032fdb6eb24c92) --- src/libsystemd-network/sd-dhcp-lease.c | 45 +++++++++++++++----------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index 5a40eb94d32..fd5701b1189 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -468,41 +468,48 @@ static int lease_parse_sip_server(const uint8_t *option, size_t len, struct in_a } static int lease_parse_routes( - const uint8_t *option, size_t len, - struct sd_dhcp_route **routes, size_t *routes_size) { + const uint8_t *option, + size_t len, + struct sd_dhcp_route **routes, + size_t *routes_size) { - struct in_addr addr; + int r; assert(option || len <= 0); assert(routes); assert(routes_size); - if (len <= 0) - return 0; - if (len % 8 != 0) return -EINVAL; - if (!GREEDY_REALLOC(*routes, *routes_size + (len / 8))) - return -ENOMEM; - while (len >= 8) { - struct sd_dhcp_route *route = *routes + *routes_size; - int r; - - route->option = SD_DHCP_OPTION_STATIC_ROUTE; - r = in4_addr_default_prefixlen((struct in_addr*) option, &route->dst_prefixlen); - if (r < 0) - return -EINVAL; + struct in_addr dst, gw; + uint8_t prefixlen; - assert_se(lease_parse_be32(option, 4, &addr.s_addr) >= 0); - route->dst_addr = inet_makeaddr(inet_netof(addr), 0); + assert_se(lease_parse_be32(option, 4, &dst.s_addr) >= 0); option += 4; - assert_se(lease_parse_be32(option, 4, &route->gw_addr.s_addr) >= 0); + assert_se(lease_parse_be32(option, 4, &gw.s_addr) >= 0); option += 4; len -= 8; + + r = in4_addr_default_prefixlen(&dst, &prefixlen); + if (r < 0) + return -EINVAL; + + (void) in4_addr_mask(&dst, prefixlen); + + if (!GREEDY_REALLOC(*routes, *routes_size + 1)) + return -ENOMEM; + + (*routes)[*routes_size] = (struct sd_dhcp_route) { + .dst_addr = dst, + .gw_addr = gw, + .dst_prefixlen = prefixlen, + .option = SD_DHCP_OPTION_STATIC_ROUTE, + }; + (*routes_size)++; } From ae95ca27bee2bef5bf53002873a254f1a0fe8b81 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 31 Jan 2022 05:19:09 +0900 Subject: [PATCH 149/703] sd-dhcp-lease: fix memleak Fixes https://github.com/systemd/systemd/pull/22294#issuecomment-1024840811. (cherry picked from commit 06cf04dff4dd6c69e527913ad137616c23861270) --- src/libsystemd-network/sd-dhcp-lease.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index fd5701b1189..b87af047365 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -1121,6 +1121,18 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { return 0; } +static char **private_options_free(char **options) { + if (!options) + return NULL; + + for (unsigned i = 0; i < SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1; i++) + free(options[i]); + + return mfree(options); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(char**, private_options_free); + int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { _cleanup_(sd_dhcp_lease_unrefp) sd_dhcp_lease *lease = NULL; _cleanup_free_ char @@ -1143,8 +1155,8 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { *vendor_specific_hex = NULL, *lifetime = NULL, *t1 = NULL, - *t2 = NULL, - *options[SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1] = {}; + *t2 = NULL; + _cleanup_(private_options_freep) char **options = NULL; int r, i; @@ -1155,6 +1167,10 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { if (r < 0) return r; + options = new0(char*, SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1); + if (!options) + return -ENOMEM; + r = parse_env_file(NULL, lease_file, "ADDRESS", &address, "ROUTER", &router, From 9793254248a51bd2d19399bacb314e541cf2a4a0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 1 Feb 2022 18:11:04 +0100 Subject: [PATCH 150/703] units: we need systemd-journald.service from systemd-journal-flush.service This is a follow-up for d5ee050ffc9d413253932d9340ade8c8fb111092, and reintroduces a requirement dep from systemd-journal-flush.service onto systemd-journald.service, but a weaker one than originally: a Wants= one instead of a Requires= one. Why? Simply because the service issues an IPC call to the journald, hence it should pull it in. (Note that socket activation doesn't happen for the Varlink socket it uses, hence we should pull in the service itself.) (cherry picked from commit 23b1e8d087c9e8c5a2cdcc6a91510a4e7ca8f72f) --- units/systemd-journal-flush.service | 1 + 1 file changed, 1 insertion(+) diff --git a/units/systemd-journal-flush.service b/units/systemd-journal-flush.service index 6efb8734a77..5d0b811ae39 100644 --- a/units/systemd-journal-flush.service +++ b/units/systemd-journal-flush.service @@ -11,6 +11,7 @@ Description=Flush Journal to Persistent Storage Documentation=man:systemd-journald.service(8) man:journald.conf(5) DefaultDependencies=no +Wants=systemd-journald.service After=systemd-journald.service systemd-remount-fs.service Before=systemd-tmpfiles-setup.service RequiresMountsFor=/var/log/journal From 1d7e0b68048ba0760f8fdf6a26c7a5017ac38569 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 2 Feb 2022 14:05:45 +0900 Subject: [PATCH 151/703] core/mount: fail early if directory cannot be created Prompted by #22334. (cherry picked from commit e4de58c8231e47509ffeb3aa47620ca42f22d7f6) --- src/core/mount.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/mount.c b/src/core/mount.c index 0170406351a..c650b5abe2f 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -1027,8 +1027,10 @@ static void mount_enter_mounting(Mount *m) { r = mkdir_p_label(p->what, m->directory_mode); /* mkdir_p_label() can return -EEXIST if the target path exists and is not a directory - which is * totally OK, in case the user wants us to overmount a non-directory inode. */ - if (r < 0 && r != -EEXIST) + if (r < 0 && r != -EEXIST) { log_unit_error_errno(UNIT(m), r, "Failed to make bind mount source '%s': %m", p->what); + goto fail; + } } if (p) { From 5e672ed8fcc90d4d7b18c99b70df548f336df8ca Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 2 Feb 2022 15:06:27 +0900 Subject: [PATCH 152/703] mkdir: CHASE_NONEXISTENT cannot used in chase_symlinks_and_stat() (cherry picked from commit e22916e61d1fdb7b46918b605ebf783d9017f9d8) --- src/basic/mkdir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 6e2b94d024e..71ed24c5896 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -42,7 +42,7 @@ int mkdir_safe_internal( if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) { _cleanup_free_ char *p = NULL; - r = chase_symlinks_and_stat(path, NULL, CHASE_NONEXISTENT, &p, &st, NULL); + r = chase_symlinks_and_stat(path, NULL, 0, &p, &st, NULL); if (r < 0) return r; if (r == 0) From df59c65a23fe3fb123fab4edf6114d64057bbe5c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 2 Feb 2022 14:20:48 +0900 Subject: [PATCH 153/703] mkdir: allow to create directory whose path contains symlink Fixes a regression caused by 3008a6f21c1c42efe852d69798a2fdd63fe657ec. Before the commit, when `mkdir_parents_internal()` is called from `mkdir_p()`, it uses `_mkdir()` as `flag` is zero. But after the commit, `mkdir_safe_internal()` is always used. Hence, if the path contains a symlink, it fails with -ENOTDIR. To fix the issue, this makes `mkdir_p()` calls `mkdir_parents_internal()` with MKDIR_FOLLOW_SYMLINK flag. Fixes #22334. (cherry picked from commit 5117059ee9f84ed2fd37801ec0b90473db475422) --- src/basic/mkdir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 71ed24c5896..51a0d74e875 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -162,7 +162,7 @@ int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t ui assert(_mkdirat != mkdirat); - r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags, _mkdirat); + r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags | MKDIR_FOLLOW_SYMLINK, _mkdirat); if (r < 0) return r; From 3a125c762f7254b33f3340ba18470a792c7849b4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 2 Feb 2022 15:08:18 +0900 Subject: [PATCH 154/703] test: add a test for mkdir_p() (cherry picked from commit 6f6b017b9bc69df3f3e308c36c95597002ce6e29) Conflicts: src/test/meson.build --- src/test/meson.build | 2 ++ src/test/test-mkdir.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 src/test/test-mkdir.c diff --git a/src/test/meson.build b/src/test/meson.build index 48001d17ecc..42d34a209e6 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -195,6 +195,8 @@ tests += [ [['src/test/test-json.c']], + [['src/test/test-mkdir.c']], + [['src/test/test-modhex.c']], [['src/test/test-libmount.c'], diff --git a/src/test/test-mkdir.c b/src/test/test-mkdir.c new file mode 100644 index 00000000000..c715d5f0964 --- /dev/null +++ b/src/test/test-mkdir.c @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include + +#include "mkdir.h" +#include "path-util.h" +#include "rm-rf.h" +#include "tests.h" +#include "tmpfile-util.h" + +TEST(mkdir_p) { + _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL; + _cleanup_free_ char *p = NULL; + + assert_se(mkdtemp_malloc("/tmp/test-mkdir-XXXXXX", &tmp) >= 0); + + assert_se(p = path_join(tmp, "run")); + assert_se(mkdir_p(p, 0755) >= 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "var/run")); + assert_se(mkdir_parents(p, 0755) >= 0); + assert_se(symlink("../run", p) >= 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "var/run/hoge/foo/baz")); + assert_se(mkdir_p(p, 0755) >= 0); +} + +DEFINE_TEST_MAIN(LOG_DEBUG); From 74dfb51f7025ded0bf16adb9fe304258ec8b2852 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 3 Feb 2022 18:55:18 +0100 Subject: [PATCH 155/703] sd-dhcp6-client: fix sending prefix delegation request during rebind Fixes an assertion failure "pd->type == SD_DHCP6_OPTION_IA_PD" in dhcp6_option_append_pd(). Something similar was done in commit 26a63b81322a ('sd-dhcp6-client: Fix sending prefix delegation request (#17136)'). The justification is probably the same. (cherry picked from commit 58da18251f468de9de4cc7b36804c924e2fd4421) --- src/libsystemd-network/sd-dhcp6-client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 706904c7202..84bc739bba2 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -857,7 +857,7 @@ static int client_send_message(sd_dhcp6_client *client, usec_t time_now) { return r; } - if (FLAGS_SET(client->request_ia, DHCP6_REQUEST_IA_PD)) { + if (FLAGS_SET(client->request_ia, DHCP6_REQUEST_IA_PD) && client->lease->pd.addresses) { r = dhcp6_option_append_pd(&opt, &optlen, &client->lease->pd, NULL); if (r < 0) return r; From 7784d3dde05ca35aed2a662bf15921c9639cff0f Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 27 Jan 2022 14:07:20 +0000 Subject: [PATCH 156/703] test: rename service used in TEST-29-PORTABLE to avoid conflict There's an app0.service in the extension app0.raw, so don't use the same name for a unit in minimal.raw (cherry picked from commit d76f0de746f4ee7c9014f42b531ba0449b834214) --- test/test-functions | 14 +++++++++----- test/units/testsuite-29.sh | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/test/test-functions b/test/test-functions index 218d0e6888c..bd0c2f98c5b 100644 --- a/test/test-functions +++ b/test/test-functions @@ -598,17 +598,21 @@ install_verity_minimal() { touch "$initdir/etc/machine-id" "$initdir/etc/resolv.conf" touch "$initdir/opt/some_file" echo MARKER=1 >>"$initdir/usr/lib/os-release" - echo "PORTABLE_PREFIXES=app0 minimal" >>"$initdir/usr/lib/os-release" - echo -e "[Service]\nExecStartPre=cat /usr/lib/os-release\nExecStart=sleep 120" >"$initdir/usr/lib/systemd/system/app0.service" - cp "$initdir/usr/lib/systemd/system/app0.service" "$initdir/usr/lib/systemd/system/app0-foo.service" + echo "PORTABLE_PREFIXES=app0 minimal minimal-app0" >>"$initdir/usr/lib/os-release" + cat >"$initdir/usr/lib/systemd/system/minimal-app0.service" <"$oldinitdir/usr/share/minimal_0.roothash" sed -i "s/MARKER=1/MARKER=2/g" "$initdir/usr/lib/os-release" - rm "$initdir/usr/lib/systemd/system/app0-foo.service" - cp "$initdir/usr/lib/systemd/system/app0.service" "$initdir/usr/lib/systemd/system/app0-bar.service" + rm "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" + cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-bar.service" mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" veritysetup format "$oldinitdir/usr/share/minimal_1.raw" "$oldinitdir/usr/share/minimal_1.verity" | \ diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 0e0c8cf41d9..a3f9fc05836 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -24,29 +24,29 @@ cat </run/systemd/system/systemd-portabled.service.d/override.conf Environment=SYSTEMD_LOG_LEVEL=debug EOF -portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw app0 +portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw minimal-app0 -systemctl is-active app0.service -systemctl is-active app0-foo.service +systemctl is-active minimal-app0.service +systemctl is-active minimal-app0-foo.service set +o pipefail set +e -systemctl is-active app0-bar.service && exit 1 +systemctl is-active minimal-app0-bar.service && exit 1 set -e set -o pipefail -portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw app0 +portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw minimal-app0 -systemctl is-active app0.service -systemctl is-active app0-bar.service +systemctl is-active minimal-app0.service +systemctl is-active minimal-app0-bar.service set +o pipefail set +e -systemctl is-active app0-foo.service && exit 1 +systemctl is-active minimal-app0-foo.service && exit 1 set -e set -o pipefail portablectl list | grep -q -F "minimal_1" -portablectl detach --now --runtime /usr/share/minimal_1.raw app0 +portablectl detach --now --runtime /usr/share/minimal_1.raw minimal-app0 portablectl list | grep -q -F "No images." @@ -55,29 +55,29 @@ portablectl list | grep -q -F "No images." unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw -portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 app0 +portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 minimal-app0 -systemctl is-active app0.service -systemctl is-active app0-foo.service +systemctl is-active minimal-app0.service +systemctl is-active minimal-app0-foo.service set +o pipefail set +e -systemctl is-active app0-bar.service && exit 1 +systemctl is-active minimal-app0-bar.service && exit 1 set -e set -o pipefail -portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 app0 +portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 minimal-app0 -systemctl is-active app0.service -systemctl is-active app0-bar.service +systemctl is-active minimal-app0.service +systemctl is-active minimal-app0-bar.service set +o pipefail set +e -systemctl is-active app0-foo.service && exit 1 +systemctl is-active minimal-app0-foo.service && exit 1 set -e set -o pipefail portablectl list | grep -q -F "minimal_1" -portablectl detach --now --enable --runtime /tmp/minimal_1 app0 +portablectl detach --now --enable --runtime /tmp/minimal_1 minimal-app0 portablectl list | grep -q -F "No images." From 44c4116557389ad86d5d204e290f8f2c57b7f009 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 27 Jan 2022 14:08:05 +0000 Subject: [PATCH 157/703] test: use mksquashfs -noappend Makes the setup idempotent, as mksquashfs by default attempts to append to an existing image (cherry picked from commit 392d46d7a8f78169ff6b0d2740f82924e6fdc878) --- test/test-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/test-functions b/test/test-functions index bd0c2f98c5b..7d62c950743 100644 --- a/test/test-functions +++ b/test/test-functions @@ -606,7 +606,7 @@ ExecStart=sleep 120 EOF cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" - mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_0.raw" + mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_0.raw" -noappend veritysetup format "$oldinitdir/usr/share/minimal_0.raw" "$oldinitdir/usr/share/minimal_0.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_0.roothash" @@ -614,7 +614,7 @@ EOF rm "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-bar.service" - mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" + mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" -noappend veritysetup format "$oldinitdir/usr/share/minimal_1.raw" "$oldinitdir/usr/share/minimal_1.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_1.roothash" @@ -642,7 +642,7 @@ cat /usr/lib/extension-release.d/extension-release.app0 EOF chmod +x "$initdir/opt/script0.sh" echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" + mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" -noappend export initdir="$TESTDIR/app1" mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" @@ -665,7 +665,7 @@ cat /usr/lib/extension-release.d/extension-release.app2 EOF chmod +x "$initdir/opt/script1.sh" echo MARKER=1 >"$initdir/usr/lib/systemd/system/other_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" + mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" -noappend ) } From 3f721fd8034a290d7a78a96675b1396eff5b4ae3 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 27 Jan 2022 14:08:44 +0000 Subject: [PATCH 158/703] core: add clearer debug log when setting up ExecDirectories symlinks fails (cherry picked from commit 6d7c999ab5958d6f1f192e7d0a63b8c330a077cb) --- src/core/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index 77f16f96bd1..a731c93860d 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1700,7 +1700,7 @@ static int apply_mounts( * exist, which means this will be a no-op. */ r = create_symlinks_from_tuples(root, exec_dir_symlinks); if (r < 0) - return r; + return log_debug_errno(r, "Failed to set up ExecDirectories symlinks inside mount namespace: %m"); /* Create a deny list we can pass to bind_mount_recursive() */ deny_list = new(char*, (*n_mounts)+1); From cd740bdeafd1c1716565b7dde7178026eb8362a5 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 27 Jan 2022 14:10:34 +0000 Subject: [PATCH 159/703] core: do not attempt to add 'private' symlinks when RootImage/RootDirectory are used A bind mount is added directly from private on the host to the actual destination directory, no need for the symlinks (which cannot be created as the bind mount happens first and creates the target as an actual directory) Fixes https://github.com/systemd/systemd/issues/22264 (cherry picked from commit 3fa80e5e75a98ef6f9a84b01770b71a1774478dc) Conflicts: test/units/testsuite-50.sh --- src/core/execute.c | 2 +- test/test-functions | 10 +++++++++- test/units/testsuite-29.sh | 9 +++++++++ test/units/testsuite-50.sh | 3 ++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index ee455e5dbb4..ce4cb9c8e76 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -3231,7 +3231,7 @@ static int compile_symlinks( return r; } - if (!exec_directory_is_private(context, dt)) + if (!exec_directory_is_private(context, dt) || exec_context_with_rootfs(context)) continue; private_path = path_join(params->prefix[dt], "private", context->directories[dt].items[i].path); diff --git a/test/test-functions b/test/test-functions index 7d62c950743..eae1cd8cc1e 100644 --- a/test/test-functions +++ b/test/test-functions @@ -576,7 +576,8 @@ install_verity_minimal() { oldinitdir="$initdir" rm -rfv "$TESTDIR/minimal" export initdir="$TESTDIR/minimal" - mkdir -p "$initdir/usr/lib/systemd/system" "$initdir/usr/lib/extension-release.d" "$initdir/etc" "$initdir/var/tmp" "$initdir/opt" + # app0 will use TemporaryFileSystem=/var/lib, app1 will need the mount point in the base image + mkdir -p "$initdir/usr/lib/systemd/system" "$initdir/usr/lib/extension-release.d" "$initdir/etc" "$initdir/var/tmp" "$initdir/opt" "$initdir/var/lib/app1" setup_basic_dirs install_basic_tools # Shellcheck treats [[ -v VAR ]] as an assignment to avoid a different @@ -633,11 +634,15 @@ EOF Type=oneshot RemainAfterExit=yes ExecStart=/opt/script0.sh +TemporaryFileSystem=/var/lib +StateDirectory=app0 +RuntimeDirectory=app0 EOF cat >"$initdir/opt/script0.sh" < \${STATE_DIRECTORY}/foo cat /usr/lib/extension-release.d/extension-release.app0 EOF chmod +x "$initdir/opt/script0.sh" @@ -656,11 +661,14 @@ EOF Type=oneshot RemainAfterExit=yes ExecStart=/opt/script1.sh +StateDirectory=app1 +RuntimeDirectory=app1 EOF cat >"$initdir/opt/script1.sh" < \${STATE_DIRECTORY}/foo cat /usr/lib/extension-release.d/extension-release.app2 EOF chmod +x "$initdir/opt/script1.sh" diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index a3f9fc05836..13bdc59e3b8 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -6,10 +6,13 @@ set -eux set -o pipefail ARGS=() +state_directory=/var/lib/private/ if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then # If we're running under sanitizers, we need to use a less restrictive # profile, otherwise LSan syscall would get blocked by seccomp ARGS+=(--profile=trusted) + # With the trusted profile DynamicUser is disabled, so the storage is not in private/ + state_directory=/var/lib/ fi systemd-dissect --no-pager /usr/share/minimal_0.raw | grep -q '✓ portable service' @@ -101,6 +104,12 @@ systemctl is-active app1.service portablectl detach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 +# Ensure that the combination of read-only images, state directory and dynamic user works, and that +# state is retained. Check after detaching, as on slow systems (eg: sanitizers) it might take a while +# after the service is attached before the file appears. +grep -q -F bar "${state_directory}/app0/foo" +grep -q -F baz "${state_directory}/app1/foo" + # portablectl also works with directory paths rather than images mkdir /tmp/rootdir /tmp/app1 /tmp/overlay /tmp/os-release-fix /tmp/os-release-fix/etc diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index fa855fafcc0..793795efdd0 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -302,7 +302,8 @@ systemd-run -P --property ExtensionImages="/usr/share/app0.raw /usr/share/app1.r cat >/run/systemd/system/testservice-50e.service < Date: Tue, 1 Feb 2022 12:06:21 +0100 Subject: [PATCH 160/703] util: another set of CVE-2021-4034 assert()s It's a good idea that we validate argc/argv when we are supposed to store them away. (cherry picked from commit 007e03b284e8ffc0b92edb2122cd9d2d16f049ef) --- src/basic/util.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/basic/util.h b/src/basic/util.h index 94804f28e3f..68ae3b51e0e 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -9,6 +9,12 @@ extern int saved_argc; extern char **saved_argv; static inline void save_argc_argv(int argc, char **argv) { + + /* Protect against CVE-2021-4034 style attacks */ + assert_se(argc > 0); + assert_se(argv); + assert_se(argv[0]); + saved_argc = argc; saved_argv = argv; } From d82bd80cf4e7659906a502735b20a45964b55a88 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 5 Feb 2022 21:37:01 +0900 Subject: [PATCH 161/703] resolve: fix potential memleak and use-after-free When stub stream is closed early, then queries associated to the stream are freed. Previously, the timer event source for queries may not be disabled, hence may be triggered with already freed query. See also dns_stub_stream_complete(). Note that we usually not set NULL or zero when freeing simple objects. But, here DnsQuery is large and complicated object, and the element may be referenced in subsequent freeing process in the future. Hence, for safety, let's set NULL to the pointer. (cherry picked from commit 73bfd7be042cc63e7649242b377ad494bf74ea4b) --- src/resolve/resolved-dns-query.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 3b5e456db2e..192bfd3bf56 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -381,6 +381,8 @@ DnsQuery *dns_query_free(DnsQuery *q) { if (!q) return NULL; + q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source); + while (q->auxiliary_queries) dns_query_free(q->auxiliary_queries); From 4dbc210124b4303ecadb6cdb28a4a4c821e1150b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 5 Feb 2022 22:03:19 +0900 Subject: [PATCH 162/703] resolve: fix possible memleak Fortunately, unlike the issue fixed in the previous commit, the memleak should be superficial and not become apparent, as the queries handled here are managed by the stub stream, and will be freed when the stream is closed. Just for safety, and slightly reducing the runtime memory usage by the stub stream. (cherry picked from commit fe8c5ce615ee2123f17b1f0b3728c439e19e4b5b) --- src/resolve/resolved-dns-stub.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 73590e3f9bd..86312fd1316 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -791,8 +791,10 @@ static void dns_stub_query_complete(DnsQuery *q) { * packet doesn't answer our question. In that case let's restart the query, * now with the redirected question. We'll */ r = dns_query_go(q); - if (r < 0) + if (r < 0) { log_debug_errno(r, "Failed to restart query: %m"); + dns_query_free(q); + } return; } From 0533d1aab61b6a797d07c4c861acf5e87f8191e8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 5 Feb 2022 22:04:42 +0900 Subject: [PATCH 163/703] resolve: use _cleanup_ attribute for freeing DnsQuery (cherry picked from commit c704288c473fa08820566fdb16c38726d24db026) --- src/resolve/resolved-bus.c | 112 +++++++++++++++----------------- src/resolve/resolved-dns-stub.c | 27 +++----- src/resolve/resolved-varlink.c | 38 +++++------ 3 files changed, 79 insertions(+), 98 deletions(-) diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index 48e5321d79a..5607dcc29f2 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -179,9 +179,10 @@ static int append_address(sd_bus_message *reply, DnsResourceRecord *rr, int ifin return 0; } -static void bus_method_resolve_hostname_complete(DnsQuery *q) { +static void bus_method_resolve_hostname_complete(DnsQuery *query) { _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = query; _cleanup_free_ char *normalized = NULL; DnsQuestion *question; DnsResourceRecord *rr; @@ -202,8 +203,11 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) { } if (r < 0) goto finish; - if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ + if (r == DNS_QUERY_CNAME) { + /* This was a cname, and the query was restarted. */ + TAKE_PTR(q); return; + } r = sd_bus_message_new_method_return(q->bus_request, &reply); if (r < 0) @@ -264,8 +268,6 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) { log_error_errno(r, "Failed to send hostname reply: %m"); sd_bus_reply_method_errno(q->bus_request, r, NULL); } - - dns_query_free(q); } static int validate_and_mangle_flags( @@ -403,11 +405,11 @@ void bus_client_log(sd_bus_message *m, const char *what) { static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = NULL; Manager *m = userdata; const char *hostname; int family, ifindex; uint64_t flags; - DnsQuery *q; int r; assert(message); @@ -459,21 +461,19 @@ static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, r = dns_query_bus_track(q, message); if (r < 0) - goto fail; + return r; r = dns_query_go(q); if (r < 0) - goto fail; + return r; + TAKE_PTR(q); return 1; - -fail: - dns_query_free(q); - return r; } -static void bus_method_resolve_address_complete(DnsQuery *q) { +static void bus_method_resolve_address_complete(DnsQuery *query) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = query; DnsQuestion *question; DnsResourceRecord *rr; unsigned added = 0; @@ -493,8 +493,11 @@ static void bus_method_resolve_address_complete(DnsQuery *q) { } if (r < 0) goto finish; - if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ + if (r == DNS_QUERY_CNAME) { + /* This was a cname, and the query was restarted. */ + TAKE_PTR(q); return; + } r = sd_bus_message_new_method_return(q->bus_request, &reply); if (r < 0) @@ -550,17 +553,15 @@ static void bus_method_resolve_address_complete(DnsQuery *q) { log_error_errno(r, "Failed to send address reply: %m"); sd_bus_reply_method_errno(q->bus_request, r, NULL); } - - dns_query_free(q); } static int bus_method_resolve_address(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = NULL; Manager *m = userdata; union in_addr_union a; int family, ifindex; uint64_t flags; - DnsQuery *q; int r; assert(message); @@ -604,17 +605,14 @@ static int bus_method_resolve_address(sd_bus_message *message, void *userdata, s r = dns_query_bus_track(q, message); if (r < 0) - goto fail; + return r; r = dns_query_go(q); if (r < 0) - goto fail; + return r; + TAKE_PTR(q); return 1; - -fail: - dns_query_free(q); - return r; } static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int ifindex) { @@ -645,8 +643,9 @@ static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int i return sd_bus_message_close_container(m); } -static void bus_method_resolve_record_complete(DnsQuery *q) { +static void bus_method_resolve_record_complete(DnsQuery *query) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = query; DnsResourceRecord *rr; DnsQuestion *question; unsigned added = 0; @@ -667,8 +666,11 @@ static void bus_method_resolve_record_complete(DnsQuery *q) { } if (r < 0) goto finish; - if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ + if (r == DNS_QUERY_CNAME) { + /* This was a cname, and the query was restarted. */ + TAKE_PTR(q); return; + } r = sd_bus_message_new_method_return(q->bus_request, &reply); if (r < 0) @@ -714,19 +716,17 @@ static void bus_method_resolve_record_complete(DnsQuery *q) { log_error_errno(r, "Failed to send record reply: %m"); sd_bus_reply_method_errno(q->bus_request, r, NULL); } - - dns_query_free(q); } static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = NULL; Manager *m = userdata; uint16_t class, type; const char *name; int r, ifindex; uint64_t flags; - DnsQuery *q; assert(message); assert(m); @@ -782,17 +782,14 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd r = dns_query_bus_track(q, message); if (r < 0) - goto fail; + return r; r = dns_query_go(q); if (r < 0) - goto fail; + return r; + TAKE_PTR(q); return 1; - -fail: - dns_query_free(q); - return r; } static int append_srv(DnsQuery *q, sd_bus_message *reply, DnsResourceRecord *rr) { @@ -952,10 +949,11 @@ static int append_txt(sd_bus_message *reply, DnsResourceRecord *rr) { return 1; } -static void resolve_service_all_complete(DnsQuery *q) { +static void resolve_service_all_complete(DnsQuery *query) { _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = query; DnsQuestion *question; DnsResourceRecord *rr; unsigned added = 0; @@ -964,8 +962,10 @@ static void resolve_service_all_complete(DnsQuery *q) { assert(q); - if (q->block_all_complete > 0) + if (q->block_all_complete > 0) { + TAKE_PTR(q); return; + } if ((q->flags & SD_RESOLVED_NO_ADDRESS) == 0) { DnsQuery *bad = NULL; @@ -977,6 +977,7 @@ static void resolve_service_all_complete(DnsQuery *q) { case DNS_TRANSACTION_PENDING: /* If an auxiliary query is still pending, let's wait */ + TAKE_PTR(q); return; case DNS_TRANSACTION_SUCCESS: @@ -1093,8 +1094,6 @@ static void resolve_service_all_complete(DnsQuery *q) { log_error_errno(r, "Failed to send service reply: %m"); sd_bus_reply_method_errno(q->bus_request, r, NULL); } - - dns_query_free(q); } static void resolve_service_hostname_complete(DnsQuery *q) { @@ -1119,7 +1118,7 @@ static void resolve_service_hostname_complete(DnsQuery *q) { static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifindex) { _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; - DnsQuery *aux; + _cleanup_(dns_query_freep) DnsQuery *aux = NULL; int r; assert(q); @@ -1142,32 +1141,27 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin aux->complete = resolve_service_hostname_complete; r = dns_query_make_auxiliary(aux, q); - if (r == -EAGAIN) { + if (r == -EAGAIN) /* Too many auxiliary lookups? If so, don't complain, * let's just not add this one, we already have more * than enough */ - - dns_query_free(aux); return 0; - } if (r < 0) - goto fail; + return r; /* Note that auxiliary queries do not track the original bus * client, only the primary request does that. */ r = dns_query_go(aux); if (r < 0) - goto fail; + return r; + TAKE_PTR(aux); return 1; - -fail: - dns_query_free(aux); - return r; } -static void bus_method_resolve_service_complete(DnsQuery *q) { +static void bus_method_resolve_service_complete(DnsQuery *query) { + _cleanup_(dns_query_freep) DnsQuery *q = query; bool has_root_domain = false; DnsResourceRecord *rr; DnsQuestion *question; @@ -1188,8 +1182,11 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { } if (r < 0) goto finish; - if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ + if (r == DNS_QUERY_CNAME) { + /* This was a cname, and the query was restarted. */ + TAKE_PTR(q); return; + } question = dns_query_question_for_protocol(q, q->answer_protocol); @@ -1237,7 +1234,7 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { } /* Maybe we are already finished? check now... */ - resolve_service_all_complete(q); + resolve_service_all_complete(TAKE_PTR(q)); return; finish: @@ -1245,17 +1242,15 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { log_error_errno(r, "Failed to send service reply: %m"); sd_bus_reply_method_errno(q->bus_request, r, NULL); } - - dns_query_free(q); } static int bus_method_resolve_service(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = NULL; const char *name, *type, *domain; Manager *m = userdata; int family, ifindex; uint64_t flags; - DnsQuery *q; int r; assert(message); @@ -1316,17 +1311,14 @@ static int bus_method_resolve_service(sd_bus_message *message, void *userdata, s r = dns_query_bus_track(q, message); if (r < 0) - goto fail; + return r; r = dns_query_go(q); if (r < 0) - goto fail; + return r; + TAKE_PTR(q); return 1; - -fail: - dns_query_free(q); - return r; } int bus_dns_server_append(sd_bus_message *reply, DnsServer *s, bool with_ifindex, bool extended) { diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 86312fd1316..1fd7e69eac5 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -720,7 +720,8 @@ static int dns_stub_patch_bypass_reply_packet( return 0; } -static void dns_stub_query_complete(DnsQuery *q) { +static void dns_stub_query_complete(DnsQuery *query) { + _cleanup_(dns_query_freep) DnsQuery *q = query; int r; assert(q); @@ -741,7 +742,6 @@ static void dns_stub_query_complete(DnsQuery *q) { else (void) dns_stub_send(q->manager, q->stub_listener_extra, q->request_stream, q->request_packet, reply); - dns_query_free(q); return; } } @@ -753,11 +753,8 @@ static void dns_stub_query_complete(DnsQuery *q) { q, dns_query_question_for_protocol(q, DNS_PROTOCOL_DNS), dns_stub_reply_with_edns0_do(q)); - if (r < 0) { - log_debug_errno(r, "Failed to assign sections: %m"); - dns_query_free(q); - return; - } + if (r < 0) + return (void) log_debug_errno(r, "Failed to assign sections: %m"); switch (q->state) { @@ -791,11 +788,10 @@ static void dns_stub_query_complete(DnsQuery *q) { * packet doesn't answer our question. In that case let's restart the query, * now with the redirected question. We'll */ r = dns_query_go(q); - if (r < 0) { - log_debug_errno(r, "Failed to restart query: %m"); - dns_query_free(q); - } + if (r < 0) + return (void) log_debug_errno(r, "Failed to restart query: %m"); + TAKE_PTR(q); return; } @@ -803,11 +799,8 @@ static void dns_stub_query_complete(DnsQuery *q) { q, dns_query_question_for_protocol(q, DNS_PROTOCOL_DNS), dns_stub_reply_with_edns0_do(q)); - if (r < 0) { - log_debug_errno(r, "Failed to assign sections: %m"); - dns_query_free(q); - return; - } + if (r < 0) + return (void) log_debug_errno(r, "Failed to assign sections: %m"); if (cname_result == DNS_QUERY_MATCH) /* A match? Then we are done, let's return what we got */ break; @@ -853,8 +846,6 @@ static void dns_stub_query_complete(DnsQuery *q) { default: assert_not_reached(); } - - dns_query_free(q); } static int dns_stub_stream_complete(DnsStream *s, int error) { diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c index cc684608a60..793be412545 100644 --- a/src/resolve/resolved-varlink.c +++ b/src/resolve/resolved-varlink.c @@ -143,9 +143,10 @@ static bool validate_and_mangle_flags( return true; } -static void vl_method_resolve_hostname_complete(DnsQuery *q) { +static void vl_method_resolve_hostname_complete(DnsQuery *query) { _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = query; _cleanup_free_ char *normalized = NULL; DnsResourceRecord *rr; DnsQuestion *question; @@ -165,8 +166,11 @@ static void vl_method_resolve_hostname_complete(DnsQuery *q) { } if (r < 0) goto finish; - if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ + if (r == DNS_QUERY_CNAME) { + /* This was a cname, and the query was restarted. */ + TAKE_PTR(q); return; + } question = dns_query_question_for_protocol(q, q->answer_protocol); @@ -228,8 +232,6 @@ static void vl_method_resolve_hostname_complete(DnsQuery *q) { log_error_errno(r, "Failed to send hostname reply: %m"); r = varlink_error_errno(q->varlink_request, r); } - - dns_query_free(q); } static int parse_as_address(Varlink *link, LookupParameters *p) { @@ -284,7 +286,7 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va _cleanup_(lookup_parameters_destroy) LookupParameters p = { .family = AF_UNSPEC, }; - DnsQuery *q; + _cleanup_(dns_query_freep) DnsQuery *q = NULL; Manager *m; int r; @@ -338,13 +340,10 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va r = dns_query_go(q); if (r < 0) - goto fail; + return r; + TAKE_PTR(q); return 1; - -fail: - dns_query_free(q); - return r; } static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { @@ -382,8 +381,9 @@ static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDis return 0; } -static void vl_method_resolve_address_complete(DnsQuery *q) { +static void vl_method_resolve_address_complete(DnsQuery *query) { _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + _cleanup_(dns_query_freep) DnsQuery *q = query; DnsQuestion *question; DnsResourceRecord *rr; int ifindex, r; @@ -402,8 +402,11 @@ static void vl_method_resolve_address_complete(DnsQuery *q) { } if (r < 0) goto finish; - if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ + if (r == DNS_QUERY_CNAME) { + /* This was a cname, and the query was restarted. */ + TAKE_PTR(q); return; + } question = dns_query_question_for_protocol(q, q->answer_protocol); @@ -447,8 +450,6 @@ static void vl_method_resolve_address_complete(DnsQuery *q) { log_error_errno(r, "Failed to send address reply: %m"); r = varlink_error_errno(q->varlink_request, r); } - - dns_query_free(q); } static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { @@ -464,7 +465,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var _cleanup_(lookup_parameters_destroy) LookupParameters p = { .family = AF_UNSPEC, }; - DnsQuery *q; + _cleanup_(dns_query_freep) DnsQuery *q = NULL; Manager *m; int r; @@ -509,13 +510,10 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var r = dns_query_go(q); if (r < 0) - goto fail; + return r; + TAKE_PTR(q); return 1; - -fail: - dns_query_free(q); - return r; } int manager_varlink_init(Manager *m) { From 1c37ac98d6e49a33531cb283e174ca59a9f4f663 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 5 Feb 2022 22:31:06 +0900 Subject: [PATCH 164/703] resolve: reuse timer event source for DnsQuery If the query get CNAME or DNAME, then the query will be restarted. Even in that case, previously, the event source was freed and allocated again. Let's slightly optimize it. (cherry picked from commit ecdfb9a1ae0a09d22a976e2ca0dc99aacc6b9d1f) --- src/resolve/resolved-dns-query.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 192bfd3bf56..9b296e7aa67 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -3,6 +3,7 @@ #include "alloc-util.h" #include "dns-domain.h" #include "dns-type.h" +#include "event-util.h" #include "hostname-util.h" #include "local-addresses.h" #include "resolved-dns-query.h" @@ -348,7 +349,7 @@ static void dns_query_stop(DnsQuery *q) { assert(q); - q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source); + event_source_disable(q->timeout_event_source); LIST_FOREACH(candidates_by_query, c, q->candidates) dns_query_candidate_stop(c); @@ -794,17 +795,16 @@ int dns_query_go(DnsQuery *q) { dns_query_reset_answer(q); - r = sd_event_add_time_relative( + r = event_reset_time_relative( q->manager->event, &q->timeout_event_source, clock_boottime_or_monotonic(), SD_RESOLVED_QUERY_TIMEOUT_USEC, - 0, on_query_timeout, q); + 0, on_query_timeout, q, + 0, "query-timeout", true); if (r < 0) goto fail; - (void) sd_event_source_set_description(q->timeout_event_source, "query-timeout"); - q->state = DNS_TRANSACTION_PENDING; q->block_ready++; From 88c711885fa734e17ab17b76b29e4094d95620bb Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 7 Feb 2022 20:15:07 +0000 Subject: [PATCH 165/703] journal: Fix upwards iteration of entry items in case of corruption 8d801e35cb155faa08235a5af8b4d6ad60715837 didn't take into account upwards iteration of entry items when we're working on a corrupted journal file. Instead of moving to the previous entry array, we'd always move to the next array, regardless of the iteration direction. To fix this, we introduce bump_entry_array() that moves to the next or previous entry array depending on the given direction. Since the entry array chains are singly linked lists, we have to start iterating from the front to find the previous array. We only reach this logic if we're working on a corrupted journal file so being slow here shouldn't matter too much. (cherry picked from commit aa00163d79309f9873512a4cc14a48c05fee7c65) --- src/libsystemd/sd-journal/journal-file.c | 40 +++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index ef4c261096f..e23afd4fc66 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -2119,6 +2119,41 @@ static int bump_array_index(uint64_t *i, direction_t direction, uint64_t n) { return 1; } +static int bump_entry_array(JournalFile *f, Object *o, uint64_t offset, uint64_t first, direction_t direction, uint64_t *ret) { + uint64_t p, q = 0; + int r; + + assert(f); + assert(offset); + assert(ret); + + if (direction == DIRECTION_DOWN) + return le64toh(o->entry_array.next_entry_array_offset); + + /* Entry array chains are a singly linked list, so to find the previous array in the chain, we have + * to start iterating from the top. */ + + p = first; + + while (p > 0 && p != offset) { + r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, p, &o); + if (r < 0) + return r; + + q = p; + p = le64toh(o->entry_array.next_entry_array_offset); + } + + /* If we can't find the previous entry array in the entry array chain, we're likely dealing with a + * corrupted journal file. */ + if (p == 0) + return -EBADMSG; + + *ret = q; + + return 0; +} + static int generic_array_get( JournalFile *f, uint64_t first, @@ -2189,8 +2224,11 @@ static int generic_array_get( log_debug_errno(r, "Entry item %" PRIu64 " is bad, skipping over it.", i); } while (bump_array_index(&i, direction, k) > 0); + r = bump_entry_array(f, o, a, first, direction, &a); + if (r < 0) + return r; + t += k; - a = le64toh(o->entry_array.next_entry_array_offset); i = UINT64_MAX; } From ea4a694876d824de372683787e7d03ef4cdd52cf Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 7 Feb 2022 20:19:29 +0000 Subject: [PATCH 166/703] journal: Improve handling of corruption during upwards entry iteration If we're going upwards in the journal file during entry iteration and we can't reach the current entry due to corruption, start iterating upwards from the last reachable entry array. This is equivalent to skipping all entries in the array that can't be reached anymore. Fixes #22431 (cherry picked from commit 952d1e784a0ad47e0c2c832d28299987c3c25529) --- src/libsystemd/sd-journal/journal-file.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index e23afd4fc66..369b32856fb 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -2180,6 +2180,24 @@ static int generic_array_get( while (a > 0) { r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); + if (IN_SET(r, -EBADMSG, -EADDRNOTAVAIL)) { + /* If there's corruption and we're going downwards, let's pretend we reached the + * final entry in the entry array chain. */ + + if (direction == DIRECTION_DOWN) + return 0; + + /* If there's corruption and we're going upwards, move back to the previous entry + * array and start iterating entries from there. */ + + r = bump_entry_array(f, NULL, a, first, DIRECTION_UP, &a); + if (r < 0) + return r; + + i = UINT64_MAX; + + break; + } if (r < 0) return r; From 514a4c051ce6cceaa5417a2044e708bd5105131d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 10 Feb 2022 17:47:14 +0900 Subject: [PATCH 167/703] network: bridge: fix endian of vlan protocol Fixes #22469. (cherry picked from commit 6eb35be8e0fa5f1f00dddd558cf4dc3642d9e53e) --- src/network/netdev/bridge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c index 64d65493caf..b974f2ae0a6 100644 --- a/src/network/netdev/bridge.c +++ b/src/network/netdev/bridge.c @@ -134,7 +134,7 @@ static int netdev_bridge_post_create(NetDev *netdev, Link *link, sd_netlink_mess } if (b->vlan_protocol >= 0) { - r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, b->vlan_protocol); + r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, htobe16(b->vlan_protocol)); if (r < 0) return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_VLAN_PROTOCOL attribute: %m"); } From ab30fe12edf4b859d38f4c5726b3eaa71aa5b3f7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 10 Feb 2022 18:04:34 +0900 Subject: [PATCH 168/703] test-network: add missing tests for bridge properties (cherry picked from commit b6d5dab7bbb8ecf4ce1229840085daa15ab4cf57) --- test/test-network/conf/25-bridge.netdev | 10 +++++++--- test/test-network/systemd-networkd-tests.py | 6 ++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/test/test-network/conf/25-bridge.netdev b/test/test-network/conf/25-bridge.netdev index 6d8cea9021c..d9d6f6e7922 100644 --- a/test/test-network/conf/25-bridge.netdev +++ b/test/test-network/conf/25-bridge.netdev @@ -6,10 +6,14 @@ Kind=bridge [Bridge] HelloTimeSec=9 MaxAgeSec=9 -ForwardDelaySec=9 AgeingTimeSec=9 +ForwardDelaySec=9 Priority=9 -MulticastQuerier= true -MulticastSnooping=true +#GroupForwardMask=9 # This interferes other other settings +DefaultPVID=9 +MulticastQuerier=yes +MulticastSnooping=yes +VLANFiltering=yes +VLANProtocol=802.1ad STP=true MulticastIGMPVersion=3 diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index af9a49b6383..82a099fbece 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -1154,6 +1154,12 @@ def test_bridge(self): self.assertRegex(output, 'STP: yes') self.assertRegex(output, 'Multicast IGMP Version: 3') + output = check_output('ip -d link show bridge99') + print(output) + self.assertIn('vlan_filtering 1 ', output) + self.assertIn('vlan_protocol 802.1ad ', output) + self.assertIn('vlan_default_pvid 9 ', output) + def test_bond(self): copy_unit_to_networkd_unit_path('25-bond.netdev', '25-bond-balanced-tlb.netdev') start_networkd() From 5a9113cb0b80daedc07423f0781fc02537a5295f Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 11 Feb 2022 13:17:23 +0100 Subject: [PATCH 169/703] boot: Correctly check the return value of CheckEvent Fixes: #22428 (cherry picked from commit ac3979abd7a38725b66c1ce0607fa905b3a3d782) --- src/boot/efi/console.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c index 89fbd942587..7c88443a4d4 100644 --- a/src/boot/efi/console.c +++ b/src/boot/efi/console.c @@ -147,7 +147,7 @@ EFI_STATUS console_key_read(UINT64 *key, UINT64 timeout_usec) { } return EFI_NOT_READY; - } else if (BS->CheckEvent(ST->ConIn->WaitForKey)) { + } else if (!EFI_ERROR(BS->CheckEvent(ST->ConIn->WaitForKey))) { EFI_INPUT_KEY k; err = ST->ConIn->ReadKeyStroke(ST->ConIn, &k); From 2e323d198dc28cca4eb24ccebdcebbf2a385f144 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 8 Feb 2022 13:19:52 +0000 Subject: [PATCH 170/703] meson: disable export-dbus-interfaces target when cross-compiling ERROR: Cannot use target systemd as a generator because it is built for the host machine and no exe wrapper is defined or needs_exe_wrapper is true. You might want to set `native: true` instead to build it for the build machine. (cherry picked from commit 0628d48ec2af1c25bede6d94ae49107b17651b68) Conflicts: meson.build --- meson.build | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/meson.build b/meson.build index e07875a0543..5a639e9ab5f 100644 --- a/meson.build +++ b/meson.build @@ -3889,12 +3889,14 @@ run_target( alias_target('update-dbus-docs', update_dbus_docs) alias_target('update-man-rules', update_man_rules) -custom_target( - 'export-dbus-interfaces', - output : 'interfaces', - install : dbus_interfaces_dir != 'no', - install_dir : dbus_interfaces_dir, - command : [export_dbus_interfaces_py, '@OUTPUT@', dbus_programs]) +if not meson.is_cross_build() + custom_target( + 'export-dbus-interfaces', + output : 'interfaces', + install : dbus_interfaces_dir != 'no', + install_dir : dbus_interfaces_dir, + command : [export_dbus_interfaces_py, '@OUTPUT@', dbus_programs]) +endif ############################################################ From 2614461383b344041b397870fb3662c79f2a7b75 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 15 Feb 2022 10:20:34 +0000 Subject: [PATCH 171/703] Revert "tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The test fails on this branch: 948/1228 fuzz-dhcp-client_minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a_address,undefined FAIL 0.00s (exit status 127)12:43 --- command ---12:43 01:47:36 UBSAN_OPTIONS='print_stacktrace=1:print_summary=1:halt_on_error=1' /usr/bin/env /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-client:address,undefined /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a12:43 --- stderr ---12:43 /usr/bin/env: ‘/tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-client:address,undefined’: No such file or directory This reverts commit 87728a590ad82391e76a275024c9039625ff2b67. --- ...-from-555a2b073b8d208655b68c294f8dfd592a11e50a | Bin 243 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a diff --git a/test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a b/test/fuzz/fuzz-dhcp-client/minimized-from-555a2b073b8d208655b68c294f8dfd592a11e50a deleted file mode 100644 index 87345bf0ecc3709922b94da7b66176cdeb858b33..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 243 zcmZQ%VE7LN3?T3sOffPt*fTH~+cJU02ojbI7Z^+!m6?oL7??oBDWDFh7!nhQF{X^= y<&3CuP@y+WOqPt6ObiaXjJ8aS%*KpH3}y_Lj0_OfOsNbOVB6qU;&1{sX8{150U3G# From e69b2a3a69d472e887633162111ed2a45f317eb9 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 15 Feb 2022 10:21:49 +0000 Subject: [PATCH 172/703] Partially revert "sd-dhcp-server: refuse too large packet to send" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This test fails on this branch: 949/1228 fuzz-dhcp-server-relay-message_clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824_address,undefined FAIL 0.00s (exit status 127)12:43 --- command ---12:43 01:47:36 UBSAN_OPTIONS='print_stacktrace=1:print_summary=1:halt_on_error=1' /usr/bin/env /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-server-relay-message:address,undefined /tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-497239973127782412:43 --- stderr ---12:43 /usr/bin/env: ‘/tmp/autopkgtest-lxc.cl7c6fs0/downtmp/build.X6Z/src/build-deb/fuzz-dhcp-server-relay-message:address,undefined’: No such file or directory This partially reverts commit 76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c. --- ...z-dhcp-server-relay-message-4972399731277824 | Bin 65508 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 diff --git a/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 b/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 deleted file mode 100644 index e902b6989b419428fa0114c973b148fbe583c871..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 65508 zcmeHQO^Xyq7_QnGHe|g?!~_DVcn}G3nRRFO0}pY$Wa3jnmhk?a_5|05v50Z;< z1A(xFv7AqGrXhzLPhg%F5=s4Qd=bvy4)*Yw9z zZ$0%^b-mR?(XdwPvQk6J$<0WqDAFTJX*r;pPQLo0xf(^0?8x@Xn?A1uE5-~N`~Nl~ zhtGuH?fz))UzyNS`-2uF0t}NYi=vLRRHC7)k&K;Yz z5Ai&kd6AE?nV$zJxnc|PGo`*nj-Oq&D@#{5M^dG4&m4&|K2!Qgx7vgvHRjv;6O>OP zUKu6u`sm=g5t$Yx617$MQ9b$PF0TP{AgERfP$atKe_n^KxF=V`K1)576{ilF@5puC zUqzev0zUJ7f5_^t62;#O#n6SqfJ487Kt2DI6?y7t&sLu%Kf`1BR?lRv#!%W7m|djw+iBtgIV@ zAghzr$?9bFfkJ?+PFC-L09l=^K2V%STb-=lfzxQKlhw)U-Lm@RWM#ZMFDmP5j=b>cA*6fKJ?Xv!0;GG=eYbQk6IRLUFCGE1dIwJH&WJxyn-G1L zQ`uROo&^dv!<8lsm3>o`eSdXoY`ivhU}}1@HZ@V1tWH(NsQraUfZD$)+TV*SgLmmz zPWczf+ui-vuVF>X!?_nVTm6fgdlI({>;CfAWAD!q9ezz*As)zMDD~dRD=Ly*^>?%R z{-LHl$HCyE^mLtD$gQU-pOE_Ku0NfF(ti!yTI^EtuK0vtKEIs*mb7GdmX&!Gll-qb z=a1hlH4zJZ0mhD*s=k45zdAa)pU+=wyrx=I2(?RT2P0ya5}$cf2HUM zIQk;1iv>bf&qe^8MxVsM>|}Madf^cutE0Mt)5+>N2mm0mI#7U+)eFyQ9DyOL+p0=d z&qn|N^@r6*v=;r74VTLC^{}^qOXXzZMOOE)a9o|XdL9D(V|5{PxAGrZJ(Hd~C6d)M z5hAOT)oH7DK!B_c1cGn`Mi>2EAz3}e>Vvc%Y3jC@_2+c}2afE^5MKv-4>)j?i5a^XWOcH72L#CKKp+Thbb{A0EgKv1qzUU8ZcwNHg+4ZTbhZ~w(6F?bSnnn zv!2P~1iwm^Ge(Np&Z3pAEEAQ;hQIGb0|s11RtE}@ezJNdN3}^Lt7n3akK#)jbr+{1?PH2gbp|IWU|9sOPFA;l4cnFFqGXu}03dct z1Fw_S$?AnifUHhd?|=XflhuI&gsfh8PNS_(R<~7^wt7AS0Eny(6d+`EvU=eWAgkM| zn$KyR7yy9C>OcWPRxdoK^<=AGR`1{&YgUG3x~)-IQpta&OG|QdxBC!Eqk%m3LnvC? zU(6ywWX1*fxYzBYC#EmnJ$3qc$xqW#^7Rxsi@ejfQ+e&lwLPuO>bP|N_wpOR``O= zqMO=~2sB@?6&(RzdpT`FI5hM163shM8qK>v>|}Madf^cutE0M#ZM>~ny%#$@FRwAu zk8l%d#fw5bDWdCer#O6O$y`~w=Xy5PwQG&lhl_K^W&;VX4@Kj8>Q%AdupUF7!WO3R z{JOcS4!g6@%MIo#TkCDp9e8L`-YMu$3$_ zaOZxQvn`eOK-`d<+VS|`eLFJbpiRT4lOy?4>V_X!)LM2vw5OIxEY^)t?!n%Hcv>f`=W!aRkE7ml1O_NT$m&Aef`c80 zvxtz@3x@z%-B#6jpg2srvbbRK7g-$uk=20$gse_hFFXQdbz4=*>iGx&AhJ48fRNP- z&uJWiA*SXo8BS2QSRh6vXf&iBy%Ui|(>7aHi!9A00o^9~h z<{8Bgix(dOws~yxIv{|T1^a9R8WiUMptohP;6HhCB$y_Nj3%X4rt414eRIEidqLx#7$K}Yv%4A%QOlz5w ms+1UNDFta4jrEG`)UNv3W$G~9mo9->FvVI#b}H<0Wd8%4hT`V{ From 160eeab224e1f37acaf5b65bc97227c2d15cb4d2 Mon Sep 17 00:00:00 2001 From: Richard Neill Date: Wed, 2 Feb 2022 18:18:46 +0000 Subject: [PATCH 173/703] virt: Fix Xen Dom0 detection logic to no longer report as VM Fixes regression introduced in 599be274c13c503806c85073d7beb1a155ac27bd Moving the Xen check before the CPUID check, in order to handle the case where a Xen domain is nested within a hypervisor which can be detected by via the CPUID check, had an unintended consequence of causing Dom0 to report as a Xen VM when it is not nested. This patch stops further checks once it has been determined that Dom0 is not nested within another hypervisor, meaning that the non-nested case matches its previous logic (where it does not report as a VM). Also, tidy the conditionals for the Xen and UML checks by removing handling of a VIRTUALIZATION_VM_OTHER result, which has no code path. Fixes #22511 (cherry picked from commit ea583ed5a366cf51b80bd363db95e828a25ec27e) --- src/basic/virt.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/src/basic/virt.c b/src/basic/virt.c index 156a19ee529..284ad952778 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -331,22 +331,13 @@ static int detect_vm_xen_dom0(void) { } static int detect_vm_xen(void) { - int r; - - /* The presence of /proc/xen indicates some form of a Xen domain */ + /* The presence of /proc/xen indicates some form of a Xen domain + The check for Dom0 is handled outside this function */ if (access("/proc/xen", F_OK) < 0) { log_debug("Virtualization XEN not found, /proc/xen does not exist"); return VIRTUALIZATION_NONE; } log_debug("Virtualization XEN found (/proc/xen exists)"); - - /* Ignore the Xen hypervisor if we are in Dom0 */ - r = detect_vm_xen_dom0(); - if (r < 0) - return r; - if (r > 0) - return VIRTUALIZATION_NONE; - return VIRTUALIZATION_XEN; } @@ -434,7 +425,7 @@ static int detect_vm_zvm(void) { int detect_vm(void) { static thread_local int cached_found = _VIRTUALIZATION_INVALID; bool other = false; - int r, dmi; + int r, dmi, xen_dom0 = 0; if (cached_found >= 0) return cached_found; @@ -461,19 +452,26 @@ int detect_vm(void) { r = detect_vm_uml(); if (r < 0) return r; - if (r == VIRTUALIZATION_VM_OTHER) - other = true; - else if (r != VIRTUALIZATION_NONE) + if (r != VIRTUALIZATION_NONE) goto finish; /* Detect Xen */ r = detect_vm_xen(); if (r < 0) return r; - if (r == VIRTUALIZATION_VM_OTHER) - other = true; - else if (r != VIRTUALIZATION_NONE) - goto finish; + if (r == VIRTUALIZATION_XEN) { + /* If we are Dom0, then we expect to not report as a VM. However, as we might be nested + * inside another hypervisor which can be detected via the CPUID check, wait to report this + * until after the CPUID check. */ + xen_dom0 = detect_vm_xen_dom0(); + if (xen_dom0 < 0) + return xen_dom0; + if (xen_dom0 == 0) + goto finish; + + r = VIRTUALIZATION_NONE; + } else if (r != VIRTUALIZATION_NONE) + assert_not_reached(); /* Detect from CPUID */ r = detect_vm_cpuid(); @@ -484,6 +482,10 @@ int detect_vm(void) { else if (r != VIRTUALIZATION_NONE) goto finish; + /* If we are in Dom0 and have not yet finished, finish with the result of detect_vm_cpuid */ + if (xen_dom0 > 0) + goto finish; + /* Now, let's get back to DMI */ if (dmi < 0) return dmi; From c809c046be509226d0cad44a47ae78f6a428d500 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 17 Feb 2022 18:47:26 +0900 Subject: [PATCH 174/703] udev-util: introduce udev_available() helper function (cherry picked from commit f92c5bb18cee41d48b95d61a2a2dc613203844ca) --- src/shared/udev-util.c | 15 +++++++++++++++ src/shared/udev-util.h | 2 ++ 2 files changed, 17 insertions(+) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 56c28773ced..69c3255967c 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -19,6 +19,7 @@ #include "path-util.h" #include "signal-util.h" #include "socket-util.h" +#include "stat-util.h" #include "string-table.h" #include "string-util.h" #include "strxcpyx.h" @@ -718,3 +719,17 @@ int on_ac_power(void) { return found_online || !found_offline; } + +bool udev_available(void) { + static int cache = -1; + + /* The service systemd-udevd is started only when /sys is read write. + * See systemd-udevd.service: ConditionPathIsReadWrite=/sys + * Also, our container interface (http://systemd.io/CONTAINER_INTERFACE/) states that /sys must + * be mounted in read-only mode in containers. */ + + if (cache >= 0) + return cache; + + return (cache = path_is_read_only_fs("/sys/") <= 0); +} diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h index 8d21dc43647..a48beb95ea4 100644 --- a/src/shared/udev-util.h +++ b/src/shared/udev-util.h @@ -55,6 +55,8 @@ int udev_queue_init(void); int on_ac_power(void); +bool udev_available(void); + #if HAVE_SYS_SDT_H /* Each trace point can have different number of additional arguments. Note that when the macro is used only From 7b121ab2884bd091db8881ccc81d8d34c9da596b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 17 Feb 2022 18:55:24 +0900 Subject: [PATCH 175/703] network: use udev_available() where applicable (cherry picked from commit 82f52245baa2fe26f1de7b50a036d3746deb7df1) --- src/network/networkd-link.c | 4 +--- src/network/networkd-manager.c | 3 ++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 7bc391d68d8..811db767c92 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -59,7 +59,6 @@ #include "networkd-sysctl.h" #include "set.h" #include "socket-util.h" -#include "stat-util.h" #include "stdio-util.h" #include "string-table.h" #include "strv.h" @@ -1549,8 +1548,7 @@ static int link_check_initialized(Link *link) { assert(link); - if (path_is_read_only_fs("/sys") > 0) - /* no udev */ + if (!udev_available()) return link_initialized_and_synced(link); /* udev should be around */ diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index 7e89366ae8a..9d790224cc9 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -52,6 +52,7 @@ #include "strv.h" #include "sysctl-util.h" #include "tmpfile-util.h" +#include "udev-util.h" /* use 128 MB for receive socket kernel queue. */ #define RCVBUF_SIZE (128*1024*1024) @@ -169,7 +170,7 @@ static int manager_connect_udev(Manager *m) { /* udev does not initialize devices inside containers, so we rely on them being already * initialized before entering the container. */ - if (path_is_read_only_fs("/sys") > 0) + if (!udev_available()) return 0; r = sd_device_monitor_new(&m->device_monitor); From a7cf77914b0ef32976b31b5c375626ba2d44e81e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 17 Feb 2022 05:24:26 +0900 Subject: [PATCH 176/703] network: call ethtool after link is initialized by udevd Fixes #22538. (cherry picked from commit e1658632aefc963c4a651de433cceb3a9512afd6) --- src/network/networkd-link.c | 90 +++++++++++++++++++++++++++++-------- 1 file changed, 71 insertions(+), 19 deletions(-) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 811db767c92..b62a154828a 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -2135,6 +2135,69 @@ static int link_update_master(Link *link, sd_netlink_message *message) { return 0; } +static int link_update_driver(Link *link, sd_netlink_message *message) { + int r; + + assert(link); + assert(link->manager); + assert(message); + + /* Driver is already read. Assuming the driver is never changed. */ + if (link->driver) + return 0; + + /* When udevd is running, read the driver after the interface is initialized by udevd. + * Otherwise, ethtool may not work correctly. See issue #22538. + * When udevd is not running, read the value when the interface is detected. */ + if (link->state != (udev_available() ? LINK_STATE_INITIALIZED : LINK_STATE_PENDING)) + return 0; + + r = ethtool_get_driver(&link->manager->ethtool_fd, link->ifname, &link->driver); + if (r < 0) { + log_link_debug_errno(link, r, "Failed to get driver, continuing without: %m"); + return 0; + } + + log_link_debug(link, "Found driver: %s", strna(link->driver)); + + return 0; +} + +static int link_update_permanent_hardware_address(Link *link, sd_netlink_message *message) { + int r; + + assert(link); + assert(link->manager); + assert(message); + + if (link->permanent_hw_addr.length > 0) + return 0; + + /* When udevd is running, read the permanent hardware address after the interface is + * initialized by udevd. Otherwise, ethtool may not work correctly. See issue #22538. + * When udevd is not running, read the value when the interface is detected. */ + if (link->state != (udev_available() ? LINK_STATE_INITIALIZED : LINK_STATE_PENDING)) + return 0; + + r = netlink_message_read_hw_addr(message, IFLA_PERM_ADDRESS, &link->permanent_hw_addr); + if (r < 0) { + if (r != -ENODATA) + return log_link_debug_errno(link, r, "Failed to read IFLA_PERM_ADDRESS attribute: %m"); + + if (netlink_message_read_hw_addr(message, IFLA_ADDRESS, NULL) >= 0) { + /* Fallback to ethtool, if the link has a hardware address. */ + r = ethtool_get_permanent_hw_addr(&link->manager->ethtool_fd, link->ifname, &link->permanent_hw_addr); + if (r < 0) + log_link_debug_errno(link, r, "Permanent hardware address not found, continuing without: %m"); + } + } + + if (link->permanent_hw_addr.length > 0) + log_link_debug(link, "Saved permanent hardware address: %s", HW_ADDR_TO_STR(&link->permanent_hw_addr)); + + return 0; +} + static int link_update_hardware_address(Link *link, sd_netlink_message *message) { struct hw_addr_data addr; int r; @@ -2423,6 +2486,14 @@ static int link_update(Link *link, sd_netlink_message *message) { if (r < 0) return r; + r = link_update_driver(link, message); + if (r < 0) + return r; + + r = link_update_permanent_hardware_address(link, message); + if (r < 0) + return r; + r = link_update_hardware_address(link, message); if (r < 0) return r; @@ -2529,25 +2600,6 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) { log_link_debug(link, "Saved new link: ifindex=%i, iftype=%s(%u), kind=%s", link->ifindex, strna(arphrd_to_name(link->iftype)), link->iftype, strna(link->kind)); - r = netlink_message_read_hw_addr(message, IFLA_PERM_ADDRESS, &link->permanent_hw_addr); - if (r < 0) { - if (r != -ENODATA) - log_link_debug_errno(link, r, "Failed to read IFLA_PERM_ADDRESS attribute, ignoring: %m"); - - if (netlink_message_read_hw_addr(message, IFLA_ADDRESS, NULL) >= 0) { - /* Fallback to ethtool, if the link has a hardware address. */ - r = ethtool_get_permanent_hw_addr(&manager->ethtool_fd, link->ifname, &link->permanent_hw_addr); - if (r < 0) - log_link_debug_errno(link, r, "Permanent hardware address not found, continuing without: %m"); - } - } - if (link->permanent_hw_addr.length > 0) - log_link_debug(link, "Saved permanent hardware address: %s", HW_ADDR_TO_STR(&link->permanent_hw_addr)); - - r = ethtool_get_driver(&manager->ethtool_fd, link->ifname, &link->driver); - if (r < 0) - log_link_debug_errno(link, r, "Failed to get driver, continuing without: %m"); - *ret = TAKE_PTR(link); return 0; } From d026bd21ea89acb349b48fc9a22a7b3d18ae488f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 18 Feb 2022 14:06:31 +0900 Subject: [PATCH 177/703] udev-util: add parentheses to make coverity silent Fixes CID#1474365. (cherry picked from commit 9fa31df62dd504e8f3e43710df504a467ed430fa) --- src/shared/udev-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 69c3255967c..5c1b4a44705 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -731,5 +731,5 @@ bool udev_available(void) { if (cache >= 0) return cache; - return (cache = path_is_read_only_fs("/sys/") <= 0); + return (cache = (path_is_read_only_fs("/sys/") <= 0)); } From 084c88983eaecbf23e113db5a7ee11f94b60472b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 11 Feb 2022 09:49:13 +0900 Subject: [PATCH 178/703] resolve: refuse AF_UNSPEC when resolving address Fixes #22480. (cherry picked from commit 0234f0c0531682e7f28a4ef51852c102c6e97267) --- src/resolve/resolved-varlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c index 793be412545..59ebd8c3127 100644 --- a/src/resolve/resolved-varlink.c +++ b/src/resolve/resolved-varlink.c @@ -484,7 +484,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var if (p.ifindex < 0) return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex")); - if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6)) + if (!IN_SET(p.family, AF_INET, AF_INET6)) return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family")); if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size) From 919d398668d2baa1873e61f7f502fac910a9d606 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 11 Feb 2022 09:43:16 +0900 Subject: [PATCH 179/703] resolve: add reference of the original bus message to the aux queries Otherwise, the error in aux queries cannot be replied. Fixes #22477. (cherry picked from commit 08275791d85a1852e79951212f6cbbc727db789a) --- src/resolve/resolved-bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index 5607dcc29f2..88c67e1c39a 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -1137,6 +1137,7 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin if (r < 0) return r; + aux->bus_request = sd_bus_message_ref(q->bus_request); aux->request_family = q->request_family; aux->complete = resolve_service_hostname_complete; From 66411cea19e2813b0c645101921adf68d8220ce9 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 20 Feb 2022 11:23:18 +0900 Subject: [PATCH 180/703] network: dhcp-pd: fix prefix length of address assigned to upstream interface This effectively revert ab0c82d9f749cc397a6b7e0327ddb2c08cd7d7e0. I have no idea why I did that... Fixes #22559. (cherry picked from commit 38488babe791639860068905177a415822b6b98b) --- src/network/networkd-address-generation.c | 4 +- src/network/networkd-address-generation.h | 2 +- src/network/networkd-dhcp-prefix-delegation.c | 87 ++++++------------- test/test-network/systemd-networkd-tests.py | 21 +++-- 4 files changed, 40 insertions(+), 74 deletions(-) diff --git a/src/network/networkd-address-generation.c b/src/network/networkd-address-generation.c index 85110355a1d..2dedcf37239 100644 --- a/src/network/networkd-address-generation.c +++ b/src/network/networkd-address-generation.c @@ -252,8 +252,8 @@ static int generate_addresses( return 0; } -int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) { - return generate_addresses(link, link->network->dhcp_pd_tokens, &DHCP_PD_APP_ID, prefix, prefixlen, ret); +int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret) { + return generate_addresses(link, link->network->dhcp_pd_tokens, &DHCP_PD_APP_ID, prefix, 64, ret); } int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret) { diff --git a/src/network/networkd-address-generation.h b/src/network/networkd-address-generation.h index e9c924eb978..901b2ec4bf3 100644 --- a/src/network/networkd-address-generation.h +++ b/src/network/networkd-address-generation.h @@ -7,7 +7,7 @@ typedef struct Link Link; -int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret); +int dhcp_pd_generate_addresses(Link *link, const struct in6_addr *prefix, Set **ret); int ndisc_generate_addresses(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret); int radv_generate_addresses(Link *link, Set *tokens, const struct in6_addr *prefix, uint8_t prefixlen, Set **ret); diff --git a/src/network/networkd-dhcp-prefix-delegation.c b/src/network/networkd-dhcp-prefix-delegation.c index 949c74bd589..7be9713d46b 100644 --- a/src/network/networkd-dhcp-prefix-delegation.c +++ b/src/network/networkd-dhcp-prefix-delegation.c @@ -307,7 +307,7 @@ static int dhcp_pd_route_handler(sd_netlink *rtnl, sd_netlink_message *m, Link * return 1; } -static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, uint8_t prefixlen, usec_t lifetime_usec) { +static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, usec_t lifetime_usec) { _cleanup_(route_freep) Route *route = NULL; Route *existing; int r; @@ -326,7 +326,7 @@ static int dhcp_pd_request_route(Link *link, const struct in6_addr *prefix, uint route->source = NETWORK_CONFIG_SOURCE_DHCP_PD; route->family = AF_INET6; route->dst.in6 = *prefix; - route->dst_prefixlen = prefixlen; + route->dst_prefixlen = 64; route->protocol = RTPROT_DHCP; route->priority = link->network->dhcp_pd_route_metric; route->lifetime_usec = lifetime_usec; @@ -386,7 +386,6 @@ static void log_dhcp_pd_address(Link *link, const Address *address) { static int dhcp_pd_request_address( Link *link, const struct in6_addr *prefix, - uint8_t prefixlen, usec_t lifetime_preferred_usec, usec_t lifetime_valid_usec) { @@ -401,7 +400,7 @@ static int dhcp_pd_request_address( if (!link->network->dhcp_pd_assign) return 0; - r = dhcp_pd_generate_addresses(link, prefix, prefixlen, &addresses); + r = dhcp_pd_generate_addresses(link, prefix, &addresses); if (r < 0) return log_link_warning_errno(link, r, "Failed to generate addresses for acquired DHCP delegated prefix: %m"); @@ -416,11 +415,10 @@ static int dhcp_pd_request_address( address->source = NETWORK_CONFIG_SOURCE_DHCP_PD; address->family = AF_INET6; address->in_addr.in6 = *a; - address->prefixlen = prefixlen; + address->prefixlen = 64; address->lifetime_preferred_usec = lifetime_preferred_usec; address->lifetime_valid_usec = lifetime_valid_usec; - if (prefixlen == 64) - SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp_pd_manage_temporary_address); + SET_FLAG(address->flags, IFA_F_MANAGETEMPADDR, link->network->dhcp_pd_manage_temporary_address); address->route_metric = link->network->dhcp_pd_route_metric; log_dhcp_pd_address(link, address); @@ -531,7 +529,8 @@ static int dhcp_pd_assign_subnet_prefix( const struct in6_addr *pd_prefix, uint8_t pd_prefix_len, usec_t lifetime_preferred_usec, - usec_t lifetime_valid_usec) { + usec_t lifetime_valid_usec, + bool is_uplink) { _cleanup_free_ char *buf = NULL; struct in6_addr prefix; @@ -548,20 +547,24 @@ static int dhcp_pd_assign_subnet_prefix( (void) in6_addr_prefix_to_string(&prefix, 64, &buf); if (link_radv_enabled(link) && link->network->dhcp_pd_announce) { - r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec); - if (r < 0) - return log_link_warning_errno(link, r, - "Failed to assign/update prefix %s to IPv6 Router Advertisement: %m", - strna(buf)); + if (is_uplink) + log_link_debug(link, "Ignoring Announce= setting on upstream interface."); + else { + r = radv_add_prefix(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec); + if (r < 0) + return log_link_warning_errno(link, r, + "Failed to assign/update prefix %s to IPv6 Router Advertisement: %m", + strna(buf)); + } } - r = dhcp_pd_request_route(link, &prefix, 64, lifetime_valid_usec); + r = dhcp_pd_request_route(link, &prefix, lifetime_valid_usec); if (r < 0) return log_link_warning_errno(link, r, "Failed to assign/update route for prefix %s: %m", strna(buf)); - r = dhcp_pd_request_address(link, &prefix, 64, lifetime_preferred_usec, lifetime_valid_usec); + r = dhcp_pd_request_address(link, &prefix, lifetime_preferred_usec, lifetime_valid_usec); if (r < 0) return log_link_warning_errno(link, r, "Failed to assign/update address for prefix %s: %m", @@ -577,41 +580,6 @@ static int dhcp_pd_assign_subnet_prefix( return 1; } -static int dhcp_pd_assign_prefix_on_uplink( - Link *link, - const struct in6_addr *pd_prefix, - uint8_t pd_prefix_len, - usec_t lifetime_preferred_usec, - usec_t lifetime_valid_usec) { - - _cleanup_free_ char *buf = NULL; - int r; - - assert(link); - assert(link->network); - assert(pd_prefix); - - (void) in6_addr_prefix_to_string(pd_prefix, pd_prefix_len, &buf); - - if (link->network->dhcp_pd_announce) - log_link_debug(link, "Ignoring Announce= setting on upstream interface."); - - r = dhcp_pd_request_route(link, pd_prefix, pd_prefix_len, lifetime_valid_usec); - if (r < 0) - return log_link_warning_errno(link, r, - "Failed to assign/update route for prefix %s: %m", - strna(buf)); - - r = dhcp_pd_request_address(link, pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); - if (r < 0) - return log_link_warning_errno(link, r, - "Failed to assign/update address for prefix %s: %m", - strna(buf)); - - log_link_debug(link, "Assigned prefix %s", strna(buf)); - return 1; -} - static int dhcp_pd_prepare(Link *link) { if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) return 0; @@ -954,19 +922,15 @@ static int dhcp4_pd_assign_subnet_prefix(Link *link, Link *uplink) { return r; if (streq_ptr(uplink->dhcp4_6rd_tunnel_name, link->ifname)) { - r = dhcp_pd_assign_prefix_on_uplink(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec); - if (r < 0) - return r; - r = dhcp4_pd_request_default_gateway_on_6rd_tunnel(link, &br_addresses[0], lifetime_usec); if (r < 0) return r; - } else { - r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec); - if (r < 0) - return r; } + r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefixlen, lifetime_usec, lifetime_usec, /* is_uplink = */ false); + if (r < 0) + return r; + return dhcp_pd_finalize(link); } @@ -1127,10 +1091,9 @@ static int dhcp6_pd_assign_subnet_prefixes(Link *link, Link *uplink) { lifetime_preferred_usec = usec_add(lifetime_preferred_sec * USEC_PER_SEC, timestamp_usec); lifetime_valid_usec = usec_add(lifetime_valid_sec * USEC_PER_SEC, timestamp_usec); - if (link == uplink) - r = dhcp_pd_assign_prefix_on_uplink(link, &pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); - else - r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefix_len, lifetime_preferred_usec, lifetime_valid_usec); + r = dhcp_pd_assign_subnet_prefix(link, &pd_prefix, pd_prefix_len, + lifetime_preferred_usec, lifetime_valid_usec, + /* is_uplink = */ link == uplink); if (r < 0) return r; } diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 82a099fbece..ac2c1ba034f 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -5080,7 +5080,7 @@ def test_dhcp6pd(self): dummy99: auto -> 0x03 (No address assignment) veth97: 0x08 veth98: 0x09 - veth99: 0x10 (ignored, as it is upstream) + veth99: 0x10 ''' print('### ip -6 address show dev veth99 scope global') @@ -5089,9 +5089,12 @@ def test_dhcp6pd(self): # IA_NA self.assertRegex(output, 'inet6 3ffe:501:ffff:100::[0-9]*/128 scope global (dynamic noprefixroute|noprefixroute dynamic)') # address in IA_PD (Token=static) - self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d/56 (metric 256 |)scope global dynamic') + self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]10:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic') # address in IA_PD (Token=eui64) - self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1034:56ff:fe78:9abc/56 (metric 256 |)scope global dynamic') + self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]10:1034:56ff:fe78:9abc/64 (metric 256 |)scope global dynamic') + # address in IA_PD (temporary) + # Note that the temporary addresses may appear after the link enters configured state + self.wait_address('veth99', 'inet6 3ffe:501:ffff:[2-9a-f]10:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6') print('### ip -6 address show dev test1 scope global') output = check_output('ip -6 address show dev test1 scope global') @@ -5099,7 +5102,6 @@ def test_dhcp6pd(self): # address in IA_PD (Token=static) self.assertRegex(output, 'inet6 3ffe:501:ffff:[2-9a-f]00:1a:2b:3c:4d/64 (metric 256 |)scope global dynamic mngtmpaddr') # address in IA_PD (temporary) - # Note that the temporary addresses may appear after the link enters configured state self.wait_address('test1', 'inet6 3ffe:501:ffff:[2-9a-f]00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global temporary dynamic', ipv='-6') print('### ip -6 address show dev dummy98 scope global') @@ -5164,7 +5166,7 @@ def test_dhcp6pd(self): print('### ip -6 route show dev veth99') output = check_output('ip -6 route show dev veth99') print(output) - self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]00::/56 proto kernel metric [0-9]* expires') + self.assertRegex(output, '3ffe:501:ffff:[2-9a-f]10::/64 proto kernel metric [0-9]* expires') print('### ip -6 route show dev test1') output = check_output('ip -6 route show dev test1') @@ -5258,6 +5260,7 @@ def verify_dhcp4_6rd(self, tunnel_name): dummy97: 0x01 (The link will appear later) dummy98: 0x02 dummy99: auto -> 0x03 (No address assignment) + 6rd-XXX: auto -> 0x0[34] veth97: 0x08 veth98: 0x09 veth99: 0x10 @@ -5299,7 +5302,7 @@ def verify_dhcp4_6rd(self, tunnel_name): output = check_output('ip -6 address show dev dummy99 scope global') print(output) # Assign=no - self.assertNotRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+03') + self.assertNotRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+0[34]') print('### ip -6 address show dev veth97 scope global') output = check_output('ip -6 address show dev veth97 scope global') @@ -5364,7 +5367,7 @@ def verify_dhcp4_6rd(self, tunnel_name): print('### ip -6 route show dev dummy99') output = check_output('ip -6 route show dev dummy99') print(output) - self.assertRegex(output, '2001:db8:6464:[0-9a-f]+03::/64 proto dhcp metric [0-9]* expires') + self.assertRegex(output, '2001:db8:6464:[0-9a-f]+0[34]::/64 proto dhcp metric [0-9]* expires') print('### ip -6 route show dev veth97') output = check_output('ip -6 route show dev veth97') @@ -5411,13 +5414,13 @@ def verify_dhcp4_6rd(self, tunnel_name): print('### ip -6 address show dev {}'.format(tunnel_name)) output = check_output('ip -6 address show dev {}'.format(tunnel_name)) print(output) - self.assertRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+00:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/56 (metric 256 |)scope global dynamic') + self.assertRegex(output, 'inet6 2001:db8:6464:[0-9a-f]+0[34]:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*:[0-9a-f]*/64 (metric 256 |)scope global dynamic') self.assertRegex(output, 'inet6 ::10.100.100.[0-9]+/96 scope global') print('### ip -6 route show dev {}'.format(tunnel_name)) output = check_output('ip -6 route show dev {}'.format(tunnel_name)) print(output) - self.assertRegex(output, '2001:db8:6464:[0-9a-f]+00::/56 proto kernel metric [0-9]* expires') + self.assertRegex(output, '2001:db8:6464:[0-9a-f]+0[34]::/64 proto kernel metric [0-9]* expires') self.assertRegex(output, '::/96 proto kernel metric [0-9]*') print('### ip -6 route show default') From c92297a20c13b7e15b0026b1f36ebe99d86cfce8 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 26 Dec 2021 01:11:00 +0000 Subject: [PATCH 181/703] ci: replace apt-key with signed-by to limit the scope of the key to apt.llvm.org only. This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/ (cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da) --- .github/workflows/build_test.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index 5b18784461a..549e59b2c92 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -80,9 +80,10 @@ if [[ "$COMPILER" == clang ]]; then # llvm package if available in such cases to avoid that. if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then # Latest LLVM stack deb packages provided by https://apt.llvm.org/ - # Following snippet was borrowed from https://apt.llvm.org/llvm.sh - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - - add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" + # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg + printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ + "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") fi elif [[ "$COMPILER" == gcc ]]; then From fa6e263273905cfc9e4528e8175ace3d19d881e3 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Tue, 22 Feb 2022 14:43:40 +0100 Subject: [PATCH 182/703] ci: fix clang-13 installation For some reason Ubuntu Focal repositories now have `llvm-13` virtual package which can't be installed, but successfully fools our check, resulting in no clang/llvm being installed... ``` $ apt show llvm-13 Package: llvm-13 State: not a real package (virtual) N: Can't select candidate version from package llvm-13 as it has no candidate N: Can't select versions from package 'llvm-13' as it is purely virtual N: No packages found $ apt install --dry-run llvm-13 Reading package lists... Done Building dependency tree Reading state information... Done Package llvm-13 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'llvm-13' has no installation candidate ``` (cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077) --- .github/workflows/build_test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index 549e59b2c92..5a173a18d50 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -78,12 +78,12 @@ if [[ "$COMPILER" == clang ]]; then # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 # provided by the apt.llvm.org repositories. Let's use the system # llvm package if available in such cases to avoid that. - if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then + if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then # Latest LLVM stack deb packages provided by https://apt.llvm.org/ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ - "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list + "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") fi elif [[ "$COMPILER" == gcc ]]; then From 1dcd82a7bf4906b6d35cd742a272eede63a3c2b7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 27 Jan 2022 00:17:23 +0900 Subject: [PATCH 183/703] sd-dhcp-server: set DHCPLease::server before hashmap_put() Otherwise, if the second push is failed, then the first hashmap contains dirty entry. Also, this makes hashmap_remove_value() used when removing leases to make not wrong lease is removed from the hashmap. Note, this just hide the root cause of the issue #22253, which will be fixed in later commit. Fixes #22253. (cherry picked from commit 8a7d048d1ddb8916482f1422405d3e0e4bccb279) --- src/libsystemd-network/sd-dhcp-server.c | 34 ++++++++++--------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index d1a0bbd0b79..1ca7fa34126 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -29,19 +29,10 @@ static DHCPLease *dhcp_lease_free(DHCPLease *lease) { return NULL; if (lease->server) { - DHCPLease *e; - - e = hashmap_get(lease->server->bound_leases_by_client_id, &lease->client_id); - if (e == lease) { - hashmap_remove(lease->server->bound_leases_by_address, UINT32_TO_PTR(lease->address)); - hashmap_remove(lease->server->bound_leases_by_client_id, &lease->client_id); - } - - e = hashmap_get(lease->server->static_leases_by_client_id, &lease->client_id); - if (e == lease) { - hashmap_remove(lease->server->static_leases_by_address, UINT32_TO_PTR(lease->address)); - hashmap_remove(lease->server->static_leases_by_client_id, &lease->client_id); - } + hashmap_remove_value(lease->server->bound_leases_by_address, UINT32_TO_PTR(lease->address), lease); + hashmap_remove_value(lease->server->bound_leases_by_client_id, &lease->client_id, lease); + hashmap_remove_value(lease->server->static_leases_by_address, UINT32_TO_PTR(lease->address), lease); + hashmap_remove_value(lease->server->static_leases_by_client_id, &lease->client_id, lease); } free(lease->client_id.data); @@ -1068,7 +1059,10 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz log_dhcp_server(server, "ACK (0x%x)", be32toh(req->message->xid)); - dhcp_lease_free(hashmap_remove(server->bound_leases_by_client_id, &lease->client_id)); + dhcp_lease_free(hashmap_get(server->bound_leases_by_client_id, &lease->client_id)); + + lease->server = server; /* This must be set just before hashmap_put(). */ + r = hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease); if (r < 0) return log_dhcp_server_errno(server, r, "Could not save lease: %m"); @@ -1077,7 +1071,6 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz if (r < 0) return log_dhcp_server_errno(server, r, "Could not save lease: %m"); - lease->server = server; TAKE_PTR(lease); if (server->callback) @@ -1117,6 +1110,8 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz log_dhcp_server(server, "ACK (0x%x)", be32toh(req->message->xid)); + lease->server = server; /* This must be set just before hashmap_put(). */ + r = hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease); if (r < 0) return log_dhcp_server_errno(server, r, "Could not save lease: %m"); @@ -1124,7 +1119,6 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz if (r < 0) return log_dhcp_server_errno(server, r, "Could not save lease: %m"); - lease->server = server; TAKE_PTR(new_lease); if (server->callback) @@ -1553,13 +1547,10 @@ int sd_dhcp_server_set_static_lease( .data = data, }; - dhcp_lease_free(hashmap_remove(server->static_leases_by_client_id, &c)); + dhcp_lease_free(hashmap_get(server->static_leases_by_client_id, &c)); return 0; } - if (hashmap_contains(server->static_leases_by_address, UINT32_TO_PTR(address->s_addr))) - return -EEXIST; - lease = new(DHCPLease, 1); if (!lease) return -ENOMEM; @@ -1574,6 +1565,8 @@ int sd_dhcp_server_set_static_lease( if (!lease->client_id.data) return -ENOMEM; + lease->server = server; /* This must be set just before hashmap_put(). */ + r = hashmap_ensure_put(&server->static_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease); if (r < 0) return r; @@ -1581,7 +1574,6 @@ int sd_dhcp_server_set_static_lease( if (r < 0) return r; - lease->server = server; TAKE_PTR(lease); return 0; } From 7f36fb25d5c6681dbabb067a9fb083bfad37a804 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 02:14:47 +0900 Subject: [PATCH 184/703] sd-dhcp-server: rename server_send_nak() -> server_send_nak_or_ignore() And logs error in the function. (cherry picked from commit eb5bff9c9de2bd218f5ac431e3aead4b5747ecd9) --- src/libsystemd-network/sd-dhcp-server.c | 29 ++++++++++++++----------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index 1ca7fa34126..c9498adc681 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -592,16 +592,28 @@ static int server_send_offer_or_ack( return 0; } -static int server_send_nak(sd_dhcp_server *server, DHCPRequest *req) { +static int server_send_nak_or_ignore(sd_dhcp_server *server, bool init_reboot, DHCPRequest *req) { _cleanup_free_ DHCPPacket *packet = NULL; size_t offset; int r; + /* When a request is refused, RFC 2131, section 4.3.2 mentioned we should send NAK when the + * client is in INITREBOOT. If the client is in other state, there is nothing mentioned in the + * RFC whether we should send NAK or not. Hence, let's silently ignore the request. */ + + if (!init_reboot) + return 0; + r = server_message_init(server, &packet, DHCP_NAK, &offset, req); if (r < 0) - return r; + return log_dhcp_server_errno(server, r, "Failed to create NAK message: %m"); + + r = dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); + if (r < 0) + return log_dhcp_server_errno(server, r, "Could not send NAK message: %m"); - return dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); + log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); + return DHCP_NAK; } static int server_send_forcerenew(sd_dhcp_server *server, be32_t address, @@ -1125,18 +1137,9 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz server->callback(server, SD_DHCP_SERVER_EVENT_LEASE_CHANGED, server->callback_userdata); return DHCP_ACK; - - } else if (init_reboot) { - r = server_send_nak(server, req); - if (r < 0) - /* this only fails on critical errors */ - return log_dhcp_server_errno(server, r, "Could not send nak: %m"); - - log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); - return DHCP_NAK; } - break; + return server_send_nak_or_ignore(server, init_reboot, req); } case DHCP_RELEASE: { From 316f6bdb395e8462e51c7498039db0317903e004 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 02:10:23 +0900 Subject: [PATCH 185/703] sd-dhcp-server: rename get_pool_offset() -> address_is_in_pool() As, the value of pool_offset is not used. (cherry picked from commit 5cc8be890db8611b9003304769ec82c3548be6e1) --- src/libsystemd-network/sd-dhcp-server.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index c9498adc681..26c3765798f 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -746,17 +746,17 @@ static int ensure_sane_request(sd_dhcp_server *server, DHCPRequest *req, DHCPMes return 0; } -static int get_pool_offset(sd_dhcp_server *server, be32_t requested_ip) { +static bool address_is_in_pool(sd_dhcp_server *server, be32_t address) { assert(server); - if (!server->pool_size) - return -EINVAL; + if (server->pool_size == 0) + return false; - if (be32toh(requested_ip) < (be32toh(server->subnet) | server->pool_offset) || - be32toh(requested_ip) >= (be32toh(server->subnet) | (server->pool_offset + server->pool_size))) - return -ERANGE; + if (be32toh(address) < (be32toh(server->subnet) | server->pool_offset) || + be32toh(address) >= (be32toh(server->subnet) | (server->pool_offset + server->pool_size))) + return false; - return be32toh(requested_ip & ~server->netmask) - server->pool_offset; + return true; } static int append_agent_information_option(sd_dhcp_server *server, DHCPMessage *message, size_t opt_length, size_t size) { @@ -990,10 +990,8 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz return 1; case DHCP_REQUEST: { - DHCPLease *existing_lease_by_address; be32_t address; bool init_reboot = false; - int pool_offset; /* see RFC 2131, section 4.3.2 */ @@ -1044,9 +1042,6 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz if (address == server->address) return 0; - pool_offset = get_pool_offset(server, address); - existing_lease_by_address = hashmap_get(server->bound_leases_by_address, UINT32_TO_PTR(address)); - /* verify that the requested address is from the pool, and either owned by the current client or free */ if (static_lease && static_lease->address == address) { @@ -1089,8 +1084,10 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz server->callback(server, SD_DHCP_SERVER_EVENT_LEASE_CHANGED, server->callback_userdata); return DHCP_ACK; + } - } else if (pool_offset >= 0 && existing_lease_by_address == existing_lease) { + DHCPLease *existing_lease_by_address = hashmap_get(server->bound_leases_by_address, UINT32_TO_PTR(address)); + if (address_is_in_pool(server, address) && existing_lease_by_address == existing_lease) { _cleanup_(dhcp_lease_freep) DHCPLease *new_lease = NULL; usec_t time_now, expiration; DHCPLease *lease; From 71d05ec4580cf1efdc86ed6ae7310a46244c54e5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 03:50:16 +0900 Subject: [PATCH 186/703] sd-dhcp-server: do not assign an address from pool when a static lease for the client ID exists (cherry picked from commit e2ba408084935fffa0c73007528de7babf9309c8) --- src/libsystemd-network/sd-dhcp-server.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index 26c3765798f..e7d6cf83471 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -1042,9 +1042,13 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz if (address == server->address) return 0; - /* verify that the requested address is from the pool, and either - owned by the current client or free */ - if (static_lease && static_lease->address == address) { + if (static_lease) { + /* Found a static lease for the client ID. */ + + if (static_lease->address != address) + /* The client requested an address which is different from the static lease. Refuse. */ + return server_send_nak_or_ignore(server, init_reboot, req); + _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL; usec_t time_now, expiration; From 0478298bf98dca0b64dc72d503bdf122602580da Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 03:50:57 +0900 Subject: [PATCH 187/703] sd-dhcp-server: explicitly refuse when conflicting address is requested (cherry picked from commit 7e98fe05a0b9cdfdad326f34189cd37257d9d4e4) --- src/libsystemd-network/sd-dhcp-server.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index e7d6cf83471..eb82c886973 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -1090,14 +1090,17 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz return DHCP_ACK; } - DHCPLease *existing_lease_by_address = hashmap_get(server->bound_leases_by_address, UINT32_TO_PTR(address)); - if (address_is_in_pool(server, address) && existing_lease_by_address == existing_lease) { + if (address_is_in_pool(server, address)) { + /* The requested address is in the pool. */ + + if (existing_lease && existing_lease->address != address) + /* We previously assigned an address, but the client requested another one. Refuse. */ + return server_send_nak_or_ignore(server, init_reboot, req); + _cleanup_(dhcp_lease_freep) DHCPLease *new_lease = NULL; usec_t time_now, expiration; DHCPLease *lease; - /* Note that in the above condition we accept the case that both leases are NULL. */ - r = sd_event_now(server->event, clock_boottime_or_monotonic(), &time_now); if (r < 0) return r; From 995086918c9f00865f425f58b44db87f7d634357 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 02:25:37 +0900 Subject: [PATCH 188/703] sd-dhcp-server: do not assign address reserved for static leases to non-matching clients This fix the root cause of the issue #22253. (cherry picked from commit bd1a3eb65b9e308028c18e1ed7ffde474a3b1244) --- src/libsystemd-network/sd-dhcp-server.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index eb82c886973..9b0aca7980b 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -756,6 +756,9 @@ static bool address_is_in_pool(sd_dhcp_server *server, be32_t address) { be32toh(address) >= (be32toh(server->subnet) | (server->pool_offset + server->pool_size))) return false; + if (hashmap_contains(server->static_leases_by_address, UINT32_TO_PTR(address))) + return false; + return true; } From 336711e062ef2f58a7af007c5f4df479e8167534 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 17 Feb 2022 00:49:21 +0900 Subject: [PATCH 189/703] sd-dhcp-server: do not offer server address The server address may be in the pool. (cherry picked from commit 9e0cb8b61f46a2164290a2380db89e45876b370c) --- src/libsystemd-network/sd-dhcp-server.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index 9b0aca7980b..9088c09fc09 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -752,6 +752,9 @@ static bool address_is_in_pool(sd_dhcp_server *server, be32_t address) { if (server->pool_size == 0) return false; + if (address == server->address) + return false; + if (be32toh(address) < (be32toh(server->subnet) | server->pool_offset) || be32toh(address) >= (be32toh(server->subnet) | (server->pool_offset + server->pool_size))) return false; From 477b85f43871c78fce053ebbd9592bf71d49dd30 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Thu, 17 Feb 2022 14:02:04 +0100 Subject: [PATCH 190/703] packit: drop unnumbered patches as well (cherry picked from commit 729c6b6af8e3cef259b80746f7f7f10cc63d309f) --- .packit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.packit.yml b/.packit.yml index 962c77913eb..e16622311ee 100644 --- a/.packit.yml +++ b/.packit.yml @@ -21,9 +21,9 @@ actions: # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" # Drop backported patches from the specfile, but keep the downstream-only ones - # - Patch0000-0499: backported patches from upstream + # - Patch(0000-0499): backported patches from upstream # - Patch0500-9999: downstream-only patches - - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" + - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" # Build the RPM with --werror. Even though --werror doesn't work in all # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). From df08c12062dfd9903edec371598412a47a3055e0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 24 Jan 2022 06:06:55 +0900 Subject: [PATCH 191/703] dns-domain: re-introduce dns_name_is_empty() (cherry picked from commit 7bdf41983044268b4bc2f9d34462db7f89ba284a) --- src/shared/dns-domain.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h index c25fcaacc2a..24bf00bd58b 100644 --- a/src/shared/dns-domain.h +++ b/src/shared/dns-domain.h @@ -60,6 +60,10 @@ static inline int dns_name_is_valid_ldh(const char *s) { return 1; } +static inline bool dns_name_is_empty(const char *s) { + return isempty(s) || streq(s, "."); +} + void dns_name_hash_func(const char *s, struct siphash *state); int dns_name_compare_func(const char *a, const char *b); extern const struct hash_ops dns_name_hash_ops; From 0fd3ccca64402eaec9535d0288d888f7fcacb9b8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 24 Jan 2022 06:07:33 +0900 Subject: [PATCH 192/703] resolve: synthesize empty name Do not return any error for empty name. Just returns empty answer. Before: --- $ dig . ; <<>> DiG 9.16.24-RH <<>> . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Jan 24 05:49:30 JST 2022 ;; MSG SIZE rcvd: 28 --- After: --- $ dig . ; <<>> DiG 9.16.24-RH <<>> . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Jan 24 06:05:02 JST 2022 ;; MSG SIZE rcvd: 28 --- Replaces #22197. Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854). (cherry picked from commit 3b2ac14ac45bef01cf489c3231b868936866444b) --- src/resolve/resolved-dns-scope.c | 4 ++++ src/resolve/resolved-dns-synthesize.c | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index c0f6df6447c..f0d0ca4bba3 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -613,6 +613,10 @@ DnsScopeMatch dns_scope_good_domain( if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) return DNS_SCOPE_NO; + /* Never resolve empty name. */ + if (dns_name_is_empty(domain)) + return DNS_SCOPE_NO; + /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on * synthesized RRs for these. */ if (is_localhost(domain) || diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c index ef1423f4416..ea239e686d8 100644 --- a/src/resolve/resolved-dns-synthesize.c +++ b/src/resolve/resolved-dns-synthesize.c @@ -394,7 +394,10 @@ int dns_synthesize_answer( name = dns_resource_key_name(key); - if (is_localhost(name)) { + if (dns_name_is_empty(name)) { + /* Do nothing. */ + + } else if (is_localhost(name)) { r = synthesize_localhost_rr(m, key, ifindex, &answer); if (r < 0) From 89b439ee00e3fbee47cda3f790cbf320538cae7f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 24 Jan 2022 06:36:53 +0900 Subject: [PATCH 193/703] resolve: synthesize null address, IPv4 broadcast address, or invalid domain These are filtered in `dns_scope_good_domain()`, but not synthesized. Fixes #22229. (cherry picked from commit 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c) --- src/resolve/resolved-dns-synthesize.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c index ea239e686d8..0914515fdfb 100644 --- a/src/resolve/resolved-dns-synthesize.c +++ b/src/resolve/resolved-dns-synthesize.c @@ -397,6 +397,14 @@ int dns_synthesize_answer( if (dns_name_is_empty(name)) { /* Do nothing. */ + } else if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || + dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || + dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0 || + dns_name_endswith(name, "invalid") > 0) { + + nxdomain = true; + continue; + } else if (is_localhost(name)) { r = synthesize_localhost_rr(m, key, ifindex, &answer); From 499115dbc3408f9a85160099e114bbaf0bacfe84 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 23 Feb 2022 07:49:40 +0900 Subject: [PATCH 194/703] resolve: drop never matched condition As dns_scope_good_domain() does not return negative errno. (cherry picked from commit 830f50ab1e03fa7ee262876ed42023d10e89688d) --- src/resolve/resolved-dns-query.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 9b296e7aa67..7dc346794e6 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -744,11 +744,7 @@ int dns_query_go(DnsQuery *q) { continue; match = dns_scope_good_domain(s, q->ifindex, q->flags, name); - if (match < 0) { - log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); - continue; - } - + assert(match >= 0); if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one * that matches this well */ found = match; @@ -780,11 +776,7 @@ int dns_query_go(DnsQuery *q) { continue; match = dns_scope_good_domain(s, q->ifindex, q->flags, name); - if (match < 0) { - log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); - continue; - } - + assert(match >= 0); if (match < found) continue; From 54ab65f5f3da22985126dc3ae846a777d6b555a9 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 23 Feb 2022 07:50:30 +0900 Subject: [PATCH 195/703] resolve: make dns_scope_good_domain() take DnsQuery* (cherry picked from commit 176a9a2cca47f7c1553d96f7dd51c2193a269dbc) --- src/resolve/resolved-dns-query.c | 14 ++------------ src/resolve/resolved-dns-scope.c | 21 +++++++++++++++++---- src/resolve/resolved-dns-scope.h | 4 ++-- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 7dc346794e6..c0bb40937a9 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -737,13 +737,8 @@ int dns_query_go(DnsQuery *q) { LIST_FOREACH(scopes, s, q->manager->dns_scopes) { DnsScopeMatch match; - const char *name; - name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); - if (!name) - continue; - - match = dns_scope_good_domain(s, q->ifindex, q->flags, name); + match = dns_scope_good_domain(s, q); assert(match >= 0); if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one * that matches this well */ @@ -769,13 +764,8 @@ int dns_query_go(DnsQuery *q) { LIST_FOREACH(scopes, s, first->scopes_next) { DnsScopeMatch match; - const char *name; - - name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); - if (!name) - continue; - match = dns_scope_good_domain(s, q->ifindex, q->flags, name); + match = dns_scope_good_domain(s, q); assert(match >= 0); if (match < found) continue; diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index f0d0ca4bba3..fb94daaccfe 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -584,11 +584,13 @@ static DnsScopeMatch match_subnet_reverse_lookups( DnsScopeMatch dns_scope_good_domain( DnsScope *s, - int ifindex, - uint64_t flags, - const char *domain) { + DnsQuery *q) { + DnsQuestion *question; DnsSearchDomain *d; + const char *domain; + uint64_t flags; + int ifindex; /* This returns the following return values: * @@ -602,7 +604,18 @@ DnsScopeMatch dns_scope_good_domain( */ assert(s); - assert(domain); + assert(q); + + question = dns_query_question_for_protocol(q, s->protocol); + if (!question) + return DNS_SCOPE_NO; + + domain = dns_question_first_name(question); + if (!domain) + return DNS_SCOPE_NO; + + ifindex = q->ifindex; + flags = q->flags; /* Checks if the specified domain is something to look up on this scope. Note that this accepts * non-qualified hostnames, i.e. those without any search path suffixed. */ diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h index a2b9546b380..1f9d22b7d18 100644 --- a/src/resolve/resolved-dns-scope.h +++ b/src/resolve/resolved-dns-scope.h @@ -10,7 +10,7 @@ typedef struct DnsScope DnsScope; #include "resolved-dns-cache.h" #include "resolved-dns-dnssec.h" #include "resolved-dns-packet.h" - +#include "resolved-dns-query.h" #include "resolved-dns-search-domain.h" #include "resolved-dns-server.h" #include "resolved-dns-stream.h" @@ -76,7 +76,7 @@ int dns_scope_emit_udp(DnsScope *s, int fd, int af, DnsPacket *p); int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *address, DnsServer *server, uint16_t port, union sockaddr_union *ret_socket_address); int dns_scope_socket_udp(DnsScope *s, DnsServer *server); -DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain); +DnsScopeMatch dns_scope_good_domain(DnsScope *s, DnsQuery *q); bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key); DnsServer *dns_scope_get_dns_server(DnsScope *s); From d57147ef5698c50e02e5e74df8d0936230032cfe Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 4 Feb 2022 12:05:33 +0900 Subject: [PATCH 196/703] resolve: synthesize empty domain only when A and/or AAAA key is requested Follow-up for 3b2ac14ac45bef01cf489c3231b868936866444b (#22231). Before this commit. --- $ dig -t SRV '.' ; <<>> DiG 9.16.24-RH <<>> -t SRV . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16836 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;. IN SRV ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Feb 04 12:01:09 JST 2022 ;; MSG SIZE rcvd: 28 --- After this commit. --- $ dig -t SRV '.' ; <<>> DiG 9.16.24-RH <<>> -t SRV . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19861 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;. IN SRV ;; AUTHORITY SECTION: . 86394 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022020302 1800 900 604800 86400 ;; Query time: 20 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Feb 04 12:00:12 JST 2022 ;; MSG SIZE rcvd: 103 --- Fixes #22401. (cherry picked from commit 30fa3aa1fa56d9a1a4f3a26c0bc02253d44dfa0f) --- src/resolve/resolved-dns-scope.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index fb94daaccfe..ab40d692ae9 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -626,10 +626,6 @@ DnsScopeMatch dns_scope_good_domain( if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) return DNS_SCOPE_NO; - /* Never resolve empty name. */ - if (dns_name_is_empty(domain)) - return DNS_SCOPE_NO; - /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on * synthesized RRs for these. */ if (is_localhost(domain) || @@ -658,6 +654,22 @@ DnsScopeMatch dns_scope_good_domain( DnsScopeMatch m; int n_best = -1; + if (dns_name_is_empty(domain)) { + DnsResourceKey *t; + bool found = false; + + /* Refuse empty name if only A and/or AAAA records are requested. */ + + DNS_QUESTION_FOREACH(t, question) + if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA)) { + found = true; + break; + } + + if (!found) + return DNS_SCOPE_NO; + } + /* Never route things to scopes that lack DNS servers */ if (!dns_scope_get_dns_server(s)) return DNS_SCOPE_NO; From a51e540b278827c0fc59760b9c77cd42cbddc0d2 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Feb 2022 17:23:48 +0100 Subject: [PATCH 197/703] pid1: watch bus name always when we have it Previously we'd only watch configured service bus names if Type=dbus was set. Let's also watch it for other types. This is useful to pick up the main PID of such a service. In fact the code to pick it up was already in place, alas it didn't do anything given the signal was never received for it. Fix that. (It's also useful for debugging) (cherry picked from commit 1e8b312e5a22538f91defb89cf2997e09e106297) --- src/core/service.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/core/service.c b/src/core/service.c index 49579f79985..2aea3b3cc73 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -706,17 +706,19 @@ static int service_setup_bus_name(Service *s) { assert(s); /* If s->bus_name is not set, then the unit will be refused by service_verify() later. */ - if (s->type != SERVICE_DBUS || !s->bus_name) + if (!s->bus_name) return 0; - r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); - if (r < 0) - return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); + if (s->type == SERVICE_DBUS) { + r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); + if (r < 0) + return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); - /* We always want to be ordered against dbus.socket if both are in the transaction. */ - r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); - if (r < 0) - return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); + /* We always want to be ordered against dbus.socket if both are in the transaction. */ + r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); + if (r < 0) + return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); + } r = unit_watch_bus_name(UNIT(s), s->bus_name); if (r == -EEXIST) From cf390149cb25248169c482e315a1a7ff02eaf956 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Feb 2022 14:40:25 +0100 Subject: [PATCH 198/703] pid1: lookup owning PID of BusName= name of services asynchronously A first step of removing blocking calls to the D-Bus broker from PID 1. There's a lot more to got (i.e. grep src/core/ for sd_bus_creds basically), but it's a start. Removing blocking calls to D-Bus broker deals systematicallly with deadlocks caused by dbus-daemon blocking on synchronous IPC calls back to PID1 (e.g. Varlink calls through nss-systemd). Bugs such as #15316. Also-see: https://github.com/systemd/systemd/pull/22038#issuecomment-1042958390 (cherry picked from commit e39eb045a502d599e6cd3fda7a46020dd438d018) --- src/core/service.c | 91 ++++++++++++++++++++++++++++++++++++---------- src/core/service.h | 2 + 2 files changed, 74 insertions(+), 19 deletions(-) diff --git a/src/core/service.c b/src/core/service.c index 2aea3b3cc73..fb22d103ea2 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -398,6 +398,8 @@ static void service_done(Unit *u) { s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source); s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source); + s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); + service_release_resources(u); } @@ -4233,6 +4235,60 @@ static int service_get_timeout(Unit *u, usec_t *timeout) { return 1; } +static bool pick_up_pid_from_bus_name(Service *s) { + assert(s); + + /* If the service is running but we have no main PID yet, get it from the owner of the D-Bus name */ + + return !pid_is_valid(s->main_pid) && + IN_SET(s->state, + SERVICE_START, + SERVICE_START_POST, + SERVICE_RUNNING, + SERVICE_RELOAD); +} + +static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, sd_bus_error *ret_error) { + const sd_bus_error *e; + Unit *u = userdata; + uint32_t pid; + Service *s; + int r; + + assert(reply); + assert(u); + + s = SERVICE(u); + s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); + + if (!s->bus_name || !pick_up_pid_from_bus_name(s)) + return 1; + + e = sd_bus_message_get_error(reply); + if (e) { + r = sd_bus_error_get_errno(e); + log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r)); + return 1; + } + + r = sd_bus_message_read(reply, "u", &pid); + if (r < 0) { + bus_log_parse_error(r); + return 1; + } + + if (!pid_is_valid(pid)) { + log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID"); + return 1; + } + + log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, (pid_t) pid); + + service_set_main_pid(s, pid); + unit_watch_pid(UNIT(s), pid, false); + return 1; +} + static void service_bus_name_owner_change(Unit *u, const char *new_owner) { Service *s = SERVICE(u); @@ -4263,28 +4319,25 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) { else if (s->state == SERVICE_START && new_owner) service_enter_start_post(s); - } else if (new_owner && - s->main_pid <= 0 && - IN_SET(s->state, - SERVICE_START, - SERVICE_START_POST, - SERVICE_RUNNING, - SERVICE_RELOAD)) { - - _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; - pid_t pid; + } else if (new_owner && pick_up_pid_from_bus_name(s)) { /* Try to acquire PID from bus service */ - r = sd_bus_get_name_creds(u->manager->api_bus, s->bus_name, SD_BUS_CREDS_PID, &creds); - if (r >= 0) - r = sd_bus_creds_get_pid(creds, &pid); - if (r >= 0) { - log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, pid); - - service_set_main_pid(s, pid); - unit_watch_pid(UNIT(s), pid, false); - } + s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); + + r = sd_bus_call_method_async( + u->manager->api_bus, + &s->bus_name_pid_lookup_slot, + "org.freedesktop.DBus", + "/org/freedesktop/DBus", + "org.freedesktop.DBus", + "GetConnectionUnixProcessID", + bus_name_pid_lookup_callback, + s, + "s", + s->bus_name); + if (r < 0) + log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m"); } } diff --git a/src/core/service.h b/src/core/service.h index 778551d8441..4116e40d8f3 100644 --- a/src/core/service.h +++ b/src/core/service.h @@ -195,6 +195,8 @@ struct Service { NotifyAccess notify_access; NotifyState notify_state; + sd_bus_slot *bus_name_pid_lookup_slot; + sd_event_source *exec_fd_event_source; ServiceFDStore *fd_store; From 4ec9aec4b695e1f0a26dc9cd55719c2f91ebdd6a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Feb 2022 14:47:34 +0100 Subject: [PATCH 199/703] docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it It was removed back in 1684c56f40f020e685e70b3d1785d596ff16f892 Follow-up for: 1684c56f40f020e685e70b3d1785d596ff16f892 (cherry picked from commit cec16155e3dab4f123ba073223477a4ef2cf10f9) --- docs/ENVIRONMENT.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index 71d6c55010d..12b4cad25f8 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -219,10 +219,6 @@ All tools: user/group records for dynamically registered service users (i.e. users registered through `DynamicUser=1`). -* `$SYSTEMD_NSS_BYPASS_BUS=1` — if set, `nss-systemd` won't use D-Bus to do - dynamic user lookups. This is primarily useful to make `nss-systemd` work - safely from within `dbus-daemon`. - `systemd-timedated`: * `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of From 367041af816d48d4852140f98fd0ba78ed83f9e4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Feb 2022 14:49:54 +0100 Subject: [PATCH 200/703] pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There's currently a deadlock between PID 1 and dbus-daemon: in some cases dbus-daemon will do NSS lookups (which are blocking) at the same time PID 1 synchronously blocks on some call to dbus-daemon. Let's break that by setting SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon, which will disable synchronously blocking varlink calls from nss-systemd to PID 1. In the long run we should fix this differently: remove all synchronous calls to dbus-daemon from PID 1. This is not trivial however: so far we had the rule that synchronous calls from PID 1 to the dbus broker are OK as long as they only go to interfaces implemented by the broke itself rather than services reachable through it. Given that the relationship between PID 1 and dbus is kinda special anyway, this was considered acceptable for the sake of simplicity, since we quite often need metadata about bus peers from the broker, and the asynchronous logic would substantially complicate even the simplest method handlers. This mostly reworks the existing code that sets SYSTEMD_NSS_BYPASS_BUS= (which is a similar hack to deal with deadlocks between nss-systemd and dbus-daemon itself) to set SYSTEMD_NSS_DYNAMIC_BYPASS=1 instead. No code was checking SYSTEMD_NSS_BYPASS_BUS= anymore anyway, and it used to solve a similar problem, hence it's an obvious piece of code to rework like this. Issue originally tracked down by Lukas Märdian. This patch is inspired and closely based on his patch: https://github.com/systemd/systemd/pull/22038 Fixes: #15316 Co-authored-by: Lukas Märdian (cherry picked from commit de90700f36f2126528f7ce92df0b5b5d5e277558) --- src/core/execute.c | 10 +++++----- src/core/execute.h | 26 +++++++++++++------------- src/core/service.c | 2 +- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index ce4cb9c8e76..0b20d386d35 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1864,11 +1864,11 @@ static int build_environment( our_env[n_env++] = x; } - /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic - * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but - * check the database directly. */ - if (p->flags & EXEC_NSS_BYPASS_BUS) { - x = strdup("SYSTEMD_NSS_BYPASS_BUS=1"); + /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use blocking + * Varlink calls back to us for look up dynamic users in PID 1. Break the deadlock between D-Bus and + * PID 1 by disabling use of PID1' NSS interface for looking up dynamic users. */ + if (p->flags & EXEC_NSS_DYNAMIC_BYPASS) { + x = strdup("SYSTEMD_NSS_DYNAMIC_BYPASS=1"); if (!x) return -ENOMEM; our_env[n_env++] = x; diff --git a/src/core/execute.h b/src/core/execute.h index b0da375def7..a898cbcc648 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -370,21 +370,21 @@ static inline bool exec_context_with_rootfs(const ExecContext *c) { } typedef enum ExecFlags { - EXEC_APPLY_SANDBOXING = 1 << 0, - EXEC_APPLY_CHROOT = 1 << 1, - EXEC_APPLY_TTY_STDIN = 1 << 2, - EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ - EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ - EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ - EXEC_CGROUP_DELEGATE = 1 << 6, - EXEC_IS_CONTROL = 1 << 7, - EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ - EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ + EXEC_APPLY_SANDBOXING = 1 << 0, + EXEC_APPLY_CHROOT = 1 << 1, + EXEC_APPLY_TTY_STDIN = 1 << 2, + EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ + EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ + EXEC_NSS_DYNAMIC_BYPASS = 1 << 5, /* Set the SYSTEMD_NSS_DYNAMIC_BYPASS environment variable, to disable nss-systemd blocking on PID 1, for use by dbus-daemon */ + EXEC_CGROUP_DELEGATE = 1 << 6, + EXEC_IS_CONTROL = 1 << 7, + EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ + EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ /* The following are not used by execute.c, but by consumers internally */ - EXEC_PASS_FDS = 1 << 10, - EXEC_SETENV_RESULT = 1 << 11, - EXEC_SET_WATCHDOG = 1 << 12, + EXEC_PASS_FDS = 1 << 10, + EXEC_SETENV_RESULT = 1 << 11, + EXEC_SET_WATCHDOG = 1 << 12, } ExecFlags; /* Parameters for a specific invocation of a command. This structure is put together right before a command is diff --git a/src/core/service.c b/src/core/service.c index fb22d103ea2..d17dbb0f078 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1592,7 +1592,7 @@ static int service_spawn( return -ENOMEM; /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */ - SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS, + SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS, MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE)); strv_free_and_replace(exec_params.environment, final_env); From e59c381e2321ae9e476c550d5a3d43a1fd0493ac Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Fri, 18 Feb 2022 23:09:18 +0100 Subject: [PATCH 201/703] systemctl: make `--timestamp=` affect the `show` verb as well Currently the `--timestamp=` option has no effect on timestamps shown by `systemctl show`, let's fix that. Spotted in #22567. Before: ``` $ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET ConditionTimestamp=Sat 2021-12-11 15:25:57 CET AssertTimestamp=Sat 2021-12-11 15:25:57 CET ``` After: ``` $ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= ExecMainStartTimestamp=Sat 2021-12-11 14:25:57.177848 UTC StateChangeTimestamp=Sat 2021-12-11 14:25:57.196714 UTC InactiveExitTimestamp=Sat 2021-12-11 14:25:57.177871 UTC ActiveEnterTimestamp=Sat 2021-12-11 14:25:57.196714 UTC ActiveExitTimestamp=Sat 2021-12-11 14:25:57.144677 UTC InactiveEnterTimestamp=Sat 2021-12-11 14:25:57.176331 UTC ConditionTimestamp=Sat 2021-12-11 14:25:57.176980 UTC AssertTimestamp=Sat 2021-12-11 14:25:57.176980 UTC ``` (cherry picked from commit a59e5c625da5a6e0c46e493d55f2f4212e9457ca) --- src/systemctl/systemctl-show.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c index 37c898f3131..9181a22eb78 100644 --- a/src/systemctl/systemctl-show.c +++ b/src/systemctl/systemctl-show.c @@ -989,6 +989,20 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m } break; + case SD_BUS_TYPE_UINT64: + if (endswith(name, "Timestamp")) { + uint64_t timestamp; + + r = sd_bus_message_read_basic(m, bus_type, ×tamp); + if (r < 0) + return r; + + bus_print_property_value(name, expected_value, flags, FORMAT_TIMESTAMP_STYLE(timestamp, arg_timestamp_style)); + + return 1; + } + break; + case SD_BUS_TYPE_STRUCT: if (contents[0] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) { From 7f28c0f3f31be51c70c04d54bccc401d342fc4a2 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 18 Feb 2022 22:56:56 +0000 Subject: [PATCH 202/703] mkosi CI: mask isc-dhcp-server units MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The packages are installed to provide the dhcpd binary, used by test/test-network/systemd-networkd-tests.py, but we don't need the units to run, and in fact in some cases the image fails to boot because of them: Spawning container image on /home/runner/work/systemd/systemd/image.raw. Press ^] three times within 1s to kill container. ● isc-dhcp-server.service loaded failed failed ISC DHCP IPv4 server ● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server Container image failed with error code 1. Error: Process completed with exit code 1. Mask the units with an --extra-tree. (cherry picked from commit 21838f36a64e71dd6439692e57d629f27e4954ea) --- .github/workflows/run_mkosi.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/run_mkosi.sh b/.github/workflows/run_mkosi.sh index e8803239aa6..a6a84b6c44f 100755 --- a/.github/workflows/run_mkosi.sh +++ b/.github/workflows/run_mkosi.sh @@ -7,11 +7,20 @@ set -o pipefail EC=0 TEMPFILE="$(mktemp)" -trap "rm -f '$TEMPFILE'" EXIT +TEMP_EXTRA_TREE="$(mktemp --directory)" +trap "rm -rf '$TEMPFILE' '$TEMP_EXTRA_TREE'" EXIT + +# We need isc-dhcp-server to be installed for the networkd unit tests, but we don't want to +# run it by default. mktemp creates the directory as 700, so change it, otherwise it will +# affect the image's root folder permissions. +chmod 755 "$TEMP_EXTRA_TREE" +mkdir -p "$TEMP_EXTRA_TREE/etc/systemd/system/" +ln -s /dev/null "$TEMP_EXTRA_TREE/etc/systemd/system/isc-dhcp-server.service" +ln -s /dev/null "$TEMP_EXTRA_TREE/etc/systemd/system/isc-dhcp-server6.service" for ((i = 0; i < 5; i++)); do EC=0 - (sudo python3 -m mkosi "$@") |& tee "$TEMPFILE" || EC=$? + (sudo python3 -m mkosi --extra-tree="$TEMP_EXTRA_TREE" "$@") |& tee "$TEMPFILE" || EC=$? if [[ $EC -eq 0 ]]; then # The command passed - let's return immediatelly break From 5a322fd54bbd128d234f02ff13e4b4fd7b3e6048 Mon Sep 17 00:00:00 2001 From: Matthias Lisin Date: Mon, 21 Feb 2022 02:32:25 +0100 Subject: [PATCH 203/703] tools: adjust re.match to recent gpt.h additions with addition of SD_ID128_MAKE_UUID_STR entries to src/shared/gpt.h the tool failed halfway due to falsly matching the new entries (cherry picked from commit 5fa87e9651074e8b78f632e43f0c2001a27f5b60) --- tools/list-discoverable-partitions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/list-discoverable-partitions.py b/tools/list-discoverable-partitions.py index 57b99b2a490..500c896c9dc 100644 --- a/tools/list-discoverable-partitions.py +++ b/tools/list-discoverable-partitions.py @@ -142,7 +142,7 @@ def extract(file): for line in file: # print(line) - m = re.match(r'^#define\s+GPT_(.*SD_ID128_MAKE.*)', line) + m = re.match(r'^#define\s+GPT_(.*SD_ID128_MAKE\(.*\))', line) if not m: continue From d016749c00c4c8e67107d2b9bde1dc97ff5e38d0 Mon Sep 17 00:00:00 2001 From: Matthias Lisin Date: Mon, 21 Feb 2022 02:46:57 +0100 Subject: [PATCH 204/703] docs: swap Name and Partition Type UUID in header (cherry picked from commit 7d5beae28ca75725a680b0ab3ef5728a252282e5) --- docs/DISCOVERABLE_PARTITIONS.md | 4 ++-- tools/list-discoverable-partitions.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/DISCOVERABLE_PARTITIONS.md b/docs/DISCOVERABLE_PARTITIONS.md index b375106afd7..1223ae71665 100644 --- a/docs/DISCOVERABLE_PARTITIONS.md +++ b/docs/DISCOVERABLE_PARTITIONS.md @@ -40,8 +40,8 @@ Interface](https://systemd.io/BOOT_LOADER_INTERFACE). ## Defined Partition Type UUIDs -| Partition Type UUID | Name | Allowed File Systems | Explanation | -|---------------------|------|----------------------|-------------| +| Name | Partition Type UUID | Allowed File Systems | Explanation | +|------|---------------------|----------------------|-------------| | _Root Partition (Alpha)_ | `6523f8ae-3eb1-4e2a-a05a-18b695ae656f` | Any native, optionally in LUKS | On systems with matching architecture, the first partition with this type UUID on the disk containing the active EFI ESP is automatically mounted to the root directory /. If the partition is encrypted with LUKS or has dm-verity integrity data (see below), the device mapper file will be named `/dev/mapper/root`. | | _Root Partition (ARC)_ | `d27f46ed-2919-4cb8-bd25-9531f3c16534` | ditto | ditto | | _Root Partition (32-bit ARM)_ | `69dad710-2ce4-4e3c-b16c-21a1d49abed3` | ditto | ditto | diff --git a/tools/list-discoverable-partitions.py b/tools/list-discoverable-partitions.py index 500c896c9dc..37ccd273024 100644 --- a/tools/list-discoverable-partitions.py +++ b/tools/list-discoverable-partitions.py @@ -6,8 +6,8 @@ import uuid HEADER = f'''\ -| Partition Type UUID | Name | Allowed File Systems | Explanation | -|---------------------|------|----------------------|-------------| +| Name | Partition Type UUID | Allowed File Systems | Explanation | +|------|---------------------|----------------------|-------------| ''' ARCHITECTURES = { From 2198c08d0786c5cec1b39283831969b2cc1adf40 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Fri, 18 Feb 2022 10:06:24 +0100 Subject: [PATCH 205/703] core: really skip automatic restart when a JOB_STOP job is pending It's not clear why we rescheduled a service auto restart while a stop job for the unit was pending. The comment claims that the unit shouldn't be restarted but the code did reschedule an auto restart meanwhile. In practice that was rarely an issue because the service waited for the next auto restart to be rescheduled, letting the queued stop job to be proceed and service_stop() to be called preventing the next restart to complete. However when RestartSec=0, the timer expired right away making PID1 to reschedule the unit again, making the timer expired right away... and so on. This busy loop prevented PID1 to handle any queued jobs (and hence giving no chance to the start rate limiting to trigger), which made the busy loop last forever. This patch breaks this loop by skipping the reschedule of the unit auto restart and hence not depending on the value of u->restart_usec anymore. Fixes: #13667 (cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332) --- src/core/service.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/core/service.c b/src/core/service.c index d17dbb0f078..87f0d34c8cd 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -2286,12 +2286,7 @@ static void service_enter_restart(Service *s) { if (unit_has_job_type(UNIT(s), JOB_STOP)) { /* Don't restart things if we are going down anyway */ - log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); - - r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); - if (r < 0) - goto fail; - + log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); return; } From 1343c2efd5401aa52f7790fff4ad7e2d70173f01 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 20:21:45 +0900 Subject: [PATCH 206/703] test-oomd-util: style fixlets (cherry picked from commit d9fe39b24a0a5464c83c7a754752ca21dbd2578f) --- src/oom/test-oomd-util.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c index 265e77c0a24..23ce5dc0b6b 100644 --- a/src/oom/test-oomd-util.c +++ b/src/oom/test-oomd-util.c @@ -300,12 +300,11 @@ static void test_oomd_pressure_above(void) { assert_se(store_loadavg_fixed_point(1, 11, &(ctx[1].memory_pressure.avg300)) == 0); ctx[1].mem_pressure_limit = threshold; - /* High memory pressure */ assert_se(h1 = hashmap_new(&string_hash_ops)); assert_se(hashmap_put(h1, "/herp.slice", &ctx[0]) >= 0); assert_se(oomd_pressure_above(h1, 0 /* duration */, &t1) == 1); - assert_se(set_contains(t1, &ctx[0]) == true); + assert_se(set_contains(t1, &ctx[0])); assert_se(c = hashmap_get(h1, "/herp.slice")); assert_se(c->mem_pressure_limit_hit_start > 0); @@ -313,14 +312,14 @@ static void test_oomd_pressure_above(void) { assert_se(h2 = hashmap_new(&string_hash_ops)); assert_se(hashmap_put(h2, "/derp.slice", &ctx[1]) >= 0); assert_se(oomd_pressure_above(h2, 0 /* duration */, &t2) == 0); - assert_se(t2 == NULL); + assert_se(!t2); assert_se(c = hashmap_get(h2, "/derp.slice")); assert_se(c->mem_pressure_limit_hit_start == 0); /* High memory pressure w/ multiple cgroups */ assert_se(hashmap_put(h1, "/derp.slice", &ctx[1]) >= 0); assert_se(oomd_pressure_above(h1, 0 /* duration */, &t3) == 1); - assert_se(set_contains(t3, &ctx[0]) == true); + assert_se(set_contains(t3, &ctx[0])); assert_se(set_size(t3) == 1); assert_se(c = hashmap_get(h1, "/herp.slice")); assert_se(c->mem_pressure_limit_hit_start > 0); From b10cc2de7dc6ac8d7d72d576100dd3a37ddb588a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 20:23:58 +0900 Subject: [PATCH 207/703] test-oomd-util: fix conditional jump on uninitialised value Fixes #22577. (cherry picked from commit a6d6a51d83fae32212e1780e71b16517a4df9a57) --- src/oom/test-oomd-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c index 23ce5dc0b6b..f0283677f7c 100644 --- a/src/oom/test-oomd-util.c +++ b/src/oom/test-oomd-util.c @@ -283,7 +283,7 @@ static void test_oomd_system_context_acquire(void) { static void test_oomd_pressure_above(void) { _cleanup_hashmap_free_ Hashmap *h1 = NULL, *h2 = NULL; _cleanup_set_free_ Set *t1 = NULL, *t2 = NULL, *t3 = NULL; - OomdCGroupContext ctx[2], *c; + OomdCGroupContext ctx[2] = {}, *c; loadavg_t threshold; assert_se(store_loadavg_fixed_point(80, 0, &threshold) == 0); From 92b86911c0c877e6b61d06dfe3ad20046e10d8e8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 21:11:51 +0900 Subject: [PATCH 208/703] test: fix file descriptor leak in test-catalog Fixes an issue reported in #22576. (cherry picked from commit 62d4b3b36e9aba9e605ba042a75c374155b6e18b) --- src/libsystemd/sd-journal/test-catalog.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-journal/test-catalog.c b/src/libsystemd/sd-journal/test-catalog.c index 316c3b16344..ad062211751 100644 --- a/src/libsystemd/sd-journal/test-catalog.c +++ b/src/libsystemd/sd-journal/test-catalog.c @@ -196,6 +196,7 @@ static void test_catalog_file_lang(void) { int main(int argc, char *argv[]) { _cleanup_(unlink_tempfilep) char database[] = "/tmp/test-catalog.XXXXXX"; + _cleanup_close_ int fd = -1; _cleanup_free_ char *text = NULL; int r; @@ -218,7 +219,7 @@ int main(int argc, char *argv[]) { test_catalog_import_merge(); test_catalog_import_merge_no_body(); - assert_se(mkostemp_safe(database) >= 0); + assert_se((fd = mkostemp_safe(database)) >= 0); test_catalog_update(database); From 55ec995341e6a2d554bc69a1eddb097d21d8084f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 21:38:15 +0900 Subject: [PATCH 209/703] test: fix file descriptor leak in test-oomd-util Fixes an issue reported in #22576. (cherry picked from commit 282696ce52471f5e3c963b9d98dbc89fba3a1fba) --- src/oom/test-oomd-util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c index f0283677f7c..13d9e60f16c 100644 --- a/src/oom/test-oomd-util.c +++ b/src/oom/test-oomd-util.c @@ -5,6 +5,7 @@ #include "alloc-util.h" #include "cgroup-setup.h" #include "cgroup-util.h" +#include "fd-util.h" #include "fileio.h" #include "fs-util.h" #include "oomd-util.h" @@ -13,6 +14,7 @@ #include "string-util.h" #include "strv.h" #include "tests.h" +#include "tmpfile-util.h" static int fork_and_sleep(unsigned sleep_min) { usec_t n, timeout, ts; @@ -244,12 +246,13 @@ static void test_oomd_update_cgroup_contexts_between_hashmaps(void) { static void test_oomd_system_context_acquire(void) { _cleanup_(unlink_tempfilep) char path[] = "/oomdgetsysctxtestXXXXXX"; + _cleanup_close_ int fd = -1; OomdSystemContext ctx; if (geteuid() != 0) return (void) log_tests_skipped("not root"); - assert_se(mkstemp(path)); + assert_se((fd = mkostemp_safe(path)) >= 0); assert_se(oomd_system_context_acquire("/verylikelynonexistentpath", &ctx) == -ENOENT); From c6603da3ad62f572359c0926f735283499c3cfe4 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 21 Feb 2022 12:52:30 +0100 Subject: [PATCH 210/703] boot: Properly check status code of console_key_read In some cases there was a unlikely possibility that we would look at an uninitialized key value. Also, returning in case of unexpected input error cases should prevent infinite looping. (cherry picked from commit 1cb5d7857b205023a0473ec13df154ae2e254066) --- src/boot/efi/boot.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 83358406f25..e3dc336f30a 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -181,6 +181,9 @@ static BOOLEAN line_edit( cursor_color = TEXT_ATTR_SWAP(cursor_color); err = console_key_read(&key, 750 * 1000); + if (!IN_SET(err, EFI_SUCCESS, EFI_TIMEOUT, EFI_NOT_READY)) + return FALSE; + print_at(cursor + 1, y_pos, COLOR_EDIT, print + cursor); } while (EFI_ERROR(err)); @@ -440,8 +443,16 @@ static void ps_bool(const CHAR16 *fmt, BOOLEAN value) { Print(fmt, yes_no(value)); } -static void print_status(Config *config, CHAR16 *loaded_image_path) { +static BOOLEAN ps_continue(void) { UINT64 key; + EFI_STATUS err; + + Print(L"\n--- Press any key to continue, ESC or q to quit. ---\n\n"); + err = console_key_read(&key, UINT64_MAX); + return !EFI_ERROR(err) && !IN_SET(key, KEYPRESS(0, SCAN_ESC, 0), KEYPRESS(0, 0, 'q'), KEYPRESS(0, 0, 'Q')); +} + +static void print_status(Config *config, CHAR16 *loaded_image_path) { UINTN x_max, y_max; SecureBootMode secure; _cleanup_freepool_ CHAR16 *device_part_uuid = NULL; @@ -469,8 +480,8 @@ static void print_status(Config *config, CHAR16 *loaded_image_path) { ps_bool(L" shim: %s\n", shim_loaded()); Print(L" console mode: %d/%d (%lu x %lu)\n", ST->ConOut->Mode->Mode, ST->ConOut->Mode->MaxMode - 1LL, x_max, y_max); - Print(L"\n--- Press any key to continue. ---\n\n"); - console_key_read(&key, UINT64_MAX); + if (!ps_continue()) + return; switch (config->timeout_sec_config) { case TIMEOUT_UNSET: @@ -518,8 +529,8 @@ static void print_status(Config *config, CHAR16 *loaded_image_path) { if (config->console_mode_efivar != CONSOLE_MODE_KEEP) Print(L"console-mode (EFI var): %ld\n", config->console_mode_efivar); - Print(L"\n--- Press any key to continue. ---\n\n"); - console_key_read(&key, UINT64_MAX); + if (!ps_continue()) + return; for (UINTN i = 0; i < config->entry_count; i++) { ConfigEntry *entry = config->entries[i]; @@ -545,10 +556,8 @@ static void print_status(Config *config, CHAR16 *loaded_image_path) { Print(L" next path: %s\\%s\n", entry->path, entry->next_name); } - Print(L"\n--- Press any key to continue, ESC or q to quit. ---\n\n"); - console_key_read(&key, UINT64_MAX); - if (key == KEYPRESS(0, SCAN_ESC, 0) || key == KEYPRESS(0, 0, 'q') || key == KEYPRESS(0, 0, 'Q')) - break; + if (!ps_continue()) + return; } } @@ -731,7 +740,12 @@ static BOOLEAN menu_run( } err = console_key_read(&key, timeout_remain > 0 ? 1000 * 1000 : UINT64_MAX); + if (err == EFI_NOT_READY) + /* No input device returned a key, try again. This + * normally should not happen. */ + continue; if (err == EFI_TIMEOUT) { + assert(timeout_remain > 0); timeout_remain--; if (timeout_remain == 0) { exit = TRUE; @@ -740,8 +754,13 @@ static BOOLEAN menu_run( /* update status */ continue; - } else - timeout_remain = 0; + } + if (EFI_ERROR(err)) { + exit = TRUE; + break; + } + + timeout_remain = 0; /* clear status after keystroke */ if (status) { From e37912e4bc2e3b15785af888b0f472b785132568 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 21 Feb 2022 13:45:06 +0100 Subject: [PATCH 211/703] boot: Handle shift and logo keys too Some firmware supports sending input events for shift and logo keys. Previously, we would suppress these with EFI_NOT_READY unless some other key was pressed alongside, but it is really the job of the caller to decide how to handle these. Note that for keys that already have a printable shift representation the reported input event will not have the shift key bits set (Shift+a is reported as A). Should some firmware turn out to violate the spec here we can always remove that part. (cherry picked from commit 3f9973bf368475d1f2f7f587e7af728dd6d84e10) --- src/boot/efi/console.c | 22 ++++++++++------------ src/boot/efi/console.h | 11 ++++++++--- src/boot/efi/missing_efi.h | 4 ++++ 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c index 7c88443a4d4..df7a066826b 100644 --- a/src/boot/efi/console.c +++ b/src/boot/efi/console.c @@ -124,29 +124,27 @@ EFI_STATUS console_key_read(UINT64 *key, UINT64 timeout_usec) { * The two may be out of sync on some firmware, giving us double input. */ if (conInEx) { EFI_KEY_DATA keydata; - UINT64 keypress; UINT32 shift = 0; err = conInEx->ReadKeyStrokeEx(conInEx, &keydata); if (EFI_ERROR(err)) return err; - /* do not distinguish between left and right keys */ - if (keydata.KeyState.KeyShiftState & EFI_SHIFT_STATE_VALID) { - if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED)) + if (FLAGS_SET(keydata.KeyState.KeyShiftState, EFI_SHIFT_STATE_VALID)) { + /* Do not distinguish between left and right keys (set both flags). */ + if (keydata.KeyState.KeyShiftState & EFI_SHIFT_PRESSED) + shift |= EFI_SHIFT_PRESSED; + if (keydata.KeyState.KeyShiftState & EFI_CONTROL_PRESSED) shift |= EFI_CONTROL_PRESSED; - if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED)) + if (keydata.KeyState.KeyShiftState & EFI_ALT_PRESSED) shift |= EFI_ALT_PRESSED; + if (keydata.KeyState.KeyShiftState & EFI_LOGO_PRESSED) + shift |= EFI_LOGO_PRESSED; } /* 32 bit modifier keys + 16 bit scan code + 16 bit unicode */ - keypress = KEYPRESS(shift, keydata.Key.ScanCode, keydata.Key.UnicodeChar); - if (keypress > 0) { - *key = keypress; - return EFI_SUCCESS; - } - - return EFI_NOT_READY; + *key = KEYPRESS(shift, keydata.Key.ScanCode, keydata.Key.UnicodeChar); + return EFI_SUCCESS; } else if (!EFI_ERROR(BS->CheckEvent(ST->ConIn->WaitForKey))) { EFI_INPUT_KEY k; diff --git a/src/boot/efi/console.h b/src/boot/efi/console.h index 90086028c04..59578f789ce 100644 --- a/src/boot/efi/console.h +++ b/src/boot/efi/console.h @@ -3,10 +3,15 @@ #include "missing_efi.h" -#define EFI_CONTROL_PRESSED (EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED) -#define EFI_ALT_PRESSED (EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED) +enum { + EFI_SHIFT_PRESSED = EFI_RIGHT_SHIFT_PRESSED|EFI_LEFT_SHIFT_PRESSED, + EFI_CONTROL_PRESSED = EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED, + EFI_ALT_PRESSED = EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED, + EFI_LOGO_PRESSED = EFI_RIGHT_LOGO_PRESSED|EFI_LEFT_LOGO_PRESSED, +}; + #define KEYPRESS(keys, scan, uni) ((((UINT64)keys) << 32) | (((UINT64)scan) << 16) | (uni)) -#define KEYCHAR(k) ((k) & 0xffff) +#define KEYCHAR(k) ((CHAR16)(k)) #define CHAR_CTRL(c) ((c) - 'a' + 1) enum { diff --git a/src/boot/efi/missing_efi.h b/src/boot/efi/missing_efi.h index b0bd00365f4..f9700e34229 100644 --- a/src/boot/efi/missing_efi.h +++ b/src/boot/efi/missing_efi.h @@ -13,10 +13,14 @@ #define SimpleTextInputExProtocol ((EFI_GUID)EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID) #define EFI_SHIFT_STATE_VALID 0x80000000 +#define EFI_RIGHT_SHIFT_PRESSED 0x00000001 +#define EFI_LEFT_SHIFT_PRESSED 0x00000002 #define EFI_RIGHT_CONTROL_PRESSED 0x00000004 #define EFI_LEFT_CONTROL_PRESSED 0x00000008 #define EFI_RIGHT_ALT_PRESSED 0x00000010 #define EFI_LEFT_ALT_PRESSED 0x00000020 +#define EFI_RIGHT_LOGO_PRESSED 0x00000040 +#define EFI_LEFT_LOGO_PRESSED 0x00000080 struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL; From cfe1cd0a066b29e5508b4a2c388fd919fd5e0c9f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 21:42:22 +0900 Subject: [PATCH 212/703] test: fix file descriptor leak in test-fs-util Fixes an issue reported in #22576. (cherry picked from commit 19962747ca86a25e7102c536380bb2e9d7cfee9a) --- src/test/test-fs-util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c index 0e0d91d04e8..d527ad3d7e0 100644 --- a/src/test/test-fs-util.c +++ b/src/test/test-fs-util.c @@ -29,10 +29,11 @@ static const char *arg_test_dir = NULL; TEST(chase_symlinks) { _cleanup_free_ char *result = NULL; + _cleanup_close_ int pfd = -1; char *temp; const char *top, *p, *pslash, *q, *qslash; struct stat st; - int r, pfd; + int r; temp = strjoina(arg_test_dir ?: "/tmp", "/test-chase.XXXXXX"); assert_se(mkdtemp(temp)); @@ -318,6 +319,7 @@ TEST(chase_symlinks) { assert_se(fstat(pfd, &st) >= 0); assert_se(S_ISLNK(st.st_mode)); result = mfree(result); + pfd = safe_close(pfd); /* s1 -> s2 -> nonexistent */ q = strjoina(temp, "/s1"); @@ -331,6 +333,7 @@ TEST(chase_symlinks) { assert_se(fstat(pfd, &st) >= 0); assert_se(S_ISLNK(st.st_mode)); result = mfree(result); + pfd = safe_close(pfd); /* Test CHASE_STEP */ From d9189c31117e159f7bae9233863aa88a02159e14 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 21:44:58 +0900 Subject: [PATCH 213/703] test: fix file descriptor leak in test-tmpfiles.c Also fixes a typo in assertion. Fixes an issure reported in #22576. (cherry picked from commit 1da5325d19dee654326e5fa2f61262e5e0a40fff) --- src/test/test-tmpfiles.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/test-tmpfiles.c b/src/test/test-tmpfiles.c index 99243eb77ae..f26701767f3 100644 --- a/src/test/test-tmpfiles.c +++ b/src/test/test-tmpfiles.c @@ -35,7 +35,7 @@ TEST(tmpfiles) { assert_se(endswith(ans, " (deleted)")); fd2 = mkostemp_safe(pattern); - assert_se(fd >= 0); + assert_se(fd2 >= 0); assert_se(unlink(pattern) == 0); assert_se(asprintf(&cmd2, "ls -l /proc/"PID_FMT"/fd/%d", getpid_cached(), fd2) > 0); @@ -47,6 +47,7 @@ TEST(tmpfiles) { pattern = strjoina(p, "/tmpfiles-test"); assert_se(tempfn_random(pattern, NULL, &d) >= 0); + fd = safe_close(fd); fd = open_tmpfile_linkable(d, O_RDWR|O_CLOEXEC, &tmp); assert_se(fd >= 0); assert_se(write(fd, "foobar\n", 7) == 7); From 81d3e2abff5f4234e06ceb6590d0c9939d8d97b4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Feb 2022 21:46:41 +0900 Subject: [PATCH 214/703] test: fix file descriptor leak in test-psi-util Fixes an issue reported in #22576. (cherry picked from commit be99883e131ef422f8278ec1d099520996a78bb0) --- src/test/test-psi-util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/test/test-psi-util.c b/src/test/test-psi-util.c index ed465b807eb..111671c5a9f 100644 --- a/src/test/test-psi-util.c +++ b/src/test/test-psi-util.c @@ -1,20 +1,23 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #include "alloc-util.h" +#include "fd-util.h" #include "fileio.h" #include "fs-util.h" #include "parse-util.h" #include "psi-util.h" #include "tests.h" +#include "tmpfile-util.h" TEST(read_mem_pressure) { _cleanup_(unlink_tempfilep) char path[] = "/tmp/pressurereadtestXXXXXX"; + _cleanup_close_ int fd = -1; ResourcePressure rp; if (geteuid() != 0) return (void) log_tests_skipped("not root"); - assert_se(mkstemp(path)); + assert_se((fd = mkostemp_safe(path)) >= 0); assert_se(read_resource_pressure("/verylikelynonexistentpath", PRESSURE_TYPE_SOME, &rp) < 0); assert_se(read_resource_pressure(path, PRESSURE_TYPE_SOME, &rp) < 0); From 4a90c12f4f09f23e071e649422754f04eda6d273 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 22 Feb 2022 16:51:58 +0100 Subject: [PATCH 215/703] clang-format: we actually typically use 16ch continuation indentation We use 8 for blocks, and 16 for continuation in most cases afaics, hence say so in .clang-format too (cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85) --- .clang-format | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.clang-format b/.clang-format index 651249c701b..c94866fcd5b 100644 --- a/.clang-format +++ b/.clang-format @@ -46,7 +46,7 @@ ColumnLimit: 109 CompactNamespaces: true ConstructorInitializerAllOnOneLineOrOnePerLine: true ConstructorInitializerIndentWidth: 8 -ContinuationIndentWidth: 8 +ContinuationIndentWidth: 16 Cpp11BracedListStyle: false ForEachMacros: - BITMAP_FOREACH From 02bebaef30bcb155c508a341b47ee5bcbb432bea Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 23 Feb 2022 01:29:42 +0900 Subject: [PATCH 216/703] unit: escape % Fixes #22601. (cherry picked from commit 6e4d122ad1db11ca898de183f898f731c4839d4a) --- units/tmp.mount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/tmp.mount b/units/tmp.mount index 4e1bb8de24b..734acea2371 100644 --- a/units/tmp.mount +++ b/units/tmp.mount @@ -22,4 +22,4 @@ After=swap.target What=tmpfs Where=/tmp Type=tmpfs -Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m +Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m From 4d24a369908f9915757632fa196deda14c172f9e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 23 Feb 2022 01:52:29 +0900 Subject: [PATCH 217/703] test-journal-send: close fd opend by syslog() Fixes an issue reported in #22576. (cherry picked from commit 9048a6ccf3bd4f6794fc1ac9a838e1a0bfbcabf1) --- src/libsystemd/sd-journal/test-journal-send.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c index 75bd8e7b856..b6644e65c1a 100644 --- a/src/libsystemd/sd-journal/test-journal-send.c +++ b/src/libsystemd/sd-journal/test-journal-send.c @@ -90,6 +90,10 @@ static void test_journal_send(void) { assert_se(sd_journal_sendv(graph2, 1) == 0); assert_se(sd_journal_sendv(message1, 1) == 0); assert_se(sd_journal_sendv(message2, 1) == 0); + + /* The above syslog() opens a fd which is stored in libc, and the valgrind reports the fd is + * leaked when we do not call closelog(). */ + closelog(); } int main(int argc, char *argv[]) { From a7ec2be1509372974f44f1d98bf243a155cd203f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 23 Feb 2022 02:03:54 +0900 Subject: [PATCH 218/703] journal-send: close fd on exit when running with valgrind Fixes an issue reported in #22576. (cherry picked from commit eb9752d2be82d994cd6a17f271be27c4d56423d6) --- src/libsystemd/meson.build | 1 + src/libsystemd/sd-journal/journal-send.c | 26 +++++++++++++++++-- src/libsystemd/sd-journal/journal-send.h | 8 ++++++ src/libsystemd/sd-journal/test-journal-send.c | 3 +++ 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 src/libsystemd/sd-journal/journal-send.h diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build index 124393d3e67..1bb65984060 100644 --- a/src/libsystemd/meson.build +++ b/src/libsystemd/meson.build @@ -12,6 +12,7 @@ sd_journal_sources = files( 'sd-journal/journal-file.h', 'sd-journal/journal-internal.h', 'sd-journal/journal-send.c', + 'sd-journal/journal-send.h', 'sd-journal/journal-vacuum.c', 'sd-journal/journal-vacuum.h', 'sd-journal/journal-verify.c', diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c index 42178251563..1e10ed55244 100644 --- a/src/libsystemd/sd-journal/journal-send.c +++ b/src/libsystemd/sd-journal/journal-send.c @@ -6,6 +6,9 @@ #include #include #include +#if HAVE_VALGRIND_VALGRIND_H +#include +#endif #define SD_JOURNAL_SUPPRESS_LOCATION @@ -14,8 +17,9 @@ #include "alloc-util.h" #include "errno-util.h" #include "fd-util.h" -#include "io-util.h" #include "fileio.h" +#include "io-util.h" +#include "journal-send.h" #include "memfd-util.h" #include "socket-util.h" #include "stdio-util.h" @@ -39,10 +43,10 @@ * all its threads, and all its subprocesses. This means we need to * initialize it atomically, and need to operate on it atomically * never assuming we are the only user */ +static int fd_plus_one = 0; static int journal_fd(void) { int fd; - static int fd_plus_one = 0; retry: if (fd_plus_one > 0) @@ -62,6 +66,24 @@ static int journal_fd(void) { return fd; } +#if VALGRIND +void close_journal_fd(void) { + /* Be nice to valgrind. This is not atomic. This must be used only in tests. */ + + if (!RUNNING_ON_VALGRIND) + return; + + if (getpid() != gettid()) + return; + + if (fd_plus_one <= 0) + return; + + safe_close(fd_plus_one - 1); + fd_plus_one = 0; +} +#endif + _public_ int sd_journal_print(int priority, const char *format, ...) { int r; va_list ap; diff --git a/src/libsystemd/sd-journal/journal-send.h b/src/libsystemd/sd-journal/journal-send.h new file mode 100644 index 00000000000..cf8b199297c --- /dev/null +++ b/src/libsystemd/sd-journal/journal-send.h @@ -0,0 +1,8 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#if VALGRIND +void close_journal_fd(void); +#else +static inline void close_journal_fd(void) {} +#endif diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c index b6644e65c1a..533b8d91e6a 100644 --- a/src/libsystemd/sd-journal/test-journal-send.c +++ b/src/libsystemd/sd-journal/test-journal-send.c @@ -5,7 +5,9 @@ #include #include "sd-journal.h" + #include "fileio.h" +#include "journal-send.h" #include "macro.h" #include "memory-util.h" @@ -103,5 +105,6 @@ int main(int argc, char *argv[]) { /* Sleep a bit to make it easy for journald to collect metadata. */ sleep(1); + close_journal_fd(); return 0; } From c1cdb13193e6a95de2d89f8c0e080333c4110321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 17 Feb 2022 20:34:14 +0100 Subject: [PATCH 219/703] man: adjust command for Fedora installations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit glibc now has Suggests:glibc-minimal-langpack, so we don't need to mention it ourselves. --repo=… is a nicer alternative to --disablerepo=* --enablerepo=…. It also avoids the issue with quoting. Let's exclude weak deps, but install systemd-networkd, so the container can configure networking if necessary. (cherry picked from commit 8c4db5629c877425b2f46e414a94a8f24280a9d3) --- man/systemd-nspawn.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 9c1cb33c014..8a527269d3f 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -1646,8 +1646,8 @@ After=sys-subsystem-net-devices-ens1.device Build and boot a minimal Fedora distribution in a container # dnf -y --releasever=&fedora_latest_version; --installroot=/var/lib/machines/f&fedora_latest_version; \ - --disablerepo='*' --enablerepo=fedora --enablerepo=updates install \ - systemd passwd dnf fedora-release vim-minimal glibc-minimal-langpack + --repo=fedora --repo=updates --setopt=install_weak_deps=False install \ + passwd dnf fedora-release vim-minimal systemd systemd-networkd # systemd-nspawn -bD /var/lib/machines/f&fedora_latest_version; This installs a minimal Fedora distribution into the From b568be2aec63f2d23d9f78c707778c4beec58805 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 22 Feb 2022 22:55:42 +0100 Subject: [PATCH 220/703] man/systemd-analyze: split out example to a separate section It turns out we can't have an Example nested in a list, and every combination of nesting I tried looked bad either in troff or in html. The whole example is moved to a separate section. (cherry picked from commit e6ce19516315138d983ed4b7776d9ebd2fb296d8) --- man/systemd-analyze.xml | 126 +++++++++++++++++++++------------------- 1 file changed, 65 insertions(+), 61 deletions(-) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 8bc67a1ea89..7baa1794d7c 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -1129,69 +1129,9 @@ $ systemd-analyze verify /tmp/source:alias.service - - JSON Policy - The JSON file passed as a path parameter to - has a top-level JSON object, with keys being the assessment test identifiers mentioned - above. The values in the file should be JSON objects with one or more of the - following fields: description_na (string), description_good (string), description_bad - (string), weight (unsigned integer), and range (unsigned integer). If any of these fields - corresponding to a specific id of the unit file is missing from the JSON object, the - default built-in field value corresponding to that same id is used for security analysis - as default. The weight and range fields are used in determining the overall exposure level - of the unit files: the value of each setting is assigned a badness score, which is multiplied - by the policy weight and divided by the policy range to determine the overall exposure that - the setting implies. The computed badness is summed across all settings in the unit file, - normalized to the 1…100 range, and used to determine the overall exposure level of the unit. - By allowing users to manipulate these fields, the 'security' verb gives them the option to - decide for themself which ids are more important and hence should have a greater effect on - the exposure level. A weight of 0 means the setting will not be - checked. - - - { - "PrivateDevices": - { - "description_good": "Service has no access to hardware devices", - "description_bad": "Service potentially has access to hardware devices", - "weight": 1000, - "range": 1 - }, - "PrivateMounts": - { - "description_good": "Service cannot install system mounts", - "description_bad": "Service may install system mounts", - "weight": 1000, - "range": 1 - }, - "PrivateNetwork": - { - "description_good": "Service has no access to the host's network", - "description_bad": "Service has access to the host's network", - "weight": 2500, - "range": 1 - }, - "PrivateTmp": - { - "description_good": "Service has no access to other software's temporary files", - "description_bad": "Service has access to other software's temporary files", - "weight": 1000, - "range": 1 - }, - "PrivateUsers": - { - "description_good": "Service does not have access to other users", - "description_bad": "Service has access to other users", - "weight": 1000, - "range": 1 - } - } - - - + See example "JSON Policy" below. - @@ -1261,6 +1201,70 @@ $ systemd-analyze verify /tmp/source:alias.service + + Examples + + + JSON Policy + + The JSON file passed as a path parameter to has a top-level + JSON object, with keys being the assessment test identifiers mentioned above. The values in the file + should be JSON objects with one or more of the following fields: + (string), (string), (string), + (unsigned integer), and (unsigned integer). If any of + these fields corresponding to a specific id of the unit file is missing from the JSON object, the + default built-in field value corresponding to that same id is used for security analysis as default. + The weight and range fields are used in determining the overall exposure level of the unit files: the + value of each setting is assigned a badness score, which is multiplied by the policy weight and divided + by the policy range to determine the overall exposure that the setting implies. The computed badness is + summed across all settings in the unit file, normalized to the 1…100 range, and used to determine the + overall exposure level of the unit. By allowing users to manipulate these fields, the 'security' verb + gives them the option to decide for themself which ids are more important and hence should have a + greater effect on the exposure level. A weight of 0 means the setting will not be + checked. + + +{ + "PrivateDevices": + { + "description_good": "Service has no access to hardware devices", + "description_bad": "Service potentially has access to hardware devices", + "weight": 1000, + "range": 1 + }, + "PrivateMounts": + { + "description_good": "Service cannot install system mounts", + "description_bad": "Service may install system mounts", + "weight": 1000, + "range": 1 + }, + "PrivateNetwork": + { + "description_good": "Service has no access to the host's network", + "description_bad": "Service has access to the host's network", + "weight": 2500, + "range": 1 + }, + "PrivateTmp": + { + "description_good": "Service has no access to other software's temporary files", + "description_bad": "Service has access to other software's temporary files", + "weight": 1000, + "range": 1 + }, + "PrivateUsers": + { + "description_good": "Service does not have access to other users", + "description_bad": "Service has access to other users", + "weight": 1000, + "range": 1 + } +} + + + + See Also From ea65b10aabbdf723311bf8029ba10fefd715d65d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 22 Feb 2022 22:54:23 +0100 Subject: [PATCH 221/703] man: various issues reported in #22432 Fixes #22432. (cherry picked from commit fe003f02dd19b9ae88af0384e5cf4f5934d1e9db) --- man/homectl.xml | 12 ++++++------ man/integritytab.xml | 2 +- man/nss-resolve.xml | 8 ++++---- man/os-release.xml | 8 ++++---- man/systemd-integritysetup@.service.xml | 4 +++- man/systemd-stub.xml | 7 +++++-- man/systemd.exec.xml | 4 +--- man/systemd.link.xml | 2 +- man/systemd.network.xml | 2 +- man/systemd.nspawn.xml | 2 +- man/systemd.path.xml | 20 ++++++++++---------- man/userdbctl.xml | 8 ++++---- 12 files changed, 41 insertions(+), 38 deletions(-) diff --git a/man/homectl.xml b/man/homectl.xml index 5a06346d7b6..eaed7897b1c 100644 --- a/man/homectl.xml +++ b/man/homectl.xml @@ -698,12 +698,12 @@ done. If set to grow the home area is grown to the size configured via should it currently be smaller. If it already matches the configured size or is larger no operation is executed. If set to shrink-and-grow the home - area is also resized to the minimal size used disk space and file system constraints permit, during - logout. This mode thus ensures that while a home area is activated it is sized to the configured - size, but while deactivated it is compacted taking up only the minimal space possible. Note that if - the system is powered off abnormally or if the user otherwise not logged out cleanly the shrinking - operation will not take place, and the user has to re-login/logout again before it is executed - again. + area is also resized during logout to the minimal size the used disk space and file system + constraints permit. This mode thus ensures that while a home area is activated it is sized to the + configured size, but while deactivated it is compacted taking up only the minimal space possible. + Note that if the system is powered off abnormally or if the user otherwise not logged out cleanly the + shrinking operation will not take place, and the user has to re-login/logout again before it is + executed again. diff --git a/man/integritytab.xml b/man/integritytab.xml index c2ad2573a0c..44f0a559290 100644 --- a/man/integritytab.xml +++ b/man/integritytab.xml @@ -50,7 +50,7 @@ UUID= followed by the UUID, PARTUUID= followed by the partition UUID, LABEL= followed by the label, - PARTLABEL= followed by the partition label, + PARTLABEL= followed by the partition label. The third field if present contains an absolute filename path to a key file or a - diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index 061d0d74bbe..b72b1ba64d0 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -94,7 +94,7 @@ $SYSTEMD_NSS_RESOLVE_CACHE Takes a boolean argument. When false, the cache of previously queried records will - not be used by systemd-resolved. + not be used by systemd-resolved. @@ -121,7 +121,7 @@ $SYSTEMD_NSS_RESOLVE_NETWORK Takes a boolean argument. When false, answers will be returned without using the - network, i.e. either from local sources or the cache in systemd-resolved. + network, i.e. either from local sources or the cache in systemd-resolved. @@ -130,8 +130,8 @@ Example - Here is an example /etc/nsswitch.conf file that enables nss-resolve - correctly: + Here is an example /etc/nsswitch.conf file that enables + nss-resolve correctly: passwd: compat systemd diff --git a/man/os-release.xml b/man/os-release.xml index 1826a60d1af..153d96cad61 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -424,10 +424,10 @@ PORTABLE_PREFIXES= Takes a space-separated list of one or more valid prefix match strings for the Portable Services logic. This field - serves two purposes: it's informational, identifying portable service images as such (and thus - allowing them to be distinguished from other OS images, such as bootable system images); whenever a - portable service image is attached the specified or implied portable service prefix is checked - against this list, to enforce restrictions how images may be attached to a + serves two purposes: it is informational, identifying portable service images as such (and thus + allowing them to be distinguished from other OS images, such as bootable system images). In is also + used when a portable service image is attached: the specified or implied portable service prefix is + checked against the list specified here, to enforce restrictions how images may be attached to a system. diff --git a/man/systemd-integritysetup@.service.xml b/man/systemd-integritysetup@.service.xml index 24336c262d2..ade5663c283 100644 --- a/man/systemd-integritysetup@.service.xml +++ b/man/systemd-integritysetup@.service.xml @@ -56,7 +56,9 @@ Create a block device volume using - device. See integritytab man page and + device. See + systemd-integritytab5 + and Kernel dm-integrity documentation for details. diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index 6439878951b..28c6ba938cb 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -94,9 +94,12 @@ then access them in this directory. This is supposed to be used to store auxiliary, encrypted, authenticated credentials for use with LoadCredentialEncrypted= in the UEFI System Partition. See - systemd.exec5 for + systemd.exec5 + and + systemd-creds1 + for details on encrypted credentials. The generated cpio archive is measured into TPM - PCR 4 (if a TPM is present) + PCR 4 (if a TPM is present). Similarly, files foo.efi.extra.d/*.raw are packed up in a cpio archive and placed in the /.extra/sysext/ diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index cd21d5b28d0..77eb2d9be5b 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -1936,9 +1936,7 @@ RestrictFileSystems=ext4 @known - All known filesystems defined by the kernel. This list is defined statically in systemd based on a kernel - version that was available when this systemd version was released. It will become progressively more - out-of-date as the kernel is updated. + All known filesystems defined by the kernel. This list is defined statically in systemd based on a kernel version that was available when this systemd version was released. It will become progressively more out-of-date as the kernel is updated. diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 45cabbccf70..933fe8df420 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -798,7 +798,7 @@ TransmitVLANSTAGHardwareAcceleration= - Takes a boolean. If set to true, transmit VLAN STAG HW acceleration is enabled. + Takes a boolean. If set to true, transmit VLAN STAG hardware acceleration is enabled. When unset, the kernel's default will be used. diff --git a/man/systemd.network.xml b/man/systemd.network.xml index a98157d9cda..6fe87bbebac 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -2389,7 +2389,7 @@ Table=1234 sd-id1283, sd_id128_from_string3, and - sd_id128_get_machine3, + sd_id128_get_machine3. Note that the prefixstable algorithm uses both the interface diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index 15cfd4bc764..c1eef7853b6 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -202,7 +202,7 @@ capabilities (see capabilities7 for details). The AmbientCapability= setting - specifies capability which will be passed to the started program + specifies capabilities which will be passed to the started program in the inheritable and ambient capability sets. This will grant these capabilities to this process. This setting correspond to the command line switch. diff --git a/man/systemd.path.xml b/man/systemd.path.xml index fd3d4efc2a5..0392f0dae05 100644 --- a/man/systemd.path.xml +++ b/man/systemd.path.xml @@ -190,16 +190,16 @@ TriggerLimitIntervalSec= TriggerLimitBurst= - Configures a limit on how often this path unit may be activated within a specific time - interval. The TriggerLimitIntervalSec= may be used to configure the length of the time - interval in the usual time units us, ms, s, - min, h, … and defaults to 2s (See - systemd.time7 for details on - the various time units understood). The TriggerLimitBurst= setting takes a positive integer - value and specifies the number of permitted activations per time interval, and defaults to 200. Set either to - 0 to disable any form of trigger rate limiting. If the limit is hit, the unit is placed into a failure mode, - and will not watch the path(s) anymore until restarted. Note that this limit is enforced before the service - activation is enqueued. + Configures a limit on how often this path unit may be activated within a specific + time interval. The TriggerLimitIntervalSec= may be used to configure the length of + the time interval in the usual time units us, ms, + s, min, h, … and defaults to 2s. See + systemd.time7 for + details on the various time units understood. The TriggerLimitBurst= setting takes + a positive integer value and specifies the number of permitted activations per time interval, and + defaults to 200. Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, + the unit is placed into a failure mode, and will not watch the path(s) anymore until restarted. Note + that this limit is enforced before the service activation is enqueued. diff --git a/man/userdbctl.xml b/man/userdbctl.xml index 6a01e9d1791..fbab8102c9f 100644 --- a/man/userdbctl.xml +++ b/man/userdbctl.xml @@ -74,10 +74,10 @@ FORMAT - Selects JSON out mode (like ) and selects the precise - display mode. Takes one of pretty or short. If - pretty human-friendly whitespace and newlines are inserted in the output to make - the JSON data more readable. If short all superfluous whitespace is + Selects JSON output mode (like ) and selects the + precise display mode. Takes one of pretty or short. If + pretty, human-friendly whitespace and newlines are inserted in the output to make + the JSON data more readable. If short, all superfluous whitespace is suppressed. From ea5701eb64ff40f915567ae4088ffb7efc0f4155 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Wed, 23 Feb 2022 09:12:43 +1000 Subject: [PATCH 222/703] udev-builtin-input_id: don't label absolute mice as pointing sticks The Getac UX10 tablet exposes a "CUST0000:00 0EEF:C002 Mouse" device with BTN_LEFT/RIGHT and ABS_X/Y on the i2c bus. This causes the builtin to incorrectly label it as pointing stick (all i2c mice are tagged as ID_INPUT_POINTING_STICK, see 3d7ac1c655ec4). Fix this by adding a separate variable for absolute pointing devices like the VMmouse USB mouse or this Getac tablet - this way we skip the pointing stick check. See https://gitlab.freedesktop.org/libinput/libinput/-/issues/743 for recordings. (cherry picked from commit 8ac9ec4d5c210825759d515422d3e66c20615fc1) --- src/udev/udev-builtin-input_id.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/udev/udev-builtin-input_id.c b/src/udev/udev-builtin-input_id.c index 0e719108ed9..92c0b769902 100644 --- a/src/udev/udev-builtin-input_id.c +++ b/src/udev/udev-builtin-input_id.c @@ -167,6 +167,7 @@ static bool test_pointers(sd_device *dev, bool finger_but_no_pen = false; bool has_mouse_button = false; bool is_mouse = false; + bool is_abs_mouse = false; bool is_touchpad = false; bool is_touchscreen = false; bool is_tablet = false; @@ -231,7 +232,7 @@ static bool test_pointers(sd_device *dev, else if (has_mouse_button) /* This path is taken by VMware's USB mouse, which has * absolute axes, but no touch/pressure button. */ - is_mouse = true; + is_abs_mouse = true; else if (has_touch || is_direct) is_touchscreen = true; else if (has_joystick_axes_or_buttons) @@ -263,7 +264,7 @@ static bool test_pointers(sd_device *dev, if (is_pointing_stick) udev_builtin_add_property(dev, test, "ID_INPUT_POINTINGSTICK", "1"); - if (is_mouse) + if (is_mouse || is_abs_mouse) udev_builtin_add_property(dev, test, "ID_INPUT_MOUSE", "1"); if (is_touchpad) udev_builtin_add_property(dev, test, "ID_INPUT_TOUCHPAD", "1"); @@ -276,7 +277,7 @@ static bool test_pointers(sd_device *dev, if (is_tablet_pad) udev_builtin_add_property(dev, test, "ID_INPUT_TABLET_PAD", "1"); - return is_tablet || is_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; + return is_tablet || is_mouse || is_abs_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; } /* key like devices */ From e517b37922df332f2c3224de15e2a094177bf864 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 24 Feb 2022 13:29:54 +0000 Subject: [PATCH 223/703] meson: Drop required libfdisk version to 2.32 We initially pinned this to 2.33 in e71f5585b9b0580428f9530d0a485265c9c25165 because libfdisk 2.32 in CentOS 8 didn't have https://github.com/karelzak/util-linux/commit/2f35c1ead621f42f32f7777232568cb03185b473 backported. If we check now, we can see it has been backported (https://git.centos.org/rpms/util-linux/blob/c8s/f/SOURCES/0048-libfdisk-count-gaps-to-possible-size-when-resize.patch) which means we can drop the required version to 2.32 instead of 2.33. (cherry picked from commit baec7d782b07414f0c13ba3a0b0b526973e04923) --- README | 2 +- meson.build | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README b/README index f47a884542c..48d9994de83 100644 --- a/README +++ b/README @@ -177,7 +177,7 @@ REQUIREMENTS: libaudit (optional) libacl (optional) libbpf >= 0.2.0 (optional) - libfdisk >= 2.33 (from util-linux) (optional) + libfdisk >= 2.32 (from util-linux) (optional) libselinux (optional) liblzma (optional) liblz4 >= 1.3.0 / 130 (optional) diff --git a/meson.build b/meson.build index 5a639e9ab5f..cb9936ee8be 100644 --- a/meson.build +++ b/meson.build @@ -1024,7 +1024,7 @@ libmount = dependency('mount', want_libfdisk = get_option('fdisk') if want_libfdisk != 'false' and not skip_deps libfdisk = dependency('fdisk', - version : '>= 2.33', + version : '>= 2.32', required : want_libfdisk == 'true') have = libfdisk.found() else From f0cc6d2f99b2510c57fa36ad7f28cc42c0b724b3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 25 Feb 2022 11:01:07 +0000 Subject: [PATCH 224/703] mkosi: Remove Arch nspawn workaround This has been fixed so the workaround can be removed. (cherry picked from commit 6b2ab8fc5cc0f706b85cbd559e8dcf4e05d7687d) --- .github/workflows/mkosi.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 8fd6c72e268..68d5f86dc3d 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -48,19 +48,6 @@ jobs: - name: Configure run: echo -e "[Distribution]\nDistribution=${{ matrix.distro }}\n" >mkosi.default - # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is - # required, since current Arch's glibc implements faccessat() via faccessat2(). - - name: Update systemd-nspawn - if: ${{ matrix.distro == 'arch' }} - run: | - echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list - sudo apt update - sudo apt build-dep systemd - meson build - ninja -C build - sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` - systemd-nspawn --version - - name: Build ${{ matrix.distro }} run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build From 99d291eee92ad13a8b4fcc9bdf0b0a096083d8d2 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Fri, 25 Feb 2022 15:09:07 +0100 Subject: [PATCH 225/703] test: accept both unpadded and padded partition sizes Since util-linux/util-linux@921c7da55ec78350e4067b3fd6b7de6f299106ee libfdisk aligns the last partition (on GPT) for optimal I/O. Let's account for that. Fixes: #22606 (cherry picked from commit d490188b8f6da658d8086dd53b7db95735e5cca1) --- test/units/testsuite-58.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh index 78c25051a2d..42c31b71b80 100755 --- a/test/units/testsuite-58.sh +++ b/test/units/testsuite-58.sh @@ -129,8 +129,9 @@ systemd-repart --pretty=yes --definitions /tmp/testsuite-58-issue-21817-defs/ "$ sfdisk --dump "$LOOP" | tee /tmp/testsuite-58-issue-21817.dump losetup -d "$LOOP" -grep -qF 'p1 : start= 2048, size= 102400, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709,' /tmp/testsuite-58-issue-21817.dump -grep -qF 'p2 : start= 104448, size= 100319,' /tmp/testsuite-58-issue-21817.dump +grep -qiF "p1 : start= 2048, size= 102400, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709," /tmp/testsuite-58-issue-21817.dump +# Accept both unpadded (pre-v2.38 util-linux) and padded (v2.38+ util-linux) sizes +grep -qE "p2 : start= 104448, size= (100319| 98304)," /tmp/testsuite-58-issue-21817.dump rm /tmp/testsuite-58-issue-21817.img /tmp/testsuite-58-issue-21817.dump rm -r /tmp/testsuite-58-issue-21817-defs/ From d4dd289f821d29415f0057266da48f184a51bb1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 28 Feb 2022 09:47:28 +0100 Subject: [PATCH 226/703] man: recommend built-in platform.freedesktop_os_release() in our page Python gained support for reading os-release, let's advertise it a bit more. Our open-coded example is still useful, but let's not suggest it as the default implementation. I added quotes around the printed string because it looks a bit better this way. (cherry picked from commit ee6fd6a50922d2b27c97084e1c3f9872d495c273) --- man/check-os-release-simple.py | 12 ++++++++++++ man/check-os-release.py | 2 +- man/os-release.xml | 16 +++++++++++++++- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 man/check-os-release-simple.py diff --git a/man/check-os-release-simple.py b/man/check-os-release-simple.py new file mode 100644 index 00000000000..738b1fd8605 --- /dev/null +++ b/man/check-os-release-simple.py @@ -0,0 +1,12 @@ +#!/usr/bin/python +# SPDX-License-Identifier: CC0-1.0 + +import platform +os_release = platform.freedesktop_os_release() + +pretty_name = os_release.get('PRETTY_NAME', 'Linux') +print(f'Running on {pretty_name!r}') + +if 'fedora' in [os_release.get('ID', 'linux'), + *os_release.get('ID_LIKE', '').split()]: + print('Looks like Fedora!') diff --git a/man/check-os-release.py b/man/check-os-release.py index dbac79fd700..91a5494b4a1 100644 --- a/man/check-os-release.py +++ b/man/check-os-release.py @@ -29,7 +29,7 @@ def read_os_release(): os_release = dict(read_os_release()) pretty_name = os_release.get('PRETTY_NAME', 'Linux') -print(f'Running on {pretty_name}') +print(f'Running on {pretty_name!r}') if 'debian' in [os_release.get('ID', 'linux'), *os_release.get('ID_LIKE', '').split()]: diff --git a/man/os-release.xml b/man/os-release.xml index 153d96cad61..bdd7bbb647e 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -502,9 +502,23 @@ VERSION_ID=32 Reading <filename>os-release</filename> in - <citerefentry><refentrytitle>python</refentrytitle><manvolnum>1</manvolnum></citerefentry> + python1 (versions >= 3.10) + + + + See docs for + platform.freedesktop_os_release for more details. + + + + + Reading <filename>os-release</filename> in + <citerefentry><refentrytitle>python</refentrytitle><manvolnum>1</manvolnum></citerefentry> (any version) + + Note that the above version that uses the built-in implementation is preferred + in most cases, and the open-coded version here is provided for reference. From 3dc6881d87ddf2451a8671a2c3d97642ca340ca4 Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Fri, 25 Feb 2022 12:40:45 -0800 Subject: [PATCH 227/703] file-hierarchy: Document /sys/fs/cgroup file-hierarchy does not mention anything about the expected mountpoint for cgroups. This may lead some software to believe it will need to search for it (e.g. by scanning mountinfo) rather than just looking in the canonical location. Document the canonical mountpoint as /sys/fs/cgroup. Also provide information on the non-default configurations, but make it clear that in such configurations if cgroup2 is mounted (hybrid mode) it won't have resource controllers attached. This will help software know if it should fall back to /sys/fs/cgroup/unified or just ignore that case. (cherry picked from commit c8aeb9d672fac7ac2d1e350431b7b4e734b90a5d) --- man/file-hierarchy.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 3a24eca8cea..a6e3d75695a 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -420,6 +420,25 @@ this directory. + + /sys/fs/cgroup/ + A virtual kernel file system exposing process + control groups (cgroups). This file system is an API to interface + with the kernel and not a place where normal files may be stored. On + current systems running in the default "unified" mode, + this directory serves as the mount point for the + cgroup2 filesystem, which provides a unified + cgroup hierarchy for all resource controllers. On systems with + non-default configurations, this directory may instead be a tmpfs + filesystem containing mount points for various + cgroup (v1) resource controllers; in such + configurations, if cgroup2 is mounted it will be + mounted on /sys/fs/cgroup/unified/, but + cgroup2 will not have resource controllers attached. In + sandboxed/containerized setups, this directory may either not exist or + may include a subset of functionality. + + From 1ef5fd61bd352684487770796baab04510114d09 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 1 Mar 2022 17:04:13 +0000 Subject: [PATCH 228/703] shared: Add more dlopen() tests Add dlopen_dw(), dlopen_elf() and dlopen_pcre2() to the dlopen test. To enable adding dlopen_pcre2(), we move pcre2-dlopen.h/c from src/journal to src/shared. (cherry picked from commit ee48779e05831a0ec5e1ba5e7ed5fe92aaca1d9e) --- src/journal/meson.build | 2 -- src/shared/elf-util.c | 4 ++-- src/shared/elf-util.h | 3 +++ src/shared/meson.build | 2 ++ src/{journal => shared}/pcre2-dlopen.c | 0 src/{journal => shared}/pcre2-dlopen.h | 0 src/test/test-dlopen-so.c | 11 +++++++++++ 7 files changed, 18 insertions(+), 4 deletions(-) rename src/{journal => shared}/pcre2-dlopen.c (100%) rename src/{journal => shared}/pcre2-dlopen.h (100%) diff --git a/src/journal/meson.build b/src/journal/meson.build index eb66bfd584a..270592f2aca 100644 --- a/src/journal/meson.build +++ b/src/journal/meson.build @@ -49,8 +49,6 @@ systemd_cat_sources = files('cat.c') journalctl_sources = files(''' journalctl.c - pcre2-dlopen.c - pcre2-dlopen.h '''.split()) if install_sysconfdir_samples diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c index 4d93e7eabaa..6d9fcfbbf2a 100644 --- a/src/shared/elf-util.c +++ b/src/shared/elf-util.c @@ -80,7 +80,7 @@ unsigned int (*sym_elf_version)(unsigned int); GElf_Phdr *(*sym_gelf_getphdr)(Elf *, int, GElf_Phdr *); size_t (*sym_gelf_getnote)(Elf_Data *, size_t, GElf_Nhdr *, size_t *, size_t *); -static int dlopen_dw(void) { +int dlopen_dw(void) { int r; r = dlopen_many_sym_or_warn( @@ -123,7 +123,7 @@ static int dlopen_dw(void) { return 1; } -static int dlopen_elf(void) { +int dlopen_elf(void) { int r; r = dlopen_many_sym_or_warn( diff --git a/src/shared/elf-util.h b/src/shared/elf-util.h index cf3d9be1284..b28e64cea65 100644 --- a/src/shared/elf-util.h +++ b/src/shared/elf-util.h @@ -4,6 +4,9 @@ #include "json.h" #if HAVE_ELFUTILS +int dlopen_dw(void); +int dlopen_elf(void); + /* Parse an ELF object in a forked process, so that errors while iterating over * untrusted and potentially malicious data do not propagate to the main caller's process. * If fork_disable_dump, the child process will not dump core if it crashes. */ diff --git a/src/shared/meson.build b/src/shared/meson.build index 5dc58a863d4..006310a9171 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -241,6 +241,8 @@ shared_sources = files(''' parse-argument.h parse-socket-bind-item.c parse-socket-bind-item.h + pcre2-dlopen.c + pcre2-dlopen.h pe-header.h pkcs11-util.c pkcs11-util.h diff --git a/src/journal/pcre2-dlopen.c b/src/shared/pcre2-dlopen.c similarity index 100% rename from src/journal/pcre2-dlopen.c rename to src/shared/pcre2-dlopen.c diff --git a/src/journal/pcre2-dlopen.h b/src/shared/pcre2-dlopen.h similarity index 100% rename from src/journal/pcre2-dlopen.h rename to src/shared/pcre2-dlopen.h diff --git a/src/test/test-dlopen-so.c b/src/test/test-dlopen-so.c index ea2ef31b1fd..002f666ed85 100644 --- a/src/test/test-dlopen-so.c +++ b/src/test/test-dlopen-so.c @@ -5,10 +5,12 @@ #include "bpf-dlopen.h" #include "cryptsetup-util.h" +#include "elf-util.h" #include "idn-util.h" #include "libfido2-util.h" #include "macro.h" #include "main-func.h" +#include "pcre2-dlopen.h" #include "pwquality-util.h" #include "qrcode-util.h" #include "tests.h" @@ -49,6 +51,15 @@ static int run(int argc, char **argv) { assert_se(dlopen_bpf() >= 0); #endif +#if HAVE_ELFUTILS + assert_se(dlopen_dw() >= 0); + assert_se(dlopen_elf() >= 0); +#endif + +#if HAVE_PCRE2 + assert_se(dlopen_pcre2() >= 0); +#endif + return 0; } From b707664eeed77be0c06f8e8dbeeb7e3ba9dcba5c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 3 Mar 2022 18:31:48 +0100 Subject: [PATCH 229/703] killall: show PID of processes killed in final killing spree Let's show the PID of killed processes in all cases, to make debugging easier. See: https://lists.freedesktop.org/archives/systemd-devel/2022-March/047504.html (cherry picked from commit 94ce42bcb6288583bfa8995aa705d99a9221f47e) --- src/shared/killall.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/shared/killall.c b/src/shared/killall.c index 343c2dc42c0..35180870a86 100644 --- a/src/shared/killall.c +++ b/src/shared/killall.c @@ -81,15 +81,16 @@ static bool ignore_proc(pid_t pid, bool warn_rootfs) { static void log_children_no_yet_killed(Set *pids) { _cleanup_free_ char *lst_child = NULL; void *p; + int r; SET_FOREACH(p, pids) { _cleanup_free_ char *s = NULL; - char fallback[DECIMAL_STR_MAX(pid_t)]; - - if (get_process_comm(PTR_TO_PID(p), &s) < 0) - xsprintf(fallback, PID_FMT, PTR_TO_PID(p)); - if (!strextend(&lst_child, ", ", s ?: fallback)) + if (get_process_comm(PTR_TO_PID(p), &s) >= 0) + r = strextendf(&lst_child, ", " PID_FMT " (%s)", PTR_TO_PID(p), s); + else + r = strextendf(&lst_child, ", " PID_FMT, PTR_TO_PID(p)); + if (r < 0) return (void) log_oom(); } From 6b37adf4a16c8f7e917dfd9f19dab259cda878b2 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Wed, 2 Mar 2022 22:03:26 +0100 Subject: [PATCH 230/703] core: check size before mmap The data type off_t can be 64 on 32 bit systems if they have large file support. Since mmap expects a size_t with 32 bits as second argument truncation could occur. At worst these huge files could lead to mmaps smaller than the previous check for small files. This in turn shouldn't have a lot of impact because mmap allocates at page size boundaries. This also made the PAGE_ALIGN call in open_mmap unneeded. In fact it was neither in sync with other mmap calls nor with its own munmap counterpart in error path. If such large files are encountered, which is very unlikely in these code paths, treat them with the same error as if they are too small. (cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7) --- src/basic/fileio.h | 6 ++++++ src/basic/locale-util.c | 4 ++++ src/boot/bootctl.c | 2 +- src/libsystemd/sd-hwdb/sd-hwdb.c | 4 ++++ src/libsystemd/sd-journal/catalog.c | 4 ++-- src/libsystemd/sd-journal/compress.c | 4 ++++ 6 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/basic/fileio.h b/src/basic/fileio.h index cea3dd893d1..9151d8237a8 100644 --- a/src/basic/fileio.h +++ b/src/basic/fileio.h @@ -110,6 +110,12 @@ typedef enum ReadLineFlags { int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret); +static inline bool file_offset_beyond_memory_size(off_t x) { + if (x < 0) /* off_t is signed, filter that out */ + return false; + return (uint64_t) x > (uint64_t) SIZE_MAX; +} + static inline int read_line(FILE *f, size_t limit, char **ret) { return read_line_full(f, limit, 0, ret); } diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index 7f1a2f15f71..cb99641263b 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -14,6 +14,7 @@ #include "dirent-util.h" #include "env-util.h" #include "fd-util.h" +#include "fileio.h" #include "hashmap.h" #include "locale-util.h" #include "path-util.h" @@ -112,6 +113,9 @@ static int add_locales_from_archive(Set *locales) { if (st.st_size < (off_t) sizeof(struct locarhead)) return -EBADMSG; + if (file_offset_beyond_memory_size(st.st_size)) + return -EFBIG; + p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); if (p == MAP_FAILED) return -errno; diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index edc9ef4be96..ebe25751262 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -210,7 +210,7 @@ static int get_file_version(int fd, char **v) { if (r < 0) return log_error_errno(r, "EFI binary is not a regular file: %m"); - if (st.st_size < 27) { + if (st.st_size < 27 || file_offset_beyond_memory_size(st.st_size)) { *v = NULL; return 0; } diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c index 53601765fe7..748cf269349 100644 --- a/src/libsystemd/sd-hwdb/sd-hwdb.c +++ b/src/libsystemd/sd-hwdb/sd-hwdb.c @@ -15,6 +15,7 @@ #include "alloc-util.h" #include "fd-util.h" +#include "fileio.h" #include "hashmap.h" #include "hwdb-internal.h" #include "nulstr-util.h" @@ -312,6 +313,9 @@ _public_ int sd_hwdb_new(sd_hwdb **ret) { if (hwdb->st.st_size < (off_t) offsetof(struct trie_header_f, strings_len) + 8) return log_debug_errno(SYNTHETIC_ERRNO(EIO), "File %s is too short: %m", hwdb_bin_path); + if (file_offset_beyond_memory_size(hwdb->st.st_size)) + return log_debug_errno(SYNTHETIC_ERRNO(EFBIG), + "File %s is too long: %m", hwdb_bin_path); hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0); if (hwdb->map == MAP_FAILED) diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c index 4a2ba02ad0e..8fc87b131a8 100644 --- a/src/libsystemd/sd-journal/catalog.c +++ b/src/libsystemd/sd-journal/catalog.c @@ -524,10 +524,10 @@ static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p if (fstat(fd, &st) < 0) return -errno; - if (st.st_size < (off_t) sizeof(CatalogHeader)) + if (st.st_size < (off_t) sizeof(CatalogHeader) || file_offset_beyond_memory_size(st.st_size)) return -EINVAL; - p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0); + p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); if (p == MAP_FAILED) return -errno; diff --git a/src/libsystemd/sd-journal/compress.c b/src/libsystemd/sd-journal/compress.c index 837abab76c8..cb2e82667f7 100644 --- a/src/libsystemd/sd-journal/compress.c +++ b/src/libsystemd/sd-journal/compress.c @@ -25,6 +25,7 @@ #include "alloc-util.h" #include "compress.h" #include "fd-util.h" +#include "fileio.h" #include "io-util.h" #include "journal-def.h" #include "macro.h" @@ -807,6 +808,9 @@ int decompress_stream_lz4(int in, int out, uint64_t max_bytes) { if (fstat(in, &st) < 0) return log_debug_errno(errno, "fstat() failed: %m"); + if (file_offset_beyond_memory_size(st.st_size)) + return -EFBIG; + buf = malloc(LZ4_BUFSIZE); if (!buf) return -ENOMEM; From 7be5734d02c990ebb7b67fbc77b9c8fe16d96139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Thu, 3 Mar 2022 11:42:41 +0100 Subject: [PATCH 231/703] sd-stub: do not print warning if filesystem is not supported Do not print a warning in case we try to load the file system protocol for an unsupported file system, just return EFI_SUCCESS instead. (cherry picked from commit 178d598b5fae36fa9d54c30668771f9c626724f6) --- src/boot/efi/cpio.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/boot/efi/cpio.c b/src/boot/efi/cpio.c index 74610cc1c7f..cf7a3ec1374 100644 --- a/src/boot/efi/cpio.c +++ b/src/boot/efi/cpio.c @@ -324,6 +324,7 @@ EFI_STATUS pack_cpio( _cleanup_freepool_ void *buffer = NULL; UINT32 inode = 1; /* inode counter, so that each item gets a new inode */ EFI_STATUS err; + EFI_FILE_IO_INTERFACE *volume; assert(loaded_image); assert(target_dir_prefix); @@ -336,9 +337,24 @@ EFI_STATUS pack_cpio( return EFI_SUCCESS; } - root = LibOpenRoot(loaded_image->DeviceHandle); - if (!root) - return log_error_status_stall(EFI_LOAD_ERROR, L"Unable to open root directory."); + err = BS->HandleProtocol(loaded_image->DeviceHandle, + &FileSystemProtocol, (void*)&volume); + /* Error will be unsupported if the bootloader doesn't implement the + * file system protocol on its file handles. + */ + if (err == EFI_UNSUPPORTED) { + *ret_buffer = NULL; + *ret_buffer_size = 0; + return EFI_SUCCESS; + } + if (EFI_ERROR(err)) + return log_error_status_stall( + err, L"Unable to load file system protocol: %r", err); + + err = volume->OpenVolume(volume, &root); + if (EFI_ERROR(err)) + return log_error_status_stall( + err, L"Unable to open root directory: %r", err); if (!dropin_dir) dropin_dir = rel_dropin_dir = xpool_print(L"%D.extra.d", loaded_image->FilePath); From 543c73300e3b9298e5316555bf4df6ff7dfc210f Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 3 Mar 2022 15:58:24 +0100 Subject: [PATCH 232/703] devnode-acl: use _cleanup_ to free acl_t (cherry picked from commit 203ea2c8f158288fea56c5be980715b2b7e002fe) --- src/shared/devnode-acl.c | 73 ++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 48 deletions(-) diff --git a/src/shared/devnode-acl.c b/src/shared/devnode-acl.c index 89ff566832b..d2b78f392a8 100644 --- a/src/shared/devnode-acl.c +++ b/src/shared/devnode-acl.c @@ -52,8 +52,8 @@ int devnode_acl(const char *path, bool del, uid_t old_uid, bool add, uid_t new_uid) { - acl_t acl; - int r = 0; + _cleanup_(acl_freep) acl_t acl = NULL; + int r; bool changed = false; assert(path); @@ -66,7 +66,7 @@ int devnode_acl(const char *path, r = flush_acl(acl); if (r < 0) - goto finish; + return r; if (r > 0) changed = true; @@ -75,13 +75,11 @@ int devnode_acl(const char *path, r = acl_find_uid(acl, old_uid, &entry); if (r < 0) - goto finish; + return r; if (r > 0) { - if (acl_delete_entry(acl, entry) < 0) { - r = -errno; - goto finish; - } + if (acl_delete_entry(acl, entry) < 0) + return -errno; changed = true; } @@ -94,68 +92,47 @@ int devnode_acl(const char *path, r = acl_find_uid(acl, new_uid, &entry); if (r < 0) - goto finish; + return r; if (r == 0) { - if (acl_create_entry(&acl, &entry) < 0) { - r = -errno; - goto finish; - } + if (acl_create_entry(&acl, &entry) < 0) + return -errno; if (acl_set_tag_type(entry, ACL_USER) < 0 || - acl_set_qualifier(entry, &new_uid) < 0) { - r = -errno; - goto finish; - } + acl_set_qualifier(entry, &new_uid) < 0) + return -errno; } - if (acl_get_permset(entry, &permset) < 0) { - r = -errno; - goto finish; - } + if (acl_get_permset(entry, &permset) < 0) + return -errno; rd = acl_get_perm(permset, ACL_READ); - if (rd < 0) { - r = -errno; - goto finish; - } + if (rd < 0) + return -errno; wt = acl_get_perm(permset, ACL_WRITE); - if (wt < 0) { - r = -errno; - goto finish; - } + if (wt < 0) + return -errno; if (!rd || !wt) { - if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) { - r = -errno; - goto finish; - } + if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) + return -errno; changed = true; } } if (!changed) - goto finish; - - if (acl_calc_mask(&acl) < 0) { - r = -errno; - goto finish; - } - - if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) { - r = -errno; - goto finish; - } + return 0; - r = 0; + if (acl_calc_mask(&acl) < 0) + return -errno; -finish: - acl_free(acl); + if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) + return -errno; - return r; + return 0; } int devnode_acl_all(const char *seat, From b634a0a6157f84a292f279a83cc8b1a2f283db10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 14:03:50 +0100 Subject: [PATCH 233/703] man: drop outdated info about polkit in pid1 Fixes #22648. (cherry picked from commit 46d362f406e1a75fc8f924b9b16d5d352be6d081) --- man/org.freedesktop.systemd1.xml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index bd69a00b57c..6781f8df51f 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -30,23 +30,19 @@ The service manager exposes a number of objects on the bus: one Manager object as a central entry point for clients along with individual objects - for each unit and for each queued job. The unit objects each implement a generic + for each unit and for each queued job. The unit objects implement a generic Unit interface as well as a type-specific interface. For example, service units implement both org.freedesktop.systemd1.Unit and org.freedesktop.system1.Service. The manager object can list - unit and job objects or directly convert a unit name or job id into a bus path of the corresponding + unit and job objects or directly convert a unit name or job identifier to a bus path of the corresponding D-Bus object. - Properties exposing time values are usually encoded in microseconds (usec) on the bus, even if + Properties exposing time values are usually encoded in microseconds (µs) on the bus, even if their corresponding settings in the unit files are in seconds. - In contrast to most of the other services of the systemd suite, PID 1 does not use - polkit - for controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy - language. (This is done in order to avoid a cyclic dependency between polkit and systemd/PID 1.) This - means that sensitive operations exposed by PID 1 on the bus are generally not available to unprivileged - processes directly. However, some operations (such as shutdown/reboot/suspend) are made available through the D-Bus - API of logind, see + PID 1 uses polkit to + allow access to privileged operations for unprivileged processes. Some operations (such as + shutdown/reboot/suspend) are also available through the D-Bus API of logind, see org.freedesktop.login15. From 61c143b08c802b069543d938ef85f425ad9ba402 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 14:13:56 +0100 Subject: [PATCH 234/703] man: say that we ignore ignored options Fixes #22057. (cherry picked from commit 382586894b9c09974aa734a1f77d3f6f69126d76) --- man/systemd.unit.xml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 2a44b8cfd8e..f17fa66b110 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -126,13 +126,11 @@ @ and the unit type suffix. In the unit file itself, the instance parameter may be referred to using %i and other specifiers, see below. - Unit files may contain additional options on top of those - listed here. If systemd encounters an unknown option, it will - write a warning log message but continue loading the unit. If an - option or section name is prefixed with , it is - ignored completely by systemd. Options within an ignored section - do not need the prefix. Applications may use this to include - additional information in the unit files. + Unit files may contain additional options on top of those listed here. If systemd encounters an + unknown option, it will write a warning log message but continue loading the unit. If an option or + section name is prefixed with , it is ignored completely by systemd. Options within an + ignored section do not need the prefix. Applications may use this to include additional information in + the unit files. To access those options, applications need to parse the unit files on their own. Units can be aliased (have an alternative name), by creating a symlink from the new name to the existing name in one of the unit search paths. For example, systemd-networkd.service From 8e4c2215851c59eecda513b48820049656192231 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 15:23:17 +0100 Subject: [PATCH 235/703] man: fix formatting of macros in sd_bus_add_object docbook would convert the newline to a space before the first argument: SD_BUS_METHOD_WITH_ARGS( member, args, result, handler) And we need each item in a separate , otherwise they'll all be in one line. (cherry picked from commit 3c080282e928a7edfcdb74feb2139ef1ac6f2ad0) --- man/sd_bus_add_object.xml | 41 ++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml index 54683e4f118..dcf9377ffdd 100644 --- a/man/sd_bus_add_object.xml +++ b/man/sd_bus_add_object.xml @@ -128,8 +128,7 @@ SD_BUS_VTABLE_END - SD_BUS_METHOD_WITH_ARGS_OFFSET( - member, + SD_BUS_METHOD_WITH_ARGS_OFFSET(member, args, result, handler, @@ -138,8 +137,7 @@ - SD_BUS_METHOD_WITH_ARGS( - member, + SD_BUS_METHOD_WITH_ARGS(member, args, result, handler, @@ -147,8 +145,7 @@ - SD_BUS_METHOD_WITH_NAMES_OFFSET( - member, + SD_BUS_METHOD_WITH_NAMES_OFFSET(member, signature, in_names, result, @@ -159,8 +156,7 @@ - SD_BUS_METHOD_WITH_NAMES( - member, + SD_BUS_METHOD_WITH_NAMES(member, signature, in_names, result, @@ -170,8 +166,7 @@ - SD_BUS_METHOD_WITH_OFFSET( - member, + SD_BUS_METHOD_WITH_OFFSET(member, signature, result, handler, @@ -180,8 +175,7 @@ - SD_BUS_METHOD( - member, + SD_BUS_METHOD(member, signature, result, handler, @@ -189,30 +183,26 @@ - SD_BUS_SIGNAL_WITH_ARGS( - member, + SD_BUS_SIGNAL_WITH_ARGS(member, args, flags) - SD_BUS_SIGNAL_WITH_NAMES( - member, + SD_BUS_SIGNAL_WITH_NAMES(member, signature, names, flags) - SD_BUS_SIGNAL( - member, + SD_BUS_SIGNAL(member, signature, flags) - SD_BUS_WRITABLE_PROPERTY( - member, + SD_BUS_WRITABLE_PROPERTY(member, signature, get, set, @@ -221,8 +211,7 @@ - SD_BUS_PROPERTY( - member, + SD_BUS_PROPERTY(member, signature, get, offset, @@ -231,9 +220,17 @@ SD_BUS_PARAM(name) + + SD_BUS_ARGS(...) + + SD_BUS_RESULT(...) + + SD_BUS_NO_ARGS + + SD_BUS_NO_RESULT From dd5ddebef57fb07273e1920d5d6337909ae2f0e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 15:41:31 +0100 Subject: [PATCH 236/703] man: describe capability checks on the bus A description of SD_BUS_VTABLE_CAPABILITY is added, and the discussion on SD_BUS_VTABLE_UNPRIVILEGED in expanded. I think it would be nice to add longer description of how access is checked (maybe in sd-bus(3)), but I'm leaving that for later. I think the text that was added here describes everything, even if tersely. Fixes #21882. (cherry picked from commit b4e7d7555e6266ff566a17eb5f616b365771028f) --- man/rules/meson.build | 1 + man/sd_bus_add_object.xml | 61 ++++++++++++++++++++++++----- src/libsystemd/sd-bus/bus-objects.c | 8 ++-- 3 files changed, 55 insertions(+), 15 deletions(-) diff --git a/man/rules/meson.build b/man/rules/meson.build index b689b1c1af6..26ac25dbdda 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -158,6 +158,7 @@ manpages = [ 'SD_BUS_PROPERTY', 'SD_BUS_SIGNAL', 'SD_BUS_SIGNAL_WITH_NAMES', + 'SD_BUS_VTABLE_CAPABILITY', 'SD_BUS_VTABLE_END', 'SD_BUS_VTABLE_START', 'SD_BUS_WRITABLE_PROPERTY', diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml index dcf9377ffdd..3249b7f98de 100644 --- a/man/sd_bus_add_object.xml +++ b/man/sd_bus_add_object.xml @@ -22,6 +22,7 @@ sd_bus_add_object_vtable sd_bus_add_fallback_vtable sd_bus_add_filter + SD_BUS_VTABLE_CAPABILITY SD_BUS_VTABLE_START SD_BUS_VTABLE_END SD_BUS_METHOD_WITH_NAMES_OFFSET @@ -121,6 +122,10 @@ void *userdata + + SD_BUS_VTABLE_CAPABILITY(capability) + + SD_BUS_VTABLE_START(flags) @@ -334,10 +339,12 @@ - SD_BUS_VTABLE_START() + SD_BUS_VTABLE_START(flags) SD_BUS_VTABLE_END - Those must always be the first and last element. + Those must always be the first and last element. The + flags parameter can be used to set attributes that apply to the whole + array; see the "Flags" section below. @@ -494,14 +501,6 @@ hidden. - - SD_BUS_VTABLE_UNPRIVILEGED - - Mark this vtable entry as unprivileged. If not specified, the - org.freedesktop.systemd1.Privileged annotation with value - true will be shown in introspection data. - - SD_BUS_VTABLE_METHOD_NO_REPLY @@ -558,6 +557,48 @@ passed directly, converted to a pointer, without taking the user data pointer specified during vtable registration into account. + + + SD_BUS_VTABLE_CAPABILITY(capability) + + Access to this vtable entry will be allowed if the calling proccess has the + capability capability, as described in + sd_bus_query_sender_privilege3. + If used for SD_BUS_VTABLE_START(), provides a default for all entries in the + array. If not specified, either for an individual entry or the whole array, + CAP_SYS_ADMIN is checked by default. See capabilities7 + for information about capabilities. + + Note that vtable entries may be marked as unprivileged and the whole bus may be marked as + trusted, see the discussion of SD_BUS_VTABLE_UNPRIVILEGED below. + + + + + SD_BUS_VTABLE_UNPRIVILEGED + + Mark this vtable entry as unprivileged. Access to privileged entries is limited to + users with appropriate capabilities as described above. In practice many vtable entries are marked + as unprivileged, and either are open to everyone, or the decision whether to allow access is taken + later, e.g. by delegating to polkit. + + The whole bus may be marked as trusted, in which case annotations at the entry level are + ignored, see + sd_bus_set_trusted3. + + + When not specified, the + org.freedesktop.systemd1.Privileged annotation with value + true will be shown in introspection data. + + Note that this page describes checks implemented in the D-Bus client. The D-Bus server has an + additional policy that may permit or deny connections, see + "CONFIGURATION FILE" in + dbus-daemon1. + + diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c index bf69539062d..28d83367182 100644 --- a/src/libsystemd/sd-bus/bus-objects.c +++ b/src/libsystemd/sd-bus/bus-objects.c @@ -316,11 +316,9 @@ static int check_access(sd_bus *bus, sd_bus_message *m, struct vtable_member *c, if (c->vtable->flags & SD_BUS_VTABLE_UNPRIVILEGED) return 0; - /* Check have the caller has the requested capability - * set. Note that the flags value contains the capability - * number plus one, which we need to subtract here. We do this - * so that we have 0 as special value for "default - * capability". */ + /* Check that the caller has the requested capability set. Note that the flags value contains the + * capability number plus one, which we need to subtract here. We do this so that we have 0 as + * special value for the default. */ cap = CAPABILITY_SHIFT(c->vtable->flags); if (cap == 0) cap = CAPABILITY_SHIFT(c->parent->vtable[0].flags); From 6802c4dc8aa31fb07980d5479800b10c488192f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 16:07:19 +0100 Subject: [PATCH 237/703] man: tweak description of auto/noauto I think the current behaviour is stupid: 'x-systemd.automount,noauto' should mean that we create the units, but don't add .mount or .automount to any targets. Instead, we completely ignore 'noauto'. But let's at least describe the implementation. Text suggested by dpartrid in the bug. Fixes #21040. (cherry picked from commit 55fabe92e2efb1a907d4c3c93dc63b96ff5b6860) --- man/systemd.mount.xml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index 6b0efb68df4..6d21d32778b 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -399,11 +399,13 @@ With , the mount unit will not be added as a dependency for - local-fs.target or remote-fs.target. This means that it will not be - mounted automatically during boot, unless it is pulled in by some other unit. The option - has the opposite meaning and is the default. Note that the option has an effect on the - mount unit itself only — if is used (see above), then the matching - automount unit will still be pulled in by these targets. + local-fs.target or remote-fs.target. This means that it + will not be mounted automatically during boot, unless it is pulled in by some other unit. The + option has the opposite meaning and is the default. + + Note that if (see above) is used, neither + nor have any effect. The matching automount unit will + be added as a dependency to the appropriate target. From f1928ef819f4e9537c6e52e83f961eb2660e92e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 16:26:12 +0100 Subject: [PATCH 238/703] man: describe UNIT=/USER_UNIT= Fixes 17538. (cherry picked from commit c1d1742a7f6a65f60dce1a4f22a22d443493757c) --- man/systemd.journal-fields.xml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index 241d60f673c..d50e89f0bb9 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -145,7 +145,7 @@ A documentation URL with further information about the topic of the log message. Tools such as journalctl will include a hyperlink to an URL specified this way in their - output. Should be a http://, https://, + output. Should be an http://, https://, file:/, man: or info: URL. @@ -156,6 +156,21 @@ The numeric thread ID (TID) the log message originates from. + + + UNIT= + USER_UNIT= + + The name of a unit. Used by the system and user managers when logging about specific + units. + + When or + are used with + journalctl1, a + match pattern that includes UNIT=name.service or + USER_UNIT=name.service will be generated. + + From 7302937a08dcc33186eaf4bc3e7bc58af4979ffe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2022 16:39:34 +0100 Subject: [PATCH 239/703] journalctl: advertise --header a bit more Fixes #2738. (cherry picked from commit 367a5e8a67bbc2b5e03ca1a3e5a601ef49b5bd2a) --- man/journalctl.xml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 9e784f3d3c5..424acc9f163 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -85,10 +85,10 @@ , , etc., to further limit what entries will be shown (logical AND). - Output is interleaved from all accessible journal files, - whether they are rotated or currently being written, and - regardless of whether they belong to the system itself or are - accessible user journals. + Output is interleaved from all accessible journal files, whether they are rotated or currently + being written, and regardless of whether they belong to the system itself or are accessible user + journals. The option can be used to identify which files + are being shown. The set of journal files which will be used can be modified using the , @@ -794,9 +794,11 @@ - Instead of showing journal contents, show - internal header information of the journal fields - accessed. + Instead of showing journal contents, show internal header information of the journal + fields accessed. + + This option is particularly useful when trying to identify out-of-order journal entries, as + happens for example when the machine is booted with the wrong system time. From c76aba2b24bd76a2e4622d7172f9e32ff7973182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 2 Mar 2022 14:49:32 +0100 Subject: [PATCH 240/703] meson: do not use split() in file lists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The approach to use '''…'''.split() instead of a list of strings was initially used when converting from automake because it allowed identical blocks of lines to be used for both, making the conversion easier. But over the years we have been using normal lists more and more, especially when there were just a few filenames listed. This converts the rest. No functional change. (cherry picked from commit f1b98127ff6320648cc3dc876f3b6a5aa3af204b) --- catalog/meson.build | 27 +- hwdb.d/meson.build | 60 ++- rules.d/meson.build | 49 +-- src/analyze/meson.build | 21 +- src/basic/meson.build | 515 +++++++++++----------- src/coredump/meson.build | 9 +- src/home/meson.build | 142 +++--- src/journal-remote/meson.build | 37 +- src/journal/meson.build | 58 ++- src/libsystemd-network/meson.build | 89 ++-- src/libsystemd/meson.build | 176 ++++---- src/locale/meson.build | 9 +- src/login/meson.build | 83 ++-- src/machine/meson.build | 34 +- src/network/meson.build | 389 ++++++++-------- src/nspawn/meson.build | 59 ++- src/oom/meson.build | 21 +- src/partition/meson.build | 4 +- src/portable/meson.build | 25 +- src/pstore/meson.build | 4 +- src/resolve/meson.build | 151 ++++--- src/shared/meson.build | 686 ++++++++++++++--------------- src/shutdown/meson.build | 9 +- src/sysext/meson.build | 4 +- src/systemd/meson.build | 66 ++- src/udev/meson.build | 82 ++-- src/userdb/meson.build | 17 +- 27 files changed, 1382 insertions(+), 1444 deletions(-) diff --git a/catalog/meson.build b/catalog/meson.build index 7139c2e0531..83c22d7d368 100644 --- a/catalog/meson.build +++ b/catalog/meson.build @@ -1,19 +1,18 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -in_files = ''' - systemd.bg.catalog - systemd.be.catalog - systemd.be@latin.catalog - systemd.de.catalog - systemd.fr.catalog - systemd.it.catalog - systemd.pl.catalog - systemd.pt_BR.catalog - systemd.ru.catalog - systemd.zh_CN.catalog - systemd.zh_TW.catalog - systemd.catalog -'''.split() +in_files = [ + 'systemd.bg.catalog', + 'systemd.be.catalog', + 'systemd.be@latin.catalog', + 'systemd.de.catalog', + 'systemd.fr.catalog', + 'systemd.it.catalog', + 'systemd.pl.catalog', + 'systemd.pt_BR.catalog', + 'systemd.ru.catalog', + 'systemd.zh_CN.catalog', + 'systemd.zh_TW.catalog', + 'systemd.catalog'] support_url = get_option('support-url') support_sed = 's~%SUPPORT_URL%~@0@~'.format(support_url) diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build index 8ff044131c0..4363d67cb3b 100644 --- a/hwdb.d/meson.build +++ b/hwdb.d/meson.build @@ -3,38 +3,36 @@ # Those files right now are not supported by the grammar. Also, # they are very long but quite repetitive and the parser is not very fast. # So we don't "test" them. -hwdb_files_notest = files(''' - README - 20-dmi-id.hwdb - 20-pci-vendor-model.hwdb - 20-pci-classes.hwdb - 20-usb-vendor-model.hwdb - 20-usb-classes.hwdb - 20-sdio-vendor-model.hwdb - 20-sdio-classes.hwdb - 20-bluetooth-vendor-product.hwdb - 20-acpi-vendor.hwdb - 20-OUI.hwdb - 20-net-ifname.hwdb - 20-vmbus-class.hwdb -'''.split()) +hwdb_files_notest = files( + 'README', + '20-dmi-id.hwdb', + '20-pci-vendor-model.hwdb', + '20-pci-classes.hwdb', + '20-usb-vendor-model.hwdb', + '20-usb-classes.hwdb', + '20-sdio-vendor-model.hwdb', + '20-sdio-classes.hwdb', + '20-bluetooth-vendor-product.hwdb', + '20-acpi-vendor.hwdb', + '20-OUI.hwdb', + '20-net-ifname.hwdb', + '20-vmbus-class.hwdb') -hwdb_files_test = files(''' - 60-autosuspend.hwdb - 60-autosuspend-fingerprint-reader.hwdb - 60-evdev.hwdb - 60-input-id.hwdb - 60-keyboard.hwdb - 60-seat.hwdb - 60-sensor.hwdb - 70-analyzers.hwdb - 70-cameras.hwdb - 70-joystick.hwdb - 70-mouse.hwdb - 70-pointingstick.hwdb - 70-touchpad.hwdb - 80-ieee1394-unit-function.hwdb -'''.split()) +hwdb_files_test = files( + '60-autosuspend.hwdb', + '60-autosuspend-fingerprint-reader.hwdb', + '60-evdev.hwdb', + '60-input-id.hwdb', + '60-keyboard.hwdb', + '60-seat.hwdb', + '60-sensor.hwdb', + '70-analyzers.hwdb', + '70-cameras.hwdb', + '70-joystick.hwdb', + '70-mouse.hwdb', + '70-pointingstick.hwdb', + '70-touchpad.hwdb', + '80-ieee1394-unit-function.hwdb') if conf.get('ENABLE_HWDB') == 1 auto_suspend_rules = custom_target( diff --git a/rules.d/meson.build b/rules.d/meson.build index 5cecddb34f6..e6533e001a5 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build @@ -4,31 +4,30 @@ install_data( 'README', install_dir : udevrulesdir) -rules = files(''' - 60-autosuspend.rules - 60-block.rules - 60-cdrom_id.rules - 60-drm.rules - 60-evdev.rules - 60-fido-id.rules - 60-input-id.rules - 60-persistent-alsa.rules - 60-persistent-input.rules - 60-persistent-storage.rules - 60-persistent-storage-tape.rules - 60-persistent-v4l.rules - 60-sensor.rules - 60-serial.rules - 70-camera.rules - 70-joystick.rules - 70-mouse.rules - 70-touchpad.rules - 75-net-description.rules - 75-probe_mtd.rules - 78-sound-card.rules - 80-net-setup-link.rules - 81-net-dhcp.rules -'''.split()) +rules = files( + '60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', + '60-drm.rules', + '60-evdev.rules', + '60-fido-id.rules', + '60-input-id.rules', + '60-persistent-alsa.rules', + '60-persistent-input.rules', + '60-persistent-storage.rules', + '60-persistent-storage-tape.rules', + '60-persistent-v4l.rules', + '60-sensor.rules', + '60-serial.rules', + '70-camera.rules', + '70-joystick.rules', + '70-mouse.rules', + '70-touchpad.rules', + '75-net-description.rules', + '75-probe_mtd.rules', + '78-sound-card.rules', + '80-net-setup-link.rules', + '81-net-dhcp.rules') if conf.get('HAVE_KMOD') == 1 rules += files('80-drivers.rules') diff --git a/src/analyze/meson.build b/src/analyze/meson.build index 492b79069fb..2713c9d3e7a 100644 --- a/src/analyze/meson.build +++ b/src/analyze/meson.build @@ -1,16 +1,15 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_analyze_sources = files(''' - analyze.c - analyze-condition.c - analyze-condition.h - analyze-elf.c - analyze-elf.h - analyze-verify.c - analyze-verify.h - analyze-security.c - analyze-security.h -'''.split()) +systemd_analyze_sources = files( + 'analyze.c', + 'analyze-condition.c', + 'analyze-condition.h', + 'analyze-elf.c', + 'analyze-elf.h', + 'analyze-verify.c', + 'analyze-verify.h', + 'analyze-security.c', + 'analyze-security.h') tests += [ [['src/analyze/test-verify.c', diff --git a/src/basic/meson.build b/src/basic/meson.build index 229ac97c69a..49e1e7f43e4 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -1,263 +1,262 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -basic_sources = files(''' - MurmurHash2.c - MurmurHash2.h - af-list.c - af-list.h - alloc-util.c - alloc-util.h - architecture.c - architecture.h - arphrd-util.c - arphrd-util.h - async.c - async.h - audit-util.c - audit-util.h - build.c - build.h - bus-label.c - bus-label.h - cap-list.c - cap-list.h - capability-util.c - capability-util.h - cgroup-util.c - cgroup-util.h - chase-symlinks.c - chase-symlinks.h - chattr-util.c - chattr-util.h - conf-files.c - conf-files.h - def.h - dirent-util.c - dirent-util.h - dns-def.h - efivars.c - efivars.h - env-file.c - env-file.h - env-util.c - env-util.h - errno-list.c - errno-list.h - errno-util.h - escape.c - escape.h - ether-addr-util.c - ether-addr-util.h - extract-word.c - extract-word.h - fd-util.c - fd-util.h - fileio.c - fileio.h - filesystems.c - filesystems.h - format-util.c - format-util.h - fs-util.c - fs-util.h - glob-util.c - glob-util.h - glyph-util.c - glyph-util.h - gunicode.c - gunicode.h - hash-funcs.c - hash-funcs.h - hashmap.c - hashmap.h - hexdecoct.c - hexdecoct.h - hmac.c - hmac.h - hostname-util.c - hostname-util.h - in-addr-util.c - in-addr-util.h - inotify-util.c - inotify-util.h - io-util.c - io-util.h - ioprio-util.c - ioprio-util.h - limits-util.c - limits-util.h - linux/btrfs.h - linux/btrfs_tree.h - linux/can/netlink.h - linux/can/vxcan.h - linux/cfm_bridge.h - linux/fib_rules.h - linux/fou.h - linux/genetlink.h - linux/hdlc/ioctl.h - linux/if.h - linux/if_addr.h - linux/if_bonding.h - linux/if_bridge.h - linux/if_ether.h - linux/if_link.h - linux/if_macsec.h - linux/if_tun.h - linux/if_tunnel.h - linux/in.h - linux/in6.h - linux/ipv6_route.h - linux/l2tp.h - linux/libc-compat.h - linux/mrp_bridge.h - linux/netdevice.h - linux/netfilter/nf_tables.h - linux/netfilter/nfnetlink.h - linux/netlink.h - linux/nexthop.h - linux/nl80211.h - linux/pkt_sched.h - linux/rtnetlink.h - linux/wireguard.h - list.h - locale-util.c - locale-util.h - log.c - log.h - login-util.c - login-util.h - macro.h - memfd-util.c - memfd-util.h - memory-util.c - memory-util.h - mempool.c - mempool.h - missing_audit.h - missing_capability.h - missing_drm.h - missing_fcntl.h - missing_fs.h - missing_input.h - missing_ioprio.h - missing_keyctl.h - missing_magic.h - missing_mman.h - missing_mount.h - missing_network.h - missing_prctl.h - missing_random.h - missing_resource.h - missing_sched.h - missing_securebits.h - missing_socket.h - missing_stat.h - missing_stdlib.h - missing_syscall.h - missing_timerfd.h - missing_type.h - mkdir.c - mkdir.h - mountpoint-util.c - mountpoint-util.h - namespace-util.c - namespace-util.h - nss-util.h - nulstr-util.c - nulstr-util.h - ordered-set.c - ordered-set.h - os-util.c - os-util.h - parse-util.c - parse-util.h - path-lookup.c - path-lookup.h - path-util.c - path-util.h - percent-util.c - percent-util.h - prioq.c - prioq.h - proc-cmdline.c - proc-cmdline.h - process-util.c - process-util.h - procfs-util.c - procfs-util.h - pthread-util.h - random-util.c - random-util.h - ratelimit.c - ratelimit.h - raw-clone.h - raw-reboot.h - recovery-key.c - recovery-key.h - recurse-dir.c - recurse-dir.h - replace-var.c - replace-var.h - rlimit-util.c - rlimit-util.h - set.h - sigbus.c - sigbus.h - signal-util.c - signal-util.h - siphash24.c - siphash24.h - socket-util.c - socket-util.h - sort-util.c - sort-util.h - sparse-endian.h - special.h - stat-util.c - stat-util.h - static-destruct.h - stdio-util.h - strbuf.c - strbuf.h - string-table.c - string-table.h - string-util.c - string-util.h - strv.c - strv.h - strxcpyx.c - strxcpyx.h - sync-util.c - sync-util.h - sysctl-util.c - sysctl-util.h - syslog-util.c - syslog-util.h - terminal-util.c - terminal-util.h - time-util.c - time-util.h - tmpfile-util.c - tmpfile-util.h - umask-util.h - unaligned.h - unit-def.c - unit-def.h - unit-file.c - unit-file.h - unit-name.c - unit-name.h - user-util.c - user-util.h - utf8.c - utf8.h - util.c - util.h - virt.c - virt.h - xattr-util.c - xattr-util.h -'''.split()) +basic_sources = files( + 'MurmurHash2.c', + 'MurmurHash2.h', + 'af-list.c', + 'af-list.h', + 'alloc-util.c', + 'alloc-util.h', + 'architecture.c', + 'architecture.h', + 'arphrd-util.c', + 'arphrd-util.h', + 'async.c', + 'async.h', + 'audit-util.c', + 'audit-util.h', + 'build.c', + 'build.h', + 'bus-label.c', + 'bus-label.h', + 'cap-list.c', + 'cap-list.h', + 'capability-util.c', + 'capability-util.h', + 'cgroup-util.c', + 'cgroup-util.h', + 'chase-symlinks.c', + 'chase-symlinks.h', + 'chattr-util.c', + 'chattr-util.h', + 'conf-files.c', + 'conf-files.h', + 'def.h', + 'dirent-util.c', + 'dirent-util.h', + 'dns-def.h', + 'efivars.c', + 'efivars.h', + 'env-file.c', + 'env-file.h', + 'env-util.c', + 'env-util.h', + 'errno-list.c', + 'errno-list.h', + 'errno-util.h', + 'escape.c', + 'escape.h', + 'ether-addr-util.c', + 'ether-addr-util.h', + 'extract-word.c', + 'extract-word.h', + 'fd-util.c', + 'fd-util.h', + 'fileio.c', + 'fileio.h', + 'filesystems.c', + 'filesystems.h', + 'format-util.c', + 'format-util.h', + 'fs-util.c', + 'fs-util.h', + 'glob-util.c', + 'glob-util.h', + 'glyph-util.c', + 'glyph-util.h', + 'gunicode.c', + 'gunicode.h', + 'hash-funcs.c', + 'hash-funcs.h', + 'hashmap.c', + 'hashmap.h', + 'hexdecoct.c', + 'hexdecoct.h', + 'hmac.c', + 'hmac.h', + 'hostname-util.c', + 'hostname-util.h', + 'in-addr-util.c', + 'in-addr-util.h', + 'inotify-util.c', + 'inotify-util.h', + 'io-util.c', + 'io-util.h', + 'ioprio-util.c', + 'ioprio-util.h', + 'limits-util.c', + 'limits-util.h', + 'linux/btrfs.h', + 'linux/btrfs_tree.h', + 'linux/can/netlink.h', + 'linux/can/vxcan.h', + 'linux/cfm_bridge.h', + 'linux/fib_rules.h', + 'linux/fou.h', + 'linux/genetlink.h', + 'linux/hdlc/ioctl.h', + 'linux/if.h', + 'linux/if_addr.h', + 'linux/if_bonding.h', + 'linux/if_bridge.h', + 'linux/if_ether.h', + 'linux/if_link.h', + 'linux/if_macsec.h', + 'linux/if_tun.h', + 'linux/if_tunnel.h', + 'linux/in.h', + 'linux/in6.h', + 'linux/ipv6_route.h', + 'linux/l2tp.h', + 'linux/libc-compat.h', + 'linux/mrp_bridge.h', + 'linux/netdevice.h', + 'linux/netfilter/nf_tables.h', + 'linux/netfilter/nfnetlink.h', + 'linux/netlink.h', + 'linux/nexthop.h', + 'linux/nl80211.h', + 'linux/pkt_sched.h', + 'linux/rtnetlink.h', + 'linux/wireguard.h', + 'list.h', + 'locale-util.c', + 'locale-util.h', + 'log.c', + 'log.h', + 'login-util.c', + 'login-util.h', + 'macro.h', + 'memfd-util.c', + 'memfd-util.h', + 'memory-util.c', + 'memory-util.h', + 'mempool.c', + 'mempool.h', + 'missing_audit.h', + 'missing_capability.h', + 'missing_drm.h', + 'missing_fcntl.h', + 'missing_fs.h', + 'missing_input.h', + 'missing_ioprio.h', + 'missing_keyctl.h', + 'missing_magic.h', + 'missing_mman.h', + 'missing_mount.h', + 'missing_network.h', + 'missing_prctl.h', + 'missing_random.h', + 'missing_resource.h', + 'missing_sched.h', + 'missing_securebits.h', + 'missing_socket.h', + 'missing_stat.h', + 'missing_stdlib.h', + 'missing_syscall.h', + 'missing_timerfd.h', + 'missing_type.h', + 'mkdir.c', + 'mkdir.h', + 'mountpoint-util.c', + 'mountpoint-util.h', + 'namespace-util.c', + 'namespace-util.h', + 'nss-util.h', + 'nulstr-util.c', + 'nulstr-util.h', + 'ordered-set.c', + 'ordered-set.h', + 'os-util.c', + 'os-util.h', + 'parse-util.c', + 'parse-util.h', + 'path-lookup.c', + 'path-lookup.h', + 'path-util.c', + 'path-util.h', + 'percent-util.c', + 'percent-util.h', + 'prioq.c', + 'prioq.h', + 'proc-cmdline.c', + 'proc-cmdline.h', + 'process-util.c', + 'process-util.h', + 'procfs-util.c', + 'procfs-util.h', + 'pthread-util.h', + 'random-util.c', + 'random-util.h', + 'ratelimit.c', + 'ratelimit.h', + 'raw-clone.h', + 'raw-reboot.h', + 'recovery-key.c', + 'recovery-key.h', + 'recurse-dir.c', + 'recurse-dir.h', + 'replace-var.c', + 'replace-var.h', + 'rlimit-util.c', + 'rlimit-util.h', + 'set.h', + 'sigbus.c', + 'sigbus.h', + 'signal-util.c', + 'signal-util.h', + 'siphash24.c', + 'siphash24.h', + 'socket-util.c', + 'socket-util.h', + 'sort-util.c', + 'sort-util.h', + 'sparse-endian.h', + 'special.h', + 'stat-util.c', + 'stat-util.h', + 'static-destruct.h', + 'stdio-util.h', + 'strbuf.c', + 'strbuf.h', + 'string-table.c', + 'string-table.h', + 'string-util.c', + 'string-util.h', + 'strv.c', + 'strv.h', + 'strxcpyx.c', + 'strxcpyx.h', + 'sync-util.c', + 'sync-util.h', + 'sysctl-util.c', + 'sysctl-util.h', + 'syslog-util.c', + 'syslog-util.h', + 'terminal-util.c', + 'terminal-util.h', + 'time-util.c', + 'time-util.h', + 'tmpfile-util.c', + 'tmpfile-util.h', + 'umask-util.h', + 'unaligned.h', + 'unit-def.c', + 'unit-def.h', + 'unit-file.c', + 'unit-file.h', + 'unit-name.c', + 'unit-name.h', + 'user-util.c', + 'user-util.h', + 'utf8.c', + 'utf8.h', + 'util.c', + 'util.h', + 'virt.c', + 'virt.h', + 'xattr-util.c', + 'xattr-util.h') missing_audit_h = files('missing_audit.h') missing_capability_h = files('missing_capability.h') diff --git a/src/coredump/meson.build b/src/coredump/meson.build index b832192c9f9..22a8837e288 100644 --- a/src/coredump/meson.build +++ b/src/coredump/meson.build @@ -1,10 +1,9 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_coredump_sources = files(''' - coredump.c - coredump-vacuum.c - coredump-vacuum.h -'''.split()) +systemd_coredump_sources = files( + 'coredump.c', + 'coredump-vacuum.c', + 'coredump-vacuum.h') coredumpctl_sources = files('coredumpctl.c') diff --git a/src/home/meson.build b/src/home/meson.build index 439eabc9bf1..2b48a1a1611 100644 --- a/src/home/meson.build +++ b/src/home/meson.build @@ -2,30 +2,29 @@ home_includes = [includes, include_directories('.')] -systemd_homework_sources = files(''' - home-util.c - home-util.h - homework-cifs.c - homework-cifs.h - homework-directory.c - homework-directory.h - homework-fido2.h - homework-fscrypt.c - homework-fscrypt.h - homework-luks.c - homework-luks.h - homework-mount.c - homework-mount.h - homework-password-cache.c - homework-password-cache.h - homework-pkcs11.h - homework-quota.c - homework-quota.h - homework.c - homework.h - user-record-util.c - user-record-util.h -'''.split()) +systemd_homework_sources = files( + 'home-util.c', + 'home-util.h', + 'homework-cifs.c', + 'homework-cifs.h', + 'homework-directory.c', + 'homework-directory.h', + 'homework-fido2.h', + 'homework-fscrypt.c', + 'homework-fscrypt.h', + 'homework-luks.c', + 'homework-luks.h', + 'homework-mount.c', + 'homework-mount.h', + 'homework-password-cache.c', + 'homework-password-cache.h', + 'homework-pkcs11.h', + 'homework-quota.c', + 'homework-quota.h', + 'homework.c', + 'homework.h', + 'user-record-util.c', + 'user-record-util.h') if conf.get('HAVE_P11KIT') == 1 systemd_homework_sources += files('homework-pkcs11.c') @@ -34,33 +33,32 @@ if conf.get('HAVE_LIBFIDO2') == 1 systemd_homework_sources += files('homework-fido2.c') endif -systemd_homed_sources = files(''' - home-util.c - home-util.h - homed-bus.c - homed-bus.h - homed-conf.c - homed-conf.h - homed-home-bus.c - homed-home-bus.h - homed-home.c - homed-home.h - homed-manager-bus.c - homed-manager-bus.h - homed-manager.c - homed-manager.h - homed-operation.c - homed-operation.h - homed-varlink.c - homed-varlink.h - homed.c - user-record-pwquality.c - user-record-pwquality.h - user-record-sign.c - user-record-sign.h - user-record-util.c - user-record-util.h -'''.split()) +systemd_homed_sources = files( + 'home-util.c', + 'home-util.h', + 'homed-bus.c', + 'homed-bus.h', + 'homed-conf.c', + 'homed-conf.h', + 'homed-home-bus.c', + 'homed-home-bus.h', + 'homed-home.c', + 'homed-home.h', + 'homed-manager-bus.c', + 'homed-manager-bus.h', + 'homed-manager.c', + 'homed-manager.h', + 'homed-operation.c', + 'homed-operation.h', + 'homed-varlink.c', + 'homed-varlink.h', + 'homed.c', + 'user-record-pwquality.c', + 'user-record-pwquality.h', + 'user-record-sign.c', + 'user-record-sign.h', + 'user-record-util.c', + 'user-record-util.h') homed_gperf_c = custom_target( 'homed_gperf.c', @@ -70,30 +68,28 @@ homed_gperf_c = custom_target( systemd_homed_sources += [homed_gperf_c] -homectl_sources = files(''' - home-util.c - home-util.h - homectl-fido2.c - homectl-fido2.h - homectl-pkcs11.c - homectl-pkcs11.h - homectl-recovery-key.c - homectl-recovery-key.h - homectl.c - user-record-pwquality.c - user-record-pwquality.h - user-record-util.c - user-record-util.h -'''.split()) +homectl_sources = files( + 'home-util.c', + 'home-util.h', + 'homectl-fido2.c', + 'homectl-fido2.h', + 'homectl-pkcs11.c', + 'homectl-pkcs11.h', + 'homectl-recovery-key.c', + 'homectl-recovery-key.h', + 'homectl.c', + 'user-record-pwquality.c', + 'user-record-pwquality.h', + 'user-record-util.c', + 'user-record-util.h') pam_systemd_home_sym = 'src/home/pam_systemd_home.sym' -pam_systemd_home_c = files(''' - home-util.c - home-util.h - pam_systemd_home.c - user-record-util.c - user-record-util.h -'''.split()) +pam_systemd_home_c = files( + 'home-util.c', + 'home-util.h', + 'pam_systemd_home.c', + 'user-record-util.c', + 'user-record-util.h') if conf.get('ENABLE_HOMED') == 1 install_data('org.freedesktop.home1.conf', diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build index 168d0ed6a30..1dc0d123009 100644 --- a/src/journal-remote/meson.build +++ b/src/journal-remote/meson.build @@ -1,19 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_journal_upload_sources = files(''' - journal-upload.h - journal-upload.c - journal-upload-journal.c -'''.split()) +systemd_journal_upload_sources = files( + 'journal-upload.h', + 'journal-upload.c', + 'journal-upload-journal.c') -libsystemd_journal_remote_sources = files(''' - journal-remote-parse.h - journal-remote-parse.c - journal-remote-write.h - journal-remote-write.c - journal-remote.h - journal-remote.c -'''.split()) +libsystemd_journal_remote_sources = files( + 'journal-remote-parse.h', + 'journal-remote-parse.c', + 'journal-remote-write.h', + 'journal-remote-write.c', + 'journal-remote.h', + 'journal-remote.c') if conf.get('HAVE_MICROHTTPD') == 1 libsystemd_journal_remote_sources += files( @@ -33,15 +31,12 @@ libsystemd_journal_remote = static_library( liblz4], build_by_default : false) -systemd_journal_remote_sources = files(''' - journal-remote-main.c -'''.split()) +systemd_journal_remote_sources = files('journal-remote-main.c') -systemd_journal_gatewayd_sources = files(''' - journal-gatewayd.c - microhttpd-util.h - microhttpd-util.c -'''.split()) +systemd_journal_gatewayd_sources = files( + 'journal-gatewayd.c', + 'microhttpd-util.h', + 'microhttpd-util.c') in_files = [ ['journal-upload.conf', diff --git a/src/journal/meson.build b/src/journal/meson.build index 270592f2aca..f70d98b035e 100644 --- a/src/journal/meson.build +++ b/src/journal/meson.build @@ -1,29 +1,28 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -sources = files(''' - journald-audit.c - journald-audit.h - journald-console.c - journald-console.h - journald-context.c - journald-context.h - journald-file.c - journald-file.h - journald-kmsg.c - journald-kmsg.h - journald-native.c - journald-native.h - journald-rate-limit.c - journald-rate-limit.h - journald-server.c - journald-server.h - journald-stream.c - journald-stream.h - journald-syslog.c - journald-syslog.h - journald-wall.c - journald-wall.h -'''.split()) +sources = files( + 'journald-audit.c', + 'journald-audit.h', + 'journald-console.c', + 'journald-console.h', + 'journald-context.c', + 'journald-context.h', + 'journald-file.c', + 'journald-file.h', + 'journald-kmsg.c', + 'journald-kmsg.h', + 'journald-native.c', + 'journald-native.h', + 'journald-rate-limit.c', + 'journald-rate-limit.h', + 'journald-server.c', + 'journald-server.h', + 'journald-stream.c', + 'journald-stream.h', + 'journald-syslog.c', + 'journald-syslog.h', + 'journald-wall.c', + 'journald-wall.h') sources += custom_target( 'journald-gperf.c', @@ -40,16 +39,13 @@ libjournal_core = static_library( journal_includes = [includes, include_directories('.')] -systemd_journald_sources = files(''' - journald.c - journald-server.h -'''.split()) +systemd_journald_sources = files( + 'journald.c', + 'journald-server.h') systemd_cat_sources = files('cat.c') -journalctl_sources = files(''' - journalctl.c -'''.split()) +journalctl_sources = files('journalctl.c') if install_sysconfdir_samples install_data('journald.conf', diff --git a/src/libsystemd-network/meson.build b/src/libsystemd-network/meson.build index a7838cdaa1d..8ae79d0bf9d 100644 --- a/src/libsystemd-network/meson.build +++ b/src/libsystemd-network/meson.build @@ -1,50 +1,49 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -sources = files(''' - arp-util.c - arp-util.h - dhcp-client-internal.h - dhcp-identifier.c - dhcp-identifier.h - dhcp-internal.h - dhcp-lease-internal.h - dhcp-network.c - dhcp-option.c - dhcp-packet.c - dhcp-protocol.h - dhcp-server-internal.h - dhcp6-internal.h - dhcp6-lease-internal.h - dhcp6-network.c - dhcp6-option.c - dhcp6-protocol.h - icmp6-util.c - icmp6-util.h - lldp-neighbor.c - lldp-neighbor.h - lldp-network.c - lldp-network.h - lldp-rx-internal.h - ndisc-internal.h - ndisc-router.c - ndisc-router.h - network-common.c - network-common.h - network-internal.c - network-internal.h - radv-internal.h - sd-dhcp-client.c - sd-dhcp-lease.c - sd-dhcp-server.c - sd-dhcp6-client.c - sd-dhcp6-lease.c - sd-ipv4acd.c - sd-ipv4ll.c - sd-lldp-rx.c - sd-lldp-tx.c - sd-ndisc.c - sd-radv.c -'''.split()) +sources = files( + 'arp-util.c', + 'arp-util.h', + 'dhcp-client-internal.h', + 'dhcp-identifier.c', + 'dhcp-identifier.h', + 'dhcp-internal.h', + 'dhcp-lease-internal.h', + 'dhcp-network.c', + 'dhcp-option.c', + 'dhcp-packet.c', + 'dhcp-protocol.h', + 'dhcp-server-internal.h', + 'dhcp6-internal.h', + 'dhcp6-lease-internal.h', + 'dhcp6-network.c', + 'dhcp6-option.c', + 'dhcp6-protocol.h', + 'icmp6-util.c', + 'icmp6-util.h', + 'lldp-neighbor.c', + 'lldp-neighbor.h', + 'lldp-network.c', + 'lldp-network.h', + 'lldp-rx-internal.h', + 'ndisc-internal.h', + 'ndisc-router.c', + 'ndisc-router.h', + 'network-common.c', + 'network-common.h', + 'network-internal.c', + 'network-internal.h', + 'radv-internal.h', + 'sd-dhcp-client.c', + 'sd-dhcp-lease.c', + 'sd-dhcp-server.c', + 'sd-dhcp6-client.c', + 'sd-dhcp6-lease.c', + 'sd-ipv4acd.c', + 'sd-ipv4ll.c', + 'sd-lldp-rx.c', + 'sd-lldp-tx.c', + 'sd-ndisc.c', + 'sd-radv.c') libsystemd_network = static_library( 'systemd-network', diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build index 1bb65984060..56c54491e44 100644 --- a/src/libsystemd/meson.build +++ b/src/libsystemd/meson.build @@ -56,11 +56,10 @@ sd_journal_sources += [audit_type_to_name] ############################################################ -id128_sources = files(''' - sd-id128/id128-util.c - sd-id128/id128-util.h - sd-id128/sd-id128.c -'''.split()) +id128_sources = files( + 'sd-id128/id128-util.c', + 'sd-id128/id128-util.h', + 'sd-id128/sd-id128.c') ############################################################ @@ -68,12 +67,11 @@ sd_daemon_sources = files('sd-daemon/sd-daemon.c') ############################################################ -sd_event_sources = files(''' - sd-event/event-source.h - sd-event/event-util.c - sd-event/event-util.h - sd-event/sd-event.c -'''.split()) +sd_event_sources = files( + 'sd-event/event-source.h', + 'sd-event/event-util.c', + 'sd-event/event-util.h', + 'sd-event/sd-event.c') ############################################################ @@ -81,84 +79,84 @@ sd_login_sources = files('sd-login/sd-login.c') ############################################################ -libsystemd_sources = files(''' - sd-bus/bus-common-errors.c - sd-bus/bus-common-errors.h - sd-bus/bus-container.c - sd-bus/bus-container.h - sd-bus/bus-control.c - sd-bus/bus-control.h - sd-bus/bus-convenience.c - sd-bus/bus-creds.c - sd-bus/bus-creds.h - sd-bus/bus-dump.c - sd-bus/bus-dump.h - sd-bus/bus-error.c - sd-bus/bus-error.h - sd-bus/bus-gvariant.c - sd-bus/bus-gvariant.h - sd-bus/bus-internal.c - sd-bus/bus-internal.h - sd-bus/bus-introspect.c - sd-bus/bus-introspect.h - sd-bus/bus-kernel.c - sd-bus/bus-kernel.h - sd-bus/bus-match.c - sd-bus/bus-match.h - sd-bus/bus-message.c - sd-bus/bus-message.h - sd-bus/bus-objects.c - sd-bus/bus-objects.h - sd-bus/bus-protocol.h - sd-bus/bus-signature.c - sd-bus/bus-signature.h - sd-bus/bus-slot.c - sd-bus/bus-slot.h - sd-bus/bus-socket.c - sd-bus/bus-socket.h - sd-bus/bus-track.c - sd-bus/bus-track.h - sd-bus/bus-type.c - sd-bus/bus-type.h - sd-bus/sd-bus.c - sd-device/device-enumerator-private.h - sd-device/device-enumerator.c - sd-device/device-internal.h - sd-device/device-monitor-private.h - sd-device/device-monitor.c - sd-device/device-private.c - sd-device/device-private.h - sd-device/device-util.c - sd-device/device-util.h - sd-device/sd-device.c - sd-hwdb/hwdb-internal.h - sd-hwdb/sd-hwdb.c - sd-netlink/netlink-genl.c - sd-netlink/netlink-genl.h - sd-netlink/netlink-internal.h - sd-netlink/netlink-message-nfnl.c - sd-netlink/netlink-message-rtnl.c - sd-netlink/netlink-message.c - sd-netlink/netlink-slot.c - sd-netlink/netlink-slot.h - sd-netlink/netlink-socket.c - sd-netlink/netlink-types-genl.c - sd-netlink/netlink-types-internal.h - sd-netlink/netlink-types-nfnl.c - sd-netlink/netlink-types-rtnl.c - sd-netlink/netlink-types.c - sd-netlink/netlink-types.h - sd-netlink/netlink-util.c - sd-netlink/netlink-util.h - sd-netlink/sd-netlink.c - sd-network/network-util.c - sd-network/network-util.h - sd-network/sd-network.c - sd-path/sd-path.c - sd-resolve/resolve-private.h - sd-resolve/sd-resolve.c - sd-utf8/sd-utf8.c -'''.split()) + sd_journal_sources + id128_sources + sd_daemon_sources + sd_event_sources + sd_login_sources +libsystemd_sources = files( + 'sd-bus/bus-common-errors.c', + 'sd-bus/bus-common-errors.h', + 'sd-bus/bus-container.c', + 'sd-bus/bus-container.h', + 'sd-bus/bus-control.c', + 'sd-bus/bus-control.h', + 'sd-bus/bus-convenience.c', + 'sd-bus/bus-creds.c', + 'sd-bus/bus-creds.h', + 'sd-bus/bus-dump.c', + 'sd-bus/bus-dump.h', + 'sd-bus/bus-error.c', + 'sd-bus/bus-error.h', + 'sd-bus/bus-gvariant.c', + 'sd-bus/bus-gvariant.h', + 'sd-bus/bus-internal.c', + 'sd-bus/bus-internal.h', + 'sd-bus/bus-introspect.c', + 'sd-bus/bus-introspect.h', + 'sd-bus/bus-kernel.c', + 'sd-bus/bus-kernel.h', + 'sd-bus/bus-match.c', + 'sd-bus/bus-match.h', + 'sd-bus/bus-message.c', + 'sd-bus/bus-message.h', + 'sd-bus/bus-objects.c', + 'sd-bus/bus-objects.h', + 'sd-bus/bus-protocol.h', + 'sd-bus/bus-signature.c', + 'sd-bus/bus-signature.h', + 'sd-bus/bus-slot.c', + 'sd-bus/bus-slot.h', + 'sd-bus/bus-socket.c', + 'sd-bus/bus-socket.h', + 'sd-bus/bus-track.c', + 'sd-bus/bus-track.h', + 'sd-bus/bus-type.c', + 'sd-bus/bus-type.h', + 'sd-bus/sd-bus.c', + 'sd-device/device-enumerator-private.h', + 'sd-device/device-enumerator.c', + 'sd-device/device-internal.h', + 'sd-device/device-monitor-private.h', + 'sd-device/device-monitor.c', + 'sd-device/device-private.c', + 'sd-device/device-private.h', + 'sd-device/device-util.c', + 'sd-device/device-util.h', + 'sd-device/sd-device.c', + 'sd-hwdb/hwdb-internal.h', + 'sd-hwdb/sd-hwdb.c', + 'sd-netlink/netlink-genl.c', + 'sd-netlink/netlink-genl.h', + 'sd-netlink/netlink-internal.h', + 'sd-netlink/netlink-message-nfnl.c', + 'sd-netlink/netlink-message-rtnl.c', + 'sd-netlink/netlink-message.c', + 'sd-netlink/netlink-slot.c', + 'sd-netlink/netlink-slot.h', + 'sd-netlink/netlink-socket.c', + 'sd-netlink/netlink-types-genl.c', + 'sd-netlink/netlink-types-internal.h', + 'sd-netlink/netlink-types-nfnl.c', + 'sd-netlink/netlink-types-rtnl.c', + 'sd-netlink/netlink-types.c', + 'sd-netlink/netlink-types.h', + 'sd-netlink/netlink-util.c', + 'sd-netlink/netlink-util.h', + 'sd-netlink/sd-netlink.c', + 'sd-network/network-util.c', + 'sd-network/network-util.h', + 'sd-network/sd-network.c', + 'sd-path/sd-path.c', + 'sd-resolve/resolve-private.h', + 'sd-resolve/sd-resolve.c', + 'sd-utf8/sd-utf8.c', +) + sd_journal_sources + id128_sources + sd_daemon_sources + sd_event_sources + sd_login_sources disable_mempool_c = files('disable-mempool.c') diff --git a/src/locale/meson.build b/src/locale/meson.build index a2ff2a98736..2b9cfba893d 100644 --- a/src/locale/meson.build +++ b/src/locale/meson.build @@ -1,10 +1,9 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_localed_sources = files(''' - localed.c - keymap-util.c - keymap-util.h -'''.split()) +systemd_localed_sources = files( + 'localed.c', + 'keymap-util.c', + 'keymap-util.h') localectl_sources = files('localectl.c') diff --git a/src/login/meson.build b/src/login/meson.build index a78c2bc2dd6..329d83d10ce 100644 --- a/src/login/meson.build +++ b/src/login/meson.build @@ -1,9 +1,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_logind_sources = files(''' - logind.c - logind.h -'''.split()) +systemd_logind_sources = files( + 'logind.c', + 'logind.h') logind_gperf_c = custom_target( 'logind_gperf.c', @@ -11,38 +10,37 @@ logind_gperf_c = custom_target( output : 'logind-gperf.c', command : [gperf, '@INPUT@', '--output-file', '@OUTPUT@']) -liblogind_core_sources = files(''' - logind-action.c - logind-action.h - logind-brightness.c - logind-brightness.h - logind-button.c - logind-button.h - logind-core.c - logind-dbus.c - logind-dbus.h - logind-device.c - logind-device.h - logind-inhibit.c - logind-inhibit.h - logind-polkit.c - logind-polkit.h - logind-seat-dbus.c - logind-seat-dbus.h - logind-seat.c - logind-seat.h - logind-session-dbus.c - logind-session-dbus.h - logind-session-device.c - logind-session-device.h - logind-session.c - logind-session.h - logind-user-dbus.c - logind-user-dbus.h - logind-user.c - logind-user.h - logind-utmp.c -'''.split()) +liblogind_core_sources = files( + 'logind-action.c', + 'logind-action.h', + 'logind-brightness.c', + 'logind-brightness.h', + 'logind-button.c', + 'logind-button.h', + 'logind-core.c', + 'logind-dbus.c', + 'logind-dbus.h', + 'logind-device.c', + 'logind-device.h', + 'logind-inhibit.c', + 'logind-inhibit.h', + 'logind-polkit.c', + 'logind-polkit.h', + 'logind-seat-dbus.c', + 'logind-seat-dbus.h', + 'logind-seat.c', + 'logind-seat.h', + 'logind-session-dbus.c', + 'logind-session-dbus.h', + 'logind-session-device.c', + 'logind-session-device.h', + 'logind-session.c', + 'logind-session.h', + 'logind-user-dbus.c', + 'logind-user-dbus.h', + 'logind-user.c', + 'logind-user.h', + 'logind-utmp.c') liblogind_core_sources += [logind_gperf_c] @@ -53,15 +51,12 @@ liblogind_core = static_library( dependencies : libacl, build_by_default : false) -loginctl_sources = files(''' - loginctl.c - sysfs-show.h - sysfs-show.c -'''.split()) +loginctl_sources = files( + 'loginctl.c', + 'sysfs-show.h', + 'sysfs-show.c') -user_runtime_dir_sources = files(''' - user-runtime-dir.c -'''.split()) +user_runtime_dir_sources = files('user-runtime-dir.c') pam_systemd_sym = 'src/login/pam_systemd.sym' pam_systemd_c = files('pam_systemd.c') diff --git a/src/machine/meson.build b/src/machine/meson.build index ef858a5988f..a59ac55e63d 100644 --- a/src/machine/meson.build +++ b/src/machine/meson.build @@ -1,24 +1,22 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_machined_sources = files(''' - machined.c - machined.h -'''.split()) +systemd_machined_sources = files( + 'machined.c', + 'machined.h') -libmachine_core_sources = files(''' - image-dbus.c - image-dbus.h - machine-dbus.c - machine-dbus.h - machine.c - machine.h - machined-core.c - machined-dbus.c - machined-varlink.c - machined-varlink.h - operation.c - operation.h -'''.split()) +libmachine_core_sources = files( + 'image-dbus.c', + 'image-dbus.h', + 'machine-dbus.c', + 'machine-dbus.h', + 'machine.c', + 'machine.h', + 'machined-core.c', + 'machined-dbus.c', + 'machined-varlink.c', + 'machined-varlink.h', + 'operation.c', + 'operation.h') libmachine_core = static_library( 'machine-core', diff --git a/src/network/meson.build b/src/network/meson.build index 5857439c5ab..f867de01bc9 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -1,207 +1,204 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -sources = files(''' - netdev/bareudp.c - netdev/bareudp.h - netdev/batadv.c - netdev/batadv.h - netdev/bond.c - netdev/bond.h - netdev/bridge.c - netdev/bridge.h - netdev/dummy.c - netdev/dummy.h - netdev/ifb.c - netdev/ifb.h - netdev/ipoib.c - netdev/ipoib.h - netdev/ipvlan.c - netdev/ipvlan.h - netdev/macvlan.c - netdev/macvlan.h - netdev/netdev.c - netdev/netdev.h - netdev/nlmon.c - netdev/nlmon.h - netdev/tunnel.c - netdev/tunnel.h - netdev/tuntap.c - netdev/tuntap.h - netdev/vcan.c - netdev/vcan.h - netdev/veth.c - netdev/veth.h - netdev/vlan.c - netdev/vlan.h - netdev/vrf.c - netdev/vrf.h - netdev/vxlan.c - netdev/vxlan.h - netdev/geneve.c - netdev/geneve.h - netdev/vxcan.c - netdev/vxcan.h - netdev/wireguard.c - netdev/wireguard.h - netdev/netdevsim.c - netdev/netdevsim.h - netdev/fou-tunnel.c - netdev/fou-tunnel.h - netdev/l2tp-tunnel.c - netdev/l2tp-tunnel.h - netdev/macsec.c - netdev/macsec.h - netdev/xfrm.c - netdev/xfrm.h - networkd-address-generation.c - networkd-address-generation.h - networkd-address-label.c - networkd-address-label.h - networkd-address-pool.c - networkd-address-pool.h - networkd-address.c - networkd-address.h - networkd-bridge-fdb.c - networkd-bridge-fdb.h - networkd-bridge-mdb.c - networkd-bridge-mdb.h - networkd-bridge-vlan.c - networkd-bridge-vlan.h - networkd-can.c - networkd-can.h - networkd-conf.c - networkd-conf.h - networkd-dhcp-common.c - networkd-dhcp-common.h - networkd-dhcp-prefix-delegation.c - networkd-dhcp-prefix-delegation.h - networkd-dhcp-server-bus.c - networkd-dhcp-server-bus.h - networkd-dhcp-server-static-lease.c - networkd-dhcp-server-static-lease.h - networkd-dhcp-server.c - networkd-dhcp-server.h - networkd-dhcp4.c - networkd-dhcp4.h - networkd-dhcp6.c - networkd-dhcp6.h - networkd-ipv4acd.c - networkd-ipv4acd.h - networkd-ipv4ll.c - networkd-ipv4ll.h - networkd-ipv6-proxy-ndp.c - networkd-ipv6-proxy-ndp.h - networkd-json.c - networkd-json.h - networkd-link-bus.c - networkd-link-bus.h - networkd-link.c - networkd-link.h - networkd-lldp-rx.c - networkd-lldp-rx.h - networkd-lldp-tx.c - networkd-lldp-tx.h - networkd-manager-bus.c - networkd-manager-bus.h - networkd-manager.c - networkd-manager.h - networkd-ndisc.c - networkd-ndisc.h - networkd-neighbor.c - networkd-neighbor.h - networkd-radv.c - networkd-radv.h - networkd-network-bus.c - networkd-network-bus.h - networkd-network.c - networkd-network.h - networkd-nexthop.c - networkd-nexthop.h - networkd-queue.c - networkd-queue.h - networkd-route-util.c - networkd-route-util.h - networkd-route.c - networkd-route.h - networkd-routing-policy-rule.c - networkd-routing-policy-rule.h - networkd-setlink.c - networkd-setlink.h - networkd-speed-meter.c - networkd-speed-meter.h - networkd-sriov.c - networkd-sriov.h - networkd-state-file.c - networkd-state-file.h - networkd-sysctl.c - networkd-sysctl.h - networkd-util.c - networkd-util.h - networkd-wifi.c - networkd-wifi.h - tc/cake.c - tc/cake.h - tc/codel.c - tc/codel.h - tc/drr.c - tc/drr.h - tc/ets.c - tc/ets.h - tc/fifo.c - tc/fifo.h - tc/fq.c - tc/fq.h - tc/fq-codel.c - tc/fq-codel.h - tc/fq-pie.c - tc/fq-pie.h - tc/gred.c - tc/gred.h - tc/hhf.c - tc/hhf.h - tc/htb.c - tc/htb.h - tc/netem.c - tc/netem.h - tc/pie.c - tc/pie.h - tc/qdisc.c - tc/qdisc.h - tc/qfq.c - tc/qfq.h - tc/sfb.c - tc/sfb.h - tc/sfq.c - tc/sfq.h - tc/tbf.c - tc/tbf.h - tc/tc-util.c - tc/tc-util.h - tc/tc.c - tc/tc.h - tc/tclass.c - tc/tclass.h - tc/teql.c - tc/teql.h -'''.split()) +sources = files( + 'netdev/bareudp.c', + 'netdev/bareudp.h', + 'netdev/batadv.c', + 'netdev/batadv.h', + 'netdev/bond.c', + 'netdev/bond.h', + 'netdev/bridge.c', + 'netdev/bridge.h', + 'netdev/dummy.c', + 'netdev/dummy.h', + 'netdev/ifb.c', + 'netdev/ifb.h', + 'netdev/ipoib.c', + 'netdev/ipoib.h', + 'netdev/ipvlan.c', + 'netdev/ipvlan.h', + 'netdev/macvlan.c', + 'netdev/macvlan.h', + 'netdev/netdev.c', + 'netdev/netdev.h', + 'netdev/nlmon.c', + 'netdev/nlmon.h', + 'netdev/tunnel.c', + 'netdev/tunnel.h', + 'netdev/tuntap.c', + 'netdev/tuntap.h', + 'netdev/vcan.c', + 'netdev/vcan.h', + 'netdev/veth.c', + 'netdev/veth.h', + 'netdev/vlan.c', + 'netdev/vlan.h', + 'netdev/vrf.c', + 'netdev/vrf.h', + 'netdev/vxlan.c', + 'netdev/vxlan.h', + 'netdev/geneve.c', + 'netdev/geneve.h', + 'netdev/vxcan.c', + 'netdev/vxcan.h', + 'netdev/wireguard.c', + 'netdev/wireguard.h', + 'netdev/netdevsim.c', + 'netdev/netdevsim.h', + 'netdev/fou-tunnel.c', + 'netdev/fou-tunnel.h', + 'netdev/l2tp-tunnel.c', + 'netdev/l2tp-tunnel.h', + 'netdev/macsec.c', + 'netdev/macsec.h', + 'netdev/xfrm.c', + 'netdev/xfrm.h', + 'networkd-address-generation.c', + 'networkd-address-generation.h', + 'networkd-address-label.c', + 'networkd-address-label.h', + 'networkd-address-pool.c', + 'networkd-address-pool.h', + 'networkd-address.c', + 'networkd-address.h', + 'networkd-bridge-fdb.c', + 'networkd-bridge-fdb.h', + 'networkd-bridge-mdb.c', + 'networkd-bridge-mdb.h', + 'networkd-bridge-vlan.c', + 'networkd-bridge-vlan.h', + 'networkd-can.c', + 'networkd-can.h', + 'networkd-conf.c', + 'networkd-conf.h', + 'networkd-dhcp-common.c', + 'networkd-dhcp-common.h', + 'networkd-dhcp-prefix-delegation.c', + 'networkd-dhcp-prefix-delegation.h', + 'networkd-dhcp-server-bus.c', + 'networkd-dhcp-server-bus.h', + 'networkd-dhcp-server-static-lease.c', + 'networkd-dhcp-server-static-lease.h', + 'networkd-dhcp-server.c', + 'networkd-dhcp-server.h', + 'networkd-dhcp4.c', + 'networkd-dhcp4.h', + 'networkd-dhcp6.c', + 'networkd-dhcp6.h', + 'networkd-ipv4acd.c', + 'networkd-ipv4acd.h', + 'networkd-ipv4ll.c', + 'networkd-ipv4ll.h', + 'networkd-ipv6-proxy-ndp.c', + 'networkd-ipv6-proxy-ndp.h', + 'networkd-json.c', + 'networkd-json.h', + 'networkd-link-bus.c', + 'networkd-link-bus.h', + 'networkd-link.c', + 'networkd-link.h', + 'networkd-lldp-rx.c', + 'networkd-lldp-rx.h', + 'networkd-lldp-tx.c', + 'networkd-lldp-tx.h', + 'networkd-manager-bus.c', + 'networkd-manager-bus.h', + 'networkd-manager.c', + 'networkd-manager.h', + 'networkd-ndisc.c', + 'networkd-ndisc.h', + 'networkd-neighbor.c', + 'networkd-neighbor.h', + 'networkd-radv.c', + 'networkd-radv.h', + 'networkd-network-bus.c', + 'networkd-network-bus.h', + 'networkd-network.c', + 'networkd-network.h', + 'networkd-nexthop.c', + 'networkd-nexthop.h', + 'networkd-queue.c', + 'networkd-queue.h', + 'networkd-route-util.c', + 'networkd-route-util.h', + 'networkd-route.c', + 'networkd-route.h', + 'networkd-routing-policy-rule.c', + 'networkd-routing-policy-rule.h', + 'networkd-setlink.c', + 'networkd-setlink.h', + 'networkd-speed-meter.c', + 'networkd-speed-meter.h', + 'networkd-sriov.c', + 'networkd-sriov.h', + 'networkd-state-file.c', + 'networkd-state-file.h', + 'networkd-sysctl.c', + 'networkd-sysctl.h', + 'networkd-util.c', + 'networkd-util.h', + 'networkd-wifi.c', + 'networkd-wifi.h', + 'tc/cake.c', + 'tc/cake.h', + 'tc/codel.c', + 'tc/codel.h', + 'tc/drr.c', + 'tc/drr.h', + 'tc/ets.c', + 'tc/ets.h', + 'tc/fifo.c', + 'tc/fifo.h', + 'tc/fq.c', + 'tc/fq.h', + 'tc/fq-codel.c', + 'tc/fq-codel.h', + 'tc/fq-pie.c', + 'tc/fq-pie.h', + 'tc/gred.c', + 'tc/gred.h', + 'tc/hhf.c', + 'tc/hhf.h', + 'tc/htb.c', + 'tc/htb.h', + 'tc/netem.c', + 'tc/netem.h', + 'tc/pie.c', + 'tc/pie.h', + 'tc/qdisc.c', + 'tc/qdisc.h', + 'tc/qfq.c', + 'tc/qfq.h', + 'tc/sfb.c', + 'tc/sfb.h', + 'tc/sfq.c', + 'tc/sfq.h', + 'tc/tbf.c', + 'tc/tbf.h', + 'tc/tc-util.c', + 'tc/tc-util.h', + 'tc/tc.c', + 'tc/tc.h', + 'tc/tclass.c', + 'tc/tclass.h', + 'tc/teql.c', + 'tc/teql.h') systemd_networkd_sources = files('networkd.c') -systemd_networkd_wait_online_sources = files(''' - wait-online/link.c - wait-online/link.h - wait-online/manager.c - wait-online/manager.h - wait-online/wait-online.c -'''.split()) +systemd_networkd_wait_online_sources = files( + 'wait-online/link.c', + 'wait-online/link.h', + 'wait-online/manager.c', + 'wait-online/manager.h', + 'wait-online/wait-online.c') networkctl_sources = files('networkctl.c') -network_generator_sources = files(''' - generator/main.c - generator/network-generator.c - generator/network-generator.h -'''.split()) +network_generator_sources = files( + 'generator/main.c', + 'generator/network-generator.c', + 'generator/network-generator.h') sources += custom_target( 'networkd-gperf.c', diff --git a/src/nspawn/meson.build b/src/nspawn/meson.build index 11ac404e999..38c31f6f883 100644 --- a/src/nspawn/meson.build +++ b/src/nspawn/meson.build @@ -1,35 +1,34 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -libnspawn_core_sources = files(''' - nspawn-bind-user.c - nspawn-bind-user.h - nspawn-cgroup.c - nspawn-cgroup.h - nspawn-creds.c - nspawn-creds.h - nspawn-def.h - nspawn-expose-ports.c - nspawn-expose-ports.h - nspawn-mount.c - nspawn-mount.h - nspawn-network.c - nspawn-network.h - nspawn-oci.c - nspawn-oci.h - nspawn-patch-uid.c - nspawn-patch-uid.h - nspawn-register.c - nspawn-register.h - nspawn-seccomp.c - nspawn-seccomp.h - nspawn-settings.c - nspawn-settings.h - nspawn-setuid.c - nspawn-setuid.h - nspawn-stub-pid1.c - nspawn-stub-pid1.h - nspawn.h -'''.split()) +libnspawn_core_sources = files( + 'nspawn-bind-user.c', + 'nspawn-bind-user.h', + 'nspawn-cgroup.c', + 'nspawn-cgroup.h', + 'nspawn-creds.c', + 'nspawn-creds.h', + 'nspawn-def.h', + 'nspawn-expose-ports.c', + 'nspawn-expose-ports.h', + 'nspawn-mount.c', + 'nspawn-mount.h', + 'nspawn-network.c', + 'nspawn-network.h', + 'nspawn-oci.c', + 'nspawn-oci.h', + 'nspawn-patch-uid.c', + 'nspawn-patch-uid.h', + 'nspawn-register.c', + 'nspawn-register.h', + 'nspawn-seccomp.c', + 'nspawn-seccomp.h', + 'nspawn-settings.c', + 'nspawn-settings.h', + 'nspawn-setuid.c', + 'nspawn-setuid.h', + 'nspawn-stub-pid1.c', + 'nspawn-stub-pid1.h', + 'nspawn.h') nspawn_gperf_c = custom_target( 'nspawn-gperf.c', diff --git a/src/oom/meson.build b/src/oom/meson.build index 4e1c8543c8c..83d42878fc7 100644 --- a/src/oom/meson.build +++ b/src/oom/meson.build @@ -1,18 +1,15 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_oomd_sources = files(''' - oomd-manager-bus.c - oomd-manager-bus.h - oomd-manager.c - oomd-manager.h - oomd-util.c - oomd-util.h - oomd.c -'''.split()) +systemd_oomd_sources = files( + 'oomd-manager-bus.c', + 'oomd-manager-bus.h', + 'oomd-manager.c', + 'oomd-manager.h', + 'oomd-util.c', + 'oomd-util.h', + 'oomd.c') -oomctl_sources = files(''' - oomctl.c -'''.split()) +oomctl_sources = files('oomctl.c') if conf.get('ENABLE_OOMD') == 1 install_data('org.freedesktop.oom1.conf', diff --git a/src/partition/meson.build b/src/partition/meson.build index d2729daba4e..5422fdd5750 100644 --- a/src/partition/meson.build +++ b/src/partition/meson.build @@ -1,7 +1,5 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_repart_sources = files(''' - repart.c -'''.split()) +systemd_repart_sources = files('repart.c') test_repart_sh = find_program('test-repart.sh') diff --git a/src/portable/meson.build b/src/portable/meson.build index de82f5bff7f..65ba74bc6f6 100644 --- a/src/portable/meson.build +++ b/src/portable/meson.build @@ -1,18 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_portabled_sources = files(''' - portable.c - portable.h - portabled-bus.c - portabled-image-bus.c - portabled-image-bus.h - portabled-image.c - portabled-image.h - portabled-operation.c - portabled-operation.h - portabled.c - portabled.h -'''.split()) +systemd_portabled_sources = files( + 'portable.c', + 'portable.h', + 'portabled-bus.c', + 'portabled-image-bus.c', + 'portabled-image-bus.h', + 'portabled-image.c', + 'portabled-image.h', + 'portabled-operation.c', + 'portabled-operation.h', + 'portabled.c', + 'portabled.h') if conf.get('ENABLE_PORTABLED') == 1 install_data('org.freedesktop.portable1.conf', diff --git a/src/pstore/meson.build b/src/pstore/meson.build index 8e01af751c9..76b656a4b8a 100644 --- a/src/pstore/meson.build +++ b/src/pstore/meson.build @@ -1,8 +1,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_pstore_sources = files(''' - pstore.c -'''.split()) +systemd_pstore_sources = files('pstore.c') if conf.get('ENABLE_PSTORE') == 1 and install_sysconfdir_samples install_data('pstore.conf', diff --git a/src/resolve/meson.build b/src/resolve/meson.build index 2cdf24b1cbe..a30d8fd8515 100644 --- a/src/resolve/meson.build +++ b/src/resolve/meson.build @@ -2,83 +2,80 @@ resolve_includes = [includes, include_directories('.')] -basic_dns_sources = files(''' - resolved-dns-dnssec.c - resolved-dns-dnssec.h - resolved-dns-packet.c - resolved-dns-packet.h - resolved-dns-rr.c - resolved-dns-rr.h - resolved-dns-answer.c - resolved-dns-answer.h - resolved-dns-question.c - resolved-dns-question.h - resolved-util.c - resolved-util.h - dns-type.c - dns-type.h -'''.split()) - -systemd_resolved_sources = files(''' - resolved-bus.c - resolved-bus.h - resolved-conf.c - resolved-conf.h - resolved-def.h - resolved-dns-cache.c - resolved-dns-cache.h - resolved-dns-query.c - resolved-dns-query.h - resolved-dns-scope.c - resolved-dns-scope.h - resolved-dns-search-domain.c - resolved-dns-search-domain.h - resolved-dns-server.c - resolved-dns-server.h - resolved-dns-stream.c - resolved-dns-stream.h - resolved-dns-stub.c - resolved-dns-stub.h - resolved-dns-synthesize.c - resolved-dns-synthesize.h - resolved-dns-transaction.c - resolved-dns-transaction.h - resolved-dns-trust-anchor.c - resolved-dns-trust-anchor.h - resolved-dns-zone.c - resolved-dns-zone.h - resolved-dnssd-bus.c - resolved-dnssd-bus.h - resolved-dnssd.c - resolved-dnssd.h - resolved-dnstls.h - resolved-etc-hosts.c - resolved-etc-hosts.h - resolved-link-bus.c - resolved-link-bus.h - resolved-link.c - resolved-link.h - resolved-llmnr.c - resolved-llmnr.h - resolved-manager.c - resolved-manager.h - resolved-mdns.c - resolved-mdns.h - resolved-resolv-conf.c - resolved-resolv-conf.h - resolved-socket-graveyard.c - resolved-socket-graveyard.h - resolved-varlink.c - resolved-varlink.h - resolved.c -'''.split()) - -resolvectl_sources = files(''' - resolvconf-compat.c - resolvconf-compat.h - resolvectl.c - resolvectl.h -'''.split()) +basic_dns_sources = files( + 'resolved-dns-dnssec.c', + 'resolved-dns-dnssec.h', + 'resolved-dns-packet.c', + 'resolved-dns-packet.h', + 'resolved-dns-rr.c', + 'resolved-dns-rr.h', + 'resolved-dns-answer.c', + 'resolved-dns-answer.h', + 'resolved-dns-question.c', + 'resolved-dns-question.h', + 'resolved-util.c', + 'resolved-util.h', + 'dns-type.c', + 'dns-type.h') + +systemd_resolved_sources = files( + 'resolved-bus.c', + 'resolved-bus.h', + 'resolved-conf.c', + 'resolved-conf.h', + 'resolved-def.h', + 'resolved-dns-cache.c', + 'resolved-dns-cache.h', + 'resolved-dns-query.c', + 'resolved-dns-query.h', + 'resolved-dns-scope.c', + 'resolved-dns-scope.h', + 'resolved-dns-search-domain.c', + 'resolved-dns-search-domain.h', + 'resolved-dns-server.c', + 'resolved-dns-server.h', + 'resolved-dns-stream.c', + 'resolved-dns-stream.h', + 'resolved-dns-stub.c', + 'resolved-dns-stub.h', + 'resolved-dns-synthesize.c', + 'resolved-dns-synthesize.h', + 'resolved-dns-transaction.c', + 'resolved-dns-transaction.h', + 'resolved-dns-trust-anchor.c', + 'resolved-dns-trust-anchor.h', + 'resolved-dns-zone.c', + 'resolved-dns-zone.h', + 'resolved-dnssd-bus.c', + 'resolved-dnssd-bus.h', + 'resolved-dnssd.c', + 'resolved-dnssd.h', + 'resolved-dnstls.h', + 'resolved-etc-hosts.c', + 'resolved-etc-hosts.h', + 'resolved-link-bus.c', + 'resolved-link-bus.h', + 'resolved-link.c', + 'resolved-link.h', + 'resolved-llmnr.c', + 'resolved-llmnr.h', + 'resolved-manager.c', + 'resolved-manager.h', + 'resolved-mdns.c', + 'resolved-mdns.h', + 'resolved-resolv-conf.c', + 'resolved-resolv-conf.h', + 'resolved-socket-graveyard.c', + 'resolved-socket-graveyard.h', + 'resolved-varlink.c', + 'resolved-varlink.h', + 'resolved.c') + +resolvectl_sources = files( + 'resolvconf-compat.c', + 'resolvconf-compat.h', + 'resolvectl.c', + 'resolvectl.h') ############################################################ diff --git a/src/shared/meson.build b/src/shared/meson.build index 006310a9171..67e2892c0b9 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -1,344 +1,342 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -shared_sources = files(''' - acl-util.h - acpi-fpdt.c - acpi-fpdt.h - apparmor-util.c - apparmor-util.h - ask-password-api.c - ask-password-api.h - barrier.c - barrier.h - base-filesystem.c - base-filesystem.h - binfmt-util.c - binfmt-util.h - bitmap.c - bitmap.h - blkid-util.h - blockdev-util.c - blockdev-util.h - bond-util.c - bond-util.h - boot-timestamps.c - boot-timestamps.h - bootspec.c - bootspec.h - bpf-dlopen.c - bpf-dlopen.h - bpf-program.c - bpf-program.h - bridge-util.c - bridge-util.h - btrfs-util.c - btrfs-util.h - bus-get-properties.c - bus-get-properties.h - bus-locator.c - bus-locator.h - bus-log-control-api.c - bus-log-control-api.h - bus-map-properties.c - bus-map-properties.h - bus-message-util.c - bus-message-util.h - bus-object.c - bus-object.h - bus-polkit.c - bus-polkit.h - bus-print-properties.c - bus-print-properties.h - bus-unit-procs.c - bus-unit-procs.h - bus-unit-util.c - bus-unit-util.h - bus-util.c - bus-util.h - bus-wait-for-jobs.c - bus-wait-for-jobs.h - bus-wait-for-units.c - bus-wait-for-units.h - calendarspec.c - calendarspec.h - cgroup-setup.c - cgroup-setup.h - cgroup-show.c - cgroup-show.h - chown-recursive.c - chown-recursive.h - clean-ipc.c - clean-ipc.h - clock-util.c - clock-util.h - condition.c - condition.h - conf-parser.c - conf-parser.h - copy.c - copy.h - coredump-util.c - coredump-util.h - cpu-set-util.c - cpu-set-util.h - creds-util.c - creds-util.h - cryptsetup-util.c - cryptsetup-util.h - daemon-util.h - data-fd-util.c - data-fd-util.h - dev-setup.c - dev-setup.h - device-nodes.c - device-nodes.h - devnode-acl.h - discover-image.c - discover-image.h - dissect-image.c - dissect-image.h - dlfcn-util.c - dlfcn-util.h - dm-util.c - dm-util.h - dns-domain.c - dns-domain.h - dropin.c - dropin.h - efi-loader.c - efi-loader.h - elf-util.c - elf-util.h - enable-mempool.c - env-file-label.c - env-file-label.h - ethtool-util.c - ethtool-util.h - exec-util.c - exec-util.h - exit-status.c - exit-status.h - extension-release.c - extension-release.h - fdisk-util.h - fdset.c - fdset.h - fileio-label.c - fileio-label.h - firewall-util-nft.c - firewall-util-private.h - firewall-util.c - firewall-util.h - format-table.c - format-table.h - fsck-util.h - fstab-util.c - fstab-util.h - generator.c - generator.h - geneve-util.c - geneve-util.h - gpt.c - gpt.h - group-record.c - group-record.h - hostname-setup.c - hostname-setup.h - hwdb-util.c - hwdb-util.h - id128-print.c - id128-print.h - idn-util.c - idn-util.h - ima-util.c - ima-util.h - import-util.c - import-util.h - in-addr-prefix-util.c - in-addr-prefix-util.h - initreq.h - install-file.c - install-file.h - install-printf.c - install-printf.h - install.c - install.h - ip-protocol-list.c - ip-protocol-list.h - ipvlan-util.c - ipvlan-util.h - journal-importer.c - journal-importer.h - journal-util.c - journal-util.h - json-internal.h - json.c - json.h - kbd-util.c - kbd-util.h - keyring-util.h - keyring-util.c - killall.c - killall.h - label.c - label.h - libcrypt-util.c - libcrypt-util.h - libfido2-util.c - libfido2-util.h - libmount-util.h - linux/auto_dev-ioctl.h - linux/bpf.h - linux/bpf_common.h - linux/bpf_insn.h - linux/dm-ioctl.h - linux/ethtool.h - local-addresses.c - local-addresses.h - lockfile-util.c - lockfile-util.h - log-link.h - logs-show.c - logs-show.h - loop-util.c - loop-util.h - loopback-setup.c - loopback-setup.h - machine-id-setup.c - machine-id-setup.h - machine-pool.c - machine-pool.h - macvlan-util.c - macvlan-util.h - main-func.h - mkdir-label.c - mkdir-label.h - mkfs-util.c - mkfs-util.h - module-util.h - mount-setup.c - mount-setup.h - mount-util.c - mount-util.h - net-condition.c - net-condition.h - netif-naming-scheme.c - netif-naming-scheme.h - netif-util.c - netif-util.h - nscd-flush.h - nsflags.c - nsflags.h - numa-util.c - numa-util.h - openssl-util.c - openssl-util.h - output-mode.c - output-mode.h - pager.c - pager.h - parse-argument.c - parse-argument.h - parse-socket-bind-item.c - parse-socket-bind-item.h - pcre2-dlopen.c - pcre2-dlopen.h - pe-header.h - pkcs11-util.c - pkcs11-util.h - pretty-print.c - pretty-print.h - psi-util.c - psi-util.h - ptyfwd.c - ptyfwd.h - pwquality-util.c - pwquality-util.h - qrcode-util.c - qrcode-util.h - quota-util.c - quota-util.h - reboot-util.c - reboot-util.h - resize-fs.c - resize-fs.h - resolve-util.c - resolve-util.h - rm-rf.c - rm-rf.h - seccomp-util.h - securebits-util.c - securebits-util.h - selinux-util.c - selinux-util.h - serialize.c - serialize.h - service-util.c - service-util.h - sleep-config.c - sleep-config.h - smack-util.c - smack-util.h - socket-label.c - socket-netlink.c - socket-netlink.h - spawn-ask-password-agent.c - spawn-ask-password-agent.h - spawn-polkit-agent.c - spawn-polkit-agent.h - specifier.c - specifier.h - switch-root.c - switch-root.h - tmpfile-util-label.c - tmpfile-util-label.h - tomoyo-util.c - tomoyo-util.h - tpm2-util.c - tpm2-util.h - udev-util.c - udev-util.h - uid-alloc-range.c - uid-alloc-range.h - uid-range.c - uid-range.h - user-record-nss.c - user-record-nss.h - user-record-show.c - user-record-show.h - user-record.c - user-record.h - userdb-dropin.c - userdb-dropin.h - userdb.c - userdb.h - utmp-wtmp.h - varlink.c - varlink.h - verb-log-control.c - verb-log-control.h - verbs.c - verbs.h - vlan-util.c - vlan-util.h - volatile-util.c - volatile-util.h - watchdog.c - watchdog.h - web-util.c - web-util.h - wifi-util.c - wifi-util.h - xml.c - xml.h -'''.split()) +shared_sources = files( + 'acl-util.h', + 'acpi-fpdt.c', + 'acpi-fpdt.h', + 'apparmor-util.c', + 'apparmor-util.h', + 'ask-password-api.c', + 'ask-password-api.h', + 'barrier.c', + 'barrier.h', + 'base-filesystem.c', + 'base-filesystem.h', + 'binfmt-util.c', + 'binfmt-util.h', + 'bitmap.c', + 'bitmap.h', + 'blkid-util.h', + 'blockdev-util.c', + 'blockdev-util.h', + 'bond-util.c', + 'bond-util.h', + 'boot-timestamps.c', + 'boot-timestamps.h', + 'bootspec.c', + 'bootspec.h', + 'bpf-dlopen.c', + 'bpf-dlopen.h', + 'bpf-program.c', + 'bpf-program.h', + 'bridge-util.c', + 'bridge-util.h', + 'btrfs-util.c', + 'btrfs-util.h', + 'bus-get-properties.c', + 'bus-get-properties.h', + 'bus-locator.c', + 'bus-locator.h', + 'bus-log-control-api.c', + 'bus-log-control-api.h', + 'bus-map-properties.c', + 'bus-map-properties.h', + 'bus-message-util.c', + 'bus-message-util.h', + 'bus-object.c', + 'bus-object.h', + 'bus-polkit.c', + 'bus-polkit.h', + 'bus-print-properties.c', + 'bus-print-properties.h', + 'bus-unit-procs.c', + 'bus-unit-procs.h', + 'bus-unit-util.c', + 'bus-unit-util.h', + 'bus-util.c', + 'bus-util.h', + 'bus-wait-for-jobs.c', + 'bus-wait-for-jobs.h', + 'bus-wait-for-units.c', + 'bus-wait-for-units.h', + 'calendarspec.c', + 'calendarspec.h', + 'cgroup-setup.c', + 'cgroup-setup.h', + 'cgroup-show.c', + 'cgroup-show.h', + 'chown-recursive.c', + 'chown-recursive.h', + 'clean-ipc.c', + 'clean-ipc.h', + 'clock-util.c', + 'clock-util.h', + 'condition.c', + 'condition.h', + 'conf-parser.c', + 'conf-parser.h', + 'copy.c', + 'copy.h', + 'coredump-util.c', + 'coredump-util.h', + 'cpu-set-util.c', + 'cpu-set-util.h', + 'creds-util.c', + 'creds-util.h', + 'cryptsetup-util.c', + 'cryptsetup-util.h', + 'daemon-util.h', + 'data-fd-util.c', + 'data-fd-util.h', + 'dev-setup.c', + 'dev-setup.h', + 'device-nodes.c', + 'device-nodes.h', + 'devnode-acl.h', + 'discover-image.c', + 'discover-image.h', + 'dissect-image.c', + 'dissect-image.h', + 'dlfcn-util.c', + 'dlfcn-util.h', + 'dm-util.c', + 'dm-util.h', + 'dns-domain.c', + 'dns-domain.h', + 'dropin.c', + 'dropin.h', + 'efi-loader.c', + 'efi-loader.h', + 'elf-util.c', + 'elf-util.h', + 'enable-mempool.c', + 'env-file-label.c', + 'env-file-label.h', + 'ethtool-util.c', + 'ethtool-util.h', + 'exec-util.c', + 'exec-util.h', + 'exit-status.c', + 'exit-status.h', + 'extension-release.c', + 'extension-release.h', + 'fdisk-util.h', + 'fdset.c', + 'fdset.h', + 'fileio-label.c', + 'fileio-label.h', + 'firewall-util-nft.c', + 'firewall-util-private.h', + 'firewall-util.c', + 'firewall-util.h', + 'format-table.c', + 'format-table.h', + 'fsck-util.h', + 'fstab-util.c', + 'fstab-util.h', + 'generator.c', + 'generator.h', + 'geneve-util.c', + 'geneve-util.h', + 'gpt.c', + 'gpt.h', + 'group-record.c', + 'group-record.h', + 'hostname-setup.c', + 'hostname-setup.h', + 'hwdb-util.c', + 'hwdb-util.h', + 'id128-print.c', + 'id128-print.h', + 'idn-util.c', + 'idn-util.h', + 'ima-util.c', + 'ima-util.h', + 'import-util.c', + 'import-util.h', + 'in-addr-prefix-util.c', + 'in-addr-prefix-util.h', + 'initreq.h', + 'install-file.c', + 'install-file.h', + 'install-printf.c', + 'install-printf.h', + 'install.c', + 'install.h', + 'ip-protocol-list.c', + 'ip-protocol-list.h', + 'ipvlan-util.c', + 'ipvlan-util.h', + 'journal-importer.c', + 'journal-importer.h', + 'journal-util.c', + 'journal-util.h', + 'json-internal.h', + 'json.c', + 'json.h', + 'kbd-util.c', + 'kbd-util.h', + 'keyring-util.h', + 'keyring-util.c', + 'killall.c', + 'killall.h', + 'label.c', + 'label.h', + 'libcrypt-util.c', + 'libcrypt-util.h', + 'libfido2-util.c', + 'libfido2-util.h', + 'libmount-util.h', + 'linux/auto_dev-ioctl.h', + 'linux/bpf.h', + 'linux/bpf_common.h', + 'linux/bpf_insn.h', + 'linux/dm-ioctl.h', + 'linux/ethtool.h', + 'local-addresses.c', + 'local-addresses.h', + 'lockfile-util.c', + 'lockfile-util.h', + 'log-link.h', + 'logs-show.c', + 'logs-show.h', + 'loop-util.c', + 'loop-util.h', + 'loopback-setup.c', + 'loopback-setup.h', + 'machine-id-setup.c', + 'machine-id-setup.h', + 'machine-pool.c', + 'machine-pool.h', + 'macvlan-util.c', + 'macvlan-util.h', + 'main-func.h', + 'mkdir-label.c', + 'mkdir-label.h', + 'mkfs-util.c', + 'mkfs-util.h', + 'module-util.h', + 'mount-setup.c', + 'mount-setup.h', + 'mount-util.c', + 'mount-util.h', + 'net-condition.c', + 'net-condition.h', + 'netif-naming-scheme.c', + 'netif-naming-scheme.h', + 'netif-util.c', + 'netif-util.h', + 'nscd-flush.h', + 'nsflags.c', + 'nsflags.h', + 'numa-util.c', + 'numa-util.h', + 'openssl-util.c', + 'openssl-util.h', + 'output-mode.c', + 'output-mode.h', + 'pager.c', + 'pager.h', + 'parse-argument.c', + 'parse-argument.h', + 'parse-socket-bind-item.c', + 'parse-socket-bind-item.h', + 'pcre2-dlopen.c', + 'pcre2-dlopen.h', + 'pe-header.h', + 'pkcs11-util.c', + 'pkcs11-util.h', + 'pretty-print.c', + 'pretty-print.h', + 'psi-util.c', + 'psi-util.h', + 'ptyfwd.c', + 'ptyfwd.h', + 'pwquality-util.c', + 'pwquality-util.h', + 'qrcode-util.c', + 'qrcode-util.h', + 'quota-util.c', + 'quota-util.h', + 'reboot-util.c', + 'reboot-util.h', + 'resize-fs.c', + 'resize-fs.h', + 'resolve-util.c', + 'resolve-util.h', + 'rm-rf.c', + 'rm-rf.h', + 'seccomp-util.h', + 'securebits-util.c', + 'securebits-util.h', + 'selinux-util.c', + 'selinux-util.h', + 'serialize.c', + 'serialize.h', + 'service-util.c', + 'service-util.h', + 'sleep-config.c', + 'sleep-config.h', + 'smack-util.c', + 'smack-util.h', + 'socket-label.c', + 'socket-netlink.c', + 'socket-netlink.h', + 'spawn-ask-password-agent.c', + 'spawn-ask-password-agent.h', + 'spawn-polkit-agent.c', + 'spawn-polkit-agent.h', + 'specifier.c', + 'specifier.h', + 'switch-root.c', + 'switch-root.h', + 'tmpfile-util-label.c', + 'tmpfile-util-label.h', + 'tomoyo-util.c', + 'tomoyo-util.h', + 'tpm2-util.c', + 'tpm2-util.h', + 'udev-util.c', + 'udev-util.h', + 'uid-alloc-range.c', + 'uid-alloc-range.h', + 'uid-range.c', + 'uid-range.h', + 'user-record-nss.c', + 'user-record-nss.h', + 'user-record-show.c', + 'user-record-show.h', + 'user-record.c', + 'user-record.h', + 'userdb-dropin.c', + 'userdb-dropin.h', + 'userdb.c', + 'userdb.h', + 'utmp-wtmp.h', + 'varlink.c', + 'varlink.h', + 'verb-log-control.c', + 'verb-log-control.h', + 'verbs.c', + 'verbs.h', + 'vlan-util.c', + 'vlan-util.h', + 'volatile-util.c', + 'volatile-util.h', + 'watchdog.c', + 'watchdog.h', + 'web-util.c', + 'web-util.h', + 'wifi-util.c', + 'wifi-util.h', + 'xml.c', + 'xml.h') if get_option('tests') != 'false' - shared_sources += files(''' - test-tables.h - tests.c - tests.h - '''.split()) + shared_sources += files( + 'test-tables.h', + 'tests.c', + 'tests.h') endif generate_syscall_list = find_program('generate-syscall-list.py') @@ -352,10 +350,9 @@ syscall_list_h = custom_target( capture : true) if conf.get('HAVE_ACL') == 1 - shared_sources += files(''' - acl-util.c - devnode-acl.c - '''.split()) + shared_sources += files( + 'acl-util.c', + 'devnode-acl.c') endif if conf.get('ENABLE_UTMP') == 1 @@ -372,10 +369,9 @@ if conf.get('HAVE_LIBIPTC') == 1 endif if conf.get('HAVE_LIBBPF') == 1 - shared_sources += files(''' - bpf-link.c - bpf-link.h - '''.split()) + shared_sources += files( + 'bpf-link.c', + 'bpf-link.h') endif if conf.get('HAVE_KMOD') == 1 diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build index e1348d95d42..ef98330b070 100644 --- a/src/shutdown/meson.build +++ b/src/shutdown/meson.build @@ -1,10 +1,9 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_shutdown_sources = files(''' - shutdown.c - umount.c - umount.h -'''.split()) +systemd_shutdown_sources = files( + 'shutdown.c', + 'umount.c', + 'umount.h') tests += [ [['src/shutdown/test-umount.c', diff --git a/src/sysext/meson.build b/src/sysext/meson.build index 1517df414e8..f159adb8cc0 100644 --- a/src/sysext/meson.build +++ b/src/sysext/meson.build @@ -1,5 +1,3 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_sysext_sources = files(''' - sysext.c -'''.split()) +systemd_sysext_sources = files('sysext.c') diff --git a/src/systemd/meson.build b/src/systemd/meson.build index 4f40b9f57f7..324e7cfd0cb 100644 --- a/src/systemd/meson.build +++ b/src/systemd/meson.build @@ -1,43 +1,41 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -_systemd_headers = ''' - sd-bus.h - sd-bus-protocol.h - sd-bus-vtable.h - sd-daemon.h - sd-device.h - sd-event.h - sd-hwdb.h - sd-id128.h - sd-journal.h - sd-login.h - sd-messages.h - sd-path.h -'''.split() +_systemd_headers = [ + 'sd-bus.h', + 'sd-bus-protocol.h', + 'sd-bus-vtable.h', + 'sd-daemon.h', + 'sd-device.h', + 'sd-event.h', + 'sd-hwdb.h', + 'sd-id128.h', + 'sd-journal.h', + 'sd-login.h', + 'sd-messages.h', + 'sd-path.h'] # https://github.com/mesonbuild/meson/issues/1633 systemd_headers = files(_systemd_headers) -_not_installed_headers = ''' - sd-dhcp6-client.h - sd-dhcp6-lease.h - sd-dhcp-client.h - sd-dhcp-lease.h - sd-dhcp-option.h - sd-dhcp6-option.h - sd-dhcp-server.h - sd-ipv4acd.h - sd-ipv4ll.h - sd-lldp-rx.h - sd-lldp-tx.h - sd-lldp.h - sd-ndisc.h - sd-netlink.h - sd-network.h - sd-radv.h - sd-resolve.h - sd-utf8.h -'''.split() +_not_installed_headers = [ + 'sd-dhcp6-client.h', + 'sd-dhcp6-lease.h', + 'sd-dhcp-client.h', + 'sd-dhcp-lease.h', + 'sd-dhcp-option.h', + 'sd-dhcp6-option.h', + 'sd-dhcp-server.h', + 'sd-ipv4acd.h', + 'sd-ipv4ll.h', + 'sd-lldp-rx.h', + 'sd-lldp-tx.h', + 'sd-lldp.h', + 'sd-ndisc.h', + 'sd-netlink.h', + 'sd-network.h', + 'sd-radv.h', + 'sd-resolve.h', + 'sd-utf8.h'] install_headers( systemd_headers, diff --git a/src/udev/meson.build b/src/udev/meson.build index 29ac85da12f..e73f79a0e86 100644 --- a/src/udev/meson.build +++ b/src/udev/meson.build @@ -1,47 +1,45 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -udevadm_sources = files(''' - udevadm.c - udevadm.h - udevadm-control.c - udevadm-hwdb.c - udevadm-info.c - udevadm-monitor.c - udevadm-settle.c - udevadm-test.c - udevadm-test-builtin.c - udevadm-trigger.c - udevadm-util.c - udevadm-util.h - udevd.c -'''.split()) - -libudevd_core_sources = ''' - udev-ctrl.c - udev-ctrl.h - udev-event.c - udev-event.h - udev-node.c - udev-node.h - udev-rules.c - udev-rules.h - udev-watch.c - udev-watch.h - udev-builtin.c - udev-builtin.h - udev-builtin-btrfs.c - udev-builtin-hwdb.c - udev-builtin-input_id.c - udev-builtin-keyboard.c - udev-builtin-net_id.c - udev-builtin-net_setup_link.c - udev-builtin-path_id.c - udev-builtin-usb_id.c - udev-netlink.c - udev-netlink.h - net/link-config.c - net/link-config.h -'''.split() +udevadm_sources = files( + 'udevadm.c', + 'udevadm.h', + 'udevadm-control.c', + 'udevadm-hwdb.c', + 'udevadm-info.c', + 'udevadm-monitor.c', + 'udevadm-settle.c', + 'udevadm-test.c', + 'udevadm-test-builtin.c', + 'udevadm-trigger.c', + 'udevadm-util.c', + 'udevadm-util.h', + 'udevd.c') + +libudevd_core_sources = [ + 'udev-ctrl.c', + 'udev-ctrl.h', + 'udev-event.c', + 'udev-event.h', + 'udev-node.c', + 'udev-node.h', + 'udev-rules.c', + 'udev-rules.h', + 'udev-watch.c', + 'udev-watch.h', + 'udev-builtin.c', + 'udev-builtin.h', + 'udev-builtin-btrfs.c', + 'udev-builtin-hwdb.c', + 'udev-builtin-input_id.c', + 'udev-builtin-keyboard.c', + 'udev-builtin-net_id.c', + 'udev-builtin-net_setup_link.c', + 'udev-builtin-path_id.c', + 'udev-builtin-usb_id.c', + 'udev-netlink.c', + 'udev-netlink.h', + 'net/link-config.c', + 'net/link-config.h'] if conf.get('HAVE_KMOD') == 1 libudevd_core_sources += ['udev-builtin-kmod.c'] diff --git a/src/userdb/meson.build b/src/userdb/meson.build index 3a6225e01ea..a17d7bb3283 100644 --- a/src/userdb/meson.build +++ b/src/userdb/meson.build @@ -1,15 +1,10 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -systemd_userwork_sources = files(''' - userwork.c -'''.split()) +systemd_userwork_sources = files('userwork.c') -systemd_userdbd_sources = files(''' - userdbd-manager.c - userdbd-manager.h - userdbd.c -'''.split()) +systemd_userdbd_sources = files( + 'userdbd-manager.c', + 'userdbd-manager.h', + 'userdbd.c') -userdbctl_sources = files(''' - userdbctl.c -'''.split()) +userdbctl_sources = files('userdbctl.c') From 34023aaaaa2d22d464108fe07c4f12d8e6365b03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 2 Mar 2022 14:52:50 +0100 Subject: [PATCH 241/703] meson: use files() for libudevd_core_sources too I'm not sure why a plain-text list was used in this case. (cherry picked from commit b9acb5074e115a3010f8507c6f3d2cad4132aa15) --- src/udev/meson.build | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/udev/meson.build b/src/udev/meson.build index e73f79a0e86..8d4d3f4da98 100644 --- a/src/udev/meson.build +++ b/src/udev/meson.build @@ -15,7 +15,7 @@ udevadm_sources = files( 'udevadm-util.h', 'udevd.c') -libudevd_core_sources = [ +libudevd_core_sources = files( 'udev-ctrl.c', 'udev-ctrl.h', 'udev-event.c', @@ -39,18 +39,18 @@ libudevd_core_sources = [ 'udev-netlink.c', 'udev-netlink.h', 'net/link-config.c', - 'net/link-config.h'] + 'net/link-config.h') if conf.get('HAVE_KMOD') == 1 - libudevd_core_sources += ['udev-builtin-kmod.c'] + libudevd_core_sources += files('udev-builtin-kmod.c') endif if conf.get('HAVE_BLKID') == 1 - libudevd_core_sources += ['udev-builtin-blkid.c'] + libudevd_core_sources += files('udev-builtin-blkid.c') endif if conf.get('HAVE_ACL') == 1 - libudevd_core_sources += ['udev-builtin-uaccess.c'] + libudevd_core_sources += files('udev-builtin-uaccess.c') endif ############################################################ From 731021202147c51dc5983b04acb7400efe0cff3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 3 Mar 2022 12:14:13 +0100 Subject: [PATCH 242/703] meson: move files' closing brace to separate line (cherry picked from commit 2f492a739c5edd09f1c16bc7da84c37a8744121a) --- src/home/meson.build | 12 ++++++++---- src/journal-remote/meson.build | 12 ++++++++---- src/journal/meson.build | 6 ++++-- src/libsystemd-network/meson.build | 3 ++- src/libsystemd/meson.build | 12 ++++++++---- src/locale/meson.build | 3 ++- src/login/meson.build | 9 ++++++--- src/machine/meson.build | 6 ++++-- src/network/meson.build | 9 ++++++--- src/nspawn/meson.build | 3 ++- src/oom/meson.build | 3 ++- src/portable/meson.build | 3 ++- src/resolve/meson.build | 15 ++++++++++----- src/shared/meson.build | 15 ++++++++++----- src/shutdown/meson.build | 3 ++- src/systemd/meson.build | 6 ++++-- src/udev/meson.build | 6 ++++-- src/userdb/meson.build | 3 ++- 18 files changed, 86 insertions(+), 43 deletions(-) diff --git a/src/home/meson.build b/src/home/meson.build index 2b48a1a1611..3d3a2bc82a6 100644 --- a/src/home/meson.build +++ b/src/home/meson.build @@ -24,7 +24,8 @@ systemd_homework_sources = files( 'homework.c', 'homework.h', 'user-record-util.c', - 'user-record-util.h') + 'user-record-util.h', +) if conf.get('HAVE_P11KIT') == 1 systemd_homework_sources += files('homework-pkcs11.c') @@ -58,7 +59,8 @@ systemd_homed_sources = files( 'user-record-sign.c', 'user-record-sign.h', 'user-record-util.c', - 'user-record-util.h') + 'user-record-util.h', +) homed_gperf_c = custom_target( 'homed_gperf.c', @@ -81,7 +83,8 @@ homectl_sources = files( 'user-record-pwquality.c', 'user-record-pwquality.h', 'user-record-util.c', - 'user-record-util.h') + 'user-record-util.h', +) pam_systemd_home_sym = 'src/home/pam_systemd_home.sym' pam_systemd_home_c = files( @@ -89,7 +92,8 @@ pam_systemd_home_c = files( 'home-util.h', 'pam_systemd_home.c', 'user-record-util.c', - 'user-record-util.h') + 'user-record-util.h', +) if conf.get('ENABLE_HOMED') == 1 install_data('org.freedesktop.home1.conf', diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build index 1dc0d123009..88c0aca9b27 100644 --- a/src/journal-remote/meson.build +++ b/src/journal-remote/meson.build @@ -3,7 +3,8 @@ systemd_journal_upload_sources = files( 'journal-upload.h', 'journal-upload.c', - 'journal-upload-journal.c') + 'journal-upload-journal.c', +) libsystemd_journal_remote_sources = files( 'journal-remote-parse.h', @@ -11,12 +12,14 @@ libsystemd_journal_remote_sources = files( 'journal-remote-write.h', 'journal-remote-write.c', 'journal-remote.h', - 'journal-remote.c') + 'journal-remote.c', +) if conf.get('HAVE_MICROHTTPD') == 1 libsystemd_journal_remote_sources += files( 'microhttpd-util.h', - 'microhttpd-util.c') + 'microhttpd-util.c', + ) endif libsystemd_journal_remote = static_library( @@ -36,7 +39,8 @@ systemd_journal_remote_sources = files('journal-remote-main.c') systemd_journal_gatewayd_sources = files( 'journal-gatewayd.c', 'microhttpd-util.h', - 'microhttpd-util.c') + 'microhttpd-util.c', +) in_files = [ ['journal-upload.conf', diff --git a/src/journal/meson.build b/src/journal/meson.build index f70d98b035e..1372849cb7f 100644 --- a/src/journal/meson.build +++ b/src/journal/meson.build @@ -22,7 +22,8 @@ sources = files( 'journald-syslog.c', 'journald-syslog.h', 'journald-wall.c', - 'journald-wall.h') + 'journald-wall.h', +) sources += custom_target( 'journald-gperf.c', @@ -41,7 +42,8 @@ journal_includes = [includes, include_directories('.')] systemd_journald_sources = files( 'journald.c', - 'journald-server.h') + 'journald-server.h', +) systemd_cat_sources = files('cat.c') diff --git a/src/libsystemd-network/meson.build b/src/libsystemd-network/meson.build index 8ae79d0bf9d..eff32b7a697 100644 --- a/src/libsystemd-network/meson.build +++ b/src/libsystemd-network/meson.build @@ -43,7 +43,8 @@ sources = files( 'sd-lldp-rx.c', 'sd-lldp-tx.c', 'sd-ndisc.c', - 'sd-radv.c') + 'sd-radv.c', +) libsystemd_network = static_library( 'systemd-network', diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build index 56c54491e44..c21841258b8 100644 --- a/src/libsystemd/meson.build +++ b/src/libsystemd/meson.build @@ -21,14 +21,16 @@ sd_journal_sources = files( 'sd-journal/lookup3.h', 'sd-journal/mmap-cache.c', 'sd-journal/mmap-cache.h', - 'sd-journal/sd-journal.c') + 'sd-journal/sd-journal.c', +) if conf.get('HAVE_GCRYPT') == 1 sd_journal_sources += files( 'sd-journal/fsprg.c', 'sd-journal/fsprg.h', 'sd-journal/journal-authenticate.c', - 'sd-journal/journal-authenticate.h') + 'sd-journal/journal-authenticate.h', + ) endif audit_type_includes = [config_h, @@ -59,7 +61,8 @@ sd_journal_sources += [audit_type_to_name] id128_sources = files( 'sd-id128/id128-util.c', 'sd-id128/id128-util.h', - 'sd-id128/sd-id128.c') + 'sd-id128/sd-id128.c', +) ############################################################ @@ -71,7 +74,8 @@ sd_event_sources = files( 'sd-event/event-source.h', 'sd-event/event-util.c', 'sd-event/event-util.h', - 'sd-event/sd-event.c') + 'sd-event/sd-event.c', +) ############################################################ diff --git a/src/locale/meson.build b/src/locale/meson.build index 2b9cfba893d..8510fe610de 100644 --- a/src/locale/meson.build +++ b/src/locale/meson.build @@ -3,7 +3,8 @@ systemd_localed_sources = files( 'localed.c', 'keymap-util.c', - 'keymap-util.h') + 'keymap-util.h', +) localectl_sources = files('localectl.c') diff --git a/src/login/meson.build b/src/login/meson.build index 329d83d10ce..98495cc743e 100644 --- a/src/login/meson.build +++ b/src/login/meson.build @@ -2,7 +2,8 @@ systemd_logind_sources = files( 'logind.c', - 'logind.h') + 'logind.h', +) logind_gperf_c = custom_target( 'logind_gperf.c', @@ -40,7 +41,8 @@ liblogind_core_sources = files( 'logind-user-dbus.h', 'logind-user.c', 'logind-user.h', - 'logind-utmp.c') + 'logind-utmp.c', +) liblogind_core_sources += [logind_gperf_c] @@ -54,7 +56,8 @@ liblogind_core = static_library( loginctl_sources = files( 'loginctl.c', 'sysfs-show.h', - 'sysfs-show.c') + 'sysfs-show.c', +) user_runtime_dir_sources = files('user-runtime-dir.c') diff --git a/src/machine/meson.build b/src/machine/meson.build index a59ac55e63d..4357491ee8f 100644 --- a/src/machine/meson.build +++ b/src/machine/meson.build @@ -2,7 +2,8 @@ systemd_machined_sources = files( 'machined.c', - 'machined.h') + 'machined.h', +) libmachine_core_sources = files( 'image-dbus.c', @@ -16,7 +17,8 @@ libmachine_core_sources = files( 'machined-varlink.c', 'machined-varlink.h', 'operation.c', - 'operation.h') + 'operation.h', +) libmachine_core = static_library( 'machine-core', diff --git a/src/network/meson.build b/src/network/meson.build index f867de01bc9..48d185195cc 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -182,7 +182,8 @@ sources = files( 'tc/tclass.c', 'tc/tclass.h', 'tc/teql.c', - 'tc/teql.h') + 'tc/teql.h', +) systemd_networkd_sources = files('networkd.c') @@ -191,14 +192,16 @@ systemd_networkd_wait_online_sources = files( 'wait-online/link.h', 'wait-online/manager.c', 'wait-online/manager.h', - 'wait-online/wait-online.c') + 'wait-online/wait-online.c', +) networkctl_sources = files('networkctl.c') network_generator_sources = files( 'generator/main.c', 'generator/network-generator.c', - 'generator/network-generator.h') + 'generator/network-generator.h', +) sources += custom_target( 'networkd-gperf.c', diff --git a/src/nspawn/meson.build b/src/nspawn/meson.build index 38c31f6f883..dba8239a410 100644 --- a/src/nspawn/meson.build +++ b/src/nspawn/meson.build @@ -28,7 +28,8 @@ libnspawn_core_sources = files( 'nspawn-setuid.h', 'nspawn-stub-pid1.c', 'nspawn-stub-pid1.h', - 'nspawn.h') + 'nspawn.h', +) nspawn_gperf_c = custom_target( 'nspawn-gperf.c', diff --git a/src/oom/meson.build b/src/oom/meson.build index 83d42878fc7..579bc0d4eb5 100644 --- a/src/oom/meson.build +++ b/src/oom/meson.build @@ -7,7 +7,8 @@ systemd_oomd_sources = files( 'oomd-manager.h', 'oomd-util.c', 'oomd-util.h', - 'oomd.c') + 'oomd.c', +) oomctl_sources = files('oomctl.c') diff --git a/src/portable/meson.build b/src/portable/meson.build index 65ba74bc6f6..61f7924801b 100644 --- a/src/portable/meson.build +++ b/src/portable/meson.build @@ -11,7 +11,8 @@ systemd_portabled_sources = files( 'portabled-operation.c', 'portabled-operation.h', 'portabled.c', - 'portabled.h') + 'portabled.h', +) if conf.get('ENABLE_PORTABLED') == 1 install_data('org.freedesktop.portable1.conf', diff --git a/src/resolve/meson.build b/src/resolve/meson.build index a30d8fd8515..770ed77cf5a 100644 --- a/src/resolve/meson.build +++ b/src/resolve/meson.build @@ -16,7 +16,8 @@ basic_dns_sources = files( 'resolved-util.c', 'resolved-util.h', 'dns-type.c', - 'dns-type.h') + 'dns-type.h', +) systemd_resolved_sources = files( 'resolved-bus.c', @@ -69,13 +70,15 @@ systemd_resolved_sources = files( 'resolved-socket-graveyard.h', 'resolved-varlink.c', 'resolved-varlink.h', - 'resolved.c') + 'resolved.c', +) resolvectl_sources = files( 'resolvconf-compat.c', 'resolvconf-compat.h', 'resolvectl.c', - 'resolvectl.h') + 'resolvectl.h', +) ############################################################ @@ -137,12 +140,14 @@ if conf.get('ENABLE_DNS_OVER_TLS') == 1 if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1 systemd_resolved_sources += files( 'resolved-dnstls-gnutls.c', - 'resolved-dnstls-gnutls.h') + 'resolved-dnstls-gnutls.h', + ) systemd_resolved_dependencies += libgnutls elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1 systemd_resolved_sources += files( 'resolved-dnstls-openssl.c', - 'resolved-dnstls-openssl.h') + 'resolved-dnstls-openssl.h', + ) systemd_resolved_dependencies += libopenssl else error('unknown dependency for supporting DNS-over-TLS') diff --git a/src/shared/meson.build b/src/shared/meson.build index 67e2892c0b9..1e4fcbf1164 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -330,13 +330,15 @@ shared_sources = files( 'wifi-util.c', 'wifi-util.h', 'xml.c', - 'xml.h') + 'xml.h', +) if get_option('tests') != 'false' shared_sources += files( 'test-tables.h', 'tests.c', - 'tests.h') + 'tests.h', + ) endif generate_syscall_list = find_program('generate-syscall-list.py') @@ -352,7 +354,8 @@ syscall_list_h = custom_target( if conf.get('HAVE_ACL') == 1 shared_sources += files( 'acl-util.c', - 'devnode-acl.c') + 'devnode-acl.c', + ) endif if conf.get('ENABLE_UTMP') == 1 @@ -371,7 +374,8 @@ endif if conf.get('HAVE_LIBBPF') == 1 shared_sources += files( 'bpf-link.c', - 'bpf-link.h') + 'bpf-link.h', + ) endif if conf.get('HAVE_KMOD') == 1 @@ -381,7 +385,8 @@ endif if conf.get('HAVE_PAM') == 1 shared_sources += files( 'pam-util.c', - 'pam-util.h') + 'pam-util.h', + ) endif if conf.get('ENABLE_NSCD') == 1 diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build index ef98330b070..186e9240f19 100644 --- a/src/shutdown/meson.build +++ b/src/shutdown/meson.build @@ -3,7 +3,8 @@ systemd_shutdown_sources = files( 'shutdown.c', 'umount.c', - 'umount.h') + 'umount.h', +) tests += [ [['src/shutdown/test-umount.c', diff --git a/src/systemd/meson.build b/src/systemd/meson.build index 324e7cfd0cb..9faee53db94 100644 --- a/src/systemd/meson.build +++ b/src/systemd/meson.build @@ -12,7 +12,8 @@ _systemd_headers = [ 'sd-journal.h', 'sd-login.h', 'sd-messages.h', - 'sd-path.h'] + 'sd-path.h', +] # https://github.com/mesonbuild/meson/issues/1633 systemd_headers = files(_systemd_headers) @@ -35,7 +36,8 @@ _not_installed_headers = [ 'sd-network.h', 'sd-radv.h', 'sd-resolve.h', - 'sd-utf8.h'] + 'sd-utf8.h', +] install_headers( systemd_headers, diff --git a/src/udev/meson.build b/src/udev/meson.build index 8d4d3f4da98..d55e9073ae9 100644 --- a/src/udev/meson.build +++ b/src/udev/meson.build @@ -13,7 +13,8 @@ udevadm_sources = files( 'udevadm-trigger.c', 'udevadm-util.c', 'udevadm-util.h', - 'udevd.c') + 'udevd.c', +) libudevd_core_sources = files( 'udev-ctrl.c', @@ -39,7 +40,8 @@ libudevd_core_sources = files( 'udev-netlink.c', 'udev-netlink.h', 'net/link-config.c', - 'net/link-config.h') + 'net/link-config.h', +) if conf.get('HAVE_KMOD') == 1 libudevd_core_sources += files('udev-builtin-kmod.c') diff --git a/src/userdb/meson.build b/src/userdb/meson.build index a17d7bb3283..2d786611e15 100644 --- a/src/userdb/meson.build +++ b/src/userdb/meson.build @@ -5,6 +5,7 @@ systemd_userwork_sources = files('userwork.c') systemd_userdbd_sources = files( 'userdbd-manager.c', 'userdbd-manager.h', - 'userdbd.c') + 'userdbd.c', +) userdbctl_sources = files('userdbctl.c') From c635058797175d5af6476d0778dafefdc8af5503 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 9 Feb 2022 22:35:03 +0100 Subject: [PATCH 243/703] test: lvm 2.03.15 dropped the static autoactivation so install the respective generator only if we're running with older lvm versions. See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=ee8fb0310c53ed003a43b324c99cdfd891dd1a7c (cherry picked from commit d10d562bd4b9f93130fb2b23f2b0d0d4126ea7d4) --- test/test-functions | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/test-functions b/test/test-functions index eae1cd8cc1e..8bff5d8271d 100644 --- a/test/test-functions +++ b/test/test-functions @@ -985,16 +985,19 @@ install_lvm() { image_install lvm image_install "${ROOTLIBDIR:?}"/system/lvm2-lvmpolld.{service,socket} image_install "${ROOTLIBDIR:?}"/system/{blk-availability,lvm2-monitor}.service - image_install "${ROOTLIBDIR:?}"/system-generators/lvm2-activation-generator image_install -o "/lib/tmpfiles.d/lvm2.conf" if get_bool "$LOOKS_LIKE_DEBIAN"; then inst_rules 56-lvm.rules 69-lvm-metad.rules else # Support the new udev autoactivation introduced in lvm 2.03.14 # https://sourceware.org/git/?p=lvm2.git;a=commit;h=67722b312390cdab29c076c912e14bd739c5c0f6 + # Static autoactivation (via lvm2-activation-generator) was dropped + # in lvm 2.03.15 + # https://sourceware.org/git/?p=lvm2.git;a=commit;h=ee8fb0310c53ed003a43b324c99cdfd891dd1a7c if [[ -f /lib/udev/rules.d/69-dm-lvm.rules ]]; then inst_rules 11-dm-lvm.rules 69-dm-lvm.rules else + image_install "${ROOTLIBDIR:?}"/system-generators/lvm2-activation-generator image_install "${ROOTLIBDIR:?}"/system/lvm2-pvscan@.service inst_rules 11-dm-lvm.rules 69-dm-lvm-metad.rules fi From 85cc27fe88c5c49d1253ae25e25188da0e86d9c4 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Thu, 10 Feb 2022 12:29:53 +0100 Subject: [PATCH 244/703] test: accept GC'ed units in newer LVM Since lvm 2.03.15 the transient units are started without `-r`, thus disappearing once they finish and breaking the test (which expects them to remain loaded after finishing). Let's accept `LoadState=not-found` as a valid result as well to fix this. Follow-up to: d10d562bd4b9f93130fb2b23f2b0d0d4126ea7d4 See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=fbd8b0cf43dc67f51f86f060dce748f446985855 (cherry picked from commit b034f02c628057c30a2136289a1b388a6fb9a737) --- test/units/testsuite-64.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh index f75382d90a6..dc8b263b100 100755 --- a/test/units/testsuite-64.sh +++ b/test/units/testsuite-64.sh @@ -96,6 +96,14 @@ helper_wait_for_lvm_activate() { if [[ "$(systemctl show -P SubState "$lvm_activate_svc")" == exited ]]; then return 0 fi + else + # Since lvm 2.03.15 the lvm-activate transient unit no longer remains + # after finishing, so we have to treat non-existent units as a success + # as well + # See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=fbd8b0cf43dc67f51f86f060dce748f446985855 + if [[ "$(systemctl show -P LoadState "$lvm_activate_svc")" == not-found ]]; then + return 0 + fi fi sleep .5 From a87fdd2af22128bce621508315ed5126a8d11f45 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 25 Jan 2022 15:49:22 +0000 Subject: [PATCH 245/703] portable: add flag to return extension-releases in GetImageMetadataWithExtensions Return the name of each extension and the associated extension-release file, and pretty-print them in 'portablectl inspect', if a new flag is passed. $ portablectl inspect --extension app2 --extension app0 minimal app0 app1 (Matching unit files with prefixes 'app0', 'app1'.) Image: /run/portables/minimal.raw Portable Service: n/a Operating System: Debian GNU/Linux 10 (buster) Extension: /run/portables/app2.raw Extension Scope: n/a Extension Compatibility Level: n/a Portable Service: n/a Portable Prefixes: n/a Operating System: n/a (debian 10) Extension: /run/portables/app0.raw Extension Scope: n/a Extension Compatibility Level: n/a Portable Service: n/a Portable Prefixes: n/a Operating System: n/a (debian 10) Unit files: app0.service (cherry picked from commit e3f7ed944ae750a40685c52349f3cc850db0876e) --- man/org.freedesktop.portable1.xml | 10 +++- src/portable/portable.c | 35 ++++++++++++-- src/portable/portable.h | 15 +++--- src/portable/portablectl.c | 78 +++++++++++++++++++++++++++++- src/portable/portabled-image-bus.c | 38 +++++++++++++-- test/units/testsuite-29.sh | 4 ++ 6 files changed, 163 insertions(+), 17 deletions(-) diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml index 53c960206ed..053f2a54342 100644 --- a/man/org.freedesktop.portable1.xml +++ b/man/org.freedesktop.portable1.xml @@ -187,7 +187,15 @@ node /org/freedesktop/portable1 { This method is a superset of GetImageMetadata() with the addition of a list of extensions as input parameter, which were overlaid on top of the main image via AttachImageWithExtensions(). - The flag parameter is currently unused and reserved for future purposes. + The flag parameter can be used to request that, before the units, the path of + each extension and an array of bytes with the content of the respective extension-release file + are sent. One such structure will be sent for each extension named in the input arguments. The + flag value to enable this functionality is defined as follows: + + +#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) + + GetImageState() retrieves the image state as one of the following strings: diff --git a/src/portable/portable.c b/src/portable/portable.c index be311f94c4a..0e6461ba939 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -505,6 +505,7 @@ static int extract_image_and_extensions( bool validate_sysext, Image **ret_image, OrderedHashmap **ret_extension_images, + OrderedHashmap **ret_extension_releases, PortableMetadata **ret_os_release, Hashmap **ret_unit_files, char ***ret_valid_prefixes, @@ -512,7 +513,7 @@ static int extract_image_and_extensions( _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; + _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; _cleanup_hashmap_free_ Hashmap *unit_files = NULL; _cleanup_strv_free_ char **valid_prefixes = NULL; _cleanup_(image_unrefp) Image *image = NULL; @@ -533,6 +534,12 @@ static int extract_image_and_extensions( if (!extension_images) return -ENOMEM; + if (ret_extension_releases) { + extension_releases = ordered_hashmap_new(&portable_metadata_hash_ops); + if (!extension_releases) + return -ENOMEM; + } + STRV_FOREACH(p, extension_image_paths) { _cleanup_(image_unrefp) Image *new = NULL; @@ -581,6 +588,7 @@ static int extract_image_and_extensions( _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; _cleanup_strv_free_ char **extension_release = NULL; + _cleanup_close_ int extension_release_fd = -1; _cleanup_fclose_ FILE *f = NULL; const char *e; @@ -592,10 +600,15 @@ static int extract_image_and_extensions( if (r < 0) return r; - if (!validate_sysext && !ret_valid_prefixes) + if (!validate_sysext && !ret_valid_prefixes && !ret_extension_releases) continue; - r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); + /* We need to keep the fd valid, to return the PortableMetadata to the caller. */ + extension_release_fd = fd_reopen(extension_release_meta->fd, O_CLOEXEC); + if (extension_release_fd < 0) + return extension_release_fd; + + r = take_fdopen_unlocked(&extension_release_fd, "r", &f); if (r < 0) return r; @@ -623,6 +636,13 @@ static int extract_image_and_extensions( if (r < 0) return r; } + + if (ret_extension_releases) { + r = ordered_hashmap_put(extension_releases, ext->name, extension_release_meta); + if (r < 0) + return r; + TAKE_PTR(extension_release_meta); + } } strv_sort(valid_prefixes); @@ -631,6 +651,8 @@ static int extract_image_and_extensions( *ret_image = TAKE_PTR(image); if (ret_extension_images) *ret_extension_images = TAKE_PTR(extension_images); + if (ret_extension_releases) + *ret_extension_releases = TAKE_PTR(extension_releases); if (ret_os_release) *ret_os_release = TAKE_PTR(os_release); if (ret_unit_files) @@ -646,12 +668,13 @@ int portable_extract( char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, + OrderedHashmap **ret_extension_releases, Hashmap **ret_unit_files, char ***ret_valid_prefixes, sd_bus_error *error) { _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; + _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; _cleanup_hashmap_free_ Hashmap *unit_files = NULL; _cleanup_(strv_freep) char **valid_prefixes = NULL; _cleanup_(image_unrefp) Image *image = NULL; @@ -666,6 +689,7 @@ int portable_extract( /* validate_sysext= */ false, &image, &extension_images, + &extension_releases, &os_release, &unit_files, ret_valid_prefixes ? &valid_prefixes : NULL, @@ -688,6 +712,8 @@ int portable_extract( if (ret_os_release) *ret_os_release = TAKE_PTR(os_release); + if (ret_extension_releases) + *ret_extension_releases = TAKE_PTR(extension_releases); if (ret_unit_files) *ret_unit_files = TAKE_PTR(unit_files); if (ret_valid_prefixes) @@ -1261,6 +1287,7 @@ int portable_attach( /* validate_sysext= */ true, &image, &extension_images, + /* extension_releases= */ NULL, /* os_release= */ NULL, &unit_files, &valid_prefixes, diff --git a/src/portable/portable.h b/src/portable/portable.h index 2837e8b2869..a0704f971b1 100644 --- a/src/portable/portable.h +++ b/src/portable/portable.h @@ -21,13 +21,14 @@ typedef struct PortableMetadata { #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) typedef enum PortableFlags { - PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ - PORTABLE_PREFER_COPY = 1 << 1, - PORTABLE_PREFER_SYMLINK = 1 << 2, - PORTABLE_REATTACH = 1 << 3, - _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, + PORTABLE_RUNTIME = 1 << 0, + PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ + PORTABLE_PREFER_COPY = 1 << 2, + PORTABLE_PREFER_SYMLINK = 1 << 3, + PORTABLE_REATTACH = 1 << 4, + _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, _PORTABLE_TYPE_MAX, - _PORTABLE_TYPE_INVALID = -EINVAL, + _PORTABLE_TYPE_INVALID = -EINVAL, } PortableFlags; /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno @@ -65,7 +66,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(PortableMetadata*, portable_metadata_unref); int portable_metadata_hashmap_to_sorted_array(Hashmap *unit_files, PortableMetadata ***ret); -int portable_extract(const char *image, char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, Hashmap **ret_unit_files, char ***ret_valid_prefixes, sd_bus_error *error); +int portable_extract(const char *image, char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, OrderedHashmap **ret_extension_releases, Hashmap **ret_unit_files, char ***ret_valid_prefixes, sd_bus_error *error); int portable_attach(sd_bus *bus, const char *name_or_path, char **matches, const char *profile, char **extension_images, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); int portable_detach(sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c index 60feac6f5db..33d7162be98 100644 --- a/src/portable/portablectl.c +++ b/src/portable/portablectl.c @@ -260,8 +260,8 @@ static int maybe_reload(sd_bus **bus) { static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; const char *method; - uint64_t flags = 0; int r; assert(bus); @@ -366,6 +366,74 @@ static int inspect_image(int argc, char *argv[], void *userdata) { if (r < 0) return bus_log_parse_error(r); + /* If we specified any extensions, we'll first get back exactly the + * paths (and extension-release content) for each one of the arguments. */ + for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { + const char *name; + + r = sd_bus_message_enter_container(reply, 'e', "say"); + if (r < 0) + return bus_log_parse_error(r); + if (r == 0) + break; + + r = sd_bus_message_read(reply, "s", &name); + if (r < 0) + return bus_log_parse_error(r); + + r = sd_bus_message_read_array(reply, 'y', &data, &sz); + if (r < 0) + return bus_log_parse_error(r); + + if (arg_cat) { + if (nl) + fputc('\n', stdout); + + printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); + fwrite(data, sz, 1, stdout); + fflush(stdout); + nl = true; + } else { + _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, + *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; + _cleanup_fclose_ FILE *f = NULL; + + f = fmemopen_unlocked((void*) data, sz, "re"); + if (!f) + return log_error_errno(errno, "Failed to open extension-release buffer: %m"); + + r = parse_env_file(f, name, + "ID", &id, + "VERSION_ID", &version_id, + "SYSEXT_SCOPE", &sysext_scope, + "SYSEXT_LEVEL", &sysext_level, + "PORTABLE_PRETTY_NAME", &pretty_portable, + "PORTABLE_PREFIXES", &portable_prefixes, + "PRETTY_NAME", &pretty_os); + if (r < 0) + return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); + + printf("Extension:\n\t%s\n" + "\tExtension Scope:\n\t\t%s\n" + "\tExtension Compatibility Level:\n\t\t%s\n" + "\tPortable Service:\n\t\t%s\n" + "\tPortable Prefixes:\n\t\t%s\n" + "\tOperating System:\n\t\t%s (%s %s)\n", + name, + strna(sysext_scope), + strna(sysext_level), + strna(pretty_portable), + strna(portable_prefixes), + strna(pretty_os), + strna(id), + strna(version_id)); + } + + r = sd_bus_message_exit_container(reply); + if (r < 0) + return bus_log_parse_error(r); + } + for (;;) { const char *name; @@ -700,6 +768,14 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) { if (r < 0) return bus_log_parse_error(r); + /* If we specified any extensions, we'll first get back exactly the + * paths (and extension-release content) for each one of the arguments. */ + for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { + r = sd_bus_message_skip(reply, "{say}"); + if (r < 0) + return bus_log_parse_error(r); + } + for (;;) { const char *name; diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index ede062dbfb4..af21fde96f6 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -102,13 +102,13 @@ int bus_image_common_get_metadata( Image *image, sd_bus_error *error) { + _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_releases = NULL; _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; _cleanup_strv_free_ char **matches = NULL, **extension_images = NULL; _cleanup_hashmap_free_ Hashmap *unit_files = NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; _cleanup_free_ PortableMetadata **sorted = NULL; - /* Unused for now, but added to the DBUS methods for future-proofing */ - uint64_t input_flags = 0; + PortableFlags flags = 0; size_t i; int r; @@ -133,14 +133,17 @@ int bus_image_common_get_metadata( if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { + uint64_t input_flags = 0; + r = sd_bus_message_read(message, "t", &input_flags); if (r < 0) return r; - /* Let clients know that this version doesn't support any flags */ - if (input_flags != 0) + + if ((input_flags & ~_PORTABLE_MASK_PUBLIC) != 0) return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, "Invalid 'flags' parameter '%" PRIu64 "'", input_flags); + flags |= input_flags; } r = bus_image_acquire(m, @@ -161,6 +164,7 @@ int bus_image_common_get_metadata( matches, extension_images, &os_release, + &extension_releases, &unit_files, NULL, error); @@ -187,6 +191,32 @@ int bus_image_common_get_metadata( if (r < 0) return r; + /* If it was requested, also send back the extension path and the content + * of each extension-release file. Behind a flag, as it's an incompatible + * change. */ + if (FLAGS_SET(flags, PORTABLE_INSPECT_EXTENSION_RELEASES)) { + PortableMetadata *extension_release; + + ORDERED_HASHMAP_FOREACH(extension_release, extension_releases) { + + r = sd_bus_message_open_container(reply, 'e', "say"); + if (r < 0) + return r; + + r = sd_bus_message_append(reply, "s", extension_release->image_path); + if (r < 0) + return r; + + r = append_fd(reply, extension_release); + if (r < 0) + return r; + + r = sd_bus_message_close_container(reply); + if (r < 0) + return r; + } + } + for (i = 0; i < hashmap_size(unit_files); i++) { r = sd_bus_message_open_container(reply, 'e', "say"); diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 13bdc59e3b8..94771b49a70 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -102,6 +102,10 @@ portablectl "${ARGS[@]}" reattach --now --runtime --extension /usr/share/app1.ra systemctl is-active app1.service +portablectl inspect --cat --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 | grep -F "MARKER=2" +portablectl inspect --cat --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 | grep -F "PORTABLE_PREFIXES=app1" +portablectl inspect --cat --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 | grep -F "ExecStart=/opt/script1.sh" + portablectl detach --now --runtime --extension /usr/share/app1.raw /usr/share/minimal_1.raw app1 # Ensure that the combination of read-only images, state directory and dynamic user works, and that From 931d00d350c1313076b57ed7d28021659575b885 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 3 Mar 2022 18:55:26 +0100 Subject: [PATCH 246/703] TEST-29: trim output a bit IIUC, pipefail doesn't matter for a sequence of commands joined with &&, and we don't have any pipes. And such a failing expression also does not trigger an exit, so the set +e/set -e were noops. (cherry picked from commit 13391986b50e76cc58744c44ccb8124e48fd3c3d) --- test/test-functions | 8 ++++---- test/units/testsuite-29.sh | 20 ++------------------ 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/test/test-functions b/test/test-functions index 8bff5d8271d..09637eb4970 100644 --- a/test/test-functions +++ b/test/test-functions @@ -607,7 +607,7 @@ ExecStart=sleep 120 EOF cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" - mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_0.raw" -noappend + mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_0.raw" -noappend -quiet veritysetup format "$oldinitdir/usr/share/minimal_0.raw" "$oldinitdir/usr/share/minimal_0.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_0.roothash" @@ -615,7 +615,7 @@ EOF rm "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-bar.service" - mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" -noappend + mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" -noappend -quiet veritysetup format "$oldinitdir/usr/share/minimal_1.raw" "$oldinitdir/usr/share/minimal_1.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_1.roothash" @@ -647,7 +647,7 @@ cat /usr/lib/extension-release.d/extension-release.app0 EOF chmod +x "$initdir/opt/script0.sh" echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" -noappend + mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" -noappend -quiet export initdir="$TESTDIR/app1" mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" @@ -673,7 +673,7 @@ cat /usr/lib/extension-release.d/extension-release.app2 EOF chmod +x "$initdir/opt/script1.sh" echo MARKER=1 >"$initdir/usr/lib/systemd/system/other_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" -noappend + mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" -noappend -quiet ) } diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 94771b49a70..532d7ce641e 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -31,21 +31,13 @@ portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw minimal systemctl is-active minimal-app0.service systemctl is-active minimal-app0-foo.service -set +o pipefail -set +e systemctl is-active minimal-app0-bar.service && exit 1 -set -e -set -o pipefail portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw minimal-app0 systemctl is-active minimal-app0.service systemctl is-active minimal-app0-bar.service -set +o pipefail -set +e systemctl is-active minimal-app0-foo.service && exit 1 -set -e -set -o pipefail portablectl list | grep -q -F "minimal_1" @@ -55,28 +47,20 @@ portablectl list | grep -q -F "No images." # portablectl also works with directory paths rather than images -unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw -unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw +unsquashfs -q -dest /tmp/minimal_0 /usr/share/minimal_0.raw +unsquashfs -q -dest /tmp/minimal_1 /usr/share/minimal_1.raw portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 minimal-app0 systemctl is-active minimal-app0.service systemctl is-active minimal-app0-foo.service -set +o pipefail -set +e systemctl is-active minimal-app0-bar.service && exit 1 -set -e -set -o pipefail portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 minimal-app0 systemctl is-active minimal-app0.service systemctl is-active minimal-app0-bar.service -set +o pipefail -set +e systemctl is-active minimal-app0-foo.service && exit 1 -set -e -set -o pipefail portablectl list | grep -q -F "minimal_1" From 7856dc310906cb8b09d27b7175b322129bd619b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 3 Mar 2022 18:56:06 +0100 Subject: [PATCH 247/703] portablectl: reorder if branches to match previous conditional in the same function One is a ternary op, the other an normal conditional, but they should still use the same order of branches. (cherry picked from commit 573e33de078956ded078653ef3f90f93469b4dbf) --- src/portable/portablectl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c index 33d7162be98..3025720c5b7 100644 --- a/src/portable/portablectl.c +++ b/src/portable/portablectl.c @@ -928,12 +928,13 @@ static int detach_image(int argc, char *argv[], void *userdata) { if (r < 0) return r; - if (!strv_isempty(arg_extension_images)) { + if (strv_isempty(arg_extension_images)) + r = sd_bus_message_append(m, "b", arg_runtime); + else { uint64_t flags = arg_runtime ? PORTABLE_RUNTIME : 0; r = sd_bus_message_append(m, "t", flags); - } else - r = sd_bus_message_append(m, "b", arg_runtime); + } if (r < 0) return bus_log_create_error(r); From 06d466a05c69e39058f109700c8a6c10bd4c2c89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 3 Mar 2022 19:13:20 +0100 Subject: [PATCH 248/703] portable: inline one variable declaration (cherry picked from commit 90e3f3581dd578a23aec9f63ca846babfe4fcaa0) --- src/portable/portabled-image-bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index af21fde96f6..651fb2ea96d 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -109,7 +109,6 @@ int bus_image_common_get_metadata( _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; _cleanup_free_ PortableMetadata **sorted = NULL; PortableFlags flags = 0; - size_t i; int r; assert(name_or_path || image); @@ -217,7 +216,7 @@ int bus_image_common_get_metadata( } } - for (i = 0; i < hashmap_size(unit_files); i++) { + for (size_t i = 0; i < hashmap_size(unit_files); i++) { r = sd_bus_message_open_container(reply, 'e', "say"); if (r < 0) From 00b5aa8d741ad17f6b8f5f03d901b038e3a27d04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 3 Mar 2022 16:26:36 +0100 Subject: [PATCH 249/703] portable: add return parameter to GetImageMetadataWithExtensions The complaint was that the output array was used for two kinds of data, and the input flag decided whether this extra data should be included. The flag is removed, and instead the old method is changed to include the data always as a separate parameter. This breaks backward compatibility, but the old method is effectively broken and does not appear to be used yet, at least in open source code, by searching on codesearch.debian.net and github.com. Fixes #22404. Co-authored-by: Luca Boccassi (cherry picked from commit 087a799f64560bb0379b8a99ebbd9ca84804e4c3) --- man/org.freedesktop.portable1.xml | 21 ++--- src/portable/portable.h | 13 ++- src/portable/portablectl.c | 142 +++++++++++++++-------------- src/portable/portabled-bus.c | 1 + src/portable/portabled-image-bus.c | 30 +++--- 5 files changed, 110 insertions(+), 97 deletions(-) diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml index 053f2a54342..8f960cc28d3 100644 --- a/man/org.freedesktop.portable1.xml +++ b/man/org.freedesktop.portable1.xml @@ -54,6 +54,7 @@ node /org/freedesktop/portable1 { in t flags, out s image, out ay os_release, + out a{say} extensions, out a{say} units); GetImageState(in s image, out s state); @@ -183,19 +184,12 @@ node /org/freedesktop/portable1 { and a list of portable units contained in the image, in the form of a string (unit name) and an array of bytes with the content. - GetImageMetadataWithExtensions() retrieves metadata associated with an image. - This method is a superset of GetImageMetadata() with the addition of - a list of extensions as input parameter, which were overlaid on top of the main - image via AttachImageWithExtensions(). - The flag parameter can be used to request that, before the units, the path of - each extension and an array of bytes with the content of the respective extension-release file - are sent. One such structure will be sent for each extension named in the input arguments. The - flag value to enable this functionality is defined as follows: - - -#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) - - + GetImageMetadataWithExtensions() retrieves metadata associated with an + image. This method is a superset of GetImageMetadata() with the addition of a list + of extensions as input parameter, which were overlaid on top of the main image via + AttachImageWithExtensions(). The path of each extension and an array of bytes with + the content of the respective extension-release file are returned, one such structure for each + extension named in the input arguments. GetImageState() retrieves the image state as one of the following strings: @@ -340,6 +334,7 @@ node /org/freedesktop/portable1 { in t flags, out s image, out ay os_release, + out a{say} extensions, out a{say} units); GetState(out s state); Attach(in as matches, diff --git a/src/portable/portable.h b/src/portable/portable.h index a0704f971b1..dff87857b31 100644 --- a/src/portable/portable.h +++ b/src/portable/portable.h @@ -21,14 +21,13 @@ typedef struct PortableMetadata { #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) typedef enum PortableFlags { - PORTABLE_RUNTIME = 1 << 0, - PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ - PORTABLE_PREFER_COPY = 1 << 2, - PORTABLE_PREFER_SYMLINK = 1 << 3, - PORTABLE_REATTACH = 1 << 4, - _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, + PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ + PORTABLE_PREFER_COPY = 1 << 1, + PORTABLE_PREFER_SYMLINK = 1 << 2, + PORTABLE_REATTACH = 1 << 3, + _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, _PORTABLE_TYPE_MAX, - _PORTABLE_TYPE_INVALID = -EINVAL, + _PORTABLE_TYPE_INVALID = -EINVAL, } PortableFlags; /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c index 3025720c5b7..ee9e3732dbc 100644 --- a/src/portable/portablectl.c +++ b/src/portable/portablectl.c @@ -260,7 +260,7 @@ static int maybe_reload(sd_bus **bus) { static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; + uint64_t flags = 0; const char *method; int r; @@ -362,71 +362,78 @@ static int inspect_image(int argc, char *argv[], void *userdata) { strna(pretty_os)); } - r = sd_bus_message_enter_container(reply, 'a', "{say}"); - if (r < 0) - return bus_log_parse_error(r); - - /* If we specified any extensions, we'll first get back exactly the - * paths (and extension-release content) for each one of the arguments. */ - for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { - const char *name; + if (!strv_isempty(arg_extension_images)) { + /* If we specified any extensions, we'll first get back exactly the paths (and + * extension-release content) for each one of the arguments. */ - r = sd_bus_message_enter_container(reply, 'e', "say"); + r = sd_bus_message_enter_container(reply, 'a', "{say}"); if (r < 0) return bus_log_parse_error(r); - if (r == 0) - break; - r = sd_bus_message_read(reply, "s", &name); - if (r < 0) - return bus_log_parse_error(r); + for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { + const char *name; - r = sd_bus_message_read_array(reply, 'y', &data, &sz); - if (r < 0) - return bus_log_parse_error(r); + r = sd_bus_message_enter_container(reply, 'e', "say"); + if (r < 0) + return bus_log_parse_error(r); + if (r == 0) + break; - if (arg_cat) { - if (nl) - fputc('\n', stdout); + r = sd_bus_message_read(reply, "s", &name); + if (r < 0) + return bus_log_parse_error(r); - printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); - fwrite(data, sz, 1, stdout); - fflush(stdout); - nl = true; - } else { - _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, - *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; - _cleanup_fclose_ FILE *f = NULL; - - f = fmemopen_unlocked((void*) data, sz, "re"); - if (!f) - return log_error_errno(errno, "Failed to open extension-release buffer: %m"); - - r = parse_env_file(f, name, - "ID", &id, - "VERSION_ID", &version_id, - "SYSEXT_SCOPE", &sysext_scope, - "SYSEXT_LEVEL", &sysext_level, - "PORTABLE_PRETTY_NAME", &pretty_portable, - "PORTABLE_PREFIXES", &portable_prefixes, - "PRETTY_NAME", &pretty_os); + r = sd_bus_message_read_array(reply, 'y', &data, &sz); + if (r < 0) + return bus_log_parse_error(r); + + if (arg_cat) { + if (nl) + fputc('\n', stdout); + + printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); + fwrite(data, sz, 1, stdout); + fflush(stdout); + nl = true; + } else { + _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, + *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; + _cleanup_fclose_ FILE *f = NULL; + + f = fmemopen_unlocked((void*) data, sz, "re"); + if (!f) + return log_error_errno(errno, "Failed to open extension-release buffer: %m"); + + r = parse_env_file(f, name, + "ID", &id, + "VERSION_ID", &version_id, + "SYSEXT_SCOPE", &sysext_scope, + "SYSEXT_LEVEL", &sysext_level, + "PORTABLE_PRETTY_NAME", &pretty_portable, + "PORTABLE_PREFIXES", &portable_prefixes, + "PRETTY_NAME", &pretty_os); + if (r < 0) + return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); + + printf("Extension:\n\t%s\n" + "\tExtension Scope:\n\t\t%s\n" + "\tExtension Compatibility Level:\n\t\t%s\n" + "\tPortable Service:\n\t\t%s\n" + "\tPortable Prefixes:\n\t\t%s\n" + "\tOperating System:\n\t\t%s (%s %s)\n", + name, + strna(sysext_scope), + strna(sysext_level), + strna(pretty_portable), + strna(portable_prefixes), + strna(pretty_os), + strna(id), + strna(version_id)); + } + + r = sd_bus_message_exit_container(reply); if (r < 0) - return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); - - printf("Extension:\n\t%s\n" - "\tExtension Scope:\n\t\t%s\n" - "\tExtension Compatibility Level:\n\t\t%s\n" - "\tPortable Service:\n\t\t%s\n" - "\tPortable Prefixes:\n\t\t%s\n" - "\tOperating System:\n\t\t%s (%s %s)\n", - name, - strna(sysext_scope), - strna(sysext_level), - strna(pretty_portable), - strna(portable_prefixes), - strna(pretty_os), - strna(id), - strna(version_id)); + return bus_log_parse_error(r); } r = sd_bus_message_exit_container(reply); @@ -434,6 +441,10 @@ static int inspect_image(int argc, char *argv[], void *userdata) { return bus_log_parse_error(r); } + r = sd_bus_message_enter_container(reply, 'a', "{say}"); + if (r < 0) + return bus_log_parse_error(r); + for (;;) { const char *name; @@ -764,18 +775,17 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) { if (r < 0) return bus_log_parse_error(r); - r = sd_bus_message_enter_container(reply, 'a', "{say}"); - if (r < 0) - return bus_log_parse_error(r); - - /* If we specified any extensions, we'll first get back exactly the - * paths (and extension-release content) for each one of the arguments. */ - for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { - r = sd_bus_message_skip(reply, "{say}"); + /* If we specified any extensions, we'll first an array of extension-release metadata. */ + if (!strv_isempty(arg_extension_images)) { + r = sd_bus_message_skip(reply, "a{say}"); if (r < 0) return bus_log_parse_error(r); } + r = sd_bus_message_enter_container(reply, 'a', "{say}"); + if (r < 0) + return bus_log_parse_error(r); + for (;;) { const char *name; diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c index 5b992d9df83..db71057bb30 100644 --- a/src/portable/portabled-bus.c +++ b/src/portable/portabled-bus.c @@ -420,6 +420,7 @@ const sd_bus_vtable manager_vtable[] = { "t", flags), SD_BUS_RESULT("s", image, "ay", os_release, + "a{say}", extensions, "a{say}", units), method_get_image_metadata, SD_BUS_VTABLE_UNPRIVILEGED), diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index 651fb2ea96d..7bbe4663fed 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -108,7 +108,6 @@ int bus_image_common_get_metadata( _cleanup_hashmap_free_ Hashmap *unit_files = NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; _cleanup_free_ PortableMetadata **sorted = NULL; - PortableFlags flags = 0; int r; assert(name_or_path || image); @@ -119,8 +118,10 @@ int bus_image_common_get_metadata( m = image->userdata; } - if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || - sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { + bool have_exti = sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || + sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions"); + + if (have_exti) { r = sd_bus_message_read_strv(message, &extension_images); if (r < 0) return r; @@ -130,8 +131,7 @@ int bus_image_common_get_metadata( if (r < 0) return r; - if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || - sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { + if (have_exti) { uint64_t input_flags = 0; r = sd_bus_message_read(message, "t", &input_flags); @@ -142,7 +142,6 @@ int bus_image_common_get_metadata( return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, "Invalid 'flags' parameter '%" PRIu64 "'", input_flags); - flags |= input_flags; } r = bus_image_acquire(m, @@ -186,16 +185,16 @@ int bus_image_common_get_metadata( if (r < 0) return r; - r = sd_bus_message_open_container(reply, 'a', "{say}"); - if (r < 0) - return r; - /* If it was requested, also send back the extension path and the content * of each extension-release file. Behind a flag, as it's an incompatible * change. */ - if (FLAGS_SET(flags, PORTABLE_INSPECT_EXTENSION_RELEASES)) { + if (have_exti) { PortableMetadata *extension_release; + r = sd_bus_message_open_container(reply, 'a', "{say}"); + if (r < 0) + return r; + ORDERED_HASHMAP_FOREACH(extension_release, extension_releases) { r = sd_bus_message_open_container(reply, 'e', "say"); @@ -214,8 +213,16 @@ int bus_image_common_get_metadata( if (r < 0) return r; } + + r = sd_bus_message_close_container(reply); + if (r < 0) + return r; } + r = sd_bus_message_open_container(reply, 'a', "{say}"); + if (r < 0) + return r; + for (size_t i = 0; i < hashmap_size(unit_files); i++) { r = sd_bus_message_open_container(reply, 'e', "say"); @@ -867,6 +874,7 @@ const sd_bus_vtable image_vtable[] = { "t", flags), SD_BUS_RESULT("s", image, "ay", os_release, + "a{say}", extensions, "a{say}", units), bus_image_method_get_metadata, SD_BUS_VTABLE_UNPRIVILEGED), From 042bf8d0e6caa31579d92b3a6d0b0d8bedb0889a Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 7 Mar 2022 16:20:42 +0000 Subject: [PATCH 250/703] TEST-29: do not pass -q to mk/unsquashfs, not supported on CentOS 8 (cherry picked from commit 963c560a2939c79ba9896280cb5660fea64c94cf) --- test/test-functions | 8 ++++---- test/units/testsuite-29.sh | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/test-functions b/test/test-functions index 09637eb4970..8bff5d8271d 100644 --- a/test/test-functions +++ b/test/test-functions @@ -607,7 +607,7 @@ ExecStart=sleep 120 EOF cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" - mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_0.raw" -noappend -quiet + mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_0.raw" -noappend veritysetup format "$oldinitdir/usr/share/minimal_0.raw" "$oldinitdir/usr/share/minimal_0.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_0.roothash" @@ -615,7 +615,7 @@ EOF rm "$initdir/usr/lib/systemd/system/minimal-app0-foo.service" cp "$initdir/usr/lib/systemd/system/minimal-app0.service" "$initdir/usr/lib/systemd/system/minimal-app0-bar.service" - mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" -noappend -quiet + mksquashfs "$initdir" "$oldinitdir/usr/share/minimal_1.raw" -noappend veritysetup format "$oldinitdir/usr/share/minimal_1.raw" "$oldinitdir/usr/share/minimal_1.verity" | \ grep '^Root hash:' | cut -f2 | tr -d '\n' >"$oldinitdir/usr/share/minimal_1.roothash" @@ -647,7 +647,7 @@ cat /usr/lib/extension-release.d/extension-release.app0 EOF chmod +x "$initdir/opt/script0.sh" echo MARKER=1 >"$initdir/usr/lib/systemd/system/some_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" -noappend -quiet + mksquashfs "$initdir" "$oldinitdir/usr/share/app0.raw" -noappend export initdir="$TESTDIR/app1" mkdir -p "$initdir/usr/lib/extension-release.d" "$initdir/usr/lib/systemd/system" "$initdir/opt" @@ -673,7 +673,7 @@ cat /usr/lib/extension-release.d/extension-release.app2 EOF chmod +x "$initdir/opt/script1.sh" echo MARKER=1 >"$initdir/usr/lib/systemd/system/other_file" - mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" -noappend -quiet + mksquashfs "$initdir" "$oldinitdir/usr/share/app1.raw" -noappend ) } diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 532d7ce641e..5dccad04f9b 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -47,8 +47,8 @@ portablectl list | grep -q -F "No images." # portablectl also works with directory paths rather than images -unsquashfs -q -dest /tmp/minimal_0 /usr/share/minimal_0.raw -unsquashfs -q -dest /tmp/minimal_1 /usr/share/minimal_1.raw +unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw +unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 minimal-app0 From 1072a9382b94bacd76decd9cb0ae601ef48e9939 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Mon, 7 Mar 2022 10:11:12 +0100 Subject: [PATCH 251/703] memory-id: Work-around incorrect "Number of slots" In some BIOSes, the "Number of slots or sockets available for Memory Devices in this array" is incorrectly set to the number of memory array that's populated. Work-around this problem by outputting the number of sockets after having parsed them so that consumers of this data can carry on expecting an accurate number in this property. This fixes the number of memory slots advertised for the HP Z600. See https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1686 (cherry picked from commit d48bf01636d322443f69845da2f40bea70317c92) --- src/udev/dmi_memory_id/dmi_memory_id.c | 16 +++++++++------- test/dmidecode-dumps/HP-Z600.bin.txt | 3 +-- .../dmidecode-dumps/Lenovo-ThinkPad-X280.bin.txt | 2 +- .../Lenovo-Thinkcentre-m720s.bin.txt | 2 +- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c index 67861cd3642..bae05b8ecdd 100644 --- a/src/udev/dmi_memory_id/dmi_memory_id.c +++ b/src/udev/dmi_memory_id/dmi_memory_id.c @@ -417,9 +417,9 @@ static void dmi_memory_device_size_detail( dmi_print_memory_size("MEMORY_DEVICE", attr_suffix, slot_num, code, MEMORY_SIZE_UNIT_BYTES); } -static void dmi_decode(const struct dmi_header *h) { +static void dmi_decode(const struct dmi_header *h, + unsigned *next_slot_num) { const uint8_t *data = h->data; - static unsigned next_slot_num = 0; unsigned slot_num; /* @@ -441,15 +441,14 @@ static void dmi_decode(const struct dmi_header *h) { dmi_print_memory_size("MEMORY_ARRAY", "MAX_CAPACITY", -1, DWORD(data + 0x07), MEMORY_SIZE_UNIT_KB); else if (h->length >= 0x17) dmi_print_memory_size("MEMORY_ARRAY", "MAX_CAPACITY", -1, QWORD(data + 0x0F), MEMORY_SIZE_UNIT_BYTES); - printf("MEMORY_ARRAY_NUM_DEVICES=%u\n", WORD(data + 0x0D)); break; case 17: /* 7.18 Memory Device */ - slot_num = next_slot_num; - next_slot_num++; + slot_num = *next_slot_num; + *next_slot_num = slot_num + 1; - log_debug("Memory Device"); + log_debug("Memory Device: %u", slot_num); if (h->length < 0x15) break; @@ -525,6 +524,7 @@ static void dmi_decode(const struct dmi_header *h) { static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) { const uint8_t *data = buf; + unsigned next_slot_num = 0; /* 4 is the length of an SMBIOS structure header */ for (uint16_t i = 0; (i < num || num == 0) && data + 4 <= buf + len; i++) { @@ -559,10 +559,12 @@ static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) { break; if (display) - dmi_decode(&h); + dmi_decode(&h, &next_slot_num); data = next; } + if (next_slot_num > 0) + printf("MEMORY_ARRAY_NUM_DEVICES=%u\n", next_slot_num); } static int dmi_table(int64_t base, uint32_t len, uint16_t num, const char *devmem, bool no_file_offset) { diff --git a/test/dmidecode-dumps/HP-Z600.bin.txt b/test/dmidecode-dumps/HP-Z600.bin.txt index d17fb8307fd..58af9ac0e2b 100644 --- a/test/dmidecode-dumps/HP-Z600.bin.txt +++ b/test/dmidecode-dumps/HP-Z600.bin.txt @@ -1,11 +1,9 @@ MEMORY_ARRAY_LOCATION=System Board Or Motherboard MEMORY_ARRAY_EC_TYPE=Multi-bit ECC MEMORY_ARRAY_MAX_CAPACITY=12884901888 -MEMORY_ARRAY_NUM_DEVICES=3 MEMORY_ARRAY_LOCATION=System Board Or Motherboard MEMORY_ARRAY_EC_TYPE=Multi-bit ECC MEMORY_ARRAY_MAX_CAPACITY=12884901888 -MEMORY_ARRAY_NUM_DEVICES=3 MEMORY_DEVICE_0_TOTAL_WIDTH=72 MEMORY_DEVICE_0_DATA_WIDTH=64 MEMORY_DEVICE_0_SIZE=8589934592 @@ -92,3 +90,4 @@ MEMORY_DEVICE_6_MANUFACTURER=Not Specified MEMORY_DEVICE_6_SERIAL_NUMBER=Not Specified MEMORY_DEVICE_6_ASSET_TAG=Not Specified MEMORY_DEVICE_6_PART_NUMBER=Not Specified +MEMORY_ARRAY_NUM_DEVICES=7 diff --git a/test/dmidecode-dumps/Lenovo-ThinkPad-X280.bin.txt b/test/dmidecode-dumps/Lenovo-ThinkPad-X280.bin.txt index 26a8faf5d80..d1c75e976cc 100644 --- a/test/dmidecode-dumps/Lenovo-ThinkPad-X280.bin.txt +++ b/test/dmidecode-dumps/Lenovo-ThinkPad-X280.bin.txt @@ -1,6 +1,5 @@ MEMORY_ARRAY_LOCATION=System Board Or Motherboard MEMORY_ARRAY_MAX_CAPACITY=34359738368 -MEMORY_ARRAY_NUM_DEVICES=2 MEMORY_DEVICE_0_TOTAL_WIDTH=64 MEMORY_DEVICE_0_DATA_WIDTH=64 MEMORY_DEVICE_0_SIZE=4294967296 @@ -31,3 +30,4 @@ MEMORY_DEVICE_1_ASSET_TAG=None MEMORY_DEVICE_1_RANK=1 MEMORY_DEVICE_1_CONFIGURED_SPEED_MTS=2400 MEMORY_DEVICE_1_CONFIGURED_VOLTAGE=1 +MEMORY_ARRAY_NUM_DEVICES=2 diff --git a/test/dmidecode-dumps/Lenovo-Thinkcentre-m720s.bin.txt b/test/dmidecode-dumps/Lenovo-Thinkcentre-m720s.bin.txt index c90af66a7ba..c9c3eda1c25 100644 --- a/test/dmidecode-dumps/Lenovo-Thinkcentre-m720s.bin.txt +++ b/test/dmidecode-dumps/Lenovo-Thinkcentre-m720s.bin.txt @@ -1,6 +1,5 @@ MEMORY_ARRAY_LOCATION=System Board Or Motherboard MEMORY_ARRAY_MAX_CAPACITY=68719476736 -MEMORY_ARRAY_NUM_DEVICES=4 MEMORY_DEVICE_0_TOTAL_WIDTH=64 MEMORY_DEVICE_0_DATA_WIDTH=64 MEMORY_DEVICE_0_SIZE=8589934592 @@ -65,3 +64,4 @@ MEMORY_DEVICE_3_CONFIGURED_SPEED_MTS=2400 MEMORY_DEVICE_3_MINIMUM_VOLTAGE=1 MEMORY_DEVICE_3_MAXIMUM_VOLTAGE=1 MEMORY_DEVICE_3_CONFIGURED_VOLTAGE=1 +MEMORY_ARRAY_NUM_DEVICES=4 From 5b7c7ed357b07cfabe80aa35edae171826884ac1 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 8 Mar 2022 22:13:37 +0000 Subject: [PATCH 252/703] core: do not return 'skipped' when Condition*= fail with StartUnitWithFlags() Backward incompatible change to avoid returning 'skipped' if a condition causes a job activation to be skipped when using StartUnitWithFlags(). Job results are broadcasted, so it is theoretically possible that existing software could get confused if they see this result. Replaces https://github.com/systemd/systemd/pull/22369 (cherry picked from commit ee3ae55e7537c716530b293c91f3fb9ae22a8049) --- man/org.freedesktop.systemd1.xml | 5 +---- src/core/dbus-unit.c | 4 ---- src/core/dbus-unit.h | 2 +- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 6781f8df51f..8211e421924 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1193,10 +1193,7 @@ node /org/freedesktop/systemd1 { StartUnitWithFlags() is similar to StartUnit() but allows the caller to pass an extra flags parameter, which does not support any - flags for now, and is reserved for future extensions. The new method also changes the behaviour - of the JobRemoved signal and make it return skipped in case - the unit activation job is skipped because a Condition*= is not satisfied. - With the StartUnit method, done would be returned instead. + flags for now, and is reserved for future extensions. StopUnit() is similar to StartUnit() but stops the specified unit rather than starting it. Note that the isolate mode is invalid for this diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index 1128c42ad94..a7aac798c66 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -417,10 +417,6 @@ int bus_unit_method_start_generic( return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, "Invalid 'flags' parameter '%" PRIu64 "'", input_flags); - - /* The new method unconditionally uses the new behaviour of returning 'skip' when - * a job is skipped. */ - job_flags |= BUS_UNIT_QUEUE_RETURN_SKIP_ON_CONDITION_FAIL; } r = bus_verify_manage_units_async_full( diff --git a/src/core/dbus-unit.h b/src/core/dbus-unit.h index ccb379cee55..ab7787ce466 100644 --- a/src/core/dbus-unit.h +++ b/src/core/dbus-unit.h @@ -31,7 +31,7 @@ int bus_unit_method_thaw(sd_bus_message *message, void *userdata, sd_bus_error * typedef enum BusUnitQueueFlags { BUS_UNIT_QUEUE_RELOAD_IF_POSSIBLE = 1 << 0, BUS_UNIT_QUEUE_VERBOSE_REPLY = 1 << 1, - BUS_UNIT_QUEUE_RETURN_SKIP_ON_CONDITION_FAIL = 1 << 2, + BUS_UNIT_QUEUE_RETURN_SKIP_ON_CONDITION_FAIL = 1 << 2, // FIXME: currently not used, will be changed soon } BusUnitQueueFlags; int bus_unit_queue_job_one( From 397ede8dcd29f35350c015f1d945e50c88476a93 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 26 Jan 2022 20:54:39 +0900 Subject: [PATCH 253/703] wait-online: rename Manager elements (cherry picked from commit 5f200833ed0754adaba548b0b617f6c192615acd) --- src/network/wait-online/link.c | 4 ++-- src/network/wait-online/manager.c | 33 ++++++++++++++++++------------- src/network/wait-online/manager.h | 8 ++++---- 3 files changed, 25 insertions(+), 20 deletions(-) diff --git a/src/network/wait-online/link.c b/src/network/wait-online/link.c index 5a33d563c24..0f5f68e765b 100644 --- a/src/network/wait-online/link.c +++ b/src/network/wait-online/link.c @@ -32,7 +32,7 @@ int link_new(Manager *m, Link **ret, int ifindex, const char *ifname) { .required_operstate = LINK_OPERSTATE_RANGE_DEFAULT, }; - r = hashmap_ensure_put(&m->links, NULL, INT_TO_PTR(ifindex), l); + r = hashmap_ensure_put(&m->links_by_index, NULL, INT_TO_PTR(ifindex), l); if (r < 0) return r; @@ -53,7 +53,7 @@ Link *link_free(Link *l) { return NULL; if (l->manager) { - hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); + hashmap_remove(l->manager->links_by_index, INT_TO_PTR(l->ifindex)); hashmap_remove(l->manager->links_by_name, l->ifname); } diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c index 3890e92b61c..2c6f263499c 100644 --- a/src/network/wait-online/manager.c +++ b/src/network/wait-online/manager.c @@ -21,14 +21,15 @@ static bool manager_ignore_link(Manager *m, Link *link) { return true; /* if interfaces are given on the command line, ignore all others */ - if (m->interfaces && !hashmap_contains(m->interfaces, link->ifname)) + if (m->command_line_interfaces_by_name && + !hashmap_contains(m->command_line_interfaces_by_name, link->ifname)) return true; if (!link->required_for_online) return true; /* ignore interfaces we explicitly are asked to ignore */ - return strv_fnmatch(m->ignore, link->ifname); + return strv_fnmatch(m->ignored_interfaces, link->ifname); } static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange s) { @@ -99,14 +100,14 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange bool manager_configured(Manager *m) { bool one_ready = false; const char *ifname; - void *p; Link *l; int r; - if (!hashmap_isempty(m->interfaces)) { + if (!hashmap_isempty(m->command_line_interfaces_by_name)) { + LinkOperationalStateRange *range; + /* wait for all the links given on the command line to appear */ - HASHMAP_FOREACH_KEY(p, ifname, m->interfaces) { - LinkOperationalStateRange *range = p; + HASHMAP_FOREACH_KEY(range, ifname, m->command_line_interfaces_by_name) { l = hashmap_get(m->links_by_name, ifname); if (!l && range->min == LINK_OPERSTATE_MISSING) { @@ -137,7 +138,7 @@ bool manager_configured(Manager *m) { /* wait for all links networkd manages to be in admin state 'configured' * and at least one link to gain a carrier */ - HASHMAP_FOREACH(l, m->links) { + HASHMAP_FOREACH(l, m->links_by_index) { if (manager_ignore_link(m, l)) { log_link_debug(l, "link is ignored"); continue; @@ -189,7 +190,7 @@ static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void * return 0; } - l = hashmap_get(m->links, INT_TO_PTR(ifindex)); + l = hashmap_get(m->links_by_index, INT_TO_PTR(ifindex)); switch (type) { @@ -292,7 +293,7 @@ static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void * sd_network_monitor_flush(m->network_monitor); - HASHMAP_FOREACH(l, m->links) { + HASHMAP_FOREACH(l, m->links_by_index) { r = link_update_monitor(l); if (r < 0 && r != -ENODATA) log_link_warning_errno(l, r, "Failed to update link state, ignoring: %m"); @@ -329,10 +330,14 @@ static int manager_network_monitor_listen(Manager *m) { return 0; } -int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, +int manager_new(Manager **ret, + Hashmap *command_line_interfaces_by_name, + char **ignored_interfaces, LinkOperationalStateRange required_operstate, AddressFamily required_family, - bool any, usec_t timeout) { + bool any, + usec_t timeout) { + _cleanup_(manager_freep) Manager *m = NULL; int r; @@ -343,8 +348,8 @@ int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, return -ENOMEM; *m = (Manager) { - .interfaces = interfaces, - .ignore = ignore, + .command_line_interfaces_by_name = command_line_interfaces_by_name, + .ignored_interfaces = ignored_interfaces, .required_operstate = required_operstate, .required_family = required_family, .any = any, @@ -382,7 +387,7 @@ Manager* manager_free(Manager *m) { if (!m) return NULL; - hashmap_free_with_destructor(m->links, link_free); + hashmap_free_with_destructor(m->links_by_index, link_free); hashmap_free(m->links_by_name); sd_event_source_unref(m->network_monitor_event_source); diff --git a/src/network/wait-online/manager.h b/src/network/wait-online/manager.h index f2e091638c4..01ad18f8f62 100644 --- a/src/network/wait-online/manager.h +++ b/src/network/wait-online/manager.h @@ -13,12 +13,12 @@ typedef struct Manager Manager; typedef struct Link Link; struct Manager { - Hashmap *links; + Hashmap *links_by_index; Hashmap *links_by_name; /* Do not free the two members below. */ - Hashmap *interfaces; - char **ignore; + Hashmap *command_line_interfaces_by_name; + char **ignored_interfaces; LinkOperationalStateRange required_operstate; AddressFamily required_family; @@ -34,7 +34,7 @@ struct Manager { }; Manager* manager_free(Manager *m); -int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, +int manager_new(Manager **ret, Hashmap *command_line_interfaces_by_name, char **ignored_interfaces, LinkOperationalStateRange required_operstate, AddressFamily required_family, bool any, usec_t timeout); From 056fcd4e318aa664bd36950bf6c2dae4647c96c7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 26 Jan 2022 16:48:08 +0900 Subject: [PATCH 254/703] wait-online: make manager_link_is_online() return 0 when in unmanaged state Previously, even if a link is in unmanaged state, the function may returns positive value. So, even if all managed links are in the configured sate but do not satisfy the online criteria, e.g., IPv4 address state, then wait-online finishes with positive value. This makes the function always return 0 for unmanaged state. So, at least one managed link must satisfies the online criteria. This also adds more comments and debugging logs. Fixes #22246. (cherry picked from commit cd7fcda54333dc95116a434cffc591f21edddbb2) --- src/network/wait-online/manager.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c index 2c6f263499c..6656813f39b 100644 --- a/src/network/wait-online/manager.c +++ b/src/network/wait-online/manager.c @@ -45,13 +45,29 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange * 0: operstate is not enough * 1: online */ - if (!l->state) + if (!l->state || streq(l->state, "pending")) + /* If no state string exists, networkd (and possibly also udevd) has not detected the + * interface yet, that mean we cannot determine whether the interface is managed or + * not. Hence, return negative value. + * If the link is in pending state, then udevd has not processed the link, and networkd + * has not tried to find .network file for the link. Hence, return negative value. */ return log_link_debug_errno(l, SYNTHETIC_ERRNO(EAGAIN), - "link has not yet been processed by udev"); + "link has not yet been processed by udev: setup state is %s.", + strna(l->state)); + + if (streq(l->state, "unmanaged")) { + /* If the link is in unmanaged state, then ignore the interface unless the interface is + * specified in '--interface/-i' option. */ + if (!hashmap_contains(m->command_line_interfaces_by_name, l->ifname)) { + log_link_debug(l, "link is not managed by networkd (yet?)."); + return 0; + } - if (STR_IN_SET(l->state, "configuring", "pending")) + } else if (!streq(l->state, "configured")) + /* If the link is in non-configured state, return negative value here. */ return log_link_debug_errno(l, SYNTHETIC_ERRNO(EAGAIN), - "link is being processed by networkd"); + "link is being processed by networkd: setup state is %s.", + l->state); if (s.min < 0) s.min = m->required_operstate.min >= 0 ? m->required_operstate.min @@ -94,6 +110,7 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange } } + log_link_debug(l, "link is confiured by networkd and online."); return 1; } From 037160fc69b9490f37c917b76befecdf233b77b8 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 31 Jan 2022 22:17:48 +0100 Subject: [PATCH 255/703] network: s/confiured/configured/ A quick typo fix I noticed whilst debugging. (cherry picked from commit e3d1ffcc48dfc72b44f4b63ebe25256698b23958) --- src/network/wait-online/manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c index 6656813f39b..093622270db 100644 --- a/src/network/wait-online/manager.c +++ b/src/network/wait-online/manager.c @@ -110,7 +110,7 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange } } - log_link_debug(l, "link is confiured by networkd and online."); + log_link_debug(l, "link is configured by networkd and online."); return 1; } From c3aead556847dd2694d559620123b65ff16afe8c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 6 Mar 2022 21:36:19 -0700 Subject: [PATCH 256/703] random-util: unify RANDOM_ALLOW_INSECURE and !RANDOM_BLOCK and simplify RANDOM_BLOCK has existed for a long time, but RANDOM_ALLOW_INSECURE was added more recently, leading to an awkward relationship between the two. It turns out that only one, RANDOM_BLOCK, is needed. RANDOM_BLOCK means return cryptographically secure numbers no matter what. If it's not set, it means try to do that, but if it fails, fall back to using unseeded randomness. This part of falling back to unseeded randomness is the intent of GRND_INSECURE, which is what RANDOM_ALLOW_INSECURE previously aliased. Rather than having an additional flag for that, it makes more sense to just use it whenever RANDOM_BLOCK is not set. This saves us the overhead of having to open up /dev/urandom. Additionally, when getrandom returns too little data, but not zero data, we currently fall back to using /dev/urandom if RANDOM_BLOCK is not set. This doesn't quite make sense, because if getrandom returned seeded data once, then it will forever after return the same thing as whatever /dev/urandom does. So in that case, we should just loop again. Since there's never really a time where /dev/urandom is able to return some easily but more with difficulty, we can also get rid of RANDOM_EXTEND_WITH_PSEUDO. Once the RNG is initialized, bytes should just flow normally. This also makes RANDOM_MAY_FAIL obsolete, because the only case this ran was where we'd fall back to /dev/urandom on old kernels and return GRND_INSECURE bytes on new kernels. So also get rid of that flag. Finally, since we're always able to use GRND_INSECURE on newer kernels, and we only fall back to /dev/urandom on older kernels, also only fall back to using RDRAND on those older kernels. There, the only reason to have RDRAND is to avoid a kmsg entry about unseeded randomness. The result of this commit is that we now cascade like this: - Use getrandom(0) if RANDOM_BLOCK. - Use getrandom(GRND_INSECURE) if !RANDOM_BLOCK. - Use /dev/urandom if !RANDOM_BLOCK and no GRND_INSECURE support. - Use /dev/urandom if no getrandom() support. - Use RDRAND if we would use /dev/urandom for any of the above reasons and RANDOM_ALLOW_RDRAND is set. (cherry picked from commit 31234fbeec1c4a8e500106dff4779ccaa5baef83) --- src/basic/random-util.c | 139 +++++++++++------------------------- src/basic/random-util.h | 7 +- src/test/test-random-util.c | 2 - 3 files changed, 44 insertions(+), 104 deletions(-) diff --git a/src/basic/random-util.c b/src/basic/random-util.c index e117330857c..227b82f7903 100644 --- a/src/basic/random-util.c +++ b/src/basic/random-util.c @@ -160,93 +160,35 @@ int rdrand(unsigned long *ret) { int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { static int have_syscall = -1; _cleanup_close_ int fd = -1; - bool got_some = false; + + if (FLAGS_SET(flags, RANDOM_BLOCK | RANDOM_ALLOW_RDRAND)) + return -EINVAL; /* Gathers some high-quality randomness from the kernel (or potentially mid-quality randomness from * the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't block, unless the RANDOM_BLOCK - * flag is set. If RANDOM_MAY_FAIL is set, an error is returned if the random pool is not - * initialized. Otherwise it will always return some data from the kernel, regardless of whether the - * random pool is fully initialized or not. If RANDOM_EXTEND_WITH_PSEUDO is set, and some but not - * enough better quality randomness could be acquired, the rest is filled up with low quality - * randomness. - * - * Of course, when creating cryptographic key material you really shouldn't use RANDOM_ALLOW_DRDRAND - * or even RANDOM_EXTEND_WITH_PSEUDO. - * - * When generating UUIDs it's fine to use RANDOM_ALLOW_RDRAND but not OK to use - * RANDOM_EXTEND_WITH_PSEUDO. In fact RANDOM_EXTEND_WITH_PSEUDO is only really fine when invoked via - * an "all bets are off" wrapper, such as random_bytes(), see below. */ + * flag is set. If it doesn't block, it will still always return some data from the kernel, regardless + * of whether the random pool is fully initialized or not. When creating cryptographic key material you + * should always use RANDOM_BLOCK. */ if (n == 0) return 0; - if (FLAGS_SET(flags, RANDOM_ALLOW_RDRAND)) - /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is - * not required, as we don't trust it (who does?). Note that we only do a single iteration of - * RDRAND here, even though the Intel docs suggest calling this in a tight loop of 10 - * invocations or so. That's because we don't really care about the quality here. We - * generally prefer using RDRAND if the caller allows us to, since this way we won't upset - * the kernel's random subsystem by accessing it before the pool is initialized (after all it - * will kmsg log about every attempt to do so). */ - for (;;) { - unsigned long u; - size_t m; - - if (rdrand(&u) < 0) { - if (got_some && FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { - /* Fill in the remaining bytes using pseudo-random values */ - pseudo_random_bytes(p, n); - return 0; - } - - /* OK, this didn't work, let's go to getrandom() + /dev/urandom instead */ - break; - } - - m = MIN(sizeof(u), n); - memcpy(p, &u, m); - - p = (uint8_t*) p + m; - n -= m; - - if (n == 0) - return 0; /* Yay, success! */ - - got_some = true; - } - /* Use the getrandom() syscall unless we know we don't have it. */ if (have_syscall != 0 && !HAS_FEATURE_MEMORY_SANITIZER) { - for (;;) { - ssize_t l; - l = getrandom(p, n, - (FLAGS_SET(flags, RANDOM_BLOCK) ? 0 : GRND_NONBLOCK) | - (FLAGS_SET(flags, RANDOM_ALLOW_INSECURE) ? GRND_INSECURE : 0)); + ssize_t l = getrandom(p, n, FLAGS_SET(flags, RANDOM_BLOCK) ? 0 : GRND_INSECURE); + if (l > 0) { have_syscall = true; if ((size_t) l == n) return 0; /* Yay, success! */ + /* We didn't get enough data, so try again */ assert((size_t) l < n); p = (uint8_t*) p + l; n -= l; - - if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { - /* Fill in the remaining bytes using pseudo-random values */ - pseudo_random_bytes(p, n); - return 0; - } - - got_some = true; - - /* Hmm, we didn't get enough good data but the caller insists on good data? Then try again */ - if (FLAGS_SET(flags, RANDOM_BLOCK)) - continue; - - /* Fill in the rest with /dev/urandom */ - break; + continue; } else if (l == 0) { have_syscall = true; @@ -257,41 +199,44 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { have_syscall = false; break; - } else if (errno == EAGAIN) { - /* The kernel has no entropy whatsoever. Let's remember to use the syscall - * the next time again though. - * - * If RANDOM_MAY_FAIL is set, return an error so that random_bytes() can - * produce some pseudo-random bytes instead. Otherwise, fall back to - * /dev/urandom, which we know is empty, but the kernel will produce some - * bytes for us on a best-effort basis. */ - have_syscall = true; + } else if (errno == EINVAL) { + /* If we previously passed GRND_INSECURE, and this flag isn't known, then + * we're likely running an old kernel which has getrandom() but not + * GRND_INSECURE. In this case, fall back to /dev/urandom. */ + if (!FLAGS_SET(flags, RANDOM_BLOCK)) + break; - if (got_some && FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { - /* Fill in the remaining bytes using pseudorandom values */ - pseudo_random_bytes(p, n); - return 0; - } + return -errno; + } else + return -errno; + } + } - if (FLAGS_SET(flags, RANDOM_MAY_FAIL)) - return -ENODATA; + if (FLAGS_SET(flags, RANDOM_ALLOW_RDRAND)) { + /* Try x86-64' RDRAND intrinsic if we have it. We only use it if high quality randomness is + * not required, as we don't trust it (who does?). Note that we only do a single iteration of + * RDRAND here, even though the Intel docs suggest calling this in a tight loop of 10 + * invocations or so. That's because we don't really care about the quality here. We + * generally prefer using RDRAND if the caller allows us to, since this way we won't upset + * the kernel's random subsystem by accessing it before the pool is initialized (after all it + * will kmsg log about every attempt to do so). */ + for (;;) { + unsigned long u; + size_t m; - /* Use /dev/urandom instead */ + if (rdrand(&u) < 0) { + /* OK, this didn't work, let's go with /dev/urandom instead */ break; + } - } else if (errno == EINVAL) { - - /* Most likely: unknown flag. We know that GRND_INSECURE might cause this, - * hence try without. */ + m = MIN(sizeof(u), n); + memcpy(p, &u, m); - if (FLAGS_SET(flags, RANDOM_ALLOW_INSECURE)) { - flags = flags &~ RANDOM_ALLOW_INSECURE; - continue; - } + p = (uint8_t*) p + m; + n -= m; - return -errno; - } else - return -errno; + if (n == 0) + return 0; /* Yay, success! */ } } @@ -421,7 +366,7 @@ void random_bytes(void *p, size_t n) { * This function is hence not useful for generating UUIDs or cryptographic key material. */ - if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_MAY_FAIL|RANDOM_ALLOW_RDRAND|RANDOM_ALLOW_INSECURE) >= 0) + if (genuine_random_bytes(p, n, RANDOM_ALLOW_RDRAND) >= 0) return; /* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */ diff --git a/src/basic/random-util.h b/src/basic/random-util.h index e6528ddc7fe..99f6c73914c 100644 --- a/src/basic/random-util.h +++ b/src/basic/random-util.h @@ -6,11 +6,8 @@ #include typedef enum RandomFlags { - RANDOM_EXTEND_WITH_PSEUDO = 1 << 0, /* If we can't get enough genuine randomness, but some, fill up the rest with pseudo-randomness */ - RANDOM_BLOCK = 1 << 1, /* Rather block than return crap randomness (only if the kernel supports that) */ - RANDOM_MAY_FAIL = 1 << 2, /* If we can't get any randomness at all, return early with -ENODATA */ - RANDOM_ALLOW_RDRAND = 1 << 3, /* Allow usage of the CPU RNG */ - RANDOM_ALLOW_INSECURE = 1 << 4, /* Allow usage of GRND_INSECURE flag to kernel's getrandom() API */ + RANDOM_BLOCK = 1 << 0, /* Rather block than return crap randomness (only if the kernel supports that) */ + RANDOM_ALLOW_RDRAND = 1 << 1, /* Allow usage of the CPU RNG */ } RandomFlags; int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled up with pseudo random, if not enough is available */ diff --git a/src/test/test-random-util.c b/src/test/test-random-util.c index 2b09a4513a7..3426d606f41 100644 --- a/src/test/test-random-util.c +++ b/src/test/test-random-util.c @@ -24,11 +24,9 @@ static void test_genuine_random_bytes_one(RandomFlags flags) { } TEST(genuine_random_bytes) { - test_genuine_random_bytes_one(RANDOM_EXTEND_WITH_PSEUDO); test_genuine_random_bytes_one(0); test_genuine_random_bytes_one(RANDOM_BLOCK); test_genuine_random_bytes_one(RANDOM_ALLOW_RDRAND); - test_genuine_random_bytes_one(RANDOM_ALLOW_INSECURE); } TEST(pseudo_random_bytes) { From d5b871bdfe0585f44f87beb0ea661b46bd9eb122 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Thu, 17 Mar 2022 11:04:58 +0000 Subject: [PATCH 257/703] test: increase image size From v251 we split libsystemd-core to save disk space, but until then we need larger images for the integration tests. --- test/test-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-functions b/test/test-functions index 8bff5d8271d..37c1402c358 100644 --- a/test/test-functions +++ b/test/test-functions @@ -1228,7 +1228,7 @@ create_empty_image() { exit 1 fi - local size=500 + local size=750 if ! get_bool "$NO_BUILD"; then if meson configure "${BUILD_DIR:?}" | grep 'static-lib\|standalone-binaries' | awk '{ print $2 }' | grep -q 'true'; then size=$((size+=200)) From 88b4e8f74ed981000ded8e23ead930a6f68eebc8 Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Sat, 15 Jan 2022 17:33:25 +0100 Subject: [PATCH 258/703] resolved: Fix DoT timeout on multiple answer records When sending multiple DNS questions to a DNS-over-TLS server (e.g. a question for A and AAAA records, as is typical) on the same session, the server may answer to each question in a separate TLS record, but it may also aggregate multiple answers in a single TLS record. (Some servers do this very often (e.g. Cloudflare 1.0.0.1), some do it sometimes (e.g. Google 8.8.8.8) and some seem to never do it (e.g. Quad9 9.9.9.10)). Both cases should be handled equivalently, as the byte stream is the same, but when multiple answers came in a single TLS record, usually the first answer was processed, but the second answer was entirely ignored, which caused a 10s delay until the resolution timed out and the missing question was retried. This can be reproduced by configuring one of the offending server and running `resolvectl query google.com --cache=no` a few times. To be notified of incoming data, systemd-resolved listens to `EPOLLIN` events on the underlying socket. However, when DNS-over-TLS is used, the TLS library (OpenSSL or GnuTLS) may read and buffer the entire TLS record when reading the first answer, so usually no further `EPOLLIN` events will be generated, and the second answer will never be processed. To avoid this, if there's buffered TLS data, generate a "fake" EPOLLIN event. This is hacky, but it makes this case transparent to the rest of the IO code. (cherry picked from commit 2aaf6bb6e99b0f2bd73e0c49bef9e11a2844bf1a) --- src/resolve/resolved-dns-stream.c | 45 +++++++++++++++++++++++++-- src/resolve/resolved-dnstls-gnutls.c | 8 +++++ src/resolve/resolved-dnstls-openssl.c | 8 +++++ src/resolve/resolved-dnstls.h | 2 ++ 4 files changed, 61 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index f48e2a80298..51ffa6b4b05 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -6,6 +6,7 @@ #include "alloc-util.h" #include "fd-util.h" #include "io-util.h" +#include "macro.h" #include "missing_network.h" #include "resolved-dns-stream.h" #include "resolved-manager.h" @@ -280,13 +281,15 @@ static int on_stream_timeout(sd_event_source *es, usec_t usec, void *userdata) { return dns_stream_complete(s, ETIMEDOUT); } -static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *userdata) { - _cleanup_(dns_stream_unrefp) DnsStream *s = dns_stream_ref(userdata); /* Protect stream while we process it */ +static int on_stream_io_impl(DnsStream *s, uint32_t revents) { bool progressed = false; int r; assert(s); + /* This returns 1 when possible remaining stream exists, 0 on completed + stream or recoverable error, and negative errno on failure. */ + #if ENABLE_DNS_OVER_TLS if (s->encrypted) { r = dnstls_stream_on_io(s, revents); @@ -441,6 +444,44 @@ static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *use log_warning_errno(errno, "Couldn't restart TCP connection timeout, ignoring: %m"); } + return 1; +} + +static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *userdata) { + _cleanup_(dns_stream_unrefp) DnsStream *s = dns_stream_ref(userdata); /* Protect stream while we process it */ + int r; + + assert(s); + + r = on_stream_io_impl(s, revents); + if (r <= 0) + return r; + +#if ENABLE_DNS_OVER_TLS + if (!s->encrypted) + return 0; + + /* When using DNS-over-TLS, the underlying TLS library may read the entire TLS record + and buffer it internally. If this happens, we will not receive further EPOLLIN events, + and unless there's some unrelated activity on the socket, we will hang until time out. + To avoid this, if there's buffered TLS data, generate a "fake" EPOLLIN event. + This is hacky, but it makes this case transparent to the rest of the IO code. */ + while (dnstls_stream_has_buffered_data(s)) { + uint32_t events; + + /* Make sure the stream still wants to process more data... */ + r = sd_event_source_get_io_events(s->io_event_source, &events); + if (r < 0) + return r; + if (!FLAGS_SET(events, EPOLLIN)) + break; + + r = on_stream_io_impl(s, EPOLLIN); + if (r <= 0) + return r; + } +#endif + return 0; } diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c index e7ccba934e5..8610cacab67 100644 --- a/src/resolve/resolved-dnstls-gnutls.c +++ b/src/resolve/resolved-dnstls-gnutls.c @@ -211,6 +211,14 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { return ss; } +bool dnstls_stream_has_buffered_data(DnsStream *stream) { + assert(stream); + assert(stream->encrypted); + assert(stream->dnstls_data.session); + + return gnutls_record_check_pending(stream->dnstls_data.session) > 0; +} + void dnstls_server_free(DnsServer *server) { assert(server); diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index cba3f14f2d9..7d264dd3673 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -367,6 +367,14 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { return ss; } +bool dnstls_stream_has_buffered_data(DnsStream *stream) { + assert(stream); + assert(stream->encrypted); + assert(stream->dnstls_data.ssl); + + return SSL_has_pending(stream->dnstls_data.ssl) > 0; +} + void dnstls_server_free(DnsServer *server) { assert(server); diff --git a/src/resolve/resolved-dnstls.h b/src/resolve/resolved-dnstls.h index b638d61ec7a..ed214dc6c46 100644 --- a/src/resolve/resolved-dnstls.h +++ b/src/resolve/resolved-dnstls.h @@ -3,6 +3,7 @@ #if ENABLE_DNS_OVER_TLS +#include #include typedef struct DnsServer DnsServer; @@ -28,6 +29,7 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents); int dnstls_stream_shutdown(DnsStream *stream, int error); ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count); ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count); +bool dnstls_stream_has_buffered_data(DnsStream *stream); void dnstls_server_free(DnsServer *server); From f447648ae4fc1be306f51b6798e3c4c1455d4af1 Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Sun, 23 Jan 2022 17:08:12 +0100 Subject: [PATCH 259/703] resolved: Test for DnsStream (plain TCP DNS and DoT) Tests DnsStream event handling, both for plain TCP DNS and DNS over TLS. The DoT test requires the "openssl s_server" command line tool to mock a simple TLS server. Thus the test's TLS part is skipped if openssl it not available. The test works for both DNS_OVER_TLS_USE_GNUTLS and DNS_OVER_TLS_USE_OPENSSL. The DoT case fails due to a bug, which is fixed on the next commit. (cherry picked from commit 726bcd81b965afa3c9cc71f6c7a81b1eefb4bcf5) --- src/resolve/meson.build | 11 +- src/resolve/test-resolved-stream.c | 342 +++++++++++++++++++++++++++++ test/test-resolve/selfsigned.cert | 32 +++ test/test-resolve/selfsigned.key | 52 +++++ 4 files changed, 436 insertions(+), 1 deletion(-) create mode 100644 src/resolve/test-resolved-stream.c create mode 100644 test/test-resolve/selfsigned.cert create mode 100644 test/test-resolve/selfsigned.key diff --git a/src/resolve/meson.build b/src/resolve/meson.build index 770ed77cf5a..b78502c466e 100644 --- a/src/resolve/meson.build +++ b/src/resolve/meson.build @@ -70,7 +70,6 @@ systemd_resolved_sources = files( 'resolved-socket-graveyard.h', 'resolved-varlink.c', 'resolved-varlink.h', - 'resolved.c', ) resolvectl_sources = files( @@ -202,6 +201,14 @@ tests += [ [lib_openssl_or_gcrypt, libm]], + [['src/resolve/test-resolved-stream.c'] + + basic_dns_sources + systemd_resolved_sources, + [libshared], + [lib_openssl_or_gcrypt, + libm] + + systemd_resolved_dependencies, + resolve_includes], + [['src/resolve/test-dnssec.c'], [libsystemd_resolve_core, libshared], @@ -224,3 +231,5 @@ fuzzers += [ [lib_openssl_or_gcrypt, libm]], ] + +systemd_resolved_sources += files('resolved.c') diff --git a/src/resolve/test-resolved-stream.c b/src/resolve/test-resolved-stream.c new file mode 100644 index 00000000000..fd7ade19d1e --- /dev/null +++ b/src/resolve/test-resolved-stream.c @@ -0,0 +1,342 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fd-util.h" +#include "log.h" +#include "process-util.h" +#include "resolved-dns-packet.h" +#include "resolved-dns-question.h" +#include "resolved-dns-rr.h" +#if ENABLE_DNS_OVER_TLS +#include "resolved-dnstls.h" +#endif +#include "resolved-dns-server.h" +#include "resolved-dns-stream.h" +#include "resolved-manager.h" +#include "sd-event.h" +#include "sparse-endian.h" +#include "tests.h" + +static struct sockaddr_in SERVER_ADDRESS; + +/* Bytes of the questions & answers used in the test, including TCP DNS 2-byte length prefix */ +static const uint8_t QUESTION_A[] = { + 0x00, 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 'e', + 'x' , 'a' , 'm' , 'p' , 'l' , 'e' , 0x03, 'c' , 'o' , 'm' , 0x00, 0x00, 0x01, 0x00, 0x01 +}; +static const uint8_t QUESTION_AAAA[] = { + 0x00, 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 'e', + 'x' , 'a' , 'm' , 'p' , 'l' , 'e' , 0x03, 'c' , 'o' , 'm' , 0x00, 0x00, 0x1C, 0x00, 0x01 +}; +static const uint8_t ANSWER_A[] = { + 0x00, 0x2D, 0x00, 0x00, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x07, 'e', + 'x' , 'a' , 'm' , 'p' , 'l' , 'e' , 0x03, 'c' , 'o' , 'm' , 0x00, 0x00, 0x01, 0x00, 0x01, 0xC0, + 0x0C, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x52, 0x8D, 0x00, 0x04, 0x5D, 0xB8, 0xD8, 0x22, +}; +static const uint8_t ANSWER_AAAA[] = { + 0x00, 0x39, 0x00, 0x00, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x07, 'e', + 'x' , 'a' , 'm' , 'p' , 'l' , 'e' , 0x03, 'c' , 'o' , 'm' , 0x00, 0x00, 0x1C, 0x00, 0x01, 0xC0, + 0x0C, 0x00, 0x1C, 0x00, 0x01, 0x00, 0x00, 0x54, 0x4B, 0x00, 0x10, 0x26, 0x06, 0x28, 0x00, 0x02, + 0x20, 0x00, 0x01, 0x02, 0x48, 0x18, 0x93, 0x25, 0xC8, 0x19, 0x46, +}; + +/** + * A mock TCP DNS server that asserts certain questions are received + * and replies with the same answer every time. + */ +static void receive_and_check_question(int fd, const uint8_t *expected_question, + size_t question_size) { + uint8_t *actual_question; + size_t n_read = 0; + + actual_question = newa(uint8_t, question_size); + while (n_read < question_size) { + ssize_t r = read(fd, actual_question + n_read, question_size - n_read); + assert_se(r >= 0); + n_read += (size_t)r; + } + assert_se(n_read == question_size); + + assert_se(memcmp(expected_question, actual_question, question_size) == 0); +} + +static void send_answer(int fd, const uint8_t *answer, size_t answer_size) { + assert_se(write(fd, answer, answer_size) == (ssize_t)answer_size); +} + +/* Sends two answers together in a single write operation, + * so they hopefully end up in a single TCP packet / TLS record */ +static void send_answers_together(int fd, + const uint8_t *answer1, size_t answer1_size, + const uint8_t *answer2, size_t answer2_size) { + uint8_t *answer; + size_t answer_size = answer1_size + answer2_size; + + answer = newa(uint8_t, answer_size); + memcpy(answer, answer1, answer1_size); + memcpy(answer + answer1_size, answer2, answer2_size); + assert_se(write(fd, answer, answer_size) == (ssize_t)answer_size); +} + +static void server_handle(int fd) { + receive_and_check_question(fd, QUESTION_A, sizeof(QUESTION_A)); + send_answer(fd, ANSWER_A, sizeof(ANSWER_A)); + + receive_and_check_question(fd, QUESTION_AAAA, sizeof(QUESTION_AAAA)); + send_answer(fd, ANSWER_AAAA, sizeof(ANSWER_AAAA)); + + receive_and_check_question(fd, QUESTION_A, sizeof(QUESTION_A)); + receive_and_check_question(fd, QUESTION_AAAA, sizeof(QUESTION_AAAA)); + send_answers_together(fd, ANSWER_A, sizeof(ANSWER_A), + ANSWER_AAAA, sizeof(ANSWER_AAAA)); +} + +static void *tcp_dns_server(void *p) { + _cleanup_close_ int bindfd = -1, acceptfd = -1; + + assert_se((bindfd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)) >= 0); + assert_se(setsockopt(bindfd, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int)) >= 0); + assert_se(bind(bindfd, &SERVER_ADDRESS, sizeof(SERVER_ADDRESS)) >= 0); + assert_se(listen(bindfd, 1) >= 0); + assert_se((acceptfd = accept(bindfd, NULL, NULL)) >= 0); + server_handle(acceptfd); + return NULL; +} + +#if ENABLE_DNS_OVER_TLS +/* + * Spawns a DNS TLS server using the command line "openssl s_server" tool. + */ +static void *tls_dns_server(void *p) { + pid_t openssl_pid; + int r; + _cleanup_close_ int fd_server = -1, fd_tls = -1; + _cleanup_free_ char *cert_path = NULL, *key_path = NULL; + _cleanup_free_ char *ip_str = NULL, *bind_str = NULL; + + assert_se(get_testdata_dir("test-resolve/selfsigned.cert", &cert_path) >= 0); + assert_se(get_testdata_dir("test-resolve/selfsigned.key", &key_path) >= 0); + + assert_se(in_addr_to_string(SERVER_ADDRESS.sin_family, + &(union in_addr_union){.in = SERVER_ADDRESS.sin_addr}, + &ip_str) >= 0); + asprintf(&bind_str, "%s:%d", ip_str, be16toh(SERVER_ADDRESS.sin_port)); + + /* We will hook one of the socketpair ends to OpenSSL's TLS server + * stdin/stdout, so we will be able to read and write plaintext + * from the other end's file descriptor like an usual TCP server */ + { + int fd[2]; + assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) >= 0); + fd_server = fd[0]; + fd_tls = fd[1]; + } + + r = safe_fork_full("(test-resolved-stream-tls-openssl)", (int[]) { fd_server, fd_tls }, 2, + FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_REOPEN_LOG, &openssl_pid); + assert(r >= 0); + if (r == 0) { + /* Child */ + assert_se(dup2(fd_tls, STDIN_FILENO) >= 0); + assert_se(dup2(fd_tls, STDOUT_FILENO) >= 0); + close(TAKE_FD(fd_server)); + close(TAKE_FD(fd_tls)); + + execlp("openssl", "openssl", "s_server", "-accept", bind_str, + "-key", key_path, "-cert", cert_path, + "-quiet", "-naccept", "1", NULL); + log_error("exec failed, is something wrong with the 'openssl' command?"); + _exit(EXIT_FAILURE); + } else { + pthread_mutex_t *server_lock = (pthread_mutex_t *)p; + + server_handle(fd_server); + + /* Once the test is done kill the TLS server to release the port */ + assert_se(pthread_mutex_lock(server_lock) == 0); + assert_se(kill(openssl_pid, SIGTERM) >= 0); + assert_se(waitpid(openssl_pid, NULL, 0) >= 0); + assert_se(pthread_mutex_unlock(server_lock) == 0); + } + + return NULL; +} +#endif + +static const char *TEST_DOMAIN = "example.com"; +static const uint64_t EVENT_TIMEOUT_USEC = 5 * 1000 * 1000; + +static void send_simple_question(DnsStream *stream, uint16_t type) { + _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; + _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; + _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; + + assert_se(dns_packet_new(&p, DNS_PROTOCOL_DNS, 0, DNS_PACKET_SIZE_MAX) >= 0); + assert_se(question = dns_question_new(1)); + assert_se(key = dns_resource_key_new(DNS_CLASS_IN, type, TEST_DOMAIN)); + assert_se(dns_question_add(question, key, 0) >= 0); + assert_se(dns_packet_append_question(p, question) >= 0); + DNS_PACKET_HEADER(p)->qdcount = htobe16(dns_question_size(question)); + assert_se(dns_stream_write_packet(stream, p) >= 0); +} + +static const size_t MAX_RECEIVED_PACKETS = 2; +static DnsPacket *received_packets[2] = {}; +static size_t n_received_packets = 0; + +static int on_stream_packet(DnsStream *stream) { + assert_se(n_received_packets < MAX_RECEIVED_PACKETS); + assert_se(received_packets[n_received_packets++] = dns_stream_take_read_packet(stream)); + return 0; +} + +static void test_dns_stream(bool tls) { + Manager manager = {}; + _cleanup_(dns_stream_unrefp) DnsStream *stream = NULL; + _cleanup_(sd_event_unrefp) sd_event *event = NULL; + _cleanup_close_ int clientfd = -1; + int r; + + void *(*server_entrypoint)(void *); + pthread_t server_thread; + pthread_mutex_t server_lock; + + log_info("test-resolved-stream: Started %s test", tls ? "TLS" : "TCP"); + +#if ENABLE_DNS_OVER_TLS + if (tls) { + /* For TLS mode, use DNS_OVER_TLS_OPPORTUNISTIC instead of + * DNS_OVER_TLS_YES, just to make certificate validation more + * lenient, allowing us to use self-signed certificates. + * We never downgrade, everything we test always goes over TLS */ + manager.dns_over_tls_mode = DNS_OVER_TLS_OPPORTUNISTIC; + } +#endif + + assert_se(sd_event_new(&event) >= 0); + manager.event = event; + + /* Set up a mock DNS (over TCP or TLS) server */ + server_entrypoint = tcp_dns_server; +#if ENABLE_DNS_OVER_TLS + if (tls) + server_entrypoint = tls_dns_server; +#endif + assert_se(pthread_mutex_init(&server_lock, NULL) == 0); + assert_se(pthread_mutex_lock(&server_lock) == 0); + assert_se(pthread_create(&server_thread, NULL, server_entrypoint, &server_lock) == 0); + + /* Create a socket client and connect to the TCP or TLS server + * The server may not be up immediately, so try to connect a few times before failing */ + assert_se((clientfd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)) >= 0); + + for (int i = 0; i < 100; i++) { + r = connect(clientfd, &SERVER_ADDRESS, sizeof(SERVER_ADDRESS)); + if (r >= 0) + break; + usleep(EVENT_TIMEOUT_USEC / 100); + } + assert_se(r >= 0); + + /* systemd-resolved uses (and requires) the socket to be in nonblocking mode */ + assert_se(fcntl(clientfd, F_SETFL, O_NONBLOCK) >= 0); + + /* Initialize DNS stream */ + assert_se(dns_stream_new(&manager, &stream, DNS_STREAM_LOOKUP, DNS_PROTOCOL_DNS, + TAKE_FD(clientfd), NULL, DNS_STREAM_DEFAULT_TIMEOUT_USEC) >= 0); + stream->on_packet = on_stream_packet; +#if ENABLE_DNS_OVER_TLS + if (tls) { + DnsServer server = { + .manager = &manager, + .family = SERVER_ADDRESS.sin_family, + .address.in = SERVER_ADDRESS.sin_addr + }; + + assert_se(dnstls_manager_init(&manager) >= 0); + assert_se(dnstls_stream_connect_tls(stream, &server) >= 0); + } +#endif + + /* Test: Question of type A and associated answer */ + log_info("test-resolved-stream: A record"); + send_simple_question(stream, DNS_TYPE_A); + while (n_received_packets != 1) + assert_se(sd_event_run(event, EVENT_TIMEOUT_USEC) >= 1); + assert_se(DNS_PACKET_DATA(received_packets[0])); + assert_se(memcmp(DNS_PACKET_DATA(received_packets[0]), + ANSWER_A + 2, sizeof(ANSWER_A) - 2) == 0); + dns_packet_unref(TAKE_PTR(received_packets[0])); + n_received_packets = 0; + + /* Test: Question of type AAAA and associated answer */ + log_info("test-resolved-stream: AAAA record"); + send_simple_question(stream, DNS_TYPE_AAAA); + while (n_received_packets != 1) + assert_se(sd_event_run(event, EVENT_TIMEOUT_USEC) >= 1); + assert_se(DNS_PACKET_DATA(received_packets[0])); + assert_se(memcmp(DNS_PACKET_DATA(received_packets[0]), + ANSWER_AAAA + 2, sizeof(ANSWER_AAAA) - 2) == 0); + dns_packet_unref(TAKE_PTR(received_packets[0])); + n_received_packets = 0; + + /* Test: Question of type A and AAAA and associated answers + * Both answers are sent back in a single packet or TLS record + * (tests the fix of PR #22132: "Fix DoT timeout on multiple answer records") */ + log_info("test-resolved-stream: A + AAAA record"); + send_simple_question(stream, DNS_TYPE_A); + send_simple_question(stream, DNS_TYPE_AAAA); + + while (n_received_packets != 2) + assert_se(sd_event_run(event, EVENT_TIMEOUT_USEC) >= 1); + assert_se(DNS_PACKET_DATA(received_packets[0])); + assert_se(DNS_PACKET_DATA(received_packets[1])); + assert_se(memcmp(DNS_PACKET_DATA(received_packets[0]), + ANSWER_A + 2, sizeof(ANSWER_A) - 2) == 0); + assert_se(memcmp(DNS_PACKET_DATA(received_packets[1]), + ANSWER_AAAA + 2, sizeof(ANSWER_AAAA) - 2) == 0); + dns_packet_unref(TAKE_PTR(received_packets[0])); + dns_packet_unref(TAKE_PTR(received_packets[1])); + n_received_packets = 0; + +#if ENABLE_DNS_OVER_TLS + if (tls) + dnstls_manager_free(&manager); +#endif + + /* Stop the DNS server */ + assert_se(pthread_mutex_unlock(&server_lock) == 0); + assert_se(pthread_join(server_thread, NULL) == 0); + assert_se(pthread_mutex_destroy(&server_lock) == 0); + + log_info("test-resolved-stream: Finished %s test", tls ? "TLS" : "TCP"); +} + +int main(int argc, char **argv) { + SERVER_ADDRESS = (struct sockaddr_in) { + .sin_family = AF_INET, + .sin_port = htobe16(12345), + .sin_addr.s_addr = htobe32(INADDR_LOOPBACK) + }; + + test_setup_logging(LOG_DEBUG); + + test_dns_stream(false); +#if ENABLE_DNS_OVER_TLS + if (system("openssl version >/dev/null 2>&1") != 0) + return log_tests_skipped("Skipping TLS test since the 'openssl' command does not seem to be available"); + test_dns_stream(true); +#endif + + return 0; +} diff --git a/test/test-resolve/selfsigned.cert b/test/test-resolve/selfsigned.cert new file mode 100644 index 00000000000..456862c2205 --- /dev/null +++ b/test/test-resolve/selfsigned.cert @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmzCCA4OgAwIBAgIUZlvbV3+2YGjHJDTW+u0XL/ypvsowDQYJKoZIhvcNAQEL +BQAwXDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By +aW5nZmllbGQxDDAKBgNVBAoMA0RpczEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29t +MCAXDTIyMDEyMzE0MjYyMloYDzMwMjEwNTI2MTQyNjIyWjBcMQswCQYDVQQGEwJV +UzEPMA0GA1UECAwGRGVuaWFsMRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UE +CgwDRGlzMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQC14826tEEHKICM/AKOKsyBUDaa6Z6KqS927ifb43LJ +fxtg8vW+vX9OGtje2qVAoI1UMSu4yttItSd9cjrnAFLPFvQGC8dFhn436ehLWiKP +AP5KvhIQ3equ5fTicn+Hxdm7C3Um2SEEE347I/vArfzuNE7PIJ57sh7KeBHGCrU3 +6iPl1DkkUilbqJAcgFoepozx1SbPq4h8LsdqJDKg+XUtvtuUS850D5Hb5ErTc8NL +VrA+urSIr+yIX4jAeLXbktNLGuAc3+cJTjwuWdDvP51yS0qpj459dFaRWQE9gu0b +DkRwYLF7Mpel66B8TBkHAWBhSs+oLNnv//Zv945wbUkTK29N2VtSEI4pd/47nTX9 +MwGn4q/ZAjhI7JUN3LcRDsrLdVAUabbK/U+xkL/lOlRRBK/1iuLELkaJlMUiuqZh +q3DvNjqeT5yY8GTU5iXoBcvY0lac3+zYaemTgD5cZfF4gpTflGfc5Gf+he6U3Dol +TT+4JfMrw0YdbqsH4oyEtmLBfMvvp+PQysiOELSFbSAphZOOcy8QSzoRrniNynPd +kM7kIM+0t2XUaz0lKtNuZSo9DnhTMvTLPnnbk5aJt5nPxPprcdqhcJhrHw7gVhBo +EceYJmXGiJJMLYuBNymZ4u7YrBg0e0qO+Fi9a4Kfh/QNMq/6VrpWvycb9LtCLhU+ +qQIDAQABo1MwUTAdBgNVHQ4EFgQU3ugK1HtfPaq90JC5Qf5ekrn4uUcwHwYDVR0j +BBgwFoAU3ugK1HtfPaq90JC5Qf5ekrn4uUcwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEATzNvQP+VNLY0qK5b/8j8C5PHB0WKsTHSVNOhITr0Bq67 +AeOq5Mh2qZvJd/QAPTb/Cg60802RLQxp6uhCcfMdxTXkz1mxq6dKEeDAu/zAZzXk +WSpJl/VORnibjvXf2OS6ucb4KPOxfkYiD328CdSYBJapmQbnUmwZph2SO0bpY7K3 +EbTY9fIyabGMrjbXL5EGRvqA0NSnJHVUYx1h3b32PYKHrQKu6syCE4OrMY0yjdLH +1WnHeC3iB02AFy7TTfmeUiMTxaiPXAPjBDDIQtv1GHt8GR7WHSD3seIhAu6Lzbyr +0zrxk52C9v0YP1lgOwnvmQfbUSpWc29yhrXFkqkZToqbmYjNO55gPN8JA/2GrWan +s8gQwQ8z+yWAqNJQA5S+9+hNlBlcq659gCjIxoyCmkol4EepwR1WWdZjs2I00FHk +mQL1ig6H81rg/Bh2SraKR1tGdmjCNFi4RfWHsxCBcd1cGFeUIN+ygNmjXmzXJDFP +5vUXL9J5iu+WD1rnwB2gPRSvZUrmKUZnOGk0/kt1RpgbcFdOza+6vZmB51fXZYpD +YyvXHTbuHVOyXA160/Fmg6BNy5BfrTuXaZ3YVeZmvDf+ywVl2BFDQZDoLLQMIHzl +L2DdMuhVmgITqx8ZtrSxqBxW0DQXFZiMT+sv81+o2SO5nDzSYjoXfQv/Xkgpx44= +-----END CERTIFICATE----- diff --git a/test/test-resolve/selfsigned.key b/test/test-resolve/selfsigned.key new file mode 100644 index 00000000000..44a09829ef8 --- /dev/null +++ b/test/test-resolve/selfsigned.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC14826tEEHKICM +/AKOKsyBUDaa6Z6KqS927ifb43LJfxtg8vW+vX9OGtje2qVAoI1UMSu4yttItSd9 +cjrnAFLPFvQGC8dFhn436ehLWiKPAP5KvhIQ3equ5fTicn+Hxdm7C3Um2SEEE347 +I/vArfzuNE7PIJ57sh7KeBHGCrU36iPl1DkkUilbqJAcgFoepozx1SbPq4h8Lsdq +JDKg+XUtvtuUS850D5Hb5ErTc8NLVrA+urSIr+yIX4jAeLXbktNLGuAc3+cJTjwu +WdDvP51yS0qpj459dFaRWQE9gu0bDkRwYLF7Mpel66B8TBkHAWBhSs+oLNnv//Zv +945wbUkTK29N2VtSEI4pd/47nTX9MwGn4q/ZAjhI7JUN3LcRDsrLdVAUabbK/U+x +kL/lOlRRBK/1iuLELkaJlMUiuqZhq3DvNjqeT5yY8GTU5iXoBcvY0lac3+zYaemT +gD5cZfF4gpTflGfc5Gf+he6U3DolTT+4JfMrw0YdbqsH4oyEtmLBfMvvp+PQysiO +ELSFbSAphZOOcy8QSzoRrniNynPdkM7kIM+0t2XUaz0lKtNuZSo9DnhTMvTLPnnb +k5aJt5nPxPprcdqhcJhrHw7gVhBoEceYJmXGiJJMLYuBNymZ4u7YrBg0e0qO+Fi9 +a4Kfh/QNMq/6VrpWvycb9LtCLhU+qQIDAQABAoICAEbiyfm6aCFnCnpneIN5cIvw +++bxpyT4/JOICyaqBME8dSoaZeV5KpUA54Yqhf6i05F9PEHfZQh3+TTtgMEoIh2t +H1r/2iBhYu1djndXYGKFC5WLb7T9F4oj+oUKBGOgmtNHiteiBTj2c9qOkn2sEQew +gQo99yXT7CYSFzMsVyW8bVMTm1VpY87h6ZACAZ0yYXmaDW8ftahX/sWB5+1Oavly +CVdJF+OpcbnVxceUtQa2eSdpUhR3I2KegMgqAw3YsdnyVmdKZ1r8D34s6L1k+HJj +n2xnkyuXXGl224HidY92xvtY47JUrD8wjjIC4joVsj8YjcdH+4OKKLvIKc3s+W4C ++fF6Uhxe7V0kg6bw+UE5eGC0CYeQww4Ruwd7Y8MHpF+6QAK2QsVWGCrhvCgXf9ix +s4iJBjaGG3fEMVyTrMeaJ/IhI4x6awjN8f/viqXfpwU5a06/JpILghgNTigHTCi2 ++Bpv4pXNmdn5AdLbGU+H+XVannY1obM2TV3XK5xMDpEblHG/Y2uNuOGa1YvSUlnl +AkYCV9pk39Hpnp0TWZ0MQmV4gG0VqyS7t6rh+3xehK+dxD5O9T+BSeB2H5hRrN5V +qImdsRvJMjj1WMQcREfC+9DTY/YOBlMdymtm7cix0JhnlK4UlvInQYvrnPasYvUA +wUVINpxGc87HxFEWeqSBAoIBAQDv8f5vS2w1yZNnz1cQwCPvUmLEevruCeO0IR71 +zNGRncoseMr8la4QOzAFCdosAqrfMlIuHK6Y1LVGgyEK4RYsU3zpOWHMzBalhChJ +dXeZoP/5a7p/Hxrh1YoZCCenTQne/KHIzhyOUzkYn2YltibkOR+sVUeYx8ZgDXxV +WwJmeMRV9Y19sE3fGYEQAo4gd1/8kObWlT49VwqDuUAjTtwwFQKs2b6UF77cAOgt +U1rclYg9LyB+liGof1TMA1S0z63keOYBX2S3154rB/91vXJdWPx0q1kCjyFfBlAp +ckxa7pygcWluGlUUqQlKglEEzQrA32OXRBa1loy2bzeU+px5AoIBAQDCD2HfzCzE +gl91ZgPnmTK7vDz3Dc+7nGP9ZVFBJory5zC/aCasaQ2FndpSQiC1kzVKdrW1h+U/ +yY2Bg8KrxyV6xP/yR2l0dM4tdjhZRJtCHIua2/K9w8aC713ak1ZbjVQtQPdX0tNy +zQADb/WaI3cLoXBul9vtEqdILqsMe3RsaTsAtswheCuT8n4ySbgdepavNOufTvh8 +TJVZq4+V0Vas+jYt4+yODHqfswGG1Ud2kZ4rucv8XsIOkA24eDsAgzBQormbeSXJ +KS37LRT3Swf+jA7WajfwrKV6cO7Y9mwOPMWZzFz3ES/qFYbK9s1KftkcudiYRc25 +KJZslS5xVcexAoIBAHjAKtAtf65t2/2xDVrDpxHoPwYr8Z3bYjkjNeZzBcAnTTgm +LdkBJpDKiHbwp1fgm8cpFsxX6NHGsddjZDyKW9NAzKq+Euayim8PXArjz6WDrW4C +9d7Fc4zVHuNMBFCgZ2hNcMmSWDKT1Tb7+LbfvSC7UqIyZI6Rctah0sFNxJ53Bi9Q +HL10/StaNWYuMwJJsQd0kIbKooDSDduOXaWnKQ4VdLwx9EOo04b5+d3dheteYSqR +TeQGf7fBJJZq0rUPkq5Y3T8xl4khPFrhcoD5LtWlU58PIAM2ro+YqLzC5YQZcr8X +c/xRyiFUk/VoMYed/Fxlz0Ovo1INCpFA1RLnL9kCggEAX/0923Zh+n3GfAqPCeME +bkpJGacSRumvp+qSy5gmCMqEmVkKMCPylVIkaKXfChGbvY6EiRuEMQ4gWZz0EQX7 +qwOA2rWqGvmf9mrQqo8+APCfuWTsaCNLsP53vSM+ByEcLxpAfoeBIfr287xQjwLV +4sHjHEEvfs/IQPMclpsGVo2iqtLAnBmV7KN4+qTuVl6J5HZXykBEty8mfOlYp7GZ +nwxQ+lgQbZ8MlKv1qF0c8TBMPbK0jMvOT2e/8aw++xzpLCmhh57gKuWcoe6FvWC2 +vplGyZZWv0yWub7c1iLmBhDXaSDmJyuwOKiXORPlLeEawZPH6GI2xUynQ2RzSYo1 +sQKCAQAbVhs1HcP5PAOTF5jAUdMbx+LeLUgKjO3Nx+YUeQCKVOgypd8w7N9k7WPi +BvTu7nkMtiK5UCix+UGthUFYyMClD2wnQ1h6nhVVz/D98cukksr1awNu6ms9M2ol +u6U7tfViEJhPxL+1pdAnFmqAoQx8fGpiyZQbb9DAcVBrIqQEjCRr4yZ8XaHOcTL0 +OeQO6ZCgxYOO5ac4snc1PDnRrlLs++b6tyaunLsFRSBkuzkMugXgUc+y3xgzBUQf +LOb/QIZvtqyF6s/YJZtLjLC8vdoe0ZqINh5Dq1xoGvtI1/QMgWraom999w9liFWs +VULYeUwXocBKk6rBSgDlsFF5LW22 +-----END PRIVATE KEY----- From fe4c208c98a65e8dd710b596fbb490b9f8eac91c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 08:30:36 +0900 Subject: [PATCH 260/703] resolve: make dns_stream_new() take on_packet and complete callbacks And make on_packet callback mandatory. (cherry picked from commit 18230451c03a6d20141efbc85341b6a5c6809077) --- src/resolve/resolved-dns-stream.c | 20 +++++++++++--------- src/resolve/resolved-dns-stream.h | 11 ++++++++++- src/resolve/resolved-dns-stub.c | 5 ++--- src/resolve/resolved-dns-transaction.c | 6 ++---- src/resolve/resolved-llmnr.c | 8 ++++---- src/resolve/test-resolved-stream.c | 4 ++-- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index 51ffa6b4b05..bdf46170d18 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -411,16 +411,13 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { s->n_read += ss; } - /* Are we done? If so, disable the event source for EPOLLIN */ + /* Are we done? If so, call the packet handler and re-enable EPOLLIN for the + * event source if necessary. */ if (s->n_read >= sizeof(s->read_size) + be16toh(s->read_size)) { - /* If there's a packet handler - * installed, call that. Note that - * this is optional... */ - if (s->on_packet) { - r = s->on_packet(s); - if (r < 0) - return r; - } + assert(s->on_packet); + r = s->on_packet(s); + if (r < 0) + return r; r = dns_stream_update_io(s); if (r < 0) @@ -523,6 +520,8 @@ int dns_stream_new( DnsProtocol protocol, int fd, const union sockaddr_union *tfo_address, + int (on_packet)(DnsStream*), + int (complete)(DnsStream*, int), /* optional */ usec_t connect_timeout_usec) { _cleanup_(dns_stream_unrefp) DnsStream *s = NULL; @@ -535,6 +534,7 @@ int dns_stream_new( assert(protocol >= 0); assert(protocol < _DNS_PROTOCOL_MAX); assert(fd >= 0); + assert(on_packet); if (m->n_dns_streams[type] > DNS_STREAMS_MAX) return -EBUSY; @@ -576,6 +576,8 @@ int dns_stream_new( s->manager = m; s->fd = fd; + s->on_packet = on_packet; + s->complete = complete; if (tfo_address) { s->tfo_address = *tfo_address; diff --git a/src/resolve/resolved-dns-stream.h b/src/resolve/resolved-dns-stream.h index 96b977f6280..548b2edc9ef 100644 --- a/src/resolve/resolved-dns-stream.h +++ b/src/resolve/resolved-dns-stream.h @@ -93,7 +93,16 @@ struct DnsStream { LIST_FIELDS(DnsStream, streams); }; -int dns_stream_new(Manager *m, DnsStream **s, DnsStreamType type, DnsProtocol protocol, int fd, const union sockaddr_union *tfo_address, usec_t timeout); +int dns_stream_new( + Manager *m, + DnsStream **ret, + DnsStreamType type, + DnsProtocol protocol, + int fd, + const union sockaddr_union *tfo_address, + int (on_packet)(DnsStream*), + int (complete)(DnsStream*, int), /* optional */ + usec_t connect_timeout_usec); #if ENABLE_DNS_OVER_TLS int dns_stream_connect_tls(DnsStream *s, void *tls_session); #endif diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 1fd7e69eac5..73fce6798e0 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -1067,15 +1067,14 @@ static int on_dns_stub_stream_internal(sd_event_source *s, int fd, uint32_t reve return -errno; } - r = dns_stream_new(m, &stream, DNS_STREAM_STUB, DNS_PROTOCOL_DNS, cfd, NULL, DNS_STREAM_STUB_TIMEOUT_USEC); + r = dns_stream_new(m, &stream, DNS_STREAM_STUB, DNS_PROTOCOL_DNS, cfd, NULL, + on_dns_stub_stream_packet, dns_stub_stream_complete, DNS_STREAM_STUB_TIMEOUT_USEC); if (r < 0) { safe_close(cfd); return r; } stream->stub_listener_extra = l; - stream->on_packet = on_dns_stub_stream_packet; - stream->complete = dns_stub_stream_complete; /* We let the reference to the stream dangle here, it will be dropped later by the complete callback. */ diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 0cf99127124..20d257bbf3b 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -754,7 +754,8 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { if (fd < 0) return fd; - r = dns_stream_new(t->scope->manager, &s, type, t->scope->protocol, fd, &sa, stream_timeout_usec); + r = dns_stream_new(t->scope->manager, &s, type, t->scope->protocol, fd, &sa, + on_stream_packet, on_stream_complete, stream_timeout_usec); if (r < 0) return r; @@ -777,9 +778,6 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { t->server->stream = dns_stream_ref(s); } - s->complete = on_stream_complete; - s->on_packet = on_stream_packet; - /* The interface index is difficult to determine if we are * connecting to the local host, hence fill this in right away * instead of determining it from the socket */ diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c index 32483006b1e..150cbab1863 100644 --- a/src/resolve/resolved-llmnr.c +++ b/src/resolve/resolved-llmnr.c @@ -313,15 +313,15 @@ static int on_llmnr_stream(sd_event_source *s, int fd, uint32_t revents, void *u return -errno; } - r = dns_stream_new(m, &stream, DNS_STREAM_LLMNR_RECV, DNS_PROTOCOL_LLMNR, cfd, NULL, DNS_STREAM_DEFAULT_TIMEOUT_USEC); + /* We don't configure a "complete" handler here, we rely on the default handler than simply drops the + * reference to the stream, thus freeing it */ + r = dns_stream_new(m, &stream, DNS_STREAM_LLMNR_RECV, DNS_PROTOCOL_LLMNR, cfd, NULL, + on_llmnr_stream_packet, NULL, DNS_STREAM_DEFAULT_TIMEOUT_USEC); if (r < 0) { safe_close(cfd); return r; } - stream->on_packet = on_llmnr_stream_packet; - /* We don't configure a "complete" handler here, we rely on the default handler than simply drops the - * reference to the stream, thus freeing it */ return 0; } diff --git a/src/resolve/test-resolved-stream.c b/src/resolve/test-resolved-stream.c index fd7ade19d1e..76467629fbd 100644 --- a/src/resolve/test-resolved-stream.c +++ b/src/resolve/test-resolved-stream.c @@ -253,8 +253,8 @@ static void test_dns_stream(bool tls) { /* Initialize DNS stream */ assert_se(dns_stream_new(&manager, &stream, DNS_STREAM_LOOKUP, DNS_PROTOCOL_DNS, - TAKE_FD(clientfd), NULL, DNS_STREAM_DEFAULT_TIMEOUT_USEC) >= 0); - stream->on_packet = on_stream_packet; + TAKE_FD(clientfd), NULL, on_stream_packet, NULL, + DNS_STREAM_DEFAULT_TIMEOUT_USEC) >= 0); #if ENABLE_DNS_OVER_TLS if (tls) { DnsServer server = { From b2f82f643a9c9609058ed877b3d722b3822d484c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 08:57:05 +0900 Subject: [PATCH 261/703] resolve: call dns_stream_take_read_packet() in on_stream_io() As dns_stream_take_read_packet() is called only in on_packet callbacks, and all on_packet callbacks call it. (cherry picked from commit 624f907ea9a42930bffb343dd44fbb0e34746cb0) --- src/resolve/resolved-dns-stream.c | 39 +++++++++++++------------- src/resolve/resolved-dns-stream.h | 6 ++-- src/resolve/resolved-dns-stub.c | 7 ++--- src/resolve/resolved-dns-transaction.c | 8 ++---- src/resolve/resolved-llmnr.c | 6 ++-- src/resolve/test-resolved-stream.c | 4 +-- 6 files changed, 31 insertions(+), 39 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index bdf46170d18..1b2db512129 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -281,6 +281,22 @@ static int on_stream_timeout(sd_event_source *es, usec_t usec, void *userdata) { return dns_stream_complete(s, ETIMEDOUT); } +static DnsPacket *dns_stream_take_read_packet(DnsStream *s) { + assert(s); + + if (!s->read_packet) + return NULL; + + if (s->n_read < sizeof(s->read_size)) + return NULL; + + if (s->n_read < sizeof(s->read_size) + be16toh(s->read_size)) + return NULL; + + s->n_read = 0; + return TAKE_PTR(s->read_packet); +} + static int on_stream_io_impl(DnsStream *s, uint32_t revents) { bool progressed = false; int r; @@ -413,9 +429,10 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { /* Are we done? If so, call the packet handler and re-enable EPOLLIN for the * event source if necessary. */ - if (s->n_read >= sizeof(s->read_size) + be16toh(s->read_size)) { + _cleanup_(dns_packet_unrefp) DnsPacket *p = dns_stream_take_read_packet(s); + if (p) { assert(s->on_packet); - r = s->on_packet(s); + r = s->on_packet(s, p); if (r < 0) return r; @@ -520,7 +537,7 @@ int dns_stream_new( DnsProtocol protocol, int fd, const union sockaddr_union *tfo_address, - int (on_packet)(DnsStream*), + int (on_packet)(DnsStream*, DnsPacket*), int (complete)(DnsStream*, int), /* optional */ usec_t connect_timeout_usec) { @@ -604,22 +621,6 @@ int dns_stream_write_packet(DnsStream *s, DnsPacket *p) { return dns_stream_update_io(s); } -DnsPacket *dns_stream_take_read_packet(DnsStream *s) { - assert(s); - - if (!s->read_packet) - return NULL; - - if (s->n_read < sizeof(s->read_size)) - return NULL; - - if (s->n_read < sizeof(s->read_size) + be16toh(s->read_size)) - return NULL; - - s->n_read = 0; - return TAKE_PTR(s->read_packet); -} - void dns_stream_detach(DnsStream *s) { assert(s); diff --git a/src/resolve/resolved-dns-stream.h b/src/resolve/resolved-dns-stream.h index 548b2edc9ef..fedbab2da2c 100644 --- a/src/resolve/resolved-dns-stream.h +++ b/src/resolve/resolved-dns-stream.h @@ -78,7 +78,7 @@ struct DnsStream { size_t n_written, n_read; OrderedSet *write_queue; - int (*on_packet)(DnsStream *s); + int (*on_packet)(DnsStream *s, DnsPacket *p); int (*complete)(DnsStream *s, int error); LIST_HEAD(DnsTransaction, transactions); /* when used by the transaction logic */ @@ -100,7 +100,7 @@ int dns_stream_new( DnsProtocol protocol, int fd, const union sockaddr_union *tfo_address, - int (on_packet)(DnsStream*), + int (on_packet)(DnsStream*, DnsPacket*), int (complete)(DnsStream*, int), /* optional */ usec_t connect_timeout_usec); #if ENABLE_DNS_OVER_TLS @@ -123,6 +123,4 @@ static inline bool DNS_STREAM_QUEUED(DnsStream *s) { return !!s->write_packet; } -DnsPacket *dns_stream_take_read_packet(DnsStream *s); - void dns_stream_detach(DnsStream *s); diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 73fce6798e0..9e34161eb32 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -1037,12 +1037,9 @@ static int on_dns_stub_packet_extra(sd_event_source *s, int fd, uint32_t revents return on_dns_stub_packet_internal(s, fd, revents, l->manager, l); } -static int on_dns_stub_stream_packet(DnsStream *s) { - _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; - +static int on_dns_stub_stream_packet(DnsStream *s, DnsPacket *p) { assert(s); - - p = dns_stream_take_read_packet(s); + assert(s->manager); assert(p); if (dns_packet_validate_query(p) > 0) { diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 20d257bbf3b..f937f9f7b59 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -644,14 +644,12 @@ static int on_stream_complete(DnsStream *s, int error) { return 0; } -static int on_stream_packet(DnsStream *s) { - _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; +static int on_stream_packet(DnsStream *s, DnsPacket *p) { DnsTransaction *t; assert(s); - - /* Take ownership of packet to be able to receive new packets */ - assert_se(p = dns_stream_take_read_packet(s)); + assert(s->manager); + assert(p); t = hashmap_get(s->manager->dns_transactions, UINT_TO_PTR(DNS_PACKET_ID(p))); if (t && t->stream == s) /* Validate that the stream we got this on actually is the stream the diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c index 150cbab1863..b4e551c219d 100644 --- a/src/resolve/resolved-llmnr.c +++ b/src/resolve/resolved-llmnr.c @@ -277,13 +277,11 @@ int manager_llmnr_ipv6_udp_fd(Manager *m) { return m->llmnr_ipv6_udp_fd = TAKE_FD(s); } -static int on_llmnr_stream_packet(DnsStream *s) { - _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; +static int on_llmnr_stream_packet(DnsStream *s, DnsPacket *p) { DnsScope *scope; assert(s); - - p = dns_stream_take_read_packet(s); + assert(s->manager); assert(p); scope = manager_find_scope(s->manager, p); diff --git a/src/resolve/test-resolved-stream.c b/src/resolve/test-resolved-stream.c index 76467629fbd..8a01460a0ee 100644 --- a/src/resolve/test-resolved-stream.c +++ b/src/resolve/test-resolved-stream.c @@ -194,9 +194,9 @@ static const size_t MAX_RECEIVED_PACKETS = 2; static DnsPacket *received_packets[2] = {}; static size_t n_received_packets = 0; -static int on_stream_packet(DnsStream *stream) { +static int on_stream_packet(DnsStream *stream, DnsPacket *p) { assert_se(n_received_packets < MAX_RECEIVED_PACKETS); - assert_se(received_packets[n_received_packets++] = dns_stream_take_read_packet(stream)); + assert_se(received_packets[n_received_packets++] = dns_packet_ref(p)); return 0; } From d65808ef7e0fe558923336a8533df37ecb50dbfc Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 09:01:07 +0900 Subject: [PATCH 262/703] resolve: mention that dns_stream_update() needs to be called after dns_stream_take_read_packet() Based on the analysis by Joan Bruguera . See https://github.com/systemd/systemd/pull/22132#discussion_r793951650. (cherry picked from commit 4aa6129897d2e8de9b275b44270c1c9da745de0e) --- src/resolve/resolved-dns-stream.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index 1b2db512129..d16ea95d434 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -284,6 +284,13 @@ static int on_stream_timeout(sd_event_source *es, usec_t usec, void *userdata) { static DnsPacket *dns_stream_take_read_packet(DnsStream *s) { assert(s); + /* Note, dns_stream_update() should be called after this is called. When this is called, the + * stream may be already full and the EPOLLIN flag is dropped from the stream IO event source. + * Even this makes a room to read in the stream, this does not call dns_stream_update(), hence + * EPOLLIN flag is not set automatically. So, to read further packets from the stream, + * dns_stream_update() must be called explicitly. Currently, this is only called from + * on_stream_io_impl(), and there dns_stream_update() is called. */ + if (!s->read_packet) return NULL; From 9c710c66c383adf2aa06e8c32bac5c100cf0fd8c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 09:29:59 +0900 Subject: [PATCH 263/703] resolve: llmnr: fix never hit condition Previously, the condition in on_stream_io_impl() never hit, as the read packet is always taken from the stream in the few lines above. Instead of the dns_stream_complete() under the condition, the stream is unref()ed in the on_packet callback for LLMNR stream, unlike the other on_packet callbacks. That's quite tricky. Also, potentially, the stream may still have queued packets to write. This fix the condition, and drops the unref() in the on_packet callback. C.f. https://github.com/systemd/systemd/pull/22274#issuecomment-1023708449. Closes #22266. (cherry picked from commit a5e2a488e83fabf6d8ade7621c2fc3574a8faaa7) --- src/resolve/resolved-dns-stream.c | 22 +++++++++++++++------- src/resolve/resolved-dns-stream.h | 1 + src/resolve/resolved-llmnr.c | 4 +--- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index d16ea95d434..cf9d1a9d5e5 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -446,17 +446,25 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { r = dns_stream_update_io(s); if (r < 0) return dns_stream_complete(s, -r); + + s->packet_received = true; } } } - /* Call "complete" callback if finished reading and writing one packet, and there's nothing else left - * to write. */ - if (s->type == DNS_STREAM_LLMNR_SEND && - (s->write_packet && s->n_written >= sizeof(s->write_size) + s->write_packet->size) && - ordered_set_isempty(s->write_queue) && - (s->read_packet && s->n_read >= sizeof(s->read_size) + s->read_packet->size)) - return dns_stream_complete(s, 0); + if (s->type == DNS_STREAM_LLMNR_SEND && s->packet_received) { + uint32_t events; + + /* Complete the stream if finished reading and writing one packet, and there's nothing + * else left to write. */ + + r = sd_event_source_get_io_events(s->io_event_source, &events); + if (r < 0) + return r; + + if (!FLAGS_SET(events, EPOLLOUT)) + return dns_stream_complete(s, 0); + } /* If we did something, let's restart the timeout event source */ if (progressed && s->timeout_event_source) { diff --git a/src/resolve/resolved-dns-stream.h b/src/resolve/resolved-dns-stream.h index fedbab2da2c..1c606365cdc 100644 --- a/src/resolve/resolved-dns-stream.h +++ b/src/resolve/resolved-dns-stream.h @@ -60,6 +60,7 @@ struct DnsStream { int ifindex; uint32_t ttl; bool identified; + bool packet_received; /* At least one packet is received. Used by LLMNR. */ /* only when using TCP fast open */ union sockaddr_union tfo_address; diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c index b4e551c219d..76e42940f45 100644 --- a/src/resolve/resolved-llmnr.c +++ b/src/resolve/resolved-llmnr.c @@ -294,7 +294,6 @@ static int on_llmnr_stream_packet(DnsStream *s, DnsPacket *p) { } else log_debug("Invalid LLMNR TCP packet, ignoring."); - dns_stream_unref(s); return 0; } @@ -311,8 +310,7 @@ static int on_llmnr_stream(sd_event_source *s, int fd, uint32_t revents, void *u return -errno; } - /* We don't configure a "complete" handler here, we rely on the default handler than simply drops the - * reference to the stream, thus freeing it */ + /* We don't configure a "complete" handler here, we rely on the default handler, thus freeing it */ r = dns_stream_new(m, &stream, DNS_STREAM_LLMNR_RECV, DNS_PROTOCOL_LLMNR, cfd, NULL, on_llmnr_stream_packet, NULL, DNS_STREAM_DEFAULT_TIMEOUT_USEC); if (r < 0) { From 3227f542a7f540fe9a85a3a9e022d8d188d5d630 Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Mon, 31 Jan 2022 21:28:21 +0100 Subject: [PATCH 264/703] resolved: Make event flags logic robust for DoT Since when handling a DNS over TLS stream, the TLS library can override the requested events through dnstls_events for handshake/shutdown purposes, obtaining the event flags through sd_event_source_get_io_events and checking for EPOLLIN or EPOLLOUT does not really tell us whether we want to read/write a packet. Instead, it could just be OpenSSL/GnuTLS doing something else. To make the logic more robust (and simpler), save the flags that tell us whether we want to read/write a packet, and check them instead of the IO flags. (& use uint32_t for the flags like in sd_event_source_set_io_events prototype) (cherry picked from commit eff107736e17bfe43680c42ae39baa3d41fb4715) --- src/resolve/resolved-dns-stream.c | 27 +++++++++------------------ src/resolve/resolved-dns-stream.h | 3 ++- 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index cf9d1a9d5e5..290c28ed652 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -27,7 +27,7 @@ static void dns_stream_stop(DnsStream *s) { } static int dns_stream_update_io(DnsStream *s) { - int f = 0; + uint32_t f = 0; assert(s); @@ -47,6 +47,8 @@ static int dns_stream_update_io(DnsStream *s) { set_size(s->queries) < DNS_QUERIES_PER_STREAM) f |= EPOLLIN; + s->requested_events = f; + #if ENABLE_DNS_OVER_TLS /* For handshake and clean closing purposes, TLS can override requested events */ if (s->dnstls_events != 0) @@ -452,19 +454,11 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { } } - if (s->type == DNS_STREAM_LLMNR_SEND && s->packet_received) { - uint32_t events; - - /* Complete the stream if finished reading and writing one packet, and there's nothing - * else left to write. */ - - r = sd_event_source_get_io_events(s->io_event_source, &events); - if (r < 0) - return r; - - if (!FLAGS_SET(events, EPOLLOUT)) - return dns_stream_complete(s, 0); - } + /* Complete the stream if finished reading and writing one packet, and there's nothing + * else left to write. */ + if (s->type == DNS_STREAM_LLMNR_SEND && s->packet_received && + !FLAGS_SET(s->requested_events, EPOLLOUT)) + return dns_stream_complete(s, 0); /* If we did something, let's restart the timeout event source */ if (progressed && s->timeout_event_source) { @@ -499,10 +493,7 @@ static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *use uint32_t events; /* Make sure the stream still wants to process more data... */ - r = sd_event_source_get_io_events(s->io_event_source, &events); - if (r < 0) - return r; - if (!FLAGS_SET(events, EPOLLIN)) + if (!FLAGS_SET(s->requested_events, EPOLLIN)) break; r = on_stream_io_impl(s, EPOLLIN); diff --git a/src/resolve/resolved-dns-stream.h b/src/resolve/resolved-dns-stream.h index 1c606365cdc..ba4a59e41c5 100644 --- a/src/resolve/resolved-dns-stream.h +++ b/src/resolve/resolved-dns-stream.h @@ -61,6 +61,7 @@ struct DnsStream { uint32_t ttl; bool identified; bool packet_received; /* At least one packet is received. Used by LLMNR. */ + uint32_t requested_events; /* only when using TCP fast open */ union sockaddr_union tfo_address; @@ -68,7 +69,7 @@ struct DnsStream { #if ENABLE_DNS_OVER_TLS DnsTlsStreamData dnstls_data; - int dnstls_events; + uint32_t dnstls_events; #endif sd_event_source *io_event_source; From 03692af60735dadff6c3059bde9881a7e74e9f20 Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Mon, 31 Jan 2022 21:28:32 +0100 Subject: [PATCH 265/703] resolved: Avoid multiple SSL writes per DoT packet In the DoT case, dns_stream_writev decomposed an iovec into multiple dnstls_stream_write calls, which resulted in multiple SSL writes and multiple TLS records. This can be checked from a network capture, e.g. using socat: socat -v -x openssl-listen:853,reuseaddr,fork,cert=my.cert,key=my.key,verify=0 openssl:8.8.8.8:853 Instead, propagate the iovec as-is into the DoT handling code. For GnuTLS, the library provides support for buffering ('corking') a record. OpenSSL has no such facility, so we join the iovec into a single buffer then call SSL_write. socat capture of `resolvectl -4 query --cache=no example.com` before the commit: > 2022/01/30 13:35:52.194200 length=2 from=0 to=1 00 28 .( -- > 2022/01/30 13:35:52.194253 length=40 from=2 to=41 1e b2 01 00 00 01 00 00 00 00 00 01 07 65 78 61 .............exa 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 00 00 29 mple.com.......) ff e4 00 00 00 00 00 00 ........ -- < 2022/01/30 13:35:52.232798 length=58 from=0 to=57 00 38 1e b2 81 80 00 01 00 01 00 00 00 01 07 65 .8.............e 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0 xample.com...... 0c 00 01 00 01 00 00 53 6f 00 04 5d b8 d8 22 00 .......So..]..". 00 29 02 00 00 00 00 00 00 00 .)........ socat capture of `resolvectl -4 query --cache=no example.com` after the commit: > 2022/01/30 13:34:47.598099 length=42 from=504 to=545 00 28 37 86 01 00 00 01 00 00 00 00 00 01 07 65 .(7............e 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 00 xample.com...... 00 29 ff e4 00 00 00 00 00 00 .)........ -- < 2022/01/30 13:34:47.613203 length=58 from=756 to=813 00 38 37 86 81 80 00 01 00 01 00 00 00 01 07 65 .87............e 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0 xample.com...... 0c 00 01 00 01 00 00 52 5e 00 04 5d b8 d8 22 00 .......R^..]..". 00 29 02 00 00 00 00 00 00 00 .)........ (cherry picked from commit aa892849d50e9dd5da03a628463ccf6c55ff1b44) --- src/resolve/resolved-dns-stream.c | 18 +++------------- src/resolve/resolved-dnstls-gnutls.c | 22 +++++++++++++++----- src/resolve/resolved-dnstls-openssl.c | 30 +++++++++++++++++++++------ src/resolve/resolved-dnstls.h | 3 ++- 4 files changed, 46 insertions(+), 27 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index 290c28ed652..5c4a9ebb999 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -210,22 +210,10 @@ ssize_t dns_stream_writev(DnsStream *s, const struct iovec *iov, size_t iovcnt, assert(iov); #if ENABLE_DNS_OVER_TLS - if (s->encrypted && !(flags & DNS_STREAM_WRITE_TLS_DATA)) { - ssize_t ss; - size_t i; - - m = 0; - for (i = 0; i < iovcnt; i++) { - ss = dnstls_stream_write(s, iov[i].iov_base, iov[i].iov_len); - if (ss < 0) - return ss; - - m += ss; - if (ss != (ssize_t) iov[i].iov_len) - continue; - } - } else + if (s->encrypted && !(flags & DNS_STREAM_WRITE_TLS_DATA)) + return dnstls_stream_writev(s, iov, iovcnt); #endif + if (s->tfo_salen > 0) { struct msghdr hdr = { .msg_iov = (struct iovec*) iov, diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c index 8610cacab67..3d361708a10 100644 --- a/src/resolve/resolved-dnstls-gnutls.c +++ b/src/resolve/resolved-dnstls-gnutls.c @@ -6,6 +6,7 @@ #include +#include "io-util.h" #include "resolved-dns-stream.h" #include "resolved-dnstls.h" #include "resolved-manager.h" @@ -13,7 +14,7 @@ #define TLS_PROTOCOL_PRIORITY "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gnutls_session_t, gnutls_deinit, NULL); -static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) { +static ssize_t dnstls_stream_vec_push(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) { int r; assert(p); @@ -81,7 +82,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) { gnutls_handshake_set_timeout(gs, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); gnutls_transport_set_ptr2(gs, (gnutls_transport_ptr_t) (long) stream->fd, stream); - gnutls_transport_set_vec_push_function(gs, &dnstls_stream_writev); + gnutls_transport_set_vec_push_function(gs, &dnstls_stream_vec_push); stream->encrypted = true; stream->dnstls_data.handshake = gnutls_handshake(gs); @@ -163,15 +164,26 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) { return 0; } -ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count) { +ssize_t dnstls_stream_writev(DnsStream *stream, const struct iovec *iov, size_t iovcnt) { ssize_t ss; assert(stream); assert(stream->encrypted); assert(stream->dnstls_data.session); - assert(buf); + assert(iov); + assert(IOVEC_TOTAL_SIZE(iov, iovcnt) > 0); + + gnutls_record_cork(stream->dnstls_data.session); + + for (size_t i = 0; i < iovcnt; i++) { + ss = gnutls_record_send( + stream->dnstls_data.session, + iov[i].iov_base, iov[i].iov_len); + if (ss < 0) + break; + } - ss = gnutls_record_send(stream->dnstls_data.session, buf, count); + ss = gnutls_record_uncork(stream->dnstls_data.session, 0); if (ss < 0) switch(ss) { case GNUTLS_E_INTERRUPTED: diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index 7d264dd3673..3a030048625 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -292,15 +292,10 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) { return 0; } -ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count) { +static ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count) { int error, r; ssize_t ss; - assert(stream); - assert(stream->encrypted); - assert(stream->dnstls_data.ssl); - assert(buf); - ERR_clear_error(); ss = r = SSL_write(stream->dnstls_data.ssl, buf, count); if (r <= 0) { @@ -329,6 +324,29 @@ ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count) { return ss; } +ssize_t dnstls_stream_writev(DnsStream *stream, const struct iovec *iov, size_t iovcnt) { + _cleanup_free_ char *buf = NULL; + size_t count; + + assert(stream); + assert(stream->encrypted); + assert(stream->dnstls_data.ssl); + assert(iov); + assert(IOVEC_TOTAL_SIZE(iov, iovcnt) > 0); + + if (iovcnt == 1) + return dnstls_stream_write(stream, iov[0].iov_base, iov[0].iov_len); + + /* As of now, OpenSSL can not accumulate multiple writes, so join into a + single buffer. Suboptimal, but better than multiple SSL_write calls. */ + count = IOVEC_TOTAL_SIZE(iov, iovcnt); + buf = new(char, count); + for (size_t i = 0, pos = 0; i < iovcnt; pos += iov[i].iov_len, i++) + memcpy(buf + pos, iov[i].iov_base, iov[i].iov_len); + + return dnstls_stream_write(stream, buf, count); +} + ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { int error, r; ssize_t ss; diff --git a/src/resolve/resolved-dnstls.h b/src/resolve/resolved-dnstls.h index ed214dc6c46..70b27d8d77f 100644 --- a/src/resolve/resolved-dnstls.h +++ b/src/resolve/resolved-dnstls.h @@ -5,6 +5,7 @@ #include #include +#include typedef struct DnsServer DnsServer; typedef struct DnsStream DnsStream; @@ -27,7 +28,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server); void dnstls_stream_free(DnsStream *stream); int dnstls_stream_on_io(DnsStream *stream, uint32_t revents); int dnstls_stream_shutdown(DnsStream *stream, int error); -ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count); +ssize_t dnstls_stream_writev(DnsStream *stream, const struct iovec *iov, size_t iovcnt); ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count); bool dnstls_stream_has_buffered_data(DnsStream *stream); From 781b2b2e664aa2a230b074bb4332f23d24f45da6 Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Sun, 30 Jan 2022 12:51:10 +0100 Subject: [PATCH 266/703] resolved: Read as much as possible per stream EPOLLIN event In commit 2aaf6bb6e99b0f2bd73e0c49bef9e11a2844bf1a, an issue was fixed where systemd-resolved could get stuck for multiple seconds waiting for incoming data, since GnuTLS/OpenSSL can buffer a TLS record, so data could be available, but no EPOLLIN event would be generated. To fix this, a somewhat elaborate logic consisting on asking the TLS library whether it had buffered data, then "faking" an EPOLLIN event was implemented. However, there is a much simpler solution: Always read as much data as available (i.e. until we get an event like EAGAIN when trying to read) from the stream when we get an EPOLLIN event, instead of at most a single packet per event. This approach does not require asking the TLS library whether it has buffered data, and the logic is exactly the same for both the TCP and TLS case. test-resolved-stream is fixed to avoid a latent double free bug. (cherry picked from commit 839a70c3534ce10ed7a66b5925f4570d88b2b64a) --- src/resolve/resolved-dns-stream.c | 55 ++++++--------------------- src/resolve/resolved-dnstls-gnutls.c | 8 ---- src/resolve/resolved-dnstls-openssl.c | 18 ++++----- src/resolve/resolved-dnstls.h | 2 - src/resolve/test-resolved-stream.c | 11 ++++-- 5 files changed, 29 insertions(+), 65 deletions(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index 5c4a9ebb999..61e92bea831 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -279,7 +279,7 @@ static DnsPacket *dns_stream_take_read_packet(DnsStream *s) { * Even this makes a room to read in the stream, this does not call dns_stream_update(), hence * EPOLLIN flag is not set automatically. So, to read further packets from the stream, * dns_stream_update() must be called explicitly. Currently, this is only called from - * on_stream_io_impl(), and there dns_stream_update() is called. */ + * on_stream_io(), and there dns_stream_update() is called. */ if (!s->read_packet) return NULL; @@ -294,15 +294,13 @@ static DnsPacket *dns_stream_take_read_packet(DnsStream *s) { return TAKE_PTR(s->read_packet); } -static int on_stream_io_impl(DnsStream *s, uint32_t revents) { +static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *userdata) { + _cleanup_(dns_stream_unrefp) DnsStream *s = dns_stream_ref(userdata); /* Protect stream while we process it */ bool progressed = false; int r; assert(s); - /* This returns 1 when possible remaining stream exists, 0 on completed - stream or recoverable error, and negative errno on failure. */ - #if ENABLE_DNS_OVER_TLS if (s->encrypted) { r = dnstls_stream_on_io(s, revents); @@ -354,9 +352,9 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { } } - if ((revents & (EPOLLIN|EPOLLHUP|EPOLLRDHUP)) && - (!s->read_packet || - s->n_read < sizeof(s->read_size) + s->read_packet->size)) { + while ((revents & (EPOLLIN|EPOLLHUP|EPOLLRDHUP)) && + (!s->read_packet || + s->n_read < sizeof(s->read_size) + s->read_packet->size)) { if (s->n_read < sizeof(s->read_size)) { ssize_t ss; @@ -365,6 +363,7 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { if (ss < 0) { if (!ERRNO_IS_TRANSIENT(ss)) return dns_stream_complete(s, -ss); + break; } else if (ss == 0) return dns_stream_complete(s, ECONNRESET); else { @@ -418,6 +417,7 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { if (ss < 0) { if (!ERRNO_IS_TRANSIENT(ss)) return dns_stream_complete(s, -ss); + break; } else if (ss == 0) return dns_stream_complete(s, ECONNRESET); else @@ -438,6 +438,10 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { return dns_stream_complete(s, -r); s->packet_received = true; + + /* If we just disabled the read event, stop reading */ + if (!FLAGS_SET(s->requested_events, EPOLLIN)) + break; } } } @@ -455,41 +459,6 @@ static int on_stream_io_impl(DnsStream *s, uint32_t revents) { log_warning_errno(errno, "Couldn't restart TCP connection timeout, ignoring: %m"); } - return 1; -} - -static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *userdata) { - _cleanup_(dns_stream_unrefp) DnsStream *s = dns_stream_ref(userdata); /* Protect stream while we process it */ - int r; - - assert(s); - - r = on_stream_io_impl(s, revents); - if (r <= 0) - return r; - -#if ENABLE_DNS_OVER_TLS - if (!s->encrypted) - return 0; - - /* When using DNS-over-TLS, the underlying TLS library may read the entire TLS record - and buffer it internally. If this happens, we will not receive further EPOLLIN events, - and unless there's some unrelated activity on the socket, we will hang until time out. - To avoid this, if there's buffered TLS data, generate a "fake" EPOLLIN event. - This is hacky, but it makes this case transparent to the rest of the IO code. */ - while (dnstls_stream_has_buffered_data(s)) { - uint32_t events; - - /* Make sure the stream still wants to process more data... */ - if (!FLAGS_SET(s->requested_events, EPOLLIN)) - break; - - r = on_stream_io_impl(s, EPOLLIN); - if (r <= 0) - return r; - } -#endif - return 0; } diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c index 3d361708a10..8c8628ebbbd 100644 --- a/src/resolve/resolved-dnstls-gnutls.c +++ b/src/resolve/resolved-dnstls-gnutls.c @@ -223,14 +223,6 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { return ss; } -bool dnstls_stream_has_buffered_data(DnsStream *stream) { - assert(stream); - assert(stream->encrypted); - assert(stream->dnstls_data.session); - - return gnutls_record_check_pending(stream->dnstls_data.session) > 0; -} - void dnstls_server_free(DnsServer *server) { assert(server); diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index 3a030048625..4d3a88c8daf 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -361,7 +361,15 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { if (r <= 0) { error = SSL_get_error(stream->dnstls_data.ssl, r); if (IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE)) { - stream->dnstls_events = error == SSL_ERROR_WANT_READ ? EPOLLIN : EPOLLOUT; + /* If we receive SSL_ERROR_WANT_READ here, there are two possible scenarios: + * OpenSSL needs to renegotiate (so we want to get an EPOLLIN event), or + * There is no more application data is available, so we can just return + And apparently there's no nice way to distinguish between the two. + To handle this, never set EPOLLIN and just continue as usual. + If OpenSSL really wants to read due to renegotiation, it will tell us + again on SSL_write (at which point we will request EPOLLIN force a read); + or we will just eventually read data anyway while we wait for a packet */ + stream->dnstls_events = error == SSL_ERROR_WANT_READ ? 0 : EPOLLOUT; ss = -EAGAIN; } else if (error == SSL_ERROR_ZERO_RETURN) { stream->dnstls_events = 0; @@ -385,14 +393,6 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { return ss; } -bool dnstls_stream_has_buffered_data(DnsStream *stream) { - assert(stream); - assert(stream->encrypted); - assert(stream->dnstls_data.ssl); - - return SSL_has_pending(stream->dnstls_data.ssl) > 0; -} - void dnstls_server_free(DnsServer *server) { assert(server); diff --git a/src/resolve/resolved-dnstls.h b/src/resolve/resolved-dnstls.h index 70b27d8d77f..cda97e0b126 100644 --- a/src/resolve/resolved-dnstls.h +++ b/src/resolve/resolved-dnstls.h @@ -3,7 +3,6 @@ #if ENABLE_DNS_OVER_TLS -#include #include #include @@ -30,7 +29,6 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents); int dnstls_stream_shutdown(DnsStream *stream, int error); ssize_t dnstls_stream_writev(DnsStream *stream, const struct iovec *iov, size_t iovcnt); ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count); -bool dnstls_stream_has_buffered_data(DnsStream *stream); void dnstls_server_free(DnsServer *server); diff --git a/src/resolve/test-resolved-stream.c b/src/resolve/test-resolved-stream.c index 8a01460a0ee..d95a2f89cd6 100644 --- a/src/resolve/test-resolved-stream.c +++ b/src/resolve/test-resolved-stream.c @@ -144,7 +144,7 @@ static void *tls_dns_server(void *p) { r = safe_fork_full("(test-resolved-stream-tls-openssl)", (int[]) { fd_server, fd_tls }, 2, FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_REOPEN_LOG, &openssl_pid); - assert(r >= 0); + assert_se(r >= 0); if (r == 0) { /* Child */ assert_se(dup2(fd_tls, STDIN_FILENO) >= 0); @@ -200,6 +200,10 @@ static int on_stream_packet(DnsStream *stream, DnsPacket *p) { return 0; } +static int on_stream_complete_do_nothing(DnsStream *s, int error) { + return 0; +} + static void test_dns_stream(bool tls) { Manager manager = {}; _cleanup_(dns_stream_unrefp) DnsStream *stream = NULL; @@ -251,9 +255,10 @@ static void test_dns_stream(bool tls) { /* systemd-resolved uses (and requires) the socket to be in nonblocking mode */ assert_se(fcntl(clientfd, F_SETFL, O_NONBLOCK) >= 0); - /* Initialize DNS stream */ + /* Initialize DNS stream (disabling the default self-destruction + behaviour when no complete callback is set) */ assert_se(dns_stream_new(&manager, &stream, DNS_STREAM_LOOKUP, DNS_PROTOCOL_DNS, - TAKE_FD(clientfd), NULL, on_stream_packet, NULL, + TAKE_FD(clientfd), NULL, on_stream_packet, on_stream_complete_do_nothing, DNS_STREAM_DEFAULT_TIMEOUT_USEC) >= 0); #if ENABLE_DNS_OVER_TLS if (tls) { From 6d3e2f0188f8a10412c56dc987198104a4dfff0f Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Sun, 30 Jan 2022 17:56:32 +0100 Subject: [PATCH 267/703] resolved: Allow test-resolved-stream to run concurrently Since test-resolved-stream brings up a simple DNS server on 127.0.0.1:12345, only one instance could run at a time, so it would fail when run like `meson test -C build test-resolved-stream --repeat=1000`. Similarly, if by chance something is up on port 12345, the test would fail. To make the test more reliable, run it in an isolated user + network namespace. If this fails (some distributions disable user namespaces), just run as before. (cherry picked from commit c76120f1b82f7e1c6a53b1569087db462c21b7d1) --- src/resolve/test-resolved-stream.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/resolve/test-resolved-stream.c b/src/resolve/test-resolved-stream.c index d95a2f89cd6..f12c729e500 100644 --- a/src/resolve/test-resolved-stream.c +++ b/src/resolve/test-resolved-stream.c @@ -2,10 +2,12 @@ #include #include +#include #include #include #include #include +#include #include #include #include @@ -13,6 +15,7 @@ #include "fd-util.h" #include "log.h" +#include "macro.h" #include "process-util.h" #include "resolved-dns-packet.h" #include "resolved-dns-question.h" @@ -327,6 +330,24 @@ static void test_dns_stream(bool tls) { log_info("test-resolved-stream: Finished %s test", tls ? "TLS" : "TCP"); } +static void try_isolate_network(void) { + _cleanup_close_ int socket_fd = -1; + + if (unshare(CLONE_NEWUSER | CLONE_NEWNET) < 0) { + log_warning("test-resolved-stream: Can't create user and network ns, running on host"); + return; + } + + /* Bring up the loopback interfaceon the newly created network namespace */ + struct ifreq req = { .ifr_ifindex = 1 }; + assert_se((socket_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)) >= 0); + assert_se(ioctl(socket_fd,SIOCGIFNAME,&req) >= 0); + assert_se(ioctl(socket_fd, SIOCGIFFLAGS, &req) >= 0); + assert_se(FLAGS_SET(req.ifr_flags, IFF_LOOPBACK)); + req.ifr_flags |= IFF_UP; + assert_se(ioctl(socket_fd, SIOCSIFFLAGS, &req) >= 0); +} + int main(int argc, char **argv) { SERVER_ADDRESS = (struct sockaddr_in) { .sin_family = AF_INET, @@ -336,6 +357,8 @@ int main(int argc, char **argv) { test_setup_logging(LOG_DEBUG); + try_isolate_network(); + test_dns_stream(false); #if ENABLE_DNS_OVER_TLS if (system("openssl version >/dev/null 2>&1") != 0) From ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 3 Jan 2022 18:11:32 +0100 Subject: [PATCH 268/703] random-seed: hash together old seed and new seed before writing out file If we're consuming an on-disk seed, we usually write out a new one after consuming it. In that case, we might be at early boot and the randomness could be rather poor, and the kernel doesn't guarantee that it'll use the new randomness right away for us. In order to prevent the new entropy from getting any worse, hash together the old seed and the new seed, and replace the final bytes of the new seed with the hash output. This way, entropy strictly increases and never regresses. (cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b) --- src/random-seed/random-seed.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index 7724e0365e7..bba83357203 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -26,6 +26,7 @@ #include "random-util.h" #include "string-util.h" #include "sync-util.h" +#include "sha256.h" #include "util.h" #include "xattr-util.h" @@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) { _cleanup_close_ int seed_fd = -1, random_fd = -1; bool read_seed_file, write_seed_file, synchronous; _cleanup_free_ void* buf = NULL; + struct sha256_ctx hash_state; + uint8_t hash[32]; size_t buf_size; struct stat st; - ssize_t k; + ssize_t k, l; int r; log_setup(); @@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) { if (r < 0) log_error_errno(r, "Failed to write seed to /dev/urandom: %m"); } + /* If we're going to later write out a seed file, initialize a hash state with + * the contents of the seed file we just read, so that the new one can't regress + * in entropy. */ + if (write_seed_file) { + sha256_init_ctx(&hash_state); + if (k < 0) + k = 0; + sha256_process_bytes(&k, sizeof(k), &hash_state); + sha256_process_bytes(buf, k, &hash_state); + } } if (write_seed_file) { @@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) { "Got EOF while reading from /dev/urandom."); } + /* If we previously read in a seed file, then hash the new seed into the old one, + * and replace the last 32 bytes of the seed with the hash output, so that the + * new seed file can't regress in entropy. */ + if (read_seed_file) { + sha256_process_bytes(&k, sizeof(k), &hash_state); + sha256_process_bytes(buf, k, &hash_state); + sha256_finish_ctx(&hash_state, hash); + l = MIN(k, 32); + memcpy((uint8_t *)buf + k - l, hash, l); + } + r = loop_write(seed_fd, buf, (size_t) k, false); if (r < 0) return log_error_errno(r, "Failed to write new random seed file: %m"); From c901bc8680d1835737de116f2bf1f522bdb083c2 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 24 Mar 2022 20:37:43 +0100 Subject: [PATCH 269/703] journald: make sure SIGTERM handling doesn't get starved out Fixes: #22642 (cherry picked from commit 19252b254861d8c9b56e2acaeb182812c8f07e52) --- src/journal/journald-server.c | 76 +++++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 3 deletions(-) diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 9bfe22906a5..8fb363c4f75 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1448,12 +1448,82 @@ static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo * } static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) { + _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL; Server *s = userdata; + int r; assert(s); log_received_signal(LOG_INFO, si); + (void) sd_event_source_set_enabled(es, false); /* Make sure this handler is called at most once */ + + /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded + * time. On the other hand we want that everything pending is first comprehensively processed and + * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process + * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event + * sources: one low priority idle one that will issue the exit once everything else is processed (and + * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety + * net: if our idle handler isn't run within 10s, we'll exit anyway. + * + * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens + * first. + * + * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as + * messages will remain queued in the sockets they came in from, and thus can be processed when we + * start up next – unless we are going down for the final system shutdown, in which case everything + * is lost. */ + + r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */ + if (r < 0) { + log_error_errno(r, "Failed to allocate exit idle event handler: %m"); + goto fail; + } + + (void) sd_event_source_set_description(news, "exit-idle"); + + /* Run everything relevant before this. */ + r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20); + if (r < 0) { + log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m"); + goto fail; + } + + /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */ + r = sd_event_source_set_floating(news, true); + if (r < 0) { + log_error_errno(r, "Failed to make exit idle event handler floating: %m"); + goto fail; + } + + news = sd_event_source_unref(news); + + r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL); + if (r < 0) { + log_error_errno(r, "Failed to allocate exit timeout event handler: %m"); + goto fail; + } + + (void) sd_event_source_set_description(news, "exit-timeout"); + + r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */ + if (r < 0) { + log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m"); + goto fail; + } + + r = sd_event_source_set_floating(news, true); + if (r < 0) { + log_error_errno(r, "Failed to make exit timeout event handler floating: %m"); + goto fail; + } + + news = sd_event_source_unref(news); + + log_debug("Exit event sources are now pending."); + return 0; + +fail: sd_event_exit(s->event, 0); return 0; } @@ -1505,8 +1575,8 @@ static int setup_signals(Server *s) { if (r < 0) return r; - /* Let's process SIGTERM late, so that we flush all queued messages to disk before we exit */ - r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20); + /* Let's process SIGTERM early, so that we definitely react to it */ + r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); if (r < 0) return r; @@ -1516,7 +1586,7 @@ static int setup_signals(Server *s) { if (r < 0) return r; - r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20); + r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); if (r < 0) return r; From 6253eb576cdde2230b75f84532f745b4409f71ad Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 24 Mar 2022 21:24:23 +0100 Subject: [PATCH 270/703] journal-file: if we are going down, don't use event loop to schedule post The event loop is already shutting down, hence no point in using it anymore, it's not going to run any further iteration. (cherry picked from commit 47f04c2a69d5a604411f17a2e660021165d09c89) --- src/libsystemd/sd-journal/journal-file.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index 369b32856fb..bac258ca421 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -1887,11 +1887,18 @@ static int post_change_thunk(sd_event_source *timer, uint64_t usec, void *userda } static void schedule_post_change(JournalFile *f) { + sd_event *e; int r; assert(f); assert(f->post_change_timer); + assert_se(e = sd_event_source_get_event(f->post_change_timer)); + + /* If we are aleady going down, post the change immediately. */ + if (IN_SET(sd_event_get_state(e), SD_EVENT_EXITING, SD_EVENT_FINISHED)) + goto fail; + r = sd_event_source_get_enabled(f->post_change_timer, NULL); if (r < 0) { log_debug_errno(r, "Failed to get ftruncate timer state: %m"); From 056bae9f1bc3252266909b68c038c2b6afaf5e70 Mon Sep 17 00:00:00 2001 From: Laura Barcziova Date: Wed, 9 Mar 2022 07:50:29 +0100 Subject: [PATCH 271/703] Packit: build SRPMs in Copr Add srpm_build_deps key to the Packit config to specify needed dependencies for SRPM build and indicate to build SRPM in Copr. (cherry picked from commit d15e1a29e3aab04ee79d5e3ec8e1e65fca78e165) --- .packit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.packit.yml b/.packit.yml index e16622311ee..6fea40570e4 100644 --- a/.packit.yml +++ b/.packit.yml @@ -13,6 +13,7 @@ downstream_package_name: systemd # `git describe` returns in systemd's case 'v245-xxx' which breaks RPM version # detection (that expects 245-xxxx'). Let's tweak the version string accordingly upstream_tag_template: "v{version}" +srpm_build_deps: [] actions: post-upstream-clone: From 7cda67d4f4da259bb1a18db208e6956df4620d77 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 1 Apr 2022 01:03:25 +0100 Subject: [PATCH 272/703] packit: build on and use Fedora 36 spec file It's targeted to the v250 branch, while the rawhide one follows the newest upstream release, and the command line options are not compatible --- .packit.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.packit.yml b/.packit.yml index 6fea40570e4..1570990b29c 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,8 +17,8 @@ srpm_build_deps: [] actions: post-upstream-clone: - # Use the Fedora Rawhide specfile - - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" + # Use the Fedora 36 specfile + - "git clone --branch f36 https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" # Drop backported patches from the specfile, but keep the downstream-only ones @@ -38,7 +38,7 @@ jobs: trigger: pull_request metadata: targets: - - fedora-rawhide-aarch64 - - fedora-rawhide-i386 - - fedora-rawhide-ppc64le - - fedora-rawhide-x86_64 + - fedora-36-aarch64 + - fedora-36-i386 + - fedora-36-ppc64le + - fedora-36-x86_64 From 2298094b2cb72ae01c8652f2c57d9fc6426d13e0 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 1 Apr 2022 15:26:38 +0100 Subject: [PATCH 273/703] packit: drop bfq patch Does not apply on v250-stable --- .packit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.packit.yml b/.packit.yml index 1570990b29c..66dd503938f 100644 --- a/.packit.yml +++ b/.packit.yml @@ -25,6 +25,8 @@ actions: # - Patch(0000-0499): backported patches from upstream # - Patch0500-9999: downstream-only patches - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" + # Also drop the bfq scheduler patch, does not apply on v250-stable + - "sed -ri '/^Patch0500\\:.+\\.patch/d' .packit_rpm/systemd.spec" # Build the RPM with --werror. Even though --werror doesn't work in all # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). From 18c0096ec29c04f9be2aa05c5ffa9e88be8e0a39 Mon Sep 17 00:00:00 2001 From: Be Date: Fri, 27 Aug 2021 22:30:50 -0500 Subject: [PATCH 274/703] Add AV production controllers to hwdb and add uaccess This adds support for AV production controller devices, such as DJ tables, music-oriented key pads, and others. The USB vendor and product IDs come from Mixxx, Ctlra, and Ardour. Fixes #20533 Co-developed-by: Georges Basile Stavracas Neto (cherry picked from commit f2c36c0e2445fa95ba109017d4b768b2fd825c43) --- hwdb.d/70-av-production.hwdb | 123 ++++++++++++++++++++++++++++++++++ hwdb.d/meson.build | 1 + hwdb.d/parse_hwdb.py | 1 + src/login/70-uaccess.rules.in | 9 +++ 4 files changed, 134 insertions(+) create mode 100644 hwdb.d/70-av-production.hwdb diff --git a/hwdb.d/70-av-production.hwdb b/hwdb.d/70-av-production.hwdb new file mode 100644 index 00000000000..17ac1b4fb6c --- /dev/null +++ b/hwdb.d/70-av-production.hwdb @@ -0,0 +1,123 @@ +# This file is part of systemd. +# +# Database for AV production controllers that should be accessible to the seat owner. +# +# This covers DJ tables, and music-oriented key pads +# +# To add local entries, copy this file to +# /etc/udev/hwdb.d/ +# and add your rules there. To load the new rules execute (as root): +# systemd-hwdb update +# udevadm trigger + +################ +# Ableton +################ +# Push 2 +usb:v2982p1967* + ID_AV_PRODUCTION_CONTROLLER=1 + +################ +# Eks +################ +# Otus +usb:v1157p0300* + ID_AV_PRODUCTION_CONTROLLER=1 + +############################# +# Hercules (Guillemot Corp) +############################# +# DJ Console MP3e2 +usb:v06F8pB105* + ID_AV_PRODUCTION_CONTROLLER=1 + +# DJ Console MP3 LE / Glow +usb:v06F8pB120* + ID_AV_PRODUCTION_CONTROLLER=1 + +# DJ Console Mk2 +usb:v06F8pB100* + ID_AV_PRODUCTION_CONTROLLER=1 + +# DJ Console Mk4 +usb:v06F8pB107* + ID_AV_PRODUCTION_CONTROLLER=1 + +##################### +# Native Instruments +##################### + +# Maschine 2 +usb:v17CCp1140* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Maschine 2 Mikro +usb:v17CCp1110* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Maschine 2 Studio +usb:v17CCp1300* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Maschine Jam +usb:v17CCp1500* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Maschine 3 +usb:v17CCp1600* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol D2 +usb:v17CCp1400* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol F1 +usb:v17CCp1120* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S2 Mk2 +usb:v17CCp1320* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S2 Mk3 +usb:v17CCp1710* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S3 +usb:v17CCp1900* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S4 Mk2 +usb:v17CCp1310* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S4 Mk3 +usb:v17CCp1720* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S5 +usb:v17CCp1420* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol S8 +usb:v17CCp1370* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol X1 Mk2 +usb:v17CCp1220* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol Z1 +usb:v17CCp1210* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Traktor Kontrol Z2 +usb:v17CCp1130* + ID_AV_PRODUCTION_CONTROLLER=1 + +#################### +# Pioneer +#################### +# CDJ 2000 NXS 2 +usb:v2B73p0005* + ID_AV_PRODUCTION_CONTROLLER=1 diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build index 4363d67cb3b..e79380db242 100644 --- a/hwdb.d/meson.build +++ b/hwdb.d/meson.build @@ -27,6 +27,7 @@ hwdb_files_test = files( '60-seat.hwdb', '60-sensor.hwdb', '70-analyzers.hwdb', + '70-av-production.hwdb', '70-cameras.hwdb', '70-joystick.hwdb', '70-mouse.hwdb', diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py index 0268bf9580d..0bc9d1a951f 100755 --- a/hwdb.d/parse_hwdb.py +++ b/hwdb.d/parse_hwdb.py @@ -135,6 +135,7 @@ def property_grammar(): ('MOUSE_WHEEL_CLICK_COUNT', INTEGER), ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER), ('ID_AUTOSUSPEND', Or((Literal('0'), Literal('1')))), + ('ID_AV_PRODUCTION_CONTROLLER', Or((Literal('0'), Literal('1')))), ('ID_PERSIST', Or((Literal('0'), Literal('1')))), ('ID_INPUT', Or((Literal('0'), Literal('1')))), ('ID_INPUT_ACCELEROMETER', Or((Literal('0'), Literal('1')))), diff --git a/src/login/70-uaccess.rules.in b/src/login/70-uaccess.rules.in index 052194b6c93..a3301be1bc8 100644 --- a/src/login/70-uaccess.rules.in +++ b/src/login/70-uaccess.rules.in @@ -87,4 +87,13 @@ ENV{ID_SIGNAL_ANALYZER}=="?*", ENV{DEVTYPE}=="usb_device", TAG+="uaccess" # rfkill / radio killswitches KERNEL=="rfkill", SUBSYSTEM=="misc", TAG+="uaccess" +# AV production controllers +# Most of these devices use HID for the knobs, faders, buttons, encoders, and jog wheels. +SUBSYSTEM=="hidraw", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess" + +# Some devices use vendor defined protocols on USB Bulk endpoints for controllers. +# Other devices transfer graphics to screens on the device through USB Bulk endpoints. +# This also allows accessing HID devices with the libusb backend of hidapi. +SUBSYSTEM=="usb", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess" + LABEL="uaccess_end" From a7585a3a3806acad43416568a29ab652fcfa3a39 Mon Sep 17 00:00:00 2001 From: Georges Basile Stavracas Neto Date: Mon, 14 Mar 2022 10:50:45 -0300 Subject: [PATCH 275/703] hwdb: Add AV production access to Elgado Stream Deck devices The Stream Deck products from Elgato are simple key pads intended to be used as macro pads. They're popular within the streaming community. This commit adds all 5 Stream Deck variants available to the AV production file. See https://www.elgato.com/en/stream-deck (cherry picked from commit e982320b44486b26c4d39f7c81012f6a0e2aaf77) --- hwdb.d/70-av-production.hwdb | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/hwdb.d/70-av-production.hwdb b/hwdb.d/70-av-production.hwdb index 17ac1b4fb6c..a13d6981eb5 100644 --- a/hwdb.d/70-av-production.hwdb +++ b/hwdb.d/70-av-production.hwdb @@ -2,7 +2,8 @@ # # Database for AV production controllers that should be accessible to the seat owner. # -# This covers DJ tables, and music-oriented key pads +# This covers DJ tables, music-oriented key pads, and streaming-oriented key pads +# such as Elgato Stream Deck # # To add local entries, copy this file to # /etc/udev/hwdb.d/ @@ -24,6 +25,29 @@ usb:v2982p1967* usb:v1157p0300* ID_AV_PRODUCTION_CONTROLLER=1 +################ +# Elgato +################ +# Stream Deck Original (gen 1) +usb:v0FD9p0060* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Stream Deck Mini +usb:v0FD9p0063* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Stream Deck XL +usb:v0FD9p006C* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Stream Deck Original (gen 2) +usb:v0FD9p006D* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Stream Deck MK.2 +usb:v0FD9p0080* + ID_AV_PRODUCTION_CONTROLLER=1 + ############################# # Hercules (Guillemot Corp) ############################# From 3f6e62eccbc125a7e91def5fffd6b722cdd43b82 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 3 Feb 2022 12:14:19 +0900 Subject: [PATCH 276/703] network-generator: rename DHCP_TYPE_DHCP -> DHCP_TYPE_DHCP4 To emphasize this is DHCPv4. No behavior is changed. (cherry picked from commit 318a53d10a65708df9ee48016e41be91a708c4fe) --- src/network/generator/network-generator.c | 4 ++-- src/network/generator/network-generator.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/network/generator/network-generator.c b/src/network/generator/network-generator.c index c081ec673c8..063ad08d80b 100644 --- a/src/network/generator/network-generator.c +++ b/src/network/generator/network-generator.c @@ -47,7 +47,7 @@ static const char * const dracut_dhcp_type_table[_DHCP_TYPE_MAX] = { [DHCP_TYPE_OFF] = "off", [DHCP_TYPE_ON] = "on", [DHCP_TYPE_ANY] = "any", - [DHCP_TYPE_DHCP] = "dhcp", + [DHCP_TYPE_DHCP4] = "dhcp", [DHCP_TYPE_DHCP6] = "dhcp6", [DHCP_TYPE_AUTO6] = "auto6", [DHCP_TYPE_EITHER6] = "either6", @@ -62,7 +62,7 @@ static const char * const networkd_dhcp_type_table[_DHCP_TYPE_MAX] = { [DHCP_TYPE_OFF] = "no", [DHCP_TYPE_ON] = "yes", [DHCP_TYPE_ANY] = "yes", - [DHCP_TYPE_DHCP] = "ipv4", + [DHCP_TYPE_DHCP4] = "ipv4", [DHCP_TYPE_DHCP6] = "ipv6", [DHCP_TYPE_AUTO6] = "no", /* TODO: enable other setting? */ [DHCP_TYPE_EITHER6] = "ipv6", /* TODO: enable other setting? */ diff --git a/src/network/generator/network-generator.h b/src/network/generator/network-generator.h index dd0a58738b6..0e0da2a57af 100644 --- a/src/network/generator/network-generator.h +++ b/src/network/generator/network-generator.h @@ -13,7 +13,7 @@ typedef enum DHCPType { DHCP_TYPE_OFF, DHCP_TYPE_ON, DHCP_TYPE_ANY, - DHCP_TYPE_DHCP, + DHCP_TYPE_DHCP4, DHCP_TYPE_DHCP6, DHCP_TYPE_AUTO6, DHCP_TYPE_EITHER6, From 61649fbada95fd30f3a6174a376a3d1bd0c8aea1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 4 Feb 2022 15:22:20 +0900 Subject: [PATCH 277/703] stat-util: introduce path_is_network_fs() (cherry picked from commit 4e247216e58ff26f10a2af13d290465f0a65a501) --- src/basic/stat-util.c | 9 +++++++++ src/basic/stat-util.h | 1 + 2 files changed, 10 insertions(+) diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c index efac7b002e4..c2269844f81 100644 --- a/src/basic/stat-util.c +++ b/src/basic/stat-util.c @@ -249,6 +249,15 @@ int path_is_temporary_fs(const char *path) { return is_temporary_fs(&s); } +int path_is_network_fs(const char *path) { + struct statfs s; + + if (statfs(path, &s) < 0) + return -errno; + + return is_network_fs(&s); +} + int stat_verify_regular(const struct stat *st) { assert(st); diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h index a566114f7c9..f7d2f12aa9d 100644 --- a/src/basic/stat-util.h +++ b/src/basic/stat-util.h @@ -53,6 +53,7 @@ int fd_is_temporary_fs(int fd); int fd_is_network_fs(int fd); int path_is_temporary_fs(const char *path); +int path_is_network_fs(const char *path); /* Because statfs.t_type can be int on some architectures, we have to cast * the const magic to the type, otherwise the compiler warns about From 8f2f6a94d8793cc167665170c55cf151cee19cdb Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 4 Feb 2022 15:33:38 +0900 Subject: [PATCH 278/703] network: enable KeepConfiguration= when running on network filesystem Also, set KeepConfiguration=dhcp-on-stop by default when running in initrd. Fixes #21967. (cherry picked from commit ea853de57dd84a2173cd60e2ecec1b8c978e04f3) --- man/systemd.network.xml | 6 ++++-- src/network/networkd-manager.c | 29 +++++++++++++++++++++++++++++ src/network/networkd-manager.h | 2 ++ src/network/networkd-network.c | 12 +++++++----- src/network/test-networkd-conf.c | 5 +++++ 5 files changed, 47 insertions(+), 7 deletions(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 6fe87bbebac..3e8e5357cc3 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -1031,8 +1031,10 @@ Table=1234 lease expires. This is contrary to the DHCP specification, but may be the best choice if, e.g., the root filesystem relies on this connection. The setting dhcp implies dhcp-on-stop, and yes implies - dhcp and static. Defaults to no. - + dhcp and static. Defaults to + dhcp-on-stop when systemd-networkd is running in + initrd, yes when the root filesystem is a network filesystem, and + no otherwise. diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index 9d790224cc9..e1696d6d422 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -399,6 +399,30 @@ static int signal_restart_callback(sd_event_source *s, const struct signalfd_sig return sd_event_exit(sd_event_source_get_event(s), 0); } +static int manager_set_keep_configuration(Manager *m) { + int r; + + assert(m); + + if (in_initrd()) { + log_debug("Running in initrd, keep DHCPv4 addresses on stopping networkd by default."); + m->keep_configuration = KEEP_CONFIGURATION_DHCP_ON_STOP; + return 0; + } + + r = path_is_network_fs("/"); + if (r < 0) + return log_error_errno(r, "Failed to detect if root is network filesystem: %m"); + if (r == 0) { + m->keep_configuration = _KEEP_CONFIGURATION_INVALID; + return 0; + } + + log_debug("Running on network filesystem, enabling KeepConfiguration= by default."); + m->keep_configuration = KEEP_CONFIGURATION_YES; + return 0; +} + int manager_setup(Manager *m) { int r; @@ -454,6 +478,10 @@ int manager_setup(Manager *m) { if (r < 0) return r; + r = manager_set_keep_configuration(m); + if (r < 0) + return r; + m->state_file = strdup("/run/systemd/netif/state"); if (!m->state_file) return -ENOMEM; @@ -469,6 +497,7 @@ int manager_new(Manager **ret, bool test_mode) { return -ENOMEM; *m = (Manager) { + .keep_configuration = _KEEP_CONFIGURATION_INVALID, .test_mode = test_mode, .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL, .online_state = _LINK_ONLINE_STATE_INVALID, diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h index 36313589a37..86de5291244 100644 --- a/src/network/networkd-manager.h +++ b/src/network/networkd-manager.h @@ -28,6 +28,8 @@ struct Manager { Hashmap *polkit_registry; int ethtool_fd; + KeepConfiguration keep_configuration; + bool test_mode; bool enumerating; bool dirty; diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 873ad2e7034..b0aea4e39cd 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -124,6 +124,7 @@ int network_verify(Network *network) { int r; assert(network); + assert(network->manager); assert(network->filename); if (net_match_is_empty(&network->match) && !network->conditions) @@ -248,10 +249,11 @@ int network_verify(Network *network) { } if (network->dhcp_critical >= 0) { - if (network->keep_configuration >= 0) - log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. " - "Ignoring CriticalConnection=.", network->filename); - else if (network->dhcp_critical) + if (network->keep_configuration >= 0) { + if (network->manager->keep_configuration < 0) + log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. " + "Ignoring CriticalConnection=.", network->filename); + } else if (network->dhcp_critical) /* CriticalConnection=yes also preserve foreign static configurations. */ network->keep_configuration = KEEP_CONFIGURATION_YES; else @@ -384,7 +386,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi .allmulticast = -1, .promiscuous = -1, - .keep_configuration = _KEEP_CONFIGURATION_INVALID, + .keep_configuration = manager->keep_configuration, .dhcp_duid.type = _DUID_TYPE_INVALID, .dhcp_critical = -1, diff --git a/src/network/test-networkd-conf.c b/src/network/test-networkd-conf.c index 4b00a980863..5f1328e39c6 100644 --- a/src/network/test-networkd-conf.c +++ b/src/network/test-networkd-conf.c @@ -6,6 +6,7 @@ #include "net-condition.h" #include "networkd-address.h" #include "networkd-conf.h" +#include "networkd-manager.h" #include "networkd-network.h" #include "strv.h" @@ -166,11 +167,15 @@ static void test_config_parse_ether_addr(void) { } static void test_config_parse_address_one(const char *rvalue, int family, unsigned n_addresses, const union in_addr_union *u, unsigned char prefixlen) { + _cleanup_(manager_freep) Manager *manager = NULL; _cleanup_(network_unrefp) Network *network = NULL; + assert_se(manager_new(&manager, /* test_mode = */ true) >= 0); assert_se(network = new0(Network, 1)); network->n_ref = 1; + network->manager = manager; assert_se(network->filename = strdup("hogehoge.network")); + assert_se(config_parse_match_ifnames("network", "filename", 1, "section", 1, "Name", 0, "*", &network->match.ifname, network) == 0); assert_se(config_parse_address("network", "filename", 1, "section", 1, "Address", 0, rvalue, network, network) == 0); assert_se(ordered_hashmap_size(network->addresses_by_section) == 1); From 25b3c48ec5203a1220daaf33b8df6e50e79fd74a Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Sun, 13 Mar 2022 14:45:03 +0100 Subject: [PATCH 279/703] macro: account for negative values in DECIMAL_STR_WIDTH() With negative numbers we wouldn't account for the minus sign, thus returning a string with one character too short, triggering buffer overflows in certain situations. (cherry picked from commit e3dd9ea8ea4510221f73071ad30ee657ca77565d) --- src/basic/macro.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/basic/macro.h b/src/basic/macro.h index aa04039e804..9e62f9c71c8 100644 --- a/src/basic/macro.h +++ b/src/basic/macro.h @@ -319,13 +319,13 @@ static inline int __coverity_check_and_return__(int condition) { sizeof(type) <= 4 ? 10U : \ sizeof(type) <= 8 ? 20U : sizeof(int[-2*(sizeof(type) > 8)]))) -#define DECIMAL_STR_WIDTH(x) \ - ({ \ - typeof(x) _x_ = (x); \ - size_t ans = 1; \ - while ((_x_ /= 10) != 0) \ - ans++; \ - ans; \ +#define DECIMAL_STR_WIDTH(x) \ + ({ \ + typeof(x) _x_ = (x); \ + size_t ans = IS_SIGNED_INTEGER_TYPE(_x_) ? 2 : 1; \ + while ((_x_ /= 10) != 0) \ + ans++; \ + ans; \ }) #define SWAP_TWO(x, y) do { \ From 077ca08b3879f60b5a54650d176d0b2655a980a1 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Mon, 14 Mar 2022 18:03:02 +0100 Subject: [PATCH 280/703] journal: preserve acls when rotating user journals with NOCOW attribute set When restoring the COW flag for journals on BTRFS, the full journal contents are copied into new files. But during these operations, the acls of the previous files were lost and users were not able to access to their old journal contents anymore. (cherry picked from commit 11ee11dbb34587edcde5020c5baf1402dcc4ffdf) --- src/journal/journald-file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/journal/journald-file.c b/src/journal/journald-file.c index 35ca305384e..8a87a43e911 100644 --- a/src/journal/journald-file.c +++ b/src/journal/journald-file.c @@ -179,7 +179,10 @@ static void journald_file_set_offline_internal(JournaldFile *f) { log_debug_errno(r, "Failed to re-enable copy-on-write for %s: %m, rewriting file", f->file->path); - r = copy_file_atomic(f->file->path, f->file->path, f->file->mode, 0, FS_NOCOW_FL, COPY_REPLACE | COPY_FSYNC); + r = copy_file_atomic(f->file->path, f->file->path, f->file->mode, + 0, + FS_NOCOW_FL, + COPY_REPLACE | COPY_FSYNC | COPY_ALL_XATTRS); if (r < 0) { log_debug_errno(r, "Failed to rewrite %s: %m", f->file->path); continue; From d9ea8dab6d72a496c664dc414677533a4142af28 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Mon, 14 Mar 2022 18:05:49 +0100 Subject: [PATCH 281/703] copy: use FLAGS_SET() in copy_xattr() (cherry picked from commit e394a6fc096dbacdfdd8ecada01642a3a4e402c6) --- src/shared/copy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/copy.c b/src/shared/copy.c index 1ace40424e5..a490ee9fec4 100644 --- a/src/shared/copy.c +++ b/src/shared/copy.c @@ -1401,7 +1401,7 @@ int copy_xattr(int fdf, int fdt, CopyFlags copy_flags) { NULSTR_FOREACH(p, names) { _cleanup_free_ char *value = NULL; - if (!(copy_flags & COPY_ALL_XATTRS) && !startswith(p, "user.")) + if (!FLAGS_SET(copy_flags, COPY_ALL_XATTRS) && !startswith(p, "user.")) continue; r = fgetxattr_malloc(fdf, p, &value); From 8d4c0d2383e72f30753bf33f206387bc03879ff8 Mon Sep 17 00:00:00 2001 From: Gibeom Gwon Date: Sun, 6 Mar 2022 09:45:38 +0900 Subject: [PATCH 282/703] calendarspec: fix possibly skips next elapse If the time unit changes after adding the repetition value, the timer may skip the next elapse. This patch reset sub time units to minimum value when upper unit is changed. Fixes #22665. (cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c) --- src/shared/calendarspec.c | 27 ++++++++++++++++++++------- src/test/test-calendarspec.c | 2 ++ 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c index 71256de8e14..79fd1359b66 100644 --- a/src/shared/calendarspec.c +++ b/src/shared/calendarspec.c @@ -1181,6 +1181,7 @@ static int find_matching_component( static int tm_within_bounds(struct tm *tm, bool utc) { struct tm t; + int cmp; assert(tm); /* @@ -1195,13 +1196,25 @@ static int tm_within_bounds(struct tm *tm, bool utc) { if (mktime_or_timegm(&t, utc) < 0) return negative_errno(); - /* Did any normalization take place? If so, it was out of bounds before */ - int cmp = CMP(t.tm_year, tm->tm_year) ?: - CMP(t.tm_mon, tm->tm_mon) ?: - CMP(t.tm_mday, tm->tm_mday) ?: - CMP(t.tm_hour, tm->tm_hour) ?: - CMP(t.tm_min, tm->tm_min) ?: - CMP(t.tm_sec, tm->tm_sec); + /* + * Did any normalization take place? If so, it was out of bounds before. + * Normalization could skip next elapse, e.g. result of normalizing 3-33 + * is 4-2. This skips 4-1. So reset the sub time unit if upper unit was + * out of bounds. Normalization has occurred implies find_matching_component() > 0, + * other sub time units are already reset in find_next(). + */ + if ((cmp = CMP(t.tm_year, tm->tm_year)) != 0) + t.tm_mon = 0; + else if ((cmp = CMP(t.tm_mon, tm->tm_mon)) != 0) + t.tm_mday = 1; + else if ((cmp = CMP(t.tm_mday, tm->tm_mday)) != 0) + t.tm_hour = 0; + else if ((cmp = CMP(t.tm_hour, tm->tm_hour)) != 0) + t.tm_min = 0; + else if ((cmp = CMP(t.tm_min, tm->tm_min)) != 0) + t.tm_sec = 0; + else + cmp = CMP(t.tm_sec, tm->tm_sec); if (cmp < 0) return -EDEADLK; /* Refuse to go backward */ diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c index e1862f4eb88..71814e3115b 100644 --- a/src/test/test-calendarspec.c +++ b/src/test/test-calendarspec.c @@ -199,6 +199,8 @@ TEST(calendar_spec_next) { test_next("2016-02~01 UTC", "", 12345, 1456704000000000); test_next("Mon 2017-05~01..07 UTC", "", 12345, 1496016000000000); test_next("Mon 2017-05~07/1 UTC", "", 12345, 1496016000000000); + test_next("*-*-01/5 04:00:00 UTC", "", 1646010000000000, 1646107200000000); + test_next("*-01/7-01 04:00:00 UTC", "", 1664607600000000, 1672545600000000); test_next("2017-08-06 9,11,13,15,17:00 UTC", "", 1502029800000000, 1502031600000000); test_next("2017-08-06 9..17/2:00 UTC", "", 1502029800000000, 1502031600000000); test_next("2016-12-* 3..21/6:00 UTC", "", 1482613200000001, 1482634800000000); From bba396d78ce4752b7446c014b5dfe9a521c870e0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 24 Mar 2022 16:58:59 +0900 Subject: [PATCH 283/703] journal-remote: refuse to specify --trust option when gnutls is disabled and check_permission() should not be called in that case. Replaces #22847. (cherry picked from commit f7adeaeb897f6d24c50250e2d5fdc9797964b81e) --- src/journal-remote/journal-remote-main.c | 13 ++++++++----- src/journal-remote/microhttpd-util.c | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c index 6ab91263b1d..3e3646e45f9 100644 --- a/src/journal-remote/journal-remote-main.c +++ b/src/journal-remote/journal-remote-main.c @@ -46,7 +46,11 @@ static const char* arg_output = NULL; static char *arg_key = NULL; static char *arg_cert = NULL; static char *arg_trust = NULL; +#if HAVE_GNUTLS static bool arg_trust_all = false; +#else +static bool arg_trust_all = true; +#endif STATIC_DESTRUCTOR_REGISTER(arg_gnutls_log, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_key, freep); @@ -932,6 +936,7 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_TRUST: +#if HAVE_GNUTLS if (arg_trust || arg_trust_all) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Confusing trusted CA configuration"); @@ -939,16 +944,14 @@ static int parse_argv(int argc, char *argv[]) { if (streq(optarg, "all")) arg_trust_all = true; else { -#if HAVE_GNUTLS arg_trust = strdup(optarg); if (!arg_trust) return log_oom(); + } #else - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Option --trust is not available."); + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --trust is not available."); #endif - } - break; case 'o': diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c index e6a82544912..7c59d90ef4c 100644 --- a/src/journal-remote/microhttpd-util.c +++ b/src/journal-remote/microhttpd-util.c @@ -300,7 +300,7 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn #else int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) { - return -EPERM; + assert_not_reached(); } int setup_gnutls_logger(char **categories) { From 72d0c6b171ebe81fee15af4c996ae62ac67f3b2d Mon Sep 17 00:00:00 2001 From: Romain Naour Date: Fri, 7 Jan 2022 22:25:23 +0100 Subject: [PATCH 284/703] missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing MOVE_MOUNT_T_EMPTY_PATH has been added to systemd 250 by [1] but it's defined in kernel headers since version 5.2. [1] c7bf079bbc19e3b409acc0c7acc3e14749211fe2 (cherry picked from commit 608c3b0293cac3cbb037b2d15c0a0f1e247eb71e) --- src/basic/missing_syscall.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h index 8267b1a90c1..793d111c55c 100644 --- a/src/basic/missing_syscall.h +++ b/src/basic/missing_syscall.h @@ -569,6 +569,10 @@ static inline int missing_open_tree( #define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */ #endif +#ifndef MOVE_MOUNT_T_EMPTY_PATH +#define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 /* Empty to path permitted */ +#endif + static inline int missing_move_mount( int from_dfd, const char *from_pathname, From 8ed1490de6e561b488a4ddd0dd9f267e88e4c92f Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 1 Apr 2022 00:53:29 +0100 Subject: [PATCH 285/703] analyze: fix offline check for 'native' syscall architecture Enum values are stored in the set, not strings (cherry picked from commit 1449b0f8a96b272547e405913b37715cbbe4768a) --- src/analyze/analyze-security.c | 11 +++++++---- test/units/testsuite-65.sh | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 2691dc2c868..8228eb18eb4 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -527,6 +527,8 @@ static int assess_restrict_namespaces( return 0; } +#if HAVE_SECCOMP + static int assess_system_call_architectures( const struct security_assessor *a, const SecurityInfo *info, @@ -534,16 +536,19 @@ static int assess_system_call_architectures( uint64_t *ret_badness, char **ret_description) { + uint32_t native = 0; char *d; uint64_t b; assert(ret_badness); assert(ret_description); + assert_se(seccomp_arch_from_string("native", &native) >= 0); + if (set_isempty(info->system_call_architectures)) { b = 10; d = strdup("Service may execute system calls with all ABIs"); - } else if (set_contains(info->system_call_architectures, "native") && + } else if (set_contains(info->system_call_architectures, UINT32_TO_PTR(native + 1)) && set_size(info->system_call_architectures) == 1) { b = 0; d = strdup("Service may execute system calls only with native ABI"); @@ -561,8 +566,6 @@ static int assess_system_call_architectures( return 0; } -#if HAVE_SECCOMP - static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) { const char *syscall; @@ -1473,6 +1476,7 @@ static const struct security_assessor security_assessor_table[] = { .assess = assess_bool, .offset = offsetof(SecurityInfo, restrict_address_family_other), }, +#if HAVE_SECCOMP { .id = "SystemCallArchitectures=", .json_field = "SystemCallArchitectures", @@ -1481,7 +1485,6 @@ static const struct security_assessor security_assessor_table[] = { .range = 10, .assess = assess_system_call_architectures, }, -#if HAVE_SECCOMP { .id = "SystemCallFilter=~@swap", .json_field = "SystemCallFilter_swap", diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh index dcd11161f49..18684d41702 100755 --- a/test/units/testsuite-65.sh +++ b/test/units/testsuite-65.sh @@ -575,14 +575,14 @@ systemd-analyze security --threshold=90 --offline=true \ --root=/tmp/img/ testfile.service # The strict profile adds a lot of sanboxing options -systemd-analyze security --threshold=20 --offline=true \ +systemd-analyze security --threshold=25 --offline=true \ --security-policy=/tmp/testfile.json \ --profile=strict \ --root=/tmp/img/ testfile.service set +e # The trusted profile doesn't add any sanboxing options -systemd-analyze security --threshold=20 --offline=true \ +systemd-analyze security --threshold=25 --offline=true \ --security-policy=/tmp/testfile.json \ --profile=/usr/lib/systemd/portable/profile/trusted/service.conf \ --root=/tmp/img/ testfile.service \ From b5dfdf0301c5042a6882fe03cb167968ba8e3ee5 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 1 Apr 2022 00:54:53 +0100 Subject: [PATCH 286/703] analyze: fix offline check for syscal filter The deny/allow list check was inverted, if we are deny listing and the hashmap contains the syscall then that's good Fixes https://github.com/systemd/systemd/issues/22914 (cherry picked from commit dd51e725df9aec2847482131ef601e0215b371a0) --- src/analyze/analyze-security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 8228eb18eb4..111fab6b86b 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -587,7 +587,7 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi if (id < 0) continue; - if (hashmap_contains(s, syscall) == allow_list) { + if (hashmap_contains(s, syscall) != allow_list) { log_debug("Offending syscall filter item: %s", syscall); if (ret_offending_syscall) *ret_offending_syscall = syscall; From 12f05b856c5f2b4d27261b619371ec2cb5ab7d9a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 5 Apr 2022 01:57:03 +0900 Subject: [PATCH 287/703] network: ignore all errors in loading .network files This partially reverts 9202b567bcdd0c1f6a1fc2a5f36602e619960813. Fixes #22954. (cherry picked from commit 036a8d503f101e4d6c5da556c36f9033e3b2f167) --- src/network/networkd-network.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index b0aea4e39cd..8a53b29d489 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -586,11 +586,8 @@ int network_load(Manager *manager, OrderedHashmap **networks) { if (r < 0) return log_error_errno(r, "Failed to enumerate network files: %m"); - STRV_FOREACH(f, files) { - r = network_load_one(manager, networks, *f); - if (r < 0) - return log_error_errno(r, "Failed to load %s: %m", *f); - } + STRV_FOREACH(f, files) + (void) network_load_one(manager, networks, *f); return 0; } From 9727b9ee7b90afb8fa0e6328dcb6c34b1522d4fd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 5 Apr 2022 21:47:46 +0900 Subject: [PATCH 288/703] core: command argument can be longer than PATH_MAX Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4. Fixes #22957. (cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e) --- src/core/load-fragment.c | 2 +- src/test/test-load-fragment.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 92a52819e27..9523d822b70 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -1000,7 +1000,7 @@ int config_parse_exec( if (r < 0) return ignore ? 0 : -ENOEXEC; - r = unit_path_printf(u, word, &resolved); + r = unit_full_printf(u, word, &resolved); if (r < 0) { log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s%s: %m", diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c index e878979a895..262d76a44e2 100644 --- a/src/test/test-load-fragment.c +++ b/src/test/test-load-fragment.c @@ -10,6 +10,7 @@ #include "capability-util.h" #include "conf-parser.h" #include "fd-util.h" +#include "fileio.h" #include "format-util.h" #include "fs-util.h" #include "hashmap.h" @@ -412,6 +413,21 @@ TEST(config_parse_exec) { assert_se(r == 0); assert_se(c1->command_next == NULL); + log_info("/* long arg */"); /* See issue #22957. */ + + char x[LONG_LINE_MAX-100], *y; + y = mempcpy(x, "/bin/echo ", STRLEN("/bin/echo ")); + memset(y, 'x', sizeof(x) - STRLEN("/bin/echo ") - 1); + x[sizeof(x) - 1] = '\0'; + + r = config_parse_exec(NULL, "fake", 5, "section", 1, + "LValue", 0, x, + &c, u); + assert_se(r >= 0); + c1 = c1->command_next; + check_execcommand(c1, + "/bin/echo", NULL, y, NULL, false); + log_info("/* empty argument, reset */"); r = config_parse_exec(NULL, "fake", 4, "section", 1, "LValue", 0, "", From df6253cbda3e5d1b3c694de223cb7899f3aecc74 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 6 Apr 2022 01:08:35 +0900 Subject: [PATCH 289/703] hwdb: fix parsing options Fixes #22976. (cherry picked from commit 5674b74c4f99e433fd8e7242e9f16f6ddfece94c) --- src/hwdb/hwdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c index 26c8d660679..17ac7e4fbe0 100644 --- a/src/hwdb/hwdb.c +++ b/src/hwdb/hwdb.c @@ -73,8 +73,8 @@ static int parse_argv(int argc, char *argv[]) { assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "ust:r:h", options, NULL)) >= 0) - switch(c) { + while ((c = getopt_long(argc, argv, "sr:h", options, NULL)) >= 0) + switch (c) { case 'h': return help(); From 10ee46a2ca6e58c40cd48ecee5f7d9b3a1c87ad3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 6 Apr 2022 12:15:33 +0200 Subject: [PATCH 290/703] analyze: Fix verify exit status regression Previously, systemd-analyze verify would return 0 even if warnings were raised during analysis of the specified units or their dependencies. With 3cc3dc7, verify was changed to return 1 when warnings were raised. This commit changes the default mode to _RECURSIVE_ERRORS_INVALID so that verify returns zero again by default when warnings are raised. (cherry picked from commit cae7c282721ce13fc1405fc834382d3177a9b83d) --- man/systemd-analyze.xml | 10 ++++++---- src/analyze/analyze.c | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 7baa1794d7c..97290d479b4 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -819,10 +819,12 @@ $ systemd-analyze verify /tmp/source:alias.service Control verification of units and their dependencies and whether systemd-analyze verify exits with a non-zero process exit status or not. With yes, return a non-zero process exit status when warnings arise during verification - of either the specified unit or any of its associated dependencies. This is the default. With - no, return a non-zero process exit status when warnings arise during verification - of only the specified unit. With one, return a non-zero process exit status when - warnings arise during verification of either the specified unit or its immediate dependencies. + of either the specified unit or any of its associated dependencies. With no, + return a non-zero process exit status when warnings arise during verification of only the specified + unit. With one, return a non-zero process exit status when warnings arise during + verification of either the specified unit or its immediate dependencies. If this option is not + specified, zero is returned as the exit status regardless whether warnings arise during verification + or not. diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index a1908ff442a..ba6d8f74fe9 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -93,7 +93,7 @@ static PagerFlags arg_pager_flags = 0; static BusTransport arg_transport = BUS_TRANSPORT_LOCAL; static const char *arg_host = NULL; static UnitFileScope arg_scope = UNIT_FILE_SYSTEM; -static RecursiveErrors arg_recursive_errors = RECURSIVE_ERRORS_YES; +static RecursiveErrors arg_recursive_errors = _RECURSIVE_ERRORS_INVALID; static bool arg_man = true; static bool arg_generators = false; static char *arg_root = NULL; From 66731319171fd78cce742749161b1fcc9afde59b Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 6 Apr 2022 17:25:35 +0100 Subject: [PATCH 291/703] core: fix dm-verity auto-discovery in MountImageUnit() The implementation of MountImageUnit()/systemctl mount-image was changed to use a /proc/self/fd path as the source, but that causes the dm-verity files autodiscovery to fail, as it looks for files in the same directory as the image. Use the original file path when setting up dm-verity. (cherry picked from commit cedf5b1aef4da2443f00eef2c242c8b005071aca) --- src/core/namespace.c | 2 +- src/shared/dissect-image.c | 6 +++++- src/shared/dissect-image.h | 2 +- src/shared/mount-util.c | 6 ++++-- test/units/testsuite-50.sh | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index a731c93860d..9d53d98a16a 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1156,7 +1156,7 @@ static int mount_image(const MountEntry *m, const char *root_directory) { } r = verity_dissect_and_mount( - mount_entry_source(m), mount_entry_path(m), m->image_options, + /* src_fd= */ -1, mount_entry_source(m), mount_entry_path(m), m->image_options, host_os_release_id, host_os_release_version_id, host_os_release_sysext_level, NULL); if (r == -ENOENT && m->ignore) return 0; diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 14519ead703..c16d98b1278 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3452,6 +3452,7 @@ static const char *const partition_designator_table[] = { }; int verity_dissect_and_mount( + int src_fd, const char *src, const char *dest, const MountOptions *options, @@ -3470,14 +3471,17 @@ int verity_dissect_and_mount( assert(src); assert(dest); + /* We might get an FD for the image, but we use the original path to look for the dm-verity files */ r = verity_settings_load(&verity, src, NULL, NULL); if (r < 0) return log_debug_errno(r, "Failed to load root hash: %m"); dissect_image_flags = verity.data_path ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0; + /* Note that we don't use loop_device_make here, as the FD is most likely O_PATH which would not be + * accepted by LOOP_CONFIGURE, so just let loop_device_make_by_path reopen it as a regular FD. */ r = loop_device_make_by_path( - src, + src_fd >= 0 ? FORMAT_PROC_FD_PATH(src_fd) : src, -1, verity.data_path ? 0 : LO_FLAGS_PARTSCAN, &loop_device); diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 032126627ca..3302eb69fd8 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -285,4 +285,4 @@ bool dissected_image_verity_sig_ready(const DissectedImage *image, PartitionDesi int mount_image_privately_interactively(const char *path, DissectImageFlags flags, char **ret_directory, LoopDevice **ret_loop_device, DecryptedImage **ret_decrypted_image); -int verity_dissect_and_mount(const char *src, const char *dest, const MountOptions *options, const char *required_host_os_release_id, const char *required_host_os_release_version_id, const char *required_host_os_release_sysext_level, const char *required_sysext_scope); +int verity_dissect_and_mount(int src_fd, const char *src, const char *dest, const MountOptions *options, const char *required_host_os_release_id, const char *required_host_os_release_version_id, const char *required_host_os_release_sysext_level, const char *required_sysext_scope); diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index c75c02f5be3..fd6a5c09b5b 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -790,6 +790,7 @@ static int mount_in_namespace( bool mount_slave_created = false, mount_slave_mounted = false, mount_tmp_created = false, mount_tmp_mounted = false, mount_outside_created = false, mount_outside_mounted = false; + _cleanup_free_ char *chased_src_path = NULL; struct stat st, self_mntns_st; pid_t child; int r; @@ -827,9 +828,10 @@ static int mount_in_namespace( if (r < 0) return log_debug_errno(r == -ENOENT ? SYNTHETIC_ERRNO(EOPNOTSUPP) : r, "Target does not allow propagation of mount points"); - r = chase_symlinks(src, NULL, CHASE_TRAIL_SLASH, NULL, &chased_src_fd); + r = chase_symlinks(src, NULL, 0, &chased_src_path, &chased_src_fd); if (r < 0) return log_debug_errno(r, "Failed to resolve source path of %s: %m", src); + log_debug("Chased source path of %s to %s", src, chased_src_path); if (fstat(chased_src_fd, &st) < 0) return log_debug_errno(errno, "Failed to stat() resolved source path %s: %m", src); @@ -874,7 +876,7 @@ static int mount_in_namespace( mount_tmp_created = true; if (is_image) - r = verity_dissect_and_mount(FORMAT_PROC_FD_PATH(chased_src_fd), mount_tmp, options, NULL, NULL, NULL, NULL); + r = verity_dissect_and_mount(chased_src_fd, chased_src_path, mount_tmp, options, NULL, NULL, NULL, NULL); else r = mount_follow_verbose(LOG_DEBUG, FORMAT_PROC_FD_PATH(chased_src_fd), mount_tmp, NULL, MS_BIND, NULL); if (r < 0) diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh index 793795efdd0..2f0dbbeae5d 100755 --- a/test/units/testsuite-50.sh +++ b/test/units/testsuite-50.sh @@ -279,7 +279,7 @@ Type=notify RemainAfterExit=yes MountAPIVFS=yes PrivateTmp=yes -ExecStart=/bin/sh -c 'systemd-notify --ready; while ! grep -q -F MARKER /tmp/img/usr/lib/os-release; do sleep 0.1; done; mount | grep -F "/tmp/img" | grep -q -F "nosuid"' +ExecStart=/bin/sh -c 'systemd-notify --ready; while ! grep -q -F MARKER /tmp/img/usr/lib/os-release; do sleep 0.1; done; mount | grep -F "/dev/mapper/${roothash}-verity" | grep -q -F "nosuid"' EOF systemctl start testservice-50d.service From d2e3b5a84103f423d36b642c62b9681a6ce7e18b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Apr 2022 08:23:50 +0900 Subject: [PATCH 292/703] sd-event: rebreak comments (cherry picked from commit 91c700713fef9af5b9f719e7968d7ce35c3e8f37) --- src/libsystemd/sd-event/sd-event.c | 53 +++++++++++++----------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 82056998bd6..5eae7339716 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -3219,23 +3219,16 @@ static int process_child(sd_event *e, int64_t threshold, int64_t *ret_min_priori e->need_process_child = false; - /* - So, this is ugly. We iteratively invoke waitid() with P_PID - + WNOHANG for each PID we wait for, instead of using - P_ALL. This is because we only want to get child - information of very specific child processes, and not all - of them. We might not have processed the SIGCHLD even of a - previous invocation and we don't want to maintain a - unbounded *per-child* event queue, hence we really don't - want anything flushed out of the kernel's queue that we - don't care about. Since this is O(n) this means that if you - have a lot of processes you probably want to handle SIGCHLD - yourself. - - We do not reap the children here (by using WNOWAIT), this - is only done after the event source is dispatched so that - the callback still sees the process as a zombie. - */ + /* So, this is ugly. We iteratively invoke waitid() with P_PID + WNOHANG for each PID we wait + * for, instead of using P_ALL. This is because we only want to get child information of very + * specific child processes, and not all of them. We might not have processed the SIGCHLD event + * of a previous invocation and we don't want to maintain a unbounded *per-child* event queue, + * hence we really don't want anything flushed out of the kernel's queue that we don't care + * about. Since this is O(n) this means that if you have a lot of processes you probably want + * to handle SIGCHLD yourself. + * + * We do not reap the children here (by using WNOWAIT), this is only done after the event + * source is dispatched so that the callback still sees the process as a zombie. */ HASHMAP_FOREACH(s, e->child_sources) { assert(s->type == SOURCE_CHILD); @@ -3252,7 +3245,9 @@ static int process_child(sd_event *e, int64_t threshold, int64_t *ret_min_priori if (s->child.exited) continue; - if (EVENT_SOURCE_WATCH_PIDFD(s)) /* There's a usable pidfd known for this event source? then don't waitid() for it here */ + if (EVENT_SOURCE_WATCH_PIDFD(s)) + /* There's a usable pidfd known for this event source? Then don't waitid() for + * it here */ continue; zero(s->child.siginfo); @@ -3267,10 +3262,9 @@ static int process_child(sd_event *e, int64_t threshold, int64_t *ret_min_priori s->child.exited = true; if (!zombie && (s->child.options & WEXITED)) { - /* If the child isn't dead then let's - * immediately remove the state change - * from the queue, since there's no - * benefit in leaving it queued */ + /* If the child isn't dead then let's immediately remove the state + * change from the queue, since there's no benefit in leaving it + * queued. */ assert(s->child.options & (WSTOPPED|WCONTINUED)); (void) waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG|(s->child.options & (WSTOPPED|WCONTINUED))); @@ -3325,19 +3319,16 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i assert_return(events == EPOLLIN, -EIO); assert(min_priority); - /* If there's a signal queued on this priority and SIGCHLD is - on this priority too, then make sure to recheck the - children we watch. This is because we only ever dequeue - the first signal per priority, and if we dequeue one, and - SIGCHLD might be enqueued later we wouldn't know, but we - might have higher priority children we care about hence we - need to check that explicitly. */ + /* If there's a signal queued on this priority and SIGCHLD is on this priority too, then make + * sure to recheck the children we watch. This is because we only ever dequeue the first signal + * per priority, and if we dequeue one, and SIGCHLD might be enqueued later we wouldn't know, + * but we might have higher priority children we care about hence we need to check that + * explicitly. */ if (sigismember(&d->sigset, SIGCHLD)) e->need_process_child = true; - /* If there's already an event source pending for this - * priority we don't read another */ + /* If there's already an event source pending for this priority we don't read another */ if (d->current) return 0; From e006b56c187facfd6cd5ca3979c4088159d551f1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 7 Apr 2022 15:21:56 +0900 Subject: [PATCH 293/703] sd-event: set pid to event source after all setup processes finished Otherwise, the assertion in source_disconnect() may be triggered, (cherry picked from commit 54988a27b9d1487e1690f94b79031ef61edd6651) --- src/libsystemd/sd-event/sd-event.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 5eae7339716..a13a2f63b6d 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1426,7 +1426,6 @@ _public_ int sd_event_add_child( return -ENOMEM; s->wakeup = WAKEUP_EVENT_SOURCE; - s->child.pid = pid; s->child.options = options; s->child.callback = callback; s->userdata = userdata; @@ -1436,7 +1435,7 @@ _public_ int sd_event_add_child( * pin the PID, and make regular waitid() handling race-free. */ if (shall_use_pidfd()) { - s->child.pidfd = pidfd_open(s->child.pid, 0); + s->child.pidfd = pidfd_open(pid, 0); if (s->child.pidfd < 0) { /* Propagate errors unless the syscall is not supported or blocked */ if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno)) @@ -1446,10 +1445,6 @@ _public_ int sd_event_add_child( } else s->child.pidfd = -1; - r = hashmap_put(e->child_sources, PID_TO_PTR(pid), s); - if (r < 0) - return r; - if (EVENT_SOURCE_WATCH_PIDFD(s)) { /* We have a pidfd and we only want to watch for exit */ r = source_child_pidfd_register(s, s->enabled); @@ -1465,6 +1460,12 @@ _public_ int sd_event_add_child( e->need_process_child = true; } + r = hashmap_put(e->child_sources, PID_TO_PTR(pid), s); + if (r < 0) + return r; + + /* These must be done after everything succeeds. */ + s->child.pid = pid; e->n_online_child_sources++; if (ret) From c36ab05b4f5b196091a2e1518f19e5800897e576 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Apr 2022 08:28:33 +0900 Subject: [PATCH 294/703] sd-event: do not update signal fd after PID is changed Otherwise, child event source will not work after the process is forked and the event source is unref()ed on the child process. (cherry picked from commit 01e6af737494c9790edcc5521ea8c668565b797f) --- src/libsystemd/sd-event/sd-event.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index a13a2f63b6d..5395c7a9ee3 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -706,6 +706,9 @@ static void event_unmask_signal_data(sd_event *e, struct signal_data *d, int sig return; } + if (event_pid_changed(e)) + return; + assert(d->fd >= 0); if (signalfd(d->fd, &d->sigset, SFD_NONBLOCK|SFD_CLOEXEC) < 0) From a5fc32fa34f99d5854fb7810ea6096096896790a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Apr 2022 08:50:02 +0900 Subject: [PATCH 295/703] sd-event: do not kill a child process from another child (cherry picked from commit 86587c93b01ffa14ffdfff3cdf5ba0bfb555d839) --- src/libsystemd/sd-event/sd-event.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 5395c7a9ee3..3236f63aedd 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -854,6 +854,9 @@ static void source_disconnect(sd_event_source *s) { break; case SOURCE_CHILD: + if (event_pid_changed(s->event)) + s->child.process_owned = false; + if (s->child.pid > 0) { if (event_source_is_online(s)) { assert(s->event->n_online_child_sources > 0); From e3d57bc3019cbb1d483ef2ef20b8ef957ed7c0fd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Apr 2022 08:50:44 +0900 Subject: [PATCH 296/703] sd-event: make inotify event work after the process is forked (cherry picked from commit fbae50904fdd906137c3d1a50b340ce011a3969f) --- src/libsystemd/sd-event/sd-event.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 3236f63aedd..426a7807f7b 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1698,7 +1698,8 @@ static void event_free_inotify_data(sd_event *e, struct inotify_data *d) { assert_se(hashmap_remove(e->inotify_data, &d->priority) == d); if (d->fd >= 0) { - if (epoll_ctl(e->epoll_fd, EPOLL_CTL_DEL, d->fd, NULL) < 0) + if (!event_pid_changed(e) && + epoll_ctl(e->epoll_fd, EPOLL_CTL_DEL, d->fd, NULL) < 0) log_debug_errno(errno, "Failed to remove inotify fd from epoll, ignoring: %m"); safe_close(d->fd); @@ -1808,7 +1809,7 @@ static void event_free_inode_data( if (d->inotify_data) { if (d->wd >= 0) { - if (d->inotify_data->fd >= 0) { + if (d->inotify_data->fd >= 0 && !event_pid_changed(e)) { /* So here's a problem. At the time this runs the watch descriptor might already be * invalidated, because an IN_IGNORED event might be queued right the moment we enter * the syscall. Hence, whenever we get EINVAL, ignore it entirely, since it's a very From 9f689fda5474c464b0ac63dc7a821ba1e34736bc Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 7 Apr 2022 03:38:56 +0900 Subject: [PATCH 297/703] sd-ipv4acd: actually drop the arp packet from one of the host interface Fixes a bug in 7f77917c0effe92d5fed52503bceddabcb4667ba. Fixes #23001. (cherry picked from commit 239adf03846ae2174d7db9a243a6eda4c2e2f165) --- src/libsystemd-network/sd-ipv4acd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c index 232b3b03335..a123d8e96a5 100644 --- a/src/libsystemd-network/sd-ipv4acd.c +++ b/src/libsystemd-network/sd-ipv4acd.c @@ -329,7 +329,7 @@ static bool ipv4acd_arp_conflict(sd_ipv4acd *acd, const struct ether_arp *arp, b if (acd->check_mac_callback && acd->check_mac_callback(acd, (const struct ether_addr*) arp->arp_sha, acd->check_mac_userdata) > 0) /* sender hardware is one of the host's interfaces, ignoring. */ - return true; + return false; return true; /* conflict! */ } From c202d402d9572a8290f9a2ccd66b1dc419e54ee7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 18 Apr 2022 02:09:58 +0900 Subject: [PATCH 298/703] resolve: fix typo in dns_class_is_pseudo() (cherry picked from commit 98e5a6c93c6fcf94ba24dfb666c743ea35124290) --- src/resolve/dns-type.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index 1f7334723e9..da68b41a371 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -60,7 +60,7 @@ bool dns_type_is_pseudo(uint16_t type) { } bool dns_class_is_pseudo(uint16_t class) { - return class == DNS_TYPE_ANY; + return class == DNS_CLASS_ANY; } bool dns_type_is_valid_query(uint16_t type) { From 79b86adcbd5c11f9e755598c8c0cd71da9c120c1 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 18 Apr 2022 18:39:18 +0200 Subject: [PATCH 299/703] nspawn: fix locating config files with --ephemeral When --ephemeral is used, a random 16 characters suffix is added to the image name, so matching on .nspawn files based on the image name no longer works. Fixes https://github.com/systemd/systemd/issues/13297 (cherry picked from commit 2362fdde1bd4bf54772383ef29431f683729ba76) --- src/nspawn/nspawn.c | 18 +++++++++++++++--- test/units/testsuite-13.sh | 19 +++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 8f17ab8810c..789d962dd99 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4603,8 +4603,8 @@ static int merge_settings(Settings *settings, const char *path) { static int load_settings(void) { _cleanup_(settings_freep) Settings *settings = NULL; _cleanup_fclose_ FILE *f = NULL; - _cleanup_free_ char *p = NULL; - const char *fn, *i; + _cleanup_free_ char *p = NULL, *fn = NULL; + const char *i; int r; if (arg_oci_bundle) @@ -4615,7 +4615,19 @@ static int load_settings(void) { if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL)) return 0; - fn = strjoina(arg_machine, ".nspawn"); + /* In ephemeral mode we append '-' and a random 16 characters string to the image name, so fixed + * config files are no longer matched. Ignore the random suffix for the purpose of finding files. */ + if (arg_ephemeral) { + fn = strdup(arg_machine); + if (!fn) + return log_oom(); + assert(strlen(fn) > 17); /* Should end with -XXXXXXXXXXXXXXXX */ + strcpy(fn + strlen(fn) - 17, ".nspawn"); + } else { + fn = strjoin(arg_machine, ".nspawn"); + if (!fn) + return log_oom(); + } /* We first look in the admin's directories in /etc and /run */ FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") { diff --git a/test/units/testsuite-13.sh b/test/units/testsuite-13.sh index 554d098ef56..38b6feae78e 100755 --- a/test/units/testsuite-13.sh +++ b/test/units/testsuite-13.sh @@ -120,6 +120,23 @@ function check_selinux { systemd-nspawn "${SUSE_OPTS[@]}" --register=no -b -D /testsuite-13.nc-container --selinux-apifs-context=system_u:object_r:container_file_t:s0:c0,c1 --selinux-context=system_u:system_r:container_t:s0:c0,c1 } +function check_ephemeral_config { + # https://github.com/systemd/systemd/issues/13297 + local _cmd='test -f /tmp/ephemeral-config' + + mkdir -p /run/systemd/nspawn/ + cat >/run/systemd/nspawn/testsuite-13.nc-container.nspawn <&2 @@ -206,4 +223,6 @@ check_machinectl_bind check_selinux +check_ephemeral_config + touch /testok From 45335a3eed8ee6f75b0b6e172ac035d2c6367bce Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 19 Apr 2022 12:45:26 +0200 Subject: [PATCH 300/703] nspawn: fix --ephemeral with --machine Follow-up for https://github.com/systemd/systemd/commit/2362fdde1bd4bf54772383ef29431f683729ba76 When --machine is specified with --ephemeral, no random suffix is added, so the recently added assert would fail. Add a top-level variable with the expected file name for nspawn files, and compute it when the rest of the names are computed. (cherry picked from commit 3603f15171bbc2d650a8942714f6a6a900fb7c60) --- src/nspawn/nspawn.c | 34 ++++++++++++++++------------------ test/units/testsuite-13.sh | 5 +++-- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 789d962dd99..a2af4948c04 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -230,6 +230,7 @@ static Credential *arg_credentials = NULL; static size_t arg_n_credentials = 0; static char **arg_bind_user = NULL; static bool arg_suppress_sync = false; +static char *arg_settings_filename = NULL; STATIC_DESTRUCTOR_REGISTER(arg_directory, freep); STATIC_DESTRUCTOR_REGISTER(arg_template, freep); @@ -263,6 +264,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_seccomp, seccomp_releasep); STATIC_DESTRUCTOR_REGISTER(arg_cpu_set, cpu_set_reset); STATIC_DESTRUCTOR_REGISTER(arg_sysctl, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_bind_user, strv_freep); +STATIC_DESTRUCTOR_REGISTER(arg_settings_filename, freep); static int handle_arg_console(const char *arg) { if (streq(arg, "help")) { @@ -3046,11 +3048,21 @@ static int determine_names(void) { if (!hostname_is_valid(arg_machine, 0)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine machine name automatically, please use -M."); + /* Copy the machine name before the random suffix is added below, otherwise we won't be able + * to match fixed config file names. */ + arg_settings_filename = strjoin(arg_machine, ".nspawn"); + if (!arg_settings_filename) + return log_oom(); + /* Add a random suffix when this is an ephemeral machine, so that we can run many * instances at once without manually having to specify -M each time. */ if (arg_ephemeral) if (strextendf(&arg_machine, "-%016" PRIx64, random_u64()) < 0) return log_oom(); + } else { + arg_settings_filename = strjoin(arg_machine, ".nspawn"); + if (!arg_settings_filename) + return log_oom(); } return 0; @@ -4603,7 +4615,7 @@ static int merge_settings(Settings *settings, const char *path) { static int load_settings(void) { _cleanup_(settings_freep) Settings *settings = NULL; _cleanup_fclose_ FILE *f = NULL; - _cleanup_free_ char *p = NULL, *fn = NULL; + _cleanup_free_ char *p = NULL; const char *i; int r; @@ -4615,25 +4627,11 @@ static int load_settings(void) { if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL)) return 0; - /* In ephemeral mode we append '-' and a random 16 characters string to the image name, so fixed - * config files are no longer matched. Ignore the random suffix for the purpose of finding files. */ - if (arg_ephemeral) { - fn = strdup(arg_machine); - if (!fn) - return log_oom(); - assert(strlen(fn) > 17); /* Should end with -XXXXXXXXXXXXXXXX */ - strcpy(fn + strlen(fn) - 17, ".nspawn"); - } else { - fn = strjoin(arg_machine, ".nspawn"); - if (!fn) - return log_oom(); - } - /* We first look in the admin's directories in /etc and /run */ FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") { _cleanup_free_ char *j = NULL; - j = path_join(i, fn); + j = path_join(i, arg_settings_filename); if (!j) return log_oom(); @@ -4657,11 +4655,11 @@ static int load_settings(void) { * actual image we shall boot. */ if (arg_image) { - p = file_in_same_dir(arg_image, fn); + p = file_in_same_dir(arg_image, arg_settings_filename); if (!p) return log_oom(); } else if (arg_directory && !path_equal(arg_directory, "/")) { - p = file_in_same_dir(arg_directory, fn); + p = file_in_same_dir(arg_directory, arg_settings_filename); if (!p) return log_oom(); } diff --git a/test/units/testsuite-13.sh b/test/units/testsuite-13.sh index 38b6feae78e..1fc3d8bee38 100755 --- a/test/units/testsuite-13.sh +++ b/test/units/testsuite-13.sh @@ -122,7 +122,6 @@ function check_selinux { function check_ephemeral_config { # https://github.com/systemd/systemd/issues/13297 - local _cmd='test -f /tmp/ephemeral-config' mkdir -p /run/systemd/nspawn/ cat >/run/systemd/nspawn/testsuite-13.nc-container.nspawn < Date: Tue, 19 Apr 2022 12:44:26 +0200 Subject: [PATCH 301/703] manager: prohibit clone3() in seccomp filters RestrictNamespaces should block clone3() like flatpak: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 clone3() passes arguments in a structure referenced by a pointer, so we can't filter on the flags as with clone(). Let's disallow the whole function call. (cherry picked from commit 30193fe817d262bd64b9a271534792046f19d7f5) --- src/shared/seccomp-util.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 32bd8aa73bd..bb91e4447a6 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1227,6 +1227,21 @@ int seccomp_restrict_namespaces(unsigned long retain) { if (r < 0) return r; + /* We cannot filter on individual flags to clone3(), and we need to disable the + * syscall altogether. ENOSYS is used instead of EPERM, so that glibc and other + * users shall fall back to clone(), as if on an older kernel. + * + * C.f. https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330, + * https://github.com/moby/moby/issues/42680. */ + + r = seccomp_rule_add_exact( + seccomp, + SCMP_ACT_ERRNO(ENOSYS), + SCMP_SYS(clone3), + 0); + if (r < 0) + log_debug_errno(r, "Failed to add clone3() rule for architecture %s, ignoring: %m", seccomp_arch_to_string(arch)); + if ((retain & NAMESPACE_FLAGS_ALL) == 0) /* If every single kind of namespace shall be prohibited, then let's block the whole setns() syscall * altogether. */ From 1fe496fc3bd581947698b483fc044bcf08ef2a55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 29 Mar 2022 12:17:51 +0200 Subject: [PATCH 302/703] hwdb: fix parser to work with newer pyparsing The handling of whitespace in pyparsing is a bother. There's some global state, and per-element state, and it's hard to get a handle on things. With python3-pyparsing-2.4.7-10.fc36.noarch the grammar would not match. After handling of tabs was fixed to not accept duplicate tabs, the grammar passes. It seems that the entry for usb:v8087p8087* was generated incorrectly because we treated the interface line (with two TABs) as a device line (with one TAB). (cherry picked from commit f73d6895872cb9caffc523e1eddc53c9b98cfdec) --- hwdb.d/20-usb-vendor-model.hwdb | 3 --- hwdb.d/ids_parser.py | 10 ++++++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/hwdb.d/20-usb-vendor-model.hwdb b/hwdb.d/20-usb-vendor-model.hwdb index f40a3947c7e..9f457d9f65b 100644 --- a/hwdb.d/20-usb-vendor-model.hwdb +++ b/hwdb.d/20-usb-vendor-model.hwdb @@ -69815,9 +69815,6 @@ usb:v8087p8008* usb:v8087p800A* ID_MODEL_FROM_DATABASE=Hub -usb:v8087p8087* - ID_MODEL_FROM_DATABASE=07da Centrino Advanced-N 6235 - usb:v80EE* ID_VENDOR_FROM_DATABASE=VirtualBox diff --git a/hwdb.d/ids_parser.py b/hwdb.d/ids_parser.py index 0ce79cd97e9..811c12559ba 100755 --- a/hwdb.d/ids_parser.py +++ b/hwdb.d/ids_parser.py @@ -6,7 +6,7 @@ from pyparsing import (Word, White, Literal, Regex, LineEnd, SkipTo, ZeroOrMore, OneOrMore, Combine, Optional, Suppress, - Group, + Group, ParserElement, stringEnd, pythonStyleComment) EOL = LineEnd().suppress() @@ -20,6 +20,8 @@ EMPTYLINE = LineEnd() text_eol = lambda name: Regex(r'[^\n]+')(name) + EOL +ParserElement.set_default_whitespace_chars(' \n') + def klass_grammar(): klass_line = Literal('C ').suppress() + NUM2('klass') + text_eol('text') subclass_line = TAB + NUM2('subclass') + text_eol('text') @@ -35,8 +37,12 @@ def klass_grammar(): def usb_ids_grammar(): vendor_line = NUM4('vendor') + text_eol('text') device_line = TAB + NUM4('device') + text_eol('text') + interface_line = TAB + TAB + NUM4('interface') + NUM4('interface2') + text_eol('text') + device = (device_line + + ZeroOrMore(Group(interface_line) + ^ COMMENTLINE.suppress())) vendor = (vendor_line('VENDOR') + - ZeroOrMore(Group(device_line)('VENDOR_DEV*') ^ COMMENTLINE.suppress())) + ZeroOrMore(Group(device)('VENDOR_DEV*') ^ COMMENTLINE.suppress())) klass = klass_grammar() From e1e4395775b43fbaab502bba4f6c71ef4d3ddedf Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 28 Apr 2022 17:41:48 +0200 Subject: [PATCH 303/703] hwdb: make sure "ninja update-hwdb" works on f35 let's restore compatibility with pyparsing from fedora 35, i.e.: python3-pyparsing-2.4.7-9.fc35.noarch (cherry picked from commit 133a0003691daafaefa378f770ae01d01931787d) --- hwdb.d/ids_parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hwdb.d/ids_parser.py b/hwdb.d/ids_parser.py index 811c12559ba..ed2c615508d 100755 --- a/hwdb.d/ids_parser.py +++ b/hwdb.d/ids_parser.py @@ -20,7 +20,7 @@ EMPTYLINE = LineEnd() text_eol = lambda name: Regex(r'[^\n]+')(name) + EOL -ParserElement.set_default_whitespace_chars(' \n') +ParserElement.setDefaultWhitespaceChars(' \n') def klass_grammar(): klass_line = Literal('C ').suppress() + NUM2('klass') + text_eol('text') From e92e2d0e3beee9018a46a12a2e32920ca8e73f4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 28 Apr 2022 19:41:59 +0200 Subject: [PATCH 304/703] hwdb: run "update-hwdb" --- hwdb.d/20-OUI.hwdb | 3362 ++++++++++++++++++- hwdb.d/20-acpi-vendor.hwdb | 20 +- hwdb.d/20-acpi-vendor.hwdb.patch | 98 +- hwdb.d/20-pci-classes.hwdb | 2 +- hwdb.d/20-pci-vendor-model.hwdb | 960 +++++- hwdb.d/20-usb-vendor-model.hwdb | 124 +- hwdb.d/acpi_id_registry.html | 3 + hwdb.d/ma-large.txt | 5374 ++++++++++++++++++++++++++---- hwdb.d/ma-medium.txt | 1328 +++++++- hwdb.d/ma-small.txt | 1301 +++++++- hwdb.d/pci.ids | 413 ++- hwdb.d/pnp_id_registry.html | 5 +- hwdb.d/usb.ids | 61 +- 13 files changed, 12089 insertions(+), 962 deletions(-) diff --git a/hwdb.d/20-OUI.hwdb b/hwdb.d/20-OUI.hwdb index a97406d45d0..aaa33263256 100644 --- a/hwdb.d/20-OUI.hwdb +++ b/hwdb.d/20-OUI.hwdb @@ -573,7 +573,7 @@ OUI:0000BC* ID_OUI_FROM_DATABASE=Rockwell Automation OUI:0000BD* - ID_OUI_FROM_DATABASE=Mitsubishi Cable Industries, Ltd. / Ryosei Systems + ID_OUI_FROM_DATABASE=RYOSEI, Ltd. OUI:0000BE* ID_OUI_FROM_DATABASE=THE NTI GROUP @@ -10413,7 +10413,7 @@ OUI:000DA8* ID_OUI_FROM_DATABASE=Teletronics Technology Corporation OUI:000DA9* - ID_OUI_FROM_DATABASE=T.E.A.M. S.L. + ID_OUI_FROM_DATABASE=INGETEAM OUI:000DAA* ID_OUI_FROM_DATABASE=S.A.Tehnology co.,Ltd. @@ -11922,7 +11922,7 @@ OUI:000F9F* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. OUI:000FA0* - ID_OUI_FROM_DATABASE=CANON KOREA BUSINESS SOLUTIONS INC. + ID_OUI_FROM_DATABASE=Canon Korea Inc. OUI:000FA1* ID_OUI_FROM_DATABASE=Gigabit Systems Inc. @@ -14187,7 +14187,7 @@ OUI:001292* ID_OUI_FROM_DATABASE=Griffin Technology OUI:001293* - ID_OUI_FROM_DATABASE=ABB Power Protection (CH) + ID_OUI_FROM_DATABASE=ABB Switzerland Ltd. OUI:001294* ID_OUI_FROM_DATABASE=SUMITOMO ELECTRIC DEVICE INNOVATIONS, INC @@ -14961,7 +14961,7 @@ OUI:001394* ID_OUI_FROM_DATABASE=Infohand Co.,Ltd OUI:001395* - ID_OUI_FROM_DATABASE=congatec AG + ID_OUI_FROM_DATABASE=congatec GmbH OUI:001396* ID_OUI_FROM_DATABASE=Acbel Polytech Inc. @@ -15054,7 +15054,7 @@ OUI:0013B3* ID_OUI_FROM_DATABASE=Ecom Communications Technology Co., Ltd. OUI:0013B4* - ID_OUI_FROM_DATABASE=Appear TV + ID_OUI_FROM_DATABASE=Appear AS OUI:0013B5* ID_OUI_FROM_DATABASE=Wavesat @@ -17307,7 +17307,7 @@ OUI:0016A2* ID_OUI_FROM_DATABASE=CentraLite Systems, Inc. OUI:0016A3* - ID_OUI_FROM_DATABASE=Ingeteam Transmission&Distribution, S.A. + ID_OUI_FROM_DATABASE=INGETEAM OUI:0016A4* ID_OUI_FROM_DATABASE=Ezurio Ltd @@ -19875,7 +19875,7 @@ OUI:0019FA* ID_OUI_FROM_DATABASE=Cable Vision Electronics CO., LTD. OUI:0019FB* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:0019FC* ID_OUI_FROM_DATABASE=PT. Ufoakses Sukses Luarbiasa @@ -29529,7 +29529,7 @@ OUI:0025C9* ID_OUI_FROM_DATABASE=SHENZHEN HUAPU DIGITAL CO., LTD OUI:0025CA* - ID_OUI_FROM_DATABASE=LS Research, LLC + ID_OUI_FROM_DATABASE=Laird Connectivity OUI:0025CB* ID_OUI_FROM_DATABASE=Reiner SCT @@ -29700,7 +29700,7 @@ OUI:002603* ID_OUI_FROM_DATABASE=Shenzhen Wistar Technology Co., Ltd OUI:002604* - ID_OUI_FROM_DATABASE=Audio Processing Technology Ltd + ID_OUI_FROM_DATABASE=WorldCast Systems OUI:002605* ID_OUI_FROM_DATABASE=CC Systems AB @@ -31478,6 +31478,9 @@ OUI:003DE8* OUI:003EE1* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:003F10* + ID_OUI_FROM_DATABASE=Shenzhen GainStrong Technology Co., Ltd. + OUI:004000* ID_OUI_FROM_DATABASE=PCI COMPONENTES DA AMZONIA LTD @@ -32246,6 +32249,9 @@ OUI:0040FE* OUI:0040FF* ID_OUI_FROM_DATABASE=TELEBIT CORPORATION +OUI:00410E* + ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + OUI:0041B4* ID_OUI_FROM_DATABASE=Wuxi Zhongxing Optoelectronics Technology Co.,Ltd. @@ -33029,6 +33035,9 @@ OUI:005218* OUI:0052C2* ID_OUI_FROM_DATABASE=peiker acustic GmbH +OUI:0052C8* + ID_OUI_FROM_DATABASE=Made Studio Design Ltd. + OUI:00549F* ID_OUI_FROM_DATABASE=Avaya Inc @@ -35768,6 +35777,9 @@ OUI:009569* OUI:0097FF* ID_OUI_FROM_DATABASE=Heimann Sensor GmbH +OUI:00991D* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:009ACD* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -36563,6 +36575,9 @@ OUI:00A0FF* OUI:00A1DE* ID_OUI_FROM_DATABASE=ShenZhen ShiHua Technology CO.,LTD +OUI:00A265* + ID_OUI_FROM_DATABASE=M2Motive Technology Inc. + OUI:00A289* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -36579,7 +36594,7 @@ OUI:00A2FF* ID_OUI_FROM_DATABASE=abatec group AG OUI:00A388* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:00A38E* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -36593,6 +36608,9 @@ OUI:00A45F* OUI:00A509* ID_OUI_FROM_DATABASE=WigWag Inc. +OUI:00A554* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:00A5BF* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -37694,6 +37712,9 @@ OUI:00CB00* OUI:00CB51* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:00CB7A* + ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. + OUI:00CBB4* ID_OUI_FROM_DATABASE=SHENZHEN ATEKO PHOTOELECTRICITY CO.,LTD @@ -38507,6 +38528,9 @@ OUI:00D318* OUI:00D38D* ID_OUI_FROM_DATABASE=Hotel Technology Next Generation +OUI:00D49E* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:00D632* ID_OUI_FROM_DATABASE=GE Energy @@ -39401,6 +39425,9 @@ OUI:00E421* OUI:00E5E4* ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD +OUI:00E5F1* + ID_OUI_FROM_DATABASE=BUFFALO.INC + OUI:00E666* ID_OUI_FROM_DATABASE=ARIMA Communications Corp. @@ -39728,8 +39755,11 @@ OUI:0425C5* OUI:0425E0* ID_OUI_FROM_DATABASE=Taicang T&W Electronics +OUI:0425F0* + ID_OUI_FROM_DATABASE=Nokia + OUI:042605* - ID_OUI_FROM_DATABASE=GFR Gesellschaft für Regelungstechnik und Energieeinsparung mbH + ID_OUI_FROM_DATABASE=Bosch Building Automation GmbH OUI:042665* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -39740,6 +39770,9 @@ OUI:042728* OUI:042758* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:04292E* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:042AE2* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -39857,6 +39890,9 @@ OUI:044F17* OUI:044F4C* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:044F7A* + ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. + OUI:044F8B* ID_OUI_FROM_DATABASE=Adapteva, Inc. @@ -39932,6 +39968,9 @@ OUI:046273* OUI:0462D7* ID_OUI_FROM_DATABASE=ALSTOM HYDRO FRANCE +OUI:0463D0* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:0463E0* ID_OUI_FROM_DATABASE=Nome Oy @@ -39944,6 +39983,9 @@ OUI:046785* OUI:046865* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:04698F* + ID_OUI_FROM_DATABASE=Juniper Networks + OUI:0469F8* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -40061,6 +40103,9 @@ OUI:047AAE* OUI:047BCB* ID_OUI_FROM_DATABASE=Universal Global Scientific Industrial Co., Ltd. +OUI:047C16* + ID_OUI_FROM_DATABASE=Micro-Star INTL CO., LTD. + OUI:047D50* ID_OUI_FROM_DATABASE=Shenzhen Kang Ying Technology Co.Ltd. @@ -40077,7 +40122,7 @@ OUI:047F0E* ID_OUI_FROM_DATABASE=Barrot Technology Limited OUI:04819B* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:0481AE* ID_OUI_FROM_DATABASE=Clack Corporation @@ -40151,6 +40196,9 @@ OUI:0498F3* OUI:0499B9* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:0499BB* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:0499E6* ID_OUI_FROM_DATABASE=Shenzhen Yoostar Technology Co., Ltd @@ -40190,6 +40238,9 @@ OUI:04A316* OUI:04A3F3* ID_OUI_FROM_DATABASE=Emicon +OUI:04A741* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:04A82A* ID_OUI_FROM_DATABASE=Nokia Corporation @@ -40226,8 +40277,14 @@ OUI:04B466* OUI:04B648* ID_OUI_FROM_DATABASE=ZENNER +OUI:04B6BE* + ID_OUI_FROM_DATABASE=CIG SHANGHAI CO LTD + OUI:04B86A* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED + +OUI:04B97D* + ID_OUI_FROM_DATABASE=AiVIS Co., Itd. OUI:04B9E3* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -40241,12 +40298,18 @@ OUI:04BA36* OUI:04BA8D* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:04BAD6* + ID_OUI_FROM_DATABASE=D-Link Corporation + OUI:04BBF9* ID_OUI_FROM_DATABASE=Pavilion Data Systems Inc OUI:04BC87* ID_OUI_FROM_DATABASE=Shenzhen JustLink Technology Co., LTD +OUI:04BC9F* + ID_OUI_FROM_DATABASE=Calix Inc. + OUI:04BD70* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -40355,6 +40418,9 @@ OUI:04C991* OUI:04C9D9* ID_OUI_FROM_DATABASE=Dish Technologies Corp +OUI:04CAED* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:04CB1D* ID_OUI_FROM_DATABASE=Traka plc @@ -40478,6 +40544,9 @@ OUI:04D7A5* OUI:04D921* ID_OUI_FROM_DATABASE=Occuspace +OUI:04D9C8* + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. + OUI:04D9F5* ID_OUI_FROM_DATABASE=ASUSTek COMPUTER INC. @@ -40517,6 +40586,9 @@ OUI:04E229* OUI:04E2F8* ID_OUI_FROM_DATABASE=AEP Ticketing solutions srl +OUI:04E31A* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:04E451* ID_OUI_FROM_DATABASE=Texas Instruments @@ -40547,6 +40619,12 @@ OUI:04E77E* OUI:04E795* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:04E892* + ID_OUI_FROM_DATABASE=SHENNAN CIRCUITS CO.,LTD + +OUI:04E8B9* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:04E9E5* ID_OUI_FROM_DATABASE=PJRC.COM, LLC @@ -41274,7 +41352,7 @@ OUI:0826AE9* ID_OUI_FROM_DATABASE=Annapurna labs OUI:0826AEA* - ID_OUI_FROM_DATABASE=Flextronics International Kft. + ID_OUI_FROM_DATABASE=Flextronics International Kft OUI:0826AEB* ID_OUI_FROM_DATABASE=F-Plus Mobile LLC @@ -41318,6 +41396,9 @@ OUI:082FE9* OUI:08306B* ID_OUI_FROM_DATABASE=Palo Alto Networks +OUI:0830CE* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:08318B* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -41432,6 +41513,9 @@ OUI:084FA9* OUI:084FF9* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:085104* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:085114* ID_OUI_FROM_DATABASE=QINGDAO TOPSCOMM COMMUNICATION CO., LTD @@ -41690,6 +41774,9 @@ OUI:089BF1* OUI:089C86* ID_OUI_FROM_DATABASE=Nokia Shanghai Bell Co., Ltd. +OUI:089DF4* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:089E01* ID_OUI_FROM_DATABASE=Quanta Computer Inc. @@ -41768,6 +41855,9 @@ OUI:08B4B1* OUI:08B4CF* ID_OUI_FROM_DATABASE=Abicom International +OUI:08B61F* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:08B738* ID_OUI_FROM_DATABASE=Lite-On Technogy Corp. @@ -41891,6 +41981,9 @@ OUI:08E4DF* OUI:08E5DA* ID_OUI_FROM_DATABASE=NANJING FUJITSU COMPUTER PRODUCTS CO.,LTD. +OUI:08E63B* + ID_OUI_FROM_DATABASE=zte corporation + OUI:08E672* ID_OUI_FROM_DATABASE=JEBSEE ELECTRONICS CO.,LTD. @@ -41921,6 +42014,9 @@ OUI:08EB74* OUI:08EBED* ID_OUI_FROM_DATABASE=World Elite Technology Co.,LTD +OUI:08EBF6* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:08ECA9* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -41999,6 +42095,9 @@ OUI:08F1EA* OUI:08F2F4* ID_OUI_FROM_DATABASE=Net One Partners Co.,Ltd. +OUI:08F3FB* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:08F458* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -42521,12 +42620,63 @@ OUI:0C771A* OUI:0C7A15* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:0C7BC8* + ID_OUI_FROM_DATABASE=Cisco Meraki + OUI:0C7C28* ID_OUI_FROM_DATABASE=Nokia Solutions and Networks GmbH & Co. KG OUI:0C7D7C* ID_OUI_FROM_DATABASE=Kexiang Information Technology Co, Ltd. +OUI:0C7FB2* + ID_OUI_FROM_DATABASE=ARRIS Group, Inc. + +OUI:0C7FED0* + ID_OUI_FROM_DATABASE=Guangdong Tianshu New Energy Technology Co., Ltd + +OUI:0C7FED1* + ID_OUI_FROM_DATABASE=Toast, Inc. + +OUI:0C7FED2* + ID_OUI_FROM_DATABASE=Tango Networks Inc + +OUI:0C7FED3* + ID_OUI_FROM_DATABASE=Soft dB + +OUI:0C7FED4* + ID_OUI_FROM_DATABASE=Purple Mountain ,Inc + +OUI:0C7FED5* + ID_OUI_FROM_DATABASE=ShenZhen TianGang Micro Technology CO.LTD + +OUI:0C7FED6* + ID_OUI_FROM_DATABASE=Netweb Technologies India Pvt Ltd + +OUI:0C7FED7* + ID_OUI_FROM_DATABASE=Grandway Technology (Shenzhen) Limited + +OUI:0C7FED8* + ID_OUI_FROM_DATABASE=U-tec Group Inc. + +OUI:0C7FED9* + ID_OUI_FROM_DATABASE=Shenzhen ORVIBO Technology Co., Ltd. + +OUI:0C7FEDA* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:0C7FEDB* + ID_OUI_FROM_DATABASE=TelX Systems + +OUI:0C7FEDC* + ID_OUI_FROM_DATABASE=Shenzhen MoreSense Technology Co., Ltd. + +OUI:0C7FEDD* + ID_OUI_FROM_DATABASE=ALT Co., Ltd. + +OUI:0C7FEDE* + ID_OUI_FROM_DATABASE=environmental systems corporation + OUI:0C8063* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -42575,6 +42725,54 @@ OUI:0C8525* OUI:0C8610* ID_OUI_FROM_DATABASE=Juniper Networks +OUI:0C86290* + ID_OUI_FROM_DATABASE=Shanghai Prophet Electronic Technology Co.,Ltd + +OUI:0C86291* + ID_OUI_FROM_DATABASE=Beijing Qinmu Data Technology Co., Ltd. + +OUI:0C86292* + ID_OUI_FROM_DATABASE=BADA SYSTEM co., Ltd + +OUI:0C86293* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:0C86294* + ID_OUI_FROM_DATABASE=Ag Express Electronics + +OUI:0C86295* + ID_OUI_FROM_DATABASE=Shenzhen protostellar technology Co., Ltd + +OUI:0C86296* + ID_OUI_FROM_DATABASE=C&A Marketing, INC. + +OUI:0C86297* + ID_OUI_FROM_DATABASE=HagerEnergy GmbH + +OUI:0C86298* + ID_OUI_FROM_DATABASE=MyGregor Ltd + +OUI:0C86299* + ID_OUI_FROM_DATABASE=HONGKONG SAINT TECH INDUSTRIAL LIMITED + +OUI:0C8629A* + ID_OUI_FROM_DATABASE=Nipron Co.,Ltd + +OUI:0C8629B* + ID_OUI_FROM_DATABASE=Akribis Systems + +OUI:0C8629C* + ID_OUI_FROM_DATABASE=SHENZHEN YINGMU TECHNOLOGY.,LTD + +OUI:0C8629D* + ID_OUI_FROM_DATABASE=BEIJING BEIBIANZHIDA TECHNOLOGY CO.,LTD + +OUI:0C8629E* + ID_OUI_FROM_DATABASE=FX TECHNOLOGY LIMITED + +OUI:0C86C7* + ID_OUI_FROM_DATABASE=Jabil Circuit (Guangzhou) Limited + OUI:0C8910* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -42584,6 +42782,9 @@ OUI:0C8A87* OUI:0C8B7D* ID_OUI_FROM_DATABASE=Vizio, Inc +OUI:0C8B95* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:0C8BD3* ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED @@ -42623,6 +42824,9 @@ OUI:0C9043* OUI:0C9160* ID_OUI_FROM_DATABASE=Hui Zhou Gaoshengda Technology Co.,LTD +OUI:0C9192* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:0C924E* ID_OUI_FROM_DATABASE=Rice Lake Weighing Systems @@ -42647,6 +42851,9 @@ OUI:0C96CD* OUI:0C96E6* ID_OUI_FROM_DATABASE=Cloud Network Technology (Samoa) Limited +OUI:0C975F* + ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company + OUI:0C9838* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd @@ -42695,6 +42902,9 @@ OUI:0CAAEE* OUI:0CAC05* ID_OUI_FROM_DATABASE=Unitend Technologies Inc. +OUI:0CAC8A* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:0CAE7D* ID_OUI_FROM_DATABASE=Texas Instruments @@ -42758,6 +42968,9 @@ OUI:0CBC9F* OUI:0CBD51* ID_OUI_FROM_DATABASE=TCT mobile ltd +OUI:0CBEF1* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:0CBF15* ID_OUI_FROM_DATABASE=Genetec Inc. @@ -43029,7 +43242,7 @@ OUI:0CF893* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. OUI:0CF9C0* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:0CFC83* ID_OUI_FROM_DATABASE=Airoha Technology Corp., @@ -43127,6 +43340,9 @@ OUI:100645* OUI:1006ED* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:10071D* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:1007230* ID_OUI_FROM_DATABASE=RippleTek Tech Ltd @@ -43274,6 +43490,9 @@ OUI:101F74* OUI:102279* ID_OUI_FROM_DATABASE=ZeroDesktop, Inc. +OUI:102407* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:102779* ID_OUI_FROM_DATABASE=Sadel S.p.A. @@ -43436,6 +43655,9 @@ OUI:104A7D* OUI:104B46* ID_OUI_FROM_DATABASE=Mitsubishi Electric Corporation +OUI:104D15* + ID_OUI_FROM_DATABASE=Viaanix Inc + OUI:104D77* ID_OUI_FROM_DATABASE=Innovative Computer Engineering @@ -43466,6 +43688,12 @@ OUI:10521C* OUI:105403* ID_OUI_FROM_DATABASE=INTARSO GmbH +OUI:1054D20* + ID_OUI_FROM_DATABASE=GIPS Technology Co., Ltd. + +OUI:1054D21* + ID_OUI_FROM_DATABASE=Jiangxi Ofilm&Jvneng IoT Tech Co., Ltd. + OUI:1054D22* ID_OUI_FROM_DATABASE=ComNav Technology Ltd. @@ -43475,6 +43703,12 @@ OUI:1054D23* OUI:1054D24* ID_OUI_FROM_DATABASE=Raylogic Control Systems Private Limited +OUI:1054D25* + ID_OUI_FROM_DATABASE=Sybersense + +OUI:1054D26* + ID_OUI_FROM_DATABASE=Lanao Communication Technology Limited + OUI:1054D27* ID_OUI_FROM_DATABASE=SHENZHEN CARSAFE TECHNOLOGY DEVELOPMENT CO.,LTD @@ -43484,6 +43718,9 @@ OUI:1054D28* OUI:1054D29* ID_OUI_FROM_DATABASE=Bamboo Dynamics Corporation., Ltd. +OUI:1054D2A* + ID_OUI_FROM_DATABASE=Embion B.V. + OUI:1054D2B* ID_OUI_FROM_DATABASE=Shenzhen Dinstech Technology Co.,Ltd. @@ -43493,6 +43730,9 @@ OUI:1054D2C* OUI:1054D2D* ID_OUI_FROM_DATABASE=Sun wealth technology corporation limited +OUI:1054D2E* + ID_OUI_FROM_DATABASE=COSMO AIOT TECHNOLOGY CO LTD + OUI:1055E4* ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd @@ -43553,6 +43793,9 @@ OUI:1062E5* OUI:1062EB* ID_OUI_FROM_DATABASE=D-Link International +OUI:10634B* + ID_OUI_FROM_DATABASE=SHENZHEN MERCURY COMMUNICATION TECHNOLOGIES CO.,LTD. + OUI:1063C8* ID_OUI_FROM_DATABASE=Liteon Technology Corporation @@ -43589,12 +43832,18 @@ OUI:1070FD* OUI:107100* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:1071B3* + ID_OUI_FROM_DATABASE=Zyxel Communications Corporation + OUI:1071F9* ID_OUI_FROM_DATABASE=Cloud Telecomputers, LLC OUI:107223* ID_OUI_FROM_DATABASE=TELLESCOM INDUSTRIA E COMERCIO EM TELECOMUNICACAO +OUI:1073EB* + ID_OUI_FROM_DATABASE=Infiniti Electro-Optics + OUI:10746F* ID_OUI_FROM_DATABASE=MOTOROLA SOLUTIONS MALAYSIA SDN. BHD. @@ -43706,6 +43955,9 @@ OUI:1094BB* OUI:10954B* ID_OUI_FROM_DATABASE=Megabyte Ltd. +OUI:10961A* + ID_OUI_FROM_DATABASE=CHIPSEA TECHNOLOGIES (SHENZHEN) CORP. + OUI:109693* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -43757,6 +44009,9 @@ OUI:10A4DA* OUI:10A51D* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:10A562* + ID_OUI_FROM_DATABASE=Iton Technology Corp. + OUI:10A5D0* ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. @@ -43784,6 +44039,9 @@ OUI:10B1DF* OUI:10B1F8* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:10B232* + ID_OUI_FROM_DATABASE=Qingdao Intelligent&Precise Electronics Co.,Ltd. + OUI:10B26B* ID_OUI_FROM_DATABASE=base Co.,Ltd. @@ -43940,6 +44198,9 @@ OUI:10D7B0* OUI:10DA43* ID_OUI_FROM_DATABASE=NETGEAR +OUI:10DA49* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:10DC4A* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD @@ -44003,6 +44264,9 @@ OUI:10DF8B* OUI:10DFFC* ID_OUI_FROM_DATABASE=Siemens AG +OUI:10E177* + ID_OUI_FROM_DATABASE=ARRIS Group, Inc. + OUI:10E2D5* ID_OUI_FROM_DATABASE=Qi Hardware Inc. @@ -44051,6 +44315,9 @@ OUI:10EED9* OUI:10F005* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:10F068* + ID_OUI_FROM_DATABASE=Ruckus Wireless + OUI:10F163* ID_OUI_FROM_DATABASE=TNK CO.,LTD @@ -44069,6 +44336,9 @@ OUI:10F49A* OUI:10F605* ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. +OUI:10F60A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:10F681* ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. @@ -44165,6 +44435,9 @@ OUI:141114* OUI:14115D* ID_OUI_FROM_DATABASE=Skyworth Digital Technology(Shenzhen) Co.,Ltd +OUI:14130B* + ID_OUI_FROM_DATABASE=Garmin International + OUI:141330* ID_OUI_FROM_DATABASE=Anakreon UK LLP @@ -44318,6 +44591,9 @@ OUI:142C78* OUI:142D27* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:142D4D* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:142D8B* ID_OUI_FROM_DATABASE=Incipio Technologies, Inc @@ -44405,6 +44681,9 @@ OUI:144319* OUI:14444A* ID_OUI_FROM_DATABASE=Apollo Seiko Ltd. +OUI:14448F* + ID_OUI_FROM_DATABASE=Edgecore Networks Corporation + OUI:144658* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -44546,6 +44825,9 @@ OUI:145A83* OUI:145AFC* ID_OUI_FROM_DATABASE=Liteon Technology Corporation +OUI:145BB9* + ID_OUI_FROM_DATABASE=ConMet + OUI:145BD1* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -44603,6 +44885,9 @@ OUI:147373* OUI:147411* ID_OUI_FROM_DATABASE=RIM +OUI:14755B* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:147590* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -44693,6 +44978,9 @@ OUI:14942F* OUI:149448* ID_OUI_FROM_DATABASE=BLU CASTLE S.A. +OUI:14946C* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:1495CE* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -44717,6 +45005,9 @@ OUI:149B2F* OUI:149BD7* ID_OUI_FROM_DATABASE=MULI MUWAI FURNITURE QIDONG CO., LTD +OUI:149BF3* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:149D09* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -45023,12 +45314,18 @@ OUI:14EFCF* OUI:14F0C5* ID_OUI_FROM_DATABASE=Xtremio Ltd. +OUI:14F287* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:14F28E* ID_OUI_FROM_DATABASE=ShenYang ZhongKe-Allwin Technology Co.LTD OUI:14F42A* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:14F592* + ID_OUI_FROM_DATABASE=Shenzhen SDG DONZHI Technology Co., Ltd + OUI:14F65A* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd @@ -45242,6 +45539,9 @@ OUI:18339D* OUI:183451* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:1834AF* + ID_OUI_FROM_DATABASE=Kaonmedia CO., LTD. + OUI:1835D1* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -45278,6 +45578,9 @@ OUI:183A48* OUI:183BD2* ID_OUI_FROM_DATABASE=BYD Precision Manufacture Company Ltd. +OUI:183C98* + ID_OUI_FROM_DATABASE=Shenzhen Hengyi Technology Co., LTD + OUI:183CB7* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -45401,6 +45704,9 @@ OUI:184C08* OUI:184CAE* ID_OUI_FROM_DATABASE=CONTINENTAL +OUI:184E03* + ID_OUI_FROM_DATABASE=HMD Global Oy + OUI:184E16* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -45518,6 +45824,9 @@ OUI:1866DA* OUI:1866E3* ID_OUI_FROM_DATABASE=Veros Systems, Inc. +OUI:1866F0* + ID_OUI_FROM_DATABASE=Jupiter Systems + OUI:18673F* ID_OUI_FROM_DATABASE=Hanover Displays Limited @@ -45536,6 +45845,9 @@ OUI:186882* OUI:1868CB* ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. +OUI:1869D4* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:1869D8* ID_OUI_FROM_DATABASE=Tuya Smart Inc. @@ -45620,6 +45932,9 @@ OUI:1879A2* OUI:187A3B* ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company +OUI:187A3E* + ID_OUI_FROM_DATABASE=Silicon Laboratories + OUI:187A93* ID_OUI_FROM_DATABASE=AMICCOM Electronics Corporation @@ -45806,6 +46121,51 @@ OUI:18A3E8* OUI:18A4A9* ID_OUI_FROM_DATABASE=Vanu Inc. +OUI:18A59C0* + ID_OUI_FROM_DATABASE=Omwave + +OUI:18A59C1* + ID_OUI_FROM_DATABASE=Cuman + +OUI:18A59C2* + ID_OUI_FROM_DATABASE=Actiontec Electronics Inc. + +OUI:18A59C3* + ID_OUI_FROM_DATABASE=Beijing QS Medical Technology Co., Ltd. + +OUI:18A59C4* + ID_OUI_FROM_DATABASE=IT-1 + +OUI:18A59C5* + ID_OUI_FROM_DATABASE=Thermia AB + +OUI:18A59C6* + ID_OUI_FROM_DATABASE=INTEGRAL PLUS + +OUI:18A59C7* + ID_OUI_FROM_DATABASE=ePower Network Solution Co., Ltd. + +OUI:18A59C8* + ID_OUI_FROM_DATABASE=Residence Control Ltd + +OUI:18A59C9* + ID_OUI_FROM_DATABASE=estun automation co.,ltd + +OUI:18A59CA* + ID_OUI_FROM_DATABASE=Erba Lachema s.r.o. + +OUI:18A59CB* + ID_OUI_FROM_DATABASE=CAL-COMP INDUSTRIA E COMERCIO DE ELETRONICOS E INFORMATICA LTDA + +OUI:18A59CC* + ID_OUI_FROM_DATABASE=BlueEyes Technology + +OUI:18A59CD* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:18A59CE* + ID_OUI_FROM_DATABASE=BMC Messsysteme GmbH + OUI:18A6F7* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -45827,6 +46187,9 @@ OUI:18A9A6* OUI:18AA0F* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:18AA1E* + ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd + OUI:18AA45* ID_OUI_FROM_DATABASE=Fon Technology @@ -45860,6 +46223,9 @@ OUI:18AF9F* OUI:18B169* ID_OUI_FROM_DATABASE=Sonicwall +OUI:18B185* + ID_OUI_FROM_DATABASE=Qiao Information Technology (Zhengzhou) Co., Ltd. + OUI:18B209* ID_OUI_FROM_DATABASE=Torrey Pines Logic, Inc @@ -45890,12 +46256,18 @@ OUI:18B905* OUI:18B96E* ID_OUI_FROM_DATABASE=Dongguan Liesheng Electronic Co., Ltd. +OUI:18BB1C* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:18BB26* ID_OUI_FROM_DATABASE=FN-LINK TECHNOLOGY LIMITED OUI:18BB41* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:18BC57* + ID_OUI_FROM_DATABASE=ADVA Optical Networking Ltd. + OUI:18BC5A* ID_OUI_FROM_DATABASE=Zhejiang Tmall Technology Co., Ltd. @@ -45911,6 +46283,9 @@ OUI:18BF1C* OUI:18BFB3* ID_OUI_FROM_DATABASE=Samsung Electronics Co., Ltd., Memory Division +OUI:18C007* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:18C04D* ID_OUI_FROM_DATABASE=GIGA-BYTE TECHNOLOGY CO.,LTD. @@ -45932,6 +46307,9 @@ OUI:18C293* OUI:18C2BF* ID_OUI_FROM_DATABASE=BUFFALO.INC +OUI:18C300* + ID_OUI_FROM_DATABASE=Nokia + OUI:18C451* ID_OUI_FROM_DATABASE=Tucson Embedded Systems @@ -46103,6 +46481,9 @@ OUI:18E829* OUI:18E8DD* ID_OUI_FROM_DATABASE=MODULETEK +OUI:18E91D* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:18ECE7* ID_OUI_FROM_DATABASE=BUFFALO.INC @@ -46169,6 +46550,9 @@ OUI:18FC26* OUI:18FC9F* ID_OUI_FROM_DATABASE=Changhe Electronics Co., Ltd. +OUI:18FD74* + ID_OUI_FROM_DATABASE=Routerboard.com + OUI:18FDCB0* ID_OUI_FROM_DATABASE=Shenzhen Rui jiali Electronic Technology Co. Ltd. @@ -46244,6 +46628,12 @@ OUI:1C08C1* OUI:1C0B52* ID_OUI_FROM_DATABASE=EPICOM S.A +OUI:1C0D7D* + ID_OUI_FROM_DATABASE=Apple, Inc. + +OUI:1C0ED3* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:1C0FAF* ID_OUI_FROM_DATABASE=Lucid Vision Labs @@ -46511,9 +46901,15 @@ OUI:1C4593* OUI:1C45C2* ID_OUI_FROM_DATABASE=Huizhou City Sunsin lntelligent Technology Co.,Ltd +OUI:1C46D1* + ID_OUI_FROM_DATABASE=SKY UK LIMITED + OUI:1C472F* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:1C47F6* + ID_OUI_FROM_DATABASE=Zhidao Network Technology(Shenzhen) Co.,Ltd + OUI:1C4840* ID_OUI_FROM_DATABASE=IMS Messsysteme GmbH @@ -46580,6 +46976,51 @@ OUI:1C57D8* OUI:1C57DC* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:1C59740* + ID_OUI_FROM_DATABASE=Shenzhen Hanshine Technology Co.Ltd. + +OUI:1C59741* + ID_OUI_FROM_DATABASE=Logical Infrastructure PTY LTD + +OUI:1C59742* + ID_OUI_FROM_DATABASE=Chongqing Taishan Cable Co., Ltd + +OUI:1C59743* + ID_OUI_FROM_DATABASE=Jiangsu Welm Technology Co.,Ltd + +OUI:1C59744* + ID_OUI_FROM_DATABASE=Syntax technology(tianjin)Co.,LTD + +OUI:1C59745* + ID_OUI_FROM_DATABASE=Shenzhen Shi Fang Communication Technology Co., Ltd + +OUI:1C59746* + ID_OUI_FROM_DATABASE=Square Inc. + +OUI:1C59747* + ID_OUI_FROM_DATABASE=Lynxi Technologies Co.,Ltd. + +OUI:1C59748* + ID_OUI_FROM_DATABASE=Topway Global Technology Limited + +OUI:1C59749* + ID_OUI_FROM_DATABASE=Shanghai Laisi Information Technology Co.,Ltd + +OUI:1C5974A* + ID_OUI_FROM_DATABASE=Council Rock + +OUI:1C5974B* + ID_OUI_FROM_DATABASE=Beijing Flintec Electronic Technology Co.,Ltd. + +OUI:1C5974C* + ID_OUI_FROM_DATABASE=King-On Technology Ltd. + +OUI:1C5974D* + ID_OUI_FROM_DATABASE=Shenzhen Geshem Technology Co Ltd + +OUI:1C5974E* + ID_OUI_FROM_DATABASE=Globe Tracker ApS + OUI:1C599B* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -46619,6 +47060,9 @@ OUI:1C60D2* OUI:1C60DE* ID_OUI_FROM_DATABASE=MERCURY COMMUNICATION TECHNOLOGIES CO.,LTD. +OUI:1C61B4* + ID_OUI_FROM_DATABASE=TP-Link Corporation Limited + OUI:1C62B8* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -46700,6 +47144,9 @@ OUI:1C7508* OUI:1C76CA* ID_OUI_FROM_DATABASE=Terasic Technologies Inc. +OUI:1C76F2* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:1C77F6* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD @@ -47073,7 +47520,7 @@ OUI:1C9F4E* ID_OUI_FROM_DATABASE=COOSEA GROUP (HK) COMPANY LIMITED OUI:1CA0B8* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:1CA0D30* ID_OUI_FROM_DATABASE=OOO Tekhnotronika @@ -47168,6 +47615,9 @@ OUI:1CA0EFE* OUI:1CA2B1* ID_OUI_FROM_DATABASE=ruwido austria gmbh +OUI:1CA410* + ID_OUI_FROM_DATABASE=Amlogic, Inc. + OUI:1CA532* ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT @@ -47249,6 +47699,9 @@ OUI:1CAECB* OUI:1CAF05* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:1CAF4A* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:1CAFF7* ID_OUI_FROM_DATABASE=D-Link International @@ -47288,6 +47741,9 @@ OUI:1CBA8C* OUI:1CBBA8* ID_OUI_FROM_DATABASE=OJSC Ufimskiy Zavod Promsvyaz +OUI:1CBCEC* + ID_OUI_FROM_DATABASE=silex technology, Inc. + OUI:1CBD0E* ID_OUI_FROM_DATABASE=Amplified Engineering Pty Ltd @@ -47522,6 +47978,9 @@ OUI:1CEEC9* OUI:1CEEE8* ID_OUI_FROM_DATABASE=Ilshin Elecom +OUI:1CEF03* + ID_OUI_FROM_DATABASE=Guangzhou V-SOLUTION Electronic Technology Co., Ltd. + OUI:1CEFCE* ID_OUI_FROM_DATABASE=bebro electronic GmbH @@ -47543,6 +48002,9 @@ OUI:1CF4CA* OUI:1CF5E7* ID_OUI_FROM_DATABASE=Turtle Industry Co., Ltd. +OUI:1CF8D0* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:1CFA68* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -47612,12 +48074,18 @@ OUI:2002AF* OUI:20040F* ID_OUI_FROM_DATABASE=Dell Inc. +OUI:2004F3* + ID_OUI_FROM_DATABASE=Honor Device Co., Ltd. + OUI:200505* ID_OUI_FROM_DATABASE=RADMAX COMMUNICATION PRIVATE LIMITED OUI:2005E8* ID_OUI_FROM_DATABASE=OOO InProMedia +OUI:200889* + ID_OUI_FROM_DATABASE=zte corporation + OUI:2008ED* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -47669,6 +48137,9 @@ OUI:200A0DE* OUI:200A5E* ID_OUI_FROM_DATABASE=Xiangshan Giant Eagle Technology Developing Co., Ltd. +OUI:200B16* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:200BC7* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -47874,7 +48345,7 @@ OUI:2047DA* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd OUI:2047ED* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:204AAA* ID_OUI_FROM_DATABASE=Hanscan Spain S.A. @@ -47978,6 +48449,9 @@ OUI:206432* OUI:2064CB* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +OUI:2064DE* + ID_OUI_FROM_DATABASE=Sunitec Enterprise Co.,Ltd + OUI:20658E* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -48158,9 +48632,15 @@ OUI:208984* OUI:208986* ID_OUI_FROM_DATABASE=zte corporation +OUI:20898A* + ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd + OUI:208B37* ID_OUI_FROM_DATABASE=Skyworth Digital Technology(Shenzhen) Co.,Ltd +OUI:208BD1* + ID_OUI_FROM_DATABASE=NXP Semiconductor (Tianjin) LTD. + OUI:208C47* ID_OUI_FROM_DATABASE=Tenstorrent Inc @@ -48203,6 +48683,9 @@ OUI:209BCD* OUI:209BE6* ID_OUI_FROM_DATABASE=Guangzhou Shiyuan Electronic Technology Company Limited +OUI:209CB4* + ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company + OUI:209E79* ID_OUI_FROM_DATABASE=Universal Electronics, Inc. @@ -48545,6 +49028,9 @@ OUI:20F85E* OUI:20FABB* ID_OUI_FROM_DATABASE=Cambridge Executive Limited +OUI:20FADB* + ID_OUI_FROM_DATABASE=Huahao Kunpeng Technology (chengDu) Co.,Ltd. + OUI:20FDF1* ID_OUI_FROM_DATABASE=3COM EUROPE LTD @@ -48584,6 +49070,9 @@ OUI:2405F5* OUI:2406AA* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +OUI:2406F2* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:24085D* ID_OUI_FROM_DATABASE=Continental Aftermarket & Services GmbH @@ -48626,6 +49115,9 @@ OUI:240D6C* OUI:240DC2* ID_OUI_FROM_DATABASE=TCT mobile ltd +OUI:240F5E* + ID_OUI_FROM_DATABASE=Shenzhen z-router Technology Co., Ltd + OUI:240F9B* ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. @@ -48704,6 +49196,9 @@ OUI:24169D* OUI:24181D* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO-MECHANICS(THAILAND) +OUI:2418C0* + ID_OUI_FROM_DATABASE=E. Wehrle GmbH + OUI:2418C6* ID_OUI_FROM_DATABASE=HUNAN FN-LINK TECHNOLOGY LIMITED @@ -48737,6 +49232,9 @@ OUI:241F2C* OUI:241FA0* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:241FBD* + ID_OUI_FROM_DATABASE=Extreme Networks, Inc. + OUI:2420C7* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS @@ -48755,12 +49253,21 @@ OUI:242642* OUI:2426BA* ID_OUI_FROM_DATABASE=Shenzhen Toptel Technology Co., Ltd. +OUI:2426D6* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:2428FD* ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. +OUI:242934* + ID_OUI_FROM_DATABASE=Google, Inc. + OUI:2429FE* ID_OUI_FROM_DATABASE=KYOCERA Corporation +OUI:242CFE* + ID_OUI_FROM_DATABASE=Zhejiang Tmall Technology Co., Ltd. + OUI:242E02* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -48779,6 +49286,9 @@ OUI:243154* OUI:243184* ID_OUI_FROM_DATABASE=SHARP Corporation +OUI:2432AE* + ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. + OUI:24336C* ID_OUI_FROM_DATABASE=Private @@ -49046,6 +49556,9 @@ OUI:2469A5* OUI:246AAB* ID_OUI_FROM_DATABASE=IT-IS International +OUI:246C60* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:246C8A* ID_OUI_FROM_DATABASE=YUKAI Engineering @@ -49070,6 +49583,9 @@ OUI:247260* OUI:2474F7* ID_OUI_FROM_DATABASE=GoPro +OUI:24753A* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:247625* ID_OUI_FROM_DATABASE=Texas Instruments @@ -49221,7 +49737,7 @@ OUI:24A799* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. OUI:24A7DC* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:24A87D* ID_OUI_FROM_DATABASE=Panasonic Automotive Systems Asia Pacific(Thailand)Co.,Ltd. @@ -49346,6 +49862,9 @@ OUI:24CE33* OUI:24CF21* ID_OUI_FROM_DATABASE=Shenzhen State Micro Technology Co., Ltd +OUI:24CF24* + ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd + OUI:24D0DF* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -49445,6 +49964,9 @@ OUI:24EA40* OUI:24EB65* ID_OUI_FROM_DATABASE=SAET I.S. S.r.l. +OUI:24EBED* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:24EC51* ID_OUI_FROM_DATABASE=ADF Technologies Sdn Bhd @@ -49517,6 +50039,9 @@ OUI:24FD52* OUI:24FD5B* ID_OUI_FROM_DATABASE=SmartThings, Inc. +OUI:28011C* + ID_OUI_FROM_DATABASE=zte corporation + OUI:280244* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -49580,6 +50105,9 @@ OUI:2811A8* OUI:2811EC* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:281293* + ID_OUI_FROM_DATABASE=Honor Device Co., Ltd. + OUI:281471* ID_OUI_FROM_DATABASE=Lantis co., LTD. @@ -49856,6 +50384,12 @@ OUI:283B96* OUI:283CE4* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:283DC2* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + +OUI:283E0C* + ID_OUI_FROM_DATABASE=Preferred Robotics, Inc. + OUI:283E76* ID_OUI_FROM_DATABASE=Common Networks @@ -49913,6 +50447,9 @@ OUI:2852F9* OUI:28534E* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:2853E0* + ID_OUI_FROM_DATABASE=Sintela Ltd + OUI:285471* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -49976,6 +50513,9 @@ OUI:286AB8* OUI:286ABA* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:286B35* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:286C07* ID_OUI_FROM_DATABASE=XIAOMI Electronics,CO.,LTD @@ -49988,6 +50528,9 @@ OUI:286DCD* OUI:286ED4* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:286F40* + ID_OUI_FROM_DATABASE=Tonly Technology Co. Ltd + OUI:286F7F* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -50000,6 +50543,9 @@ OUI:2872C5* OUI:2872F0* ID_OUI_FROM_DATABASE=ATHENA +OUI:2874F5* + ID_OUI_FROM_DATABASE=Nokia Solutions and Networks GmbH & Co. KG + OUI:2875D8* ID_OUI_FROM_DATABASE=FUJIAN STAR-NET COMMUNICATION CO.,LTD @@ -50012,6 +50558,9 @@ OUI:2876CD* OUI:287777* ID_OUI_FROM_DATABASE=zte corporation +OUI:2877B1* + ID_OUI_FROM_DATABASE=Tri plus grupa d.o.o. + OUI:2877F1* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -50039,6 +50588,9 @@ OUI:288088* OUI:2880A2* ID_OUI_FROM_DATABASE=Novatel Wireless Solutions, Inc. +OUI:28827C* + ID_OUI_FROM_DATABASE=Bosch Automative products(Suzhou)Co.,Ltd Changzhou Branch + OUI:288335* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -50135,6 +50687,12 @@ OUI:28A241* OUI:28A24B* ID_OUI_FROM_DATABASE=Juniper Networks +OUI:28A331* + ID_OUI_FROM_DATABASE=Sierra Wireless + +OUI:28A53F* + ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. + OUI:28A574* ID_OUI_FROM_DATABASE=Miller Electric Mfg. Co. @@ -50243,6 +50801,9 @@ OUI:28BAB5* OUI:28BB59* ID_OUI_FROM_DATABASE=RNET Technologies, Inc. +OUI:28BC05* + ID_OUI_FROM_DATABASE=BLU Products Inc + OUI:28BC18* ID_OUI_FROM_DATABASE=SourcingOverseas Co. Ltd @@ -50255,6 +50816,9 @@ OUI:28BD89* OUI:28BE03* ID_OUI_FROM_DATABASE=TCT mobile ltd +OUI:28BE43* + ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. + OUI:28BE9B* ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. @@ -50268,7 +50832,7 @@ OUI:28C0DA* ID_OUI_FROM_DATABASE=Juniper Networks OUI:28C13C* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:28C21F* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO-MECHANICS(THAILAND) @@ -50330,6 +50894,9 @@ OUI:28CD4C* OUI:28CD9C* ID_OUI_FROM_DATABASE=Shenzhen Dynamax Software Development Co.,Ltd. +OUI:28CDC1* + ID_OUI_FROM_DATABASE=Raspberry Pi Trading Ltd + OUI:28CDC4* ID_OUI_FROM_DATABASE=CHONGQING FUGUI ELECTRONICS CO.,LTD. @@ -50537,9 +51104,15 @@ OUI:28F537D* OUI:28F537E* ID_OUI_FROM_DATABASE=Performance Motion Devices +OUI:28F5D1* + ID_OUI_FROM_DATABASE=ARRIS Group, Inc. + OUI:28F606* ID_OUI_FROM_DATABASE=Syes srl +OUI:28F7D6* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:28FA19* ID_OUI_FROM_DATABASE=Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd @@ -50660,6 +51233,9 @@ OUI:2C073C* OUI:2C0786* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:2C07F6* + ID_OUI_FROM_DATABASE=SKG Health Technologies Co., Ltd. + OUI:2C081C* ID_OUI_FROM_DATABASE=OVH @@ -50990,6 +51566,9 @@ OUI:2C3AE8* OUI:2C3AFD* ID_OUI_FROM_DATABASE=AVM Audiovisuelles Marketing und Computersysteme GmbH +OUI:2C3B70* + ID_OUI_FROM_DATABASE=AzureWave Technology Inc. + OUI:2C3BFD* ID_OUI_FROM_DATABASE=Netstor Technology Co., Ltd. @@ -51129,7 +51708,7 @@ OUI:2C54CF* ID_OUI_FROM_DATABASE=LG Electronics (Mobile Communications) OUI:2C553C* - ID_OUI_FROM_DATABASE=Gainspeed, Inc. + ID_OUI_FROM_DATABASE=Vecima Networks Inc. OUI:2C557C* ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd @@ -51188,6 +51767,9 @@ OUI:2C5FF3* OUI:2C600C* ID_OUI_FROM_DATABASE=Quanta Computer Inc. +OUI:2C60CD* + ID_OUI_FROM_DATABASE=NR ELECTRIC CO., LTD + OUI:2C6104* ID_OUI_FROM_DATABASE=SHENZHEN FENGLIAN TECHNOLOGY CO., LTD. @@ -51335,6 +51917,9 @@ OUI:2C8065* OUI:2C8158* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:2C8217* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:2C86D2* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -51356,6 +51941,9 @@ OUI:2C91AB* OUI:2C922C* ID_OUI_FROM_DATABASE=Kishu Giken Kogyou Company Ltd,. +OUI:2C93FB* + ID_OUI_FROM_DATABASE=Sercomm France Sarl + OUI:2C9464* ID_OUI_FROM_DATABASE=Cincoze Co., Ltd. @@ -51386,6 +51974,9 @@ OUI:2C9AA4* OUI:2C9D1E* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:2C9D65* + ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. + OUI:2C9E5F* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -51425,9 +52016,15 @@ OUI:2CA539* OUI:2CA59C* ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. +OUI:2CA774* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:2CA780* ID_OUI_FROM_DATABASE=True Technologies Inc. +OUI:2CA79E* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:2CA835* ID_OUI_FROM_DATABASE=RIM @@ -51629,6 +52226,9 @@ OUI:2CD974* OUI:2CDB07* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:2CDC78* + ID_OUI_FROM_DATABASE=Descartes Systems (USA) LLC + OUI:2CDCAD* ID_OUI_FROM_DATABASE=Wistron Neweb Corporation @@ -51713,6 +52313,9 @@ OUI:2CF89B* OUI:2CFAA2* ID_OUI_FROM_DATABASE=Alcatel-Lucent Enterprise +OUI:2CFC8B* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:2CFCE4* ID_OUI_FROM_DATABASE=CTEK Sweden AB @@ -51740,6 +52343,12 @@ OUI:2CFFEE* OUI:3003C8* ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +OUI:30045C* + ID_OUI_FROM_DATABASE=Shenzhen SuperElectron Technology Co.,Ltd. + +OUI:300505* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:30053F* ID_OUI_FROM_DATABASE=JTI Co.,Ltd. @@ -51980,6 +52589,9 @@ OUI:302952* OUI:3029BE* ID_OUI_FROM_DATABASE=Shanghai MRDcom Co.,Ltd +OUI:302BDC* + ID_OUI_FROM_DATABASE=Top-Unum Electronics Co., LTD + OUI:302DE8* ID_OUI_FROM_DATABASE=JDA, LLC (JDA Systems) @@ -52040,9 +52652,15 @@ OUI:303ABA* OUI:303D08* ID_OUI_FROM_DATABASE=GLINTT TES S.A. +OUI:303EA7* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:303EAD* ID_OUI_FROM_DATABASE=Sonavox Canada Inc +OUI:303F5D* + ID_OUI_FROM_DATABASE=PT HAN SUNG ELECTORONICS INDONESIA + OUI:303F7B* ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd @@ -52061,6 +52679,51 @@ OUI:304240* OUI:3042A1* ID_OUI_FROM_DATABASE=ilumisys Inc. DBA Toggled +OUI:3043D70* + ID_OUI_FROM_DATABASE=SYMES SA + +OUI:3043D71* + ID_OUI_FROM_DATABASE=Shenzhen juduoping Technology Co.,Ltd + +OUI:3043D72* + ID_OUI_FROM_DATABASE=Apollo Infoways Private Limited + +OUI:3043D73* + ID_OUI_FROM_DATABASE=Luxshare Electronic Technology (Kunshan) LTD + +OUI:3043D74* + ID_OUI_FROM_DATABASE=FIBERME COMMUNICATIONS LLC + +OUI:3043D75* + ID_OUI_FROM_DATABASE=Shenzhen Mees Hi-Tech Co., Ltd + +OUI:3043D76* + ID_OUI_FROM_DATABASE=Sprocomm Technologies Co., Ltd.Guangming Branch + +OUI:3043D77* + ID_OUI_FROM_DATABASE=DIGICITI Technology Co.,Ltd + +OUI:3043D78* + ID_OUI_FROM_DATABASE=Kesu (Shanghai) Electronic Technology Co., Ltd + +OUI:3043D79* + ID_OUI_FROM_DATABASE=PK Solutions LLC + +OUI:3043D7A* + ID_OUI_FROM_DATABASE=Bodhi + +OUI:3043D7B* + ID_OUI_FROM_DATABASE=Motec GmbH + +OUI:3043D7C* + ID_OUI_FROM_DATABASE=Xiaoniu network technology (Shanghai) Co., Ltd. + +OUI:3043D7D* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:3043D7E* + ID_OUI_FROM_DATABASE=Guangdong Hongqin Telecom Technology Co. Ltd. + OUI:304449* ID_OUI_FROM_DATABASE=PLATH GmbH @@ -52223,6 +52886,9 @@ OUI:306118* OUI:30636B* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:306371* + ID_OUI_FROM_DATABASE=Shenzhenshi Xinzhongxin Technology Co.Ltd + OUI:3065EC* ID_OUI_FROM_DATABASE=Wistron (ChongQing) @@ -52301,6 +52967,9 @@ OUI:307CB2* OUI:307ECB* ID_OUI_FROM_DATABASE=SFR +OUI:307F10* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:30809B* ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd @@ -52334,6 +53003,9 @@ OUI:308841* OUI:308944* ID_OUI_FROM_DATABASE=DEVA Broadcast Ltd. +OUI:30894A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:308976* ID_OUI_FROM_DATABASE=DALIAN LAMBA TECHNOLOGY CO.,LTD @@ -52388,6 +53060,9 @@ OUI:3095E3* OUI:309610* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:30963B* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:3096FB* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -52511,6 +53186,9 @@ OUI:30B930* OUI:30B9B0* ID_OUI_FROM_DATABASE=Intracom Asia Co., Ltd +OUI:30BB7D* + ID_OUI_FROM_DATABASE=OnePlus Technology (Shenzhen) Co., Ltd + OUI:30BE3B* ID_OUI_FROM_DATABASE=Mitsubishi Electric Corporation @@ -52541,6 +53219,9 @@ OUI:30C82A* OUI:30C9AB* ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +OUI:30CB36* + ID_OUI_FROM_DATABASE=Belden Singapore Pte. Ltd. + OUI:30CBC7* ID_OUI_FROM_DATABASE=Cambium Networks Limited @@ -52599,7 +53280,7 @@ OUI:30DF8D* ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT OUI:30E090* - ID_OUI_FROM_DATABASE=Linctronix Ltd, + ID_OUI_FROM_DATABASE=Genevisio Ltd. OUI:30E171* ID_OUI_FROM_DATABASE=Hewlett Packard @@ -52625,6 +53306,9 @@ OUI:30E4DB* OUI:30E7BC* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +OUI:30E8E4* + ID_OUI_FROM_DATABASE=Qorvo International Pte. Ltd. + OUI:30E98E* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -52919,6 +53603,9 @@ OUI:34243E* OUI:34255D* ID_OUI_FROM_DATABASE=Shenzhen Loadcom Technology Co.,Ltd +OUI:3425BE* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:342606* ID_OUI_FROM_DATABASE=CarePredict, Inc. @@ -53042,6 +53729,9 @@ OUI:3438AF* OUI:3438B7* ID_OUI_FROM_DATABASE=HUMAX Co., Ltd. +OUI:343A20* + ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company + OUI:343D98* ID_OUI_FROM_DATABASE=JinQianMao Technology Co.,Ltd. @@ -53162,6 +53852,9 @@ OUI:345D10* OUI:345D9E* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:345DA8* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:3460F9* ID_OUI_FROM_DATABASE=TP-Link Corporation Limited @@ -53318,6 +54011,9 @@ OUI:3484E4* OUI:348511* ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd +OUI:348518* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:348584* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. @@ -53351,6 +54047,9 @@ OUI:348F27* OUI:34916F* ID_OUI_FROM_DATABASE=UserGate Ltd. +OUI:3492C2* + ID_OUI_FROM_DATABASE=Square Route Co., Ltd. + OUI:349342* ID_OUI_FROM_DATABASE=TTE Corporation @@ -53456,6 +54155,12 @@ OUI:34AB37* OUI:34AB95* ID_OUI_FROM_DATABASE=Espressif Inc. +OUI:34AC11* + ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. + +OUI:34AD61* + ID_OUI_FROM_DATABASE=CELESTICA INC. + OUI:34ADE4* ID_OUI_FROM_DATABASE=Shanghai Chint Power Systems Co., Ltd. @@ -53513,6 +54218,9 @@ OUI:34BB26* OUI:34BCA6* ID_OUI_FROM_DATABASE=Beijing Ding Qing Technology, Ltd. +OUI:34BD20* + ID_OUI_FROM_DATABASE=Hangzhou Hikrobot Technology Co., Ltd. + OUI:34BDC8* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -53585,6 +54293,9 @@ OUI:34CE69* OUI:34CE94* ID_OUI_FROM_DATABASE=Parsec (Pty) Ltd +OUI:34CF6C* + ID_OUI_FROM_DATABASE=Hangzhou Taili wireless communication equipment Co.,Ltd + OUI:34CFF6* ID_OUI_FROM_DATABASE=Intel Corporate @@ -53675,6 +54386,9 @@ OUI:34DB9C* OUI:34DBFD* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:34DD04* + ID_OUI_FROM_DATABASE=Minut AB + OUI:34DD7E* ID_OUI_FROM_DATABASE=Umeox Innovations Co.,Ltd @@ -53789,6 +54503,9 @@ OUI:34ED0B* OUI:34ED1B* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:34EE2A* + ID_OUI_FROM_DATABASE=ConMet + OUI:34EF44* ID_OUI_FROM_DATABASE=2Wire Inc @@ -53852,6 +54569,9 @@ OUI:34FCEF* OUI:34FD6A* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:34FE1C* + ID_OUI_FROM_DATABASE=CHOUNG HWA TECH CO.,LTD + OUI:34FE77* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -53903,6 +54623,9 @@ OUI:3809A4* OUI:380A0A* ID_OUI_FROM_DATABASE=Sky-City Communication and Electronics Limited Company +OUI:380A4F* + ID_OUI_FROM_DATABASE=PRACHI ENTERPRISES + OUI:380A94* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -53936,6 +54659,9 @@ OUI:3810D5* OUI:3810F0* ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company +OUI:38127B* + ID_OUI_FROM_DATABASE=Crenet Labs Co., Ltd. + OUI:381428* ID_OUI_FROM_DATABASE=Dell Inc. @@ -53984,6 +54710,51 @@ OUI:381DD9* OUI:381EC7* ID_OUI_FROM_DATABASE=Chipsea Technologies(Shenzhen) Corp. +OUI:381F260* + ID_OUI_FROM_DATABASE=JAESUNG INFORMATION & COMMUNICATION CO.LTD + +OUI:381F261* + ID_OUI_FROM_DATABASE=SERNET (SUZHOU) TECHNOLOGIES CORPORATION + +OUI:381F262* + ID_OUI_FROM_DATABASE=Synamedia + +OUI:381F263* + ID_OUI_FROM_DATABASE=Bosch Automotive Electronics India Pvt. Ltd. + +OUI:381F264* + ID_OUI_FROM_DATABASE=Airmaster A/S + +OUI:381F265* + ID_OUI_FROM_DATABASE=Zhejiang Huazhou Intelligent Equipment Co,. Ltd + +OUI:381F266* + ID_OUI_FROM_DATABASE=NOITAC sp. z o.o. sp.k. + +OUI:381F267* + ID_OUI_FROM_DATABASE=RCE systems s.r.o. + +OUI:381F268* + ID_OUI_FROM_DATABASE=Avon Protection + +OUI:381F269* + ID_OUI_FROM_DATABASE=SMS Evoko Group AB + +OUI:381F26A* + ID_OUI_FROM_DATABASE=Sercomm Corporation. + +OUI:381F26B* + ID_OUI_FROM_DATABASE=Deutronic Elektronik GmbH + +OUI:381F26C* + ID_OUI_FROM_DATABASE=Jade Bird Fire Co., Ltd. + +OUI:381F26D* + ID_OUI_FROM_DATABASE=HWACHANG CORPORATION + +OUI:381F26E* + ID_OUI_FROM_DATABASE=Annapurna labs + OUI:381F8D* ID_OUI_FROM_DATABASE=Tuya Smart Inc. @@ -54011,6 +54782,9 @@ OUI:3822D6* OUI:3822E2* ID_OUI_FROM_DATABASE=HP Inc. +OUI:3822F4* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:38256B* ID_OUI_FROM_DATABASE=Microsoft Mobile Oy @@ -54221,6 +54995,9 @@ OUI:385B44* OUI:385C76* ID_OUI_FROM_DATABASE=PLANTRONICS, INC. +OUI:385CFB* + ID_OUI_FROM_DATABASE=Silicon Laboratories + OUI:385F66* ID_OUI_FROM_DATABASE=Cisco SPVTG @@ -54257,6 +55034,9 @@ OUI:386893* OUI:3868A4* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,LTD +OUI:3868BE* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:3868DD* ID_OUI_FROM_DATABASE=INVENTEC CORPORATION @@ -54371,6 +55151,9 @@ OUI:388479* OUI:388602* ID_OUI_FROM_DATABASE=Flexoptix GmbH +OUI:3886F7* + ID_OUI_FROM_DATABASE=Google, Inc. + OUI:3887D5* ID_OUI_FROM_DATABASE=Intel Corporate @@ -54407,12 +55190,18 @@ OUI:388E7A* OUI:388EE7* ID_OUI_FROM_DATABASE=Fanhattan LLC +OUI:388F30* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:389052* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD OUI:3890A5* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:3891B7* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:3891D5* ID_OUI_FROM_DATABASE=Hangzhou H3C Technologies Co., Limited @@ -54464,6 +55253,9 @@ OUI:38A067* OUI:38A28C* ID_OUI_FROM_DATABASE=SHENZHEN RF-LINK TECHNOLOGY CO.,LTD. +OUI:38A44B* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:38A4ED* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd @@ -54477,7 +55269,7 @@ OUI:38A659* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS OUI:38A6CE* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:38A851* ID_OUI_FROM_DATABASE=Moog, Ing @@ -54542,6 +55334,9 @@ OUI:38A9EA* OUI:38AA3C* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO MECHANICS CO., LTD. +OUI:38AB41* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:38AC3D* ID_OUI_FROM_DATABASE=Nephos Inc @@ -54809,6 +55604,9 @@ OUI:38E595* OUI:38E60A* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd +OUI:38E7C0* + ID_OUI_FROM_DATABASE=Hui Zhou Gaoshengda Technology Co.,LTD + OUI:38E7D8* ID_OUI_FROM_DATABASE=HTC Corporation @@ -54849,7 +55647,7 @@ OUI:38F098* ID_OUI_FROM_DATABASE=Vapor Stone Rail Systems OUI:38F0C8* - ID_OUI_FROM_DATABASE=Mevo Inc. + ID_OUI_FROM_DATABASE=Logitech OUI:38F135* ID_OUI_FROM_DATABASE=SensorTec-Canada @@ -54962,6 +55760,9 @@ OUI:38FB14* OUI:38FC98* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:38FDF5* + ID_OUI_FROM_DATABASE=Renesas Electronics (Penang) Sdn. Bhd. + OUI:38FDF8* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -55058,6 +55859,9 @@ OUI:3C08F6* OUI:3C096D* ID_OUI_FROM_DATABASE=Powerhouse Dynamics +OUI:3C0B4F* + ID_OUI_FROM_DATABASE=Yandex Services AG + OUI:3C0C48* ID_OUI_FROM_DATABASE=Servergy, Inc. @@ -55202,6 +56006,9 @@ OUI:3C25D7* OUI:3C26D5* ID_OUI_FROM_DATABASE=Sotera Wireless +OUI:3C26E4* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:3C2763* ID_OUI_FROM_DATABASE=SLE quality engineering GmbH & Co. KG @@ -55377,7 +56184,10 @@ OUI:3C438E* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. OUI:3C457A* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED + +OUI:3C4645* + ID_OUI_FROM_DATABASE=Shanghai Infinity Wireless Technologies Co.,Ltd. OUI:3C46D8* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -55406,6 +56216,9 @@ OUI:3C4DBE* OUI:3C4E47* ID_OUI_FROM_DATABASE=Etronic A/S +OUI:3C4E56* + ID_OUI_FROM_DATABASE=SHENZHEN CHUANGWEI-RGB ELECTRONICS CO.,LTD + OUI:3C510E* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -55493,6 +56306,9 @@ OUI:3C678C* OUI:3C6816* ID_OUI_FROM_DATABASE=VXi Corporation +OUI:3C69D1* + ID_OUI_FROM_DATABASE=ADC Automotive Distance Control System GmbH + OUI:3C6A2C0* ID_OUI_FROM_DATABASE=Rio Lago Technologies LLC @@ -55613,6 +56429,9 @@ OUI:3C80AA* OUI:3C81D8* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:3C82C0* + ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. + OUI:3C831E* ID_OUI_FROM_DATABASE=CKD Corporation @@ -55641,7 +56460,7 @@ OUI:3C8970* ID_OUI_FROM_DATABASE=Neosfar OUI:3C8994* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:3C89A6* ID_OUI_FROM_DATABASE=KAPELSE @@ -55734,7 +56553,7 @@ OUI:3C9D56* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD OUI:3C9EC7* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:3C9F81* ID_OUI_FROM_DATABASE=Shenzhen CATIC Bit Communications Technology Co.,Ltd @@ -55898,6 +56717,9 @@ OUI:3CCD5D* OUI:3CCD93* ID_OUI_FROM_DATABASE=LG ELECTRONICS INC +OUI:3CCE0D* + ID_OUI_FROM_DATABASE=Shenzhen juduoping Technology Co.,Ltd + OUI:3CCE15* ID_OUI_FROM_DATABASE=Mercedes-Benz USA, LLC @@ -55955,6 +56777,9 @@ OUI:3CDFBD* OUI:3CE038* ID_OUI_FROM_DATABASE=Omnifi Inc. +OUI:3CE064* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:3CE072* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -55982,6 +56807,9 @@ OUI:3CE624* OUI:3CE824* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:3CE90E* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:3CE9F7* ID_OUI_FROM_DATABASE=Intel Corporate @@ -56096,6 +56924,9 @@ OUI:3CFB96* OUI:3CFDFE* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:3CFEAC* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:3CFFD8* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -56138,6 +56969,9 @@ OUI:400E67* OUI:400E85* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO-MECHANICS(THAILAND) +OUI:400EF3* + ID_OUI_FROM_DATABASE=zte corporation + OUI:4011750* ID_OUI_FROM_DATABASE=Lexi Devices, Inc. @@ -56237,6 +57071,12 @@ OUI:401C83* OUI:401D59* ID_OUI_FROM_DATABASE=Biometric Associates, LP +OUI:402230* + ID_OUI_FROM_DATABASE=Shenzhen SuperElectron Technology Co.,Ltd. + +OUI:4022D8* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:4022ED* ID_OUI_FROM_DATABASE=Digital Projection Ltd @@ -56339,9 +57179,15 @@ OUI:40331A* OUI:40336C* ID_OUI_FROM_DATABASE=Godrej & Boyce Mfg. co. ltd +OUI:4035E6* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:4037AD* ID_OUI_FROM_DATABASE=Macro Image Technology, Inc. +OUI:403B7B* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:403CFC* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -56372,6 +57218,9 @@ OUI:404101* OUI:404229* ID_OUI_FROM_DATABASE=Layer3TV, Inc +OUI:404244* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:4044FD* ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. @@ -56504,6 +57353,9 @@ OUI:405D82* OUI:405EE1* ID_OUI_FROM_DATABASE=Shenzhen H&T Intelligent Control Co.,Ltd. +OUI:405EF6* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:405F7D* ID_OUI_FROM_DATABASE=TCT mobile ltd @@ -56654,6 +57506,9 @@ OUI:408C4C* OUI:408D5C* ID_OUI_FROM_DATABASE=GIGA-BYTE TECHNOLOGY CO.,LTD. +OUI:408EDF* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:408F9D* ID_OUI_FROM_DATABASE=Juniper Networks @@ -56798,6 +57653,9 @@ OUI:40AC8D* OUI:40ACBF* ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. +OUI:40B02F* + ID_OUI_FROM_DATABASE=Miele & Cie. KG + OUI:40B034* ID_OUI_FROM_DATABASE=Hewlett Packard @@ -56888,6 +57746,9 @@ OUI:40BF17* OUI:40C245* ID_OUI_FROM_DATABASE=Shenzhen Hexicom Technology Co., Ltd. +OUI:40C3BC* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:40C3C6* ID_OUI_FROM_DATABASE=SnapRoute @@ -56963,6 +57824,9 @@ OUI:40D63C* OUI:40D855* ID_OUI_FROM_DATABASE=IEEE Registration Authority +OUI:40D95A* + ID_OUI_FROM_DATABASE=AMPAK Technology,Inc. + OUI:40DC9D* ID_OUI_FROM_DATABASE=HAJEN @@ -56981,6 +57845,9 @@ OUI:40DEAD* OUI:40DF02* ID_OUI_FROM_DATABASE=LINE BIZ Plus +OUI:40E171* + ID_OUI_FROM_DATABASE=Jiangsu Huitong Group Co.,Ltd. + OUI:40E1E4* ID_OUI_FROM_DATABASE=Nokia Solutions and Networks GmbH & Co. KG @@ -57158,6 +58025,9 @@ OUI:40F52E* OUI:40F6BC* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. +OUI:40F8DF* + ID_OUI_FROM_DATABASE=CANON INC. + OUI:40F946* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -57341,6 +58211,9 @@ OUI:4427F3* OUI:4428A3* ID_OUI_FROM_DATABASE=Jiangsu fulian Communication Technology Co., Ltd. +OUI:44291E* + ID_OUI_FROM_DATABASE=AltoBeam (China) Inc. + OUI:442938* ID_OUI_FROM_DATABASE=NietZsche enterprise Co.Ltd. @@ -57362,6 +58235,9 @@ OUI:443192* OUI:44322A* ID_OUI_FROM_DATABASE=Avaya Inc +OUI:4432C2* + ID_OUI_FROM_DATABASE=GOAL Co., Ltd. + OUI:4432C8* ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. @@ -57405,7 +58281,7 @@ OUI:443C88* ID_OUI_FROM_DATABASE=FICOSA MAROC INTERNATIONAL OUI:443C9C* - ID_OUI_FROM_DATABASE=Pintsch Tiefenbach GmbH + ID_OUI_FROM_DATABASE=Pintsch GmbH OUI:443D21* ID_OUI_FROM_DATABASE=Nuvolt @@ -57584,6 +58460,9 @@ OUI:446D57* OUI:446D6C* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:446D7F* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:446EE5* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -57701,6 +58580,9 @@ OUI:4487DB* OUI:4487FC* ID_OUI_FROM_DATABASE=Elitegroup Computer Systems Co.,Ltd. +OUI:448816* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:4488CB* ID_OUI_FROM_DATABASE=Camco Technologies NV @@ -57905,6 +58787,9 @@ OUI:44B433* OUI:44B462* ID_OUI_FROM_DATABASE=Flextronics Tech.(Ind) Pvt Ltd +OUI:44B4B2* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:44B6BE* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -58211,6 +59096,9 @@ OUI:48022A* OUI:480286* ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. +OUI:4802AF* + ID_OUI_FROM_DATABASE=Telit Communication s.p.a + OUI:480362* ID_OUI_FROM_DATABASE=DESAY ELECTRONICS(HUIZHOU)CO.,LTD @@ -58349,6 +59237,12 @@ OUI:4826E8* OUI:482759* ID_OUI_FROM_DATABASE=Levven Electronics Ltd. +OUI:4827C5* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + +OUI:4827E2* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:4827EA* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -58439,6 +59333,9 @@ OUI:4844F7* OUI:484520* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:48468D* + ID_OUI_FROM_DATABASE=Zepcam B.V. + OUI:4846C1* ID_OUI_FROM_DATABASE=FN-LINK TECHNOLOGY LIMITED @@ -58514,6 +59411,9 @@ OUI:48555F* OUI:485702* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:4857D2* + ID_OUI_FROM_DATABASE=Broadcom Limited + OUI:4857DD* ID_OUI_FROM_DATABASE=Facebook Inc @@ -58640,6 +59540,9 @@ OUI:486FD2* OUI:48701E* ID_OUI_FROM_DATABASE=Texas Instruments +OUI:48706F* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:487119* ID_OUI_FROM_DATABASE=SGB GROUP LTD. @@ -58778,6 +59681,9 @@ OUI:489A42* OUI:489BD5* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. +OUI:489BE0* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:489BE2* ID_OUI_FROM_DATABASE=SCI Innovations Ltd @@ -58850,6 +59756,9 @@ OUI:48AA5D* OUI:48AD08* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:48AD9A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:48B02D* ID_OUI_FROM_DATABASE=NVIDIA Corporation @@ -58862,6 +59771,9 @@ OUI:48B25D* OUI:48B423* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. +OUI:48B4C3* + ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company + OUI:48B5A7* ID_OUI_FROM_DATABASE=Glory Horse Industries Ltd. @@ -58937,6 +59849,9 @@ OUI:48CAC6* OUI:48CB6E* ID_OUI_FROM_DATABASE=Cello Electronics (UK) Ltd +OUI:48CDD3* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:48D0CF* ID_OUI_FROM_DATABASE=Universal Electronics, Inc. @@ -58994,6 +59909,9 @@ OUI:48DB50* OUI:48DC2D* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:48DC9D* + ID_OUI_FROM_DATABASE=Grandprint(Beijing) Technology Co., LTD. + OUI:48DCFB* ID_OUI_FROM_DATABASE=Nokia Corporation @@ -59153,6 +60071,9 @@ OUI:4C09B4* OUI:4C09D4* ID_OUI_FROM_DATABASE=Arcadyan Technology Corporation +OUI:4C09FA* + ID_OUI_FROM_DATABASE=FRONTIER SMART TECHNOLOGIES LTD + OUI:4C0A3D* ID_OUI_FROM_DATABASE=ADNACOM INC. @@ -59267,6 +60188,12 @@ OUI:4C2C80* OUI:4C2C83* ID_OUI_FROM_DATABASE=Zhejiang KaNong Network Technology Co.,Ltd. +OUI:4C2E5E* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + +OUI:4C2EB4* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:4C2EFE* ID_OUI_FROM_DATABASE=Shenzhen Comnect Technology Co.,LTD @@ -59279,6 +60206,9 @@ OUI:4C2FD7* OUI:4C3089* ID_OUI_FROM_DATABASE=Thales Transportation Systems GmbH +OUI:4C312D* + ID_OUI_FROM_DATABASE=Sichuan AI-Link Technology Co., Ltd. + OUI:4C322D* ID_OUI_FROM_DATABASE=TELEDATA NETWORKS @@ -59420,6 +60350,9 @@ OUI:4C5262* OUI:4C52EC* ID_OUI_FROM_DATABASE=SOLARWATT GmbH +OUI:4C5369* + ID_OUI_FROM_DATABASE=YanFeng Visteon(ChongQing) Automotive Electronic Co.,Ltd + OUI:4C53FD* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -59471,6 +60404,9 @@ OUI:4C617E* OUI:4C6255* ID_OUI_FROM_DATABASE=SANMINA-SCI SYSTEM DE MEXICO S.A. DE C.V. +OUI:4C627B* + ID_OUI_FROM_DATABASE=SmartCow AI Technologies Taiwan Ltd. + OUI:4C6371* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd @@ -59556,11 +60492,14 @@ OUI:4C7167* ID_OUI_FROM_DATABASE=PoLabs d.o.o. OUI:4C7274* - ID_OUI_FROM_DATABASE=shenzhenshi xinzhongxin Technology Co.Ltd + ID_OUI_FROM_DATABASE=Shenzhenshi Xinzhongxin Technology Co.Ltd OUI:4C72B9* ID_OUI_FROM_DATABASE=PEGATRON CORPORATION +OUI:4C734F* + ID_OUI_FROM_DATABASE=Juniper Networks + OUI:4C7367* ID_OUI_FROM_DATABASE=Genius Bytes Software Solutions GmbH @@ -59774,6 +60713,12 @@ OUI:4C962D* OUI:4C98EF* ID_OUI_FROM_DATABASE=Zeo +OUI:4C9D22* + ID_OUI_FROM_DATABASE=ACES Co.,Ltd + +OUI:4C9E6C* + ID_OUI_FROM_DATABASE=BROADEX TECHNOLOGIES CO.LTD + OUI:4C9E80* ID_OUI_FROM_DATABASE=KYOKKO ELECTRIC Co., Ltd. @@ -60020,6 +60965,9 @@ OUI:4CD08A* OUI:4CD0CB* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:4CD0DD* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:4CD1A1* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -60380,6 +61328,9 @@ OUI:502690* OUI:5027C7* ID_OUI_FROM_DATABASE=TECHNART Co.,Ltd +OUI:50284A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:502873* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -60455,6 +61406,9 @@ OUI:5033F0* OUI:50382F* ID_OUI_FROM_DATABASE=ASE Group Chung-Li +OUI:50392F* + ID_OUI_FROM_DATABASE=INGRAM MICRO SERVICES + OUI:503955* ID_OUI_FROM_DATABASE=Cisco SPVTG @@ -60503,6 +61457,9 @@ OUI:50411C* OUI:5041B9* ID_OUI_FROM_DATABASE=I-O DATA DEVICE,INC. +OUI:504289* + ID_OUI_FROM_DATABASE=zte corporation + OUI:504348* ID_OUI_FROM_DATABASE=ThingsMatrix Inc. @@ -60713,6 +61670,9 @@ OUI:5067F0* OUI:50680A* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:5068AC* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:506A03* ID_OUI_FROM_DATABASE=NETGEAR @@ -60741,7 +61701,7 @@ OUI:506F9A* ID_OUI_FROM_DATABASE=Wi-Fi Alliance OUI:507043* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:507097* ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. @@ -60908,6 +61868,9 @@ OUI:509F3B* OUI:50A009* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd +OUI:50A015* + ID_OUI_FROM_DATABASE=Shenzhen Yipingfang Network Technology Co., Ltd. + OUI:50A0300* ID_OUI_FROM_DATABASE=Gopod Group Limited @@ -61091,6 +62054,9 @@ OUI:50C006* OUI:50C0F0* ID_OUI_FROM_DATABASE=Artek Microelectronics Co.,Ltd. +OUI:50C1F0* + ID_OUI_FROM_DATABASE=NXP Semiconductor (Tianjin) LTD. + OUI:50C271* ID_OUI_FROM_DATABASE=SECURETECH INC @@ -61184,6 +62150,9 @@ OUI:50DAD6* OUI:50DB3F* ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT +OUI:50DCD0* + ID_OUI_FROM_DATABASE=Observint Technologies, Inc. + OUI:50DCE7* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -61265,6 +62234,9 @@ OUI:50E24E* OUI:50E549* ID_OUI_FROM_DATABASE=GIGA-BYTE TECHNOLOGY CO.,LTD. +OUI:50E636* + ID_OUI_FROM_DATABASE=AVM Audiovisuelles Marketing und Computersysteme GmbH + OUI:50E666* ID_OUI_FROM_DATABASE=Shenzhen Techtion Electronics Co., Ltd. @@ -61313,6 +62285,9 @@ OUI:50F0D3* OUI:50F14A* ID_OUI_FROM_DATABASE=Texas Instruments +OUI:50F261* + ID_OUI_FROM_DATABASE=Photon Sail Technologies + OUI:50F43C* ID_OUI_FROM_DATABASE=Leeo Inc @@ -61368,7 +62343,7 @@ OUI:50FF990* ID_OUI_FROM_DATABASE=Simicon OUI:50FF991* - ID_OUI_FROM_DATABASE=Coyote Sytem + ID_OUI_FROM_DATABASE=COYOTE SYSTEM OUI:50FF992* ID_OUI_FROM_DATABASE=SHENZHEN KINGVT ELECTRONICS CO.,LTD @@ -61571,6 +62546,9 @@ OUI:542BDE* OUI:542CEA* ID_OUI_FROM_DATABASE=PROTECTRON +OUI:542F04* + ID_OUI_FROM_DATABASE=Shanghai Longcheer Technology Co., Ltd. + OUI:542F89* ID_OUI_FROM_DATABASE=Euclid Laboratories, Inc. @@ -61580,6 +62558,9 @@ OUI:542F8A* OUI:543131* ID_OUI_FROM_DATABASE=Raster Vision Ltd +OUI:5431D4* + ID_OUI_FROM_DATABASE=TGW Mechanics GmbH + OUI:5433CB* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -61613,6 +62594,9 @@ OUI:543B30* OUI:543D37* ID_OUI_FROM_DATABASE=Ruckus Wireless +OUI:543D92* + ID_OUI_FROM_DATABASE=WIRELESS-TEK TECHNOLOGY LIMITED + OUI:543E64* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD @@ -61622,12 +62606,18 @@ OUI:5440AD* OUI:544249* ID_OUI_FROM_DATABASE=Sony Corporation +OUI:5443B2* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:544408* ID_OUI_FROM_DATABASE=Nokia Corporation OUI:5444A3* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:544538* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:544617* ID_OUI_FROM_DATABASE=zte corporation @@ -61790,6 +62780,9 @@ OUI:54778A* OUI:54781A* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:5478C9* + ID_OUI_FROM_DATABASE=AMPAK Technology,Inc. + OUI:547975* ID_OUI_FROM_DATABASE=Nokia Corporation @@ -62036,6 +63029,9 @@ OUI:54A6DB* OUI:54A703* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. +OUI:54A9C8* + ID_OUI_FROM_DATABASE=Home Control Singapore Pte Ltd + OUI:54A9D4* ID_OUI_FROM_DATABASE=Minibar Systems @@ -62198,6 +63194,9 @@ OUI:54E061* OUI:54E140* ID_OUI_FROM_DATABASE=INGENICO +OUI:54E15B* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:54E1AD* ID_OUI_FROM_DATABASE=LCFC(HeFei) Electronics Technology co., ltd @@ -62309,6 +63308,9 @@ OUI:54FF82* OUI:54FFCF* ID_OUI_FROM_DATABASE=Mopria Alliance +OUI:580032* + ID_OUI_FROM_DATABASE=Genexis B.V. + OUI:5800BB* ID_OUI_FROM_DATABASE=Juniper Networks @@ -62351,6 +63353,9 @@ OUI:58108C* OUI:5810B7* ID_OUI_FROM_DATABASE=Infinix mobility limited +OUI:581122* + ID_OUI_FROM_DATABASE=ASUSTek COMPUTER INC. + OUI:581243* ID_OUI_FROM_DATABASE=AcSiP Technology Corp. @@ -62372,9 +63377,15 @@ OUI:5819F8* OUI:581CBD* ID_OUI_FROM_DATABASE=Affinegy +OUI:581CF8* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:581D91* ID_OUI_FROM_DATABASE=Advanced Mobile Telecom co.,ltd. +OUI:581DD8* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:581F28* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -62453,6 +63464,9 @@ OUI:58278C* OUI:582AF7* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:582B0A* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:582BDB* ID_OUI_FROM_DATABASE=Pax AB @@ -62615,6 +63629,9 @@ OUI:58528A* OUI:5853C0* ID_OUI_FROM_DATABASE=Beijing Guang Runtong Technology Development Company co.,Ltd +OUI:585595* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:5855CA* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -62693,6 +63710,9 @@ OUI:587521* OUI:587675* ID_OUI_FROM_DATABASE=Beijing ECHO Technologies Co.,Ltd +OUI:5876AC* + ID_OUI_FROM_DATABASE=SERNET (SUZHOU) TECHNOLOGIES CORPORATION + OUI:5876C5* ID_OUI_FROM_DATABASE=DIGI I'S LTD @@ -62750,6 +63770,9 @@ OUI:588694* OUI:58874C* ID_OUI_FROM_DATABASE=LITE-ON CLEAN ENERGY TECHNOLOGY CORP. +OUI:58879F* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:5887E2* ID_OUI_FROM_DATABASE=Shenzhen Coship Electronics Co., Ltd. @@ -62921,6 +63944,9 @@ OUI:58AEF1* OUI:58B035* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:58B03E* + ID_OUI_FROM_DATABASE=Nintendo Co.,Ltd + OUI:58B0D4* ID_OUI_FROM_DATABASE=ZuniData Systems Inc. @@ -62930,6 +63956,9 @@ OUI:58B0FE* OUI:58B10F* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:58B38F* + ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd + OUI:58B3FC* ID_OUI_FROM_DATABASE=SHENZHEN RF-LINK TECHNOLOGY CO.,LTD. @@ -62981,9 +64010,15 @@ OUI:58C17A* OUI:58C232* ID_OUI_FROM_DATABASE=NEC Corporation +OUI:58C356* + ID_OUI_FROM_DATABASE=EM Microelectronic + OUI:58C38B* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:58C57E* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:58C583* ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED @@ -63272,6 +64307,9 @@ OUI:5C0272* OUI:5C0339* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:5C045A* + ID_OUI_FROM_DATABASE=Company NA Stage & Light + OUI:5C076F* ID_OUI_FROM_DATABASE=Thought Creator @@ -63338,6 +64376,9 @@ OUI:5C18B5* OUI:5C1A6F* ID_OUI_FROM_DATABASE=Cambridge Industries(Group) Co.,Ltd. +OUI:5C1BF4* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:5C1CB9* ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. @@ -63359,6 +64400,9 @@ OUI:5C2443* OUI:5C2479* ID_OUI_FROM_DATABASE=Baltech AG +OUI:5C24E2* + ID_OUI_FROM_DATABASE=Suzhou Denbom Electronic S&T Co., Ltd + OUI:5C254C* ID_OUI_FROM_DATABASE=Avire Global Pte Ltd @@ -63488,6 +64532,9 @@ OUI:5C521E* OUI:5C5230* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:5C53C3* + ID_OUI_FROM_DATABASE=Ubee Interactive Co., Limited + OUI:5C546D* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -63533,6 +64580,9 @@ OUI:5C5EAB* OUI:5C5F67* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:5C60BA* + ID_OUI_FROM_DATABASE=HP Inc. + OUI:5C6199* ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. @@ -63722,6 +64772,9 @@ OUI:5C89D4* OUI:5C8A38* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:5C8C30* + ID_OUI_FROM_DATABASE=Taicang T&W Electronics + OUI:5C8D2D* ID_OUI_FROM_DATABASE=Shanghai Wellpay Information Technology Co., Ltd @@ -63800,6 +64853,9 @@ OUI:5CA48A* OUI:5CA4A4* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD +OUI:5CA4F4* + ID_OUI_FROM_DATABASE=zte corporation + OUI:5CA5BC* ID_OUI_FROM_DATABASE=eero inc. @@ -63905,6 +64961,9 @@ OUI:5CC307* OUI:5CC336* ID_OUI_FROM_DATABASE=ittim +OUI:5CC563* + ID_OUI_FROM_DATABASE=HUNAN FN-LINK TECHNOLOGY LIMITED + OUI:5CC5D4* ID_OUI_FROM_DATABASE=Intel Corporate @@ -63923,6 +64982,9 @@ OUI:5CC8E3* OUI:5CC999* ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd +OUI:5CC9C0* + ID_OUI_FROM_DATABASE=Renesas Electronics (Penang) Sdn. Bhd. + OUI:5CC9D3* ID_OUI_FROM_DATABASE=PALLADIUM ENERGY ELETRONICA DA AMAZONIA LTDA @@ -64061,6 +65123,9 @@ OUI:5CE8B7* OUI:5CE8EB* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:5CE91E* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:5CEA1D* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. @@ -64073,6 +65138,9 @@ OUI:5CEB68* OUI:5CED8C* ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise +OUI:5CEDF4* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:5CEE79* ID_OUI_FROM_DATABASE=Global Digitech Co LTD @@ -64172,6 +65240,9 @@ OUI:5CF9F0* OUI:5CF9FD* ID_OUI_FROM_DATABASE=Taicang T&W Electronics +OUI:5CFA25* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:5CFAFB* ID_OUI_FROM_DATABASE=Acubit @@ -64316,6 +65387,9 @@ OUI:601803* OUI:60182E* ID_OUI_FROM_DATABASE=ShenZhen Protruly Electronic Ltd co. +OUI:60183A* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:601888* ID_OUI_FROM_DATABASE=zte corporation @@ -64346,6 +65420,9 @@ OUI:601D9D* OUI:601E02* ID_OUI_FROM_DATABASE=EltexAlatau +OUI:601E98* + ID_OUI_FROM_DATABASE=Axevast Technology + OUI:602101* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD @@ -64529,6 +65606,9 @@ OUI:605718* OUI:60577D* ID_OUI_FROM_DATABASE=eero inc. +OUI:605B30* + ID_OUI_FROM_DATABASE=Dell Inc. + OUI:605BB4* ID_OUI_FROM_DATABASE=AzureWave Technology Inc. @@ -64628,6 +65708,9 @@ OUI:607771* OUI:6077E2* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:607D09* + ID_OUI_FROM_DATABASE=Luxshare Precision Industry Co., Ltd + OUI:607DDD* ID_OUI_FROM_DATABASE=Shenzhen Shichuangyi Electronics Co.,Ltd @@ -64724,6 +65807,9 @@ OUI:6092F5* OUI:609316* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:6095BD* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:6095CE0* ID_OUI_FROM_DATABASE=Siema Applications @@ -64907,6 +65993,9 @@ OUI:60BC4C* OUI:60BD91* ID_OUI_FROM_DATABASE=Move Innovation +OUI:60BEB4* + ID_OUI_FROM_DATABASE=S-Bluetech co., limited + OUI:60BEB5* ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company @@ -64961,6 +66050,9 @@ OUI:60CE86* OUI:60CE92* ID_OUI_FROM_DATABASE=The Refined Industry Company Limited +OUI:60CF69* + ID_OUI_FROM_DATABASE=meerecompany + OUI:60D02C* ID_OUI_FROM_DATABASE=Ruckus Wireless @@ -65111,6 +66203,9 @@ OUI:60E85B* OUI:60E956* ID_OUI_FROM_DATABASE=Ayla Networks, Inc +OUI:60E9AA* + ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + OUI:60EB5A* ID_OUI_FROM_DATABASE=Asterfusion Data Technologies Co.,Ltd @@ -65261,6 +66356,9 @@ OUI:640DE6* OUI:640E36* ID_OUI_FROM_DATABASE=TAZTAG +OUI:640E6A* + ID_OUI_FROM_DATABASE=SECO-LARM USA Inc + OUI:640E94* ID_OUI_FROM_DATABASE=Pluribus Networks, Inc. @@ -65273,6 +66371,9 @@ OUI:640F28* OUI:641084* ID_OUI_FROM_DATABASE=HEXIUM Technical Development Co., Ltd. +OUI:6411A4* + ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company + OUI:641225* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -65423,6 +66524,9 @@ OUI:643139E* OUI:643150* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:643172* + ID_OUI_FROM_DATABASE=ZHEJIANG HISING TECHNOLOGY CO.,LTD + OUI:64317E* ID_OUI_FROM_DATABASE=Dexin Corporation @@ -65513,6 +66617,9 @@ OUI:6444D5* OUI:6447E0* ID_OUI_FROM_DATABASE=Feitian Technologies Co., Ltd +OUI:64497D* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:644BC3* ID_OUI_FROM_DATABASE=Shanghai WOASiS Telecommunications Ltd., Co. @@ -65594,6 +66701,9 @@ OUI:645D92* OUI:645DD7* ID_OUI_FROM_DATABASE=Shenzhen Lifesense Medical Electronics Co., Ltd. +OUI:645DF4* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:645E10* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -65822,6 +66932,9 @@ OUI:649714* OUI:649829* ID_OUI_FROM_DATABASE=Integrated Device Technology (Malaysia) Sdn. Bhd. +OUI:64989E* + ID_OUI_FROM_DATABASE=TRINNOV AUDIO + OUI:64995D* ID_OUI_FROM_DATABASE=LGE @@ -65972,6 +67085,9 @@ OUI:64BE63* OUI:64BF6B* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:64C269* + ID_OUI_FROM_DATABASE=eero inc. + OUI:64C2DE* ID_OUI_FROM_DATABASE=LG Electronics (Mobile Communications) @@ -65987,6 +67103,9 @@ OUI:64C3D6* OUI:64C403* ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd. +OUI:64C582* + ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. + OUI:64C5AA* ID_OUI_FROM_DATABASE=South African Broadcasting Corporation @@ -66263,6 +67382,9 @@ OUI:64FB92* OUI:64FC8C* ID_OUI_FROM_DATABASE=Zonar Systems +OUI:64FD96* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:64FF0A* ID_OUI_FROM_DATABASE=Wistron Neweb Corporation @@ -66317,6 +67439,9 @@ OUI:681605* OUI:681729* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:6818D9* + ID_OUI_FROM_DATABASE=Hill AFB - CAPRE Group + OUI:68193F* ID_OUI_FROM_DATABASE=Digital Airways @@ -66479,6 +67604,9 @@ OUI:684B88* OUI:684CA8* ID_OUI_FROM_DATABASE=Shenzhen Herotel Tech. Co., Ltd. +OUI:684E05* + ID_OUI_FROM_DATABASE=HUNAN FN-LINK TECHNOLOGY LIMITED + OUI:684F64* ID_OUI_FROM_DATABASE=Dell Inc. @@ -66494,6 +67622,9 @@ OUI:68536C* OUI:685388* ID_OUI_FROM_DATABASE=P&S Technology +OUI:68539D* + ID_OUI_FROM_DATABASE=EM Microelectronic + OUI:68545A* ID_OUI_FROM_DATABASE=Intel Corporate @@ -66533,6 +67664,9 @@ OUI:685B36* OUI:685D43* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:685E1C* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:685E6B* ID_OUI_FROM_DATABASE=PowerRay Co., Ltd. @@ -66545,6 +67679,9 @@ OUI:686359* OUI:68644B* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:6865B7* + ID_OUI_FROM_DATABASE=Zhishang Chuanglian Technology Co., Ltd + OUI:686725* ID_OUI_FROM_DATABASE=Espressif Inc. @@ -66644,6 +67781,9 @@ OUI:687924* OUI:6879ED* ID_OUI_FROM_DATABASE=SHARP Corporation +OUI:687A64* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:687CC8* ID_OUI_FROM_DATABASE=Measurement Systems S. de R.L. @@ -66659,6 +67799,9 @@ OUI:687DB4* OUI:687F74* ID_OUI_FROM_DATABASE=Cisco-Linksys, LLC +OUI:687FF0* + ID_OUI_FROM_DATABASE=TP-Link Corporation Limited + OUI:6881E0* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -66848,6 +67991,9 @@ OUI:68A47D* OUI:68A682* ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd +OUI:68A7B4* + ID_OUI_FROM_DATABASE=Honor Device Co., Ltd. + OUI:68A828* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -66896,6 +68042,12 @@ OUI:68B43A* OUI:68B599* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:68B691* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + +OUI:68B6B3* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:68B6FC* ID_OUI_FROM_DATABASE=Hitron Technologies. Inc @@ -66905,6 +68057,9 @@ OUI:68B8D9* OUI:68B983* ID_OUI_FROM_DATABASE=b-plus GmbH +OUI:68B9C2* + ID_OUI_FROM_DATABASE=Earda Technologies co Ltd + OUI:68B9D3* ID_OUI_FROM_DATABASE=Shenzhen Trolink Technology CO, LTD @@ -66974,6 +68129,9 @@ OUI:68D79A* OUI:68D925* ID_OUI_FROM_DATABASE=ProSys Development Services +OUI:68D927* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:68D93C* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -67004,6 +68162,9 @@ OUI:68DDD9* OUI:68DFDD* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd +OUI:68E154* + ID_OUI_FROM_DATABASE=SiMa.ai + OUI:68E166* ID_OUI_FROM_DATABASE=Private @@ -67016,6 +68177,9 @@ OUI:68E41F* OUI:68E478* ID_OUI_FROM_DATABASE=Qingdao Haier Technology Co.,Ltd +OUI:68E74A* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:68E7C2* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -67032,7 +68196,7 @@ OUI:68EC62* ID_OUI_FROM_DATABASE=YODO Technology Corp. Ltd. OUI:68EC8A* - ID_OUI_FROM_DATABASE=Private + ID_OUI_FROM_DATABASE=IKEA of Sweden AB OUI:68ECC5* ID_OUI_FROM_DATABASE=Intel Corporate @@ -67043,6 +68207,9 @@ OUI:68ED43* OUI:68EDA4* ID_OUI_FROM_DATABASE=Shenzhen Seavo Technology Co.,Ltd +OUI:68EE88* + ID_OUI_FROM_DATABASE=Shenzhen TINNO Mobile Technology Corp. + OUI:68EE96* ID_OUI_FROM_DATABASE=Cisco SPVTG @@ -67121,6 +68288,9 @@ OUI:6C05D5* OUI:6C06D6* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:6C0831* + ID_OUI_FROM_DATABASE=ANALOG SYSTEMS + OUI:6C090A* ID_OUI_FROM_DATABASE=GEMATICA SRL @@ -67151,6 +68321,9 @@ OUI:6C0EE6* OUI:6C0F0B* ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. +OUI:6C0F61* + ID_OUI_FROM_DATABASE=Hypervolt Ltd + OUI:6C0F6A* ID_OUI_FROM_DATABASE=JDC Tech Co., Ltd. @@ -67172,6 +68345,51 @@ OUI:6C146E* OUI:6C14F7* ID_OUI_FROM_DATABASE=Erhardt+Leimer GmbH +OUI:6C15240* + ID_OUI_FROM_DATABASE=DEFA AS + +OUI:6C15241* + ID_OUI_FROM_DATABASE=Telsonic AG + +OUI:6C15242* + ID_OUI_FROM_DATABASE=Linkplay + +OUI:6C15243* + ID_OUI_FROM_DATABASE=Forcite Helmet Systems Pty Ltd + +OUI:6C15244* + ID_OUI_FROM_DATABASE=Magicyo Technology CO., LTD. + +OUI:6C15245* + ID_OUI_FROM_DATABASE=Shenzhen Electron Technology Co., LTD. + +OUI:6C15246* + ID_OUI_FROM_DATABASE=Kunshan Abram Software Technology Co.,Ltd. + +OUI:6C15247* + ID_OUI_FROM_DATABASE=Motium Pty Ltd + +OUI:6C15248* + ID_OUI_FROM_DATABASE=ShenZhen Chainway Information Technology Co., Ltd. + +OUI:6C15249* + ID_OUI_FROM_DATABASE=D-HOME SMAART + +OUI:6C1524A* + ID_OUI_FROM_DATABASE=STERIS + +OUI:6C1524B* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:6C1524C* + ID_OUI_FROM_DATABASE=CORAL-TAIYI + +OUI:6C1524D* + ID_OUI_FROM_DATABASE=SYMLINK CORPORATION + +OUI:6C1524E* + ID_OUI_FROM_DATABASE=AEC s.r.l. + OUI:6C15F9* ID_OUI_FROM_DATABASE=Nautronix Limited @@ -67226,6 +68444,9 @@ OUI:6C23B9* OUI:6C23CB* ID_OUI_FROM_DATABASE=Wattty Corporation +OUI:6C2408* + ID_OUI_FROM_DATABASE=LCFC(Hefei) Electronics Technology Co., Ltd + OUI:6C2483* ID_OUI_FROM_DATABASE=Microsoft Mobile Oy @@ -67277,6 +68498,9 @@ OUI:6C2F2C* OUI:6C2F8A* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:6C302A* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:6C310E* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -67490,6 +68714,9 @@ OUI:6C5E7A* OUI:6C5F1C* ID_OUI_FROM_DATABASE=Lenovo Mobile Communication Technology Ltd. +OUI:6C60D0* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:6C60EB* ID_OUI_FROM_DATABASE=ZHI YUAN ELECTRONICS CO., LIMITED @@ -67508,6 +68735,9 @@ OUI:6C639C* OUI:6C641A* ID_OUI_FROM_DATABASE=Penguin Computing +OUI:6C67EF* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:6C6A77* ID_OUI_FROM_DATABASE=Intel Corporate @@ -67547,6 +68777,9 @@ OUI:6C71D9* OUI:6C7220* ID_OUI_FROM_DATABASE=D-Link International +OUI:6C724A* + ID_OUI_FROM_DATABASE=Onkyo Technology K.K. + OUI:6C72E7* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -67610,6 +68843,51 @@ OUI:6C9106* OUI:6C92BF* ID_OUI_FROM_DATABASE=Inspur Electronic Information Industry Co.,Ltd. +OUI:6C93080* + ID_OUI_FROM_DATABASE=Braums + +OUI:6C93081* + ID_OUI_FROM_DATABASE=WATERFORD CONSULTANTS LLC + +OUI:6C93082* + ID_OUI_FROM_DATABASE=ZHEJIANG XIAN DA Environmental Technology Co., Ltd + +OUI:6C93083* + ID_OUI_FROM_DATABASE=LightnTec GmbH + +OUI:6C93084* + ID_OUI_FROM_DATABASE=Estelar s.r.o + +OUI:6C93085* + ID_OUI_FROM_DATABASE=Shenzhen C & D Electronics Co., Ltd. + +OUI:6C93086* + ID_OUI_FROM_DATABASE=Uconfree technology(shenzhen)limited + +OUI:6C93087* + ID_OUI_FROM_DATABASE=Liberty AV Solutions + +OUI:6C93088* + ID_OUI_FROM_DATABASE=Hangzhou Risco System Co.,Ltd + +OUI:6C93089* + ID_OUI_FROM_DATABASE=Shenzhen DOOGEE Hengtong Technology CO., LTD + +OUI:6C9308A* + ID_OUI_FROM_DATABASE=Shenzhen TOPWAY Technology Co.,LTD + +OUI:6C9308B* + ID_OUI_FROM_DATABASE=Shenzhen EZpro Sound & Light Technology Co., Ltd. + +OUI:6C9308C* + ID_OUI_FROM_DATABASE=Shenzhen haichangxing Technology Co., Ltd. + +OUI:6C9308D* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:6C9308E* + ID_OUI_FROM_DATABASE=ANDDORO LLC + OUI:6C9354* ID_OUI_FROM_DATABASE=Yaojin Technology (Shenzhen) Co., LTD. @@ -67628,6 +68906,9 @@ OUI:6C9522* OUI:6C96CF* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:6C976D* + ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company + OUI:6C98EB* ID_OUI_FROM_DATABASE=Riverbed Technology, Inc. @@ -67637,6 +68918,9 @@ OUI:6C9961* OUI:6C9989* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:6C999D* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:6C9AC9* ID_OUI_FROM_DATABASE=Valentine Research, Inc. @@ -67656,11 +68940,14 @@ OUI:6C9E7C* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD OUI:6CA0B4* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:6CA100* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:6CA401* + ID_OUI_FROM_DATABASE=essensys plc + OUI:6CA4D1* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD @@ -67727,6 +69014,9 @@ OUI:6CADF8* OUI:6CAE8B* ID_OUI_FROM_DATABASE=IBM Corporation +OUI:6CAEE3* + ID_OUI_FROM_DATABASE=Nokia + OUI:6CAEF6* ID_OUI_FROM_DATABASE=eero inc. @@ -67739,12 +69029,18 @@ OUI:6CB0CE* OUI:6CB0FD* ID_OUI_FROM_DATABASE=Shenzhen Xinghai Iot Technology Co.,Ltd +OUI:6CB158* + ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. + OUI:6CB227* ID_OUI_FROM_DATABASE=Sony Video & Sound Products Inc. OUI:6CB2AE* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:6CB2FD* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:6CB311* ID_OUI_FROM_DATABASE=Shenzhen Lianrui Electronics Co.,Ltd @@ -67793,6 +69089,9 @@ OUI:6CC1D2* OUI:6CC217* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:6CC242* + ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd + OUI:6CC26B* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -68154,7 +69453,7 @@ OUI:701F53* ID_OUI_FROM_DATABASE=Cisco Systems, Inc OUI:702084* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:702393* ID_OUI_FROM_DATABASE=fos4X GmbH @@ -68222,6 +69521,9 @@ OUI:70305D* OUI:70305E* ID_OUI_FROM_DATABASE=Nanjing Zhongke Menglian Information Technology Co.,LTD +OUI:70317F* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:703187* ID_OUI_FROM_DATABASE=ACX GmbH @@ -68343,7 +69645,52 @@ OUI:704FB8* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. OUI:7050AF* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED + +OUI:7050E70* + ID_OUI_FROM_DATABASE=Shenzhen C & D Electronics Co., Ltd. + +OUI:7050E71* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:7050E72* + ID_OUI_FROM_DATABASE=Electronic's Time SRL + +OUI:7050E73* + ID_OUI_FROM_DATABASE=Skychers Creations ShenZhen Limited + +OUI:7050E74* + ID_OUI_FROM_DATABASE=Quantumdoor Technologies, Inc. + +OUI:7050E75* + ID_OUI_FROM_DATABASE=Wall Box Chargers, S.L. + +OUI:7050E76* + ID_OUI_FROM_DATABASE=Nippon Pulse America, Inc. + +OUI:7050E77* + ID_OUI_FROM_DATABASE=Yoctopuce + +OUI:7050E78* + ID_OUI_FROM_DATABASE=Shenzhen Dangs Science and Technology CO.,Ltd. + +OUI:7050E79* + ID_OUI_FROM_DATABASE=Elastics.cloud + +OUI:7050E7A* + ID_OUI_FROM_DATABASE=Guangzhou Tianhe High Tech Industrial Development Zone Zhongsheng Electrical Limited Company + +OUI:7050E7B* + ID_OUI_FROM_DATABASE=Beijing Shannoncyber Technology Co.,Ltd + +OUI:7050E7C* + ID_OUI_FROM_DATABASE=shenzhen newbridge communication equipment CO.,LTD + +OUI:7050E7D* + ID_OUI_FROM_DATABASE=Eta Compute Inc. + +OUI:7050E7E* + ID_OUI_FROM_DATABASE=KFBIO (KONFOONG BIOINFORMATION TECH CO.,LTD) OUI:7052C5* ID_OUI_FROM_DATABASE=Avaya Inc @@ -68447,6 +69794,9 @@ OUI:7065A3* OUI:70661B* ID_OUI_FROM_DATABASE=Sonova AG +OUI:70662A* + ID_OUI_FROM_DATABASE=Sony Interactive Entertainment Inc. + OUI:706655* ID_OUI_FROM_DATABASE=AzureWave Technology Inc. @@ -68531,6 +69881,9 @@ OUI:70708B* OUI:7070AA* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. +OUI:7070FC* + ID_OUI_FROM_DATABASE=GOLD&WATER INDUSTRIAL LIMITED + OUI:7071B3* ID_OUI_FROM_DATABASE=Brain Corporation @@ -68618,6 +69971,9 @@ OUI:708540* OUI:7085C2* ID_OUI_FROM_DATABASE=ASRock Incorporation +OUI:7085C4* + ID_OUI_FROM_DATABASE=Ruijie Networks Co.,LTD + OUI:7085C6* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -68765,6 +70121,9 @@ OUI:70A56A* OUI:70A66A* ID_OUI_FROM_DATABASE=Prox Dynamics AS +OUI:70A6BD* + ID_OUI_FROM_DATABASE=Honor Device Co., Ltd. + OUI:70A6CC* ID_OUI_FROM_DATABASE=Intel Corporate @@ -68780,9 +70139,15 @@ OUI:70A8D3* OUI:70A8E3* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:70A983* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:70AAB2* ID_OUI_FROM_DATABASE=BlackBerry RTS +OUI:70AC08* + ID_OUI_FROM_DATABASE=Silicon Laboratories + OUI:70ACD7* ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd @@ -74310,7 +75675,7 @@ OUI:70B3D572E* ID_OUI_FROM_DATABASE=Maharsystem OUI:70B3D572F* - ID_OUI_FROM_DATABASE=AVA Technologies Inc. + ID_OUI_FROM_DATABASE=Ava Technologies OUI:70B3D5730* ID_OUI_FROM_DATABASE=Videogenix @@ -79665,7 +81030,7 @@ OUI:70B3D5E2E* ID_OUI_FROM_DATABASE=Merz s.r.o. OUI:70B3D5E2F* - ID_OUI_FROM_DATABASE=Flextronics International Kft. + ID_OUI_FROM_DATABASE=Flextronics International Kft OUI:70B3D5E30* ID_OUI_FROM_DATABASE=QUISS AG @@ -79875,7 +81240,7 @@ OUI:70B3D5E74* ID_OUI_FROM_DATABASE=Exfrontier Co., Ltd. OUI:70B3D5E75* - ID_OUI_FROM_DATABASE=Nke + ID_OUI_FROM_DATABASE=Watteco OUI:70B3D5E76* ID_OUI_FROM_DATABASE=Dorsett Technologies Inc @@ -81161,6 +82526,9 @@ OUI:70D5E7* OUI:70D6B6* ID_OUI_FROM_DATABASE=Metrum Technologies +OUI:70D823* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:70D880* ID_OUI_FROM_DATABASE=Upos System sp. z o.o. @@ -81365,6 +82733,9 @@ OUI:74042B* OUI:7404F0* ID_OUI_FROM_DATABASE=Mobiwire Mobiles (NingBo) Co., LTD +OUI:7404F1* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:7405A5* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -81392,6 +82763,9 @@ OUI:7412B3* OUI:7412BB* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD +OUI:7413EA* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:741489* ID_OUI_FROM_DATABASE=SRT Wireless @@ -81575,6 +82949,9 @@ OUI:7433A6* OUI:743400* ID_OUI_FROM_DATABASE=MTG Co., Ltd. +OUI:74342B* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:7434AE* ID_OUI_FROM_DATABASE=this is engineering Inc. @@ -81587,6 +82964,9 @@ OUI:74372F* OUI:74373B* ID_OUI_FROM_DATABASE=UNINET Co.,Ltd. +OUI:74375F* + ID_OUI_FROM_DATABASE=SERCOMM PHILIPPINES INC + OUI:743889* ID_OUI_FROM_DATABASE=ANNAX Anzeigesysteme GmbH @@ -81602,6 +82982,9 @@ OUI:743A65* OUI:743AEF* ID_OUI_FROM_DATABASE=Kaonmedia CO., LTD. +OUI:743AF4* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:743C18* ID_OUI_FROM_DATABASE=Taicang T&W Electronics @@ -81641,6 +83024,9 @@ OUI:744687* OUI:7446A0* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:7446B3* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:744AA4* ID_OUI_FROM_DATABASE=zte corporation @@ -81677,6 +83063,9 @@ OUI:74547D* OUI:745612* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. +OUI:74563C* + ID_OUI_FROM_DATABASE=GIGA-BYTE TECHNOLOGY CO.,LTD. + OUI:745798* ID_OUI_FROM_DATABASE=TRUMPF Laser GmbH + Co. KG @@ -81764,6 +83153,9 @@ OUI:745F90* OUI:745FAE* ID_OUI_FROM_DATABASE=TSL PPL +OUI:74604C* + ID_OUI_FROM_DATABASE=RØDE + OUI:7460FA* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -81788,6 +83180,9 @@ OUI:746630* OUI:7467F7* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. +OUI:74694A* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:746A3A* ID_OUI_FROM_DATABASE=Aperi Corporation @@ -81812,6 +83207,9 @@ OUI:746F19* OUI:746F3D* ID_OUI_FROM_DATABASE=Contec GmbH +OUI:746F88* + ID_OUI_FROM_DATABASE=zte corporation + OUI:746FF7* ID_OUI_FROM_DATABASE=Wistron Neweb Corporation @@ -81821,6 +83219,9 @@ OUI:747069* OUI:7470FD* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:74718B* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:74721E* ID_OUI_FROM_DATABASE=Edison Labs Inc. @@ -81845,6 +83246,9 @@ OUI:747548* OUI:74765B* ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd. +OUI:74767D* + ID_OUI_FROM_DATABASE=shenzhen kexint technology co.,ltd + OUI:747818* ID_OUI_FROM_DATABASE=Jurumani Solutions @@ -81881,6 +83285,9 @@ OUI:7483C2* OUI:7483EF* ID_OUI_FROM_DATABASE=Arista Networks +OUI:748469* + ID_OUI_FROM_DATABASE=Nintendo Co.,Ltd + OUI:7484E1* ID_OUI_FROM_DATABASE=Dongguan Haoyuan Electronics Co.,Ltd @@ -81974,6 +83381,9 @@ OUI:7495EC* OUI:749637* ID_OUI_FROM_DATABASE=Todaair Electronic Co., Ltd +OUI:749779* + ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + OUI:749781* ID_OUI_FROM_DATABASE=zte corporation @@ -82073,6 +83483,9 @@ OUI:74B587* OUI:74B6B6* ID_OUI_FROM_DATABASE=eero inc. +OUI:74B725* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:74B7B3* ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd @@ -82163,6 +83576,9 @@ OUI:74D285* OUI:74D435* ID_OUI_FROM_DATABASE=GIGA-BYTE TECHNOLOGY CO.,LTD. +OUI:74D4DD* + ID_OUI_FROM_DATABASE=Quanta Computer Inc. + OUI:74D637* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -82187,6 +83603,9 @@ OUI:74D83E* OUI:74D850* ID_OUI_FROM_DATABASE=Evrisko Systems +OUI:74D9EB* + ID_OUI_FROM_DATABASE=Petabit Scale, Inc. + OUI:74DA38* ID_OUI_FROM_DATABASE=Edimax Technology Co. Ltd. @@ -82202,6 +83621,9 @@ OUI:74DAEA* OUI:74DBD1* ID_OUI_FROM_DATABASE=Ebay Inc +OUI:74DDCB* + ID_OUI_FROM_DATABASE=China Leadshine Technology Co.,Ltd + OUI:74DE2B* ID_OUI_FROM_DATABASE=Liteon Technology Corporation @@ -82307,6 +83729,9 @@ OUI:74E6B8* OUI:74E6E2* ID_OUI_FROM_DATABASE=Dell Inc. +OUI:74E798* + ID_OUI_FROM_DATABASE=Juniper Networks + OUI:74E7C6* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -82463,6 +83888,9 @@ OUI:7802B7* OUI:7802F8* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd +OUI:78034F* + ID_OUI_FROM_DATABASE=Nokia + OUI:780473* ID_OUI_FROM_DATABASE=Texas Instruments @@ -82565,6 +83993,9 @@ OUI:781305E* OUI:7813E0* ID_OUI_FROM_DATABASE=FUJIAN STAR-NET COMMUNICATION CO.,LTD +OUI:78152D* + ID_OUI_FROM_DATABASE=UNION CHIP TECHNOLOGY LIMITED + OUI:781735* ID_OUI_FROM_DATABASE=Nokia Shanghai Bell Co., Ltd. @@ -82607,6 +84038,9 @@ OUI:782079* OUI:7820A5* ID_OUI_FROM_DATABASE=Nintendo Co.,Ltd +OUI:7820BD* + ID_OUI_FROM_DATABASE=Polysense (Beijing) Technologies Co. Ltd + OUI:782184* ID_OUI_FROM_DATABASE=Espressif Inc. @@ -82682,6 +84116,9 @@ OUI:78321B* OUI:78324F* ID_OUI_FROM_DATABASE=Millennium Group, Inc. +OUI:783486* + ID_OUI_FROM_DATABASE=Nokia + OUI:7835A0* ID_OUI_FROM_DATABASE=Zurn Industries LLC @@ -82710,7 +84147,7 @@ OUI:783D5B* ID_OUI_FROM_DATABASE=TELNET Redes Inteligentes S.A. OUI:783E53* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:783F15* ID_OUI_FROM_DATABASE=EasySYNC Ltd. @@ -82835,6 +84272,9 @@ OUI:78595E* OUI:785968* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:785B64* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:785C28* ID_OUI_FROM_DATABASE=Prime Motion Inc. @@ -82919,6 +84359,9 @@ OUI:78653B* OUI:786559* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:78669D* + ID_OUI_FROM_DATABASE=Hui Zhou Gaoshengda Technology Co.,LTD + OUI:7866AE* ID_OUI_FROM_DATABASE=ZTEC Instruments, Inc. @@ -82952,6 +84395,9 @@ OUI:786DEB* OUI:787052* ID_OUI_FROM_DATABASE=Welotec GmbH +OUI:787104* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:78719C* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -83090,6 +84536,9 @@ OUI:788E33* OUI:7890A2* ID_OUI_FROM_DATABASE=zte corporation +OUI:7891DE* + ID_OUI_FROM_DATABASE=Guangdong ACIGA Science&Technology Co.,Ltd + OUI:7891E9* ID_OUI_FROM_DATABASE=Raisecom Technology CO.,LTD @@ -83222,6 +84671,9 @@ OUI:78ACC0* OUI:78AE0C* ID_OUI_FROM_DATABASE=Far South Networks +OUI:78AF08* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:78AF58* ID_OUI_FROM_DATABASE=GIMASI SA @@ -83288,6 +84740,9 @@ OUI:78BEBD* OUI:78C1A7* ID_OUI_FROM_DATABASE=zte corporation +OUI:78C213* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:78C2C00* ID_OUI_FROM_DATABASE=Shenzhen ELI Technology co.,ltd @@ -83469,7 +84924,7 @@ OUI:78D4F10* ID_OUI_FROM_DATABASE=Burisch Elektronik Bauteile GmbH OUI:78D4F11* - ID_OUI_FROM_DATABASE=Cartender + ID_OUI_FROM_DATABASE=Silla Industries OUI:78D4F12* ID_OUI_FROM_DATABASE=Lyngsoe Systems @@ -83789,6 +85244,9 @@ OUI:7C0A50* OUI:7C0BC6* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:7C0C92* + ID_OUI_FROM_DATABASE=Suzhou Mobydata Smart System Co.,Ltd. + OUI:7C0CF6* ID_OUI_FROM_DATABASE=Guangdong Huiwei High-tech Co., Ltd. @@ -84057,7 +85515,7 @@ OUI:7C4C58* ID_OUI_FROM_DATABASE=Scale Computing, Inc. OUI:7C4CA5* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:7C4E09* ID_OUI_FROM_DATABASE=Shenzhen Skyworth Wireless Technology Co.,Ltd @@ -84119,6 +85577,9 @@ OUI:7C6166* OUI:7C6193* ID_OUI_FROM_DATABASE=HTC Corporation +OUI:7C6305* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:7C6456* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -84131,12 +85592,18 @@ OUI:7C66EF* OUI:7C67A2* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:7C67AB* + ID_OUI_FROM_DATABASE=Roku, Inc + OUI:7C696B* ID_OUI_FROM_DATABASE=Atmosic Technologies OUI:7C69F6* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:7C6A60* + ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. + OUI:7C6AB3* ID_OUI_FROM_DATABASE=IBC TECHNOLOGIES INC. @@ -84216,7 +85683,7 @@ OUI:7C70BC9* ID_OUI_FROM_DATABASE=dogtra OUI:7C70BCA* - ID_OUI_FROM_DATABASE=Ametek VIS + ID_OUI_FROM_DATABASE=Motec GmbH OUI:7C70BCB* ID_OUI_FROM_DATABASE=Tohan Engineering Corporation @@ -84803,12 +86270,18 @@ OUI:7CDD90* OUI:7CDDE9* ID_OUI_FROM_DATABASE=ATOM tech Inc. +OUI:7CDE78* + ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd + OUI:7CDFA1* ID_OUI_FROM_DATABASE=Espressif Inc. OUI:7CE044* ID_OUI_FROM_DATABASE=NEON Inc +OUI:7CE152* + ID_OUI_FROM_DATABASE=THE GOODYEAR TIRE & RUBBER COMPANY + OUI:7CE1FF* ID_OUI_FROM_DATABASE=Computer Performance, Inc. DBA Digital Loggers, Inc. @@ -84845,12 +86318,18 @@ OUI:7CEC79* OUI:7CEC9B* ID_OUI_FROM_DATABASE=Fuzhou Teraway Information Technology Co.,Ltd +OUI:7CECB1* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:7CED8D* ID_OUI_FROM_DATABASE=Microsoft OUI:7CEF18* ID_OUI_FROM_DATABASE=Creative Product Design Pty. Ltd. +OUI:7CEF40* + ID_OUI_FROM_DATABASE=Nextorage Corporation + OUI:7CEF61* ID_OUI_FROM_DATABASE=STR Elektronik Josef Schlechtinger GmbH @@ -84947,6 +86426,51 @@ OUI:80029C* OUI:8002DF* ID_OUI_FROM_DATABASE=ORA Inc. +OUI:8002F40* + ID_OUI_FROM_DATABASE=BK Networks Co,. Ltd. + +OUI:8002F41* + ID_OUI_FROM_DATABASE=Sichuan lookout environment protection technology co.,Ltd + +OUI:8002F42* + ID_OUI_FROM_DATABASE=Beijing Cybercore + +OUI:8002F43* + ID_OUI_FROM_DATABASE=Shenzhen Suanzi Technology Co., Ltd + +OUI:8002F44* + ID_OUI_FROM_DATABASE=Infors AG + +OUI:8002F45* + ID_OUI_FROM_DATABASE=Sichuan Fanyi Technology Co. Ltd. + +OUI:8002F46* + ID_OUI_FROM_DATABASE=Mech-Mind Robotics Technologies Ltd. + +OUI:8002F47* + ID_OUI_FROM_DATABASE=Lazer Safe Pty Ltd + +OUI:8002F48* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:8002F49* + ID_OUI_FROM_DATABASE=XUNDI(XIAMEN) ELECTRONIC TECHNOLOGY CO.,LTD. + +OUI:8002F4A* + ID_OUI_FROM_DATABASE=PassiveLogic + +OUI:8002F4B* + ID_OUI_FROM_DATABASE=Baicells Technologies Co., Ltd + +OUI:8002F4C* + ID_OUI_FROM_DATABASE=Wuhan Glory Road Intelligent Technology Co., Ltd. + +OUI:8002F4D* + ID_OUI_FROM_DATABASE=Jiangsu Vedkang Medicl Sclence and Technology Co.,Ltd + +OUI:8002F4E* + ID_OUI_FROM_DATABASE=Alfred Systems Inc + OUI:800384* ID_OUI_FROM_DATABASE=Ruckus Wireless @@ -85046,6 +86570,9 @@ OUI:801934* OUI:801967* ID_OUI_FROM_DATABASE=Shanghai Reallytek Information Technology Co.,Ltd +OUI:801970* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:8019FE* ID_OUI_FROM_DATABASE=JianLing Technology CO., LTD @@ -85172,6 +86699,9 @@ OUI:803B9A* OUI:803BF6* ID_OUI_FROM_DATABASE=LOOK EASY INTERNATIONAL LIMITED +OUI:803C20* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:803E48* ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT @@ -85238,6 +86768,9 @@ OUI:8050F6* OUI:80546A* ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT +OUI:80549C* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:8054D9* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -85259,6 +86792,9 @@ OUI:8059FD* OUI:805A04* ID_OUI_FROM_DATABASE=LG Electronics (Mobile Communications) +OUI:805B65* + ID_OUI_FROM_DATABASE=LG Innotek + OUI:805E0C* ID_OUI_FROM_DATABASE=YEALINK(XIAMEN) NETWORK TECHNOLOGY CO.,LTD. @@ -85274,6 +86810,9 @@ OUI:805FC5* OUI:806007* ID_OUI_FROM_DATABASE=RIM +OUI:806036* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:8060B7* ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. @@ -85304,6 +86843,9 @@ OUI:8065E9* OUI:806629* ID_OUI_FROM_DATABASE=Prescope Technologies CO.,LTD. +OUI:80691A* + ID_OUI_FROM_DATABASE=Belkin International Inc. + OUI:806933* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -85347,7 +86889,7 @@ OUI:80717A* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD OUI:807215* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:807264* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -85362,7 +86904,7 @@ OUI:807484* ID_OUI_FROM_DATABASE=ALL Winner (Hong Kong) Limited OUI:80751F* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:807693* ID_OUI_FROM_DATABASE=Newag SA @@ -85428,7 +86970,7 @@ OUI:807B85B* ID_OUI_FROM_DATABASE=Oliotalo Oy OUI:807B85C* - ID_OUI_FROM_DATABASE=Ningbo Plus and Popscreens electronic Technology Co.,LTD + ID_OUI_FROM_DATABASE=SCALA Digital Technology(Ningbo) CO, LTD OUI:807B85D* ID_OUI_FROM_DATABASE=Kaynes Technology India Pvt Ltd @@ -85535,6 +87077,9 @@ OUI:8096CA* OUI:80971B* ID_OUI_FROM_DATABASE=Altenergy Power System,Inc. +OUI:809733* + ID_OUI_FROM_DATABASE=Shenzhen Elebao Technology Co., Ltd + OUI:809B20* ID_OUI_FROM_DATABASE=Intel Corporate @@ -85644,7 +87189,7 @@ OUI:80C16E* ID_OUI_FROM_DATABASE=Hewlett Packard OUI:80C3BA* - ID_OUI_FROM_DATABASE=Sennheiser electronic GmbH & Co. KG + ID_OUI_FROM_DATABASE=Sennheiser Consumer Audio GmbH OUI:80C501* ID_OUI_FROM_DATABASE=OctoGate IT Security Systems GmbH @@ -85751,6 +87296,9 @@ OUI:80DA13* OUI:80DABC* ID_OUI_FROM_DATABASE=Megafone Limited +OUI:80DAC2* + ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. + OUI:80DB31* ID_OUI_FROM_DATABASE=Power Quotient International Co., Ltd. @@ -85919,6 +87467,9 @@ OUI:840B2D* OUI:840B7C* ID_OUI_FROM_DATABASE=Hitron Technologies. Inc +OUI:840BBB* + ID_OUI_FROM_DATABASE=MitraStar Technology Corp. + OUI:840D8E* ID_OUI_FROM_DATABASE=Espressif Inc. @@ -86300,6 +87851,9 @@ OUI:8468C8* OUI:846991* ID_OUI_FROM_DATABASE=Nokia +OUI:846993* + ID_OUI_FROM_DATABASE=HP Inc. + OUI:846A66* ID_OUI_FROM_DATABASE=Sumitomo Kizai Co.,Ltd. @@ -86315,6 +87869,9 @@ OUI:846EB1* OUI:846FCE* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +OUI:8470D7* + ID_OUI_FROM_DATABASE=eero inc. + OUI:847127* ID_OUI_FROM_DATABASE=Silicon Laboratories @@ -86408,6 +87965,9 @@ OUI:848506* OUI:84850A* ID_OUI_FROM_DATABASE=Hella Sonnen- und Wetterschutztechnik GmbH +OUI:848553* + ID_OUI_FROM_DATABASE=Biznes Systema Telecom, LLC + OUI:8485E6* ID_OUI_FROM_DATABASE=Guangdong Asano Technology CO.,Ltd. @@ -86540,6 +88100,9 @@ OUI:84930C* OUI:8493A0* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:8493B2* + ID_OUI_FROM_DATABASE=zte corporation + OUI:84948C* ID_OUI_FROM_DATABASE=Hitron Technologies. Inc @@ -86711,6 +88274,9 @@ OUI:84C3E8* OUI:84C5A6* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:84C692* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:84C727* ID_OUI_FROM_DATABASE=Gnodal Ltd @@ -86918,6 +88484,9 @@ OUI:84F129* OUI:84F147* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:84F1D0* + ID_OUI_FROM_DATABASE=EHOOME IOT PRIVATE LIMITED + OUI:84F3EB* ID_OUI_FROM_DATABASE=Espressif Inc. @@ -86960,6 +88529,12 @@ OUI:880118* OUI:8801F2* ID_OUI_FROM_DATABASE=Vitec System Engineering Inc. +OUI:8801F9* + ID_OUI_FROM_DATABASE=Texas Instruments + +OUI:88034C* + ID_OUI_FROM_DATABASE=WEIFANG GOERTEK ELECTRONICS CO.,LTD + OUI:880355* ID_OUI_FROM_DATABASE=Arcadyan Technology Corporation @@ -86978,6 +88553,9 @@ OUI:880907* OUI:8809AF* ID_OUI_FROM_DATABASE=Masimo Corporation +OUI:880AA3* + ID_OUI_FROM_DATABASE=Juniper Networks + OUI:880F10* ID_OUI_FROM_DATABASE=Huami Information Technology Co.,Ltd. @@ -86999,6 +88577,9 @@ OUI:88123D* OUI:88124E* ID_OUI_FROM_DATABASE=Qualcomm Inc. +OUI:8812AC* + ID_OUI_FROM_DATABASE=HUNAN FN-LINK TECHNOLOGY LIMITED + OUI:88142B* ID_OUI_FROM_DATABASE=Protonic Holland @@ -87035,6 +88616,9 @@ OUI:882012* OUI:8821E3* ID_OUI_FROM_DATABASE=Nebusens, S.L. +OUI:8822B2* + ID_OUI_FROM_DATABASE=Chipsea Technologies (Shenzhen) Corp. + OUI:88231F* ID_OUI_FROM_DATABASE=Fibocom Wireless Inc. @@ -87128,6 +88712,9 @@ OUI:883C1C* OUI:883D24* ID_OUI_FROM_DATABASE=Google, Inc. +OUI:883F0C* + ID_OUI_FROM_DATABASE=system a.v. co., ltd. + OUI:883F4A* ID_OUI_FROM_DATABASE=Texas Instruments @@ -87359,6 +88946,9 @@ OUI:8866A5* OUI:88685C* ID_OUI_FROM_DATABASE=Shenzhen ChuangDao & Perpetual Eternal Technology Co.,Ltd +OUI:88693D* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:886AB1* ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. @@ -87482,6 +89072,9 @@ OUI:888E68* OUI:888E7F* ID_OUI_FROM_DATABASE=ATOP CORPORATION +OUI:888FA4* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:889009* ID_OUI_FROM_DATABASE=Juniper Networks @@ -87695,6 +89288,9 @@ OUI:88B66B* OUI:88B6EE* ID_OUI_FROM_DATABASE=Dish Technologies Corp +OUI:88B863* + ID_OUI_FROM_DATABASE=HISENSE VISUAL TECHNOLOGY CO.,LTD + OUI:88B8D0* ID_OUI_FROM_DATABASE=Dongguan Koppo Electronic Co.,Ltd @@ -87722,6 +89318,9 @@ OUI:88BFE4* OUI:88C08B* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:88C174* + ID_OUI_FROM_DATABASE=zte corporation + OUI:88C227* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -87797,6 +89396,9 @@ OUI:88C9B3E* OUI:88C9D0* ID_OUI_FROM_DATABASE=LG Electronics (Mobile Communications) +OUI:88C9E8* + ID_OUI_FROM_DATABASE=Sony Corporation + OUI:88CB87* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -87941,6 +89543,9 @@ OUI:88F031* OUI:88F077* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:88F2BD* + ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd. + OUI:88F488* ID_OUI_FROM_DATABASE=cellon communications technology(shenzhen)Co.,Ltd. @@ -87959,6 +89564,9 @@ OUI:88F7C7* OUI:88F872* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:88FC5D* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:88FCA6* ID_OUI_FROM_DATABASE=devolo AG @@ -88079,12 +89687,18 @@ OUI:8C147DE* OUI:8C14B4* ID_OUI_FROM_DATABASE=zte corporation +OUI:8C1553* + ID_OUI_FROM_DATABASE=Beijing Memblaze Technology Co Ltd + OUI:8C15C7* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD OUI:8C1645* ID_OUI_FROM_DATABASE=LCFC(HeFei) Electronics Technology co., ltd +OUI:8C1759* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:8C17B6* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -88193,6 +89807,9 @@ OUI:8C1CDAE* OUI:8C1D96* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:8C1E80* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:8C1ED9* ID_OUI_FROM_DATABASE=Beijing Unigroup Tsingteng Microsystem Co., LTD. @@ -88202,6 +89819,24 @@ OUI:8C1F64000* OUI:8C1F64003* ID_OUI_FROM_DATABASE=Brighten Controls LLP +OUI:8C1F64017* + ID_OUI_FROM_DATABASE=Farmote Limited + +OUI:8C1F6401A* + ID_OUI_FROM_DATABASE=Paragraf + +OUI:8C1F6401E* + ID_OUI_FROM_DATABASE=SCIREQ Scientific Respiratory Equipment Inc + +OUI:8C1F64045* + ID_OUI_FROM_DATABASE=VEILUX INC. + +OUI:8C1F64059* + ID_OUI_FROM_DATABASE=MB connect line GmbH Fernwartungssysteme + +OUI:8C1F6405F* + ID_OUI_FROM_DATABASE=ESCAD AUTOMATION GmbH + OUI:8C1F6406D* ID_OUI_FROM_DATABASE=Monnit Corporation @@ -88214,6 +89849,9 @@ OUI:8C1F64077* OUI:8C1F6407E* ID_OUI_FROM_DATABASE=FLOYD inc. +OUI:8C1F64080* + ID_OUI_FROM_DATABASE=Twinleaf LLC + OUI:8C1F64085* ID_OUI_FROM_DATABASE=SORB ENGINEERING LLC @@ -88223,6 +89861,9 @@ OUI:8C1F64086* OUI:8C1F6408B* ID_OUI_FROM_DATABASE=Shanghai Shenxu Technology Co., Ltd +OUI:8C1F6408F* + ID_OUI_FROM_DATABASE=AixControl GmbH + OUI:8C1F64099* ID_OUI_FROM_DATABASE=Pantherun Technologies Pvt Ltd @@ -88238,9 +89879,24 @@ OUI:8C1F640A8* OUI:8C1F640AB* ID_OUI_FROM_DATABASE=Norbit ODM AS +OUI:8C1F640AC* + ID_OUI_FROM_DATABASE=Patch Technologies, Inc. + +OUI:8C1F640AF* + ID_OUI_FROM_DATABASE=FORSEE POWER + +OUI:8C1F640B0* + ID_OUI_FROM_DATABASE=Bunka Shutter Co., Ltd. + OUI:8C1F640B8* ID_OUI_FROM_DATABASE=Signatrol Ltd +OUI:8C1F640BE* + ID_OUI_FROM_DATABASE=BNB + +OUI:8C1F640C0* + ID_OUI_FROM_DATABASE=Active Research Limited + OUI:8C1F640C5* ID_OUI_FROM_DATABASE=TechnipFMC @@ -88250,6 +89906,9 @@ OUI:8C1F640D6* OUI:8C1F640E0* ID_OUI_FROM_DATABASE=Autopharma +OUI:8C1F640E6* + ID_OUI_FROM_DATABASE=Cleanwatts Digital, S.A. + OUI:8C1F640EA* ID_OUI_FROM_DATABASE=SmartSky Networks LLC @@ -88268,6 +89927,9 @@ OUI:8C1F64103* OUI:8C1F64111* ID_OUI_FROM_DATABASE=ISAC SRL +OUI:8C1F64115* + ID_OUI_FROM_DATABASE=Neuralog LP + OUI:8C1F64118* ID_OUI_FROM_DATABASE=Automata GmbH & Co. KG @@ -88277,6 +89939,9 @@ OUI:8C1F6411F* OUI:8C1F64128* ID_OUI_FROM_DATABASE=YULISTA INTEGRATED SOLUTION +OUI:8C1F6412B* + ID_OUI_FROM_DATABASE=Beijing Tongtech Technology Co., Ltd. + OUI:8C1F64135* ID_OUI_FROM_DATABASE=Yuval Fichman @@ -88304,6 +89969,12 @@ OUI:8C1F64177* OUI:8C1F64193* ID_OUI_FROM_DATABASE=Sicon srl +OUI:8C1F64194* + ID_OUI_FROM_DATABASE=TIFLEX + +OUI:8C1F64197* + ID_OUI_FROM_DATABASE=TEKVOX, Inc + OUI:8C1F6419B* ID_OUI_FROM_DATABASE=FeedFlo @@ -88325,6 +89996,9 @@ OUI:8C1F641BF* OUI:8C1F641C2* ID_OUI_FROM_DATABASE=Solid Invent Ltda. +OUI:8C1F641CB* + ID_OUI_FROM_DATABASE=SASYS e.K. + OUI:8C1F641D1* ID_OUI_FROM_DATABASE=AS Strömungstechnik GmbH @@ -88337,6 +90011,9 @@ OUI:8C1F641E1* OUI:8C1F641E3* ID_OUI_FROM_DATABASE=WBNet +OUI:8C1F641EF* + ID_OUI_FROM_DATABASE=Tantronic AG + OUI:8C1F64204* ID_OUI_FROM_DATABASE=castcore @@ -88352,9 +90029,15 @@ OUI:8C1F64224* OUI:8C1F64227* ID_OUI_FROM_DATABASE=Digilens +OUI:8C1F6422E* + ID_OUI_FROM_DATABASE=Jide Car Rastreamento e Monitoramento LTDA + OUI:8C1F64242* ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA +OUI:8C1F64254* + ID_OUI_FROM_DATABASE=Zhuhai Yunzhou Intelligence Technology Ltd. + OUI:8C1F64256* ID_OUI_FROM_DATABASE=Landinger @@ -88370,9 +90053,15 @@ OUI:8C1F64264* OUI:8C1F64270* ID_OUI_FROM_DATABASE=Xi‘an Hangguang Satellite and Control Technology Co.,Ltd +OUI:8C1F64274* + ID_OUI_FROM_DATABASE=INVIXIUM ACCESS INC + OUI:8C1F6428A* ID_OUI_FROM_DATABASE=Arcopie +OUI:8C1F6428C* + ID_OUI_FROM_DATABASE=Sakura Seiki Co.,Ltd. + OUI:8C1F64296* ID_OUI_FROM_DATABASE=Roog zhi tong Technology(Beijing) Co.,Ltd @@ -88391,6 +90080,12 @@ OUI:8C1F642B6* OUI:8C1F642C2* ID_OUI_FROM_DATABASE=TEX COMPUTER SRL +OUI:8C1F642C3* + ID_OUI_FROM_DATABASE=TeraDiode / Panasonic + +OUI:8C1F642C5* + ID_OUI_FROM_DATABASE=SYSN + OUI:8C1F642C8* ID_OUI_FROM_DATABASE=BRS Sistemas Eletrônicos @@ -88403,6 +90098,12 @@ OUI:8C1F642EF* OUI:8C1F642F5* ID_OUI_FROM_DATABASE=Florida R&D Associates LLC +OUI:8C1F642FD* + ID_OUI_FROM_DATABASE=Enestone Corporation + +OUI:8C1F64301* + ID_OUI_FROM_DATABASE=Agar Corporation Inc. + OUI:8C1F64304* ID_OUI_FROM_DATABASE=Jemac Sweden AB @@ -88412,6 +90113,9 @@ OUI:8C1F64306* OUI:8C1F6430A* ID_OUI_FROM_DATABASE=XCOM Labs +OUI:8C1F64316* + ID_OUI_FROM_DATABASE=Potter Electric Signal Company + OUI:8C1F6431A* ID_OUI_FROM_DATABASE=Asiga Pty Ltd @@ -88421,6 +90125,9 @@ OUI:8C1F64328* OUI:8C1F64330* ID_OUI_FROM_DATABASE=Vision Systems Safety Tech +OUI:8C1F6435C* + ID_OUI_FROM_DATABASE=Opgal Optronic Industries ltd + OUI:8C1F6435D* ID_OUI_FROM_DATABASE=Security&Best @@ -88436,9 +90143,15 @@ OUI:8C1F64382* OUI:8C1F64385* ID_OUI_FROM_DATABASE=Multilane Inc +OUI:8C1F6438B* + ID_OUI_FROM_DATABASE=Borrell USA Corp + OUI:8C1F6438D* ID_OUI_FROM_DATABASE=Wilson Electronics +OUI:8C1F6438E* + ID_OUI_FROM_DATABASE=Wartsila Voyage Limited + OUI:8C1F64391* ID_OUI_FROM_DATABASE=CPC (UK) @@ -88451,30 +90164,57 @@ OUI:8C1F64398* OUI:8C1F643A4* ID_OUI_FROM_DATABASE=QLM Technology Ltd +OUI:8C1F643AC* + ID_OUI_FROM_DATABASE=Benison Tech + OUI:8C1F643AD* ID_OUI_FROM_DATABASE=TowerIQ +OUI:8C1F643B2* + ID_OUI_FROM_DATABASE=Real Digital + OUI:8C1F643B5* ID_OUI_FROM_DATABASE=SVMS OUI:8C1F643C4* ID_OUI_FROM_DATABASE=NavSys Technology Inc. +OUI:8C1F643C5* + ID_OUI_FROM_DATABASE=Stratis IOT + OUI:8C1F643C6* ID_OUI_FROM_DATABASE=Wavestream Corp +OUI:8C1F643D1* + ID_OUI_FROM_DATABASE=EMIT GmbH + +OUI:8C1F643D4* + ID_OUI_FROM_DATABASE=e.p.g. Elettronica s.r.l. + OUI:8C1F643E0* ID_OUI_FROM_DATABASE=YPP Corporation +OUI:8C1F643E3* + ID_OUI_FROM_DATABASE=FMTec GmbH - Future Management Technologies + OUI:8C1F643E8* ID_OUI_FROM_DATABASE=Ruichuangte +OUI:8C1F643F4* + ID_OUI_FROM_DATABASE=ACTELSER S.L. + OUI:8C1F643FE* ID_OUI_FROM_DATABASE=Plum sp. z.o.o. OUI:8C1F643FF* ID_OUI_FROM_DATABASE=UISEE(SHANGHAI) AUTOMOTIVE TECHNOLOGIES LTD. +OUI:8C1F6440C* + ID_OUI_FROM_DATABASE=Sichuan Aiyijan Technology Company Ltd. + +OUI:8C1F6440E* + ID_OUI_FROM_DATABASE=Baker Hughes EMEA + OUI:8C1F64414* ID_OUI_FROM_DATABASE=INSEVIS GmbH @@ -88484,6 +90224,12 @@ OUI:8C1F64417* OUI:8C1F6441D* ID_OUI_FROM_DATABASE=Aspen Spectra Sdn Bhd +OUI:8C1F64426* + ID_OUI_FROM_DATABASE=eumig industrie-TV GmbH. + +OUI:8C1F64429* + ID_OUI_FROM_DATABASE=Abbott Diagnostics Technologies AS + OUI:8C1F6442B* ID_OUI_FROM_DATABASE=Gamber Johnson-LLC @@ -88496,6 +90242,9 @@ OUI:8C1F64445* OUI:8C1F64454* ID_OUI_FROM_DATABASE=KJ Klimateknik A/S +OUI:8C1F6445D* + ID_OUI_FROM_DATABASE=Fuzhou Tucsen Photonics Co.,Ltd + OUI:8C1F6445F* ID_OUI_FROM_DATABASE=Toshniwal Security Solutions Pvt Ltd @@ -88508,12 +90257,21 @@ OUI:8C1F64466* OUI:8C1F64472* ID_OUI_FROM_DATABASE=Surge Networks, Inc. +OUI:8C1F6447A* + ID_OUI_FROM_DATABASE=Missing Link Electronics, Inc. + +OUI:8C1F64489* + ID_OUI_FROM_DATABASE=HUPI + OUI:8C1F64493* ID_OUI_FROM_DATABASE=Security Products International, LLC OUI:8C1F64498* ID_OUI_FROM_DATABASE=YUYAMA MFG Co.,Ltd +OUI:8C1F644AC* + ID_OUI_FROM_DATABASE=Vekto + OUI:8C1F644B0* ID_OUI_FROM_DATABASE=U -MEI-DAH INT'L ENTERPRISE CO.,LTD. @@ -88529,6 +90287,9 @@ OUI:8C1F644C7* OUI:8C1F644CD* ID_OUI_FROM_DATABASE=Guan Show Technologe Co., Ltd. +OUI:8C1F644D6* + ID_OUI_FROM_DATABASE=Dan Smith LLC + OUI:8C1F644DA* ID_OUI_FROM_DATABASE=DTDS Technology Pte Ltd @@ -88538,6 +90299,12 @@ OUI:8C1F644DB* OUI:8C1F644DD* ID_OUI_FROM_DATABASE=Griffyn Robotech Private Limited +OUI:8C1F644E0* + ID_OUI_FROM_DATABASE=PuS GmbH und Co. KG + +OUI:8C1F644E5* + ID_OUI_FROM_DATABASE=Renukas Castle Hard- and Software + OUI:8C1F644EC* ID_OUI_FROM_DATABASE=XOR UK Corporation Limited @@ -88547,6 +90314,9 @@ OUI:8C1F644F0* OUI:8C1F644FA* ID_OUI_FROM_DATABASE=Sanskruti +OUI:8C1F64504* + ID_OUI_FROM_DATABASE=EA Elektroautomatik GmbH & Co. KG + OUI:8C1F6450A* ID_OUI_FROM_DATABASE=BELLCO TRADING COMPANY (PVT) LTD @@ -88562,6 +90332,12 @@ OUI:8C1F64517* OUI:8C1F64521* ID_OUI_FROM_DATABASE=MP-SENSOR GmbH +OUI:8C1F64525* + ID_OUI_FROM_DATABASE=United States Technologies Inc. + +OUI:8C1F6452D* + ID_OUI_FROM_DATABASE=Cubic ITS, Inc. dba GRIDSMART Technologies + OUI:8C1F64534* ID_OUI_FROM_DATABASE=SURYA ELECTRONICS @@ -88574,6 +90350,9 @@ OUI:8C1F64536* OUI:8C1F6453A* ID_OUI_FROM_DATABASE=TPVision Europe B.V +OUI:8C1F6453B* + ID_OUI_FROM_DATABASE=REFU Storage System GmbH + OUI:8C1F6453D* ID_OUI_FROM_DATABASE=NEXCONTECH @@ -88589,6 +90368,15 @@ OUI:8C1F64549* OUI:8C1F6454C* ID_OUI_FROM_DATABASE=Gemini Electronics B.V. +OUI:8C1F6454F* + ID_OUI_FROM_DATABASE=Toolplanet Co., Ltd. + +OUI:8C1F64552* + ID_OUI_FROM_DATABASE=Proterra, Inc + +OUI:8C1F64557* + ID_OUI_FROM_DATABASE=In-lite Design BV + OUI:8C1F6455E* ID_OUI_FROM_DATABASE=HANATEKSYSTEM @@ -88607,21 +90395,39 @@ OUI:8C1F6457A* OUI:8C1F6457B* ID_OUI_FROM_DATABASE=Potter Electric Signal Company +OUI:8C1F64581* + ID_OUI_FROM_DATABASE=SpectraDynamics, Inc. + +OUI:8C1F6459F* + ID_OUI_FROM_DATABASE=Delta Computers LLC. + +OUI:8C1F645AC* + ID_OUI_FROM_DATABASE=YUYAMA MFG Co.,Ltd + OUI:8C1F645AE* ID_OUI_FROM_DATABASE=Suzhou Motorcomm Electronic Technology Co., Ltd +OUI:8C1F645B3* + ID_OUI_FROM_DATABASE=eumig industrie-TV GmbH. + OUI:8C1F645BC* ID_OUI_FROM_DATABASE=HEITEC AG OUI:8C1F645D3* ID_OUI_FROM_DATABASE=Eloy Water +OUI:8C1F645E5* + ID_OUI_FROM_DATABASE=Telemetrics Inc. + OUI:8C1F645F5* ID_OUI_FROM_DATABASE=HongSeok Ltd. OUI:8C1F64600* ID_OUI_FROM_DATABASE=Anhui Chaokun Testing Equipment Co., Ltd +OUI:8C1F64601* + ID_OUI_FROM_DATABASE=Camius + OUI:8C1F64603* ID_OUI_FROM_DATABASE=Fuku Energy Technology Co., Ltd. @@ -88640,6 +90446,15 @@ OUI:8C1F64619* OUI:8C1F6461F* ID_OUI_FROM_DATABASE=Lightworks GmbH +OUI:8C1F64622* + ID_OUI_FROM_DATABASE=Logical Product + +OUI:8C1F64625* + ID_OUI_FROM_DATABASE=Stresstech OY + +OUI:8C1F64634* + ID_OUI_FROM_DATABASE=AML + OUI:8C1F64638* ID_OUI_FROM_DATABASE=THUNDER DATA TAIWAN CO., LTD. @@ -88664,15 +90479,33 @@ OUI:8C1F64656* OUI:8C1F6465F* ID_OUI_FROM_DATABASE=Astrometric Instruments, Inc. +OUI:8C1F64660* + ID_OUI_FROM_DATABASE=LLC NTPC + OUI:8C1F64663* ID_OUI_FROM_DATABASE=mal-tech Technological Solutions Ltd/CRISP OUI:8C1F6466C* ID_OUI_FROM_DATABASE=LINEAGE POWER PVT LTD., +OUI:8C1F64672* + ID_OUI_FROM_DATABASE=Farmobile LLC + OUI:8C1F64675* ID_OUI_FROM_DATABASE=Transit Solutions, LLC. +OUI:8C1F6467A* + ID_OUI_FROM_DATABASE=MG s.r.l. + +OUI:8C1F6467F* + ID_OUI_FROM_DATABASE=Hamamatsu Photonics K.K. + +OUI:8C1F64683* + ID_OUI_FROM_DATABASE=SLAT + +OUI:8C1F64697* + ID_OUI_FROM_DATABASE=Sontay Ltd. + OUI:8C1F6469E* ID_OUI_FROM_DATABASE=AT-Automation Technology GmbH @@ -88691,6 +90524,9 @@ OUI:8C1F646B3* OUI:8C1F646B5* ID_OUI_FROM_DATABASE=O-Net Communications(Shenzhen)Limited +OUI:8C1F646B9* + ID_OUI_FROM_DATABASE=GS Industrie-Elektronik GmbH + OUI:8C1F646C6* ID_OUI_FROM_DATABASE=FIT @@ -88709,9 +90545,18 @@ OUI:8C1F646EA* OUI:8C1F646F4* ID_OUI_FROM_DATABASE=Elsist Srl +OUI:8C1F646F9* + ID_OUI_FROM_DATABASE=ANDDORO LLC + OUI:8C1F646FC* ID_OUI_FROM_DATABASE=HM Systems A/S +OUI:8C1F64702* + ID_OUI_FROM_DATABASE=AIDirections + +OUI:8C1F64703* + ID_OUI_FROM_DATABASE=Calnex Solutions plc + OUI:8C1F64707* ID_OUI_FROM_DATABASE=OAS AG @@ -88724,6 +90569,9 @@ OUI:8C1F6470E* OUI:8C1F64712* ID_OUI_FROM_DATABASE=Nexion Data Systems P/L +OUI:8C1F64721* + ID_OUI_FROM_DATABASE=M/S MILIND RAMACHANDRA RAJWADE + OUI:8C1F64726* ID_OUI_FROM_DATABASE=DAVE SRL @@ -88733,24 +90581,39 @@ OUI:8C1F6472A* OUI:8C1F6472C* ID_OUI_FROM_DATABASE=Antai technology Co.,Ltd +OUI:8C1F64737* + ID_OUI_FROM_DATABASE=Vytahy-Vymyslicky s.r.o. + +OUI:8C1F6473C* + ID_OUI_FROM_DATABASE=REO AG + OUI:8C1F6473D* ID_OUI_FROM_DATABASE=NewAgeMicro OUI:8C1F6473F* ID_OUI_FROM_DATABASE=UBISCALE +OUI:8C1F64746* + ID_OUI_FROM_DATABASE=Sensus Healthcare + OUI:8C1F64747* ID_OUI_FROM_DATABASE=VisionTIR Multispectral Technology OUI:8C1F6475F* ID_OUI_FROM_DATABASE=ASTRACOM Co. Ltd +OUI:8C1F64765* + ID_OUI_FROM_DATABASE=Micro Electroninc Products + OUI:8C1F64768* ID_OUI_FROM_DATABASE=mapna group OUI:8C1F64774* ID_OUI_FROM_DATABASE=navXperience GmbH +OUI:8C1F64775* + ID_OUI_FROM_DATABASE=Becton Dickinson + OUI:8C1F6477C* ID_OUI_FROM_DATABASE=Orange Tree Technologies Ltd @@ -88778,6 +90641,18 @@ OUI:8C1F647A1* OUI:8C1F647A6* ID_OUI_FROM_DATABASE=OTMetric +OUI:8C1F647A7* + ID_OUI_FROM_DATABASE=Timegate Instruments Ltd. + +OUI:8C1F647AA* + ID_OUI_FROM_DATABASE=XSENSOR Technology Corp. + +OUI:8C1F647AF* + ID_OUI_FROM_DATABASE=E VISION INDIA PVT LTD + +OUI:8C1F647B7* + ID_OUI_FROM_DATABASE=Weidmann Tecnologia Electrica de Mexico + OUI:8C1F647B8* ID_OUI_FROM_DATABASE=TimeMachines Inc. @@ -88787,15 +90662,24 @@ OUI:8C1F647B9* OUI:8C1F647C8* ID_OUI_FROM_DATABASE=Jacquet Dechaume +OUI:8C1F647CF* + ID_OUI_FROM_DATABASE=Transdigital Pty Ltd + OUI:8C1F647D2* ID_OUI_FROM_DATABASE=Enlaps +OUI:8C1F647D3* + ID_OUI_FROM_DATABASE=Suntech Engineering + OUI:8C1F647D6* ID_OUI_FROM_DATABASE=Algodue Elettronica Srl OUI:8C1F647DD* ID_OUI_FROM_DATABASE=TAKASAKI KYODO COMPUTING CENTER Co.,LTD. +OUI:8C1F647DE* + ID_OUI_FROM_DATABASE=SOCNOC AI Inc + OUI:8C1F647EC* ID_OUI_FROM_DATABASE=Methods2Business B.V. @@ -88805,12 +90689,21 @@ OUI:8C1F647F1* OUI:8C1F64801* ID_OUI_FROM_DATABASE=Zhejiang Laolan Information Technology Co., Ltd +OUI:8C1F64807* + ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA + +OUI:8C1F64817* + ID_OUI_FROM_DATABASE=nke marine electronics + OUI:8C1F6481A* ID_OUI_FROM_DATABASE=Gemini Electronics B.V. OUI:8C1F64820* ID_OUI_FROM_DATABASE=TIAMA +OUI:8C1F64837* + ID_OUI_FROM_DATABASE=Rumble, Inc + OUI:8C1F6483A* ID_OUI_FROM_DATABASE=Grossenbacher Systeme AG @@ -88820,9 +90713,15 @@ OUI:8C1F6483C* OUI:8C1F64848* ID_OUI_FROM_DATABASE=Jena-Optronik GmbH +OUI:8C1F6484C* + ID_OUI_FROM_DATABASE=AvMap srlu + OUI:8C1F6484E* ID_OUI_FROM_DATABASE=West Pharmaceutical Services, Inc. +OUI:8C1F64855* + ID_OUI_FROM_DATABASE=e.kundenservice Netz GmbH + OUI:8C1F64856* ID_OUI_FROM_DATABASE=Garten Automation @@ -88832,12 +90731,18 @@ OUI:8C1F6485B* OUI:8C1F64878* ID_OUI_FROM_DATABASE=Green Access Ltd +OUI:8C1F64883* + ID_OUI_FROM_DATABASE=DEUTA-WERKE GmbH + OUI:8C1F6488D* ID_OUI_FROM_DATABASE=Pantherun Technologies Pvt Ltd OUI:8C1F64892* ID_OUI_FROM_DATABASE=MDI Industrial +OUI:8C1F6489E* + ID_OUI_FROM_DATABASE=Cinetix Srl + OUI:8C1F648A4* ID_OUI_FROM_DATABASE=Genesis Technologies AG @@ -88865,27 +90770,48 @@ OUI:8C1F648C2* OUI:8C1F648C4* ID_OUI_FROM_DATABASE=Hermes Network Inc +OUI:8C1F648C5* + ID_OUI_FROM_DATABASE=NextT Microwave Inc + +OUI:8C1F648CF* + ID_OUI_FROM_DATABASE=Diffraction Limited + OUI:8C1F648D1* ID_OUI_FROM_DATABASE=Orlaco Products B.V. OUI:8C1F648D4* ID_OUI_FROM_DATABASE=Recab Sweden AB +OUI:8C1F648D9* + ID_OUI_FROM_DATABASE=Pietro Fiorentini Spa + OUI:8C1F648E2* ID_OUI_FROM_DATABASE=ALPHA Corporation +OUI:8C1F648E9* + ID_OUI_FROM_DATABASE=Vesperix Corporation + OUI:8C1F648EE* ID_OUI_FROM_DATABASE=Abbott Diagnostics Technologies AS +OUI:8C1F648F8* + ID_OUI_FROM_DATABASE=HIGHVOLT Prüftechnik + OUI:8C1F64903* ID_OUI_FROM_DATABASE=Portrait Displays, Inc. +OUI:8C1F64905* + ID_OUI_FROM_DATABASE=Qualitrol LLC + OUI:8C1F64909* ID_OUI_FROM_DATABASE=MATELEX OUI:8C1F6490E* ID_OUI_FROM_DATABASE=Xacti Corporation +OUI:8C1F64911* + ID_OUI_FROM_DATABASE=EOLANE + OUI:8C1F64918* ID_OUI_FROM_DATABASE=Abbott Diagnostics Technologies AS @@ -88898,21 +90824,45 @@ OUI:8C1F6492A* OUI:8C1F6492D* ID_OUI_FROM_DATABASE=IVOR Intelligent Electrical Appliance Co., Ltd +OUI:8C1F64939* + ID_OUI_FROM_DATABASE=SPIT Technology, Inc + +OUI:8C1F64943* + ID_OUI_FROM_DATABASE=Autark GmbH + OUI:8C1F64947* ID_OUI_FROM_DATABASE=LLC TC Vympel +OUI:8C1F64949* + ID_OUI_FROM_DATABASE=tickIoT Inc. + +OUI:8C1F6494C* + ID_OUI_FROM_DATABASE=BCMTECH + +OUI:8C1F6494E* + ID_OUI_FROM_DATABASE=Monnit Corporation + OUI:8C1F64956* ID_OUI_FROM_DATABASE=Paulmann Licht GmbH +OUI:8C1F64958* + ID_OUI_FROM_DATABASE=Sanchar Telesystems limited + OUI:8C1F6495A* ID_OUI_FROM_DATABASE=Shenzhen Longyun Lighting Electric Appliances Co., Ltd +OUI:8C1F64967* + ID_OUI_FROM_DATABASE=DAVE SRL + OUI:8C1F64971* ID_OUI_FROM_DATABASE=INFRASAFE/ ADVANTOR SYSTEMS OUI:8C1F64973* ID_OUI_FROM_DATABASE=Dorsett Technologies Inc +OUI:8C1F6497C* + ID_OUI_FROM_DATABASE=MB connect line GmbH Fernwartungssysteme + OUI:8C1F64984* ID_OUI_FROM_DATABASE=Abacus Peripherals Pvt Ltd @@ -88925,6 +90875,12 @@ OUI:8C1F64998* OUI:8C1F649A6* ID_OUI_FROM_DATABASE=INSTITUTO DE GESTÃO, REDES TECNOLÓGICAS E NERGIAS +OUI:8C1F649BA* + ID_OUI_FROM_DATABASE=WINTUS SYSTEM + +OUI:8C1F649BD* + ID_OUI_FROM_DATABASE=ATM SOLUTIONS + OUI:8C1F649C1* ID_OUI_FROM_DATABASE=RealWear @@ -88937,6 +90893,9 @@ OUI:8C1F649CE* OUI:8C1F649CF* ID_OUI_FROM_DATABASE=ASAP Electronics GmbH +OUI:8C1F649D4* + ID_OUI_FROM_DATABASE=Wolfspyre Labs + OUI:8C1F649D8* ID_OUI_FROM_DATABASE=Integer.pl S.A. @@ -88946,6 +90905,9 @@ OUI:8C1F649F0* OUI:8C1F649F2* ID_OUI_FROM_DATABASE=MB connect line GmbH Fernwartungssysteme +OUI:8C1F649FA* + ID_OUI_FROM_DATABASE=METRONA-Union GmbH + OUI:8C1F649FD* ID_OUI_FROM_DATABASE=Vishay Nobel AB @@ -88958,20 +90920,32 @@ OUI:8C1F64A01* OUI:8C1F64A07* ID_OUI_FROM_DATABASE=GJD Manufacturing +OUI:8C1F64A1B* + ID_OUI_FROM_DATABASE=Zilica Limited + OUI:8C1F64A29* ID_OUI_FROM_DATABASE=Ringtail Security OUI:8C1F64A2B* ID_OUI_FROM_DATABASE=WENet Vietnam Joint Stock company +OUI:8C1F64A2D* + ID_OUI_FROM_DATABASE=ACSL Ltd. + OUI:8C1F64A32* ID_OUI_FROM_DATABASE=Nautel LTD OUI:8C1F64A38* ID_OUI_FROM_DATABASE=NuGrid Power +OUI:8C1F64A42* + ID_OUI_FROM_DATABASE=Rodgers Instruments US LLC + +OUI:8C1F64A44* + ID_OUI_FROM_DATABASE=Rapidev Pvt Ltd + OUI:8C1F64A4C* - ID_OUI_FROM_DATABASE=Flextronics International Kft. + ID_OUI_FROM_DATABASE=Flextronics International Kft OUI:8C1F64A4E* ID_OUI_FROM_DATABASE=Syscom Instruments SA @@ -88982,12 +90956,27 @@ OUI:8C1F64A57* OUI:8C1F64A5C* ID_OUI_FROM_DATABASE=Prosys +OUI:8C1F64A5D* + ID_OUI_FROM_DATABASE=Shenzhen zhushida Technology lnformation Co.,Ltd + +OUI:8C1F64A6A* + ID_OUI_FROM_DATABASE=Sphere Com Services Pvt Ltd + +OUI:8C1F64A6D* + ID_OUI_FROM_DATABASE=CyberneX Co., Ltd + OUI:8C1F64A76* ID_OUI_FROM_DATABASE=DEUTA-WERKE GmbH +OUI:8C1F64A84* + ID_OUI_FROM_DATABASE=Beijing Wenrise Technology Co., Ltd. + OUI:8C1F64A94* ID_OUI_FROM_DATABASE=Future wave ultra tech Company +OUI:8C1F64A97* + ID_OUI_FROM_DATABASE=Integer.pl S.A. + OUI:8C1F64A9A* ID_OUI_FROM_DATABASE=Signasystems Elektronik San. ve Tic. Ltd. Sti. @@ -88997,9 +90986,18 @@ OUI:8C1F64AA4* OUI:8C1F64AAB* ID_OUI_FROM_DATABASE=BlueSword Intelligent Technology Co., Ltd. +OUI:8C1F64AB4* + ID_OUI_FROM_DATABASE=Beijing Zhongchen Microelectronics Co.,Ltd + OUI:8C1F64AB5* ID_OUI_FROM_DATABASE=JUSTMORPH PTE. LTD. +OUI:8C1F64AC0* + ID_OUI_FROM_DATABASE=AIQuatro + +OUI:8C1F64AC5* + ID_OUI_FROM_DATABASE=Forever Engineering Systems Pvt. Ltd. + OUI:8C1F64ACE* ID_OUI_FROM_DATABASE=Rayhaan Networks @@ -89009,6 +91007,9 @@ OUI:8C1F64AD2* OUI:8C1F64AE1* ID_OUI_FROM_DATABASE=YUYAMA MFG Co.,Ltd +OUI:8C1F64AE8* + ID_OUI_FROM_DATABASE=ADETEC SAS + OUI:8C1F64AED* ID_OUI_FROM_DATABASE=MB connect line GmbH Fernwartungssysteme @@ -89018,6 +91019,9 @@ OUI:8C1F64AEF* OUI:8C1F64AF7* ID_OUI_FROM_DATABASE=ard sa +OUI:8C1F64B01* + ID_OUI_FROM_DATABASE=noah + OUI:8C1F64B03* ID_OUI_FROM_DATABASE=Shenzhen Pisoftware Technology Co.,Ltd. @@ -89033,6 +91037,9 @@ OUI:8C1F64B22* OUI:8C1F64B2C* ID_OUI_FROM_DATABASE=SANMINA ISRAEL MEDICAL SYSTEMS LTD +OUI:8C1F64B3B* + ID_OUI_FROM_DATABASE=Sicon srl + OUI:8C1F64B3D* ID_OUI_FROM_DATABASE=RealD, Inc. @@ -89048,9 +91055,18 @@ OUI:8C1F64B56* OUI:8C1F64B64* ID_OUI_FROM_DATABASE=GSP Sprachtechnologie GmbH +OUI:8C1F64B73* + ID_OUI_FROM_DATABASE=Comm-ence, Inc. + OUI:8C1F64B77* ID_OUI_FROM_DATABASE=Carestream Dental LLC +OUI:8C1F64B7B* + ID_OUI_FROM_DATABASE=Gateview Technologies + +OUI:8C1F64B7C* + ID_OUI_FROM_DATABASE=EVERNET CO,.LTD TAIWAN + OUI:8C1F64B82* ID_OUI_FROM_DATABASE=Seed Core Co., LTD. @@ -89060,6 +91076,9 @@ OUI:8C1F64B84* OUI:8C1F64B8D* ID_OUI_FROM_DATABASE=Tongye lnnovation Science and Technology (Shenzhen) Co.,Ltd +OUI:8C1F64B92* + ID_OUI_FROM_DATABASE=Neurable + OUI:8C1F64B97* ID_OUI_FROM_DATABASE=Gemini Electronics B.V. @@ -89069,21 +91088,39 @@ OUI:8C1F64B9A* OUI:8C1F64BA3* ID_OUI_FROM_DATABASE=DEUTA-WERKE GmbH +OUI:8C1F64BBF* + ID_OUI_FROM_DATABASE=Retency + OUI:8C1F64BC0* ID_OUI_FROM_DATABASE=GS Elektromedizinsiche Geräte G. Stemple GmbH +OUI:8C1F64BC2* + ID_OUI_FROM_DATABASE=Huz Electronics Ltd + OUI:8C1F64BC6* ID_OUI_FROM_DATABASE=Chengdu ZiChen Time&Frequency Technology Co.,Ltd +OUI:8C1F64BD3* + ID_OUI_FROM_DATABASE=IO Master Technology + +OUI:8C1F64BD6* + ID_OUI_FROM_DATABASE=NOVA Products GmbH + OUI:8C1F64BD7* ID_OUI_FROM_DATABASE=Union Electronic. OUI:8C1F64BEE* ID_OUI_FROM_DATABASE=Sirius LLC +OUI:8C1F64BF0* + ID_OUI_FROM_DATABASE=Newtec A/S + OUI:8C1F64BF4* ID_OUI_FROM_DATABASE=Fluid Components Intl +OUI:8C1F64BFB* + ID_OUI_FROM_DATABASE=TechArgos + OUI:8C1F64C01* ID_OUI_FROM_DATABASE=HORIBA ABX SAS @@ -89096,6 +91133,9 @@ OUI:8C1F64C0C* OUI:8C1F64C1F* ID_OUI_FROM_DATABASE=Esys Srl +OUI:8C1F64C24* + ID_OUI_FROM_DATABASE=Alifax S.r.l. + OUI:8C1F64C27* ID_OUI_FROM_DATABASE=Lift Ventures, Inc @@ -89105,21 +91145,45 @@ OUI:8C1F64C28* OUI:8C1F64C2F* ID_OUI_FROM_DATABASE=Power Electronics Espana, S.L. +OUI:8C1F64C38* + ID_OUI_FROM_DATABASE=ECO-ADAPT + +OUI:8C1F64C3A* + ID_OUI_FROM_DATABASE=YUSUR Technology Co., Ltd. + OUI:8C1F64C40* ID_OUI_FROM_DATABASE=Sciospec Scientific Instruments GmbH OUI:8C1F64C41* ID_OUI_FROM_DATABASE=Katronic AG & Co. KG +OUI:8C1F64C4C* + ID_OUI_FROM_DATABASE=Lumiplan Duhamel + OUI:8C1F64C50* ID_OUI_FROM_DATABASE=Spacee OUI:8C1F64C54* ID_OUI_FROM_DATABASE=First Mode +OUI:8C1F64C57* + ID_OUI_FROM_DATABASE=Strategic Robotic Systems + +OUI:8C1F64C68* + ID_OUI_FROM_DATABASE=FIBERME COMMUNICATIONS LLC + +OUI:8C1F64C6B* + ID_OUI_FROM_DATABASE=Mediana + OUI:8C1F64C7C* ID_OUI_FROM_DATABASE=MERKLE Schweissanlagen-Technik GmbH +OUI:8C1F64C80* + ID_OUI_FROM_DATABASE=VECOS Europe B.V. + +OUI:8C1F64C8F* + ID_OUI_FROM_DATABASE=JW Froehlich Maschinenfabrik GmbH + OUI:8C1F64C97* ID_OUI_FROM_DATABASE=Magnet-Physik Dr. Steingroever GmbH @@ -89135,12 +91199,27 @@ OUI:8C1F64CAD* OUI:8C1F64CBE* ID_OUI_FROM_DATABASE=Circa Enterprises Inc +OUI:8C1F64CC6* + ID_OUI_FROM_DATABASE=Genius vision digital private limted + +OUI:8C1F64CCB* + ID_OUI_FROM_DATABASE=suzhou yuecrown Electronic Technology Co.,LTD + +OUI:8C1F64CD3* + ID_OUI_FROM_DATABASE=Pionierkraft GmbH + OUI:8C1F64CD6* ID_OUI_FROM_DATABASE=USM Pty Ltd OUI:8C1F64CD8* ID_OUI_FROM_DATABASE=Gogo Business Aviation +OUI:8C1F64CD9* + ID_OUI_FROM_DATABASE=Fingoti Limited + +OUI:8C1F64CDB* + ID_OUI_FROM_DATABASE=EUROPEAN TELECOMMUNICATION INTERNATIONAL KFT + OUI:8C1F64CDF* ID_OUI_FROM_DATABASE=Canway Technology GmbH @@ -89159,6 +91238,12 @@ OUI:8C1F64CF1* OUI:8C1F64CF3* ID_OUI_FROM_DATABASE=ABB S.p.A. +OUI:8C1F64D02* + ID_OUI_FROM_DATABASE=Flextronics International Kft + +OUI:8C1F64D08* + ID_OUI_FROM_DATABASE=Power Electronics Espana, S.L. + OUI:8C1F64D0E* ID_OUI_FROM_DATABASE=Labforge Inc. @@ -89189,12 +91274,27 @@ OUI:8C1F64D54* OUI:8C1F64D56* ID_OUI_FROM_DATABASE=Wisdom Audio +OUI:8C1F64D69* + ID_OUI_FROM_DATABASE=ADiCo Corporation + OUI:8C1F64D78* ID_OUI_FROM_DATABASE=Hunan Oushi Electronic Technology Co.,Ltd +OUI:8C1F64D7C* + ID_OUI_FROM_DATABASE=QUERCUS TECHNOLOGIES, S.L. + OUI:8C1F64D7E* ID_OUI_FROM_DATABASE=Thales Belgium +OUI:8C1F64D88* + ID_OUI_FROM_DATABASE=University of Geneva - Department of Particle Physics + +OUI:8C1F64D92* + ID_OUI_FROM_DATABASE=Mitsubishi Electric India Pvt. Ltd. + +OUI:8C1F64D9A* + ID_OUI_FROM_DATABASE=Beijing Redlink Information Technology Co., Ltd. + OUI:8C1F64DAA* ID_OUI_FROM_DATABASE=Davetech Limited @@ -89210,21 +91310,39 @@ OUI:8C1F64DB9* OUI:8C1F64DBD* ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA +OUI:8C1F64DC0* + ID_OUI_FROM_DATABASE=Pigs Can Fly Labs LLC + OUI:8C1F64DC9* ID_OUI_FROM_DATABASE=Peter Huber Kaeltemaschinenbau AG OUI:8C1F64DCA* ID_OUI_FROM_DATABASE=Porsche engineering +OUI:8C1F64DD5* + ID_OUI_FROM_DATABASE=Cardinal Scales Manufacturing Co + OUI:8C1F64DE1* ID_OUI_FROM_DATABASE=Franke Aquarotter GmbH +OUI:8C1F64DF8* + ID_OUI_FROM_DATABASE=Wittra Networks AB + +OUI:8C1F64DFE* + ID_OUI_FROM_DATABASE=Nuvation Energy + OUI:8C1F64E02* ID_OUI_FROM_DATABASE=ITS Teknik A/S +OUI:8C1F64E0E* + ID_OUI_FROM_DATABASE=Nokeval Oy + OUI:8C1F64E21* ID_OUI_FROM_DATABASE=LG-LHT Aircraft Solutions GmbH +OUI:8C1F64E30* + ID_OUI_FROM_DATABASE=VMukti Solutions Private Limited + OUI:8C1F64E41* ID_OUI_FROM_DATABASE=Grossenbacher Systeme AG @@ -89234,6 +91352,9 @@ OUI:8C1F64E43* OUI:8C1F64E49* ID_OUI_FROM_DATABASE=Samwell International Inc +OUI:8C1F64E4C* + ID_OUI_FROM_DATABASE=TTC TELEKOMUNIKACE, s.r.o. + OUI:8C1F64E52* ID_OUI_FROM_DATABASE=LcmVeloci ApS @@ -89243,9 +91364,15 @@ OUI:8C1F64E5C* OUI:8C1F64E5D* ID_OUI_FROM_DATABASE=JinYuan International Corporation +OUI:8C1F64E5E* + ID_OUI_FROM_DATABASE=BRICKMAKERS GmbH + OUI:8C1F64E61* ID_OUI_FROM_DATABASE=Stange Elektronik GmbH +OUI:8C1F64E64* + ID_OUI_FROM_DATABASE=Indefac company + OUI:8C1F64E73* ID_OUI_FROM_DATABASE=GTR Industries @@ -89255,6 +91382,12 @@ OUI:8C1F64E77* OUI:8C1F64E7B* ID_OUI_FROM_DATABASE=Dongguan Pengchen Earth Instrument CO. LT +OUI:8C1F64E7C* + ID_OUI_FROM_DATABASE=Ashinne Technology Co., Ltd + +OUI:8C1F64E90* + ID_OUI_FROM_DATABASE=MHE Electronics + OUI:8C1F64E98* ID_OUI_FROM_DATABASE=Luxshare Electronic Technology (Kunshan) LTD @@ -89270,6 +91403,9 @@ OUI:8C1F64EAC* OUI:8C1F64EB2* ID_OUI_FROM_DATABASE=Aqua Broadcast Ltd +OUI:8C1F64EB5* + ID_OUI_FROM_DATABASE=Meiryo Denshi Corp. + OUI:8C1F64EB7* ID_OUI_FROM_DATABASE=Delta Solutions LLC @@ -89285,9 +91421,18 @@ OUI:8C1F64EC1* OUI:8C1F64ED4* ID_OUI_FROM_DATABASE=ZHEJIANG CHITIC-SAFEWAY NEW ENERGY TECHNICAL CO.,LTD. +OUI:8C1F64ED9* + ID_OUI_FROM_DATABASE=NETGEN HITECH SOLUTIONS LLP + +OUI:8C1F64EE0* + ID_OUI_FROM_DATABASE=Private + OUI:8C1F64EE8* ID_OUI_FROM_DATABASE=Global Organ Group B.V. +OUI:8C1F64EEA* + ID_OUI_FROM_DATABASE=AMESS + OUI:8C1F64EEF* ID_OUI_FROM_DATABASE=AiUnion Co.,Ltd @@ -89303,18 +91448,36 @@ OUI:8C1F64F04* OUI:8C1F64F25* ID_OUI_FROM_DATABASE=Misaka Network, Inc. +OUI:8C1F64F27* + ID_OUI_FROM_DATABASE=Tesat-Spacecom GmbH & Co. KG + +OUI:8C1F64F2C* + ID_OUI_FROM_DATABASE=Tunstall A/S + OUI:8C1F64F31* ID_OUI_FROM_DATABASE=International Water Treatment Maritime AS OUI:8C1F64F32* ID_OUI_FROM_DATABASE=Shenzhen INVT Electric Co.,Ltd +OUI:8C1F64F3C* + ID_OUI_FROM_DATABASE=Microlynx Systems Ltd + OUI:8C1F64F3F* ID_OUI_FROM_DATABASE=Industrial Laser Machines, LLC OUI:8C1F64F41* ID_OUI_FROM_DATABASE=AUTOMATIZACION Y CONECTIVIDAD SA DE CV +OUI:8C1F64F45* + ID_OUI_FROM_DATABASE=JBF + +OUI:8C1F64F4E* + ID_OUI_FROM_DATABASE=ADAMCZEWSKI elektronische Messtechnik GmbH + +OUI:8C1F64F52* + ID_OUI_FROM_DATABASE=AMF Medical SA + OUI:8C1F64F59* ID_OUI_FROM_DATABASE=Inovonics Inc. @@ -89322,7 +91485,10 @@ OUI:8C1F64F5A* ID_OUI_FROM_DATABASE=Telco Antennas Pty Ltd OUI:8C1F64F5C* - ID_OUI_FROM_DATABASE=Flextronics International Kft. + ID_OUI_FROM_DATABASE=Flextronics International Kft + +OUI:8C1F64F65* + ID_OUI_FROM_DATABASE=Talleres de Escoriaza SA OUI:8C1F64F72* ID_OUI_FROM_DATABASE=Contrader @@ -89333,6 +91499,9 @@ OUI:8C1F64F74* OUI:8C1F64F78* ID_OUI_FROM_DATABASE=Ternary Research Corporation +OUI:8C1F64F7A* + ID_OUI_FROM_DATABASE=SiEngine Technology Co., Ltd. + OUI:8C1F64F86* ID_OUI_FROM_DATABASE=INFOSTECH Co., Ltd. @@ -89345,12 +91514,27 @@ OUI:8C1F64F96* OUI:8C1F64F9E* ID_OUI_FROM_DATABASE=DREAMSWELL Technology CO.,Ltd +OUI:8C1F64FA2* + ID_OUI_FROM_DATABASE=AZD Praha s.r.o., ZOZ Olomouc + +OUI:8C1F64FA8* + ID_OUI_FROM_DATABASE=Unitron Systems b.v. + +OUI:8C1F64FAA* + ID_OUI_FROM_DATABASE=Massar Networks + OUI:8C1F64FB0* ID_OUI_FROM_DATABASE=MARIAN GmbH OUI:8C1F64FB1* ID_OUI_FROM_DATABASE=ABB +OUI:8C1F64FB7* + ID_OUI_FROM_DATABASE=Grace Design/Lunatec LLC + +OUI:8C1F64FBA* + ID_OUI_FROM_DATABASE=Onto Innovation + OUI:8C1F64FBD* ID_OUI_FROM_DATABASE=SAN-AI Electronic Industries Co.,Ltd. @@ -89363,12 +91547,24 @@ OUI:8C1F64FD1* OUI:8C1F64FD3* ID_OUI_FROM_DATABASE=SMILICS TECHNOLOGIES, S.L. +OUI:8C1F64FD4* + ID_OUI_FROM_DATABASE=EMBSYS SISTEMAS EMBARCADOS + OUI:8C1F64FE0* ID_OUI_FROM_DATABASE=Potter Electric Signal Company OUI:8C1F64FE3* ID_OUI_FROM_DATABASE=Power Electronics Espana, S.L. +OUI:8C1F64FED* + ID_OUI_FROM_DATABASE=GSP Sprachtechnologie GmbH + +OUI:8C1F64FF4* + ID_OUI_FROM_DATABASE=SMS group GmbH + +OUI:8C1F64FF6* + ID_OUI_FROM_DATABASE=Ascon Tecnologic S.r.l. + OUI:8C1F94* ID_OUI_FROM_DATABASE=RF Surgical System Inc. @@ -89378,6 +91574,9 @@ OUI:8C210A* OUI:8C2505* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:8C255E* + ID_OUI_FROM_DATABASE=VoltServer + OUI:8C271D* ID_OUI_FROM_DATABASE=QuantHouse @@ -89525,6 +91724,9 @@ OUI:8C4962* OUI:8C497A* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. +OUI:8C49B6* + ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. + OUI:8C4AEE* ID_OUI_FROM_DATABASE=GIGA TMS INC @@ -89549,6 +91751,51 @@ OUI:8C4DEA* OUI:8C5105* ID_OUI_FROM_DATABASE=Shenzhen ireadygo Information Technology CO.,LTD. +OUI:8C51090* + ID_OUI_FROM_DATABASE=TianJin JointOptic Technology Co., LTD. + +OUI:8C51091* + ID_OUI_FROM_DATABASE=Amzetta Technologies, LLC + +OUI:8C51092* + ID_OUI_FROM_DATABASE=PROCET Technology Co., Ltd(HK) + +OUI:8C51093* + ID_OUI_FROM_DATABASE=SHENZHEN LDROBOT CO., LTD. + +OUI:8C51094* + ID_OUI_FROM_DATABASE=Shenzhen WOWOTO Technology Co., Ltd. + +OUI:8C51095* + ID_OUI_FROM_DATABASE=Heliox Automotive B.V. + +OUI:8C51096* + ID_OUI_FROM_DATABASE=Avxav Electronic Trading LLC + +OUI:8C51097* + ID_OUI_FROM_DATABASE=ENPLUG Co., Ltd. + +OUI:8C51098* + ID_OUI_FROM_DATABASE=nerospec + +OUI:8C51099* + ID_OUI_FROM_DATABASE=Frontmatec + +OUI:8C5109A* + ID_OUI_FROM_DATABASE=SERNET (SUZHOU) TECHNOLOGIES CORPORATION + +OUI:8C5109B* + ID_OUI_FROM_DATABASE=Beijing Superhexa Century Technology Co., Ltd. + +OUI:8C5109C* + ID_OUI_FROM_DATABASE=SpotterRF LLC + +OUI:8C5109D* + ID_OUI_FROM_DATABASE=Surpedia Technologies Co., Ltd. + +OUI:8C5109E* + ID_OUI_FROM_DATABASE=IROOTELLUCKY Corp. + OUI:8C53C3* ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd @@ -89720,6 +91967,9 @@ OUI:8C6A8D* OUI:8C6AE4* ID_OUI_FROM_DATABASE=Viogem Limited +OUI:8C6BDB* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:8C6D50* ID_OUI_FROM_DATABASE=SHENZHEN MTC CO LTD @@ -89744,6 +91994,9 @@ OUI:8C736E* OUI:8C73A0* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD +OUI:8C763F* + ID_OUI_FROM_DATABASE=ARRIS Group, Inc. + OUI:8C76C1* ID_OUI_FROM_DATABASE=Goden Tech Limited @@ -89903,6 +92156,9 @@ OUI:8C965F* OUI:8C97EA* ID_OUI_FROM_DATABASE=FREEBOX SAS +OUI:8C9806* + ID_OUI_FROM_DATABASE=SHENZHEN SEI ROBOTICS CO.,LTD + OUI:8C99E6* ID_OUI_FROM_DATABASE=TCT mobile ltd @@ -90107,6 +92363,9 @@ OUI:8CC8F4D* OUI:8CC8F4E* ID_OUI_FROM_DATABASE=Evaporcool Solutions +OUI:8CCBDF* + ID_OUI_FROM_DATABASE=FOXCONN INTERCONNECT TECHNOLOGY + OUI:8CCDA2* ID_OUI_FROM_DATABASE=ACTP, Inc. @@ -90303,7 +92562,7 @@ OUI:90013B* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS OUI:900218* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:90027A* ID_OUI_FROM_DATABASE=Shenzhen Sworix Techonlogy Co., Ltd @@ -90435,7 +92694,7 @@ OUI:9020C2* ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company OUI:902106* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:902155* ID_OUI_FROM_DATABASE=HTC Corporation @@ -90443,6 +92702,9 @@ OUI:902155* OUI:902181* ID_OUI_FROM_DATABASE=Shanghai Huaqin Telecom Technology Co.,Ltd +OUI:90235B* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:9023B4* ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd @@ -90467,6 +92729,9 @@ OUI:902BD2* OUI:902CC7* ID_OUI_FROM_DATABASE=C-MAX Asia Limited +OUI:902CFB* + ID_OUI_FROM_DATABASE=CanTops Co,.Ltd. + OUI:902E16* ID_OUI_FROM_DATABASE=LCFC(HeFei) Electronics Technology co., ltd @@ -90560,9 +92825,15 @@ OUI:904716* OUI:90473C* ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. +OUI:90486C* + ID_OUI_FROM_DATABASE=Ring LLC + OUI:90489A* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:904992* + ID_OUI_FROM_DATABASE=YSTen Technology Co.,Ltd + OUI:9049FA* ID_OUI_FROM_DATABASE=Intel Corporate @@ -90674,6 +92945,9 @@ OUI:905C44* OUI:905D7C* ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd +OUI:905E44* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:905F2E* ID_OUI_FROM_DATABASE=TCT mobile ltd @@ -90692,6 +92966,9 @@ OUI:9061AE* OUI:90633B* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:906560* + ID_OUI_FROM_DATABASE=EM Microelectronic + OUI:906717* ID_OUI_FROM_DATABASE=Alphion India Private Limited @@ -90713,6 +92990,9 @@ OUI:906976* OUI:906A94* ID_OUI_FROM_DATABASE=hangzhou huacheng network technology co., ltd +OUI:906AEB* + ID_OUI_FROM_DATABASE=Microsoft Corporation + OUI:906CAC* ID_OUI_FROM_DATABASE=Fortinet, Inc. @@ -90770,6 +93050,9 @@ OUI:907910* OUI:907990* ID_OUI_FROM_DATABASE=Benchmark Electronics Romania SRL +OUI:9079CF* + ID_OUI_FROM_DATABASE=zte corporation + OUI:907A0A* ID_OUI_FROM_DATABASE=Gebr. Bode GmbH & Co KG @@ -90875,6 +93158,9 @@ OUI:909164* OUI:9092B4* ID_OUI_FROM_DATABASE=Diehl BGT Defence GmbH & Co. KG +OUI:90935A* + ID_OUI_FROM_DATABASE=ARRIS Group, Inc. + OUI:90940A* ID_OUI_FROM_DATABASE=Analog Devices, Inc @@ -91109,6 +93395,9 @@ OUI:90CC24* OUI:90CCDF* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:90CD1F* + ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd. + OUI:90CDB6* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. @@ -91124,6 +93413,9 @@ OUI:90CF7D* OUI:90D11B* ID_OUI_FROM_DATABASE=Palomar Medical Technologies +OUI:90D473* + ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. + OUI:90D74F* ID_OUI_FROM_DATABASE=Bookeen @@ -91157,6 +93449,9 @@ OUI:90DD5D* OUI:90DE80* ID_OUI_FROM_DATABASE=Shenzhen Century Xinyang Technology Co., Ltd +OUI:90DF7D* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:90DFB7* ID_OUI_FROM_DATABASE=s.m.s smart microwave sensors GmbH @@ -91292,9 +93587,15 @@ OUI:90F652* OUI:90F72F* ID_OUI_FROM_DATABASE=Phillips Machine & Welding Co., Inc. +OUI:90F7B2* + ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd + OUI:90F891* ID_OUI_FROM_DATABASE=Kaonmedia CO., LTD. +OUI:90F970* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:90F9B7* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -91331,6 +93632,9 @@ OUI:9400B0* OUI:940149* ID_OUI_FROM_DATABASE=AutoHotBox +OUI:9401AC* + ID_OUI_FROM_DATABASE=Wuhan Qianyang Iotian Technology Co., Ltd + OUI:9401C2* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -91400,6 +93704,9 @@ OUI:9408C7* OUI:940937* ID_OUI_FROM_DATABASE=HUMAX Co., Ltd. +OUI:9409C9* + ID_OUI_FROM_DATABASE=ALPSALPINE CO .,LTD + OUI:9409D3* ID_OUI_FROM_DATABASE=shenzhen maxtopic technology co.,ltd @@ -91487,6 +93794,9 @@ OUI:942790* OUI:94282E* ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd +OUI:94286F* + ID_OUI_FROM_DATABASE=zte corporation + OUI:94290C* ID_OUI_FROM_DATABASE=Shenyang wisdom Foundation Technology Development Co., Ltd. @@ -91598,6 +93908,9 @@ OUI:944A09* OUI:944A0C* ID_OUI_FROM_DATABASE=Sercomm Corporation. +OUI:944E5B* + ID_OUI_FROM_DATABASE=Ubee Interactive Co., Limited + OUI:944F4C* ID_OUI_FROM_DATABASE=Sound United LLC @@ -91616,6 +93929,9 @@ OUI:94513D* OUI:9451BF* ID_OUI_FROM_DATABASE=Hyundai ESG +OUI:945244* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:945330* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. @@ -91886,6 +94202,9 @@ OUI:94AAB8* OUI:94ABDE* ID_OUI_FROM_DATABASE=OMX Technology - FZE +OUI:94ABFE* + ID_OUI_FROM_DATABASE=Nokia + OUI:94ACCA* ID_OUI_FROM_DATABASE=trivum technologies GmbH @@ -91982,6 +94301,9 @@ OUI:94C3E4* OUI:94C4E9* ID_OUI_FROM_DATABASE=PowerLayer Microsystems HongKong Limited +OUI:94C5A6* + ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED + OUI:94C691* ID_OUI_FROM_DATABASE=EliteGroup Computer Systems Co., LTD @@ -92120,6 +94442,9 @@ OUI:94D299* OUI:94D2BC* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:94D331* + ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd + OUI:94D417* ID_OUI_FROM_DATABASE=GPI KOREA INC. @@ -92579,6 +94904,9 @@ OUI:98234E* OUI:98262A* ID_OUI_FROM_DATABASE=Applied Research Associates, Inc +OUI:9826AD* + ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd. + OUI:9827820* ID_OUI_FROM_DATABASE=SHENZHEN HEROFUN BIO-TECH CO., LTD @@ -92801,6 +95129,9 @@ OUI:985945* OUI:985949* ID_OUI_FROM_DATABASE=LUXOTTICA GROUP S.P.A. +OUI:98597A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:985AEB* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -93173,6 +95504,9 @@ OUI:989D5D* OUI:989E63* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:98A2C0* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:98A404* ID_OUI_FROM_DATABASE=Ericsson AB @@ -93185,6 +95519,9 @@ OUI:98A5F9* OUI:98A7B0* ID_OUI_FROM_DATABASE=MCST ZAO +OUI:98A92D* + ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd + OUI:98A942* ID_OUI_FROM_DATABASE=Guangzhou Tozed Kangwei Intelligent Technology Co., LTD @@ -93308,6 +95645,9 @@ OUI:98C5DB* OUI:98C7A4* ID_OUI_FROM_DATABASE=Shenzhen HS Fiber Communication Equipment CO., LTD +OUI:98C81C* + ID_OUI_FROM_DATABASE=BAYTEC LIMITED + OUI:98C845* ID_OUI_FROM_DATABASE=PacketAccess @@ -93365,12 +95705,18 @@ OUI:98D6BB* OUI:98D6F7* ID_OUI_FROM_DATABASE=LG Electronics (Mobile Communications) +OUI:98D742* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:98D863* ID_OUI_FROM_DATABASE=Shanghai High-Flying Electronics Technology Co., Ltd OUI:98D88C* ID_OUI_FROM_DATABASE=Nortel Networks +OUI:98D93D* + ID_OUI_FROM_DATABASE=Demant Enterprise A/S + OUI:98DA92* ID_OUI_FROM_DATABASE=Vuzix Corporation @@ -93449,6 +95795,9 @@ OUI:98F083* OUI:98F0AB* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:98F112* + ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. + OUI:98F170* ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. @@ -93689,6 +96038,9 @@ OUI:9C1E95* OUI:9C1EA4* ID_OUI_FROM_DATABASE=Renesas Electronics (Penang) Sdn. Bhd. +OUI:9C1FCA* + ID_OUI_FROM_DATABASE=Hangzhou AlmightyDigit Technology Co., Ltd + OUI:9C1FDD* ID_OUI_FROM_DATABASE=Accupix Inc. @@ -93698,6 +96050,9 @@ OUI:9C207B* OUI:9C216A* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. +OUI:9C2183* + ID_OUI_FROM_DATABASE=Broadcom Limited + OUI:9C220E* ID_OUI_FROM_DATABASE=TASCAN Systems GmbH @@ -93740,6 +96095,9 @@ OUI:9C2BA6* OUI:9C2DCF* ID_OUI_FROM_DATABASE=Shishi Tongyun Technology(Chengdu)Co.,Ltd. +OUI:9C2E7A* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:9C2EA1* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd @@ -93765,7 +96123,7 @@ OUI:9C31B6* ID_OUI_FROM_DATABASE=Kulite Semiconductor Products Inc OUI:9C31C3* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:9C32A9* ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD @@ -93852,7 +96210,7 @@ OUI:9C431ED* ID_OUI_FROM_DATABASE=HK ELEPHONE Communication Tech Co.,Limited OUI:9C431EE* - ID_OUI_FROM_DATABASE=Phoenix Audio Technologies + ID_OUI_FROM_DATABASE=SHURE INCORPORATED OUI:9C443D* ID_OUI_FROM_DATABASE=CHENGDU XUGUANG TECHNOLOGY CO, LTD @@ -93888,7 +96246,7 @@ OUI:9C4EBF* ID_OUI_FROM_DATABASE=BoxCast OUI:9C4F5F* - ID_OUI_FROM_DATABASE=TAP Sound System + ID_OUI_FROM_DATABASE=Google, Inc. OUI:9C4FCF* ID_OUI_FROM_DATABASE=TCT mobile ltd @@ -93935,6 +96293,9 @@ OUI:9C5711* OUI:9C57AD* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:9C57BC* + ID_OUI_FROM_DATABASE=eero inc. + OUI:9C583C* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -94205,9 +96566,15 @@ OUI:9C93B0* OUI:9C93E4* ID_OUI_FROM_DATABASE=Private +OUI:9C9561* + ID_OUI_FROM_DATABASE=Hui Zhou Gaoshengda Technology Co.,LTD + OUI:9C9567* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:9C956E* + ID_OUI_FROM_DATABASE=Microchip Technology Inc. + OUI:9C95F8* ID_OUI_FROM_DATABASE=SmartDoor Systems, LLC @@ -94253,6 +96620,9 @@ OUI:9CA10A* OUI:9CA134* ID_OUI_FROM_DATABASE=Nike, Inc. +OUI:9CA2F4* + ID_OUI_FROM_DATABASE=TP-Link Corporation Limited + OUI:9CA3A9* ID_OUI_FROM_DATABASE=Guangzhou Juan Optical and Electronical Tech Joint Stock Co., Ltd @@ -94346,6 +96716,9 @@ OUI:9CBD9D* OUI:9CBEE0* ID_OUI_FROM_DATABASE=Biosoundlab Co., Ltd. +OUI:9CBFCD* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:9CC077* ID_OUI_FROM_DATABASE=PrintCounts, LLC @@ -94439,6 +96812,9 @@ OUI:9CDF03* OUI:9CDFB1* ID_OUI_FROM_DATABASE=Shenzhen Crave Communication Co., LTD +OUI:9CE041* + ID_OUI_FROM_DATABASE=Nokia + OUI:9CE063* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -94898,6 +97274,9 @@ OUI:A028ED* OUI:A02919* ID_OUI_FROM_DATABASE=Dell Inc. +OUI:A02942* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:A029BD* ID_OUI_FROM_DATABASE=Team Group Inc @@ -94928,6 +97307,9 @@ OUI:A03679* OUI:A0369F* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:A036BC* + ID_OUI_FROM_DATABASE=ASUSTek COMPUTER INC. + OUI:A036F0* ID_OUI_FROM_DATABASE=Comprehensive Power @@ -95042,6 +97424,9 @@ OUI:A0423F* OUI:A04246* ID_OUI_FROM_DATABASE=IT Telecom Co., Ltd. +OUI:A042D1* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:A043B0* ID_OUI_FROM_DATABASE=Hangzhou BroadLink Technology Co.,Ltd @@ -95051,6 +97436,9 @@ OUI:A043DB* OUI:A0445C* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:A04466* + ID_OUI_FROM_DATABASE=Intellics + OUI:A047D7* ID_OUI_FROM_DATABASE=Best IT World (India) Pvt Ltd @@ -95273,6 +97661,9 @@ OUI:A086EC* OUI:A08869* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:A0889D* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:A088B4* ID_OUI_FROM_DATABASE=Intel Corporate @@ -95459,6 +97850,9 @@ OUI:A0B5DA* OUI:A0B662* ID_OUI_FROM_DATABASE=Acutvista Innovation Co., Ltd. +OUI:A0B765* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:A0B8F8* ID_OUI_FROM_DATABASE=Amgen U.S.A. Inc. @@ -95520,7 +97914,7 @@ OUI:A0BD1D* ID_OUI_FROM_DATABASE=Zhejiang Dahua Technology Co., Ltd. OUI:A0BDCD* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:A0BF50* ID_OUI_FROM_DATABASE=S.C. ADD-PRODUCTION S.R.L. @@ -95591,6 +97985,9 @@ OUI:A0C5F2E* OUI:A0C6EC* ID_OUI_FROM_DATABASE=ShenZhen ANYK Technology Co.,LTD +OUI:A0C98B* + ID_OUI_FROM_DATABASE=Nokia Solutions and Networks GmbH & Co. KG + OUI:A0C9A0* ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. @@ -95603,6 +98000,9 @@ OUI:A0CBFD* OUI:A0CC2B* ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. +OUI:A0CDF3* + ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. + OUI:A0CEC8* ID_OUI_FROM_DATABASE=CE LINK LIMITED @@ -95729,6 +98129,9 @@ OUI:A0ECF9* OUI:A0EDCD* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:A0EDFB* + ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd. + OUI:A0EF84* ID_OUI_FROM_DATABASE=Seine Image Int'l Co., Ltd @@ -95768,6 +98171,9 @@ OUI:A0F9B7* OUI:A0F9E0* ID_OUI_FROM_DATABASE=VIVATEL COMPANY LIMITED +OUI:A0FB83* + ID_OUI_FROM_DATABASE=Honor Device Co., Ltd. + OUI:A0FBC5* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -95840,6 +98246,9 @@ OUI:A40DBC* OUI:A40E2B* ID_OUI_FROM_DATABASE=Facebook Inc +OUI:A40F98* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:A41115* ID_OUI_FROM_DATABASE=Robert Bosch Engineering and Business Solutions pvt. Ltd. @@ -95942,6 +98351,9 @@ OUI:A41B34* OUI:A41BC0* ID_OUI_FROM_DATABASE=Fastec Imaging Corporation +OUI:A41EE1* + ID_OUI_FROM_DATABASE=Taicang T&W Electronics + OUI:A41F72* ID_OUI_FROM_DATABASE=Dell Inc. @@ -96398,6 +98810,9 @@ OUI:A470D6* OUI:A47174* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:A475B9* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:A47733* ID_OUI_FROM_DATABASE=Google, Inc. @@ -96455,6 +98870,9 @@ OUI:A47E36* OUI:A47E39* ID_OUI_FROM_DATABASE=zte corporation +OUI:A47EFA* + ID_OUI_FROM_DATABASE=Withings + OUI:A4817A* ID_OUI_FROM_DATABASE=CIG SHANGHAI CO LTD @@ -96497,6 +98915,9 @@ OUI:A48E0A* OUI:A49005* ID_OUI_FROM_DATABASE=CHINA GREATWALL COMPUTER SHENZHEN CO.,LTD +OUI:A490CE* + ID_OUI_FROM_DATABASE=vivo Mobile Communication Co., Ltd. + OUI:A491B1* ID_OUI_FROM_DATABASE=Technicolor Delivery Technologies Belgium NV @@ -96600,10 +99021,10 @@ OUI:A4ADB8* ID_OUI_FROM_DATABASE=Vitec Group, Camera Dynamics Ltd OUI:A4AE11* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:A4AE12* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:A4AE9A* ID_OUI_FROM_DATABASE=Maestro Wireless Solutions ltd. @@ -96734,6 +99155,9 @@ OUI:A4CEDA* OUI:A4CF12* ID_OUI_FROM_DATABASE=Espressif Inc. +OUI:A4CF99* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:A4CFD2* ID_OUI_FROM_DATABASE=Ubee Interactive Co., Limited @@ -96845,6 +99269,9 @@ OUI:A4DB30* OUI:A4DCBE* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:A4DD58* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:A4DE26* ID_OUI_FROM_DATABASE=Sumitomo Electric Industries, Ltd @@ -96989,6 +99416,9 @@ OUI:A4F522* OUI:A4F7D0* ID_OUI_FROM_DATABASE=LAN Accessories Co., Ltd. +OUI:A4F933* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:A4F9E4* ID_OUI_FROM_DATABASE=AirVine Scientific, Inc. @@ -97223,6 +99653,9 @@ OUI:A84122* OUI:A842A7* ID_OUI_FROM_DATABASE=Jiangsu Huitong Group Co.,Ltd. +OUI:A842E3* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:A84397* ID_OUI_FROM_DATABASE=Innogrit Corporation @@ -97274,6 +99707,9 @@ OUI:A85081* OUI:A8515B* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:A851AB* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:A8537D* ID_OUI_FROM_DATABASE=Mist Systems, Inc. @@ -97469,6 +99905,9 @@ OUI:A8776F* OUI:A877E5* ID_OUI_FROM_DATABASE=SHENZHEN CHUANGWEI-RGB ELECTRONICS CO.,LTD +OUI:A8798D* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:A87B39* ID_OUI_FROM_DATABASE=Nokia Corporation @@ -97625,6 +100064,9 @@ OUI:A8A159* OUI:A8A198* ID_OUI_FROM_DATABASE=TCT mobile ltd +OUI:A8A237* + ID_OUI_FROM_DATABASE=Arcadyan Corporation + OUI:A8A5E2* ID_OUI_FROM_DATABASE=MSF-Vathauer Antriebstechnik GmbH & Co KG @@ -97644,7 +100086,10 @@ OUI:A8B088* ID_OUI_FROM_DATABASE=eero inc. OUI:A8B0AE* - ID_OUI_FROM_DATABASE=LEONI + ID_OUI_FROM_DATABASE=BizLink Special Cables Germany GmbH + +OUI:A8B13B* + ID_OUI_FROM_DATABASE=HP Inc. OUI:A8B1D4* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -97709,6 +100154,9 @@ OUI:A8C83A* OUI:A8C87F* ID_OUI_FROM_DATABASE=Roqos, Inc. +OUI:A8C98A* + ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd + OUI:A8CA7B* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -97772,9 +100220,15 @@ OUI:A8DA0C* OUI:A8DB03* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO-MECHANICS(THAILAND) +OUI:A8DE68* + ID_OUI_FROM_DATABASE=Beijing Wide Technology Co.,Ltd + OUI:A8E018* ID_OUI_FROM_DATABASE=Nokia Corporation +OUI:A8E207* + ID_OUI_FROM_DATABASE=GOIP Global Services Pvt. Ltd. + OUI:A8E2C1* ID_OUI_FROM_DATABASE=Texas Instruments @@ -97838,6 +100292,9 @@ OUI:A8F5DD* OUI:A8F766* ID_OUI_FROM_DATABASE=ITE Tech Inc +OUI:A8F7D9* + ID_OUI_FROM_DATABASE=Mist Systems, Inc. + OUI:A8F7E0* ID_OUI_FROM_DATABASE=PLANET Technology Corporation @@ -97940,6 +100397,9 @@ OUI:AC14D2* OUI:AC1585* ID_OUI_FROM_DATABASE=silergy corp +OUI:AC15A2* + ID_OUI_FROM_DATABASE=TP-Link Corporation Limited + OUI:AC15F4* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -97955,6 +100415,9 @@ OUI:AC17C8* OUI:AC1826* ID_OUI_FROM_DATABASE=Seiko Epson Corporation +OUI:AC198E* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:AC199F* ID_OUI_FROM_DATABASE=SUNGROW POWER SUPPLY CO.,LTD. @@ -98054,12 +100517,18 @@ OUI:AC2334* OUI:AC233F* ID_OUI_FROM_DATABASE=Shenzhen Minew Technologies Co., Ltd. +OUI:AC2929* + ID_OUI_FROM_DATABASE=Infinix mobility limited + OUI:AC293A* ID_OUI_FROM_DATABASE=Apple, Inc. OUI:AC2A0C* ID_OUI_FROM_DATABASE=CSR ZHUZHOU INSTITUTE CO.,LTD. +OUI:AC2AA1* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:AC2B6E* ID_OUI_FROM_DATABASE=Intel Corporate @@ -98180,6 +100649,9 @@ OUI:AC4D16* OUI:AC4E2E* ID_OUI_FROM_DATABASE=Shenzhen JingHanDa Electronics Co.Ltd +OUI:AC4E65* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:AC4E91* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -98201,6 +100673,9 @@ OUI:AC512C* OUI:AC5135* ID_OUI_FROM_DATABASE=MPI TECH +OUI:AC51AB* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:AC51EE* ID_OUI_FROM_DATABASE=Cambridge Communication Systems Ltd @@ -98231,6 +100706,9 @@ OUI:AC5A14* OUI:AC5AEE* ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. +OUI:AC5AF0* + ID_OUI_FROM_DATABASE=LG Electronics + OUI:AC5AFC* ID_OUI_FROM_DATABASE=Intel Corporate @@ -98252,6 +100730,9 @@ OUI:AC5F3E* OUI:AC5FEA* ID_OUI_FROM_DATABASE=OnePlus Technology (Shenzhen) Co., Ltd +OUI:AC606F* + ID_OUI_FROM_DATABASE=Nokia Shanghai Bell Co., Ltd. + OUI:AC6089* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -98375,6 +100856,9 @@ OUI:AC6FD9* OUI:AC710C* ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. +OUI:AC712E* + ID_OUI_FROM_DATABASE=Fortinet, Inc. + OUI:AC7236* ID_OUI_FROM_DATABASE=Lexking Technology Co., Ltd. @@ -98454,7 +100938,7 @@ OUI:AC83E9* ID_OUI_FROM_DATABASE=Beijing Zile Technology Co., Ltd OUI:AC83F0* - ID_OUI_FROM_DATABASE=ImmediaTV Corporation + ID_OUI_FROM_DATABASE=Cobalt Digital Inc. OUI:AC83F3* ID_OUI_FROM_DATABASE=AMPAK Technology, Inc. @@ -98501,6 +100985,9 @@ OUI:AC8D14* OUI:AC8D34* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:AC8FA9* + ID_OUI_FROM_DATABASE=Nokia Solutions and Networks GmbH & Co. KG + OUI:AC8FF8* ID_OUI_FROM_DATABASE=Nokia @@ -98513,6 +101000,9 @@ OUI:AC9232* OUI:AC932F* ID_OUI_FROM_DATABASE=Nokia Corporation +OUI:AC936A* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:AC93C4* ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd. @@ -98558,6 +101048,9 @@ OUI:ACA22C* OUI:ACA31E* ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company +OUI:ACA32F* + ID_OUI_FROM_DATABASE=Solidigm Technology + OUI:ACA430* ID_OUI_FROM_DATABASE=Peerless AV @@ -98603,6 +101096,9 @@ OUI:ACB313* OUI:ACB3B5* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:ACB566* + ID_OUI_FROM_DATABASE=Renesas Electronics (Penang) Sdn. Bhd. + OUI:ACB57D* ID_OUI_FROM_DATABASE=Liteon Technology Corporation @@ -98636,6 +101132,9 @@ OUI:ACBE75* OUI:ACBEB6* ID_OUI_FROM_DATABASE=Visualedge Technology Co., Ltd. +OUI:ACBF71* + ID_OUI_FROM_DATABASE=Bose Corporation + OUI:ACC1EE* ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd @@ -98651,6 +101150,9 @@ OUI:ACC33A* OUI:ACC358* ID_OUI_FROM_DATABASE=Continental Automotive Czech Republic s.r.o. +OUI:ACC4BD* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:ACC51B* ID_OUI_FROM_DATABASE=Zhuhai Pantum Electronics Co., Ltd. @@ -98690,6 +101192,9 @@ OUI:ACCB51* OUI:ACCC8E* ID_OUI_FROM_DATABASE=Axis Communications AB +OUI:ACCCFC* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:ACCE8F* ID_OUI_FROM_DATABASE=HWA YAO TECHNOLOGIES CO., LTD @@ -98711,6 +101216,9 @@ OUI:ACD180* OUI:ACD1B8* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:ACD31D* + ID_OUI_FROM_DATABASE=Cisco Meraki + OUI:ACD364* ID_OUI_FROM_DATABASE=ABB SPA, ABB SACE DIV. @@ -98744,6 +101252,9 @@ OUI:ACDCE5* OUI:ACDE48* ID_OUI_FROM_DATABASE=Private +OUI:ACDF9F* + ID_OUI_FROM_DATABASE=Arcadyan Corporation + OUI:ACE010* ID_OUI_FROM_DATABASE=Liteon Technology Corporation @@ -98990,9 +101501,15 @@ OUI:B01F81E* OUI:B01F81F* ID_OUI_FROM_DATABASE=Private +OUI:B01F8C* + ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company + OUI:B0227A* ID_OUI_FROM_DATABASE=HP Inc. +OUI:B02347* + ID_OUI_FROM_DATABASE=Shenzhen Giant Microelectronics Company Limited + OUI:B02491* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -99011,6 +101528,9 @@ OUI:B02680* OUI:B027CF* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. +OUI:B0285B* + ID_OUI_FROM_DATABASE=JUHUA Technology Inc. + OUI:B02A1F* ID_OUI_FROM_DATABASE=Wingtech Group (HongKong)Limited @@ -99056,6 +101576,9 @@ OUI:B03850* OUI:B03893* ID_OUI_FROM_DATABASE=Onda TLC GmbH +OUI:B038E2* + ID_OUI_FROM_DATABASE=Wanan Hongsheng Electronic Co.Ltd + OUI:B03956* ID_OUI_FROM_DATABASE=NETGEAR @@ -99072,11 +101595,14 @@ OUI:B03DC2* ID_OUI_FROM_DATABASE=Wasp artificial intelligence(Shenzhen) Co.,ltd OUI:B03E51* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:B03EB0* ID_OUI_FROM_DATABASE=MICRODIA Ltd. +OUI:B03F64* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:B04089* ID_OUI_FROM_DATABASE=Senient Systems LTD @@ -99102,7 +101628,7 @@ OUI:B04519* ID_OUI_FROM_DATABASE=TCT mobile ltd OUI:B04530* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:B04545* ID_OUI_FROM_DATABASE=YACOUB Automation GmbH @@ -99128,6 +101654,9 @@ OUI:B0495F* OUI:B04A39* ID_OUI_FROM_DATABASE=Beijing Roborock Technology Co., Ltd. +OUI:B04A6A* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:B04BBF* ID_OUI_FROM_DATABASE=PT HAN SUNG ELECTORONICS INDONESIA @@ -99221,6 +101750,9 @@ OUI:B06A41* OUI:B06CBF* ID_OUI_FROM_DATABASE=3ality Digital Systems GmbH +OUI:B06E72* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:B06EBF* ID_OUI_FROM_DATABASE=ASUSTek COMPUTER INC. @@ -99407,6 +101939,9 @@ OUI:B0A454* OUI:B0A460* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:B0A4F0* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:B0A651* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -99446,6 +101981,9 @@ OUI:B0ADAA* OUI:B0AE25* ID_OUI_FROM_DATABASE=Varikorea +OUI:B0AFF7* + ID_OUI_FROM_DATABASE=Shenzhen Yipingfang Network Technology Co., Ltd. + OUI:B0B113* ID_OUI_FROM_DATABASE=Texas Instruments @@ -99698,6 +102236,9 @@ OUI:B0DA00* OUI:B0DAF9* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. +OUI:B0DCEF* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:B0DD74* ID_OUI_FROM_DATABASE=Heimgard Technologies AS @@ -99725,6 +102266,9 @@ OUI:B0E2E5* OUI:B0E39D* ID_OUI_FROM_DATABASE=CAT SYSTEM CO.,LTD. +OUI:B0E45C* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:B0E4D5* ID_OUI_FROM_DATABASE=Google, Inc. @@ -99809,6 +102353,9 @@ OUI:B0F963* OUI:B0FAEB* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:B0FBDD* + ID_OUI_FROM_DATABASE=Shenzhen SuperElectron Technology Co.,Ltd. + OUI:B0FC0D* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -99947,9 +102494,15 @@ OUI:B4157E* OUI:B41780* ID_OUI_FROM_DATABASE=DTI Group Ltd +OUI:B417A8* + ID_OUI_FROM_DATABASE=Facebook Technologies, LLC + OUI:B418D1* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:B41974* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:B41A1D* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -100118,6 +102671,9 @@ OUI:B439D6* OUI:B43A28* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:B43AE2* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:B43D08* ID_OUI_FROM_DATABASE=GX International BV @@ -100142,6 +102698,9 @@ OUI:B44326* OUI:B44506* ID_OUI_FROM_DATABASE=Dell Inc. +OUI:B4466B* + ID_OUI_FROM_DATABASE=REALTIMEID AS + OUI:B4475E* ID_OUI_FROM_DATABASE=Avaya Inc @@ -100277,6 +102836,9 @@ OUI:B467E9* OUI:B46921* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:B4695F* + ID_OUI_FROM_DATABASE=TCT mobile ltd + OUI:B46BFC* ID_OUI_FROM_DATABASE=Intel Corporate @@ -100295,6 +102857,9 @@ OUI:B46E08* OUI:B46F2D* ID_OUI_FROM_DATABASE=Wahoo Fitness +OUI:B47064* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:B47356* ID_OUI_FROM_DATABASE=Hangzhou Treebear Networking Co., Ltd. @@ -100334,6 +102899,9 @@ OUI:B47C59* OUI:B47C9C* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. +OUI:B47D76* + ID_OUI_FROM_DATABASE=KNS Group LLC + OUI:B47F5E* ID_OUI_FROM_DATABASE=Foresight Manufacture (S) Pte Ltd @@ -100355,6 +102923,9 @@ OUI:B482C5* OUI:B482FE* ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP +OUI:B48351* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:B48547* ID_OUI_FROM_DATABASE=Amptown System Company GmbH @@ -100370,6 +102941,9 @@ OUI:B48901* OUI:B48910* ID_OUI_FROM_DATABASE=Coster T.E. S.P.A. +OUI:B48A0A* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:B48A5F* ID_OUI_FROM_DATABASE=Juniper Networks @@ -100418,6 +102992,9 @@ OUI:B49EAC* OUI:B49EE6* ID_OUI_FROM_DATABASE=SHENZHEN TECHNOLOGY CO LTD +OUI:B49F4D* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:B4A25C* ID_OUI_FROM_DATABASE=Cambium Networks Limited @@ -100487,6 +103064,12 @@ OUI:B4A5AC* OUI:B4A5EF* ID_OUI_FROM_DATABASE=Sercomm Corporation. +OUI:B4A678* + ID_OUI_FROM_DATABASE=Zhejiang Tmall Technology Co., Ltd. + +OUI:B4A7C6* + ID_OUI_FROM_DATABASE=SERVERCOM (INDIA) PRIVATE LIMITED + OUI:B4A828* ID_OUI_FROM_DATABASE=Shenzhen Concox Information Technology Co., Ltd @@ -100589,6 +103172,9 @@ OUI:B4BA02* OUI:B4BA12* ID_OUI_FROM_DATABASE=China Mobile (Hangzhou) Information Technology Co.,Ltd. +OUI:B4BA9D* + ID_OUI_FROM_DATABASE=SKY UK LIMITED + OUI:B4BC7C* ID_OUI_FROM_DATABASE=Texas Instruments @@ -100922,6 +103508,9 @@ OUI:B8208E* OUI:B820E7* ID_OUI_FROM_DATABASE=Guangzhou Horizontal Information & Network Integration Co. Ltd +OUI:B8211C* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:B8224F* ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD @@ -101024,6 +103613,9 @@ OUI:B83D4E* OUI:B83E59* ID_OUI_FROM_DATABASE=Roku, Inc. +OUI:B83FD2* + ID_OUI_FROM_DATABASE=Mellanox Technologies, Inc. + OUI:B8415F* ID_OUI_FROM_DATABASE=ASP AG @@ -101063,6 +103655,9 @@ OUI:B84FD5* OUI:B85001* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. +OUI:B850D8* + ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd + OUI:B853AC* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -101087,6 +103682,9 @@ OUI:B85810* OUI:B8599F* ID_OUI_FROM_DATABASE=Mellanox Technologies, Inc. +OUI:B859C8* + ID_OUI_FROM_DATABASE=70mai Co.,Ltd. + OUI:B859CE* ID_OUI_FROM_DATABASE=Earda Technologies co Ltd @@ -101102,6 +103700,9 @@ OUI:B85AFE* OUI:B85D0A* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:B85DC3* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:B85E7B* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -101198,6 +103799,9 @@ OUI:B87C6F* OUI:B87CF2* ID_OUI_FROM_DATABASE=Extreme Networks, Inc. +OUI:B87EE5* + ID_OUI_FROM_DATABASE=Intelbras + OUI:B88035* ID_OUI_FROM_DATABASE=Shenzhen Qihu Intelligent Technology Company Limited @@ -101276,6 +103880,9 @@ OUI:B88EDF* OUI:B88F14* ID_OUI_FROM_DATABASE=Analytica GmbH +OUI:B88F27* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:B88FB4* ID_OUI_FROM_DATABASE=JABIL CIRCUIT ITALIA S.R.L @@ -101348,6 +103955,9 @@ OUI:B89EA6* OUI:B89F09* ID_OUI_FROM_DATABASE=Wistron Neweb Corporation +OUI:B89FCC* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:B8A14A* ID_OUI_FROM_DATABASE=Raisecom Technology CO.,LTD @@ -101405,6 +104015,9 @@ OUI:B8B2F8* OUI:B8B3DC* ID_OUI_FROM_DATABASE=DEREK (SHAOGUAN) LIMITED +OUI:B8B409* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:B8B42E* ID_OUI_FROM_DATABASE=Gionee Communication Equipment Co,Ltd.ShenZhen @@ -101543,6 +104156,9 @@ OUI:B8D526* OUI:B8D56B* ID_OUI_FROM_DATABASE=Mirka Ltd. +OUI:B8D61A* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:B8D6F6* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -101675,6 +104291,9 @@ OUI:B8F009* OUI:B8F080* ID_OUI_FROM_DATABASE=SPS, INC. +OUI:B8F0B9* + ID_OUI_FROM_DATABASE=zte corporation + OUI:B8F12A* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -101717,6 +104336,9 @@ OUI:B8F8BE* OUI:B8F934* ID_OUI_FROM_DATABASE=Sony Corporation +OUI:B8FBAF* + ID_OUI_FROM_DATABASE=Xiamen IPRT Technology CO.,LTD + OUI:B8FC9A* ID_OUI_FROM_DATABASE=Le Shi Zhi Xin Electronic Technology (Tianjin) Limited @@ -101741,6 +104363,9 @@ OUI:BC0200* OUI:BC024A* ID_OUI_FROM_DATABASE=HMD Global Oy +OUI:BC0358* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:BC03A7* ID_OUI_FROM_DATABASE=MFP MICHELIN @@ -102038,6 +104663,9 @@ OUI:BC4A56* OUI:BC4B79* ID_OUI_FROM_DATABASE=SensingTek +OUI:BC4CA0* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:BC4CC4* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -102086,6 +104714,9 @@ OUI:BC5BD5* OUI:BC5C4C* ID_OUI_FROM_DATABASE=ELECOM CO.,LTD. +OUI:BC5DA3* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:BC5EA1* ID_OUI_FROM_DATABASE=PsiKick, Inc. @@ -102183,7 +104814,7 @@ OUI:BC6784* ID_OUI_FROM_DATABASE=Environics Oy OUI:BC69CB* - ID_OUI_FROM_DATABASE=Panasonic Life Solutions Networks Co., Ltd. + ID_OUI_FROM_DATABASE=Panasonic Electric Works Networks Co., Ltd. OUI:BC6A16* ID_OUI_FROM_DATABASE=tdvine @@ -102212,6 +104843,9 @@ OUI:BC6D05* OUI:BC6E64* ID_OUI_FROM_DATABASE=Sony Corporation +OUI:BC6E6D* + ID_OUI_FROM_DATABASE=EM Microelectronic + OUI:BC6E76* ID_OUI_FROM_DATABASE=Green Energy Options Ltd @@ -102260,6 +104894,9 @@ OUI:BC79AD* OUI:BC7ABF* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:BC7B72* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:BC7DD1* ID_OUI_FROM_DATABASE=Radio Data Comms @@ -102533,6 +105170,12 @@ OUI:BCC61A* OUI:BCC6DB* ID_OUI_FROM_DATABASE=Nokia Corporation +OUI:BCC746* + ID_OUI_FROM_DATABASE=Hon Hai Precision IND.CO.,LTD + +OUI:BCC7DA* + ID_OUI_FROM_DATABASE=Earda Technologies co Ltd + OUI:BCC810* ID_OUI_FROM_DATABASE=Cisco SPVTG @@ -102566,6 +105209,9 @@ OUI:BCD177* OUI:BCD1D3* ID_OUI_FROM_DATABASE=Shenzhen TINNO Mobile Technology Corp. +OUI:BCD206* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:BCD295* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -102629,6 +105275,9 @@ OUI:BCE796* OUI:BCE92F* ID_OUI_FROM_DATABASE=HP Inc. +OUI:BCE9E2* + ID_OUI_FROM_DATABASE=Brocade Communications Systems LLC + OUI:BCEA2B* ID_OUI_FROM_DATABASE=CityCom GmbH @@ -102668,6 +105317,9 @@ OUI:BCF310* OUI:BCF45F* ID_OUI_FROM_DATABASE=zte corporation +OUI:BCF4D4* + ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + OUI:BCF5AC* ID_OUI_FROM_DATABASE=LG Electronics (Mobile Communications) @@ -102680,12 +105332,18 @@ OUI:BCF685* OUI:BCF811* ID_OUI_FROM_DATABASE=Xiamen DNAKE Technology Co.,Ltd +OUI:BCF88B* + ID_OUI_FROM_DATABASE=zte corporation + OUI:BCF9F2* ID_OUI_FROM_DATABASE=TEKO OUI:BCFAB8* ID_OUI_FROM_DATABASE=Guangzhou Shiyuan Electronic Technology Company Limited +OUI:BCFAEB* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:BCFE8C* ID_OUI_FROM_DATABASE=Altronic, LLC @@ -102713,6 +105371,9 @@ OUI:C00380* OUI:C005C2* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. +OUI:C0060C* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:C006C3* ID_OUI_FROM_DATABASE=TP-Link Corporation Limited @@ -102897,7 +105558,10 @@ OUI:C03DD9* ID_OUI_FROM_DATABASE=MitraStar Technology Corp. OUI:C03E0F* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED + +OUI:C03E50* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD OUI:C03EBA* ID_OUI_FROM_DATABASE=Dell Inc. @@ -102962,6 +105626,9 @@ OUI:C04B13* OUI:C04DF7* ID_OUI_FROM_DATABASE=SERELEC +OUI:C04E30* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:C0517E* ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. @@ -103055,6 +105722,9 @@ OUI:C06599* OUI:C067AF* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:C06911* + ID_OUI_FROM_DATABASE=Arista Networks + OUI:C06B55* ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company @@ -103067,6 +105737,9 @@ OUI:C06C6D* OUI:C06D1A* ID_OUI_FROM_DATABASE=Tianjin Henxinhuifeng Technology Co.,Ltd. +OUI:C06DED* + ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. + OUI:C07009* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -103199,6 +105872,9 @@ OUI:C08C60* OUI:C08C71* ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company +OUI:C08D51* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:C08F20* ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd @@ -103298,6 +105974,9 @@ OUI:C09F05* OUI:C09F42* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:C09F51* + ID_OUI_FROM_DATABASE=SERNET (SUZHOU) TECHNOLOGIES CORPORATION + OUI:C09FE1* ID_OUI_FROM_DATABASE=zte corporation @@ -103326,7 +106005,7 @@ OUI:C0A364* ID_OUI_FROM_DATABASE=3D Systems Massachusetts OUI:C0A36E* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:C0A39E* ID_OUI_FROM_DATABASE=EarthCam, Inc. @@ -103346,12 +106025,18 @@ OUI:C0A66D* OUI:C0A8F0* ID_OUI_FROM_DATABASE=Adamson Systems Engineering +OUI:C0A938* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:C0AA68* ID_OUI_FROM_DATABASE=OSASI Technos Inc. OUI:C0AC54* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:C0AD97* + ID_OUI_FROM_DATABASE=TECNO MOBILE LIMITED + OUI:C0AEFD* ID_OUI_FROM_DATABASE=Shenzhen HC-WLAN Technology Co.,Ltd @@ -103412,6 +106097,9 @@ OUI:C0BFA7* OUI:C0BFC0* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:C0C170* + ID_OUI_FROM_DATABASE=Shenzhen SuperElectron Technology Co.,Ltd. + OUI:C0C1C0* ID_OUI_FROM_DATABASE=Cisco-Linksys, LLC @@ -103559,12 +106247,18 @@ OUI:C0DCD7* OUI:C0DCDA* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:C0DD8A* + ID_OUI_FROM_DATABASE=Facebook Technologies, LLC + OUI:C0DF77* ID_OUI_FROM_DATABASE=Conrad Electronic SE OUI:C0E018* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:C0E01C* + ID_OUI_FROM_DATABASE=IoT Security Group, SL + OUI:C0E1BE* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -103592,11 +106286,17 @@ OUI:C0E7BF* OUI:C0E862* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:C0E911* + ID_OUI_FROM_DATABASE=Private + OUI:C0EAE4* ID_OUI_FROM_DATABASE=Sonicwall +OUI:C0EDE5* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:C0EE40* - ID_OUI_FROM_DATABASE=Laird Technologies + ID_OUI_FROM_DATABASE=Laird Connectivity OUI:C0EEB5* ID_OUI_FROM_DATABASE=Enice Network. @@ -103787,6 +106487,9 @@ OUI:C411E0* OUI:C41234* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:C412EC* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:C412F5* ID_OUI_FROM_DATABASE=D-Link International @@ -103925,6 +106628,9 @@ OUI:C436DA* OUI:C43772* ID_OUI_FROM_DATABASE=Virtuozzo International GmbH +OUI:C43875* + ID_OUI_FROM_DATABASE=Sonos, Inc. + OUI:C438D3* ID_OUI_FROM_DATABASE=TAGATEC CO.,LTD @@ -103946,9 +106652,15 @@ OUI:C43ABE* OUI:C43C3C* ID_OUI_FROM_DATABASE=CYBELEC SA +OUI:C43CB0* + ID_OUI_FROM_DATABASE=SHENZHEN BILIAN ELECTRONIC CO.,LTD + OUI:C43CEA* ID_OUI_FROM_DATABASE=BUFFALO.INC +OUI:C43D1A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:C43DC7* ID_OUI_FROM_DATABASE=NETGEAR @@ -104402,6 +107114,51 @@ OUI:C49F4C* OUI:C49FF3* ID_OUI_FROM_DATABASE=Mciao Technologies, Inc. +OUI:C4A10E0* + ID_OUI_FROM_DATABASE=HYOSUNG HEAVY INDUSTRIES + +OUI:C4A10E1* + ID_OUI_FROM_DATABASE=BARTEC PIXAVI AS + +OUI:C4A10E2* + ID_OUI_FROM_DATABASE=Wistron InfoComn (Kunshan) Co., Ltd. + +OUI:C4A10E3* + ID_OUI_FROM_DATABASE=Consolinno Energy GmbH + +OUI:C4A10E4* + ID_OUI_FROM_DATABASE=Harbour Cross Technology Ltd + +OUI:C4A10E5* + ID_OUI_FROM_DATABASE=O-NET Industrial Technologies (Shenzhen) Limited + +OUI:C4A10E6* + ID_OUI_FROM_DATABASE=Hainan World Electronic Science and Techology Co.,Ltd + +OUI:C4A10E7* + ID_OUI_FROM_DATABASE=Guangzhou South Satellite Navigation Instrument Co., Ltd. + +OUI:C4A10E8* + ID_OUI_FROM_DATABASE=Ayla Networks (Shenzhen) Co., Ltd. + +OUI:C4A10E9* + ID_OUI_FROM_DATABASE=XI'AN YEP TELECOM TECHNOLOGY CO.,LTD + +OUI:C4A10EA* + ID_OUI_FROM_DATABASE=Jiangsu Perceive World Technology Co.,Ltd. + +OUI:C4A10EB* + ID_OUI_FROM_DATABASE=Clinton Electronics Corporation + +OUI:C4A10EC* + ID_OUI_FROM_DATABASE=Focus-on + +OUI:C4A10ED* + ID_OUI_FROM_DATABASE=Connectlab SRL + +OUI:C4A10EE* + ID_OUI_FROM_DATABASE=Alio, Inc + OUI:C4A151* ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD @@ -104486,6 +107243,9 @@ OUI:C4BED4* OUI:C4BF60* ID_OUI_FROM_DATABASE=TECNO MOBILE LIMITED +OUI:C4C063* + ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd + OUI:C4C0AE* ID_OUI_FROM_DATABASE=MIDORI ELECTRONIC CO., LTD. @@ -104570,6 +107330,12 @@ OUI:C4DD57* OUI:C4DE7B* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:C4DEE2* + ID_OUI_FROM_DATABASE=Espressif Inc. + +OUI:C4DF39* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:C4E032* ID_OUI_FROM_DATABASE=IEEE 1904.1 Working Group @@ -104612,6 +107378,9 @@ OUI:C4E984* OUI:C4EA1D* ID_OUI_FROM_DATABASE=Technicolor Delivery Technologies Belgium NV +OUI:C4EB39* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:C4EBE3* ID_OUI_FROM_DATABASE=RRCN SAS @@ -104789,6 +107558,9 @@ OUI:C80E95* OUI:C81073* ID_OUI_FROM_DATABASE=CENTURY OPTICOMM CO.,LTD +OUI:C8120B* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:C8138B* ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd @@ -104852,6 +107624,9 @@ OUI:C82158* OUI:C821DA* ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd +OUI:C82496* + ID_OUI_FROM_DATABASE=Jiangsu Yinhe Electronics Co.,Ltd. + OUI:C825E1* ID_OUI_FROM_DATABASE=Lemobile Information Technology (Beijing) Co., Ltd @@ -104864,6 +107639,9 @@ OUI:C8292A* OUI:C82A14* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:C82AF1* + ID_OUI_FROM_DATABASE=TCT mobile ltd + OUI:C82B96* ID_OUI_FROM_DATABASE=Espressif Inc. @@ -104942,6 +107720,9 @@ OUI:C83870* OUI:C839AC* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. +OUI:C83A1B* + ID_OUI_FROM_DATABASE=Toshiba TEC Corporation Inc + OUI:C83A35* ID_OUI_FROM_DATABASE=Tenda Technology Co., Ltd. @@ -105005,6 +107786,9 @@ OUI:C8478C* OUI:C848F5* ID_OUI_FROM_DATABASE=MEDISON Xray Co., Ltd +OUI:C84BD6* + ID_OUI_FROM_DATABASE=Dell Inc. + OUI:C84C75* ID_OUI_FROM_DATABASE=Cisco Systems, Inc @@ -105074,6 +107858,9 @@ OUI:C85CCC* OUI:C85D38* ID_OUI_FROM_DATABASE=HUMAX Co., Ltd. +OUI:C85EA9* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:C86000* ID_OUI_FROM_DATABASE=ASUSTek COMPUTER INC. @@ -105149,6 +107936,9 @@ OUI:C869CD* OUI:C86C1E* ID_OUI_FROM_DATABASE=Display Systems Ltd +OUI:C86C20* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:C86C3D* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -105344,6 +108134,9 @@ OUI:C89D18* OUI:C89E43* ID_OUI_FROM_DATABASE=NETGEAR +OUI:C89E61* + ID_OUI_FROM_DATABASE=Lyngsoe Systems LTd + OUI:C89F1A* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -105431,6 +108224,9 @@ OUI:C8B5B7* OUI:C8B6D3* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:C8B82F* + ID_OUI_FROM_DATABASE=eero inc. + OUI:C8BA94* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO-MECHANICS(THAILAND) @@ -105461,6 +108257,12 @@ OUI:C8BD69* OUI:C8BE19* ID_OUI_FROM_DATABASE=D-Link International +OUI:C8BE35* + ID_OUI_FROM_DATABASE=Extreme Networks, Inc. + +OUI:C8BF4C* + ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd + OUI:C8BFFE* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -105551,6 +108353,9 @@ OUI:C8D5FE* OUI:C8D69D* ID_OUI_FROM_DATABASE=Arab International Optronics +OUI:C8D6B7* + ID_OUI_FROM_DATABASE=Solidigm Technology + OUI:C8D719* ID_OUI_FROM_DATABASE=Cisco-Linksys, LLC @@ -105617,6 +108422,9 @@ OUI:C8E7F0* OUI:C8EAF8* ID_OUI_FROM_DATABASE=zte corporation +OUI:C8EBEC* + ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd + OUI:C8EE08* ID_OUI_FROM_DATABASE=TANGTOP TECHNOLOGY CO.,LTD @@ -105629,6 +108437,9 @@ OUI:C8EEA6* OUI:C8EF2E* ID_OUI_FROM_DATABASE=Beijing Gefei Tech. Co., Ltd +OUI:C8F09E* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:C8F230* ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD @@ -105752,6 +108563,9 @@ OUI:C8FF77* OUI:CC0080* ID_OUI_FROM_DATABASE=BETTINI SRL +OUI:CC037B* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:CC03D9* ID_OUI_FROM_DATABASE=Cisco Meraki @@ -105944,6 +108758,9 @@ OUI:CC25EF* OUI:CC262D* ID_OUI_FROM_DATABASE=Verifi, LLC +OUI:CC29BD* + ID_OUI_FROM_DATABASE=zte corporation + OUI:CC29F5* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -106034,6 +108851,9 @@ OUI:CC3D82* OUI:CC3E5F* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:CC3E79* + ID_OUI_FROM_DATABASE=ARRIS Group, Inc. + OUI:CC3F1D* ID_OUI_FROM_DATABASE=HMS Industrial Networks SLU @@ -106067,6 +108887,9 @@ OUI:CC46D6* OUI:CC4703* ID_OUI_FROM_DATABASE=Intercon Systems Co., Ltd. +OUI:CC4792* + ID_OUI_FROM_DATABASE=ASIX Electronics Corporation + OUI:CC47BD* ID_OUI_FROM_DATABASE=Rhombus Systems @@ -106131,7 +108954,7 @@ OUI:CC4F5CD* ID_OUI_FROM_DATABASE=Beijing Neutron Technology CO.,LTD. OUI:CC4F5CE* - ID_OUI_FROM_DATABASE=Buttons (Beijing) Technology Limited + ID_OUI_FROM_DATABASE=Beijing Techao Weijia Technology Limited OUI:CC500A* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD @@ -106196,6 +109019,9 @@ OUI:CC5FBF* OUI:CC60BB* ID_OUI_FROM_DATABASE=Empower RF Systems +OUI:CC60C8* + ID_OUI_FROM_DATABASE=Microsoft Corporation + OUI:CC61E5* ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company @@ -106208,6 +109034,9 @@ OUI:CC65AD* OUI:CC660A* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:CC6618* + ID_OUI_FROM_DATABASE=Adtran Inc + OUI:CC66B2* ID_OUI_FROM_DATABASE=Nokia @@ -106307,6 +109136,9 @@ OUI:CC812A* OUI:CC81DA* ID_OUI_FROM_DATABASE=Phicomm (Shanghai) Co., Ltd. +OUI:CC827F* + ID_OUI_FROM_DATABASE=Advantech Technology (CHINA) Co., Ltd. + OUI:CC82EB* ID_OUI_FROM_DATABASE=KYOCERA CORPORATION @@ -106736,9 +109568,15 @@ OUI:CCDB04* OUI:CCDB93* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:CCDBA7* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:CCDC55* ID_OUI_FROM_DATABASE=Dragonchip Limited +OUI:CCDD58* + ID_OUI_FROM_DATABASE=Robert Bosch GmbH + OUI:CCE0C3* ID_OUI_FROM_DATABASE=EXTEN Technologies, Inc. @@ -106793,6 +109631,9 @@ OUI:CCEF48* OUI:CCF0FD* ID_OUI_FROM_DATABASE=China Mobile (Hangzhou) Information Technology Co., Ltd. +OUI:CCF305* + ID_OUI_FROM_DATABASE=SHENZHEN TIAN XING CHUANG ZHAN ELECTRONIC CO.,LTD + OUI:CCF3A5* ID_OUI_FROM_DATABASE=Chi Mei Communication Systems, Inc @@ -106998,7 +109839,7 @@ OUI:D01E1D* ID_OUI_FROM_DATABASE=SaiNXT Technologies LLP OUI:D021AC* - ID_OUI_FROM_DATABASE=Yo Labs LLC + ID_OUI_FROM_DATABASE=Yohana OUI:D021F9* ID_OUI_FROM_DATABASE=Ubiquiti Networks Inc. @@ -107226,7 +110067,7 @@ OUI:D058C0* ID_OUI_FROM_DATABASE=Qingdao Haier Multimedia Limited. OUI:D058FC* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:D05919* ID_OUI_FROM_DATABASE=zte corporation @@ -107525,6 +110366,9 @@ OUI:D096FB* OUI:D097FE* ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. +OUI:D0989C* + ID_OUI_FROM_DATABASE=ConMet + OUI:D099D5* ID_OUI_FROM_DATABASE=Alcatel-Lucent @@ -107597,6 +110441,9 @@ OUI:D0A0D6* OUI:D0A311* ID_OUI_FROM_DATABASE=Neuberger Gebäudeautomation GmbH +OUI:D0A46F* + ID_OUI_FROM_DATABASE=China Dragon Technology Limited + OUI:D0A4B1* ID_OUI_FROM_DATABASE=Sonifex Ltd. @@ -107945,6 +110792,9 @@ OUI:D0FA1D* OUI:D0FCCC* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:D0FCD0* + ID_OUI_FROM_DATABASE=HUMAX Co., Ltd. + OUI:D0FF50* ID_OUI_FROM_DATABASE=Texas Instruments @@ -108215,6 +111065,9 @@ OUI:D440F0* OUI:D44165* ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD +OUI:D4430E* + ID_OUI_FROM_DATABASE=Zhejiang Dahua Technology Co., Ltd. + OUI:D443A8* ID_OUI_FROM_DATABASE=Changzhou Haojie Electric Co., Ltd. @@ -108248,6 +111101,9 @@ OUI:D44C9C* OUI:D44CA7* ID_OUI_FROM_DATABASE=Informtekhnika & Communication, LLC +OUI:D44D77* + ID_OUI_FROM_DATABASE=Nokia + OUI:D44DA4* ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. @@ -108276,7 +111132,7 @@ OUI:D45297* ID_OUI_FROM_DATABASE=nSTREAMS Technologies, Inc. OUI:D452EE* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:D45383* ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. @@ -108299,6 +111155,9 @@ OUI:D45763* OUI:D45800* ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD +OUI:D45A3F* + ID_OUI_FROM_DATABASE=Juniper Networks + OUI:D45AB2* ID_OUI_FROM_DATABASE=Galleon Systems @@ -108641,6 +111500,9 @@ OUI:D49AA0* OUI:D49B5C* ID_OUI_FROM_DATABASE=Chongqing Miedu Technology Co., Ltd. +OUI:D49B74* + ID_OUI_FROM_DATABASE=Kinetic Technologies + OUI:D49C28* ID_OUI_FROM_DATABASE=JayBird LLC @@ -108677,6 +111539,9 @@ OUI:D4A148* OUI:D4A33D* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:D4A3EB* + ID_OUI_FROM_DATABASE=Shenzhen iComm Semiconductor CO.,LTD + OUI:D4A425* ID_OUI_FROM_DATABASE=SMAX Technology Co., Ltd. @@ -108758,6 +111623,9 @@ OUI:D4BBE6* OUI:D4BD1E* ID_OUI_FROM_DATABASE=5VT Technologies,Taiwan LTd. +OUI:D4BD4F* + ID_OUI_FROM_DATABASE=Ruckus Wireless + OUI:D4BED9* ID_OUI_FROM_DATABASE=Dell Inc. @@ -108845,6 +111713,9 @@ OUI:D4D7A9* OUI:D4D7CF* ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. +OUI:D4D853* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:D4D898* ID_OUI_FROM_DATABASE=Korea CNO Tech Co., Ltd @@ -108852,7 +111723,7 @@ OUI:D4D919* ID_OUI_FROM_DATABASE=GoPro OUI:D4DACD* - ID_OUI_FROM_DATABASE=BSkyB Ltd + ID_OUI_FROM_DATABASE=SKY UK LIMITED OUI:D4DC09* ID_OUI_FROM_DATABASE=Mist Systems, Inc. @@ -108863,9 +111734,15 @@ OUI:D4DCCD* OUI:D4DF57* ID_OUI_FROM_DATABASE=Alpinion Medical Systems +OUI:D4E053* + ID_OUI_FROM_DATABASE=Aruba, a Hewlett Packard Enterprise Company + OUI:D4E08E* ID_OUI_FROM_DATABASE=ValueHD Corporation +OUI:D4E22F* + ID_OUI_FROM_DATABASE=Roku, Inc + OUI:D4E2CB* ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. @@ -108920,6 +111797,9 @@ OUI:D4F057* OUI:D4F0B4* ID_OUI_FROM_DATABASE=Napco Security Technologies +OUI:D4F0EA* + ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd + OUI:D4F143* ID_OUI_FROM_DATABASE=IPROAD.,Inc @@ -109019,6 +111899,9 @@ OUI:D80DE3* OUI:D80F99* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:D81068* + ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. + OUI:D8109F* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -109158,7 +112041,10 @@ OUI:D833B7* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS OUI:D834EE* - ID_OUI_FROM_DATABASE=Stem Audio + ID_OUI_FROM_DATABASE=SHURE INCORPORATED + +OUI:D8365F* + ID_OUI_FROM_DATABASE=Intelbras OUI:D8373B* ID_OUI_FROM_DATABASE=Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd @@ -109334,6 +112220,9 @@ OUI:D867D9* OUI:D86852* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:D868A0* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:D868C3* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -109394,6 +112283,9 @@ OUI:D87CDD* OUI:D87D7F* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:D87E6F* + ID_OUI_FROM_DATABASE=CASCINATION AG + OUI:D87E76* ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED @@ -109409,6 +112301,9 @@ OUI:D8803C* OUI:D88083* ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +OUI:D880DC* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:D881CE* ID_OUI_FROM_DATABASE=AHN INC. @@ -109463,6 +112358,9 @@ OUI:D8860BE* OUI:D887D5* ID_OUI_FROM_DATABASE=Leadcore Technology CO.,LTD +OUI:D88863* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:D888CE* ID_OUI_FROM_DATABASE=RF Technology Pty Ltd @@ -109544,6 +112442,9 @@ OUI:D89B3B* OUI:D89C67* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. +OUI:D89C8E* + ID_OUI_FROM_DATABASE=Comcast Cable Corporation + OUI:D89D67* ID_OUI_FROM_DATABASE=Hewlett Packard @@ -109820,6 +112721,9 @@ OUI:D8E0B8* OUI:D8E0E1* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:D8E2DF* + ID_OUI_FROM_DATABASE=Microsoft Corporation + OUI:D8E3AE* ID_OUI_FROM_DATABASE=CIRTEC MEDICAL SYSTEMS @@ -109832,6 +112736,9 @@ OUI:D8E72B* OUI:D8E743* ID_OUI_FROM_DATABASE=Wush, Inc +OUI:D8E844* + ID_OUI_FROM_DATABASE=zte corporation + OUI:D8E952* ID_OUI_FROM_DATABASE=KEOPSYS @@ -109910,6 +112817,9 @@ OUI:D8FE8F* OUI:D8FEE3* ID_OUI_FROM_DATABASE=D-Link International +OUI:D8FFC3* + ID_OUI_FROM_DATABASE=Shenzhen 3SNIC information technology company Limited + OUI:DC0077* ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. @@ -109928,6 +112838,9 @@ OUI:DC0398* OUI:DC052F* ID_OUI_FROM_DATABASE=National Products Inc. +OUI:DC0539* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:DC0575* ID_OUI_FROM_DATABASE=SIEMENS ENERGY AUTOMATION @@ -109949,6 +112862,9 @@ OUI:DC0914* OUI:DC094C* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:DC0B09* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:DC0B1A* ID_OUI_FROM_DATABASE=ADB Broadband Italia @@ -110090,6 +113006,9 @@ OUI:DC3350* OUI:DC35F1* ID_OUI_FROM_DATABASE=Positivo Tecnologia S.A. +OUI:DC360C* + ID_OUI_FROM_DATABASE=Hitron Technologies. Inc + OUI:DC36430* ID_OUI_FROM_DATABASE=Meier Tobler AG @@ -110240,6 +113159,9 @@ OUI:DC44B6* OUI:DC4517* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. +OUI:DC4628* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:DC48B2* ID_OUI_FROM_DATABASE=Baraja Pty. Ltd. @@ -110330,6 +113252,9 @@ OUI:DC5392* OUI:DC543D* ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED +OUI:DC5475* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:DC54D7* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -110411,6 +113336,9 @@ OUI:DC7144* OUI:DC7196* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:DC71DD* + ID_OUI_FROM_DATABASE=AX Technologies + OUI:DC7223* ID_OUI_FROM_DATABASE=Hui Zhou Gaoshengda Technology Co.,LTD @@ -110471,6 +113399,12 @@ OUI:DC8C37* OUI:DC8D8A* ID_OUI_FROM_DATABASE=Nokia Solutions and Networks GmbH & Co. KG +OUI:DC8DB7* + ID_OUI_FROM_DATABASE=ATW TECHNOLOGY, INC. + +OUI:DC8E95* + ID_OUI_FROM_DATABASE=Silicon Laboratories + OUI:DC9020* ID_OUI_FROM_DATABASE=RURU TEK PRIVATE LIMITED @@ -110501,6 +113435,9 @@ OUI:DC9914* OUI:DC99FE* ID_OUI_FROM_DATABASE=Armatura LLC +OUI:DC9A7D* + ID_OUI_FROM_DATABASE=HISENSE VISUAL TECHNOLOGY CO.,LTD + OUI:DC9A8E* ID_OUI_FROM_DATABASE=Nanjing Cocomm electronics co., LTD @@ -110567,6 +113504,9 @@ OUI:DCA8CF* OUI:DCA904* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:DCA956* + ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + OUI:DCA971* ID_OUI_FROM_DATABASE=Intel Corporate @@ -110621,6 +113561,9 @@ OUI:DCBB96* OUI:DCBD7A* ID_OUI_FROM_DATABASE=Guangzhou Shiyuan Electronic Technology Company Limited +OUI:DCBE49* + ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED + OUI:DCBE7A* ID_OUI_FROM_DATABASE=Zhejiang Nurotron Biotechnology Co. @@ -110861,6 +113804,9 @@ OUI:DCF090* OUI:DCF110* ID_OUI_FROM_DATABASE=Nokia Corporation +OUI:DCF31C* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:DCF401* ID_OUI_FROM_DATABASE=Dell Inc. @@ -110912,6 +113858,9 @@ OUI:E00084* OUI:E002A5* ID_OUI_FROM_DATABASE=ABB Robotics +OUI:E0036B* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:E00370* ID_OUI_FROM_DATABASE=ShenZhen Continental Wireless Technology Co., Ltd. @@ -110927,6 +113876,9 @@ OUI:E0071B* OUI:E007C2* ID_OUI_FROM_DATABASE=FUJIAN STAR-NET COMMUNICATION CO.,LTD +OUI:E00871* + ID_OUI_FROM_DATABASE=Dongguan Liesheng Electronic Co., Ltd. + OUI:E009BF* ID_OUI_FROM_DATABASE=SHENZHEN TONG BO WEI TECHNOLOGY Co.,LTD @@ -110966,6 +113918,9 @@ OUI:E013B5* OUI:E0143E* ID_OUI_FROM_DATABASE=Modoosis Inc. +OUI:E016B1* + ID_OUI_FROM_DATABASE=Advanced Design Technology co.,ltd. + OUI:E01877* ID_OUI_FROM_DATABASE=FUJITSU LIMITED @@ -111044,12 +113999,18 @@ OUI:E02636* OUI:E0271A* ID_OUI_FROM_DATABASE=TTC Next-generation Home Network System WG +OUI:E0276C* + ID_OUI_FROM_DATABASE=Guangzhou Shiyuan Electronic Technology Company Limited + OUI:E02861* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD OUI:E0286D* ID_OUI_FROM_DATABASE=AVM Audiovisuelles Marketing und Computersysteme GmbH +OUI:E028B1* + ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd + OUI:E02967* ID_OUI_FROM_DATABASE=HMD Global Oy @@ -111071,6 +114032,9 @@ OUI:E02CB2* OUI:E02CF3* ID_OUI_FROM_DATABASE=MRS Electronic GmbH +OUI:E02E0B* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:E02E3F* ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. @@ -111152,12 +114116,18 @@ OUI:E0469A* OUI:E046E5* ID_OUI_FROM_DATABASE=Gosuncn Technology Group Co., Ltd. +OUI:E046EE* + ID_OUI_FROM_DATABASE=NETGEAR + OUI:E048AF* ID_OUI_FROM_DATABASE=Premietech Limited OUI:E048D3* ID_OUI_FROM_DATABASE=MOBIWIRE MOBILES (NINGBO) CO.,LTD +OUI:E048D8* + ID_OUI_FROM_DATABASE=Guangzhi Wulian Technology(Guangzhou) Co., Ltd + OUI:E049ED* ID_OUI_FROM_DATABASE=Audeze LLC @@ -111182,6 +114152,9 @@ OUI:E05124* OUI:E05163* ID_OUI_FROM_DATABASE=Arcadyan Corporation +OUI:E051D8* + ID_OUI_FROM_DATABASE=China Dragon Technology Limited + OUI:E0553D* ID_OUI_FROM_DATABASE=Cisco Meraki @@ -111302,12 +114275,18 @@ OUI:E06995* OUI:E069BA* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:E06A05* + ID_OUI_FROM_DATABASE=Shenzhen YOUHUA Technology Co., Ltd + OUI:E06C4E* ID_OUI_FROM_DATABASE=Shenzhen TINNO Mobile Technology Corp. OUI:E06CA6* ID_OUI_FROM_DATABASE=Creotech Instruments S.A. +OUI:E06CC5* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:E06CF6* ID_OUI_FROM_DATABASE=ESSENCORE limited @@ -111347,6 +114326,9 @@ OUI:E078A3* OUI:E0795E* ID_OUI_FROM_DATABASE=Wuxi Xiaohu Technology Co.,Ltd. +OUI:E0798D* + ID_OUI_FROM_DATABASE=Silicon Laboratories + OUI:E079C4* ID_OUI_FROM_DATABASE=iRay Technology Company Limited @@ -111368,6 +114350,9 @@ OUI:E07F53* OUI:E07F88* ID_OUI_FROM_DATABASE=EVIDENCE Network SIA +OUI:E0806B* + ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd + OUI:E08177* ID_OUI_FROM_DATABASE=GreenBytes, Inc. @@ -111377,6 +114362,9 @@ OUI:E084F3* OUI:E0859A* ID_OUI_FROM_DATABASE=SHENZHEN RF-LINK TECHNOLOGY CO.,LTD. +OUI:E08614* + ID_OUI_FROM_DATABASE=Novatel Wireless Solutions, Inc. + OUI:E087B1* ID_OUI_FROM_DATABASE=Nata-Info Ltd. @@ -111410,6 +114398,9 @@ OUI:E091F5* OUI:E0925C* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:E0928F* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:E092A7* ID_OUI_FROM_DATABASE=Feitian Technologies Co., Ltd @@ -111434,6 +114425,9 @@ OUI:E09861* OUI:E09971* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:E09C8D* + ID_OUI_FROM_DATABASE=Seakeeper, Inc. + OUI:E09D13* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -111716,6 +114710,9 @@ OUI:E0D4E8* OUI:E0D55E* ID_OUI_FROM_DATABASE=GIGA-BYTE TECHNOLOGY CO.,LTD. +OUI:E0D738* + ID_OUI_FROM_DATABASE=WireStar Networks + OUI:E0D7BA* ID_OUI_FROM_DATABASE=Texas Instruments @@ -111833,9 +114830,15 @@ OUI:E0F5CA* OUI:E0F62D* ID_OUI_FROM_DATABASE=Juniper Networks +OUI:E0F678* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:E0F6B5* ID_OUI_FROM_DATABASE=Nintendo Co.,Ltd +OUI:E0F728* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:E0F847* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -112253,6 +115256,9 @@ OUI:E46251* OUI:E46449* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. +OUI:E46564* + ID_OUI_FROM_DATABASE=SHENZHEN KTC TECHNOLOGY CO.,LTD + OUI:E4671E* ID_OUI_FROM_DATABASE=SHEN ZHEN NUO XIN CHENG TECHNOLOGY co., Ltd. @@ -112265,6 +115271,9 @@ OUI:E468A3* OUI:E4695A* ID_OUI_FROM_DATABASE=Dictum Health, Inc. +OUI:E46A35* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:E46C21* ID_OUI_FROM_DATABASE=messMa GmbH @@ -112379,6 +115388,9 @@ OUI:E48F34* OUI:E48F65* ID_OUI_FROM_DATABASE=Yelatma Instrument Making Enterprise, JSC +OUI:E4902A* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:E49069* ID_OUI_FROM_DATABASE=Rockwell Automation @@ -112544,6 +115556,12 @@ OUI:E4B318* OUI:E4B503* ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. +OUI:E4B555* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + +OUI:E4B633* + ID_OUI_FROM_DATABASE=Wuxi Stars Microsystem Technology Co., Ltd + OUI:E4B97A* ID_OUI_FROM_DATABASE=Dell Inc. @@ -112994,6 +116012,9 @@ OUI:E839DF* OUI:E83A12* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:E83A4B* + ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd. + OUI:E83A97* ID_OUI_FROM_DATABASE=Toshiba Corporation @@ -113042,6 +116063,9 @@ OUI:E84D74* OUI:E84DD0* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD +OUI:E84DEC* + ID_OUI_FROM_DATABASE=Xerox Corporation + OUI:E84E06* ID_OUI_FROM_DATABASE=EDUP INTERNATIONAL (HK) CO., LTD @@ -113306,6 +116330,9 @@ OUI:E88152* OUI:E88175* ID_OUI_FROM_DATABASE=zte corporation +OUI:E881AB* + ID_OUI_FROM_DATABASE=Beijing Sankuai Online Technology Co.,Ltd + OUI:E8825B* ID_OUI_FROM_DATABASE=ARRIS Group, Inc. @@ -113450,6 +116477,9 @@ OUI:E8ABF3* OUI:E8ABFA* ID_OUI_FROM_DATABASE=Shenzhen Reecam Tech.Ltd. +OUI:E8AC23* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:E8ACAD* ID_OUI_FROM_DATABASE=zte corporation @@ -113468,6 +116498,9 @@ OUI:E8B2AC* OUI:E8B2FE* ID_OUI_FROM_DATABASE=HUMAX Co., Ltd. +OUI:E8B3EF* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:E8B4700* ID_OUI_FROM_DATABASE=DongGuan Ramaxel Memory Technology @@ -113591,6 +116624,9 @@ OUI:E8CC18* OUI:E8CC32* ID_OUI_FROM_DATABASE=Micronet LTD +OUI:E8CC8C* + ID_OUI_FROM_DATABASE=Chengdu Jia Rui Hua Lian Communication Technology Co.,Ltd. + OUI:E8CD2D* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -113633,6 +116669,9 @@ OUI:E8D765* OUI:E8D819* ID_OUI_FROM_DATABASE=AzureWave Technology Inc. +OUI:E8D87E* + ID_OUI_FROM_DATABASE=Amazon Technologies Inc. + OUI:E8D8D1* ID_OUI_FROM_DATABASE=HP Inc. @@ -113651,6 +116690,9 @@ OUI:E8DAAA* OUI:E8DB84* ID_OUI_FROM_DATABASE=Espressif Inc. +OUI:E8DC6C* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:E8DE00* ID_OUI_FROM_DATABASE=ChongQing GuanFang Technology Co.,LTD @@ -113723,6 +116765,9 @@ OUI:E8EB1B* OUI:E8EB34* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:E8EBD3* + ID_OUI_FROM_DATABASE=Mellanox Technologies, Inc. + OUI:E8ECA3* ID_OUI_FROM_DATABASE=Dongguan Liesheng Electronic Co.Ltd @@ -113738,6 +116783,9 @@ OUI:E8EDF3* OUI:E8EECC* ID_OUI_FROM_DATABASE=Fantasia Trading LLC +OUI:E8EF05* + ID_OUI_FROM_DATABASE=MIND TECH INTERNATIONAL LIMITED + OUI:E8EF89* ID_OUI_FROM_DATABASE=OPMEX Tech. @@ -113765,6 +116813,9 @@ OUI:E8F654* OUI:E8F724* ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise +OUI:E8F791* + ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd + OUI:E8F928* ID_OUI_FROM_DATABASE=RFTECH SRL @@ -113777,6 +116828,9 @@ OUI:E8FA23* OUI:E8FAF7* ID_OUI_FROM_DATABASE=Guangdong Uniteddata Holding Group Co., Ltd. +OUI:E8FB1C* + ID_OUI_FROM_DATABASE=AzureWave Technology Inc. + OUI:E8FBE9* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -113885,6 +116939,9 @@ OUI:EC1D8B* OUI:EC1F72* ID_OUI_FROM_DATABASE=SAMSUNG ELECTRO-MECHANICS(THAILAND) +OUI:EC2125* + ID_OUI_FROM_DATABASE=Toshiba Corp. + OUI:EC219F* ID_OUI_FROM_DATABASE=VidaBox LLC @@ -113945,6 +117002,9 @@ OUI:EC2E98* OUI:EC3091* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:EC30B3* + ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd + OUI:EC316D* ID_OUI_FROM_DATABASE=Hansgrohe @@ -114002,6 +117062,9 @@ OUI:EC4269* OUI:EC42B4* ID_OUI_FROM_DATABASE=ADC Corporation +OUI:EC42CC* + ID_OUI_FROM_DATABASE=Apple, Inc. + OUI:EC42F0* ID_OUI_FROM_DATABASE=ADL Embedded Solutions, Inc. @@ -114053,6 +117116,9 @@ OUI:EC52DC* OUI:EC542E* ID_OUI_FROM_DATABASE=Shanghai XiMei Electronic Technology Co. Ltd +OUI:EC551C* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:EC55F9* ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co.,Ltd. @@ -114086,9 +117152,15 @@ OUI:EC5C84* OUI:EC5F23* ID_OUI_FROM_DATABASE=Qinghai Kimascend Electronics Technology Co. Ltd. +OUI:EC6073* + ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. + OUI:EC60E0* ID_OUI_FROM_DATABASE=AVI-ON LABS +OUI:EC6260* + ID_OUI_FROM_DATABASE=Espressif Inc. + OUI:EC6264* ID_OUI_FROM_DATABASE=Global411 Internet Services, LLC @@ -114140,6 +117212,9 @@ OUI:EC71DB* OUI:EC74BA* ID_OUI_FROM_DATABASE=Hirschmann Automation and Control GmbH +OUI:EC74D7* + ID_OUI_FROM_DATABASE=Grandstream Networks Inc + OUI:EC753E* ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD @@ -114182,6 +117257,9 @@ OUI:EC8009* OUI:EC8193* ID_OUI_FROM_DATABASE=Logitech, Inc +OUI:EC819C* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:EC8263* ID_OUI_FROM_DATABASE=zte corporation @@ -114350,6 +117428,9 @@ OUI:ECA29B* OUI:ECA5DE* ID_OUI_FROM_DATABASE=ONYX WIFI Inc +OUI:ECA62F* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:ECA81F* ID_OUI_FROM_DATABASE=Technicolor CH USA Inc. @@ -114524,6 +117605,9 @@ OUI:ECE512* OUI:ECE555* ID_OUI_FROM_DATABASE=Hirschmann Automation +OUI:ECE6A2* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:ECE744* ID_OUI_FROM_DATABASE=Omntec mfg. inc @@ -114986,6 +118070,9 @@ OUI:F04CD5* OUI:F04DA2* ID_OUI_FROM_DATABASE=Dell Inc. +OUI:F04DD4* + ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS + OUI:F04F7C* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. @@ -115076,6 +118163,9 @@ OUI:F06865* OUI:F06BCA* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:F06C5D* + ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd + OUI:F06C73* ID_OUI_FROM_DATABASE=Nokia @@ -115178,6 +118268,12 @@ OUI:F085C1* OUI:F08620* ID_OUI_FROM_DATABASE=Arcadyan Corporation +OUI:F08756* + ID_OUI_FROM_DATABASE=Zyxel Communications Corporation + +OUI:F0877F* + ID_OUI_FROM_DATABASE=Magnetar Technology Shenzhen Co., LTD. + OUI:F08A28* ID_OUI_FROM_DATABASE=JIANGSU HENGSION ELECTRONIC S and T CO.,LTD @@ -115400,6 +118496,9 @@ OUI:F0B5D1* OUI:F0B61E* ID_OUI_FROM_DATABASE=Intel Corporate +OUI:F0B661* + ID_OUI_FROM_DATABASE=eero inc. + OUI:F0B6EB* ID_OUI_FROM_DATABASE=Poslab Technology Co., Ltd. @@ -115424,6 +118523,9 @@ OUI:F0BE25* OUI:F0BF97* ID_OUI_FROM_DATABASE=Sony Corporation +OUI:F0C1CE* + ID_OUI_FROM_DATABASE=GoodWe Technologies CO., Ltd + OUI:F0C1F1* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -115454,6 +118556,9 @@ OUI:F0C850* OUI:F0C88C* ID_OUI_FROM_DATABASE=LeddarTech Inc. +OUI:F0C8B5* + ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD + OUI:F0C9D1* ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd. @@ -115484,6 +118589,9 @@ OUI:F0D3A7* OUI:F0D3E7* ID_OUI_FROM_DATABASE=Sensometrix SA +OUI:F0D415* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:F0D4E2* ID_OUI_FROM_DATABASE=Dell Inc. @@ -115853,6 +118961,9 @@ OUI:F42012* OUI:F421AE* ID_OUI_FROM_DATABASE=Shanghai Xiaodu Technology Limited +OUI:F4227A* + ID_OUI_FROM_DATABASE=Guangdong Seneasy Intelligent Technology Co., Ltd. + OUI:F4239C* ID_OUI_FROM_DATABASE=SERNET (SUZHOU) TECHNOLOGIES CORPORATION @@ -115916,6 +119027,9 @@ OUI:F438C1* OUI:F43909* ID_OUI_FROM_DATABASE=Hewlett Packard +OUI:F43BD8* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:F43D80* ID_OUI_FROM_DATABASE=FAG Industrial Services GmbH @@ -116129,15 +119243,27 @@ OUI:F46ABC* OUI:F46AD7* ID_OUI_FROM_DATABASE=Microsoft Corporation +OUI:F46ADD* + ID_OUI_FROM_DATABASE=Liteon Technology Corporation + OUI:F46B8C* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:F46BEF* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:F46C68* + ID_OUI_FROM_DATABASE=Wistron Neweb Corporation + OUI:F46D04* ID_OUI_FROM_DATABASE=ASUSTek COMPUTER INC. +OUI:F46D2F* + ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. + +OUI:F46D3F* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:F46DE2* ID_OUI_FROM_DATABASE=zte corporation @@ -116252,6 +119378,9 @@ OUI:F483E1* OUI:F4844C* ID_OUI_FROM_DATABASE=Texas Instruments +OUI:F4848D* + ID_OUI_FROM_DATABASE=TP-LINK TECHNOLOGIES CO.,LTD. + OUI:F485C6* ID_OUI_FROM_DATABASE=FDT Technologies @@ -116337,7 +119466,7 @@ OUI:F492BF* ID_OUI_FROM_DATABASE=Ubiquiti Networks Inc. OUI:F4939F* - ID_OUI_FROM_DATABASE=Hon Hai Precision Ind. Co., Ltd. + ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd. OUI:F49461* ID_OUI_FROM_DATABASE=NexGen Storage @@ -116462,6 +119591,9 @@ OUI:F4B301* OUI:F4B381* ID_OUI_FROM_DATABASE=WindowMaster A/S +OUI:F4B3B1* + ID_OUI_FROM_DATABASE=Silicon Laboratories + OUI:F4B520* ID_OUI_FROM_DATABASE=Biostar Microtech international corp. @@ -116558,6 +119690,9 @@ OUI:F4C7AA* OUI:F4C7C8* ID_OUI_FROM_DATABASE=Kelvin Inc. +OUI:F4C88A* + ID_OUI_FROM_DATABASE=Intel Corporate + OUI:F4CA24* ID_OUI_FROM_DATABASE=FreeBit Co., Ltd. @@ -116652,7 +119787,7 @@ OUI:F4E142* ID_OUI_FROM_DATABASE=Delta Elektronika BV OUI:F4E204* - ID_OUI_FROM_DATABASE=Traqueur + ID_OUI_FROM_DATABASE=COYOTE SYSTEM OUI:F4E2C6* ID_OUI_FROM_DATABASE=Ubiquiti Networks Inc. @@ -117017,6 +120152,9 @@ OUI:F828C9* OUI:F829C0* ID_OUI_FROM_DATABASE=Availink, Inc. +OUI:F82B7F* + ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. + OUI:F82BC8* ID_OUI_FROM_DATABASE=Jiangsu Switter Co., Ltd @@ -117161,6 +120299,9 @@ OUI:F84DFC* OUI:F84E17* ID_OUI_FROM_DATABASE=Sony Corporation +OUI:F84E58* + ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd + OUI:F84E73* ID_OUI_FROM_DATABASE=Apple, Inc. @@ -117194,6 +120335,9 @@ OUI:F854AF* OUI:F854B8* ID_OUI_FROM_DATABASE=Amazon Technologies Inc. +OUI:F85548* + ID_OUI_FROM_DATABASE=Texas Instruments + OUI:F855CD* ID_OUI_FROM_DATABASE=Visteon Corporation @@ -117227,6 +120371,9 @@ OUI:F85C4D* OUI:F85C7D* ID_OUI_FROM_DATABASE=Shenzhen Honesty Electronics Co.,Ltd. +OUI:F85E0B* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:F85E3C* ID_OUI_FROM_DATABASE=SHENZHEN ZHIBOTONG ELECTRONICS CO.,LTD @@ -117569,6 +120716,9 @@ OUI:F8AA8A* OUI:F8AB05* ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS +OUI:F8AB82* + ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd + OUI:F8ABE5* ID_OUI_FROM_DATABASE=shenzhen worldelite electronics co., LTD @@ -117578,6 +120728,9 @@ OUI:F8AC65* OUI:F8AC6D* ID_OUI_FROM_DATABASE=Deltenna Ltd +OUI:F8AD24* + ID_OUI_FROM_DATABASE=Realme Chongqing Mobile Telecommunications Corp.,Ltd. + OUI:F8ADCB* ID_OUI_FROM_DATABASE=HMD Global Oy @@ -117662,6 +120815,9 @@ OUI:F8B797* OUI:F8B7E2* ID_OUI_FROM_DATABASE=Cisco Systems, Inc +OUI:F8B8B4* + ID_OUI_FROM_DATABASE=Shenzhen Skyworth Digital Technology CO., Ltd + OUI:F8B95A* ID_OUI_FROM_DATABASE=LG Innotek @@ -117737,6 +120893,9 @@ OUI:F8CAB8* OUI:F8CC6E* ID_OUI_FROM_DATABASE=DEPO Electronics Ltd +OUI:F8CDC8* + ID_OUI_FROM_DATABASE=Sichuan Tianyi Comheart Telecom Co.,LTD + OUI:F8CE72* ID_OUI_FROM_DATABASE=Wistron Corporation @@ -117815,6 +120974,9 @@ OUI:F8E43B* OUI:F8E44E* ID_OUI_FROM_DATABASE=MCOT INC. +OUI:F8E4A4* + ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD + OUI:F8E4E3* ID_OUI_FROM_DATABASE=Intel Corporate @@ -117851,6 +121013,9 @@ OUI:F8E903* OUI:F8E94E* ID_OUI_FROM_DATABASE=Apple, Inc. +OUI:F8E94F* + ID_OUI_FROM_DATABASE=Cisco Systems, Inc + OUI:F8E968* ID_OUI_FROM_DATABASE=Egker Kft. @@ -117974,6 +121139,9 @@ OUI:FC0FE6* OUI:FC0FE7* ID_OUI_FROM_DATABASE=Microchip Technology Inc. +OUI:FC101A* + ID_OUI_FROM_DATABASE=Palo Alto Networks + OUI:FC10BD* ID_OUI_FROM_DATABASE=Control Sistematizado S.A. @@ -118262,6 +121430,42 @@ OUI:FC6018* OUI:FC609B* ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd +OUI:FC61790* + ID_OUI_FROM_DATABASE=Zhuhai Anjubao Electronics Technology Co., Ltd. + +OUI:FC61791* + ID_OUI_FROM_DATABASE=Signalinks Communication Technology Co.,Ltd + +OUI:FC61792* + ID_OUI_FROM_DATABASE=Shenzhen Shenshui Electronic Commerce Co.,Ltd + +OUI:FC61793* + ID_OUI_FROM_DATABASE=EchoStar Mobile + +OUI:FC61794* + ID_OUI_FROM_DATABASE=CHOEUNENG + +OUI:FC61795* + ID_OUI_FROM_DATABASE=Qisda Corporation + +OUI:FC61796* + ID_OUI_FROM_DATABASE=Hangzhou LiDe Communication Co.,Ltd + +OUI:FC61797* + ID_OUI_FROM_DATABASE=Kvaliteta Systems and Solutions Private Limited + +OUI:FC61798* + ID_OUI_FROM_DATABASE=Annapurna labs + +OUI:FC61799* + ID_OUI_FROM_DATABASE=MACH SYSTEMS s.r.o. + +OUI:FC6179A* + ID_OUI_FROM_DATABASE=Shenzhen Dptek Technology Co., Ltd. + +OUI:FC6179D* + ID_OUI_FROM_DATABASE=Int'Act Pty Ltd + OUI:FC6198* ID_OUI_FROM_DATABASE=NEC Personal Products, Ltd @@ -118361,6 +121565,9 @@ OUI:FC8399* OUI:FC83C6* ID_OUI_FROM_DATABASE=N-Radio Technologies Co., Ltd. +OUI:FC8417* + ID_OUI_FROM_DATABASE=Honor Device Co., Ltd. + OUI:FC8596* ID_OUI_FROM_DATABASE=Axonne Inc. @@ -118451,6 +121658,9 @@ OUI:FC9FAE* OUI:FC9FE1* ID_OUI_FROM_DATABASE=CONWIN.Tech. Ltd +OUI:FCA05A* + ID_OUI_FROM_DATABASE=Oray.com co., LTD. + OUI:FCA13E* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd @@ -118598,6 +121808,9 @@ OUI:FCB6D8* OUI:FCB7F0* ID_OUI_FROM_DATABASE=Idaho National Laboratory +OUI:FCB97E* + ID_OUI_FROM_DATABASE=GE Appliances + OUI:FCBBA1* ID_OUI_FROM_DATABASE=Shenzhen Minicreate Technology Co.,Ltd @@ -118628,6 +121841,9 @@ OUI:FCC2DE* OUI:FCC734* ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd +OUI:FCC737* + ID_OUI_FROM_DATABASE=Shaanxi Gangsion Electronic Technology Co., Ltd + OUI:FCC897* ID_OUI_FROM_DATABASE=zte corporation diff --git a/hwdb.d/20-acpi-vendor.hwdb b/hwdb.d/20-acpi-vendor.hwdb index 87eba251c2e..e23dbbbc959 100644 --- a/hwdb.d/20-acpi-vendor.hwdb +++ b/hwdb.d/20-acpi-vendor.hwdb @@ -51,6 +51,9 @@ acpi:ATML*: acpi:AUTH*: ID_VENDOR_FROM_DATABASE=AuthenTec +acpi:AWDZ*: + ID_VENDOR_FROM_DATABASE=Shanghai Aiwei Electronic Technology Co., Ltd. + acpi:BABA*: ID_VENDOR_FROM_DATABASE=Alibaba Co., Ltd. @@ -219,6 +222,9 @@ acpi:MSHW*: acpi:MXIM*: ID_VENDOR_FROM_DATABASE=Maxim Integrated +acpi:NOLO*: + ID_VENDOR_FROM_DATABASE=NOLO Co., Ltd. + acpi:NVDA*: ID_VENDOR_FROM_DATABASE=Nvidia @@ -273,6 +279,9 @@ acpi:SECC*: acpi:SHRP*: ID_VENDOR_FROM_DATABASE=Sharp Corporation +acpi:SILC*: + ID_VENDOR_FROM_DATABASE=Silicom Ltd. Connectivity Solutions + acpi:SNSL*: ID_VENDOR_FROM_DATABASE=Sensel, Inc. @@ -912,6 +921,9 @@ acpi:ATV*: acpi:ATX*: ID_VENDOR_FROM_DATABASE=Athenix Corporation +acpi:AUD*: + ID_VENDOR_FROM_DATABASE=AudioControl + acpi:AUG*: ID_VENDOR_FROM_DATABASE=August Home, Inc. @@ -4273,7 +4285,7 @@ acpi:MAS*: ID_VENDOR_FROM_DATABASE=Mass Inc. acpi:MAT*: - ID_VENDOR_FROM_DATABASE=Matsushita Electric Ind. Company Ltd + ID_VENDOR_FROM_DATABASE=Panasonic Connect Co.,Ltd. acpi:MAX*: ID_VENDOR_FROM_DATABASE=Rogen Tech Distribution Inc @@ -6036,6 +6048,9 @@ acpi:SBS*: acpi:SBT*: ID_VENDOR_FROM_DATABASE=Senseboard Technologies AB +acpi:SCA*: + ID_VENDOR_FROM_DATABASE=Schneider Consumer Group + acpi:SCB*: ID_VENDOR_FROM_DATABASE=SeeCubic B.V. @@ -6156,6 +6171,9 @@ acpi:SES*: acpi:SET*: ID_VENDOR_FROM_DATABASE=SendTek Corporation +acpi:SFL*: + ID_VENDOR_FROM_DATABASE=Shiftall Inc. + acpi:SFM*: ID_VENDOR_FROM_DATABASE=TORNADO Company diff --git a/hwdb.d/20-acpi-vendor.hwdb.patch b/hwdb.d/20-acpi-vendor.hwdb.patch index 38f3eee8a7d..f29c5ab0723 100644 --- a/hwdb.d/20-acpi-vendor.hwdb.patch +++ b/hwdb.d/20-acpi-vendor.hwdb.patch @@ -1,5 +1,5 @@ ---- 20-acpi-vendor.hwdb.base 2021-12-23 19:33:43.195441335 +0900 -+++ 20-acpi-vendor.hwdb 2021-12-23 19:33:43.215441358 +0900 +--- 20-acpi-vendor.hwdb.base 2022-04-28 19:40:27.528947746 +0200 ++++ 20-acpi-vendor.hwdb 2022-04-28 19:40:27.542947933 +0200 @@ -3,6 +3,8 @@ # Data imported from: # https://uefi.org/uefi-pnp-export @@ -19,7 +19,7 @@ acpi:AMDI*: ID_VENDOR_FROM_DATABASE=AMD -@@ -325,6 +324,9 @@ +@@ -334,6 +333,9 @@ acpi:AAA*: ID_VENDOR_FROM_DATABASE=Avolites Ltd @@ -29,7 +29,7 @@ acpi:AAE*: ID_VENDOR_FROM_DATABASE=Anatek Electronics Inc. -@@ -352,6 +354,9 @@ +@@ -361,6 +363,9 @@ acpi:ABO*: ID_VENDOR_FROM_DATABASE=D-Link Systems Inc @@ -39,7 +39,7 @@ acpi:ABS*: ID_VENDOR_FROM_DATABASE=Abaco Systems, Inc. -@@ -397,7 +402,7 @@ +@@ -406,7 +411,7 @@ acpi:ACO*: ID_VENDOR_FROM_DATABASE=Allion Computer Inc. @@ -48,7 +48,7 @@ ID_VENDOR_FROM_DATABASE=Aspen Tech Inc acpi:ACR*: -@@ -673,6 +678,9 @@ +@@ -682,6 +687,9 @@ acpi:AMT*: ID_VENDOR_FROM_DATABASE=AMT International Industry @@ -58,7 +58,7 @@ acpi:AMX*: ID_VENDOR_FROM_DATABASE=AMX LLC -@@ -721,6 +729,9 @@ +@@ -730,6 +738,9 @@ acpi:AOA*: ID_VENDOR_FROM_DATABASE=AOpen Inc. @@ -68,7 +68,7 @@ acpi:AOE*: ID_VENDOR_FROM_DATABASE=Advanced Optics Electronics, Inc. -@@ -730,6 +741,9 @@ +@@ -739,6 +750,9 @@ acpi:AOT*: ID_VENDOR_FROM_DATABASE=Alcatel @@ -78,7 +78,7 @@ acpi:APC*: ID_VENDOR_FROM_DATABASE=American Power Conversion -@@ -905,7 +919,7 @@ +@@ -917,7 +931,7 @@ ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD. acpi:AUO*: @@ -87,7 +87,7 @@ acpi:AUR*: ID_VENDOR_FROM_DATABASE=Aureal Semiconductor -@@ -985,6 +999,9 @@ +@@ -997,6 +1011,9 @@ acpi:AXE*: ID_VENDOR_FROM_DATABASE=Axell Corporation @@ -97,7 +97,7 @@ acpi:AXI*: ID_VENDOR_FROM_DATABASE=American Magnetics -@@ -1135,6 +1152,9 @@ +@@ -1147,6 +1164,9 @@ acpi:BML*: ID_VENDOR_FROM_DATABASE=BIOMED Lab @@ -107,7 +107,7 @@ acpi:BMS*: ID_VENDOR_FROM_DATABASE=BIOMEDISYS -@@ -1147,6 +1167,9 @@ +@@ -1159,6 +1179,9 @@ acpi:BNO*: ID_VENDOR_FROM_DATABASE=Bang & Olufsen @@ -117,7 +117,7 @@ acpi:BNS*: ID_VENDOR_FROM_DATABASE=Boulder Nonlinear Systems -@@ -1390,6 +1413,9 @@ +@@ -1402,6 +1425,9 @@ acpi:CHA*: ID_VENDOR_FROM_DATABASE=Chase Research PLC @@ -127,7 +127,7 @@ acpi:CHD*: ID_VENDOR_FROM_DATABASE=ChangHong Electric Co.,Ltd -@@ -1552,6 +1578,9 @@ +@@ -1564,6 +1590,9 @@ acpi:COD*: ID_VENDOR_FROM_DATABASE=CODAN Pty. Ltd. @@ -137,7 +137,7 @@ acpi:COI*: ID_VENDOR_FROM_DATABASE=Codec Inc. -@@ -1961,7 +1990,7 @@ +@@ -1973,7 +2002,7 @@ ID_VENDOR_FROM_DATABASE=Dragon Information Technology acpi:DJE*: @@ -146,7 +146,7 @@ acpi:DJP*: ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd -@@ -2299,6 +2328,9 @@ +@@ -2311,6 +2340,9 @@ acpi:EIN*: ID_VENDOR_FROM_DATABASE=Elegant Invention @@ -156,7 +156,7 @@ acpi:EKA*: ID_VENDOR_FROM_DATABASE=MagTek Inc. -@@ -2563,6 +2595,9 @@ +@@ -2575,6 +2607,9 @@ acpi:FCG*: ID_VENDOR_FROM_DATABASE=First International Computer Ltd @@ -166,7 +166,7 @@ acpi:FCS*: ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc. -@@ -2939,7 +2974,7 @@ +@@ -2951,7 +2986,7 @@ ID_VENDOR_FROM_DATABASE=General Standards Corporation acpi:GSM*: @@ -175,7 +175,7 @@ acpi:GSN*: ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc. -@@ -3040,6 +3075,9 @@ +@@ -3052,6 +3087,9 @@ acpi:HEC*: ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd. @@ -185,7 +185,7 @@ acpi:HEL*: ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd -@@ -3172,6 +3210,9 @@ +@@ -3184,6 +3222,9 @@ acpi:HSD*: ID_VENDOR_FROM_DATABASE=HannStar Display Corp @@ -195,7 +195,7 @@ acpi:HSM*: ID_VENDOR_FROM_DATABASE=AT&T Microelectronics -@@ -3298,6 +3339,9 @@ +@@ -3310,6 +3351,9 @@ acpi:ICI*: ID_VENDOR_FROM_DATABASE=Infotek Communication Inc @@ -205,7 +205,7 @@ acpi:ICM*: ID_VENDOR_FROM_DATABASE=Intracom SA -@@ -3394,6 +3438,9 @@ +@@ -3406,6 +3450,9 @@ acpi:IKE*: ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd. @@ -215,7 +215,7 @@ acpi:IKS*: ID_VENDOR_FROM_DATABASE=Ikos Systems Inc -@@ -3439,6 +3486,9 @@ +@@ -3451,6 +3498,9 @@ acpi:IMT*: ID_VENDOR_FROM_DATABASE=Inmax Technology Corporation @@ -225,7 +225,7 @@ acpi:INA*: ID_VENDOR_FROM_DATABASE=Inventec Corporation -@@ -3955,6 +4005,9 @@ +@@ -3967,6 +4017,9 @@ acpi:LAN*: ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc @@ -235,7 +235,7 @@ acpi:LAS*: ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S -@@ -4003,6 +4056,9 @@ +@@ -4015,6 +4068,9 @@ acpi:LED*: ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc @@ -245,7 +245,7 @@ acpi:LEG*: ID_VENDOR_FROM_DATABASE=Legerity, Inc -@@ -4018,6 +4074,9 @@ +@@ -4030,6 +4086,9 @@ acpi:LGC*: ID_VENDOR_FROM_DATABASE=Logic Ltd @@ -255,7 +255,7 @@ acpi:LGI*: ID_VENDOR_FROM_DATABASE=Logitech Inc -@@ -4075,6 +4134,9 @@ +@@ -4087,6 +4146,9 @@ acpi:LND*: ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd @@ -265,7 +265,7 @@ acpi:LNK*: ID_VENDOR_FROM_DATABASE=Link Tech Inc -@@ -4109,7 +4171,7 @@ +@@ -4121,7 +4183,7 @@ ID_VENDOR_FROM_DATABASE=Design Technology acpi:LPL*: @@ -274,7 +274,7 @@ acpi:LSC*: ID_VENDOR_FROM_DATABASE=LifeSize Communications -@@ -4285,6 +4347,9 @@ +@@ -4297,6 +4359,9 @@ acpi:MCX*: ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc. @@ -284,7 +284,7 @@ acpi:MDA*: ID_VENDOR_FROM_DATABASE=Media4 Inc -@@ -4525,6 +4590,9 @@ +@@ -4537,6 +4602,9 @@ acpi:MOM*: ID_VENDOR_FROM_DATABASE=Momentum Data Systems @@ -294,7 +294,7 @@ acpi:MOS*: ID_VENDOR_FROM_DATABASE=Moses Corporation -@@ -4759,6 +4827,9 @@ +@@ -4771,6 +4839,9 @@ acpi:NAL*: ID_VENDOR_FROM_DATABASE=Network Alchemy @@ -304,7 +304,7 @@ acpi:NAT*: ID_VENDOR_FROM_DATABASE=NaturalPoint Inc. -@@ -5281,6 +5352,9 @@ +@@ -5293,6 +5364,9 @@ acpi:PCX*: ID_VENDOR_FROM_DATABASE=PC Xperten @@ -314,7 +314,7 @@ acpi:PDM*: ID_VENDOR_FROM_DATABASE=Psion Dacom Plc. -@@ -5344,9 +5418,6 @@ +@@ -5356,9 +5430,6 @@ acpi:PHE*: ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH @@ -324,7 +324,7 @@ acpi:PHL*: ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company -@@ -5437,9 +5508,6 @@ +@@ -5449,9 +5520,6 @@ acpi:PNL*: ID_VENDOR_FROM_DATABASE=Panelview, Inc. @@ -334,7 +334,7 @@ acpi:PNR*: ID_VENDOR_FROM_DATABASE=Planar Systems, Inc. -@@ -5575,15 +5643,9 @@ +@@ -5587,15 +5655,9 @@ acpi:PTS*: ID_VENDOR_FROM_DATABASE=Plain Tree Systems Inc @@ -350,7 +350,7 @@ acpi:PVG*: ID_VENDOR_FROM_DATABASE=Proview Global Co., Ltd -@@ -5899,9 +5961,6 @@ +@@ -5911,9 +5973,6 @@ acpi:RTI*: ID_VENDOR_FROM_DATABASE=Rancho Tech Inc @@ -360,7 +360,7 @@ acpi:RTL*: ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd -@@ -6070,9 +6129,6 @@ +@@ -6085,9 +6144,6 @@ acpi:SEE*: ID_VENDOR_FROM_DATABASE=SeeColor Corporation @@ -370,7 +370,7 @@ acpi:SEI*: ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc -@@ -6541,6 +6597,9 @@ +@@ -6559,6 +6615,9 @@ acpi:SVD*: ID_VENDOR_FROM_DATABASE=SVD Computer @@ -380,7 +380,7 @@ acpi:SVI*: ID_VENDOR_FROM_DATABASE=Sun Microsystems -@@ -6625,6 +6684,9 @@ +@@ -6643,6 +6702,9 @@ acpi:SZM*: ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd @@ -390,7 +390,7 @@ acpi:TAA*: ID_VENDOR_FROM_DATABASE=Tandberg -@@ -6715,6 +6777,9 @@ +@@ -6733,6 +6795,9 @@ acpi:TDG*: ID_VENDOR_FROM_DATABASE=Six15 Technologies @@ -400,7 +400,7 @@ acpi:TDM*: ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc -@@ -6757,6 +6822,9 @@ +@@ -6775,6 +6840,9 @@ acpi:TEV*: ID_VENDOR_FROM_DATABASE=Televés, S.A. @@ -410,7 +410,7 @@ acpi:TEZ*: ID_VENDOR_FROM_DATABASE=Tech Source Inc. -@@ -6880,9 +6948,6 @@ +@@ -6898,9 +6966,6 @@ acpi:TNC*: ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd @@ -420,7 +420,7 @@ acpi:TNM*: ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA -@@ -7192,14 +7257,14 @@ +@@ -7210,14 +7275,14 @@ acpi:UNC*: ID_VENDOR_FROM_DATABASE=Unisys Corporation @@ -441,7 +441,7 @@ acpi:UNI*: ID_VENDOR_FROM_DATABASE=Uniform Industry Corp. -@@ -7234,6 +7299,9 @@ +@@ -7252,6 +7317,9 @@ acpi:USA*: ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG @@ -451,7 +451,7 @@ acpi:USD*: ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation -@@ -7489,9 +7557,6 @@ +@@ -7507,9 +7575,6 @@ acpi:WAL*: ID_VENDOR_FROM_DATABASE=Wave Access @@ -461,7 +461,7 @@ acpi:WAV*: ID_VENDOR_FROM_DATABASE=Wavephore -@@ -7616,7 +7681,7 @@ +@@ -7634,7 +7699,7 @@ ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC acpi:WYS*: @@ -470,7 +470,7 @@ acpi:WYT*: ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd. -@@ -7630,9 +7695,6 @@ +@@ -7648,9 +7713,6 @@ acpi:XDM*: ID_VENDOR_FROM_DATABASE=XDM Ltd. @@ -480,7 +480,7 @@ acpi:XES*: ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc. -@@ -7663,9 +7725,6 @@ +@@ -7681,9 +7743,6 @@ acpi:XNT*: ID_VENDOR_FROM_DATABASE=XN Technologies, Inc. @@ -490,7 +490,7 @@ acpi:XQU*: ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD -@@ -7732,6 +7791,9 @@ +@@ -7750,6 +7809,9 @@ acpi:ZBX*: ID_VENDOR_FROM_DATABASE=Zebax Technologies diff --git a/hwdb.d/20-pci-classes.hwdb b/hwdb.d/20-pci-classes.hwdb index 3dca78b05f9..52603ebadd5 100644 --- a/hwdb.d/20-pci-classes.hwdb +++ b/hwdb.d/20-pci-classes.hwdb @@ -612,7 +612,7 @@ pci:v*d*sv*sd*bc12sc00* ID_PCI_SUBCLASS_FROM_DATABASE=Processing accelerators pci:v*d*sv*sd*bc12sc01* - ID_PCI_SUBCLASS_FROM_DATABASE=AI Inference Accelerator + ID_PCI_SUBCLASS_FROM_DATABASE=SNIA Smart Data Accelerator Interface (SDXI) controller pci:v*d*sv*sd*bc13* ID_PCI_CLASS_FROM_DATABASE=Non-Essential Instrumentation diff --git a/hwdb.d/20-pci-vendor-model.hwdb b/hwdb.d/20-pci-vendor-model.hwdb index 745f5545c89..b55bd823273 100644 --- a/hwdb.d/20-pci-vendor-model.hwdb +++ b/hwdb.d/20-pci-vendor-model.hwdb @@ -212,12 +212,42 @@ pci:v00000731d00007200sv00000731sd00007214* pci:v00000731d00007200sv00000731sd00007215* ID_MODEL_FROM_DATABASE=JM7200 Series GPU (JM7200) +pci:v00000731d00009100* + ID_MODEL_FROM_DATABASE=JM9100 + +pci:v00000731d00009100sv00000731sd00009101* + ID_MODEL_FROM_DATABASE=JM9100 + +pci:v00000731d00009100sv00000731sd00009102* + ID_MODEL_FROM_DATABASE=JM9100 (-I) + +pci:v00000731d0000910A* + ID_MODEL_FROM_DATABASE=JH910 + +pci:v00000731d0000910Asv00000731sd0000910A* + ID_MODEL_FROM_DATABASE=JH910 + +pci:v00000731d0000910Asv00000731sd0000910B* + ID_MODEL_FROM_DATABASE=JH910 (-I) + +pci:v00000731d0000910Asv00000731sd0000910C* + ID_MODEL_FROM_DATABASE=JH910 (-M) + pci:v00000731d00009200* ID_MODEL_FROM_DATABASE=JM9200 pci:v00000731d0000920A* ID_MODEL_FROM_DATABASE=JH920 +pci:v00000731d0000920Asv00000731sd0000920A* + ID_MODEL_FROM_DATABASE=JH920 + +pci:v00000731d0000920Asv00000731sd0000920B* + ID_MODEL_FROM_DATABASE=JH920 (-I) + +pci:v00000731d0000920Asv00000731sd0000920C* + ID_MODEL_FROM_DATABASE=JH920 (-M) + pci:v00000731d0000920B* ID_MODEL_FROM_DATABASE=JH920-I @@ -227,21 +257,42 @@ pci:v00000731d0000920C* pci:v00000731d00009210* ID_MODEL_FROM_DATABASE=JM9210 +pci:v00000731d00009210sv00000731sd00009210* + ID_MODEL_FROM_DATABASE=JM9210 + +pci:v00000731d00009210sv00000731sd00009211* + ID_MODEL_FROM_DATABASE=JM9210 (-I) + pci:v00000731d00009211* ID_MODEL_FROM_DATABASE=JM9210-I pci:v00000731d00009230* ID_MODEL_FROM_DATABASE=JM9230 +pci:v00000731d00009230sv00000731sd00009230* + ID_MODEL_FROM_DATABASE=JM9230 + +pci:v00000731d00009230sv00000731sd00009231* + ID_MODEL_FROM_DATABASE=JM9230 (-I) + pci:v00000731d00009231* ID_MODEL_FROM_DATABASE=JM9231-I pci:v00000731d00009250* ID_MODEL_FROM_DATABASE=JM9250 +pci:v00000731d00009250sv00000731sd00009250* + ID_MODEL_FROM_DATABASE=JM9250 + pci:v00000731d0000930A* ID_MODEL_FROM_DATABASE=JH930-I +pci:v00000731d0000930Asv00000731sd0000930A* + ID_MODEL_FROM_DATABASE=JH930-I + +pci:v00000731d0000930Asv00000731sd0000930B* + ID_MODEL_FROM_DATABASE=JH930-I (JH930-M) + pci:v00000731d0000930B* ID_MODEL_FROM_DATABASE=JH930-M @@ -1871,6 +1922,9 @@ pci:v00001000d00000087sv00001000sd00003060* pci:v00001000d00000087sv00001014sd00000472* ID_MODEL_FROM_DATABASE=SAS2308 PCI-Express Fusion-MPT SAS-2 (N2125 External Host Bus Adapter) +pci:v00001000d00000087sv00001014sd0000047A* + ID_MODEL_FROM_DATABASE=SAS2308 PCI-Express Fusion-MPT SAS-2 (N2115 Internal Host Bus Adapter) + pci:v00001000d00000087sv00001590sd00000041* ID_MODEL_FROM_DATABASE=SAS2308 PCI-Express Fusion-MPT SAS-2 (H220i) @@ -2040,34 +2094,34 @@ pci:v00001000d000000A5sv00001000sd000046D0* ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (eHBA 9600-8i8e Tri-Mode Storage Adapter) pci:v00001000d000000A5sv00001028sd00002114* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965 Adapter) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965i Adapter) pci:v00001000d000000A5sv00001028sd00002115* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965 Front) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965i Front) pci:v00001000d000000A5sv00001028sd00002117* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965 MX) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965i MX) pci:v00001000d000000A5sv00001028sd0000213A* ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H965e Adapter) pci:v00001000d000000A5sv00001028sd0000213B* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765 Adapter) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765i Adapter) pci:v00001000d000000A5sv00001028sd0000213C* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765 Front) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765i Front) pci:v00001000d000000A5sv00001028sd0000213D* ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765N Front) pci:v00001000d000000A5sv00001028sd0000213E* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765 MX) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H765i MX) pci:v00001000d000000A5sv00001028sd0000213F* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H365 Adapter) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H365i Adapter) pci:v00001000d000000A5sv00001028sd00002140* - ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H365 Front) + ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H365i Front) pci:v00001000d000000A5sv00001028sd00002141* ID_MODEL_FROM_DATABASE=Fusion-MPT 24GSAS/PCIe SAS40xx (PERC H360 MX) @@ -2297,9 +2351,15 @@ pci:v00001000d000000E6sv00001028sd0000200D* pci:v00001000d000000E6sv00001028sd0000200E* ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (HBA350i MX) +pci:v00001000d000000E6sv00001028sd00002170* + ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (HBA350i MM) + pci:v00001000d000000E6sv00001028sd00002175* ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (HBA350i Adapter) +pci:v00001000d000000E6sv00001028sd00002197* + ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (HBA350i MM LP) + pci:v00001000d000000E6sv00001D49sd00000205* ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (ThinkSystem 440-16i SAS/SATA PCIe Gen4 12Gb Internal HBA) @@ -2316,10 +2376,10 @@ pci:v00001000d000000E6sv00001D49sd00000209* ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (ThinkSystem 440-8e SAS/SATA PCIe Gen4 12Gb HBA) pci:v00001000d000000E6sv00008086sd00004050* - ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (Storage Controller RS3P4QF160F) + ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (Storage Controller RS3P4QF160J) pci:v00001000d000000E6sv00008086sd00004070* - ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (Storage Controller RS3P4GF016F) + ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Secure SAS38xx (Storage Controller RS3P4GF016J) pci:v00001000d000000E7* ID_MODEL_FROM_DATABASE=Fusion-MPT 12GSAS/PCIe Unsupported SAS38xx @@ -2615,6 +2675,9 @@ pci:v00001000d000010E2* pci:v00001000d000010E2sv00001000sd00004000* ID_MODEL_FROM_DATABASE=MegaRAID 12GSAS/PCIe Secure SAS39xx (MegaRAID 9560-16i) +pci:v00001000d000010E2sv00001000sd00004002* + ID_MODEL_FROM_DATABASE=MegaRAID 12GSAS/PCIe Secure SAS39xx (MegaRAID 9561-16i) + pci:v00001000d000010E2sv00001000sd00004010* ID_MODEL_FROM_DATABASE=MegaRAID 12GSAS/PCIe Secure SAS39xx (MegaRAID 9560-8i) @@ -2705,6 +2768,9 @@ pci:v00001000d000010E6sv00001028sd00002174* pci:v00001000d000010E6sv00001028sd00002177* ID_MODEL_FROM_DATABASE=MegaRAID 12GSAS/PCIe Secure SAS38xx (PERC H350 Adapter) +pci:v00001000d000010E6sv00001028sd00002199* + ID_MODEL_FROM_DATABASE=MegaRAID 12GSAS/PCIe Secure SAS38xx (PERC H350 Mini LP) + pci:v00001000d000010E6sv00001D49sd00000505* ID_MODEL_FROM_DATABASE=MegaRAID 12GSAS/PCIe Secure SAS38xx (ThinkSystem RAID 540-8i PCIe Gen4 12Gb Adapter) @@ -2768,6 +2834,9 @@ pci:v00001000d0000C012* pci:v00001000d0000C012sv00001D49sd00000003* ID_MODEL_FROM_DATABASE=PEX880xx PCIe Gen 4 Switch (ThinkSystem 1611-8P PCIe Gen4 NVMe Switch Adapter) +pci:v00001000d0000C030* + ID_MODEL_FROM_DATABASE=PEX890xx PCIe Gen 5 Switch + pci:v00001001* ID_VENDOR_FROM_DATABASE=Kolter Electronic @@ -2985,7 +3054,10 @@ pci:v00001002d00001638* ID_MODEL_FROM_DATABASE=Cezanne pci:v00001002d0000163F* - ID_MODEL_FROM_DATABASE=VanGogh + ID_MODEL_FROM_DATABASE=VanGogh [AMD Custom GPU 0405] + +pci:v00001002d00001640* + ID_MODEL_FROM_DATABASE=Rembrandt Radeon High Definition Audio Controller pci:v00001002d0000164C* ID_MODEL_FROM_DATABASE=Lucienne @@ -2994,7 +3066,7 @@ pci:v00001002d0000164D* ID_MODEL_FROM_DATABASE=Rembrandt pci:v00001002d00001681* - ID_MODEL_FROM_DATABASE=Rembrandt + ID_MODEL_FROM_DATABASE=Rembrandt [Radeon 680M] pci:v00001002d00001714* ID_MODEL_FROM_DATABASE=BeaverCreek HDMI Audio [Radeon HD 6500D and 6400G-6600G series] @@ -5889,13 +5961,16 @@ pci:v00001002d00006611sv00001B0Asd000090D3* ID_MODEL_FROM_DATABASE=Oland [Radeon HD 8570 / R5 430 OEM / R7 240/340 / Radeon 520 OEM] (Radeon R7 240 OEM) pci:v00001002d00006613* - ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340] + ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340 / Radeon 520] pci:v00001002d00006613sv0000148Csd00007340* - ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340] (Radeon R7 340) + ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340 / Radeon 520] (Radeon R7 340) pci:v00001002d00006613sv00001682sd00007240* - ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340] (R7 240 2048 MB) + ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340 / Radeon 520] (R7 240 2048 MB) + +pci:v00001002d00006613sv00001DCFsd00003000* + ID_MODEL_FROM_DATABASE=Oland PRO [Radeon R7 240/340 / Radeon 520] pci:v00001002d00006631* ID_MODEL_FROM_DATABASE=Oland @@ -10976,18 +11051,27 @@ pci:v00001002d000073A3* pci:v00001002d000073A4* ID_MODEL_FROM_DATABASE=Navi 21 USB +pci:v00001002d000073A5* + ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6950 XT] + pci:v00001002d000073AB* ID_MODEL_FROM_DATABASE=Navi 21 Pro-XLA [Radeon Pro W6800X/Radeon Pro W6800X Duo] pci:v00001002d000073AF* ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6900 XT] +pci:v00001002d000073AFsv0000148Csd00002414* + ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6900 XT] (Navi 21 XTXH [PowerColor Red Devil RX 6900 XT Ultimate]) + pci:v00001002d000073BF* ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6800/6800 XT / 6900 XT] pci:v00001002d000073BFsv00001002sd00000E3A* ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6800/6800 XT / 6900 XT] (Radeon RX 6900 XT) +pci:v00001002d000073BFsv0000148Csd00002408* + ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6800/6800 XT / 6900 XT] (Red Devil AMD Radeon RX 6900 XT) + pci:v00001002d000073BFsv00001EAEsd00006701* ID_MODEL_FROM_DATABASE=Navi 21 [Radeon RX 6800/6800 XT / 6900 XT] (XFX Speedster MERC 319 AMD Radeon RX 6800 XT Black) @@ -10998,7 +11082,7 @@ pci:v00001002d000073C4* ID_MODEL_FROM_DATABASE=Navi 22 USB pci:v00001002d000073DF* - ID_MODEL_FROM_DATABASE=Navi 22 [Radeon RX 6700/6700 XT / 6800M] + ID_MODEL_FROM_DATABASE=Navi 22 [Radeon RX 6700/6700 XT/6750 XT / 6800M] pci:v00001002d000073E0* ID_MODEL_FROM_DATABASE=Navi 23 @@ -11012,6 +11096,9 @@ pci:v00001002d000073E3* pci:v00001002d000073E4* ID_MODEL_FROM_DATABASE=Navi 23 USB +pci:v00001002d000073EF* + ID_MODEL_FROM_DATABASE=Navi 23 [Radeon RX 6650 XT] + pci:v00001002d000073FF* ID_MODEL_FROM_DATABASE=Navi 23 [Radeon RX 6600/6600 XT/6600M] @@ -11027,6 +11114,12 @@ pci:v00001002d0000740C* pci:v00001002d0000740F* ID_MODEL_FROM_DATABASE=Aldebaran +pci:v00001002d0000743F* + ID_MODEL_FROM_DATABASE=Navi 24 [Radeon RX 6400 / 6500 XT] + +pci:v00001002d0000743Fsv00001DA2sd0000E457* + ID_MODEL_FROM_DATABASE=Navi 24 [Radeon RX 6400 / 6500 XT] (PULSE AMD Radeon RX 6500 XT) + pci:v00001002d00007833* ID_MODEL_FROM_DATABASE=RS350 Host Bridge @@ -12204,7 +12297,7 @@ pci:v00001002d0000AB20* ID_MODEL_FROM_DATABASE=Vega 20 HDMI Audio [Radeon VII] pci:v00001002d0000AB28* - ID_MODEL_FROM_DATABASE=Navi 21 HDMI Audio [Radeon RX 6800/6800 XT / 6900 XT] + ID_MODEL_FROM_DATABASE=Navi 21/23 HDMI/DP Audio Controller pci:v00001002d0000AB38* ID_MODEL_FROM_DATABASE=Navi 10 HDMI Audio @@ -14577,28 +14670,28 @@ pci:v00001022d000015E1sv0000EA50sd0000CE19* ID_MODEL_FROM_DATABASE=Raven USB 3.1 (mCOM10-L1900) pci:v00001022d000015E2* - ID_MODEL_FROM_DATABASE=Raven/Raven2/FireFlight/Renoir Audio Processor + ID_MODEL_FROM_DATABASE=ACP/ACP3X/ACP6x Audio Coprocessor pci:v00001022d000015E2sv000017AAsd00005124* - ID_MODEL_FROM_DATABASE=Raven/Raven2/FireFlight/Renoir Audio Processor (ThinkPad E595) + ID_MODEL_FROM_DATABASE=ACP/ACP3X/ACP6x Audio Coprocessor (ThinkPad E595) pci:v00001022d000015E2sv0000EA50sd0000CE19* - ID_MODEL_FROM_DATABASE=Raven/Raven2/FireFlight/Renoir Audio Processor (mCOM10-L1900) + ID_MODEL_FROM_DATABASE=ACP/ACP3X/ACP6x Audio Coprocessor (mCOM10-L1900) pci:v00001022d000015E3* - ID_MODEL_FROM_DATABASE=Family 17h (Models 10h-1fh) HD Audio Controller + ID_MODEL_FROM_DATABASE=Family 17h/19h HD Audio Controller pci:v00001022d000015E3sv0000103Csd00008615* - ID_MODEL_FROM_DATABASE=Family 17h (Models 10h-1fh) HD Audio Controller (Pavilion Laptop 15-cw1xxx) + ID_MODEL_FROM_DATABASE=Family 17h/19h HD Audio Controller (Pavilion Laptop 15-cw1xxx) pci:v00001022d000015E3sv00001043sd000086C7* - ID_MODEL_FROM_DATABASE=Family 17h (Models 10h-1fh) HD Audio Controller (PRIME B450M-A Motherboard) + ID_MODEL_FROM_DATABASE=Family 17h/19h HD Audio Controller (PRIME B450M-A Motherboard) pci:v00001022d000015E3sv000017AAsd00005124* - ID_MODEL_FROM_DATABASE=Family 17h (Models 10h-1fh) HD Audio Controller (ThinkPad E595) + ID_MODEL_FROM_DATABASE=Family 17h/19h HD Audio Controller (ThinkPad E595) pci:v00001022d000015E4* - ID_MODEL_FROM_DATABASE=Raven/Raven2/Renoir Sensor Fusion Hub + ID_MODEL_FROM_DATABASE=Sensor Fusion Hub pci:v00001022d000015E5* ID_MODEL_FROM_DATABASE=Raven2 USB 3.1 @@ -15122,6 +15215,21 @@ pci:v00001022d000043C8* pci:v00001022d000043D5* ID_MODEL_FROM_DATABASE=400 Series Chipset USB 3.1 XHCI Controller +pci:v00001022d000043E9* + ID_MODEL_FROM_DATABASE=500 Series Chipset Switch Upstream Port + +pci:v00001022d000043EB* + ID_MODEL_FROM_DATABASE=500 Series Chipset SATA Controller + +pci:v00001022d000043EBsv00001B21sd00001062* + ID_MODEL_FROM_DATABASE=500 Series Chipset SATA Controller (ASM1062 Serial ATA Controller) + +pci:v00001022d000043EE* + ID_MODEL_FROM_DATABASE=500 Series Chipset USB 3.1 XHCI Controller + +pci:v00001022d000043EEsv00001B21sd00001142* + ID_MODEL_FROM_DATABASE=500 Series Chipset USB 3.1 XHCI Controller (ASM1042A USB 3.0 Host Controller) + pci:v00001022d000057A3* ID_MODEL_FROM_DATABASE=Matisse PCIe GPP Bridge @@ -34004,6 +34112,9 @@ pci:v000010DEd000010F0* pci:v000010DEd000010F1* ID_MODEL_FROM_DATABASE=GP106 High Definition Audio Controller +pci:v000010DEd000010F1sv00001043sd000085B6* + ID_MODEL_FROM_DATABASE=GP106 High Definition Audio Controller (DUAL-GTX1060-O6G [GeForce GTX 1060 6GB Dual]) + pci:v000010DEd000010F7* ID_MODEL_FROM_DATABASE=TU102 High Definition Audio Controller @@ -36092,6 +36203,9 @@ pci:v000010DEd00001C02* pci:v000010DEd00001C03* ID_MODEL_FROM_DATABASE=GP106 [GeForce GTX 1060 6GB] +pci:v000010DEd00001C03sv00001043sd000085B6* + ID_MODEL_FROM_DATABASE=GP106 [GeForce GTX 1060 6GB] (DUAL-GTX1060-O6G [GeForce GTX 1060 6GB Dual]) + pci:v000010DEd00001C04* ID_MODEL_FROM_DATABASE=GP106 [GeForce GTX 1060 5GB] @@ -36488,6 +36602,9 @@ pci:v000010DEd00001F02* pci:v000010DEd00001F02sv00001043sd00008673* ID_MODEL_FROM_DATABASE=TU106 [GeForce RTX 2070] (TURBO RTX 2070) +pci:v000010DEd00001F03* + ID_MODEL_FROM_DATABASE=TU106 [GeForce RTX 2060 12GB] + pci:v000010DEd00001F04* ID_MODEL_FROM_DATABASE=TU106 @@ -36587,6 +36704,12 @@ pci:v000010DEd00001F9C* pci:v000010DEd00001F9D* ID_MODEL_FROM_DATABASE=TU117M [GeForce GTX 1650 Mobile / Max-Q] +pci:v000010DEd00001F9F* + ID_MODEL_FROM_DATABASE=TU117M [GeForce MX550] + +pci:v000010DEd00001FA0* + ID_MODEL_FROM_DATABASE=TU117M [GeForce MX550] + pci:v000010DEd00001FAE* ID_MODEL_FROM_DATABASE=TU117GL @@ -36599,6 +36722,12 @@ pci:v000010DEd00001FB1* pci:v000010DEd00001FB2* ID_MODEL_FROM_DATABASE=TU117GLM [Quadro T400 Mobile] +pci:v000010DEd00001FB6* + ID_MODEL_FROM_DATABASE=TU117GLM [T600 Laptop GPU] + +pci:v000010DEd00001FB7* + ID_MODEL_FROM_DATABASE=TU117GLM [T550 Laptop GPU] + pci:v000010DEd00001FB8* ID_MODEL_FROM_DATABASE=TU117GLM [Quadro T2000 Mobile / Max-Q] @@ -36611,6 +36740,9 @@ pci:v000010DEd00001FBA* pci:v000010DEd00001FBB* ID_MODEL_FROM_DATABASE=TU117GLM [Quadro T500 Mobile] +pci:v000010DEd00001FBC* + ID_MODEL_FROM_DATABASE=TU117GLM [T1200 Laptop GPU] + pci:v000010DEd00001FBF* ID_MODEL_FROM_DATABASE=TU117GL @@ -36620,9 +36752,18 @@ pci:v000010DEd00001FD9* pci:v000010DEd00001FDD* ID_MODEL_FROM_DATABASE=TU117BM [GeForce GTX 1650 Mobile Refresh] +pci:v000010DEd00001FF0* + ID_MODEL_FROM_DATABASE=TU117GL [T1000 8GB] + +pci:v000010DEd00001FF2* + ID_MODEL_FROM_DATABASE=TU117GL [T400 4GB] + pci:v000010DEd00001FF9* ID_MODEL_FROM_DATABASE=TU117GLM [Quadro T1000 Mobile] +pci:v000010DEd00002082* + ID_MODEL_FROM_DATABASE=GA100 [CMP 170HX] + pci:v000010DEd000020B0* ID_MODEL_FROM_DATABASE=GA100 [A100 SXM4 40GB] @@ -36632,6 +36773,9 @@ pci:v000010DEd000020B1* pci:v000010DEd000020B2* ID_MODEL_FROM_DATABASE=GA100 [A100 SXM4 80GB] +pci:v000010DEd000020B3* + ID_MODEL_FROM_DATABASE=GA100 [PG506-242/243] + pci:v000010DEd000020B5* ID_MODEL_FROM_DATABASE=GA100 [A100 PCIe 80GB] @@ -36641,6 +36785,12 @@ pci:v000010DEd000020B6* pci:v000010DEd000020B7* ID_MODEL_FROM_DATABASE=GA100GL [A30 PCIe] +pci:v000010DEd000020B8* + ID_MODEL_FROM_DATABASE=GA100 [A100X] + +pci:v000010DEd000020B9* + ID_MODEL_FROM_DATABASE=GA100 [A30X] + pci:v000010DEd000020BB* ID_MODEL_FROM_DATABASE=GA100 [DRIVE A100 PROD] @@ -36653,9 +36803,15 @@ pci:v000010DEd000020BF* pci:v000010DEd000020C2* ID_MODEL_FROM_DATABASE=GA100 [CMP 170HX] +pci:v000010DEd000020F0* + ID_MODEL_FROM_DATABASE=GA100 [A100-PG506-207] + pci:v000010DEd000020F1* ID_MODEL_FROM_DATABASE=GA100 [A100 PCIe 40GB] +pci:v000010DEd000020F2* + ID_MODEL_FROM_DATABASE=GA100 [A100-PG506-217] + pci:v000010DEd00002182* ID_MODEL_FROM_DATABASE=TU116 [GeForce GTX 1660 Ti] @@ -36698,6 +36854,9 @@ pci:v000010DEd000021D1* pci:v000010DEd00002200* ID_MODEL_FROM_DATABASE=GA102 +pci:v000010DEd00002203* + ID_MODEL_FROM_DATABASE=GA102 [GeForce RTX 3090 Ti] + pci:v000010DEd00002204* ID_MODEL_FROM_DATABASE=GA102 [GeForce RTX 3090] @@ -36722,6 +36881,9 @@ pci:v000010DEd00002206sv00001462sd00003892* pci:v000010DEd00002208* ID_MODEL_FROM_DATABASE=GA102 [GeForce RTX 3080 Ti] +pci:v000010DEd0000220A* + ID_MODEL_FROM_DATABASE=GA102 [GeForce RTX 3080 12GB] + pci:v000010DEd0000220D* ID_MODEL_FROM_DATABASE=GA102 [CMP 90HX] @@ -36743,6 +36905,9 @@ pci:v000010DEd00002231* pci:v000010DEd00002232* ID_MODEL_FROM_DATABASE=GA102GL [RTX A4500] +pci:v000010DEd00002233* + ID_MODEL_FROM_DATABASE=GA102GL [RTX A5500] + pci:v000010DEd00002235* ID_MODEL_FROM_DATABASE=GA102GL [A40] @@ -36752,6 +36917,9 @@ pci:v000010DEd00002236* pci:v000010DEd00002237* ID_MODEL_FROM_DATABASE=GA102GL [A10G] +pci:v000010DEd00002238* + ID_MODEL_FROM_DATABASE=GA102GL [A10M] + pci:v000010DEd0000223F* ID_MODEL_FROM_DATABASE=GA102GL @@ -36767,9 +36935,18 @@ pci:v000010DEd00002302* pci:v000010DEd00002321* ID_MODEL_FROM_DATABASE=GA103 +pci:v000010DEd00002414* + ID_MODEL_FROM_DATABASE=GA103 [GeForce RTX 3060 Ti] + pci:v000010DEd00002420* ID_MODEL_FROM_DATABASE=GA103M [GeForce RTX 3080 Ti Mobile] +pci:v000010DEd00002438* + ID_MODEL_FROM_DATABASE=GA103GLM [RTX A5500 Laptop GPU] + +pci:v000010DEd00002460* + ID_MODEL_FROM_DATABASE=GA103M [GeForce RTX 3080 Ti Laptop GPU] + pci:v000010DEd00002482* ID_MODEL_FROM_DATABASE=GA104 [GeForce RTX 3070 Ti] @@ -36824,6 +37001,9 @@ pci:v000010DEd000024AF* pci:v000010DEd000024B0* ID_MODEL_FROM_DATABASE=GA104GL [RTX A4000] +pci:v000010DEd000024B1* + ID_MODEL_FROM_DATABASE=GA104GL [RTX A4000H] + pci:v000010DEd000024B6* ID_MODEL_FROM_DATABASE=GA104GLM [RTX A5000 Mobile] @@ -36833,6 +37013,15 @@ pci:v000010DEd000024B7* pci:v000010DEd000024B8* ID_MODEL_FROM_DATABASE=GA104GLM [RTX A3000 Mobile] +pci:v000010DEd000024B9* + ID_MODEL_FROM_DATABASE=GA104GLM [RTX A3000 12GB Laptop GPU] + +pci:v000010DEd000024BA* + ID_MODEL_FROM_DATABASE=GA104GLM [RTX A4500 Laptop GPU] + +pci:v000010DEd000024BB* + ID_MODEL_FROM_DATABASE=GA104GLM [RTX A3000 Laptop GPU] + pci:v000010DEd000024BF* ID_MODEL_FROM_DATABASE=GA104 [GeForce RTX 3070 Engineering Sample] @@ -36842,6 +37031,12 @@ pci:v000010DEd000024DC* pci:v000010DEd000024DD* ID_MODEL_FROM_DATABASE=GA104M [GeForce RTX 3070 Mobile / Max-Q] +pci:v000010DEd000024E0* + ID_MODEL_FROM_DATABASE=GA104M [Geforce RTX 3070 Ti Laptop GPU] + +pci:v000010DEd000024FA* + ID_MODEL_FROM_DATABASE=GA104 [RTX A4500 Embedded GPU ] + pci:v000010DEd00002501* ID_MODEL_FROM_DATABASE=GA106 [GeForce RTX 3060] @@ -36854,6 +37049,9 @@ pci:v000010DEd00002504* pci:v000010DEd00002505* ID_MODEL_FROM_DATABASE=GA106 +pci:v000010DEd00002507* + ID_MODEL_FROM_DATABASE=GA106 [Geforce RTX 3050] + pci:v000010DEd00002520* ID_MODEL_FROM_DATABASE=GA106M [GeForce RTX 3060 Mobile / Max-Q] @@ -36863,12 +37061,18 @@ pci:v000010DEd00002523* pci:v000010DEd0000252F* ID_MODEL_FROM_DATABASE=GA106 [GeForce RTX 3060 Engineering Sample] +pci:v000010DEd00002531* + ID_MODEL_FROM_DATABASE=GA106 [RTX A2000] + pci:v000010DEd00002560* ID_MODEL_FROM_DATABASE=GA106M [GeForce RTX 3060 Mobile / Max-Q] pci:v000010DEd00002563* ID_MODEL_FROM_DATABASE=GA106M [GeForce RTX 3050 Ti Mobile / Max-Q] +pci:v000010DEd00002571* + ID_MODEL_FROM_DATABASE=GA106 [RTX A2000 12GB] + pci:v000010DEd00002583* ID_MODEL_FROM_DATABASE=GA107 [GeForce RTX 3050] @@ -36878,21 +37082,45 @@ pci:v000010DEd000025A0* pci:v000010DEd000025A2* ID_MODEL_FROM_DATABASE=GA107M [GeForce RTX 3050 Mobile] +pci:v000010DEd000025A3* + ID_MODEL_FROM_DATABASE=GA107 + pci:v000010DEd000025A4* ID_MODEL_FROM_DATABASE=GA107 pci:v000010DEd000025A5* ID_MODEL_FROM_DATABASE=GA107M [GeForce RTX 3050 Mobile] +pci:v000010DEd000025A6* + ID_MODEL_FROM_DATABASE=GA107M [GeForce MX570] + +pci:v000010DEd000025A7* + ID_MODEL_FROM_DATABASE=GA107M [GeForce MX570] + +pci:v000010DEd000025A9* + ID_MODEL_FROM_DATABASE=GA107M [GeForce RTX 2050] + +pci:v000010DEd000025AA* + ID_MODEL_FROM_DATABASE=GA107M [GeForce MX570 A] + pci:v000010DEd000025AF* ID_MODEL_FROM_DATABASE=GA107 [GeForce RTX 3050 Engineering Sample] pci:v000010DEd000025B5* ID_MODEL_FROM_DATABASE=GA107GLM [RTX A4 Mobile] +pci:v000010DEd000025B6* + ID_MODEL_FROM_DATABASE=GA107GL [A2 / A16] + pci:v000010DEd000025B8* ID_MODEL_FROM_DATABASE=GA107GLM [RTX A2000 Mobile] +pci:v000010DEd000025B9* + ID_MODEL_FROM_DATABASE=GA107GLM [RTX A1000 Laptop GPU] + +pci:v000010DEd000025BA* + ID_MODEL_FROM_DATABASE=GA107GLM [RTX A2000 8GB Laptop GPU] + pci:v000010DEd000025E0* ID_MODEL_FROM_DATABASE=GA107BM [GeForce RTX 3050 Ti Mobile] @@ -36902,6 +37130,12 @@ pci:v000010DEd000025E2* pci:v000010DEd000025E5* ID_MODEL_FROM_DATABASE=GA107BM [GeForce RTX 3050 Mobile] +pci:v000010DEd000025F9* + ID_MODEL_FROM_DATABASE=GA107 [RTX A1000 Embedded GPU ] + +pci:v000010DEd000025FA* + ID_MODEL_FROM_DATABASE=GA107 [RTX A2000 Embedded GPU] + pci:v000010DF* ID_VENDOR_FROM_DATABASE=Emulex Corporation @@ -37022,6 +37256,9 @@ pci:v000010DFd0000E300sv00001014sd00000614* pci:v000010DFd0000E300sv00001014sd00000615* ID_MODEL_FROM_DATABASE=LPe31000/LPe32000 Series 16Gb/32Gb Fibre Channel Adapter (PCIe3 2-Port 32Gb Fibre Channel Adapter for POWER (FC EN1A/EN1B; CCIN 578F)) +pci:v000010DFd0000E300sv00001014sd000006A0* + ID_MODEL_FROM_DATABASE=LPe31000/LPe32000 Series 16Gb/32Gb Fibre Channel Adapter (PCIe3 2-Port 16Gb Fibre Channel Adapter for POWER (FC EN1L/EN1M; CCIN 2CFC)) + pci:v000010DFd0000E300sv000010DFsd0000E300* ID_MODEL_FROM_DATABASE=LPe31000/LPe32000 Series 16Gb/32Gb Fibre Channel Adapter (LPe32002-M2 2-Port 32Gb Fibre Channel Adapter) @@ -37181,6 +37418,12 @@ pci:v000010DFd0000F400sv000010DFsd0000F418* pci:v000010DFd0000F400sv000010DFsd0000F419* ID_MODEL_FROM_DATABASE=LPe35000/LPe36000 Series 32Gb/64Gb Fibre Channel Adapter (LPe35002-M2-L 2-Port 32Gb PCIe Fibre Channel Adapter) +pci:v000010DFd0000F400sv000010DFsd0000F421* + ID_MODEL_FROM_DATABASE=LPe35000/LPe36000 Series 32Gb/64Gb Fibre Channel Adapter (LPe36002-M2-L 2-Port 64Gb PCIe Fibre Channel Adapter) + +pci:v000010DFd0000F400sv000010DFsd0000F422* + ID_MODEL_FROM_DATABASE=LPe35000/LPe36000 Series 32Gb/64Gb Fibre Channel Adapter (LPe36002-M64-D 2-Port 64Gb Fibre Channel Adapter) + pci:v000010DFd0000F400sv00001590sd000002D5* ID_MODEL_FROM_DATABASE=LPe35000/LPe36000 Series 32Gb/64Gb Fibre Channel Adapter (StoreFabric SN1610E 1-Port 32Gb Fibre Channel Adapter) @@ -37190,6 +37433,12 @@ pci:v000010DFd0000F400sv00001590sd000002D6* pci:v000010DFd0000F500* ID_MODEL_FROM_DATABASE=LPe37000/LPe38000 Series 32Gb/64Gb Fibre Channel Adapter +pci:v000010DFd0000F500sv00001014sd000006C1* + ID_MODEL_FROM_DATABASE=LPe37000/LPe38000 Series 32Gb/64Gb Fibre Channel Adapter (PCIe4 4-Port 32Gb Fibre Channel Adapter for POWER (FC EN1L/EN1M; CCIN 2CFC)) + +pci:v000010DFd0000F500sv00001014sd000006C2* + ID_MODEL_FROM_DATABASE=LPe37000/LPe38000 Series 32Gb/64Gb Fibre Channel Adapter (PCIe4 2-Port 64Gb Fibre Channel Adapter for POWER (FC EN1N/EN1P; CCIN 2CFD)) + pci:v000010DFd0000F700* ID_MODEL_FROM_DATABASE=LP7000 Fibre Channel Host Adapter @@ -37586,6 +37835,9 @@ pci:v000010ECd0000525Asv000017AAsd0000224F* pci:v000010ECd00005260* ID_MODEL_FROM_DATABASE=RTS5260 PCI Express Card Reader +pci:v000010ECd00005261* + ID_MODEL_FROM_DATABASE=RTS5261 PCI Express Card Reader + pci:v000010ECd00005286* ID_MODEL_FROM_DATABASE=RTS5286 PCI Express Card Reader @@ -37889,6 +38141,9 @@ pci:v000010ECd00008168sv0000103Csd0000825B* pci:v000010ECd00008168sv0000103Csd00008615* ID_MODEL_FROM_DATABASE=RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (Pavilion Laptop 15-cw1xxx) +pci:v000010ECd00008168sv0000103Csd00008882* + ID_MODEL_FROM_DATABASE=RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (HP ProDesk 405 G8 Desktop Mini PC) + pci:v000010ECd00008168sv00001043sd000011F5* ID_MODEL_FROM_DATABASE=RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (Notebook motherboard (one of many models)) @@ -40556,6 +40811,9 @@ pci:v00001106d00009140* pci:v00001106d00009201* ID_MODEL_FROM_DATABASE=USB3.0 Controller +pci:v00001106d00009380* + ID_MODEL_FROM_DATABASE=Ncore Coprocessor + pci:v00001106d00009530* ID_MODEL_FROM_DATABASE=VX800/820/900 Series Secure Digital Memory Card Controller @@ -46802,6 +47060,9 @@ pci:v000011F8d00008535* pci:v000011F8d00008536* ID_MODEL_FROM_DATABASE=PM8536 PFX 96xG3 PCIe Fanout Switch +pci:v000011F8d00008536sv00001BD4sd00000081* + ID_MODEL_FROM_DATABASE=PM8536 PFX 96xG3 PCIe Fanout Switch + pci:v000011F8d00008546* ID_MODEL_FROM_DATABASE=PM8546 B-FEIP PSX 96xG3 PCIe Storage Switch @@ -49715,6 +49976,9 @@ pci:v000012D8d00000508* pci:v000012D8d00002304* ID_MODEL_FROM_DATABASE=PI7C9X2G304 EL/SL PCIe2 3-Port/4-Lane Packet Switch +pci:v000012D8d00002308* + ID_MODEL_FROM_DATABASE=PI7C9X2G308GP 8-lane PCI Express 2.0 Switch with 3 PCI Express ports + pci:v000012D8d00002404* ID_MODEL_FROM_DATABASE=PI7C9X2G404 EL/SL PCIe2 4-Port/4-Lane Packet Switch @@ -50660,6 +50924,12 @@ pci:v00001344d00005191* pci:v00001344d00005192* ID_MODEL_FROM_DATABASE=9200 MAX NVMe SSD +pci:v00001344d000051A2* + ID_MODEL_FROM_DATABASE=9300 PRO NVMe SSD + +pci:v00001344d000051A3* + ID_MODEL_FROM_DATABASE=9300 MAX NVMe SSD + pci:v00001345* ID_VENDOR_FROM_DATABASE=Arescom Inc @@ -51683,6 +51953,12 @@ pci:v000013A3d00000037* pci:v000013A3d00000037sv000013A3sd00000036* ID_MODEL_FROM_DATABASE=8204 Acceleration Processor (DX1740 Acceleration Card) +pci:v000013A3d00009240* + ID_MODEL_FROM_DATABASE=XR9240 Compression and Security Coprocessor [Panther II] + +pci:v000013A3d00009240sv000013A3sd00009200* + ID_MODEL_FROM_DATABASE=XR9240 Compression and Security Coprocessor [Panther II] (DX2040 Compression and Security Acceleration Card [Panther II]) + pci:v000013A4* ID_VENDOR_FROM_DATABASE=Rascom Inc @@ -56477,9 +56753,18 @@ pci:v000014C2* pci:v000014C3* ID_VENDOR_FROM_DATABASE=MEDIATEK Corp. +pci:v000014C3d00000608* + ID_MODEL_FROM_DATABASE=RZ608 Wi-Fi 6E 80MHz + +pci:v000014C3d00000616* + ID_MODEL_FROM_DATABASE=MT7922 802.11ax PCI Express Wireless Network Adapter + pci:v000014C3d00007612* ID_MODEL_FROM_DATABASE=MT7612E 802.11acbgn PCI Express Wireless Network Adapter +pci:v000014C3d00007615* + ID_MODEL_FROM_DATABASE=MT7615E 802.11ac PCI Express Wireless Network Adapter + pci:v000014C3d00007630* ID_MODEL_FROM_DATABASE=MT7630e 802.11bgn Wireless Network Adapter @@ -56489,6 +56774,9 @@ pci:v000014C3d00007662* pci:v000014C3d00007915* ID_MODEL_FROM_DATABASE=MT7915E 802.11ax PCI Express Wireless Network Adapter +pci:v000014C3d00007961* + ID_MODEL_FROM_DATABASE=MT7921 802.11ax PCI Express Wireless Network Adapter + pci:v000014C4* ID_VENDOR_FROM_DATABASE=IWASAKI Information Systems Co Ltd @@ -57503,6 +57791,12 @@ pci:v000014E4d00001688sv00001259sd00002708* pci:v000014E4d0000168A* ID_MODEL_FROM_DATABASE=NetXtreme II BCM57800 1/10 Gigabit Ethernet +pci:v000014E4d0000168Asv00001014sd00000493* + ID_MODEL_FROM_DATABASE=NetXtreme II BCM57800 1/10 Gigabit Ethernet (PCIe2 LP 4-Port (10Gb+1GbE) SR+RJ45 Adapter (FC EN0T; CCIN 2CC3)) + +pci:v000014E4d0000168Asv00001014sd00000494* + ID_MODEL_FROM_DATABASE=NetXtreme II BCM57800 1/10 Gigabit Ethernet (PCIe2 LP 4-Port (10Gb+1GbE) SR+RJ45 Adapter (FC EN0T; CCIN 2CC3)) + pci:v000014E4d0000168Asv00001028sd00001F5C* ID_MODEL_FROM_DATABASE=NetXtreme II BCM57800 1/10 Gigabit Ethernet (BCM57800 10-Gigabit Ethernet) @@ -58010,6 +58304,9 @@ pci:v000014E4d000016D6sv0000152Dsd00008B20* pci:v000014E4d000016D6sv0000152Dsd00008B22* ID_MODEL_FROM_DATABASE=BCM57412 NetXtreme-E 10Gb RDMA Ethernet Controller (BCM57412 NetXtreme-E 25Gb RDMA Ethernet Controller) +pci:v000014E4d000016D6sv0000193Dsd00001024* + ID_MODEL_FROM_DATABASE=BCM57412 NetXtreme-E 10Gb RDMA Ethernet Controller (NIC-ETH531F-LP-2P) + pci:v000014E4d000016D7* ID_MODEL_FROM_DATABASE=BCM57414 NetXtreme-E 10Gb/25Gb RDMA Ethernet Controller @@ -59060,6 +59357,9 @@ pci:v000014E4d0000A8D8* pci:v000014E4d0000AA52* ID_MODEL_FROM_DATABASE=BCM43602 802.11ac Wireless LAN SoC +pci:v000014E4d0000B080* + ID_MODEL_FROM_DATABASE=BCM56080 Firelight2 Switch ASIC + pci:v000014E4d0000B302* ID_MODEL_FROM_DATABASE=BCM56302 StrataXGS 24x1GE 2x10GE Switch Controller @@ -61079,6 +61379,9 @@ pci:v000015ADd000007C0* pci:v000015ADd000007E0* ID_MODEL_FROM_DATABASE=SATA AHCI controller +pci:v000015ADd000007F0* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller + pci:v000015ADd00000801* ID_MODEL_FROM_DATABASE=Virtual Machine Interface @@ -61178,6 +61481,12 @@ pci:v000015B3d0000021E* pci:v000015B3d0000021F* ID_MODEL_FROM_DATABASE=CX8 Family [ConnectX-8 Secure Flash Recovery] +pci:v000015B3d00000220* + ID_MODEL_FROM_DATABASE=BF4 Family Flash Recovery [BlueField-4 SoC Flash Recovery] + +pci:v000015B3d00000221* + ID_MODEL_FROM_DATABASE=BF4 Family Secure Flash Recovery [BlueField-4 Secure Flash Recovery] + pci:v000015B3d0000024E* ID_MODEL_FROM_DATABASE=MT53100 [Spectrum-2, Flash recovery mode] @@ -61211,6 +61520,9 @@ pci:v000015B3d00000257* pci:v000015B3d00000258* ID_MODEL_FROM_DATABASE=Quantum-2 RMA +pci:v000015B3d00000259* + ID_MODEL_FROM_DATABASE=Abir Chiplet + pci:v000015B3d00000262* ID_MODEL_FROM_DATABASE=MT27710 [ConnectX-4 Lx Programmable] EN @@ -61232,6 +61544,9 @@ pci:v000015B3d00000274* pci:v000015B3d00000275* ID_MODEL_FROM_DATABASE=Spectrum-4C RMA +pci:v000015B3d00000277* + ID_MODEL_FROM_DATABASE=Spectrum-4TOR RMA + pci:v000015B3d00000281* ID_MODEL_FROM_DATABASE=NPS-600 Flash Recovery @@ -61727,6 +62042,15 @@ pci:v000015B3d0000A2DB* pci:v000015B3d0000A2DC* ID_MODEL_FROM_DATABASE=MT43244 BlueField-3 integrated ConnectX-7 network controller +pci:v000015B3d0000A2DD* + ID_MODEL_FROM_DATABASE=BF4 Family Crypto enabled [BlueField-4 SoC Crypto enabled] + +pci:v000015B3d0000A2DE* + ID_MODEL_FROM_DATABASE=BF4 Family Crypto disabled [BlueField-4 SoC Crypto disabled] + +pci:v000015B3d0000A2DF* + ID_MODEL_FROM_DATABASE=BF4 Family integrated network controller [BlueField-4 integrated network controller] + pci:v000015B3d0000C2D2* ID_MODEL_FROM_DATABASE=MT416842 BlueField SoC management interfac @@ -61739,6 +62063,9 @@ pci:v000015B3d0000C2D4* pci:v000015B3d0000C2D5* ID_MODEL_FROM_DATABASE=MT43244 BlueField-3 SoC Management Interface +pci:v000015B3d0000C2D6* + ID_MODEL_FROM_DATABASE=BF4 Family Management Interface [BlueField-4 SoC Management Interface] + pci:v000015B3d0000C738* ID_MODEL_FROM_DATABASE=MT51136 @@ -62019,10 +62346,10 @@ pci:v000015CE* ID_VENDOR_FROM_DATABASE=Genrad Inc pci:v000015CF* - ID_VENDOR_FROM_DATABASE=Hilscher GmbH + ID_VENDOR_FROM_DATABASE=Hilscher Gesellschaft für Systemautomation mbH pci:v000015CFd00000000* - ID_MODEL_FROM_DATABASE=CIFX 50E-DP(M/S) + ID_MODEL_FROM_DATABASE=CIFX PCI/PCIe pci:v000015D1* ID_VENDOR_FROM_DATABASE=Infineon Technologies AG @@ -64556,6 +64883,48 @@ pci:v0000177Dd0000A037* pci:v0000177Dd0000A040* ID_MODEL_FROM_DATABASE=THUNDERX CPT Cryptographic Accelerator +pci:v0000177Dd0000A059* + ID_MODEL_FROM_DATABASE=Octeon TX2 CGX (MAC) + +pci:v0000177Dd0000A060* + ID_MODEL_FROM_DATABASE=Octeon 10 RPM (MAC) + +pci:v0000177Dd0000A061* + ID_MODEL_FROM_DATABASE=Octeon Tx2 Loopback Interface (LBK) + +pci:v0000177Dd0000A063* + ID_MODEL_FROM_DATABASE=Octeon Tx2 RVU Physical Function + +pci:v0000177Dd0000A064* + ID_MODEL_FROM_DATABASE=Octeon Tx2 RVU Virtual Function + +pci:v0000177Dd0000A065* + ID_MODEL_FROM_DATABASE=Octeon Tx2 RVU Admin Function + +pci:v0000177Dd0000A09E* + ID_MODEL_FROM_DATABASE=Octeon 10 PTP controller + +pci:v0000177Dd0000A0F2* + ID_MODEL_FROM_DATABASE=Octeon 10 CPT Cryptographic Accelerator, Physical function + +pci:v0000177Dd0000A0F3* + ID_MODEL_FROM_DATABASE=Octeon 10 CPT Cryptographic Accelerator, Virtual function + +pci:v0000177Dd0000A0F6* + ID_MODEL_FROM_DATABASE=Octeon Tx2 SDP Physical Function + +pci:v0000177Dd0000A0F7* + ID_MODEL_FROM_DATABASE=Octeon Tx2 SDP Virtual Function + +pci:v0000177Dd0000A0F8* + ID_MODEL_FROM_DATABASE=Octeon Tx2 Loopback Interface Virtual Function (LBKVF) + +pci:v0000177Dd0000A0FD* + ID_MODEL_FROM_DATABASE=Octeon Tx2 CPT Cryptographic Accelerator, Physical function + +pci:v0000177Dd0000A0FE* + ID_MODEL_FROM_DATABASE=Octeon Tx2 CPT Cryptographic Accelerator, Virtual function + pci:v0000177Dd0000A100* ID_MODEL_FROM_DATABASE=THUNDERX CN88XX 48 core SoC @@ -64869,7 +65238,13 @@ pci:v000017CBd00001000* ID_MODEL_FROM_DATABASE=QCS405 PCIe Root Complex pci:v000017CBd00001101* - ID_MODEL_FROM_DATABASE=QCA6390 Wireless Network Adapter [AX500-DBS (2x2)] + ID_MODEL_FROM_DATABASE=QCA6390 Wireless Network Adapter + +pci:v000017CBd00001103* + ID_MODEL_FROM_DATABASE=QCNFA765 Wireless Network Adapter + +pci:v000017CBd00001104* + ID_MODEL_FROM_DATABASE=QCN6024/9024/9074 Wireless Network Adapter pci:v000017CC* ID_VENDOR_FROM_DATABASE=NetChip Technology, Inc @@ -67367,6 +67742,12 @@ pci:v00001974d00000018* pci:v00001974d00000019* ID_MODEL_FROM_DATABASE=FlexCard PCIe3 +pci:v00001974d0000001A* + ID_MODEL_FROM_DATABASE=FlexCard PXIe Ethernet + +pci:v00001974d0000001B* + ID_MODEL_FROM_DATABASE=FlexCard PCIe Ethernet + pci:v00001976* ID_VENDOR_FROM_DATABASE=TRENDnet @@ -68339,6 +68720,21 @@ pci:v00001AA8d00000009* pci:v00001AA8d0000000A* ID_MODEL_FROM_DATABASE=RAIDCore Controller +pci:v00001AA9* + ID_VENDOR_FROM_DATABASE=Schweitzer Engineering Laboratories + +pci:v00001AA9d0000000D* + ID_MODEL_FROM_DATABASE=SEL-3390S8 Serial Adapter + +pci:v00001AA9d0000000E* + ID_MODEL_FROM_DATABASE=SEL-3390E4 Ethernet Adapter + +pci:v00001AA9d00000014* + ID_MODEL_FROM_DATABASE=SEL-3390T Time and Ethernet Adapter + +pci:v00001AA9d00000018* + ID_MODEL_FROM_DATABASE=SEL-3390E4 Ethernet Adapter + pci:v00001AAE* ID_VENDOR_FROM_DATABASE=Global Velocity, Inc. @@ -68483,6 +68879,9 @@ pci:v00001AE8d00000A58* pci:v00001AE8d00000A5A* ID_MODEL_FROM_DATABASE=microEnable 5 AD8-CL +pci:v00001AE8d00000A64* + ID_MODEL_FROM_DATABASE=imaWorx CXP-12 Quad + pci:v00001AE8d00000B52* ID_MODEL_FROM_DATABASE=mE5 Abacus 4G Base @@ -68732,6 +69131,9 @@ pci:v00001B21d00001080sv00001849sd00001080* pci:v00001B21d00001142* ID_MODEL_FROM_DATABASE=ASM1042A USB 3.0 Host Controller +pci:v00001B21d00001166* + ID_MODEL_FROM_DATABASE=ASM1166 Serial ATA Controller + pci:v00001B21d00001182* ID_MODEL_FROM_DATABASE=ASM1182e 2-Port PCIe x1 Gen2 Packet Switch @@ -68744,12 +69146,18 @@ pci:v00001B21d00001184* pci:v00001B21d00001184sv00001849sd00001184* ID_MODEL_FROM_DATABASE=ASM1184e 4-Port PCIe x1 Gen2 Packet Switch +pci:v00001B21d00001187* + ID_MODEL_FROM_DATABASE=ASM1187e 7-Port PCIe x1 Gen2 Packet Switch + pci:v00001B21d00001242* ID_MODEL_FROM_DATABASE=ASM1142 USB 3.1 Host Controller pci:v00001B21d00001343* ID_MODEL_FROM_DATABASE=ASM1143 USB 3.1 Host Controller +pci:v00001B21d00001812* + ID_MODEL_FROM_DATABASE=ASM1812 6-Port PCIe x4 Gen2 Packet Switch + pci:v00001B21d00002142* ID_MODEL_FROM_DATABASE=ASM2142 USB 3.1 Host Controller @@ -68966,6 +69374,12 @@ pci:v00001B4Bd00002241sv00001028sd00002112* pci:v00001B4Bd00002241sv00001028sd00002113* ID_MODEL_FROM_DATABASE=88NR2241 Non-Volatile memory controller (BOSS-N1 Modular) +pci:v00001B4Bd00002241sv00001028sd00002151* + ID_MODEL_FROM_DATABASE=88NR2241 Non-Volatile memory controller (BOSS-N1 Modular ET) + +pci:v00001B4Bd00002241sv00001028sd00002196* + ID_MODEL_FROM_DATABASE=88NR2241 Non-Volatile memory controller (ROR-N100) + pci:v00001B4Bd00002241sv00001D49sd00000306* ID_MODEL_FROM_DATABASE=88NR2241 Non-Volatile memory controller (ThinkSystem M.2 NVMe 2-Bay RAID Enablement Kit) @@ -68993,6 +69407,9 @@ pci:v00001B4Bd00009130* pci:v00001B4Bd00009130sv00001043sd00008438* ID_MODEL_FROM_DATABASE=88SE9128 PCIe SATA 6 Gb/s RAID controller with HyperDuo (P8P67 Deluxe Motherboard) +pci:v00001B4Bd00009170* + ID_MODEL_FROM_DATABASE=88SE9170 PCIe 2.0 x1 2-port SATA 6 Gb/s Controller + pci:v00001B4Bd00009172* ID_MODEL_FROM_DATABASE=88SE9172 SATA 6Gb/s Controller @@ -69323,6 +69740,72 @@ pci:v00001BB1d00000100sv00001BB1sd00000151* pci:v00001BB1d00000100sv00001BB1sd00000152* ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5520 TCG) +pci:v00001BB1d00000100sv00001BB1sd00000153* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5050H) + +pci:v00001BB1d00000100sv00001BB1sd00000154* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5050H TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000155* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5050M) + +pci:v00001BB1d00000100sv00001BB1sd00000156* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5050M TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000157* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5050M 7mm) + +pci:v00001BB1d00000100sv00001BB1sd00000158* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5050M TCG 7mm) + +pci:v00001BB1d00000100sv00001BB1sd00000159* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M) + +pci:v00001BB1d00000100sv00001BB1sd00000160* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000161* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M 7mm) + +pci:v00001BB1d00000100sv00001BB1sd00000162* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M TCG 7mm) + +pci:v00001BB1d00000100sv00001BB1sd00000163* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060H) + +pci:v00001BB1d00000100sv00001BB1sd00000164* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060H TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000165* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060H E3.S 1T) + +pci:v00001BB1d00000100sv00001BB1sd00000166* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060H E3.S 1T TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000167* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060H E3.L 1T) + +pci:v00001BB1d00000100sv00001BB1sd00000168* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060H E3.L 1T TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000169* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M E3.S 1T) + +pci:v00001BB1d00000100sv00001BB1sd00000170* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M E3.S 1T TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000171* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M E3.L 1T) + +pci:v00001BB1d00000100sv00001BB1sd00000172* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M E3.L 1T TCG) + +pci:v00001BB1d00000100sv00001BB1sd00000173* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M E1.S) + +pci:v00001BB1d00000100sv00001BB1sd00000174* + ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro 5060M E1.S TCG) + pci:v00001BB1d00000100sv00001BB1sd000001A1* ID_MODEL_FROM_DATABASE=Nytro Flash Storage (Nytro XP7102) @@ -69332,6 +69815,9 @@ pci:v00001BB1d00005012* pci:v00001BB1d00005016* ID_MODEL_FROM_DATABASE=FireCuda 520 SSD +pci:v00001BB1d00005018* + ID_MODEL_FROM_DATABASE=FireCuda 530 SSD + pci:v00001BB3* ID_VENDOR_FROM_DATABASE=Bluecherry @@ -69779,12 +70265,54 @@ pci:v00001C5Cd00002839sv00001028sd0000214A* pci:v00001C5Cd00002839sv00001C5Csd00000100* ID_MODEL_FROM_DATABASE=PE8000 Series NVMe Solid State Drive +pci:v00001C5Cd00002849* + ID_MODEL_FROM_DATABASE=PE81x0 U.2/3 NVMe Solid State Drive + pci:v00001C5F* ID_VENDOR_FROM_DATABASE=Beijing Memblaze Technology Co. Ltd. pci:v00001C5Fd0000000D* ID_MODEL_FROM_DATABASE=PBlaze5 520/526 +pci:v00001C5Fd0000000E* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 + +pci:v00001C5Fd0000000Esv00001C5Fsd00000B20* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 1920G AIC) + +pci:v00001C5Fd0000000Esv00001C5Fsd00000B21* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 1920G 2.5" U.2) + +pci:v00001C5Fd0000000Esv00001C5Fsd00000B30* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 3840G AIC) + +pci:v00001C5Fd0000000Esv00001C5Fsd00000B31* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 3840G 2.5" U.2) + +pci:v00001C5Fd0000000Esv00001C5Fsd00000B40* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 7680G AIC) + +pci:v00001C5Fd0000000Esv00001C5Fsd00000B41* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 7680G 2.5" U.2) + +pci:v00001C5Fd0000000Esv00001C5Fsd00004B20* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 1600G AIC) + +pci:v00001C5Fd0000000Esv00001C5Fsd00004B21* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 1600G 2.5" U.2) + +pci:v00001C5Fd0000000Esv00001C5Fsd00004B30* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 3200G AIC) + +pci:v00001C5Fd0000000Esv00001C5Fsd00004B31* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 3200G 2.5" U.2) + +pci:v00001C5Fd0000000Esv00001C5Fsd00004B40* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 6400G AIC) + +pci:v00001C5Fd0000000Esv00001C5Fsd00004B41* + ID_MODEL_FROM_DATABASE=PBlaze6 6530 (NVMe SSD PBlaze6 6530 6400G 2.5" U.2) + pci:v00001C5Fd0000003D* ID_MODEL_FROM_DATABASE=PBlaze5 920/926 @@ -69908,6 +70436,9 @@ pci:v00001CB8* pci:v00001CC1* ID_VENDOR_FROM_DATABASE=ADATA Technology Co., Ltd. +pci:v00001CC1d00005766* + ID_MODEL_FROM_DATABASE=ADATA XPG GAMMIXS1 1L Media + pci:v00001CC1d00008201* ID_MODEL_FROM_DATABASE=XPG SX8200 Pro PCIe Gen3x4 M.2 2280 Solid State Drive @@ -69947,6 +70478,9 @@ pci:v00001CC4d00001203sv00001CC4sd0000A214* pci:v00001CC4d000017AB* ID_MODEL_FROM_DATABASE=NVMe 256G SSD device +pci:v00001CC4d00006303* + ID_MODEL_FROM_DATABASE=AM630 PCIe 4.0 x4 NVMe SSD Controller + pci:v00001CC5* ID_VENDOR_FROM_DATABASE=Embedded Intelligence, Inc. @@ -70403,6 +70937,12 @@ pci:v00001D6Ad000000B1* pci:v00001D6Ad000007B1* ID_MODEL_FROM_DATABASE=AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] +pci:v00001D6Ad000007B1sv00001BAAsd000007B1* + ID_MODEL_FROM_DATABASE=AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] (QM2-2P10G1TA [QXG 10GbE Network Adapter]) + +pci:v00001D6Ad000007B1sv00001BAAsd000007B2* + ID_MODEL_FROM_DATABASE=AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] (QM2-2P10G1TA [QM2 Expansion Adapter]) + pci:v00001D6Ad000008B1* ID_MODEL_FROM_DATABASE=AQC108 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] @@ -70415,6 +70955,12 @@ pci:v00001D6Ad000012B1* pci:v00001D6Ad000087B1* ID_MODEL_FROM_DATABASE=AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] +pci:v00001D6Ad000094C0* + ID_MODEL_FROM_DATABASE=AQC113CS NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] + +pci:v00001D6Ad000094C0sv00001043sd000087F5* + ID_MODEL_FROM_DATABASE=AQC113CS NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] (ProArt X570-CREATOR WIFI) + pci:v00001D6Ad0000D107* ID_MODEL_FROM_DATABASE=AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] @@ -70523,6 +71069,9 @@ pci:v00001D6Cd0000101D* pci:v00001D6Cd0000101E* ID_MODEL_FROM_DATABASE=AR-ARKA-FX1 [Arkville 64B DPDK Data Mover for Agilex R-Tile] +pci:v00001D6Cd0000101F* + ID_MODEL_FROM_DATABASE=AR-TK242 [2x100GbE Packet Capture Device] + pci:v00001D6Cd00004200* ID_MODEL_FROM_DATABASE=A5PL-E1-10GETI [10 GbE Ethernet Traffic Instrument] @@ -71141,6 +71690,12 @@ pci:v00001DE5d00003000* pci:v00001DED* ID_VENDOR_FROM_DATABASE=Alibaba (China) Co., Ltd. +pci:v00001DEDd0000107F* + ID_MODEL_FROM_DATABASE=Elastic RDMA Adapter + +pci:v00001DEDd00005007* + ID_MODEL_FROM_DATABASE=Elastic RDMA Adapter + pci:v00001DEDd00008000* ID_MODEL_FROM_DATABASE=M1 Root Port @@ -71409,7 +71964,7 @@ pci:v00001E0Fd00000007sv00001028sd00002110* ID_MODEL_FROM_DATABASE=NVMe SSD Controller Cx6 (Dell Ent NVMe FIPS CM6 MU 6.4TB) pci:v00001E0Fd00000007sv00001E0Fsd00000001* - ID_MODEL_FROM_DATABASE=NVMe SSD Controller Cx6 (Generic NVMe CM6 RI 3.84TB) + ID_MODEL_FROM_DATABASE=NVMe SSD Controller Cx6 (Generic NVMe CM6) pci:v00001E0Fd00000009* ID_MODEL_FROM_DATABASE=NVMe SSD @@ -71417,6 +71972,39 @@ pci:v00001E0Fd00000009* pci:v00001E0Fd00000009sv00001E0Fsd00000001* ID_MODEL_FROM_DATABASE=NVMe SSD (Toshiba RC500 NVMe SSD 500GB) +pci:v00001E0Fd00000011* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 + +pci:v00001E0Fd00000011sv00001028sd00002189* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe SED CD7 RI 960GB) + +pci:v00001E0Fd00000011sv00001028sd0000218A* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe CD7 RI 960GB) + +pci:v00001E0Fd00000011sv00001028sd0000218B* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe SED CD7 RI 1.92TB) + +pci:v00001E0Fd00000011sv00001028sd0000218C* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe CD7 RI 1.92TB) + +pci:v00001E0Fd00000011sv00001028sd0000218D* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe SED CD7 RI 3.84TB) + +pci:v00001E0Fd00000011sv00001028sd0000218E* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe CD7 RI 3.84TB) + +pci:v00001E0Fd00000011sv00001028sd0000218F* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe SED CD7 RI 7.68TB) + +pci:v00001E0Fd00000011sv00001028sd00002190* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe CD7 RI 7.68TB) + +pci:v00001E0Fd00000011sv00001028sd00002191* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe SED CD7 RI 15.36TB) + +pci:v00001E0Fd00000011sv00001028sd00002192* + ID_MODEL_FROM_DATABASE=NVMe SSD Controller CD7 (DC NVMe CD7 RI 15.36TB) + pci:v00001E17* ID_VENDOR_FROM_DATABASE=Arnold & Richter Cine Technik GmbH & Co. Betriebs KG @@ -71490,7 +72078,7 @@ pci:v00001E39* ID_VENDOR_FROM_DATABASE=MEDION AG pci:v00001E3B* - ID_VENDOR_FROM_DATABASE=Shenzhen DAPU Microelectronics Co., Ltd + ID_VENDOR_FROM_DATABASE=DapuStor Corporation pci:v00001E3Bd00000600* ID_MODEL_FROM_DATABASE=NVMe SSD Controller DPU600 @@ -71678,6 +72266,9 @@ pci:v00001E3D* pci:v00001E49* ID_VENDOR_FROM_DATABASE=Yangtze Memory Technologies Co.,Ltd +pci:v00001E49d00000041* + ID_MODEL_FROM_DATABASE=ZHITAI TiPro7000 + pci:v00001E49d00001013* ID_MODEL_FROM_DATABASE=PC210 @@ -71726,6 +72317,15 @@ pci:v00001E59* pci:v00001E59d00000001* ID_MODEL_FROM_DATABASE=MinION Mk1C +pci:v00001E5D* + ID_VENDOR_FROM_DATABASE=ASR Microelectronics + +pci:v00001E5Dd00007000* + ID_MODEL_FROM_DATABASE=AI controller A7000 + +pci:v00001E5Dd00007010* + ID_MODEL_FROM_DATABASE=AI controller A7010 + pci:v00001E60* ID_VENDOR_FROM_DATABASE=Hailo Technologies Ltd. @@ -71834,6 +72434,15 @@ pci:v00001EABd0000300A* pci:v00001EABd0000300B* ID_MODEL_FROM_DATABASE=NVMe SSD Controller 300B +pci:v00001EAC* + ID_VENDOR_FROM_DATABASE=Quectel Wireless Solutions Co., Ltd. + +pci:v00001EACd00001001* + ID_MODEL_FROM_DATABASE=EM120R-GL LTE Modem + +pci:v00001EACd00001002* + ID_MODEL_FROM_DATABASE=EM160R-GL LTE Modem + pci:v00001EAE* ID_VENDOR_FROM_DATABASE=XFX Limited @@ -71843,6 +72452,12 @@ pci:v00001EB1* pci:v00001EB1d00001001* ID_MODEL_FROM_DATABASE=Video Accelerator +pci:v00001EB4* + ID_VENDOR_FROM_DATABASE=Quantum Nebula Microelectronics Technology Co.,Ltd. + +pci:v00001EB4d00003401* + ID_MODEL_FROM_DATABASE=SSD Contoller + pci:v00001EBD* ID_VENDOR_FROM_DATABASE=EMERGETECH Company Ltd. @@ -71858,6 +72473,36 @@ pci:v00001ED2d00000000* pci:v00001ED3* ID_VENDOR_FROM_DATABASE=Yeston +pci:v00001ED5* + ID_VENDOR_FROM_DATABASE=Moore Threads Technology Co.,Ltd + +pci:v00001ED5d00000100* + ID_MODEL_FROM_DATABASE=MTT S10 + +pci:v00001ED5d00000101* + ID_MODEL_FROM_DATABASE=MTT S10 + +pci:v00001ED5d00000102* + ID_MODEL_FROM_DATABASE=MTT S30 + +pci:v00001ED5d00000105* + ID_MODEL_FROM_DATABASE=MTT S50 + +pci:v00001ED5d00000106* + ID_MODEL_FROM_DATABASE=MTT S60 + +pci:v00001ED5d00000111* + ID_MODEL_FROM_DATABASE=MTT S100 + +pci:v00001ED5d00000121* + ID_MODEL_FROM_DATABASE=MTT S1000M + +pci:v00001ED5d00000122* + ID_MODEL_FROM_DATABASE=MTT S1000 + +pci:v00001ED5d00000123* + ID_MODEL_FROM_DATABASE=MTT S2000 + pci:v00001ED8* ID_VENDOR_FROM_DATABASE=Digiteq Automotive @@ -71879,6 +72524,15 @@ pci:v00001EECd00000102* pci:v00001EECd00001EEC* ID_MODEL_FROM_DATABASE=VSE250231S Dual-port 10Gb/25Gb Ethernet PCIe +pci:v00001EED* + ID_VENDOR_FROM_DATABASE=Xiangdixian Computing Technology (Chongqing) Ltd. + +pci:v00001EEDd00000100* + ID_MODEL_FROM_DATABASE=XDX P100 VGA controller + +pci:v00001EEDd00000101* + ID_MODEL_FROM_DATABASE=XDX P101 High Definition Audio Controller + pci:v00001EFB* ID_VENDOR_FROM_DATABASE=Flexxon Pte Ltd @@ -71909,6 +72563,27 @@ pci:v00001F03d00005236* pci:v00001F03d00005636* ID_MODEL_FROM_DATABASE=IG5636-Based NVMe SSD +pci:v00001F2F* + ID_VENDOR_FROM_DATABASE=China Mobile (Hangzhou) Information Technology Co.Ltd. + +pci:v00001F2Fd00001513* + ID_MODEL_FROM_DATABASE=DERA MENG NVMe Controller + +pci:v00001F2Fd00001513sv00001F2Fsd00006113* + ID_MODEL_FROM_DATABASE=DERA MENG NVMe Controller (KM660 U.2 1.6TB NVMe SSD) + +pci:v00001F2Fd00001513sv00001F2Fsd00006114* + ID_MODEL_FROM_DATABASE=DERA MENG NVMe Controller (KM560 U.2 1.92TB NVMe SSD) + +pci:v00001F2Fd00001513sv00001F2Fsd00006115* + ID_MODEL_FROM_DATABASE=DERA MENG NVMe Controller (KM660 U.2 3.2TB NVMe SSD) + +pci:v00001F2Fd00001513sv00001F2Fsd00006116* + ID_MODEL_FROM_DATABASE=DERA MENG NVMe Controller (KM560 U.2 3.84TB NVMe SSD) + +pci:v00001F2Fd00001513sv00001F2Fsd00006118* + ID_MODEL_FROM_DATABASE=DERA MENG NVMe Controller (KM560 U.2 7.68TB NVMe SSD) + pci:v00001FAB* ID_VENDOR_FROM_DATABASE=Unifabrix Ltd. @@ -73433,6 +74108,12 @@ pci:v00004DDCd00002F00* pci:v00004DDCd00003000* ID_MODEL_FROM_DATABASE=SB-3644 Motion Feedback Device +pci:v00004E58* + ID_VENDOR_FROM_DATABASE=Nutanix, Inc. + +pci:v00004E58d00000001* + ID_MODEL_FROM_DATABASE=Virtual NVMe Controller + pci:v00005045* ID_VENDOR_FROM_DATABASE=University of Toronto @@ -74114,6 +74795,24 @@ pci:v00006688d00001600* pci:v00006688d00001800* ID_MODEL_FROM_DATABASE=CooVOX TDM BRI Module +pci:v00006766* + ID_VENDOR_FROM_DATABASE=Glenfly Tech Co., Ltd. + +pci:v00006766d00003D00* + ID_MODEL_FROM_DATABASE=Arise-GT-10C0 + +pci:v00006766d00003D02* + ID_MODEL_FROM_DATABASE=Arise 1020 + +pci:v00006766d00003D40* + ID_MODEL_FROM_DATABASE=Arise-GT-10C0 High Definition Audio Controller + +pci:v00006766d00003D41* + ID_MODEL_FROM_DATABASE=Arise 1020 High Definition Audio Controller + +pci:v00006899* + ID_VENDOR_FROM_DATABASE=ZT Systems + pci:v00006900* ID_VENDOR_FROM_DATABASE=Red Hat, Inc. @@ -74147,6 +74846,15 @@ pci:v00007401d0000E100* pci:v00007470* ID_VENDOR_FROM_DATABASE=TP-LINK Technologies Co., Ltd. +pci:v00007526* + ID_VENDOR_FROM_DATABASE=HongQin (Beijing) Technology Co., Ltd. + +pci:v00007526d00000082* + ID_MODEL_FROM_DATABASE=HQ SSD 1TB + +pci:v00007526d00000083* + ID_MODEL_FROM_DATABASE=HQ SSD 2TB M.2 NVMe + pci:v00007604* ID_VENDOR_FROM_DATABASE=O.N. Electronic Co Ltd. @@ -76160,6 +76868,24 @@ pci:v00008086d00000B60sv00001028sd00002103* pci:v00008086d00000B60sv00001028sd00002104* ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe RI U.2 7.68TB (P5500)) +pci:v00008086d00000B60sv00001028sd0000219A* + ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe P5316 RI 15.36TB) + +pci:v00008086d00000B60sv00001028sd0000219B* + ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe P5316 RI 30.72TB) + +pci:v00008086d00000B60sv00001028sd0000219C* + ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe SED P5316 RI 15.36) + +pci:v00008086d00000B60sv00001028sd0000219D* + ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe SED P5316 RI 30.72) + +pci:v00008086d00000B60sv00001028sd0000219E* + ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe FIPS P5316 RI 15.36TB) + +pci:v00008086d00000B60sv00001028sd0000219F* + ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe FIPS P5316 RI 30.72) + pci:v00008086d00000B60sv00008086sd00008008* ID_MODEL_FROM_DATABASE=NVMe DC SSD [3DNAND, Sentinel Rock Controller] (NVMe Datacenter SSD [3DNAND] SE 2.5" U.2 (P5510)) @@ -76484,12 +77210,36 @@ pci:v00008086d00000D9F* pci:v00008086d00000DD2* ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 +pci:v00008086d00000DD2sv00001137sd00000000* + ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (I710T4LG 4x1 GbE RJ45 PCIe NIC) + +pci:v00008086d00000DD2sv00001137sd000002E3* + ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (I710T4LG 4x1 GbE RJ45 PCIe NIC) + +pci:v00008086d00000DD2sv00008086sd00000000* + ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (-T4L) + pci:v00008086d00000DD2sv00008086sd0000000D* ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (-T4L) pci:v00008086d00000DD2sv00008086sd00000010* ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (-T4L for OCP 3.0) +pci:v00008086d00000DD2sv00008086sd0000401A* + ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (-T4L) + +pci:v00008086d00000DD2sv00008086sd0000401B* + ID_MODEL_FROM_DATABASE=Ethernet Network Adapter I710 (-T4L for OCP 3.0) + +pci:v00008086d00000DD5* + ID_MODEL_FROM_DATABASE=Ethernet Adaptive Virtual Function + +pci:v00008086d00000DDA* + ID_MODEL_FROM_DATABASE=Ethernet Connection X722 for 10GbE SFP+ + +pci:v00008086d00000DDAsv00001BD4sd00000076* + ID_MODEL_FROM_DATABASE=Ethernet Connection X722 for 10GbE SFP+ (Ethernet Connection F102IX722 for 10GbE SFP) + pci:v00008086d00000E00* ID_MODEL_FROM_DATABASE=Xeon E7 v2/Xeon E5 v2/Core i7 DMI2 @@ -80507,12 +81257,27 @@ pci:v00008086d00001592sv00008086sd0000000D* pci:v00008086d00001592sv00008086sd0000000E* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for QSFP (Ethernet Network Adapter E810-2C-Q2) +pci:v00008086d00001592sv00008086sd0000000F* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for QSFP (Ethernet Network Adapter E810-C-Q2T) + +pci:v00008086d00001592sv00008086sd00000010* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for QSFP (Ethernet 100G 2P E810-C-stg Adapter) + +pci:v00008086d00001592sv00008086sd00000011* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for QSFP (Ethernet Network Adapter E810-C-Q1 for OCP3.0) + pci:v00008086d00001593* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP pci:v00008086d00001593sv00001137sd000002C3* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (E810XXVDA4 4x25/10 GbE SFP28 PCIe NIC) +pci:v00008086d00001593sv00001137sd000002E9* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (E810XXVDA4TG 4x25/10 GbE SFP28 PCIe NIC) + +pci:v00008086d00001593sv00001137sd000002EA* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (E810XXVDA4T 4x25/10 GbE SFP28 PCIe NIC) + pci:v00008086d00001593sv00008086sd00000002* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (Ethernet Network Adapter E810-L-2) @@ -80543,9 +81308,24 @@ pci:v00008086d00001593sv00008086sd0000000D* pci:v00008086d00001593sv00008086sd0000000E* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (Ethernet Network Adapter E810-XXV-4T) +pci:v00008086d00001593sv00008086sd0000000F* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (Ethernet 25G 4P E810-XXV-stg Adapter) + +pci:v00008086d00001593sv00008086sd00000010* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (Ethernet 25G 4P E810-XXV-st Adapter) + +pci:v00008086d00001593sv00008086sd00004010* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (Ethernet Network Adapter E810-XXV-4) + +pci:v00008086d00001593sv00008086sd00004013* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-C for SFP (Ethernet Network Adapter E810-XXV-4 for OCP 3.0) + pci:v00008086d00001599* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-XXV for backplane +pci:v00008086d00001599sv00008086sd00000001* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-XXV for backplane (Ethernet 25G 2P E810-XXV-k Mezz) + pci:v00008086d0000159A* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-XXV for QSFP @@ -80588,6 +81368,9 @@ pci:v00008086d0000159Bsv00008086sd00004002* pci:v00008086d0000159Bsv00008086sd00004003* ID_MODEL_FROM_DATABASE=Ethernet Controller E810-XXV for SFP (Ethernet Network Adapter E810-XXV-2) +pci:v00008086d0000159Bsv00008086sd00004015* + ID_MODEL_FROM_DATABASE=Ethernet Controller E810-XXV for SFP (Ethernet Network Adapter E810-XXV-2 for OCP 3.0) + pci:v00008086d000015A0* ID_MODEL_FROM_DATABASE=Ethernet Connection (2) I218-LM @@ -91634,6 +92417,9 @@ pci:v00008086d00003433* pci:v00008086d00003438* ID_MODEL_FROM_DATABASE=7500/5520/5500/X58 I/O Hub Throttle Registers +pci:v00008086d0000347E* + ID_MODEL_FROM_DATABASE=Ice Lake Xeon Non-Transparent Bridge + pci:v00008086d00003482* ID_MODEL_FROM_DATABASE=Ice Lake-LP LPC Controller @@ -91667,6 +92453,9 @@ pci:v00008086d000034BA* pci:v00008086d000034BC* ID_MODEL_FROM_DATABASE=Ice Lake-LP PCI Express Root Port #5 +pci:v00008086d000034C4* + ID_MODEL_FROM_DATABASE=Ice Lake-LP SD Host Controller + pci:v00008086d000034C5* ID_MODEL_FROM_DATABASE=Ice Lake-LP Serial IO I2c Controller #4 @@ -94064,12 +94853,18 @@ pci:v00008086d0000444E* pci:v00008086d0000460D* ID_MODEL_FROM_DATABASE=12th Gen Core Processor PCI Express x16 Controller #1 +pci:v00008086d0000461D* + ID_MODEL_FROM_DATABASE=Alder Lake Innovation Platform Framework Processor Participant + pci:v00008086d0000461E* ID_MODEL_FROM_DATABASE=Alder Lake-P Thunderbolt 4 USB Controller pci:v00008086d0000461F* ID_MODEL_FROM_DATABASE=Alder Lake-P Thunderbolt 4 PCI Express Root Port #3 +pci:v00008086d00004626* + ID_MODEL_FROM_DATABASE=Alder Lake-P Integrated Graphics Controller + pci:v00008086d00004629* ID_MODEL_FROM_DATABASE=12th Gen Core Processor Host Bridge/DRAM Registers @@ -94094,6 +94889,9 @@ pci:v00008086d0000464D* pci:v00008086d0000464F* ID_MODEL_FROM_DATABASE=12th Gen Core Processor Gaussian & Neural Accelerator +pci:v00008086d00004660* + ID_MODEL_FROM_DATABASE=12th Gen Core Processor Host Bridge/DRAM Registers + pci:v00008086d0000466D* ID_MODEL_FROM_DATABASE=Alder Lake-P Thunderbolt 4 NHI #1 @@ -94118,6 +94916,9 @@ pci:v00008086d000046A1* pci:v00008086d000046A3* ID_MODEL_FROM_DATABASE=Alder Lake-P GT1 [UHD Graphics] +pci:v00008086d000046A6* + ID_MODEL_FROM_DATABASE=Alder Lake-P Integrated Graphics Controller + pci:v00008086d000046C0* ID_MODEL_FROM_DATABASE=AlderLake-M GT1 @@ -94152,10 +94953,13 @@ pci:v00008086d00004C9A* ID_MODEL_FROM_DATABASE=RocketLake-S [UHD Graphics] pci:v00008086d00004DA3* - ID_MODEL_FROM_DATABASE=JaserLake SMBus + ID_MODEL_FROM_DATABASE=Jasper Lake SMBus pci:v00008086d00004DA4* - ID_MODEL_FROM_DATABASE=JaserLake SPI (flash) Controller + ID_MODEL_FROM_DATABASE=Jasper Lake SPI Controller + +pci:v00008086d00004DC8* + ID_MODEL_FROM_DATABASE=Jasper Lake HD Audio pci:v00008086d00004DE0* ID_MODEL_FROM_DATABASE=Management Engine Interface @@ -94337,12 +95141,21 @@ pci:v00008086d0000504C* pci:v00008086d00005181* ID_MODEL_FROM_DATABASE=Alder Lake PCH-P LPC/eSPI Controller +pci:v00008086d00005182* + ID_MODEL_FROM_DATABASE=Alder Lake PCH eSPI Controller + pci:v00008086d000051A3* ID_MODEL_FROM_DATABASE=Alder Lake PCH-P SMBus Host Controller pci:v00008086d000051A4* ID_MODEL_FROM_DATABASE=Alder Lake-P PCH SPI Controller +pci:v00008086d000051A8* + ID_MODEL_FROM_DATABASE=Alder Lake PCH UART #0 + +pci:v00008086d000051A9* + ID_MODEL_FROM_DATABASE=Alder Lake PCH UART #1 + pci:v00008086d000051BF* ID_MODEL_FROM_DATABASE=Alder Lake PCH-P PCI Express Root Port #9 @@ -95486,6 +96299,45 @@ pci:v00008086d00007800sv00008086sd00000000* pci:v00008086d00007800sv00008086sd00000100* ID_MODEL_FROM_DATABASE=82740 (i740) AGP Graphics Accelerator (Intel740 Graphics Accelerator) +pci:v00008086d00007A84* + ID_MODEL_FROM_DATABASE=Z690 Chipset LPC/eSPI Controller + +pci:v00008086d00007AA3* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH SMBus Controller + +pci:v00008086d00007AA4* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH SPI Controller + +pci:v00008086d00007AA7* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH Shared SRAM + +pci:v00008086d00007AB4* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH PCI Express Root Port #13 + +pci:v00008086d00007ABD* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH PCI Express Root Port #6 + +pci:v00008086d00007ACC* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH I2C Controller #0 + +pci:v00008086d00007AD0* + ID_MODEL_FROM_DATABASE=Alder Lake-S HD Audio Controller + +pci:v00008086d00007AE0* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH USB 3.2 Gen 2x2 XHCI Controller + +pci:v00008086d00007AE2* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH SATA Controller [AHCI Mode] + +pci:v00008086d00007AE8* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH HECI Controller #1 + +pci:v00008086d00007AF0* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH CNVi WiFi + +pci:v00008086d00007AF0sv00008086sd00000094* + ID_MODEL_FROM_DATABASE=Alder Lake-S PCH CNVi WiFi (Wi-Fi 6 AX201 160MHz) + pci:v00008086d00008002* ID_MODEL_FROM_DATABASE=Trusted Execution Technology Registers @@ -95729,6 +96581,9 @@ pci:v00008086d00008A51* pci:v00008086d00008A52* ID_MODEL_FROM_DATABASE=Iris Plus Graphics G7 +pci:v00008086d00008A53* + ID_MODEL_FROM_DATABASE=Iris Plus Graphics G7 + pci:v00008086d00008A56* ID_MODEL_FROM_DATABASE=Iris Plus Graphics G1 (Ice Lake) @@ -96593,6 +97448,9 @@ pci:v00008086d00009B63* pci:v00008086d00009B64* ID_MODEL_FROM_DATABASE=10th Gen Core Processor Host Bridge/DRAM Registers +pci:v00008086d00009BA8* + ID_MODEL_FROM_DATABASE=CometLake-S GT1 [UHD Graphics 610] + pci:v00008086d00009BC4* ID_MODEL_FROM_DATABASE=CometLake-H GT2 [UHD Graphics] @@ -97193,6 +98051,9 @@ pci:v00008086d00009D3Dsv0000103Csd00008079* pci:v00008086d00009D3Dsv000017AAsd00002247* ID_MODEL_FROM_DATABASE=Sunrise Point-LP Active Management Technology - SOL (ThinkPad T570) +pci:v00008086d00009D3E* + ID_MODEL_FROM_DATABASE=iTouch Controller + pci:v00008086d00009D43* ID_MODEL_FROM_DATABASE=Sunrise Point-LP LPC Controller @@ -97355,6 +98216,9 @@ pci:v00008086d00009DA8* pci:v00008086d00009DAA* ID_MODEL_FROM_DATABASE=Cannon Point-LP Serial IO SPI Controller +pci:v00008086d00009DAB* + ID_MODEL_FROM_DATABASE=Cannon Point-LP Serial IO SPI Controller + pci:v00008086d00009DB0* ID_MODEL_FROM_DATABASE=Cannon Point-LP PCI Express Root Port #9 @@ -97385,6 +98249,9 @@ pci:v00008086d00009DBE* pci:v00008086d00009DBF* ID_MODEL_FROM_DATABASE=Cannon Point PCI Express Root Port #8 +pci:v00008086d00009DC4* + ID_MODEL_FROM_DATABASE=Cannon Point-LP SD Host Controller + pci:v00008086d00009DC5* ID_MODEL_FROM_DATABASE=Cannon Point-LP Serial IO I2C Host Controller @@ -98475,7 +99342,7 @@ pci:v00008086d0000A39A* ID_MODEL_FROM_DATABASE=Comet Lake PCI Express Root Port 11 pci:v00008086d0000A3A1* - ID_MODEL_FROM_DATABASE=Memory controller + ID_MODEL_FROM_DATABASE=Cannon Lake PCH Power Management Controller pci:v00008086d0000A3A3* ID_MODEL_FROM_DATABASE=Comet Lake PCH-V SMBus Host Controller @@ -98819,6 +99686,9 @@ pci:v00008820* pci:v00008820d00002724* ID_MODEL_FROM_DATABASE=Mako Front Side Motor Controller [cPCI] +pci:v00008848* + ID_VENDOR_FROM_DATABASE=Wuxi Micro Innovation Integrated Circuit Design Co.,Ltd + pci:v00008866* ID_VENDOR_FROM_DATABASE=T-Square Design Inc. @@ -99923,6 +100793,24 @@ pci:v00009005d0000028Fsv00001BD4sd00000071* pci:v00009005d0000028Fsv00001BD4sd00000072* ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (RS0800M5E16i) +pci:v00009005d0000028Fsv00001BD4sd00000077* + ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (RS0800M5E16iM) + +pci:v00009005d0000028Fsv00001BD4sd00000078* + ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (RS0800M5E24iM) + +pci:v00009005d0000028Fsv00001BD4sd00000079* + ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (RS0800M5H24iM) + +pci:v00009005d0000028Fsv00001BD4sd00000080* + ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (RS0804M5R16iM) + +pci:v00009005d0000028Fsv00001CC4sd00000101* + ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (Ramaxel FBGF-RAD PM8204) + +pci:v00009005d0000028Fsv00001CC4sd00000201* + ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (Ramaxel FBGF-RAD PM8222) + pci:v00009005d0000028Fsv00001D49sd00000220* ID_MODEL_FROM_DATABASE=Smart Storage PQI SAS (ThinkSystem 4350-8i SAS/SATA 12Gb HBA) @@ -100754,6 +101642,12 @@ pci:v0000CDDDd00000200* pci:v0000CEBA* ID_VENDOR_FROM_DATABASE=KEBA AG +pci:v0000CF86* + ID_VENDOR_FROM_DATABASE=Spectrum-4TOR + +pci:v0000CF86d00000276* + ID_MODEL_FROM_DATABASE=Spectrum-4TOR in Flash Recovery Mode + pci:v0000D161* ID_VENDOR_FROM_DATABASE=Digium, Inc. diff --git a/hwdb.d/20-usb-vendor-model.hwdb b/hwdb.d/20-usb-vendor-model.hwdb index 9f457d9f65b..c0e6f599174 100644 --- a/hwdb.d/20-usb-vendor-model.hwdb +++ b/hwdb.d/20-usb-vendor-model.hwdb @@ -8078,6 +8078,12 @@ usb:v046Dp0846* usb:v046Dp084B* ID_MODEL_FROM_DATABASE=ConferenceCam Connect Video +usb:v046Dp084C* + ID_MODEL_FROM_DATABASE=ConferenceCam Connect Audio + +usb:v046Dp084E* + ID_MODEL_FROM_DATABASE=ConferenceCam Connect + usb:v046Dp0850* ID_MODEL_FROM_DATABASE=QuickCam Web @@ -8235,7 +8241,7 @@ usb:v046Dp08D9* ID_MODEL_FROM_DATABASE=QuickCam IM/Connect usb:v046Dp08DA* - ID_MODEL_FROM_DATABASE=QuickCam Messanger + ID_MODEL_FROM_DATABASE=QuickCam Messenger usb:v046Dp08DD* ID_MODEL_FROM_DATABASE=QuickCam for Notebooks @@ -8652,7 +8658,7 @@ usb:v046DpC06C* ID_MODEL_FROM_DATABASE=Optical Mouse usb:v046DpC077* - ID_MODEL_FROM_DATABASE=M105 Optical Mouse + ID_MODEL_FROM_DATABASE=Mouse usb:v046DpC07C* ID_MODEL_FROM_DATABASE=M-R0017 [G700s Rechargeable Gaming Mouse] @@ -8676,7 +8682,7 @@ usb:v046DpC08B* ID_MODEL_FROM_DATABASE=G502 SE HERO Gaming Mouse usb:v046DpC092* - ID_MODEL_FROM_DATABASE=G203 LIGHTSYNC Gaming Mouse + ID_MODEL_FROM_DATABASE=G102/G203 LIGHTSYNC Gaming Mouse usb:v046DpC101* ID_MODEL_FROM_DATABASE=UltraX Media Remote @@ -9122,6 +9128,9 @@ usb:v046DpC534* usb:v046DpC537* ID_MODEL_FROM_DATABASE=Cordless Mouse Receiver +usb:v046DpC539* + ID_MODEL_FROM_DATABASE=Cordless Mouse Receiver + usb:v046DpC53A* ID_MODEL_FROM_DATABASE=PowerPlay Wireless Charging System @@ -10169,6 +10178,24 @@ usb:v0482p06B4* usb:v0483* ID_VENDOR_FROM_DATABASE=STMicroelectronics +usb:v0483p0102* + ID_MODEL_FROM_DATABASE=Remote NDIS Network device with Android debug (ADB) + +usb:v0483p0103* + ID_MODEL_FROM_DATABASE=Remote NDIS Network device + +usb:v0483p0104* + ID_MODEL_FROM_DATABASE=MTP device with Android debug (ADB) + +usb:v0483p0105* + ID_MODEL_FROM_DATABASE=MTP device + +usb:v0483p0106* + ID_MODEL_FROM_DATABASE=PTP device with Android debug (ADB) + +usb:v0483p0107* + ID_MODEL_FROM_DATABASE=PTP device + usb:v0483p0137* ID_MODEL_FROM_DATABASE=BeWAN ADSL USB ST (blue or green) @@ -44822,6 +44849,18 @@ usb:v0E25* usb:v0E26* ID_VENDOR_FROM_DATABASE=J-Phone East Co., Ltd +usb:v0E2E* + ID_VENDOR_FROM_DATABASE=Brady Worldwide, Inc. + +usb:v0E2Ep000B* + ID_MODEL_FROM_DATABASE=BMP 51 + +usb:v0E2Ep000C* + ID_MODEL_FROM_DATABASE=BMP 61 + +usb:v0E2Ep000D* + ID_MODEL_FROM_DATABASE=BMP 41 + usb:v0E30* ID_VENDOR_FROM_DATABASE=HeartMath LLC @@ -58655,6 +58694,9 @@ usb:v1A86p5523* usb:v1A86p5584* ID_MODEL_FROM_DATABASE=CH341 in parallel mode, usb to printer port converter +usb:v1A86p7522* + ID_MODEL_FROM_DATABASE=CH340 serial converter + usb:v1A86p7523* ID_MODEL_FROM_DATABASE=CH340 serial converter @@ -58665,7 +58707,7 @@ usb:v1A86p7584* ID_MODEL_FROM_DATABASE=CH340S usb:v1A86pE008* - ID_MODEL_FROM_DATABASE=HID-based serial adapater + ID_MODEL_FROM_DATABASE=HID-based serial adapter usb:v1A89* ID_VENDOR_FROM_DATABASE=Dynalith Systems Co., Ltd. @@ -60954,7 +60996,7 @@ usb:v1D50p6054* ID_MODEL_FROM_DATABASE=Satlab/AAUSAT3 BlueBox usb:v1D50p6055* - ID_MODEL_FROM_DATABASE=RADiuS ER900TRS-02 transciever with SMA Connector + ID_MODEL_FROM_DATABASE=RADiuS ER900TRS-02 transceiver with SMA Connector usb:v1D50p6056* ID_MODEL_FROM_DATABASE=The Glitch @@ -61365,16 +61407,16 @@ usb:v1D50p60EE* ID_MODEL_FROM_DATABASE=Duet 3 motion control electronics usb:v1D50p60F0* - ID_MODEL_FROM_DATABASE=UDAD-T1 data aquisition device (boot) + ID_MODEL_FROM_DATABASE=UDAD-T1 data acquisition device (boot) usb:v1D50p60F1* - ID_MODEL_FROM_DATABASE=UDAD-T1 data aquisition device + ID_MODEL_FROM_DATABASE=UDAD-T1 data acquisition device usb:v1D50p60F2* - ID_MODEL_FROM_DATABASE=UDAD-T2 data aquisition device (boot) + ID_MODEL_FROM_DATABASE=UDAD-T2 data acquisition device (boot) usb:v1D50p60F3* - ID_MODEL_FROM_DATABASE=UDAD-T2 data aquisition device + ID_MODEL_FROM_DATABASE=UDAD-T2 data acquisition device usb:v1D50p60F4* ID_MODEL_FROM_DATABASE=Uniti ARC motor controller @@ -61421,6 +61463,9 @@ usb:v1D50p6122* usb:v1D50p614C* ID_MODEL_FROM_DATABASE=dwtk In-Circuit Emulator +usb:v1D50p614D* + ID_MODEL_FROM_DATABASE=Generic Display + usb:v1D50p8085* ID_MODEL_FROM_DATABASE=Box0 (box0-v5) @@ -61473,7 +61518,7 @@ usb:v1D57pAF03* ID_MODEL_FROM_DATABASE=Wireless Receiver usb:v1D57pFA20* - ID_MODEL_FROM_DATABASE=2.4GHz Wireless Reciever (Mini Keyboard & Mouse) + ID_MODEL_FROM_DATABASE=2.4GHz Wireless Receiver (Mini Keyboard & Mouse) usb:v1D5B* ID_VENDOR_FROM_DATABASE=Smartronix, Inc. @@ -62397,7 +62442,22 @@ usb:v1FBD* ID_VENDOR_FROM_DATABASE=Delphin Technology AG usb:v1FBDp0001* - ID_MODEL_FROM_DATABASE=Expert Key - Data aquisition system + ID_MODEL_FROM_DATABASE=Expert Key - Data acquisition system + +usb:v1FBDp0004* + ID_MODEL_FROM_DATABASE=MetiOS Device (RNDIS) + +usb:v1FBDp0005* + ID_MODEL_FROM_DATABASE=Loggito + +usb:v1FBDp0006* + ID_MODEL_FROM_DATABASE=LoggitoLab 8 AI-RTD + +usb:v1FBDp0007* + ID_MODEL_FROM_DATABASE=LoggitoLab 8 TC + +usb:v1FBDp0008* + ID_MODEL_FROM_DATABASE=LoggitoLab 4 AI-RTD 4 TC usb:v1FC9* ID_VENDOR_FROM_DATABASE=NXP Semiconductors @@ -67871,6 +67931,30 @@ usb:v3195pF280* usb:v3195pF281* ID_MODEL_FROM_DATABASE=MSO-28 +usb:v3197* + ID_VENDOR_FROM_DATABASE=Katusha + +usb:v3197p1001* + ID_MODEL_FROM_DATABASE=M151 + +usb:v3197p1002* + ID_MODEL_FROM_DATABASE=M250 + +usb:v3197p1003* + ID_MODEL_FROM_DATABASE=P130 + +usb:v3197p1004* + ID_MODEL_FROM_DATABASE=M130 + +usb:v3197p1101* + ID_MODEL_FROM_DATABASE=P247 + +usb:v3197p1102* + ID_MODEL_FROM_DATABASE=M247 + +usb:v3197p1103* + ID_MODEL_FROM_DATABASE=M348 + usb:v31C9* ID_VENDOR_FROM_DATABASE=BeiJing LanXum Computer Technology Co., Ltd. @@ -69653,9 +69737,24 @@ usb:v8086p07D3* usb:v8086p07DC* ID_MODEL_FROM_DATABASE=Bluetooth 4.0* Smart Ready (low energy) +usb:v8086p0A66* + ID_MODEL_FROM_DATABASE=RealSense 3D Camera (Front F200) + +usb:v8086p0AA5* + ID_MODEL_FROM_DATABASE=RealSense SR300 + +usb:v8086p0AD2* + ID_MODEL_FROM_DATABASE=RealSense D410 + +usb:v8086p0AD3* + ID_MODEL_FROM_DATABASE=RealSense D415 + usb:v8086p0B07* ID_MODEL_FROM_DATABASE=RealSense D435 +usb:v8086p0B64* + ID_MODEL_FROM_DATABASE=RealSense L515 + usb:v8086p0DAD* ID_MODEL_FROM_DATABASE=Cherry MiniatureCard Keyboard @@ -69731,6 +69830,9 @@ usb:v8086p9500* usb:v8086p9890* ID_MODEL_FROM_DATABASE=82930 Test Board +usb:v8086pA36D* + ID_MODEL_FROM_DATABASE=Host Controller + usb:v8086pBEEF* ID_MODEL_FROM_DATABASE=SCM Miniature Card Reader/Writer diff --git a/hwdb.d/acpi_id_registry.html b/hwdb.d/acpi_id_registry.html index 5c37d1ae669..cd4ac8c553e 100644 --- a/hwdb.d/acpi_id_registry.html +++ b/hwdb.d/acpi_id_registry.html @@ -110,6 +110,9 @@ Purism SPCPURI06/10/2021 Lontium Semiconductor CorporationLTSC07/21/2021 Wacom TechnologyWACF09/21/2021 + Shanghai Aiwei Electronic Technology Co., Ltd.AWDZ12/31/2021 + Silicom Ltd. Connectivity SolutionsSILC03/28/2022 + NOLO Co., Ltd.NOLO03/28/2022 diff --git a/hwdb.d/ma-large.txt b/hwdb.d/ma-large.txt index 82cbdee3360..67fd6c18365 100644 --- a/hwdb.d/ma-large.txt +++ b/hwdb.d/ma-large.txt @@ -437,12 +437,6 @@ AC5D5C (base 16) FN-LINK TECHNOLOGY LIMITED SHENZHEN GUANGDONG 518100 CN -A4-AE-11 (hex) Hon Hai Precision Ind. Co., Ltd. -A4AE11 (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - 54-DE-D0 (hex) Sevio Srl 54DED0 (base 16) Sevio Srl Via Dei Caniana 6/A @@ -1523,12 +1517,6 @@ CCE194 (base 16) Juniper Networks Sunnyvale CA 94089 US -90-02-18 (hex) BSkyB Ltd -900218 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 14-4E-2A (hex) Ciena Corporation 144E2A (base 16) Ciena Corporation 7035 Ridge Road @@ -2963,12 +2951,6 @@ A8D498 (base 16) Avira Operations GmbH & Co. KG Sunnyvale CA 94089 US -D0-58-FC (hex) BSkyB Ltd -D058FC (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 14-57-9F (hex) HUAWEI TECHNOLOGIES CO.,LTD 14579F (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -8222,12 +8204,6 @@ D0B0CD (base 16) Moen North Olmstead OH 44070-8022 US -70-50-AF (hex) BSkyB Ltd -7050AF (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - F4-EF-9E (hex) SGSG SCIENCE & TECHNOLOGY CO. LTD F4EF9E (base 16) SGSG SCIENCE & TECHNOLOGY CO. LTD 3RD Fl, Bldg A3, No.1 software Park Rd @@ -10064,12 +10040,6 @@ B499BA (base 16) Hewlett Packard Beijing 100101 CN -0C-F9-C0 (hex) BSkyB Ltd -0CF9C0 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 4C-FF-12 (hex) Fuze Entertainment Co., ltd 4CFF12 (base 16) Fuze Entertainment Co., ltd 3rd Floor Harbour Centre @@ -10088,12 +10058,6 @@ AC9A22 (base 16) NXP Semiconductors Hefei Anhui 230088 CN -80-6A-B0 (hex) Shenzhen TINNO Mobile Technology Corp. -806AB0 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F.,H-3 Building,OCT Eastern lndustrial Park - Nanshan District, Shenzhen GUANGDONG 518053 - CN - 48-AD-08 (hex) HUAWEI TECHNOLOGIES CO.,LTD 48AD08 (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -10622,12 +10586,6 @@ D07AB5 (base 16) HUAWEI TECHNOLOGIES CO.,LTD Chongqing Chongqing 401332 CN -7C-4C-A5 (hex) BSkyB Ltd -7C4CA5 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 00-14-A4 (hex) Hon Hai Precision Ind. Co.,Ltd. 0014A4 (base 16) Hon Hai Precision Ind. Co.,Ltd. Building D21,No.1, East Zone 1st Road @@ -10688,12 +10646,6 @@ C87B5B (base 16) zte corporation Seoul 13456 KR -C0-3E-0F (hex) BSkyB Ltd -C03E0F (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 90-4E-2B (hex) HUAWEI TECHNOLOGIES CO.,LTD 904E2B (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -18563,12 +18515,6 @@ D4C766 (base 16) Acentic GmbH Sungnam-Si Kyunggi-Do 463-870 KR -00-26-04 (hex) Audio Processing Technology Ltd -002604 (base 16) Audio Processing Technology Ltd - Whiterock Business Park - Belfast BT12 7FP - GB - 00-26-59 (hex) Nintendo Co., Ltd. 002659 (base 16) Nintendo Co., Ltd. 11-1 HOKOTATE-CHO KAMITOBA, MINAMI-KU @@ -31049,12 +30995,6 @@ D4C766 (base 16) Acentic GmbH GOLDEN CO 80401 US -00-00-BD (hex) Mitsubishi Cable Industries, Ltd. / Ryosei Systems -0000BD (base 16) Mitsubishi Cable Industries, Ltd. / Ryosei Systems - 8, NISHINO-CHO, HIGASHI-MUKOJIMA - AMAGASAKI HYOGO 660-0856 - JP - 00-00-2E (hex) SOCIETE EVIRA 00002E (base 16) SOCIETE EVIRA ZONE PORTUAIRE DE BREGAILLON @@ -32654,12 +32594,6 @@ B0E4D5 (base 16) Google, Inc. Mountain View CA 94043 US -D4-DA-CD (hex) BSkyB Ltd -D4DACD (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 68-69-CA (hex) Hitachi, Ltd. 6869CA (base 16) Hitachi, Ltd. 27-18, Minami Oi 6-chome, Shinagawa-ku @@ -34205,18 +34139,6 @@ BC0F9A (base 16) D-Link International Singapore Singapore 609917 SG -B0-45-30 (hex) BSkyB Ltd -B04530 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - -6C-A0-B4 (hex) BSkyB Ltd -6CA0B4 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 94-7B-BE (hex) Ubicquia LLC 947BBE (base 16) Ubicquia LLC BoA Building–Suite 1750, 401 E. Las Olas Boulevard @@ -34475,12 +34397,6 @@ DCCD74 (base 16) Japan E.M.Solutions Co., Ltd. Kato 673-1447 JP -00-12-93 (hex) ABB Power Protection (CH) -001293 (base 16) ABB Power Protection (CH) - 1501 Roanoke Blvd. - Salem VA 24153 - US - A0-3B-01 (hex) Kyung In Electronics A03B01 (base 16) Kyung In Electronics #1411, Byucksan Digital Valley 2, 184, Gasan Digital2-ro, Geumcheon-gu @@ -34619,12 +34535,6 @@ A0A3F0 (base 16) D-Link International Shenzhen 518000 CN -E0-6C-4E (hex) Shenzhen TINNO Mobile Technology Corp. -E06C4E (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - F0-25-8E (hex) HUAWEI TECHNOLOGIES CO.,LTD F0258E (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -35279,12 +35189,6 @@ C87B23 (base 16) Bose Corporation Moulineaux 92370 FR -30-8E-7A (hex) Shenzhen iComm Semiconductor CO.,LTD -308E7A (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Gargen City,No.1079,Nanhai Road,Nanshan District,Shenzhen. - Shenzhen 518067 - CN - 9C-1C-37 (hex) AltoBeam (China) Inc. 9C1C37 (base 16) AltoBeam (China) Inc. B808, Tsinghua Tongfang Hi-Tech Plaza, Haidian @@ -36833,12 +36737,6 @@ F8C3CC (base 16) Apple, Inc. Hangzhou Zhejiang 310052 CN -3C-9E-C7 (hex) BSkyB Ltd -3C9EC7 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 18-5B-00 (hex) Nokia 185B00 (base 16) Nokia 600 March Road @@ -37232,12 +37130,6 @@ A41752 (base 16) Hifocus Electronics India Private Limited Chennai Tamil Nadu 600002 IN -2C-DD-5F (hex) Shenzhen iComm Semiconductor CO.,LTD -2CDD5F (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Gargen City,No.1079,Nanhai Road,Nanshan District,Shenzhen. - Shenzhen 518067 - CN - 40-FE-95 (hex) New H3C Technologies Co., Ltd 40FE95 (base 16) New H3C Technologies Co., Ltd 466 Changhe Road, Binjiang District @@ -37496,12 +37388,6 @@ AC567B (base 16) Sunnovo International Limited Beijing Beijing 100083 CN -A0-B4-BF (hex) InfiNet LLC -A0B4BF (base 16) InfiNet LLC - office 11, 24 S.Deryabinoy st. - Yekaterinburg Sverdlovsk region 620102 - RU - 9C-C1-2D (hex) GD Midea Air-Conditioning Equipment Co.,Ltd. 9CC12D (base 16) GD Midea Air-Conditioning Equipment Co.,Ltd. Midea Global Innovation Center,Beijiao Town,Shunde @@ -37526,18 +37412,36 @@ DC8084 (base 16) Apple, Inc. Ernakulam KL 686662 IN -B0-5C-16 (hex) Fiberhome Telecommunication Technologies Co.,LTD -B05C16 (base 16) Fiberhome Telecommunication Technologies Co.,LTD - No.5 DongXin Road - Wuhan Hubei 430074 +E4-DA-DF (hex) Taicang T&W Electronics +E4DADF (base 16) Taicang T&W Electronics + 89# Jiang Nan RD + Suzhou Jiangsu 215412 CN -08-E0-21 (hex) Honor Device Co., Ltd. -08E021 (base 16) Honor Device Co., Ltd. - Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District - Shenzhen Guangdong 518040 +7C-35-F8 (hex) Zhejiang Tmall Technology Co., Ltd. +7C35F8 (base 16) Zhejiang Tmall Technology Co., Ltd. + No.969 Wenyi West Road, Wuchang Street, Yuhang District + Hangzhou Zhejiang 310024 + CN + +74-26-FF (hex) zte corporation +7426FF (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +C4-27-28 (hex) zte corporation +C42728 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 CN +C8-58-95 (hex) Motorola Mobility LLC, a Lenovo Company +C85895 (base 16) Motorola Mobility LLC, a Lenovo Company + 222 West Merchandise Mart Plaza + Chicago IL 60654 + US + A8-53-7D (hex) Mist Systems, Inc. A8537D (base 16) Mist Systems, Inc. 1601 South De Anza Blvd, Suite 248 @@ -37550,40 +37454,949 @@ A8537D (base 16) Mist Systems, Inc. San Francisco CA 94107 US +08-E0-21 (hex) Honor Device Co., Ltd. +08E021 (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +B0-5C-16 (hex) Fiberhome Telecommunication Technologies Co.,LTD +B05C16 (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + E8-D3-22 (hex) Cisco Systems, Inc E8D322 (base 16) Cisco Systems, Inc 80 West Tasman Drive San Jose CA 94568 US -E4-DA-DF (hex) Taicang T&W Electronics -E4DADF (base 16) Taicang T&W Electronics - 89# Jiang Nan RD - Suzhou Jiangsu 215412 +30-2B-DC (hex) Top-Unum Electronics Co., LTD +302BDC (base 16) Top-Unum Electronics Co., LTD + No. 58, Ln. 137, Jianshan Rd., Yingge Dist., + New Taipei City 239, Taiwan 239 CN -7C-35-F8 (hex) Zhejiang Tmall Technology Co., Ltd. -7C35F8 (base 16) Zhejiang Tmall Technology Co., Ltd. +8C-15-53 (hex) Beijing Memblaze Technology Co Ltd +8C1553 (base 16) Beijing Memblaze Technology Co Ltd + Building B2,Dongsheng Park, 66 Xixiaokou Road, Haidian + Beijing Beijing 100192 + CN + +D4-BD-4F (hex) Ruckus Wireless +D4BD4F (base 16) Ruckus Wireless + 350 West Java Drive + Sunnyvale CA 94089 + US + +5C-C9-C0 (hex) Renesas Electronics (Penang) Sdn. Bhd. +5CC9C0 (base 16) Renesas Electronics (Penang) Sdn. Bhd. + Phase 3, Bayan Lepas FIZ + Bayan Lepas Penang 11900 + MY + +6C-B1-58 (hex) TP-LINK TECHNOLOGIES CO.,LTD. +6CB158 (base 16) TP-LINK TECHNOLOGIES CO.,LTD. + Building 24(floors 1,3,4,5)and 28(floors 1-4)Central Science and Technology Park,Shennan Road,Nanshan + Shenzhen Guangdong 518057 + CN + +E8-81-AB (hex) Beijing Sankuai Online Technology Co.,Ltd +E881AB (base 16) Beijing Sankuai Online Technology Co.,Ltd + BC Building, China Electronic Science Taiji Information Technology Industry Base, Yard 7, Rongda Road, Chaoyang District + Beijing 100102 + CN + +1C-47-F6 (hex) Zhidao Network Technology(Shenzhen) Co.,Ltd +1C47F6 (base 16) Zhidao Network Technology(Shenzhen) Co.,Ltd + B3, 11 / F, Exiang Technology Building, No. 31, Zhongsi Road, Gaoxin, Maling Community, Yuehai Street, Nanshan District + Shenzhen 518000 + CN + +A0-B4-BF (hex) InfiNet LLC +A0B4BF (base 16) InfiNet LLC + Office 425, 69/75 Vavilova str. + Moscow\ 117335 + RU + +E8-EB-D3 (hex) Mellanox Technologies, Inc. +E8EBD3 (base 16) Mellanox Technologies, Inc. + 350 Oakmead Parkway, Suite 100 + Sunnyvale CA 94085 + US + +C0-06-0C (hex) HUAWEI TECHNOLOGIES CO.,LTD +C0060C (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +B0-A4-F0 (hex) HUAWEI TECHNOLOGIES CO.,LTD +B0A4F0 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +24-75-3A (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +24753A (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +90-F7-B2 (hex) New H3C Technologies Co., Ltd +90F7B2 (base 16) New H3C Technologies Co., Ltd + 466 Changhe Road, Binjiang District + Hangzhou Zhejiang 310052 + CN + +04-E3-1A (hex) Sagemcom Broadband SAS +04E31A (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +6C-99-9D (hex) Amazon Technologies Inc. +6C999D (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +7C-6A-60 (hex) China Mobile Group Device Co.,Ltd. +7C6A60 (base 16) China Mobile Group Device Co.,Ltd. + 32 Xuanwumen West Street,Xicheng District + Beijing 100053 + CN + +68-18-D9 (hex) Hill AFB - CAPRE Group +6818D9 (base 16) Hill AFB - CAPRE Group + 7278 4th Street + Hill AFB UT 84056 + US + +18-BC-57 (hex) ADVA Optical Networking Ltd. +18BC57 (base 16) ADVA Optical Networking Ltd. + ADVAntage House + York YO30 4RY + GB + +9C-A2-F4 (hex) TP-Link Corporation Limited +9CA2F4 (base 16) TP-Link Corporation Limited + Room 901,9/F.New East Ocean Centre, 9 Science Museum Road + Tsim Sha Tsui Kowloon 999077 + HK + +1C-61-B4 (hex) TP-Link Corporation Limited +1C61B4 (base 16) TP-Link Corporation Limited + Room 901,9/F.New East Ocean Centre, 9 Science Museum Road + Tsim Sha Tsui Kowloon 999077 + HK + +B4-69-5F (hex) TCT mobile ltd +B4695F (base 16) TCT mobile ltd + No.86 hechang 7th road, zhongkai, Hi-Tech District + Hui Zhou Guang Dong 516006 + CN + +D8-E2-DF (hex) Microsoft Corporation +D8E2DF (base 16) Microsoft Corporation + One Microsoft Way + REDMOND WA 98052 + US + +6C-93-08 (hex) IEEE Registration Authority +6C9308 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +38-8F-30 (hex) Samsung Electronics Co.,Ltd +388F30 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +24-06-F2 (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +2406F2 (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +84-C6-92 (hex) Texas Instruments +84C692 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +6C-B2-FD (hex) Texas Instruments +6CB2FD (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +6C-0F-61 (hex) Hypervolt Ltd +6C0F61 (base 16) Hypervolt Ltd + 25 Churchill Place + London E14 5EY + GB + +A0-44-66 (hex) Intellics +A04466 (base 16) Intellics + 697, Pangyo-ro, Bundang-gu + Seongnam-si Gyeonggi-do 13511 + KR + +CC-66-18 (hex) Adtran Inc +CC6618 (base 16) Adtran Inc + 901 Explorer Blvd. + Huntsville AL 35806-2807 + US + +C0-C1-70 (hex) Shenzhen SuperElectron Technology Co.,Ltd. +C0C170 (base 16) Shenzhen SuperElectron Technology Co.,Ltd. + 1213-1214, haosheng business center, dongbin road, nanshan street, nanshan district, shenzhen city + Shenzhen Guangdong 518000 + CN + +50-42-89 (hex) zte corporation +504289 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +30-8E-7A (hex) Shenzhen iComm Semiconductor CO.,LTD +308E7A (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +2C-DD-5F (hex) Shenzhen iComm Semiconductor CO.,LTD +2CDD5F (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +C0-6D-ED (hex) Hangzhou Hikvision Digital Technology Co.,Ltd. +C06DED (base 16) Hangzhou Hikvision Digital Technology Co.,Ltd. + No.555 Qianmo Road + Hangzhou Zhejiang 310052 + CN + +44-6D-7F (hex) Amazon Technologies Inc. +446D7F (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno 89507 + US + +E0-27-6C (hex) Guangzhou Shiyuan Electronic Technology Company Limited +E0276C (base 16) Guangzhou Shiyuan Electronic Technology Company Limited + No.6, 4th Yunpu Road, Yunpu industry District + Guangzhou Guangdong 510530 + CN + +90-93-5A (hex) ARRIS Group, Inc. +90935A (base 16) ARRIS Group, Inc. + 6450 Sequence Drive + San Diego CA 92121 + US + +AC-8F-A9 (hex) Nokia Solutions and Networks GmbH & Co. KG +AC8FA9 (base 16) Nokia Solutions and Networks GmbH & Co. KG + Werinherstrasse 91 + München Bavaria D-81541 + DE + +4C-73-4F (hex) Juniper Networks +4C734F (base 16) Juniper Networks + 1133 Innovation Way + Sunnyvale CA 94089 + US + +24-EB-ED (hex) HUAWEI TECHNOLOGIES CO.,LTD +24EBED (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +AC-51-AB (hex) HUAWEI TECHNOLOGIES CO.,LTD +AC51AB (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +48-CD-D3 (hex) HUAWEI TECHNOLOGIES CO.,LTD +48CDD3 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +F8-AD-24 (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +F8AD24 (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +A8-C9-8A (hex) New H3C Technologies Co., Ltd +A8C98A (base 16) New H3C Technologies Co., Ltd + 466 Changhe Road, Binjiang District + Hangzhou Zhejiang 310052 + CN + +44-29-1E (hex) AltoBeam (China) Inc. +44291E (base 16) AltoBeam (China) Inc. + B808, Tsinghua Tongfang Hi-Tech Plaza, Haidian + Beijing Beijing 100083 + CN + +DC-8E-95 (hex) Silicon Laboratories +DC8E95 (base 16) Silicon Laboratories + 400 West Cesar Chavez Street + Austin TX 78701 + US + +7C-EF-40 (hex) Nextorage Corporation +7CEF40 (base 16) Nextorage Corporation + Kawasaki-eki-mae Tower Riverk 9F, 12-1, Ekimaehoncho, Kawasaki-ku + Kawasaki City Kanagawa 210-0007 + JP + +28-BE-43 (hex) vivo Mobile Communication Co., Ltd. +28BE43 (base 16) vivo Mobile Communication Co., Ltd. + No.1, vivo Road, Chang'an + Dongguan Guangdong 523860 + CN + +2C-FC-8B (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +2CFC8B (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +28-74-F5 (hex) Nokia Solutions and Networks GmbH & Co. KG +2874F5 (base 16) Nokia Solutions and Networks GmbH & Co. KG + Werinherstrasse 91 + München Bavaria D-81541 + DE + +B0-1F-8C (hex) Aruba, a Hewlett Packard Enterprise Company +B01F8C (base 16) Aruba, a Hewlett Packard Enterprise Company + 3333 Scott Blvd + Santa Clara CA 95054 + US + +C0-E0-1C (hex) IoT Security Group, SL +C0E01C (base 16) IoT Security Group, SL + Calle Pez Dorado, 27, local 2 + Torremolinos Malaga 29620 + ES + +00-26-04 (hex) WorldCast Systems +002604 (base 16) WorldCast Systems + 20 Avenue Neil Armstrong + Mérignac 33700 + FR + +00-CB-7A (hex) Technicolor CH USA Inc. +00CB7A (base 16) Technicolor CH USA Inc. + 5030 Sugarloaf Parkway Bldg 6 + Lawrenceville GA 30044 + US + +F8-AB-82 (hex) Xiaomi Communications Co Ltd +F8AB82 (base 16) Xiaomi Communications Co Ltd + #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road + Beijing Haidian District 100085 + CN + +EC-30-B3 (hex) Xiaomi Communications Co Ltd +EC30B3 (base 16) Xiaomi Communications Co Ltd + #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road + Beijing Haidian District 100085 + CN + +1C-AF-4A (hex) Samsung Electronics Co.,Ltd +1CAF4A (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +C8-12-0B (hex) Samsung Electronics Co.,Ltd +C8120B (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +90-2C-FB (hex) CanTops Co,.Ltd. +902CFB (base 16) CanTops Co,.Ltd. + A-1002 Digital Empire, 16, Deogyong-daero 1556beon-gil + Yeongtong-gu Suwon-si, Gyonggi-do 1660 + KR + +A8-A2-37 (hex) Arcadyan Corporation +A8A237 (base 16) Arcadyan Corporation + No.8, Sec.2, Guangfu Rd. + Hsinchu City Hsinchu 30071 + TW + +00-00-BD (hex) RYOSEI, Ltd. +0000BD (base 16) RYOSEI, Ltd. + 16-4, kitahatsushima-cho + Amagasaki-shi Hyogo 660-0834 + JP + +AC-CC-FC (hex) Amazon Technologies Inc. +ACCCFC (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +08-E6-3B (hex) zte corporation +08E63B (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +88-C1-74 (hex) zte corporation +88C174 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +C8-9E-61 (hex) Lyngsoe Systems LTd +C89E61 (base 16) Lyngsoe Systems LTd + 101 Simona Dr., Unit 2 + Bolton Ontario L7E 4E8 + CA + +9C-57-BC (hex) eero inc. +9C57BC (base 16) eero inc. + 660 3rd Street + San Francisco CA 94107 + US + +2C-82-17 (hex) Apple, Inc. +2C8217 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +14-2D-4D (hex) Apple, Inc. +142D4D (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +EC-42-CC (hex) Apple, Inc. +EC42CC (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +B8-21-1C (hex) Apple, Inc. +B8211C (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +D4-5A-3F (hex) Juniper Networks +D45A3F (base 16) Juniper Networks + 1133 Innovation Way + Sunnyvale CA 94089 + US + +E8-DC-6C (hex) Cisco Systems, Inc +E8DC6C (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +48-B4-C3 (hex) Aruba, a Hewlett Packard Enterprise Company +48B4C3 (base 16) Aruba, a Hewlett Packard Enterprise Company + 3333 Scott Blvd + Santa Clara CA 95054 + US + +B0-3F-64 (hex) Apple, Inc. +B03F64 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +68-A7-B4 (hex) Honor Device Co., Ltd. +68A7B4 (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +80-3C-20 (hex) HUAWEI TECHNOLOGIES CO.,LTD +803C20 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +A4-DD-58 (hex) HUAWEI TECHNOLOGIES CO.,LTD +A4DD58 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +E0-28-B1 (hex) Shenzhen Skyworth Digital Technology CO., Ltd +E028B1 (base 16) Shenzhen Skyworth Digital Technology CO., Ltd + 4F,Block A, Skyworth?Building, + Shenzhen Guangdong 518057 + CN + +C0-8D-51 (hex) Amazon Technologies Inc. +C08D51 (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +44-B4-B2 (hex) Amazon Technologies Inc. +44B4B2 (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +6C-15-24 (hex) IEEE Registration Authority +6C1524 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +78-03-4F (hex) Nokia +78034F (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +00-12-93 (hex) ABB Switzerland Ltd. +001293 (base 16) ABB Switzerland Ltd. + Via Luserte Sud 9 Quartino + Quartino 6572 + CH + +C0-E9-11 (hex) Private +C0E911 (base 16) Private + +14-F5-92 (hex) Shenzhen SDG DONZHI Technology Co., Ltd +14F592 (base 16) Shenzhen SDG DONZHI Technology Co., Ltd + 1001 SDG Information Technology Building, No.2 Qiongyu Road, Science park Community, Yuehai Street, Nanshan District, + Shenzhen GuangDong 518000 + CN + +4C-09-FA (hex) FRONTIER SMART TECHNOLOGIES LTD +4C09FA (base 16) FRONTIER SMART TECHNOLOGIES LTD + 17 Waterloo Place + London SW1Y 4AR + GB + +24-2C-FE (hex) Zhejiang Tmall Technology Co., Ltd. +242CFE (base 16) Zhejiang Tmall Technology Co., Ltd. No.969 Wenyi West Road, Wuchang Street, Yuhang District Hangzhou Zhejiang 310024 CN -74-26-FF (hex) zte corporation -7426FF (base 16) zte corporation +A0-42-D1 (hex) Huawei Device Co., Ltd. +A042D1 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +2C-DC-78 (hex) Descartes Systems (USA) LLC +2CDC78 (base 16) Descartes Systems (USA) LLC + 2030 Powers Ferry Road SE + Atlanta GA 303339 + US + +58-87-9F (hex) Huawei Device Co., Ltd. +58879F (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +E8-D8-7E (hex) Amazon Technologies Inc. +E8D87E (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +9C-1F-CA (hex) Hangzhou AlmightyDigit Technology Co., Ltd +9C1FCA (base 16) Hangzhou AlmightyDigit Technology Co., Ltd + Room A0041, 10 / F, building 1, Haizhi center, Cangqian street, Yuhang District + Hangzhou Zhejiang 310000 + CN + +84-70-D7 (hex) eero inc. +8470D7 (base 16) eero inc. + 660 3rd Street + San Francisco CA 94107 + US + +E0-6C-4E (hex) Shenzhen TINNO Mobile Technology Corp. +E06C4E (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +58-1D-D8 (hex) Sagemcom Broadband SAS +581DD8 (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +80-6A-B0 (hex) Shenzhen TINNO Mobile Technology Corp. +806AB0 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +F4-B3-B1 (hex) Silicon Laboratories +F4B3B1 (base 16) Silicon Laboratories + 400 West Cesar Chavez Street + Austin TX 78701 + US + +04-69-8F (hex) Juniper Networks +04698F (base 16) Juniper Networks + 1133 Innovation Way + Sunnyvale CA 94089 + US + +14-9B-F3 (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +149BF3 (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +10-07-1D (hex) Fiberhome Telecommunication Technologies Co.,LTD +10071D (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +10-B2-32 (hex) Qingdao Intelligent&Precise Electronics Co.,Ltd. +10B232 (base 16) Qingdao Intelligent&Precise Electronics Co.,Ltd. + No.218 Qianwangang Road + Qingdao Shangdong 266510 + CN + +B8-50-D8 (hex) Beijing Xiaomi Mobile Software Co., Ltd +B850D8 (base 16) Beijing Xiaomi Mobile Software Co., Ltd + The Rainbow City Office Building, 68 Qinghe Middle Street Haidian District + Beijing Beijing 100085 + CN + +C0-9F-51 (hex) SERNET (SUZHOU) TECHNOLOGIES CORPORATION +C09F51 (base 16) SERNET (SUZHOU) TECHNOLOGIES CORPORATION + NO.8 Tangzhuang Road,Suzhou Industrial Park,Su ZhouCity,JiangSu Province,China + Suzhou 215021 + CN + +80-02-F4 (hex) IEEE Registration Authority +8002F4 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +A0-CD-F3 (hex) Murata Manufacturing Co., Ltd. +A0CDF3 (base 16) Murata Manufacturing Co., Ltd. + 1-10-1, Higashikotari + Nagaokakyo-shi Kyoto 617-8555 + JP + +B4-8A-0A (hex) Espressif Inc. +B48A0A (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +C8-3A-1B (hex) Toshiba TEC Corporation Inc +C83A1B (base 16) Toshiba TEC Corporation Inc + Oval Court Ohsaki Mark East + Shinagawa-ku Tokyo 141-8664 + JP + +EC-A6-2F (hex) HUAWEI TECHNOLOGIES CO.,LTD +ECA62F (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +AC-5A-F0 (hex) LG Electronics +AC5AF0 (base 16) LG Electronics + 222 LG-ro, JINWI-MYEON + Pyeongtaek-si Gyeonggi-do 451-713 + KR + +5C-53-C3 (hex) Ubee Interactive Co., Limited +5C53C3 (base 16) Ubee Interactive Co., Limited + Flat/RM 1202, 12/F, AT Tower, 180 Electric Road + North Point 00000 + HK + +24-32-AE (hex) Hangzhou Hikvision Digital Technology Co.,Ltd. +2432AE (base 16) Hangzhou Hikvision Digital Technology Co.,Ltd. + No.555 Qianmo Road + Hangzhou Zhejiang 310052 + CN + +38-22-F4 (hex) Huawei Device Co., Ltd. +3822F4 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +0C-BE-F1 (hex) Huawei Device Co., Ltd. +0CBEF1 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +AC-93-6A (hex) Huawei Device Co., Ltd. +AC936A (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +38-A4-4B (hex) Huawei Device Co., Ltd. +38A44B (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +1C-0E-D3 (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +1C0ED3 (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +7C-4C-A5 (hex) SKY UK LIMITED +7C4CA5 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +C0-3E-0F (hex) SKY UK LIMITED +C03E0F (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +0C-F9-C0 (hex) SKY UK LIMITED +0CF9C0 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +70-50-AF (hex) SKY UK LIMITED +7050AF (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +24-29-34 (hex) Google, Inc. +242934 (base 16) Google, Inc. + 1600 Amphitheatre Parkway + Mountain View CA 94043 + US + +38-0A-4F (hex) PRACHI ENTERPRISES +380A4F (base 16) PRACHI ENTERPRISES + B-141, 2nd FLOOR SECTOR-6 NOIDA + NOIDA UTTARPRADESH 201301 + IN + +80-19-70 (hex) Samsung Electronics Co.,Ltd +801970 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +E0-F7-28 (hex) Amazon Technologies Inc. +E0F728 (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +B8-FB-AF (hex) Xiamen IPRT Technology CO.,LTD +B8FBAF (base 16) Xiamen IPRT Technology CO.,LTD + 3~5Floor,No.101,Huili Industry Park,Meixi Road,Tongan District,Xiamen,China. + xiamen fujian 361000 + CN + +34-85-18 (hex) Espressif Inc. +348518 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +D4-DA-CD (hex) SKY UK LIMITED +D4DACD (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +B0-45-30 (hex) SKY UK LIMITED +B04530 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +6C-A0-B4 (hex) SKY UK LIMITED +6CA0B4 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +3C-9E-C7 (hex) SKY UK LIMITED +3C9EC7 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +EC-E6-A2 (hex) Fiberhome Telecommunication Technologies Co.,LTD +ECE6A2 (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +04-E8-B9 (hex) Intel Corporate +04E8B9 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +E0-2E-0B (hex) Intel Corporate +E02E0B (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +A4-AE-11 (hex) Hon Hai Precision Industry Co., Ltd. +A4AE11 (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +D0-58-FC (hex) SKY UK LIMITED +D058FC (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +90-02-18 (hex) SKY UK LIMITED +900218 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +38-5C-FB (hex) Silicon Laboratories +385CFB (base 16) Silicon Laboratories + 400 West Cesar Chavez Street + Austin TX 78701 + US + +C4-3D-1A (hex) Intel Corporate +C43D1A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +BC-F8-8B (hex) zte corporation +BCF88B (base 16) zte corporation 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China shenzhen guangdong 518057 CN -C4-27-28 (hex) zte corporation -C42728 (base 16) zte corporation +68-53-9D (hex) EM Microelectronic +68539D (base 16) EM Microelectronic + Rue des Sors 3 + Marin-Epagnier Neuchatel 2074 + CH + +E4-65-64 (hex) SHENZHEN KTC TECHNOLOGY CO.,LTD +E46564 (base 16) SHENZHEN KTC TECHNOLOGY CO.,LTD + Add: NO.4023, Wuhe Road, Bantian, Longgang District, Shenzhen, China + SHEN ZHEN GUANG DONG 518100 + CN + +C8-BF-4C (hex) Beijing Xiaomi Mobile Software Co., Ltd +C8BF4C (base 16) Beijing Xiaomi Mobile Software Co., Ltd + The Rainbow City Office Building, 68 Qinghe Middle Street Haidian District + Beijing Beijing 100085 + CN + +E8-CC-8C (hex) Chengdu Jia Rui Hua Lian Communication Technology Co.,Ltd. +E8CC8C (base 16) Chengdu Jia Rui Hua Lian Communication Technology Co.,Ltd. + 5th Floor, Building F, Huirong Plaza (Jinhua), No. 88, Section 3, Jinhua Road, Industrial Park, Jinjiang District, Chengdu, Sichuan Province + Chengdu Sichuan 610000 + CN + +58-1C-F8 (hex) Intel Corporate +581CF8 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +AC-19-8E (hex) Intel Corporate +AC198E (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +C8-5E-A9 (hex) Intel Corporate +C85EA9 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +3C-E0-64 (hex) Texas Instruments +3CE064 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +E0-92-8F (hex) Texas Instruments +E0928F (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +CC-03-7B (hex) Texas Instruments +CC037B (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +E0-51-D8 (hex) China Dragon Technology Limited +E051D8 (base 16) China Dragon Technology Limited + B4 Bldg.Haoshan 1st Industry Park, + Shenzhen Guangdong 518104 + CN + +CC-29-BD (hex) zte corporation +CC29BD (base 16) zte corporation 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China shenzhen guangdong 518057 CN -C8-58-95 (hex) Motorola Mobility LLC, a Lenovo Company -C85895 (base 16) Motorola Mobility LLC, a Lenovo Company - 222 West Merchandise Mart Plaza - Chicago IL 60654 +7C-DE-78 (hex) New H3C Technologies Co., Ltd +7CDE78 (base 16) New H3C Technologies Co., Ltd + 466 Changhe Road, Binjiang District + Hangzhou Zhejiang 310052 + CN + +5C-60-BA (hex) HP Inc. +5C60BA (base 16) HP Inc. + 10300 Energy Dr + Spring TX 77389 + US + +20-9C-B4 (hex) Aruba, a Hewlett Packard Enterprise Company +209CB4 (base 16) Aruba, a Hewlett Packard Enterprise Company + 3333 Scott Blvd + Santa Clara CA 95054 US 9C-FF-C2 (hex) AVI Systems GmbH @@ -37874,12 +38687,6 @@ ACFE05 (base 16) ITEL MOBILE LIMITED NO.68, Qinghe Middle Street Haidian District, Beijing 100085 CN -B0-3E-51 (hex) BSkyB Ltd -B03E51 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 5C-E8-83 (hex) HUAWEI TECHNOLOGIES CO.,LTD 5CE883 (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -37928,12 +38735,6 @@ F887F1 (base 16) Apple, Inc. Brandýs nad Labem 250 01 CZ -80-72-15 (hex) BSkyB Ltd -807215 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 74-D6-37 (hex) Amazon Technologies Inc. 74D637 (base 16) Amazon Technologies Inc. P.O Box 8102 @@ -39044,12 +39845,6 @@ BC3E07 (base 16) Hitron Technologies. Inc Gyeonggi-do KSXX0024 KR -0C-EC-84 (hex) Shenzhen TINNO Mobile Technology Corp. -0CEC84 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 9C-DB-07 (hex) Thum+Mahr GmbH 9CDB07 (base 16) Thum+Mahr GmbH Heinrich-Hertz-Strasse 1-3 @@ -41879,12 +42674,6 @@ F0EFD2 (base 16) TF PAYMENT SERVICE CO., LTD Shanghai Shanghai 201203 CN -F4-93-9F (hex) Hon Hai Precision Ind. Co., Ltd. -F4939F (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - 00-07-26 (hex) SHENZHEN GONGJIN ELECTRONICS CO.,LT 000726 (base 16) SHENZHEN GONGJIN ELECTRONICS CO.,LT A211-A213 & B201-B210, 2F, Baiying Building, 1019#, Nanhai RD, Shekou Party, Nanshan District, @@ -44579,12 +45368,6 @@ E47B3F (base 16) BEIJING CO-CLOUD TECHNOLOGY LTD. Shanghai Shanghai 201114 CN -00-18-48 (hex) Vecima Networks Inc. -001848 (base 16) Vecima Networks Inc. - 150 Cardinal Place - Saskatoon SK S7L 6H7 - CA - 00-16-FB (hex) SHENZHEN MTC CO LTD 0016FB (base 16) SHENZHEN MTC CO LTD 5/F BenYuan Bldg,6015 ShenNan Road @@ -46655,12 +47438,6 @@ DCC0EB (base 16) ASSA ABLOY CÔTE PICARDE Cupertino CA 95014 US -A0-F8-95 (hex) Shenzhen TINNO Mobile Technology Corp. -A0F895 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F.,H-3 Building,OCT Eastern lndustrial Park. - Nanshan District, Shenzhen GUANGDONG 518053 - CN - 00-78-CD (hex) Ignition Design Labs 0078CD (base 16) Ignition Design Labs 1550 Technology Drive @@ -50480,12 +51257,6 @@ B8F828 (base 16) Changshu Gaoshida Optoelectronic Technology Co. Ltd. Glockengießerweg 2 Bielefeld 33659 DE -2C-55-3C (hex) Gainspeed, Inc. -2C553C (base 16) Gainspeed, Inc. - 295 Santa Ana Court - Sunnyvale CA 94085 - US - 24-80-00 (hex) Westcontrol AS 248000 (base 16) Westcontrol AS Breivikvg 7 @@ -55382,12 +56153,6 @@ D4AAFF (base 16) MICRO WORLD Shanghai 200127 CN -00-25-CA (hex) LS Research, LLC -0025CA (base 16) LS Research, LLC - W66 N220 Commerce Court - Cedarburg WI 53012 - US - 00-25-B4 (hex) Cisco Systems, Inc 0025B4 (base 16) Cisco Systems, Inc 80 West Tasman Drive @@ -55532,12 +56297,6 @@ D4AAFF (base 16) MICRO WORLD Menlo Park CA 94025-1431 US -00-24-E4 (hex) Withings -0024E4 (base 16) Withings - 37bis rue du General Leclerc - Issy les Moulineaux 92442 - FR - 00-24-DE (hex) GLOBAL Technology Inc. 0024DE (base 16) GLOBAL Technology Inc. No.168,Shanshan Rd., Wangchun Industrial Park, @@ -57893,12 +58652,6 @@ D4AAFF (base 16) MICRO WORLD Vuokatti Kainuu 88610 FI -00-1A-35 (hex) BARTEC GmbH -001A35 (base 16) BARTEC GmbH - Schulstraße 30 - Gotteszell Bavaria 94239 - DE - 00-1A-37 (hex) Lear Corporation 001A37 (base 16) Lear Corporation Industriestrasse 48 @@ -59633,12 +60386,6 @@ D4AAFF (base 16) MICRO WORLD Soenderborg DK 6400 DK -00-13-B4 (hex) Appear TV -0013B4 (base 16) Appear TV - P.O. Box 8 Lilleaker - Oslo NO-0216 - NO - 00-13-AE (hex) Radiance Technologies, Inc. 0013AE (base 16) Radiance Technologies, Inc. 350 Wynn Dr. @@ -68321,12 +69068,6 @@ F854B8 (base 16) Amazon Technologies Inc. York YO30 4RY GB -B4-39-39 (hex) Shenzhen TINNO Mobile Technology Corp. -B43939 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - A0-AB-51 (hex) WEIFANG GOERTEK ELECTRONICS CO.,LTD A0AB51 (base 16) WEIFANG GOERTEK ELECTRONICS CO.,LTD Gaoxin 2 Road, Free Trade Zone,Weifang,Shandong,261205,P.R.China @@ -68441,12 +69182,6 @@ D89E61 (base 16) Huawei Device Co., Ltd. Rotkreuz CH-6343 CH -80-75-1F (hex) BSkyB Ltd -80751F (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - E8-5A-8B (hex) Xiaomi Communications Co Ltd E85A8B (base 16) Xiaomi Communications Co Ltd The Rainbow City of China Resources @@ -69833,12 +70568,6 @@ B47947 (base 16) Nutanix Hsinchu 30077 TW -38-F0-C8 (hex) Mevo Inc. -38F0C8 (base 16) Mevo Inc. - 19 Morris Avenue - Brooklyn NY 11205 - US - 5C-FE-9E (hex) Wiwynn Corporation Tainan Branch 5CFE9E (base 16) Wiwynn Corporation Tainan Branch 4F, NO. 8, Beiyuan 3rd Rd., Anding Dist., @@ -70265,12 +70994,6 @@ A0CFF5 (base 16) zte corporation Dongguan Guangdong 523808 CN -C0-A3-6E (hex) BSkyB Ltd -C0A36E (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 60-32-B1 (hex) TP-LINK TECHNOLOGIES CO.,LTD. 6032B1 (base 16) TP-LINK TECHNOLOGIES CO.,LTD. Building 24(floors 1,3,4,5)and 28(floors 1-4)Central Science and Technology Park,Shennan Road,Nanshan @@ -70547,12 +71270,6 @@ CC483A (base 16) Dell Inc. Round Rock TX 78682 US -A4-AE-12 (hex) Hon Hai Precision Ind. Co., Ltd. -A4AE12 (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - DC-A3-A2 (hex) Feng mi(Beijing)technology co., LTD DCA3A2 (base 16) Feng mi(Beijing)technology co., LTD RenHe Town barracks south street 10 yuan 33 level 301 @@ -71657,12 +72374,6 @@ E428A4 (base 16) Prama India Private Limited Reno NV 89507 US -00-0F-A0 (hex) CANON KOREA BUSINESS SOLUTIONS INC. -000FA0 (base 16) CANON KOREA BUSINESS SOLUTIONS INC. - Canon BS Tower, 607 Teheran-ro - Seoul Gangnam-gu 06173 - KR - 40-8C-1F (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD 408C1F (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD NO.18 HAIBIN ROAD, @@ -72809,12 +73520,6 @@ ECA81F (base 16) Technicolor CH USA Inc. Lawrenceville GA 30044 US -90-B5-7F (hex) Shenzhen iComm Semiconductor CO.,LTD -90B57F (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Gargen City,No.1079,Nanhai Road,Nanshan District,Shenzhen. - Shenzhen 518067 - CN - C0-F8-27 (hex) Rapidmax Technology Corporation C0F827 (base 16) Rapidmax Technology Corporation 3F., No.531, Zhongzheng Rd. Xindian Dist. @@ -73223,12 +73928,6 @@ E0C58F (base 16) China Mobile IOT Company Limited Shanghai Shanghai 201203 CN -00-A3-88 (hex) BSkyB Ltd -00A388 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 50-3D-EB (hex) Zhejiang Tmall Technology Co., Ltd. 503DEB (base 16) Zhejiang Tmall Technology Co., Ltd. Ali Center,No.3331 Keyuan South RD (Shenzhen bay), Nanshan District, Shenzhen Guangdong province @@ -74633,6 +75332,24 @@ D850A1 (base 16) Hunan Danuo Technology Co.,LTD Ankara 06520 TR +48-51-D0 (hex) Jiangsu Xinsheng Intelligent Technology Co., Ltd. +4851D0 (base 16) Jiangsu Xinsheng Intelligent Technology Co., Ltd. + 18th Floor,Inno laser Building,18-69 Changwu Mid Road,Changzhou Science & Education Town,Wujin District,Changzhou,Jiangsu213000,China + Changzhou Jiangsu 213000 + CN + +80-77-A4 (hex) TECNO MOBILE LIMITED +8077A4 (base 16) TECNO MOBILE LIMITED + ROOMS 05-15, 13A/F., SOUTH TOWER, WORLD FINANCE CENTRE, HARBOUR CITY, 17 CANTON ROAD, TSIM SHA TSUI, KOWLOON, HONG KONG + Hong Kong Hong Kong 999077 + HK + +7C-6C-F0 (hex) Shenzhen TINNO Mobile Technology Corp. +7C6CF0 (base 16) Shenzhen TINNO Mobile Technology Corp. + 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen + Shenzhen guangdong 518053 + CN + 00-C3-0A (hex) Xiaomi Communications Co Ltd 00C30A (base 16) Xiaomi Communications Co Ltd #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road @@ -74663,29 +75380,1001 @@ B42875 (base 16) Futecho Solutions Private Limited San Francisco CA 94107 US -48-51-D0 (hex) Jiangsu Xinsheng Intelligent Technology Co., Ltd. -4851D0 (base 16) Jiangsu Xinsheng Intelligent Technology Co., Ltd. - 18th Floor,Inno laser Building,18-69 Changwu Mid Road,Changzhou Science & Education Town,Wujin District,Changzhou,Jiangsu213000,China - Changzhou Jiangsu 213000 +00-A0-A2 (hex) B810 S.R.L. +00A0A2 (base 16) B810 S.R.L. + Via E. Lazzaretti 2/1 + Reggio Emilia (RE) 42122 + IT + +38-68-BE (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +3868BE (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 CN -80-77-A4 (hex) TECNO MOBILE LIMITED -8077A4 (base 16) TECNO MOBILE LIMITED - ROOMS 05-15, 13A/F., SOUTH TOWER, WORLD FINANCE CENTRE, HARBOUR CITY, 17 CANTON ROAD, TSIM SHA TSUI, KOWLOON, HONG KONG - Hong Kong Hong Kong 999077 +DC-9A-7D (hex) HISENSE VISUAL TECHNOLOGY CO.,LTD +DC9A7D (base 16) HISENSE VISUAL TECHNOLOGY CO.,LTD + Qianwangang Road 218 + Qingdao Shandong 266510 + CN + +28-A5-3F (hex) vivo Mobile Communication Co., Ltd. +28A53F (base 16) vivo Mobile Communication Co., Ltd. + No.1, vivo Road, Chang'an + Dongguan Guangdong 523860 + CN + +8C-49-B6 (hex) vivo Mobile Communication Co., Ltd. +8C49B6 (base 16) vivo Mobile Communication Co., Ltd. + No.1, vivo Road, Chang'an + Dongguan Guangdong 523860 + CN + +84-F1-D0 (hex) EHOOME IOT PRIVATE LIMITED +84F1D0 (base 16) EHOOME IOT PRIVATE LIMITED + A-13, SECTOR-83, + NOIDA UTTAR PRADESH 201301 + IN + +20-8B-D1 (hex) NXP Semiconductor (Tianjin) LTD. +208BD1 (base 16) NXP Semiconductor (Tianjin) LTD. + No.15 Xinghua Avenue, Xiqing Economic Development Area + Tianjin 300385 + CN + +00-0F-A0 (hex) Canon Korea Inc. +000FA0 (base 16) Canon Korea Inc. + 607, Teheran-ro, Gangnam-gu + Seoul Gangnam-gu 06173 + KR + +30-BB-7D (hex) OnePlus Technology (Shenzhen) Co., Ltd +30BB7D (base 16) OnePlus Technology (Shenzhen) Co., Ltd + 18C02, 18C03, 18C04 ,18C05,TAIRAN BUILDING, + Shenzhen Guangdong 518000 + CN + +6C-67-EF (hex) HUAWEI TECHNOLOGIES CO.,LTD +6C67EF (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +88-69-3D (hex) HUAWEI TECHNOLOGIES CO.,LTD +88693D (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +00-99-1D (hex) HUAWEI TECHNOLOGIES CO.,LTD +00991D (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +30-CB-36 (hex) Belden Singapore Pte. Ltd. +30CB36 (base 16) Belden Singapore Pte. Ltd. + 151 Lorong Chuan #05-01 New Tech Park Singapore + Singapore 556741 + SG + +B8-3F-D2 (hex) Mellanox Technologies, Inc. +B83FD2 (base 16) Mellanox Technologies, Inc. + 350 Oakmead Parkway, Suite 100 + Sunnyvale CA 94085 + US + +28-3E-0C (hex) Preferred Robotics, Inc. +283E0C (base 16) Preferred Robotics, Inc. + Otemachi Bldg. 1-6-1 Otemachi + Chiyoda-ku Tokyo 100-0004 + JP + +8C-17-59 (hex) Intel Corporate +8C1759 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +04-BC-9F (hex) Calix Inc. +04BC9F (base 16) Calix Inc. + 2777 Orchard Pkwy + San Jose CA 95131 + US + +6C-A4-01 (hex) essensys plc +6CA401 (base 16) essensys plc + Aldgate Tower, Leman Street + London E1 8FA + GB + +34-92-C2 (hex) Square Route Co., Ltd. +3492C2 (base 16) Square Route Co., Ltd. + Area-Shinagawa 13F, 1-9-36, Konan, Minato-ku + Tokyo Tokyo 108-0075 + JP + +34-BD-20 (hex) Hangzhou Hikrobot Technology Co., Ltd. +34BD20 (base 16) Hangzhou Hikrobot Technology Co., Ltd. + Room 304, Unit B, Building 2, 399 Danfeng Road, Binjiang District, Hangzhou, Zhejiang + Hangzhou 310052 + CN + +64-C2-69 (hex) eero inc. +64C269 (base 16) eero inc. + 660 3rd Street + San Francisco CA 94107 + US + +B0-4A-6A (hex) Samsung Electronics Co.,Ltd +B04A6A (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +A8-79-8D (hex) Samsung Electronics Co.,Ltd +A8798D (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +5C-ED-F4 (hex) Samsung Electronics Co.,Ltd +5CEDF4 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +28-3D-C2 (hex) Samsung Electronics Co.,Ltd +283DC2 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +BC-6E-6D (hex) EM Microelectronic +BC6E6D (base 16) EM Microelectronic + Rue des Sors 3 + Marin-Epagnier Neuchatel 2074 + CH + +00-D4-9E (hex) Intel Corporate +00D49E (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +CC-F3-05 (hex) SHENZHEN TIAN XING CHUANG ZHAN ELECTRONIC CO.,LTD +CCF305 (base 16) SHENZHEN TIAN XING CHUANG ZHAN ELECTRONIC CO.,LTD + Second floor, Building A, FengHangAvenue, Hangcheng Street, Bao'an District + Shenzhen Guangdong 518126 + CN + +AC-2A-A1 (hex) Cisco Systems, Inc +AC2AA1 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +F8-E9-4F (hex) Cisco Systems, Inc +F8E94F (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +30-89-4A (hex) Intel Corporate +30894A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +E0-6C-C5 (hex) Huawei Device Co., Ltd. +E06CC5 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +30-96-3B (hex) Huawei Device Co., Ltd. +30963B (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +8C-6B-DB (hex) Huawei Device Co., Ltd. +8C6BDB (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +10-DA-49 (hex) Huawei Device Co., Ltd. +10DA49 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +60-18-3A (hex) Huawei Device Co., Ltd. +60183A (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +18-C0-07 (hex) Huawei Device Co., Ltd. +18C007 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +98-59-7A (hex) Intel Corporate +98597A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +64-49-7D (hex) Intel Corporate +64497D (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +B8-D6-1A (hex) Espressif Inc. +B8D61A (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +00-25-CA (hex) Laird Connectivity +0025CA (base 16) Laird Connectivity + W66 N220 Commerce Court + Cedarburg WI 53012 + US + +90-B5-7F (hex) Shenzhen iComm Semiconductor CO.,LTD +90B57F (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +74-56-3C (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. +74563C (base 16) GIGA-BYTE TECHNOLOGY CO.,LTD. + Pin-Jen City, Taoyuan, Taiwan, R.O.C. + Pin-Jen Taoyuan 324 + TW + +D8-9C-8E (hex) Comcast Cable Corporation +D89C8E (base 16) Comcast Cable Corporation + 1800 Arch Street + Philadelphia PA 19103 + US + +04-B9-7D (hex) AiVIS Co., Itd. +04B97D (base 16) AiVIS Co., Itd. + 112, Dumipo-ro, Jung-gu + Incheon Incheon 22394 + KR + +BC-F4-D4 (hex) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +BCF4D4 (base 16) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + B22 Building,NO.51 Tongle Road, Shajing Town, Jiangnan District, Nanning, Guangxi Province, China + Nanning Guangxi 530007 + CN + +C4-C0-63 (hex) New H3C Technologies Co., Ltd +C4C063 (base 16) New H3C Technologies Co., Ltd + 466 Changhe Road, Binjiang District + Hangzhou Zhejiang 310052 + CN + +EC-55-1C (hex) HUAWEI TECHNOLOGIES CO.,LTD +EC551C (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +E0-79-8D (hex) Silicon Laboratories +E0798D (base 16) Silicon Laboratories + 400 West Cesar Chavez Street + Austin TX 78701 + US + +B4-83-51 (hex) Intel Corporate +B48351 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +34-AD-61 (hex) CELESTICA INC. +34AD61 (base 16) CELESTICA INC. + 1900-5140 Yonge Street PO Box 42 + Toronto Ontario M2N 6L7 + CA + +54-43-B2 (hex) Espressif Inc. +5443B2 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +C0-DD-8A (hex) Facebook Technologies, LLC +C0DD8A (base 16) Facebook Technologies, LLC + 1601 Willow Rd + Menlo Park CA 94025 + US + +AC-D3-1D (hex) Cisco Meraki +ACD31D (base 16) Cisco Meraki + 500 Terry A. Francois Blvd + San Francisco 94158 + US + +10-96-1A (hex) CHIPSEA TECHNOLOGIES (SHENZHEN) CORP. +10961A (base 16) CHIPSEA TECHNOLOGIES (SHENZHEN) CORP. + 9F,BLOCK A,GARDEN CITY DIGITAL BUILDING,NO.1079 NANHAI ROAD,NANSHAN DISTRICT + SHEN ZHEN GUANG DONG 518000 + CN + +BC-E9-E2 (hex) Brocade Communications Systems LLC +BCE9E2 (base 16) Brocade Communications Systems LLC + 1320 Ridder Park Dr + San Jose CA 95131 + US + +00-18-48 (hex) Vecima Networks Inc. +001848 (base 16) Vecima Networks Inc. + 150 Cardinal Place + Saskatoon SK S7L 6H7 + CA + +2C-55-3C (hex) Vecima Networks Inc. +2C553C (base 16) Vecima Networks Inc. + 150 Cardinal Place + Saskatoon SK S7L 6H7 + CA + +AC-BF-71 (hex) Bose Corporation +ACBF71 (base 16) Bose Corporation + The Mountain + Framingham MA 01701-9168 + US + +18-A5-9C (hex) IEEE Registration Authority +18A59C (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +74-84-69 (hex) Nintendo Co.,Ltd +748469 (base 16) Nintendo Co.,Ltd + 11-1 HOKOTATE-CHO KAMITOBA,MINAMI-KU + KYOTO KYOTO 601-8501 + JP + +74-71-8B (hex) Apple, Inc. +74718B (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +70-31-7F (hex) Apple, Inc. +70317F (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +A4-CF-99 (hex) Apple, Inc. +A4CF99 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +4C-2E-B4 (hex) Apple, Inc. +4C2EB4 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +B4-19-74 (hex) Apple, Inc. +B41974 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +04-E8-92 (hex) SHENNAN CIRCUITS CO.,LTD +04E892 (base 16) SHENNAN CIRCUITS CO.,LTD + Gao Qiao Industrial Park East,Long Gang District, + Shenzhen Guangdong 518117 + CN + +60-95-BD (hex) Apple, Inc. +6095BD (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +00-1A-35 (hex) BARTEC GmbH +001A35 (base 16) BARTEC GmbH + Max-Eyth-Straße 16 + Bad Mergentheim Bavaria 97980 + DE + +8C-CB-DF (hex) FOXCONN INTERCONNECT TECHNOLOGY +8CCBDF (base 16) FOXCONN INTERCONNECT TECHNOLOGY + 66-1 Zhongshan Road, Tucheng District + New Taipei City Taiwan 23680 + TW + +98-F1-12 (hex) Hangzhou Hikvision Digital Technology Co.,Ltd. +98F112 (base 16) Hangzhou Hikvision Digital Technology Co.,Ltd. + No.555 Qianmo Road + Hangzhou Zhejiang 310052 + CN + +84-69-93 (hex) HP Inc. +846993 (base 16) HP Inc. + 10300 Energy Dr + Spring TX 77389 + US + +74-6F-88 (hex) zte corporation +746F88 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +98-C8-1C (hex) BAYTEC LIMITED +98C81C (base 16) BAYTEC LIMITED + 107C, 31/f, The gateway, Tower 5, Harbour City, 15 canton road, Tsim Sha Tsui, Hong Kong + Harbour 999077 HK -7C-6C-F0 (hex) Shenzhen TINNO Mobile Technology Corp. -7C6CF0 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 +D0-98-9C (hex) ConMet +D0989C (base 16) ConMet + 5701 SE Columbia Way + Vancouver WA 98661 + US + +1C-A4-10 (hex) Amlogic, Inc. +1CA410 (base 16) Amlogic, Inc. + 2518 Mission College Blvd, Suite 120 + Santa Clara CA 95054 + US + +24-26-D6 (hex) HUAWEI TECHNOLOGIES CO.,LTD +2426D6 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 CN -00-A0-A2 (hex) B810 S.R.L. -00A0A2 (base 16) B810 S.R.L. - Via E. Lazzaretti 2/1 - Reggio Emilia (RE) 42122 - IT +70-A6-BD (hex) Honor Device Co., Ltd. +70A6BD (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +EC-81-9C (hex) HUAWEI TECHNOLOGIES CO.,LTD +EC819C (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +20-0B-16 (hex) Texas Instruments +200B16 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +88-01-F9 (hex) Texas Instruments +8801F9 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +F8-55-48 (hex) Texas Instruments +F85548 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +68-E7-4A (hex) Texas Instruments +68E74A (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +4C-9E-6C (hex) BROADEX TECHNOLOGIES CO.LTD +4C9E6C (base 16) BROADEX TECHNOLOGIES CO.LTD + NO.306 YATAI ROAD + JIAXING ZHEJIANG 314006 + CN + +AC-A3-2F (hex) Solidigm Technology +ACA32F (base 16) Solidigm Technology + 1921 Corporate Center Circle, Suite 3B + Longmont 80501 + US + +AC-71-2E (hex) Fortinet, Inc. +AC712E (base 16) Fortinet, Inc. + 899 Kifer Road + Sunnyvale 94086 + US + +E4-B6-33 (hex) Wuxi Stars Microsystem Technology Co., Ltd +E4B633 (base 16) Wuxi Stars Microsystem Technology Co., Ltd + Room 2101, Tower C, Swan Tower, Wuxi Software Park, 111 Linghu Avenue, Xinwu District + Wuxi 214135 + CN + +08-51-04 (hex) Huawei Device Co., Ltd. +085104 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +78-5B-64 (hex) Huawei Device Co., Ltd. +785B64 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +98-D9-3D (hex) Demant Enterprise A/S +98D93D (base 16) Demant Enterprise A/S + Kongebakken 9 + Smorum 2765 + DK + +B4-A6-78 (hex) Zhejiang Tmall Technology Co., Ltd. +B4A678 (base 16) Zhejiang Tmall Technology Co., Ltd. + No.969 Wenyi West Road, Wuchang Street, Yuhang District + Hangzhou Zhejiang 310024 + CN + +AC-C4-BD (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +ACC4BD (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +54-E1-5B (hex) Huawei Device Co., Ltd. +54E15B (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +54-2F-04 (hex) Shanghai Longcheer Technology Co., Ltd. +542F04 (base 16) Shanghai Longcheer Technology Co., Ltd. + Bldg 1,No.401,Caobao RD,Xuhui Dist + Shanghai 200233 + CN + +C4-A1-0E (hex) IEEE Registration Authority +C4A10E (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +0C-EC-84 (hex) Shenzhen TINNO Mobile Technology Corp. +0CEC84 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +B4-39-39 (hex) Shenzhen TINNO Mobile Technology Corp. +B43939 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +8C-98-06 (hex) SHENZHEN SEI ROBOTICS CO.,LTD +8C9806 (base 16) SHENZHEN SEI ROBOTICS CO.,LTD + the 4th floor,Productivity Building D,#5 Hi-Tech Middle 2nd Road,Shenzhen Hi-Tech Industrial Park, Nanshan District,Shenzhen,China + Shenzhen 518000 + CN + +20-08-89 (hex) zte corporation +200889 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +70-70-FC (hex) GOLD&WATER INDUSTRIAL LIMITED +7070FC (base 16) GOLD&WATER INDUSTRIAL LIMITED + NO.77 Leighton Road, 17/F Leighton Centre Causeway Bay ,HongKong + HongKong 999077 + HK + +88-F2-BD (hex) GD Midea Air-Conditioning Equipment Co.,Ltd. +88F2BD (base 16) GD Midea Air-Conditioning Equipment Co.,Ltd. + Midea Global Innovation Center,Beijiao Town,Shunde + Foshan Guangdong 528311 + CN + +A0-F8-95 (hex) Shenzhen TINNO Mobile Technology Corp. +A0F895 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +6C-08-31 (hex) ANALOG SYSTEMS +6C0831 (base 16) ANALOG SYSTEMS + UNIT 12, 38 DLF INDUSTRIAL AREA KIRTI NAGAR NEW DELHI + NEW DELHI DELHI 110015 + IN + +70-AC-08 (hex) Silicon Laboratories +70AC08 (base 16) Silicon Laboratories + 400 West Cesar Chavez Street + Austin TX 78701 + US + +2C-07-F6 (hex) SKG Health Technologies Co., Ltd. +2C07F6 (base 16) SKG Health Technologies Co., Ltd. + 23A Floor,Building 3,Zhongke R&D Park,No.009,Gaoxin South 1st Road, High-tech Zone Community,Yuehai street, Nanshan District,Shenzhen City,Guangdong Province,P.R.China + Shenzhen 518000 + CN + +00-24-E4 (hex) Withings +0024E4 (base 16) Withings + 2 rue Maurice Hartmann + Issy-les-Moulineaux 92130 + FR + +A4-7E-FA (hex) Withings +A47EFA (base 16) Withings + 2 rue Maurice Hartmann + Issy-les-Moulineaux 92130 + FR + +3C-26-E4 (hex) Cisco Systems, Inc +3C26E4 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +38-91-B7 (hex) Cisco Systems, Inc +3891B7 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +34-5D-A8 (hex) Cisco Systems, Inc +345DA8 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +78-91-DE (hex) Guangdong ACIGA Science&Technology Co.,Ltd +7891DE (base 16) Guangdong ACIGA Science&Technology Co.,Ltd + L203 Biguiyuan International Club, Beijiao Town, Shunde District + Fo Shan Guangdong 528312 + CN + +E0-80-6B (hex) Xiaomi Communications Co Ltd +E0806B (base 16) Xiaomi Communications Co Ltd + #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road + Beijing Haidian District 100085 + CN + +70-50-E7 (hex) IEEE Registration Authority +7050E7 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +00-13-B4 (hex) Appear AS +0013B4 (base 16) Appear AS + P.O. Box 8 Lilleaker + Oslo NO-0216 + NO + +38-12-7B (hex) Crenet Labs Co., Ltd. +38127B (base 16) Crenet Labs Co., Ltd. + Rm. 1, 10F., No. 181, Sec. 1, Datong Rd. + New Taipei City Xizhi Dist. 221451 + TW + +B0-E4-5C (hex) Samsung Electronics Co.,Ltd +B0E45C (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +BC-4C-A0 (hex) HUAWEI TECHNOLOGIES CO.,LTD +BC4CA0 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +74-34-2B (hex) HUAWEI TECHNOLOGIES CO.,LTD +74342B (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +C4-12-EC (hex) HUAWEI TECHNOLOGIES CO.,LTD +C412EC (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +6C-C2-42 (hex) Shenzhen Skyworth Digital Technology CO., Ltd +6CC242 (base 16) Shenzhen Skyworth Digital Technology CO., Ltd + 4F,Block A, Skyworth?Building, + Shenzhen Guangdong 518057 + CN + +68-7F-F0 (hex) TP-Link Corporation Limited +687FF0 (base 16) TP-Link Corporation Limited + Room 901,9/F.New East Ocean Centre, 9 Science Museum Road + Tsim Sha Tsui Kowloon 999077 + HK + +DC-36-0C (hex) Hitron Technologies. Inc +DC360C (base 16) Hitron Technologies. Inc + No. 1-8, Lising 1st Rd. Hsinchu Science Park, Hsinchu, 300, Taiwan, R.O.C + Hsin-chu Taiwan 300 + TW + +38-FD-F5 (hex) Renesas Electronics (Penang) Sdn. Bhd. +38FDF5 (base 16) Renesas Electronics (Penang) Sdn. Bhd. + Phase 3, Bayan Lepas FIZ + Bayan Lepas Penang 11900 + MY + +4C-62-7B (hex) SmartCow AI Technologies Taiwan Ltd. +4C627B (base 16) SmartCow AI Technologies Taiwan Ltd. + 16F., No. 102, Songlong Rd., Xinyi Dist., + Taipei City 110059 + TW + +BC-7B-72 (hex) Huawei Device Co., Ltd. +BC7B72 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +F8-2B-7F (hex) Huawei Device Co., Ltd. +F82B7F (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +D8-68-A0 (hex) Samsung Electronics Co.,Ltd +D868A0 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +04-29-2E (hex) Samsung Electronics Co.,Ltd +04292E (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +40-C3-BC (hex) Huawei Device Co., Ltd. +40C3BC (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +28-53-E0 (hex) Sintela Ltd +2853E0 (base 16) Sintela Ltd + The Distillery, The Old Brewery, 9-11 Lodway, + Pill Bristol BS20 0DH + GB + +60-CF-69 (hex) meerecompany +60CF69 (base 16) meerecompany + 69-12, Jeongmunsongsan-ro, Yanggam-myeon, Hwaseong-si, Gyeonggi-do, Republic of Korea + Hwaseong-si 18630 + KR + +34-FE-1C (hex) CHOUNG HWA TECH CO.,LTD +34FE1C (base 16) CHOUNG HWA TECH CO.,LTD + #31 Jangja-ro, Namdong-gu + Incheon-si 21532 + KR + +F4-93-9F (hex) Hon Hai Precision Industry Co., Ltd. +F4939F (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +A4-AE-12 (hex) Hon Hai Precision Industry Co., Ltd. +A4AE12 (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +38-F0-C8 (hex) Logitech +38F0C8 (base 16) Logitech + 7700 Gateway Blvd + Newark CA 94560 + US + +BC-5D-A3 (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +BC5DA3 (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +80-75-1F (hex) SKY UK LIMITED +80751F (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +C0-A3-6E (hex) SKY UK LIMITED +C0A36E (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +00-A3-88 (hex) SKY UK LIMITED +00A388 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +AC-4E-65 (hex) Fiberhome Telecommunication Technologies Co.,LTD +AC4E65 (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +80-72-15 (hex) SKY UK LIMITED +807215 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +B0-3E-51 (hex) SKY UK LIMITED +B03E51 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +1C-EF-03 (hex) Guangzhou V-SOLUTION Electronic Technology Co., Ltd. +1CEF03 (base 16) Guangzhou V-SOLUTION Electronic Technology Co., Ltd. + Room 601,Originality Building B2, NO.162 Science Avenue,Science Town + Guangzhou Guangdong 510663 + CN + +58-B0-3E (hex) Nintendo Co.,Ltd +58B03E (base 16) Nintendo Co.,Ltd + 11-1 HOKOTATE-CHO KAMITOBA,MINAMI-KU + KYOTO KYOTO 601-8501 + JP + +54-45-38 (hex) Texas Instruments +544538 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +74-13-EA (hex) Intel Corporate +7413EA (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +18-7A-3E (hex) Silicon Laboratories +187A3E (base 16) Silicon Laboratories + 400 West Cesar Chavez Street + Austin TX 78701 + US + +30-05-05 (hex) Intel Corporate +300505 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +B0-DC-EF (hex) Intel Corporate +B0DCEF (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +2C-A7-74 (hex) Texas Instruments +2CA774 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +DC-F3-1C (hex) Texas Instruments +DCF31C (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +28-BC-05 (hex) BLU Products Inc +28BC05 (base 16) BLU Products Inc + 10814 NW 33rd Street + Miami FL 33172 + US + +18-4E-03 (hex) HMD Global Oy +184E03 (base 16) HMD Global Oy + Bertel Jungin aukio 9 + Espoo 02600 + FI + +40-22-D8 (hex) Espressif Inc. +4022D8 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +E0-08-71 (hex) Dongguan Liesheng Electronic Co., Ltd. +E00871 (base 16) Dongguan Liesheng Electronic Co., Ltd. + F5, Building B, North Block, Gaosheng Tech Park, No. 84 Zhongli Road, Nancheng District, Dongguan Ci + dongguan guangdong 523000 + CN + +90-65-60 (hex) EM Microelectronic +906560 (base 16) EM Microelectronic + Rue des Sors 3 + Marin-Epagnier Neuchatel 2074 + CH + +A0-FB-83 (hex) Honor Device Co., Ltd. +A0FB83 (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +DC-0B-09 (hex) Cisco Systems, Inc +DC0B09 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +08-F3-FB (hex) Cisco Systems, Inc +08F3FB (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +88-0A-A3 (hex) Juniper Networks +880AA3 (base 16) Juniper Networks + 1133 Innovation Way + Sunnyvale CA 94089 + US + +04-D9-C8 (hex) Hon Hai Precision Industry Co., Ltd. +04D9C8 (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +78-C2-13 (hex) Sagemcom Broadband SAS +78C213 (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +A0-36-BC (hex) ASUSTek COMPUTER INC. +A036BC (base 16) ASUSTek COMPUTER INC. + 15,Li-Te Rd., Peitou, Taipei 112, Taiwan + Taipei Taiwan 112 + TW + +10-73-EB (hex) Infiniti Electro-Optics +1073EB (base 16) Infiniti Electro-Optics + 15 - 9th Ave S + Cranbrook British Columbia V1C 2L9 + CA + +9C-95-6E (hex) Microchip Technology Inc. +9C956E (base 16) Microchip Technology Inc. + 2355 W. Chandler Blvd. + Chandler AZ 85224 + US + +84-0B-BB (hex) MitraStar Technology Corp. +840BBB (base 16) MitraStar Technology Corp. + No. 6, Innovation Road II, + Hsinchu 300 + TW 84-80-94 (hex) Meter, Inc. 848094 (base 16) Meter, Inc. @@ -78815,12 +80504,6 @@ E084F3 (base 16) High Grade Controls Corporation Sudbury Ontario P3Y1K6 CA -38-A6-CE (hex) BSkyB Ltd -38A6CE (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 70-70-8B (hex) Cisco Systems, Inc 70708B (base 16) Cisco Systems, Inc 80 West Tasman Drive @@ -78839,12 +80522,6 @@ D843ED (base 16) Suzuken Nagoya Aich 4610015 JP -BC-41-01 (hex) Shenzhen TINNO Mobile Technology Corp. -BC4101 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 04-3A-0D (hex) SM Optics S.r.l. 043A0D (base 16) SM Optics S.r.l. via Michelangelo Buonarroti, 1 @@ -79847,12 +81524,6 @@ DCA904 (base 16) Apple, Inc. Hong Kong Hong Kong 999077 HK -A0-4C-5B (hex) Shenzhen TINNO Mobile Technology Corp. -A04C5B (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 48-88-03 (hex) ManTechnology Inc. 488803 (base 16) ManTechnology Inc. 12th Fl, 308-4 Seongsoodong 2ga, Seongdonggu @@ -80357,12 +82028,6 @@ C8AA55 (base 16) Hunan Comtom Electronic Incorporated Co.,Ltd Sunnyvale CA 94089 US -24-A7-DC (hex) BSkyB Ltd -24A7DC (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 64-DB-A0 (hex) Select Comfort 64DBA0 (base 16) Select Comfort 9800 59th Ave N @@ -80579,12 +82244,6 @@ E80945 (base 16) Integrated Device Technology (Malaysia) Sdn. Bhd. Bayan Lepas Penang 11900 MY -B0-A2-E7 (hex) Shenzhen TINNO Mobile Technology Corp. -B0A2E7 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 7C-25-87 (hex) chaowifi.com 7C2587 (base 16) chaowifi.com No. 502 1th Building TaiHe Square @@ -84989,18 +86648,6 @@ D0154A (base 16) zte corporation YOKOHAMA 226 12345 JP -78-3E-53 (hex) BSkyB Ltd -783E53 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - -00-19-FB (hex) BSkyB Ltd -0019FB (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 14-B9-68 (hex) HUAWEI TECHNOLOGIES CO.,LTD 14B968 (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -86237,12 +87884,6 @@ E83A12 (base 16) Samsung Electronics Co.,Ltd Chicago IL 60654 US -30-E0-90 (hex) Linctronix Ltd, -30E090 (base 16) Linctronix Ltd, - ​9F-1, No.66, Chongqing Rd., - Banqiao Dist., China 22063 - TW - A4-DC-BE (hex) HUAWEI TECHNOLOGIES CO.,LTD A4DCBE (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -91655,12 +93296,6 @@ E08A7E (base 16) Exponent Menlo Park CA 94025 US -A8-B0-AE (hex) LEONI -A8B0AE (base 16) LEONI - 3945 Freedom Circle - Santa Clara California 95054 - US - E4-27-71 (hex) Smartlabs E42771 (base 16) Smartlabs 72, Oktyabrskaya Street @@ -91739,12 +93374,6 @@ B4A4E3 (base 16) Cisco Systems, Inc Tainan 70955 TW -AC-83-F0 (hex) ImmediaTV Corporation -AC83F0 (base 16) ImmediaTV Corporation - 2005 De La Cruz Blvd - Santa Clara California 95050 - US - CC-6B-98 (hex) Minetec Wireless Technologies CC6B98 (base 16) Minetec Wireless Technologies 10 Kembla Way @@ -97226,12 +98855,6 @@ D8D67E (base 16) GSK CNC EQUIPMENT CO.,LTD Portland OR 97223 US -00-13-95 (hex) congatec AG -001395 (base 16) congatec AG - Auwiesenstrasse 5 - Deggendorf 94469 - DE - 00-13-56 (hex) FLIR Radiation Inc 001356 (base 16) FLIR Radiation Inc 100 Midland Rd @@ -98519,12 +100142,6 @@ D8D67E (base 16) GSK CNC EQUIPMENT CO.,LTD Allendale NJ 07401 US -00-0D-A9 (hex) T.E.A.M. S.L. -000DA9 (base 16) T.E.A.M. S.L. - Parque Tecnologico Edificio 108 - ZAMUDIO Bizkaia 48170 - ES - 00-0D-AB (hex) Parker Hannifin GmbH Electromechanical Division Europe 000DAB (base 16) Parker Hannifin GmbH Electromechanical Division Europe Robert-Bosch-Straße 22 @@ -107270,12 +108887,6 @@ B848AA (base 16) EM Microelectronic Marin-Epagnier Neuchatel 2074 CH -D8-34-EE (hex) Stem Audio -D834EE (base 16) Stem Audio - 2552 White Road, Suite A - Irvine CA 92614 - US - F8-57-2E (hex) Core Brands, LLC F8572E (base 16) Core Brands, LLC 5919 Sea Otter Place @@ -107798,12 +109409,6 @@ CCDB93 (base 16) Cisco Systems, Inc San Jose CA 94568 US -18-D6-1C (hex) Shenzhen TINNO Mobile Technology Corp. -18D61C (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 54-48-E6 (hex) Beijing Xiaomi Mobile Software Co., Ltd 5448E6 (base 16) Beijing Xiaomi Mobile Software Co., Ltd Xiaomi Campus, No. 33 Xi erqi Middle Road, Haidian District @@ -108536,12 +110141,6 @@ ACFAA5 (base 16) digitron Chongqing China 401120 CN -BC-69-CB (hex) Panasonic Life Solutions Networks Co., Ltd. -BC69CB (base 16) Panasonic Life Solutions Networks Co., Ltd. - 2-12-7, Higashi-Shinbashi - Minato-Ku Tokyo 105-0021 - JP - 08-93-56 (hex) HUAWEI TECHNOLOGIES CO.,LTD 089356 (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -109565,12 +111164,6 @@ F845C4 (base 16) Shenzhen Netforward Micro-Electronic Co., Ltd. Beijing 100053 CN -9C-4F-5F (hex) TAP Sound System -9C4F5F (base 16) TAP Sound System - 15 rue Castel - Fontenay-sous-Bois 94120 - FR - 00-08-0C (hex) VDA Group S.p.a. 00080C (base 16) VDA Group S.p.a. Viale Lino Zanussi 3 @@ -110198,9 +111791,6 @@ CC3ADF (base 16) Neptune Technology Group Inc. Tallassee AL 36078 US -68-EC-8A (hex) Private -68EC8A (base 16) Private - 3C-62-F0 (hex) Sercomm Corporation. 3C62F0 (base 16) Sercomm Corporation. 3F,No.81,Yu-Yih Rd.,Chu-Nan Chen @@ -112079,6 +113669,30 @@ B4B742 (base 16) Amazon Technologies Inc. Reno NV 89507 US +60-BE-B4 (hex) S-Bluetech co., limited +60BEB4 (base 16) S-Bluetech co., limited + Room 202, Block A, Donghai Wang Mansion, 369 Bulonglu + Shenzhen Guangdong 518000 + CN + +90-DF-7D (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +90DF7D (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +50-C1-F0 (hex) NXP Semiconductor (Tianjin) LTD. +50C1F0 (base 16) NXP Semiconductor (Tianjin) LTD. + No.15 Xinghua Avenue, Xiqing Economic Development Area + Tianjin 300385 + CN + +F4-84-8D (hex) TP-LINK TECHNOLOGIES CO.,LTD. +F4848D (base 16) TP-LINK TECHNOLOGIES CO.,LTD. + Building 24(floors 1,3,4,5)and 28(floors 1-4)Central Science and Technology Park,Shennan Road,Nanshan + Shenzhen Guangdong 518057 + CN + A8-54-A2 (hex) Heimgard Technologies AS A854A2 (base 16) Heimgard Technologies AS Dronning Mauds gate 15 @@ -112097,6 +113711,912 @@ BC1D89 (base 16) Motorola Mobility LLC, a Lenovo Company Chicago IL 60654 US +B8-7E-E5 (hex) Intelbras +B87EE5 (base 16) Intelbras + BR 101, km 210, S/N° + São José Santa Catarina 88104800 + BR + +58-11-22 (hex) ASUSTek COMPUTER INC. +581122 (base 16) ASUSTek COMPUTER INC. + 15,Li-Te Rd., Peitou, Taipei 112, Taiwan + Taipei Taiwan 112 + TW + +74-69-4A (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +74694A (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +78-15-2D (hex) UNION CHIP TECHNOLOGY LIMITED +78152D (base 16) UNION CHIP TECHNOLOGY LIMITED + 5th Floor, Building A1, Hangcheng Jinchi Industrial Park, 8TH North Road, Hangcheng Street, Bao 'an District, Shenzhen + shenzhen 518000 + CN + +94-AB-FE (hex) Nokia +94ABFE (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +98-A9-2D (hex) New H3C Technologies Co., Ltd +98A92D (base 16) New H3C Technologies Co., Ltd + 466 Changhe Road, Binjiang District + Hangzhou Zhejiang 310052 + CN + +00-A5-54 (hex) Intel Corporate +00A554 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +0C-86-29 (hex) IEEE Registration Authority +0C8629 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +50-DC-D0 (hex) Observint Technologies, Inc. +50DCD0 (base 16) Observint Technologies, Inc. + 11000 N Mopac Expressway Suite 300 + Austin TX 78759 + US + +D4-F0-EA (hex) Beijing Xiaomi Mobile Software Co., Ltd +D4F0EA (base 16) Beijing Xiaomi Mobile Software Co., Ltd + The Rainbow City Office Building, 68 Qinghe Middle Street Haidian District + Beijing Beijing 100085 + CN + +58-76-AC (hex) SERNET (SUZHOU) TECHNOLOGIES CORPORATION +5876AC (base 16) SERNET (SUZHOU) TECHNOLOGIES CORPORATION + NO.8 Tangzhuang Road,Suzhou Industrial Park,Su ZhouCity,JiangSu Province,China + Suzhou 215021 + CN + +E0-03-6B (hex) Samsung Electronics Co.,Ltd +E0036B (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +80-69-1A (hex) Belkin International Inc. +80691A (base 16) Belkin International Inc. + 12045 East Waterfront Drive + Playa Vista 90094 + US + +64-31-72 (hex) ZHEJIANG HISING TECHNOLOGY CO.,LTD +643172 (base 16) ZHEJIANG HISING TECHNOLOGY CO.,LTD + Room 201 and 202,Building 5,328 Pingjiang Road,Yuecheng District,Shaoxing + Shaoxing Zhejiang 312000 + CN + +D0-FC-D0 (hex) HUMAX Co., Ltd. +D0FCD0 (base 16) HUMAX Co., Ltd. + HUMAX Village, 216, Hwangsaeul-ro, Bu + Seongnam-si Gyeonggi-do 463-875 + KR + +20-FA-DB (hex) Huahao Kunpeng Technology (chengDu) Co.,Ltd. +20FADB (base 16) Huahao Kunpeng Technology (chengDu) Co.,Ltd. + No.99, Hangtian Road, Section 2, East Third Ring Road,Chenghua District, Chengdu + Chengdu 610051 + CN + +0C-8B-95 (hex) Espressif Inc. +0C8B95 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +68-5E-1C (hex) Texas Instruments +685E1C (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +38-AB-41 (hex) Texas Instruments +38AB41 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +CC-47-92 (hex) ASIX Electronics Corporation +CC4792 (base 16) ASIX Electronics Corporation + 4F, No. 8, Hsin Ann Road, Hsinchu Science Park + Hsinchu 30078 + TW + +E0-46-EE (hex) NETGEAR +E046EE (base 16) NETGEAR + 350 East Plumeria Drive + San Jose CA 95134 + US + +9C-4F-5F (hex) Google, Inc. +9C4F5F (base 16) Google, Inc. + 15 rue Castel + Fontenay-sous-Bois 94120 + FR + +A0-29-42 (hex) Intel Corporate +A02942 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +10-71-B3 (hex) Zyxel Communications Corporation +1071B3 (base 16) Zyxel Communications Corporation + No. 6 Innovation Road II, Science Park + Hsichu Taiwan 300 + TW + +04-63-D0 (hex) Huawei Device Co., Ltd. +0463D0 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +F0-D4-15 (hex) Intel Corporate +F0D415 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +18-69-D4 (hex) Samsung Electronics Co.,Ltd +1869D4 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +9C-95-61 (hex) Hui Zhou Gaoshengda Technology Co.,LTD +9C9561 (base 16) Hui Zhou Gaoshengda Technology Co.,LTD + No.75,Zhongkai High-Tech Development District,Huizhou + Hui Zhou Guangdong 516006 + CN + +DC-BE-49 (hex) ITEL MOBILE LIMITED +DCBE49 (base 16) ITEL MOBILE LIMITED + RM B3 & B4 BLOCK B, KO FAI INDUSTRIAL BUILDING NO.7 KO FAI ROAD, YAU TONG, KLN, H.K + Hong Kong KOWLOON 999077 + HK + +14-44-8F (hex) Edgecore Networks Corporation +14448F (base 16) Edgecore Networks Corporation + 1 Creation RD 3. + Hsinchu 30077 + TW + +34-25-BE (hex) Amazon Technologies Inc. +3425BE (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +D4-A3-EB (hex) Shenzhen iComm Semiconductor CO.,LTD +D4A3EB (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +9C-BF-CD (hex) HUAWEI TECHNOLOGIES CO.,LTD +9CBFCD (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +B8-9F-CC (hex) HUAWEI TECHNOLOGIES CO.,LTD +B89FCC (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +9C-E0-41 (hex) Nokia +9CE041 (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +78-34-86 (hex) Nokia +783486 (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +D4-D8-53 (hex) Intel Corporate +D4D853 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +8C-76-3F (hex) ARRIS Group, Inc. +8C763F (base 16) ARRIS Group, Inc. + 6450 Sequence Drive + San Diego CA 92121 + US + +28-12-93 (hex) Honor Device Co., Ltd. +281293 (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +C0-A9-38 (hex) HUAWEI TECHNOLOGIES CO.,LTD +C0A938 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +C0-ED-E5 (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +C0EDE5 (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +10-A5-62 (hex) Iton Technology Corp. +10A562 (base 16) Iton Technology Corp. + Room 1302, Block A, Building 4, Tianan Cyber Park, Huangge Road,Longgang District + Shenzhen Guangdong 518116 + CN + +5C-24-E2 (hex) Suzhou Denbom Electronic S&T Co., Ltd +5C24E2 (base 16) Suzhou Denbom Electronic S&T Co., Ltd + 3F,Building 2, No.415,Changyang Street + Suzhou Jiangsu 215000 + CN + +64-98-9E (hex) TRINNOV AUDIO +64989E (base 16) TRINNOV AUDIO + 5 rue Edmond Michelet + NEUILLY PLAISANCE Ile-de-France 93360 + FR + +BC-C7-46 (hex) Hon Hai Precision IND.CO.,LTD +BCC746 (base 16) Hon Hai Precision IND.CO.,LTD + No. 66 Chung Shan Road TU-Cheng Industrial district TAIPEI TAIWAN + TAIPEI TAIWAN 33859 + CN + +30-E8-E4 (hex) Qorvo International Pte. Ltd. +30E8E4 (base 16) Qorvo International Pte. Ltd. + 1 Changi Business Park Avenue 1 + #04-01 486058 + SG + +00-0D-A9 (hex) INGETEAM +000DA9 (base 16) INGETEAM + Parque Tecnologico de Bizkaia, Edificio 110 + Zamudio Bizkaia 48170 + ES + +30-E0-90 (hex) Genevisio Ltd. +30E090 (base 16) Genevisio Ltd. + 13F, No.33, Sec. 1, Minsheng Rd. + New Taipei City Banqiao Dist. 220871 + TW + +64-FD-96 (hex) Sagemcom Broadband SAS +64FD96 (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +FC-B9-7E (hex) GE Appliances +FCB97E (base 16) GE Appliances + 4000 Buechel Bank Road + Louisville KY 40225 + US + +88-03-4C (hex) WEIFANG GOERTEK ELECTRONICS CO.,LTD +88034C (base 16) WEIFANG GOERTEK ELECTRONICS CO.,LTD + Gaoxin 2 Road, Free Trade Zone,Weifang,Shandong,261205,P.R.China + Weifang Shandong 261205 + CN + +48-DC-9D (hex) Grandprint(Beijing) Technology Co., LTD. +48DC9D (base 16) Grandprint(Beijing) Technology Co., LTD. + Room 259, 2 / F, Building 5, 8 Dongbeiwang West Road, Haidian District, + Beijing 100089 + CN + +C8-EB-EC (hex) Shenzhen YOUHUA Technology Co., Ltd +C8EBEC (base 16) Shenzhen YOUHUA Technology Co., Ltd + Room 407 Shenzhen University-town Business Park,Lishan Road,Taoyuan Street,Nanshan District + Shenzhen Guangdong 518055 + CN + +04-7C-16 (hex) Micro-Star INTL CO., LTD. +047C16 (base 16) Micro-Star INTL CO., LTD. + No.69, Lide St., + New Taipei City Taiwan 235 + TW + +E0-D7-38 (hex) WireStar Networks +E0D738 (base 16) WireStar Networks + PO Box 10966 + College Station TX 77842 + US + +40-42-44 (hex) Cisco Systems, Inc +404244 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +04-B6-BE (hex) CIG SHANGHAI CO LTD +04B6BE (base 16) CIG SHANGHAI CO LTD + 5th Floor, Building 8 No 2388 Chenhang Road + SHANGHAI 201114 + CN + +7C-EC-B1 (hex) Apple, Inc. +7CECB1 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +5C-E9-1E (hex) Apple, Inc. +5CE91E (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +A8-B0-AE (hex) BizLink Special Cables Germany GmbH +A8B0AE (base 16) BizLink Special Cables Germany GmbH + Eschstrasse 1 + Friesoythe 26169 + DE + +94-C5-A6 (hex) ITEL MOBILE LIMITED +94C5A6 (base 16) ITEL MOBILE LIMITED + RM B3 & B4 BLOCK B, KO FAI INDUSTRIAL BUILDING NO.7 KO FAI ROAD, YAU TONG, KLN, H.K + Hong Kong KOWLOON 999077 + HK + +48-57-D2 (hex) Broadcom Limited +4857D2 (base 16) Broadcom Limited + 15191 Alton Parkway + Irvine CA 92618 + US + +9C-21-83 (hex) Broadcom Limited +9C2183 (base 16) Broadcom Limited + 15191 Alton Parkway + Irvine CA 92618 + US + +24-1F-BD (hex) Extreme Networks, Inc. +241FBD (base 16) Extreme Networks, Inc. + 6480 Via Del Oro + San Jose CA 95119 + US + +D8-34-EE (hex) SHURE INCORPORATED +D834EE (base 16) SHURE INCORPORATED + 5800 W. TOUHY AVE. + NILES IL 60714 + US + +F0-B6-61 (hex) eero inc. +F0B661 (base 16) eero inc. + 660 3rd Street + San Francisco CA 94107 + US + +04-25-F0 (hex) Nokia +0425F0 (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +1C-BC-EC (hex) silex technology, Inc. +1CBCEC (base 16) silex technology, Inc. + 2-3-1 Hikaridai, Seika-cho, Souraku-gun + Kyoto 619-0237 + JP + +E0-6A-05 (hex) Shenzhen YOUHUA Technology Co., Ltd +E06A05 (base 16) Shenzhen YOUHUA Technology Co., Ltd + Room 407 Shenzhen University-town Business Park,Lishan Road,Taoyuan Street,Nanshan District + Shenzhen Guangdong 518055 + CN + +90-CD-1F (hex) Quectel Wireless Solutions Co.,Ltd. +90CD1F (base 16) Quectel Wireless Solutions Co.,Ltd. + 7th Floor, Hongye Building, No.1801 Hongmei Road, Xuhui District + Shanghai 200233 + CN + +90-23-5B (hex) Amazon Technologies Inc. +90235B (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +14-13-0B (hex) Garmin International +14130B (base 16) Garmin International + 1200 E. 151st St + Olathe KS 66062 + US + +48-9B-E0 (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +489BE0 (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +5C-FA-25 (hex) Sagemcom Broadband SAS +5CFA25 (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +40-3B-7B (hex) Huawei Device Co., Ltd. +403B7B (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +08-30-CE (hex) Fiberhome Telecommunication Technologies Co.,LTD +0830CE (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +B0-A2-E7 (hex) Shenzhen TINNO Mobile Technology Corp. +B0A2E7 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +A0-4C-5B (hex) Shenzhen TINNO Mobile Technology Corp. +A04C5B (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +BC-41-01 (hex) Shenzhen TINNO Mobile Technology Corp. +BC4101 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +74-97-79 (hex) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +749779 (base 16) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + B22 Building,NO.51 Tongle Road, Shajing Town, Jiangnan District, Nanning, Guangxi Province, China + Nanning Guangxi 530007 + CN + +F8-CD-C8 (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +F8CDC8 (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +B0-28-5B (hex) JUHUA Technology Inc. +B0285B (base 16) JUHUA Technology Inc. + No.8,Yanbao Block,Hutian Road,Pingdi Street,Longgang District + Shenzhen City Guangdong Province 518117 + CN + +18-D6-1C (hex) Shenzhen TINNO Mobile Technology Corp. +18D61C (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +34-CF-6C (hex) Hangzhou Taili wireless communication equipment Co.,Ltd +34CF6C (base 16) Hangzhou Taili wireless communication equipment Co.,Ltd + Room 1901, No.258, Zhonghe Middle Road, Shangcheng District, Hangzhou + Hangzhou Zhejiang 310003 + CN + +E0-F6-78 (hex) Fiberhome Telecommunication Technologies Co.,LTD +E0F678 (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +28-F7-D6 (hex) Fiberhome Telecommunication Technologies Co.,LTD +28F7D6 (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +C8-24-96 (hex) Jiangsu Yinhe Electronics Co.,Ltd. +C82496 (base 16) Jiangsu Yinhe Electronics Co.,Ltd. + No.188 Nanhuan Road, TangQiao Town + Zhangjiagang Jiangsu 215611 + CN + +24-18-C0 (hex) E. Wehrle GmbH +2418C0 (base 16) E. Wehrle GmbH + Obertalstraße 8 + 78120 Furtwangen Baden-Württemberg 78120 + DE + +14-5B-B9 (hex) ConMet +145BB9 (base 16) ConMet + 5701 SE Columbia Way + Vancouver WA 98661 + US + +AC-83-F0 (hex) Cobalt Digital Inc. +AC83F0 (base 16) Cobalt Digital Inc. + 2506 Galen Drive + Champaign IL 61821 + US + +AC-15-A2 (hex) TP-Link Corporation Limited +AC15A2 (base 16) TP-Link Corporation Limited + Room 901,9/F.New East Ocean Centre, 9 Science Museum Road + Tsim Sha Tsui Kowloon 999077 + HK + +B8-59-C8 (hex) 70mai Co.,Ltd. +B859C8 (base 16) 70mai Co.,Ltd. + Room 2220, building 2, No. 588, Zixing road + Shanghai MinHang District 201100 + CN + +A8-E2-07 (hex) GOIP Global Services Pvt. Ltd. +A8E207 (base 16) GOIP Global Services Pvt. Ltd. + H68, Sector 63, Noida 201301 + Noida Uttar Pradesh 201301 + IN + +40-22-30 (hex) Shenzhen SuperElectron Technology Co.,Ltd. +402230 (base 16) Shenzhen SuperElectron Technology Co.,Ltd. + 1213-1214, haosheng business center, dongbin road, nanshan street, nanshan district, shenzhen city + Shenzhen Guangdong 518000 + CN + +B8-B4-09 (hex) Samsung Electronics Co.,Ltd +B8B409 (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +AC-DF-9F (hex) Arcadyan Corporation +ACDF9F (base 16) Arcadyan Corporation + No.8, Sec.2, Guangfu Rd. + Hsinchu City Hsinchu 30071 + TW + +D4-E2-2F (hex) Roku, Inc +D4E22F (base 16) Roku, Inc + 1155 Coleman Ave + San Jose CA 95110 + US + +00-13-95 (hex) congatec GmbH +001395 (base 16) congatec GmbH + Auwiesenstrasse 5 + Deggendorf 94469 + DE + +28-77-B1 (hex) Tri plus grupa d.o.o. +2877B1 (base 16) Tri plus grupa d.o.o. + Banjavciceva 11 + Zagreb Zagreb 10000 + HR + +C4-3C-B0 (hex) SHENZHEN BILIAN ELECTRONIC CO.,LTD +C43CB0 (base 16) SHENZHEN BILIAN ELECTRONIC CO.,LTD + NO.268? Fuqian Rd, Jutang community, Guanlan Town, Longhua New district + shenzhen guangdong 518000 + CN + +3C-0B-4F (hex) Yandex Services AG +3C0B4F (base 16) Yandex Services AG + Werftestrasse 4, + Luzern 6005 + CH + +4C-31-2D (hex) Sichuan AI-Link Technology Co., Ltd. +4C312D (base 16) Sichuan AI-Link Technology Co., Ltd. + Anzhou, Industrial Park + Mianyang Sichuan 622650 + CN + +D8-7E-6F (hex) CASCINATION AG +D87E6F (base 16) CASCINATION AG + Steigerhubelstrasse 3 + Bern Bern 3008 + CH + +04-4F-7A (hex) China Mobile Group Device Co.,Ltd. +044F7A (base 16) China Mobile Group Device Co.,Ltd. + 32 Xuanwumen West Street,Xicheng District + Beijing 100053 + CN + +40-5E-F6 (hex) Samsung Electronics Co.,Ltd +405EF6 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +94-52-44 (hex) Samsung Electronics Co.,Ltd +945244 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +9C-2E-7A (hex) Samsung Electronics Co.,Ltd +9C2E7A (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +7C-63-05 (hex) Amazon Technologies Inc. +7C6305 (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +C0-4E-30 (hex) Espressif Inc. +C04E30 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +74-E7-98 (hex) Juniper Networks +74E798 (base 16) Juniper Networks + 1133 Innovation Way + Sunnyvale CA 94089 + US + +E0-16-B1 (hex) Advanced Design Technology co.,ltd. +E016B1 (base 16) Advanced Design Technology co.,ltd. + 1-1-3 Kotobukicho#10F Mitsukikotobukichobiru + Fucyu-city Tokyo 1830056 + JP + +54-31-D4 (hex) TGW Mechanics GmbH +5431D4 (base 16) TGW Mechanics GmbH + Collmannstraße 2 + Wels 4600 + AT + +94-01-AC (hex) Wuhan Qianyang Iotian Technology Co., Ltd +9401AC (base 16) Wuhan Qianyang Iotian Technology Co., Ltd + Unit 1301, Building B4, Wuhan future science and Technology City, Gaoxin Avenue, Wuhan East Lake New-Technology Development Zone + Wuhan Hubei 430206 + CN + +C0-69-11 (hex) Arista Networks +C06911 (base 16) Arista Networks + 5453 Great America Parkway + Santa Clara CA 95054 + US + +E4-B5-55 (hex) Huawei Device Co., Ltd. +E4B555 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +24-A7-DC (hex) SKY UK LIMITED +24A7DC (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +38-A6-CE (hex) SKY UK LIMITED +38A6CE (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +AC-60-6F (hex) Nokia Shanghai Bell Co., Ltd. +AC606F (base 16) Nokia Shanghai Bell Co., Ltd. + No.388 Ning Qiao Road,Jin Qiao Pudong Shanghai + Shanghai 201206 + CN + +00-19-FB (hex) SKY UK LIMITED +0019FB (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +78-3E-53 (hex) SKY UK LIMITED +783E53 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +68-EC-8A (hex) IKEA of Sweden AB +68EC8A (base 16) IKEA of Sweden AB + + + + +48-02-AF (hex) Telit Communication s.p.a +4802AF (base 16) Telit Communication s.p.a + Via stazione di prosecco 5B + SGONICO Trieste 34010 + IT + +FC-C7-37 (hex) Shaanxi Gangsion Electronic Technology Co., Ltd +FCC737 (base 16) Shaanxi Gangsion Electronic Technology Co., Ltd + Room 12302, building 1, Greenland territorial sea, No. 6, Jinye Road, high tech Zone, Xi'an, Shaanxi + xi'an Shaanxi 710076 + CN + +94-28-6F (hex) zte corporation +94286F (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +40-0E-F3 (hex) zte corporation +400EF3 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +1C-46-D1 (hex) SKY UK LIMITED +1C46D1 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +00-3F-10 (hex) Shenzhen GainStrong Technology Co., Ltd. +003F10 (base 16) Shenzhen GainStrong Technology Co., Ltd. + 4/F, Building B, Hengmingzhu Industrial Park, Qian Jin Road 2, Baoan District + Shenzhen Guangdong 518126 + CN + +88-22-B2 (hex) Chipsea Technologies (Shenzhen) Corp. +8822B2 (base 16) Chipsea Technologies (Shenzhen) Corp. + 3 / F, Block A, Building 2, Shenzhen Bay Innovation Technology Center, No.3156 keyuan South Road, Yuehai Street, Nanshan District, Shenzhen + Shenzhen Guangdong 518000 + CN + +68-7A-64 (hex) Intel Corporate +687A64 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +BC-03-58 (hex) Intel Corporate +BC0358 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +88-B8-63 (hex) HISENSE VISUAL TECHNOLOGY CO.,LTD +88B863 (base 16) HISENSE VISUAL TECHNOLOGY CO.,LTD + Qianwangang Road 218 + Qingdao Shandong 266510 + CN + +BC-69-CB (hex) Panasonic Electric Works Networks Co., Ltd. +BC69CB (base 16) Panasonic Electric Works Networks Co., Ltd. + 2-12-7, Higashi-Shinbashi + Minato-Ku Tokyo 105-0021 + JP + +58-C5-7E (hex) Fiberhome Telecommunication Technologies Co.,LTD +58C57E (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +74-3A-F4 (hex) Intel Corporate +743AF4 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +2C-93-FB (hex) Sercomm France Sarl +2C93FB (base 16) Sercomm France Sarl + 2/4 Rue Maurice Hartmann 92370 Issy Les Moulineaux France + Moulineaux 92370 + FR + +B4-46-6B (hex) REALTIMEID AS +B4466B (base 16) REALTIMEID AS + Busk Bruns veg 1 , 7760 Snåsa (Norway) + Snåsa 7760 + NO + +90-6A-EB (hex) Microsoft Corporation +906AEB (base 16) Microsoft Corporation + One Microsoft Way + REDMOND WA 98052 + US + +C4-EB-39 (hex) Sagemcom Broadband SAS +C4EB39 (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +00-52-C8 (hex) Made Studio Design Ltd. +0052C8 (base 16) Made Studio Design Ltd. + 10F., No. 169, Sec. 4, Zhongxiao E. Rd., Da-an Dist. + Taipei City 10690 + TW + +08-9D-F4 (hex) Intel Corporate +089DF4 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +DC-46-28 (hex) Intel Corporate +DC4628 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +0C-91-92 (hex) Intel Corporate +0C9192 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +48-AD-9A (hex) Intel Corporate +48AD9A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +68-65-B7 (hex) Zhishang Chuanglian Technology Co., Ltd +6865B7 (base 16) Zhishang Chuanglian Technology Co., Ltd + 2 / F, building F, hongfengtai Science Park, Jinyuan Road, Henggang street, Longgang District, + Shenzhen 518000 + CN + +F0-C1-CE (hex) GoodWe Technologies CO., Ltd +F0C1CE (base 16) GoodWe Technologies CO., Ltd + No.90 Zijin Rd.,New District,Suzhou,215011,China + Suzhou JiangSu 215011 + CN + +58-2B-0A (hex) Texas Instruments +582B0A (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +38-E7-C0 (hex) Hui Zhou Gaoshengda Technology Co.,LTD +38E7C0 (base 16) Hui Zhou Gaoshengda Technology Co.,LTD + No.2,Jin-da Road,Huinan Industrial Park + Hui Zhou Guangdong 516025 + CN + +D8-E8-44 (hex) zte corporation +D8E844 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +E4-6A-35 (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +E46A35 (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +20-04-F3 (hex) Honor Device Co., Ltd. +2004F3 (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +68-B9-C2 (hex) Earda Technologies co Ltd +68B9C2 (base 16) Earda Technologies co Ltd + Block A,Lianfeng Creative Park, #2 Jisheng Rd., Nansha District + Guangzhou Guangdong 511455 + CN + F8-D0-27 (hex) Seiko Epson Corporation F8D027 (base 16) Seiko Epson Corporation 2070 Kotobuki Koaka @@ -112346,12 +114866,6 @@ D015A6 (base 16) Aruba, a Hewlett Packard Enterprise Company Cambridge CB24 9ZR GB -04-81-9B (hex) BSkyB Ltd -04819B (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - E0-00-84 (hex) HUAWEI TECHNOLOGIES CO.,LTD E00084 (base 16) HUAWEI TECHNOLOGIES CO.,LTD No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park @@ -114197,12 +116711,6 @@ A85AF3 (base 16) Shanghai Siflower Communication Technology Co., Ltd Chongqing Chongqing 401332 CN -3C-89-94 (hex) BSkyB Ltd -3C8994 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - E0-0E-E1 (hex) We Corporation Inc. E00EE1 (base 16) We Corporation Inc. 201, 33, Deokcheon-ro, Manan-gu @@ -114863,12 +117371,6 @@ C08135 (base 16) Ningbo Forfan technology Co., LTD LIBERTYVILLE IL 60048 US -B4-C0-F5 (hex) Shenzhen TINNO Mobile Technology Corp. -B4C0F5 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 40-62-31 (hex) GIFA 406231 (base 16) GIFA 11th Fl., Suojia Business Building , No.7 Hangkong Road , Baoan District @@ -115433,12 +117935,6 @@ CC2DB7 (base 16) Apple, Inc. Cupertino CA 95014 US -A0-BD-CD (hex) BSkyB Ltd -A0BDCD (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - BC-91-B5 (hex) Infinix mobility limited BC91B5 (base 16) Infinix mobility limited RMS 05-15, 13A/F SOUTH TOWER WORLD FINANCE CTR HARBOUR CITY 17 CANTON RD TST KLN HONG KONG @@ -117755,12 +120251,6 @@ F0D5BF (base 16) Intel Corporate shenzhen guangdong 518057 CN -20-47-ED (hex) BSkyB Ltd -2047ED (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 74-8A-69 (hex) Korea Image Technology Co., Ltd 748A69 (base 16) Korea Image Technology Co., Ltd 125, beolmal road, dongan gu, @@ -118919,12 +121409,6 @@ D8E0B8 (base 16) BULAT LLC Hsichu Taiwan 300 TW -C0-C9-76 (hex) Shenzhen TINNO Mobile Technology Corp. -C0C976 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 58-8B-F3 (hex) Zyxel Communications Corporation 588BF3 (base 16) Zyxel Communications Corporation No. 6 Innovation Road II, Science Park @@ -121199,12 +123683,6 @@ A8CA7B (base 16) HUAWEI TECHNOLOGIES CO.,LTD Dongguan 523808 CN -BC-44-34 (hex) Shenzhen TINNO Mobile Technology Corp. -BC4434 (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 04-BF-6D (hex) Zyxel Communications Corporation 04BF6D (base 16) Zyxel Communications Corporation No. 6 Innovation Road II, Science Park @@ -123221,12 +125699,6 @@ E855B4 (base 16) SAI Technology Inc. Vikmanshyttan Dalarna SE-776 70 SE -C0-EE-40 (hex) Laird Technologies -C0EE40 (base 16) Laird Technologies - 50 South Main St - Akron Ohio 44308 - US - F4-B8-A7 (hex) zte corporation F4B8A7 (base 16) zte corporation 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China @@ -124712,12 +127184,6 @@ C098E5 (base 16) University of Michigan Seoul 152-789 KR -44-3C-9C (hex) Pintsch Tiefenbach GmbH -443C9C (base 16) Pintsch Tiefenbach GmbH - Beisenbruchstrasse 10 - Sprockhoevel 45549 - DE - 28-FC-51 (hex) The Electric Controller and Manufacturing Co., LLC 28FC51 (base 16) The Electric Controller and Manufacturing Co., LLC PO Box 468 @@ -127880,12 +130346,6 @@ E03E7D (base 16) data-complex GmbH Seoul Geumcheon-gu 153-802 KR -04-26-05 (hex) GFR Gesellschaft für Regelungstechnik und Energieeinsparung mbH -042605 (base 16) GFR Gesellschaft für Regelungstechnik und Energieeinsparung mbH - Kapellenweg 42 - Verl 33415 - DE - 24-F0-FF (hex) GHT Co., Ltd. 24F0FF (base 16) GHT Co., Ltd. #16 Nanyunyi Lu, Guangzhou Science City @@ -135533,12 +137993,6 @@ A07332 (base 16) Cashmaster International Limited Hubbard OR 97032 US -00-0E-DD (hex) SHURE INCORPORATED -000EDD (base 16) SHURE INCORPORATED - 5800 W. TOUHY AVE. - NILES IL 60714 - US - 00-0E-C2 (hex) Lowrance Electronics, Inc. 000EC2 (base 16) Lowrance Electronics, Inc. 12000 E. Skelly Drive @@ -138539,12 +140993,6 @@ A06A00 (base 16) Verilink Corporation Elmsford NY 10523 US -00-04-35 (hex) InfiNet LLC -000435 (base 16) InfiNet LLC - Serafimy Deryabinoy str. 24 - Yekaterinburg 620149 - RU - 00-04-37 (hex) Powin Information Technology, Inc. 000437 (base 16) Powin Information Technology, Inc. 8F, No. 70, Zhou-Z St. @@ -140483,12 +142931,6 @@ A06A00 (base 16) Verilink Corporation Yokohama City 226 JP -00-10-43 (hex) A2 CORPORATION -001043 (base 16) A2 CORPORATION - 6-14-11 YUTAKA-CHO - TOKYO - JP - 00-10-A5 (hex) OXFORD INSTRUMENTS 0010A5 (base 16) OXFORD INSTRUMENTS Halifax Road @@ -144959,12 +147401,6 @@ A0D83D (base 16) Fiberhome Telecommunication Technologies Co.,LTD San Jose CA 94568 US -50-70-43 (hex) BSkyB Ltd -507043 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - D0-14-11 (hex) IEEE Registration Authority D01411 (base 16) IEEE Registration Authority 445 Hoes Lane @@ -145481,18 +147917,6 @@ C440F6 (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD DONG GUAN GUANG DONG 523860 CN -A4-7D-9F (hex) Shenzhen iComm Semiconductor CO.,LTD -A47D9F (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Gargen City,No.1079,Nanhai Road,Nanshan District,Shenzhen. - Shenzhen 518067 - CN - -84-EA-97 (hex) Shenzhen iComm Semiconductor CO.,LTD -84EA97 (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 501A,Block B,Digital Building,Garden City,No.1079 Nanhai Road,Nanshan District - Shenzhen 518067 - CN - 00-55-B1 (hex) Shanghai Baud Data Communication Co.,Ltd. 0055B1 (base 16) Shanghai Baud Data Communication Co.,Ltd. NO.123 JULI RD @@ -145613,12 +148037,6 @@ C094AD (base 16) zte corporation shenzhen guangdong 518057 CN -D0-21-AC (hex) Yo Labs LLC -D021AC (base 16) Yo Labs LLC - 3460 Hillview Ave. - Palo Alto CA 94304 - US - 34-2B-70 (hex) Arris 342B70 (base 16) Arris 2500 Walsh Ave. @@ -146039,12 +148457,6 @@ A8F766 (base 16) ITE Tech Inc Hsinchu Taiwan 30076 TW -14-B2-E5 (hex) Shenzhen iComm Semiconductor CO.,LTD -14B2E5 (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Gargen City,No.1079,Nanhai Road,Nanshan District,Shenzhen. - Shenzhen 518067 - CN - 00-21-3E (hex) TomTom International BV 00213E (base 16) TomTom International BV Oosterdoksstraat 114 @@ -146609,12 +149021,6 @@ E00CE5 (base 16) HUAWEI TECHNOLOGIES CO.,LTD Kulim Kedah 09000 MY -F4-6B-8C (hex) Hon Hai Precision Ind. Co., Ltd. -F46B8C (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - FC-34-97 (hex) ASUSTek COMPUTER INC. FC3497 (base 16) ASUSTek COMPUTER INC. 15,Li-Te Rd., Peitou, Taipei 112, Taiwan @@ -147884,12 +150290,6 @@ FC5C45 (base 16) Ruckus Wireless Sunnyvale CA 94089 US -E0-CB-56 (hex) Shenzhen iComm Semiconductor CO.,LTD -E0CB56 (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Gargen City,No.1079,Nanhai Road,Nanshan District,Shenzhen. - Shenzhen 518067 - CN - 4C-02-20 (hex) Xiaomi Communications Co Ltd 4C0220 (base 16) Xiaomi Communications Co Ltd #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road @@ -147962,12 +150362,6 @@ F4CE48 (base 16) Extreme Networks, Inc. Kowloon Bay Hong Kong 0000 HK -04-B8-6A (hex) BSkyB Ltd -04B86A (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 1C-88-0C (hex) Shenzhen Skyworth Digital Technology CO., Ltd 1C880C (base 16) Shenzhen Skyworth Digital Technology CO., Ltd 4F,Block A, Skyworth?Building, @@ -148139,12 +150533,6 @@ E0B72E (base 16) ShenZhen Qualmesh Technology Co.,Ltd. Shenzhen Guangdong 518055 CN -80-C3-BA (hex) Sennheiser electronic GmbH & Co. KG -80C3BA (base 16) Sennheiser electronic GmbH & Co. KG - Am Labor 1 - Wedemark Niedersachsen 30900 - DE - 04-42-1A (hex) ASUSTek COMPUTER INC. 04421A (base 16) ASUSTek COMPUTER INC. 15,Li-Te Rd., Peitou, Taipei 112, Taiwan @@ -148742,12 +151130,6 @@ D0A0D6 (base 16) ChengDu TD Tech Mianyang Sichuan 621000 CN -3C-45-7A (hex) BSkyB Ltd -3C457A (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 90-27-59 (hex) Nanjing Jiahao Technology Co., Ltd. 902759 (base 16) Nanjing Jiahao Technology Co., Ltd. Moling Industrial Park, Development Zone, Jiangning, Nanjing @@ -149144,12 +151526,6 @@ ECA907 (base 16) Apple, Inc. Vejle 7120 DK -4C-72-74 (hex) shenzhenshi xinzhongxin Technology Co.Ltd -4C7274 (base 16) shenzhenshi xinzhongxin Technology Co.Ltd - Block 3, Dong Huan Industrial Park, Sha Jing Town, Bao’an District, Shenzhen City, Guangdong Province, China - ShenZHEN GuangDong 518104 - CN - F4-B8-98 (hex) Texas Instruments F4B898 (base 16) Texas Instruments 12500 TI Blvd @@ -149240,12 +151616,6 @@ F0A951 (base 16) HUAWEI TECHNOLOGIES CO.,LTD Dongguan 523808 CN -00-90-3F (hex) WorldCast Systems -00903F (base 16) WorldCast Systems - 20 Avenue Neil Armstrong - Mérignac 33700 - FR - 64-D6-9A (hex) Intel Corporate 64D69A (base 16) Intel Corporate Lot 8, Jalan Hi-Tech 2/3 @@ -149522,6 +151892,30 @@ D83DCC (base 16) shenzhen UDD Technologies,co.,Ltd Round Rock TX 78682 US +B4-E2-65 (hex) Shenzhen SDMC Technology Co.,LTD +B4E265 (base 16) Shenzhen SDMC Technology Co.,LTD + 19/F, Changhong Science & Technology Mansion, No.18, Keji South 12th Road, High-tech Industrial Park, Nanshan District + Shenzhen GUANGDONG 518027 + CN + +EC-7C-5C (hex) Juniper Networks +EC7C5C (base 16) Juniper Networks + 1133 Innovation Way + Sunnyvale CA 94089 + US + +00-EB-D8 (hex) MERCUSYS TECHNOLOGIES CO., LTD. +00EBD8 (base 16) MERCUSYS TECHNOLOGIES CO., LTD. + 3F,Zone B,Building R1,High-Tech Industrial Village,No.023 High-Tech South 4 Road,Nanshan,Shenzhen + Shenzhen Guangdong 518057 + CN + +CC-60-C8 (hex) Microsoft Corporation +CC60C8 (base 16) Microsoft Corporation + One Microsoft Way + REDMOND WA 98052 + US + 6C-8D-77 (hex) Cisco Systems, Inc 6C8D77 (base 16) Cisco Systems, Inc 80 West Tasman Drive @@ -149534,11 +151928,11 @@ D83DCC (base 16) shenzhen UDD Technologies,co.,Ltd San Jose CA 94568 US -B4-E2-65 (hex) Shenzhen SDMC Technology Co.,LTD -B4E265 (base 16) Shenzhen SDMC Technology Co.,LTD - 19/F, Changhong Science & Technology Mansion, No.18, Keji South 12th Road, High-tech Industrial Park, Nanshan District - Shenzhen GUANGDONG 518027 - CN +B4-17-A8 (hex) Facebook Technologies, LLC +B417A8 (base 16) Facebook Technologies, LLC + 1 Hacker Way + Menlo Park CA 94025 + US 10-54-D2 (hex) IEEE Registration Authority 1054D2 (base 16) IEEE Registration Authority @@ -149546,18 +151940,1014 @@ B4E265 (base 16) Shenzhen SDMC Technology Co.,LTD Piscataway NJ 08554 US -EC-7C-5C (hex) Juniper Networks -EC7C5C (base 16) Juniper Networks - 1133 Innovation Way +00-10-43 (hex) A2 CORPORATION +001043 (base 16) A2 CORPORATION + 1-7-1 Togoshi + Tokyo Shinagawa-ku 1420041 + JP + +C4-DF-39 (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +C4DF39 (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +10-63-4B (hex) SHENZHEN MERCURY COMMUNICATION TECHNOLOGIES CO.,LTD. +10634B (base 16) SHENZHEN MERCURY COMMUNICATION TECHNOLOGIES CO.,LTD. + 3/F, Building R1-B, High-Tech Industrial Park, Nanshan District + Shenzhen Guangdong 518057 + CN + +80-97-33 (hex) Shenzhen Elebao Technology Co., Ltd +809733 (base 16) Shenzhen Elebao Technology Co., Ltd + F/6, Tower A, Zhihuichuangxin Center Bldg,Qianjin Road, XixiangTown, Bao’an District + shenzhen GUANGDONG 518126 + CN + +F4-6D-2F (hex) TP-LINK TECHNOLOGIES CO.,LTD. +F46D2F (base 16) TP-LINK TECHNOLOGIES CO.,LTD. + Building 24(floors 1,3,4,5)and 28(floors 1-4)Central Science and Technology Park,Shennan Road,Nanshan + Shenzhen Guangdong 518057 + CN + +00-A2-65 (hex) M2Motive Technology Inc. +00A265 (base 16) M2Motive Technology Inc. + Room 402,No. 125 North Jiangsu Road, Changning District + Shanghai Shanghai 200042 + CN + +D8-36-5F (hex) Intelbras +D8365F (base 16) Intelbras + BR 101, km 210, S/N° + São José Santa Catarina 88104800 + BR + +74-04-F1 (hex) Intel Corporate +7404F1 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +00-04-35 (hex) InfiNet LLC +000435 (base 16) InfiNet LLC + Office 425, 69/75 Vavilova str. + Moscow\ 117335 + RU + +E8-4D-EC (hex) Xerox Corporation +E84DEC (base 16) Xerox Corporation + 800 Phillips Rd + Webster NY 14450 + US + +C8-B8-2F (hex) eero inc. +C8B82F (base 16) eero inc. + 660 3rd Street + San Francisco CA 94107 + US + +54-78-C9 (hex) AMPAK Technology,Inc. +5478C9 (base 16) AMPAK Technology,Inc. + 3F, No.15-1 Zhonghua Road, Hsinchu Industrail Park, Hukou, + Hsinchu Hsinchu,Taiwan R.O.C. 30352 + TW + +FC-10-1A (hex) Palo Alto Networks +FC101A (base 16) Palo Alto Networks + 3000 Tannery Way + Santa Clara CA 95054 + US + +6C-AE-E3 (hex) Nokia +6CAEE3 (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +0C-AC-8A (hex) Sagemcom Broadband SAS +0CAC8A (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +B8-5D-C3 (hex) HUAWEI TECHNOLOGIES CO.,LTD +B85DC3 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +B4-3A-E2 (hex) HUAWEI TECHNOLOGIES CO.,LTD +B43AE2 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +D0-A4-6F (hex) China Dragon Technology Limited +D0A46F (base 16) China Dragon Technology Limited + B4 Bldg.Haoshan 1st Industry Park, + Shenzhen Guangdong 518104 + CN + +F0-C8-B5 (hex) HUAWEI TECHNOLOGIES CO.,LTD +F0C8B5 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +2C-60-CD (hex) NR ELECTRIC CO., LTD +2C60CD (base 16) NR ELECTRIC CO., LTD + 69,Suyuan Avenue + Nanjing Jiangsu 211102 + CN + +8C-1E-80 (hex) Cisco Systems, Inc +8C1E80 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +A4-1E-E1 (hex) Taicang T&W Electronics +A41EE1 (base 16) Taicang T&W Electronics + 89# Jiang Nan RD + Suzhou Jiangsu 215412 + CN + +E8-FB-1C (hex) AzureWave Technology Inc. +E8FB1C (base 16) AzureWave Technology Inc. + 8F., No. 94, Baozhong Rd. + New Taipei City Taiwan 231 + TW + +B4-A7-C6 (hex) SERVERCOM (INDIA) PRIVATE LIMITED +B4A7C6 (base 16) SERVERCOM (INDIA) PRIVATE LIMITED + E-43/1 OKHLA INDUSTRIAL AREA PHASE-II NEW DELHI SOUTH DELHI + NEW DELHI NA + IN + +1C-76-F2 (hex) Samsung Electronics Co.,Ltd +1C76F2 (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +80-C3-BA (hex) Sennheiser Consumer Audio GmbH +80C3BA (base 16) Sennheiser Consumer Audio GmbH + Am Labor 1 + Wedemark Niedersachsen 30900 + DE + +40-35-E6 (hex) Samsung Electronics Co.,Ltd +4035E6 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +28-6B-35 (hex) Intel Corporate +286B35 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +30-43-D7 (hex) IEEE Registration Authority +3043D7 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +C0-EE-40 (hex) Laird Connectivity +C0EE40 (base 16) Laird Connectivity + 50 South Main St + Akron Ohio 44308 + US + +A4-7D-9F (hex) Shenzhen iComm Semiconductor CO.,LTD +A47D9F (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +84-EA-97 (hex) Shenzhen iComm Semiconductor CO.,LTD +84EA97 (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +14-B2-E5 (hex) Shenzhen iComm Semiconductor CO.,LTD +14B2E5 (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +E0-CB-56 (hex) Shenzhen iComm Semiconductor CO.,LTD +E0CB56 (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +30-04-5C (hex) Shenzhen SuperElectron Technology Co.,Ltd. +30045C (base 16) Shenzhen SuperElectron Technology Co.,Ltd. + 1213-1214, haosheng business center, dongbin road, nanshan street, nanshan district, shenzhen city + Shenzhen Guangdong 518000 + CN + +90-79-CF (hex) zte corporation +9079CF (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +88-8F-A4 (hex) Huawei Device Co., Ltd. +888FA4 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +3C-82-C0 (hex) Technicolor CH USA Inc. +3C82C0 (base 16) Technicolor CH USA Inc. + 5030 Sugarloaf Parkway Bldg 6 + Lawrenceville GA 30044 + US + +C4-DE-E2 (hex) Espressif Inc. +C4DEE2 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +68-B6-B3 (hex) Espressif Inc. +68B6B3 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +FC-A0-5A (hex) Oray.com co., LTD. +FCA05A (base 16) Oray.com co., LTD. + 8008Rm, building No.1 GuoDing d. Yangpu District + Shanghai Shanghai 200433 + CN + +90-48-6C (hex) Ring LLC +90486C (base 16) Ring LLC + 1523 26th St + Santa Monica CA 90404 + US + +3C-46-45 (hex) Shanghai Infinity Wireless Technologies Co.,Ltd. +3C4645 (base 16) Shanghai Infinity Wireless Technologies Co.,Ltd. + Room 522, Building A, No.1687 Changyang Road, Yangpu District, Shanghai + Shanghai Shanghai 200082 + CN + +A4-F9-33 (hex) Intel Corporate +A4F933 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +10-F6-0A (hex) Intel Corporate +10F60A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +70-D8-23 (hex) Intel Corporate +70D823 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +50-68-AC (hex) Huawei Device Co., Ltd. +5068AC (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +50-39-2F (hex) INGRAM MICRO SERVICES +50392F (base 16) INGRAM MICRO SERVICES + 100 CHEMIN DE BAILLOT + MONTAUBAN 82000 + FR + +FC-84-17 (hex) Honor Device Co., Ltd. +FC8417 (base 16) Honor Device Co., Ltd. + Suite 3401, Unit A, Building 6, Shum Yip Sky Park, No. 8089, Hongli West Road, Xiangmihu Street, Futian District + Shenzhen Guangdong 518040 + CN + +2C-A7-9E (hex) HUAWEI TECHNOLOGIES CO.,LTD +2CA79E (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +0C-7F-B2 (hex) ARRIS Group, Inc. +0C7FB2 (base 16) ARRIS Group, Inc. + 6450 Sequence Drive + San Diego CA 92121 + US + +AC-B5-66 (hex) Renesas Electronics (Penang) Sdn. Bhd. +ACB566 (base 16) Renesas Electronics (Penang) Sdn. Bhd. + Phase 3, Bayan Lepas FIZ + Bayan Lepas Penang 11900 + MY + +10-24-07 (hex) HUAWEI TECHNOLOGIES CO.,LTD +102407 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +74-D9-EB (hex) Petabit Scale, Inc. +74D9EB (base 16) Petabit Scale, Inc. + 5814 Lonetree Blvd, Ste 200 + Rocklin CA 95765 + US + +D0-21-AC (hex) Yohana +D021AC (base 16) Yohana + 3460 Hillview Ave. + Palo Alto CA 94304 + US + +38-1F-26 (hex) IEEE Registration Authority +381F26 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +7C-E1-52 (hex) THE GOODYEAR TIRE & RUBBER COMPANY +7CE152 (base 16) THE GOODYEAR TIRE & RUBBER COMPANY + 200 Innovation Way + Akron OH 44316 + US + +28-CD-C1 (hex) Raspberry Pi Trading Ltd +28CDC1 (base 16) Raspberry Pi Trading Ltd + Maurice Wilkes Building, Cowley Road + Cambridge CB4 0DS + GB + +00-90-3F (hex) WorldCast Systems +00903F (base 16) WorldCast Systems + 20 Avenue Neil Armstrong + Mérignac 33700 + FR + +50-E6-36 (hex) AVM Audiovisuelles Marketing und Computersysteme GmbH +50E636 (base 16) AVM Audiovisuelles Marketing und Computersysteme GmbH + Alt-Moabit 95 + Berlin Berlin 10559 + DE + +78-20-BD (hex) Polysense (Beijing) Technologies Co. Ltd +7820BD (base 16) Polysense (Beijing) Technologies Co. Ltd + 9  Shangdi 3rd Street, D508B3/5(4)F Bldg D, Haidian Dist. + Beijing 100085 + CN + +EC-21-25 (hex) Toshiba Corp. +EC2125 (base 16) Toshiba Corp. + 1-1 Shibaura 1-Chome, Minato-Ku + Tokyo 105-8001 + JP + +68-4E-05 (hex) HUNAN FN-LINK TECHNOLOGY LIMITED +684E05 (base 16) HUNAN FN-LINK TECHNOLOGY LIMITED + No.8, Litong Road, Liuyan Economic & Tec + Changsha HUNAN 410329 + CN + +04-99-BB (hex) Apple, Inc. +0499BB (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +F0-4D-D4 (hex) Sagemcom Broadband SAS +F04DD4 (base 16) Sagemcom Broadband SAS + 250, route de l'Empereur + Rueil Malmaison Cedex hauts de seine 92848 + FR + +00-E5-F1 (hex) BUFFALO.INC +00E5F1 (base 16) BUFFALO.INC + AKAMONDORI Bld.,30-20,Ohsu 3-chome,Naka-ku + Nagoya Aichi Pref. 460-8315 + JP + +A8-51-AB (hex) Apple, Inc. +A851AB (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +5C-1B-F4 (hex) Apple, Inc. +5C1BF4 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +34-EE-2A (hex) ConMet +34EE2A (base 16) ConMet + 5701 SE Columbia Way + Vancouver WA 98661 + US + +78-66-9D (hex) Hui Zhou Gaoshengda Technology Co.,LTD +78669D (base 16) Hui Zhou Gaoshengda Technology Co.,LTD + No.2, Jin-da Road, Huinan High-tech Industrial Park, Hui-ao Avenue + Huizhou Guangdong 516025 + CN + +48-46-8D (hex) Zepcam B.V. +48468D (base 16) Zepcam B.V. + Delftechpark, 17-19 + Delft 2628 XJ + NL + +90-49-92 (hex) YSTen Technology Co.,Ltd +904992 (base 16) YSTen Technology Co.,Ltd + Room 1715,17/F North Star Times Tower,Chaoyang District,Beijing. + Beijing 100101 + CN + +AC-29-29 (hex) Infinix mobility limited +AC2929 (base 16) Infinix mobility limited + RMS 05-15, 13A/F SOUTH TOWER WORLD FINANCE CTR HARBOUR CITY 17 CANTON RD TST KLN HONG KONG + HongKong HongKong 999077 + HK + +3C-CE-0D (hex) Shenzhen juduoping Technology Co.,Ltd +3CCE0D (base 16) Shenzhen juduoping Technology Co.,Ltd + Baoan Xin'an Streat + Shenzhen 002052 + CN + +00-0E-DD (hex) SHURE INCORPORATED +000EDD (base 16) SHURE INCORPORATED + 5800 W. TOUHY AVE. + NILES IL 60714 + US + +18-FD-74 (hex) Routerboard.com +18FD74 (base 16) Routerboard.com + Mikrotikls SIA + Riga Riga LV1009 + LV + +40-D9-5A (hex) AMPAK Technology,Inc. +40D95A (base 16) AMPAK Technology,Inc. + 3F, No.15-1 Zhonghua Road, Hsinchu Industrail Park, Hukou, + Hsinchu Hsinchu,Taiwan R.O.C. 30352 + TW + +4C-D0-DD (hex) HUAWEI TECHNOLOGIES CO.,LTD +4CD0DD (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +E4-90-2A (hex) HUAWEI TECHNOLOGIES CO.,LTD +E4902A (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +90-5E-44 (hex) HUAWEI TECHNOLOGIES CO.,LTD +905E44 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +E8-3A-4B (hex) China Mobile Group Device Co.,Ltd. +E83A4B (base 16) China Mobile Group Device Co.,Ltd. + 32 Xuanwumen West Street,Xicheng District + Beijing 100053 + CN + +60-E9-AA (hex) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +60E9AA (base 16) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + B22 Building,NO.51 Tongle Road, Shajing Town, Jiangnan District, Nanning, Guangxi Province, China + Nanning Guangxi 530007 + CN + +24-0F-5E (hex) Shenzhen z-router Technology Co., Ltd +240F5E (base 16) Shenzhen z-router Technology Co., Ltd + 406,Block A,Taojindi Building ,Tenglong Road,Longhua New District, + Shenzhen GuangDong 518000 + CN + +6C-97-6D (hex) Motorola Mobility LLC, a Lenovo Company +6C976D (base 16) Motorola Mobility LLC, a Lenovo Company + 222 West Merchandise Mart Plaza + Chicago IL 60654 + US + +64-11-A4 (hex) Motorola Mobility LLC, a Lenovo Company +6411A4 (base 16) Motorola Mobility LLC, a Lenovo Company + 222 West Merchandise Mart Plaza + Chicago IL 60654 + US + +10-F0-68 (hex) Ruckus Wireless +10F068 (base 16) Ruckus Wireless + 350 West Java Drive Sunnyvale CA 94089 US -00-EB-D8 (hex) MERCUSYS TECHNOLOGIES CO., LTD. -00EBD8 (base 16) MERCUSYS TECHNOLOGIES CO., LTD. - 3F,Zone B,Building R1,High-Tech Industrial Village,No.023 High-Tech South 4 Road,Nanshan,Shenzhen +F0-87-7F (hex) Magnetar Technology Shenzhen Co., LTD. +F0877F (base 16) Magnetar Technology Shenzhen Co., LTD. + Room211, Building1, No.26 Puzai Road, Pingdi Longgang + Shenzhen GUANGDONG 518117 + CN + +74-D4-DD (hex) Quanta Computer Inc. +74D4DD (base 16) Quanta Computer Inc. + No. 211, Wenhua 2nd Rd., Guishan Dist. + Taoyuan City Taiwan 33377 + TW + +C8-D6-B7 (hex) Solidigm Technology +C8D6B7 (base 16) Solidigm Technology + 1921 Corporate Center Circle, Suite 3B + Longmont CO 80501 + US + +60-5B-30 (hex) Dell Inc. +605B30 (base 16) Dell Inc. + One Dell Way + Round Rock TX 78682 + US + +44-3C-9C (hex) Pintsch GmbH +443C9C (base 16) Pintsch GmbH + Huenxer Strasse 149 + Dinslaken 46537 + DE + +D8-80-DC (hex) Huawei Device Co., Ltd. +D880DC (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +E8-B3-EF (hex) Fiberhome Telecommunication Technologies Co.,LTD +E8B3EF (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +B4-9F-4D (hex) Fiberhome Telecommunication Technologies Co.,LTD +B49F4D (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +F4-6C-68 (hex) Wistron Neweb Corporation +F46C68 (base 16) Wistron Neweb Corporation + No.20,Park Avenue II,Hsinchu Science Park + Hsin-Chu R.O.C. 308 + TW + +84-93-B2 (hex) zte corporation +8493B2 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +20-64-DE (hex) Sunitec Enterprise Co.,Ltd +2064DE (base 16) Sunitec Enterprise Co.,Ltd + 3F.,No.98-1,Mincyuan Rd.Sindian City + Taipei County 231 231141 + CN + +74-B7-25 (hex) Huawei Device Co., Ltd. +74B725 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +40-8E-DF (hex) Huawei Device Co., Ltd. +408EDF (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +A4-0F-98 (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +A40F98 (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +BC-44-34 (hex) Shenzhen TINNO Mobile Technology Corp. +BC4434 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +70-66-2A (hex) Sony Interactive Entertainment Inc. +70662A (base 16) Sony Interactive Entertainment Inc. + 1-7-1 Konan + Minato-ku Tokyo 108-0075 + JP + +34-AC-11 (hex) China Mobile Group Device Co.,Ltd. +34AC11 (base 16) China Mobile Group Device Co.,Ltd. + 32 Xuanwumen West Street,Xicheng District + Beijing 100053 + CN + +44-32-C2 (hex) GOAL Co., Ltd. +4432C2 (base 16) GOAL Co., Ltd. + 2-16-6 Mitsuyakita Yodogawa-ku + Osaka-shi Osaka-fu 532-0032 + JP + +18-B1-85 (hex) Qiao Information Technology (Zhengzhou) Co., Ltd. +18B185 (base 16) Qiao Information Technology (Zhengzhou) Co., Ltd. + Room 405-1, Area A, 4th Floor, Wisdom Island Building, No.6, Zhongdao East, Zhengdong New District, + Zhengzhou Henan 450000 + CN + +A0-B7-65 (hex) Espressif Inc. +A0B765 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +CC-DB-A7 (hex) Espressif Inc. +CCDBA7 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +C8-6C-20 (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +C86C20 (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +C0-C9-76 (hex) Shenzhen TINNO Mobile Technology Corp. +C0C976 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +B4-C0-F5 (hex) Shenzhen TINNO Mobile Technology Corp. +B4C0F5 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +E8-F7-91 (hex) Xiaomi Communications Co Ltd +E8F791 (base 16) Xiaomi Communications Co Ltd + #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road + Beijing Haidian District 100085 + CN + +0C-97-5F (hex) Aruba, a Hewlett Packard Enterprise Company +0C975F (base 16) Aruba, a Hewlett Packard Enterprise Company + 3333 Scott Blvd + Santa Clara CA 95054 + US + +DC-71-DD (hex) AX Technologies +DC71DD (base 16) AX Technologies + 1400 Broadway, 18th Floor + New York City NY 10018 + US + +54-A9-C8 (hex) Home Control Singapore Pte Ltd +54A9C8 (base 16) Home Control Singapore Pte Ltd + 151 Lorong Chuan + Singapore 556741 + SG + +30-7F-10 (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +307F10 (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +A4-90-CE (hex) vivo Mobile Communication Co., Ltd. +A490CE (base 16) vivo Mobile Communication Co., Ltd. + No.1, vivo Road, Chang'an + Dongguan Guangdong 523860 + CN + +F8-B8-B4 (hex) Shenzhen Skyworth Digital Technology CO., Ltd +F8B8B4 (base 16) Shenzhen Skyworth Digital Technology CO., Ltd + 4F,Block A, Skyworth?Building, Shenzhen Guangdong 518057 CN +B0-FB-DD (hex) Shenzhen SuperElectron Technology Co.,Ltd. +B0FBDD (base 16) Shenzhen SuperElectron Technology Co.,Ltd. + 1213-1214, haosheng business center, dongbin road, nanshan street, nanshan district, shenzhen city + Shenzhen Guangdong 518000 + CN + +3C-69-D1 (hex) ADC Automotive Distance Control System GmbH +3C69D1 (base 16) ADC Automotive Distance Control System GmbH + Peter-Dornier Strasse 10 + Lindau Bavaria 88131 + DE + +E0-9C-8D (hex) Seakeeper, Inc. +E09C8D (base 16) Seakeeper, Inc. + 45310 Abell House Lane Suite 350 + California MD 20619 + US + +04-BA-D6 (hex) D-Link Corporation +04BAD6 (base 16) D-Link Corporation + No.289, Sinhu 3rd Rd., Neihu District, + Taipei City 114 + TW + +34-3A-20 (hex) Aruba, a Hewlett Packard Enterprise Company +343A20 (base 16) Aruba, a Hewlett Packard Enterprise Company + 3333 Scott Blvd + Santa Clara CA 95054 + US + +30-3F-5D (hex) PT HAN SUNG ELECTORONICS INDONESIA +303F5D (base 16) PT HAN SUNG ELECTORONICS INDONESIA + JL.PALEM 1 BLOK DS-6 + KAWASAN INDUSTRI BATIK LIPPO CIKARANG, DESA CIBATU, KECAMATAN CIKARANG SELATAN BEKASI JAWA BARAT 17550 + ID + +18-E9-1D (hex) HUAWEI TECHNOLOGIES CO.,LTD +18E91D (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +48-70-6F (hex) HUAWEI TECHNOLOGIES CO.,LTD +48706F (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +F4-6A-DD (hex) Liteon Technology Corporation +F46ADD (base 16) Liteon Technology Corporation + 4F, 90, Chien 1 Road + New Taipei City Taiwan 23585 + TW + +C8-2A-F1 (hex) TCT mobile ltd +C82AF1 (base 16) TCT mobile ltd + No.86 hechang 7th road, zhongkai, Hi-Tech District + Hui Zhou Guang Dong 516006 + CN + +3C-E9-0E (hex) Espressif Inc. +3CE90E (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +A8-42-E3 (hex) Espressif Inc. +A842E3 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +7C-0C-92 (hex) Suzhou Mobydata Smart System Co.,Ltd. +7C0C92 (base 16) Suzhou Mobydata Smart System Co.,Ltd. + 3f,building E,Yida science Park,No.11 Jinpu Road,SIP,Suzhou,Jiangsu,China + Suzhou Jingsu 215000 + CN + +04-26-05 (hex) Bosch Building Automation GmbH +042605 (base 16) Bosch Building Automation GmbH + Kapellenweg 42 + Verl 33415 + DE + +3C-FE-AC (hex) Cisco Systems, Inc +3CFEAC (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +04-A7-41 (hex) Cisco Systems, Inc +04A741 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +A0-88-9D (hex) Huawei Device Co., Ltd. +A0889D (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +98-D7-42 (hex) Samsung Electronics Co.,Ltd +98D742 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +D4-9B-74 (hex) Kinetic Technologies +D49B74 (base 16) Kinetic Technologies + 6399 San Ignacio Ave #250 + San Jose CA 95119 + US + +40-F8-DF (hex) CANON INC. +40F8DF (base 16) CANON INC. + 30-2 Shimomaruko 3-chome, + Ohta-ku Tokyo 146-8501 + JP + +20-47-ED (hex) SKY UK LIMITED +2047ED (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +A0-BD-CD (hex) SKY UK LIMITED +A0BDCD (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +3C-89-94 (hex) SKY UK LIMITED +3C8994 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +04-81-9B (hex) SKY UK LIMITED +04819B (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +50-70-43 (hex) SKY UK LIMITED +507043 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +04-B8-6A (hex) SKY UK LIMITED +04B86A (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +3C-45-7A (hex) SKY UK LIMITED +3C457A (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +F4-6B-8C (hex) Hon Hai Precision Industry Co., Ltd. +F46B8C (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +74-37-5F (hex) SERCOMM PHILIPPINES INC +74375F (base 16) SERCOMM PHILIPPINES INC + Lot 1 & 5, Phase 1, Filinvest Technology Park 1, Brgy. Punta, Calamba City + Calamba Lot 1 + PH + +7C-67-AB (hex) Roku, Inc +7C67AB (base 16) Roku, Inc + 1155 Coleman Ave + San Jose CA 95110 + US + +0C-7F-ED (hex) IEEE Registration Authority +0C7FED (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +F4-3B-D8 (hex) Intel Corporate +F43BD8 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +C8-4B-D6 (hex) Dell Inc. +C84BD6 (base 16) Dell Inc. + One Dell Way + Round Rock TX 78682 + US + +E0-86-14 (hex) Novatel Wireless Solutions, Inc. +E08614 (base 16) Novatel Wireless Solutions, Inc. + 9710 Scranton Rd., Suite 200 + San Diego CA 92121 + US + +A8-DE-68 (hex) Beijing Wide Technology Co.,Ltd +A8DE68 (base 16) Beijing Wide Technology Co.,Ltd + Floor7,Block B,Yicheng wealth center,No. 22,Ronghua Middle Road,Beijing Economic and Technological Development Zone + Beijing Beijing 100000 + CN + +6C-30-2A (hex) Texas Instruments +6C302A (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +74-46-B3 (hex) Texas Instruments +7446B3 (base 16) Texas Instruments + 12500 TI Blvd + Dallas TX 75243 + US + +94-4E-5B (hex) Ubee Interactive Co., Limited +944E5B (base 16) Ubee Interactive Co., Limited + Flat/RM 1202, 12/F, AT Tower, 180 Electric Road + North Point 00000 + HK + +B4-BA-9D (hex) SKY UK LIMITED +B4BA9D (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +50-F2-61 (hex) Photon Sail Technologies +50F261 (base 16) Photon Sail Technologies + 8 Robinson Road, ASO Building + Singapore 048544 + SG + +80-DA-C2 (hex) Technicolor CH USA Inc. +80DAC2 (base 16) Technicolor CH USA Inc. + 5030 Sugarloaf Parkway Bldg 6 + Lawrenceville GA 30044 + US + +00-41-0E (hex) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. +00410E (base 16) CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. + B22 Building,NO.51 Tongle Road, Shajing Town, Jiangnan District, Nanning, Guangxi Province, China + Nanning Guangxi 530007 + CN + +FC-61-79 (hex) IEEE Registration Authority +FC6179 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +3C-4E-56 (hex) SHENZHEN CHUANGWEI-RGB ELECTRONICS CO.,LTD +3C4E56 (base 16) SHENZHEN CHUANGWEI-RGB ELECTRONICS CO.,LTD + Unit East Block22-24/F,Skyworth semiconductor design Bldg., Gaoxin Ave.4.S.,Nanshan District,Shenzhen,China + SHENZHEN GUANGDONG 518057 + CN + +08-B6-1F (hex) Espressif Inc. +08B61F (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +98-A2-C0 (hex) Cisco Systems, Inc +98A2C0 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +EC-74-D7 (hex) Grandstream Networks Inc +EC74D7 (base 16) Grandstream Networks Inc + 126 brookline avenue + boston MA 02215 + US + +4C-72-74 (hex) Shenzhenshi Xinzhongxin Technology Co.Ltd +4C7274 (base 16) Shenzhenshi Xinzhongxin Technology Co.Ltd + Block 3, Dong Huan Industrial Park, Sha Jing Town, Bao’an District, Shenzhen City, Guangdong Province, China + ShenZHEN GuangDong 518104 + CN + +30-63-71 (hex) Shenzhenshi Xinzhongxin Technology Co.Ltd +306371 (base 16) Shenzhenshi Xinzhongxin Technology Co.Ltd + Block 3, Dong Huan Industrial Park, Sha Jing Town, Bao’an District, Shenzhen City, Guangdong Province, China + ShenZHEN GuangDong 518104 + CN + +88-12-AC (hex) HUNAN FN-LINK TECHNOLOGY LIMITED +8812AC (base 16) HUNAN FN-LINK TECHNOLOGY LIMITED + No.8, Litong Road, Liuyan Economic & Tec + Changsha HUNAN 410329 + CN + +28-01-1C (hex) zte corporation +28011C (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + 7C-8A-E1 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. 7C8AE1 (base 16) COMPAL INFORMATION (KUNSHAN) CO., LTD. NO. 25, THE 3RD Street KUNSHAN EXPORT PROCESSING ZONE @@ -151094,12 +154484,6 @@ A8F5DD (base 16) ARRIS Group, Inc. San Diego CA 92121 US -44-D3-AD (hex) Shenzhen TINNO Mobile Technology Corp. -44D3AD (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F, H-3 Building, Qiao Cheng Eastern Industrial Park, Overseas Chinese Town, Shenzhen - Shenzhen guangdong 518053 - CN - 9C-82-75 (hex) Yichip Microelectronics (Hangzhou) Co.,Ltd 9C8275 (base 16) Yichip Microelectronics (Hangzhou) Co.,Ltd Room 401, Building 15, No.498 Guoshoujing Road, Pudong Software Park @@ -152903,12 +156287,6 @@ F0766F (base 16) Apple, Inc. Cupertino CA 95014 US -1C-A0-B8 (hex) Hon Hai Precision Ind. Co., Ltd. -1CA0B8 (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - D8-84-66 (hex) Extreme Networks, Inc. D88466 (base 16) Extreme Networks, Inc. 145 Rio Robles @@ -153305,12 +156683,6 @@ ECFABC (base 16) Espressif Inc. San Jose CA 95121 US -28-C1-3C (hex) Hon Hai Precision Ind. Co., Ltd. -28C13C (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - B0-EC-E1 (hex) Private B0ECE1 (base 16) Private @@ -153608,12 +156980,6 @@ F4F5DB (base 16) Xiaomi Communications Co Ltd NO.68, Qinghe Middle Street Haidian District, Beijing 100085 CN -F4-E2-04 (hex) Traqueur -F4E204 (base 16) Traqueur - 1, rue Royale - Saint-Cloud 92210 - FR - CC-22-37 (hex) IEEE Registration Authority CC2237 (base 16) IEEE Registration Authority 445 Hoes Lane @@ -154814,12 +158180,6 @@ EC01EE (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD Morristown NJ 07960 US -70-20-84 (hex) Hon Hai Precision Ind. Co., Ltd. -702084 (base 16) Hon Hai Precision Ind. Co., Ltd. - GuangDongShenZhen - ShenZhen GuangDong 518109 - CN - 9C-66-50 (hex) Glodio Technolies Co.,Ltd Tianjin Branch 9C6650 (base 16) Glodio Technolies Co.,Ltd Tianjin Branch Room 904, No.1-2 LanYuan Road, HuaYuan Industrial Area @@ -159467,12 +162827,6 @@ ACCF85 (base 16) HUAWEI TECHNOLOGIES CO.,LTD Cupertino CA 95014 US -00-73-8D (hex) Shenzhen TINNO Mobile Technology Corp. -00738D (base 16) Shenzhen TINNO Mobile Technology Corp. - 4/F.,H-3 Building,OCT Eastern lndustrial Park. NO.1 XiangShan East Road. - GuangDong 518053 - US - 34-BA-75 (hex) Everest Networks, Inc 34BA75 (base 16) Everest Networks, Inc 2933 Bunker Hill Ln., Suite 100 @@ -160109,12 +163463,6 @@ C40528 (base 16) HUAWEI TECHNOLOGIES CO.,LTD Yasu-gun Shiga 520-2393 JP -90-21-06 (hex) BSkyB Ltd -902106 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - D0-27-88 (hex) Hon Hai Precision Ind. Co.,Ltd. D02788 (base 16) Hon Hai Precision Ind. Co.,Ltd. Building D21,No.1, East Zone 1st Road @@ -171515,12 +174863,6 @@ EC6C9F (base 16) Chengdu Volans Technology CO.,LTD Kennesaw Georgia 30144 US -00-16-A3 (hex) Ingeteam Transmission&Distribution, S.A. -0016A3 (base 16) Ingeteam Transmission&Distribution, S.A. - C/ Usausuaga, 7 - Basauri Bizkaia 48970 - ES - 00-16-A0 (hex) Auto-Maskin 0016A0 (base 16) Auto-Maskin Sophie Radichs Vei 7 @@ -180956,12 +184298,6 @@ A0946A (base 16) Shenzhen XGTEC Technology Co,.Ltd. San Jose CA 94568 US -9C-31-C3 (hex) BSkyB Ltd -9C31C3 (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - 6C-24-A6 (hex) vivo Mobile Communication Co., Ltd. 6C24A6 (base 16) vivo Mobile Communication Co., Ltd. #283,BBK Road @@ -181832,12 +185168,6 @@ C01692 (base 16) China Mobile Group Device Co.,Ltd. Dongguan 523808 CN -D4-52-EE (hex) BSkyB Ltd -D452EE (base 16) BSkyB Ltd - 130 Kings Road - Brentwood Essex 08854 - GB - E0-23-FF (hex) Fortinet, Inc. E023FF (base 16) Fortinet, Inc. 899 Kifer Road @@ -182996,12 +186326,6 @@ ECC302 (base 16) HUMAX Co., Ltd. Seongnam-si Gyeonggi-do 463-875 KR -98-C9-7C (hex) Shenzhen iComm Semiconductor CO.,LTD -98C97C (base 16) Shenzhen iComm Semiconductor CO.,LTD - Room 504A,Block B,Digital Building,Garden City,No.1079 Nanhai Road,Nanshan District,Shenzhen - shenzhen Guangdong 518067 - CN - 00-C3-43 (hex) E-T-A Circuit Breakers Ltd 00C343 (base 16) E-T-A Circuit Breakers Ltd 6 Telford Close @@ -186803,18 +190127,6 @@ BC6193 (base 16) Xiaomi Communications Co Ltd Beijing Haidian District 100085 CN -94-7F-D8 (hex) Shenzhen Skyworth Digital Technology CO., Ltd -947FD8 (base 16) Shenzhen Skyworth Digital Technology CO., Ltd - 4F,Block A, Skyworth?Building, - Shenzhen Guangdong 518057 - CN - -C8-54-A4 (hex) Infinix mobility limited -C854A4 (base 16) Infinix mobility limited - RMS 05-15, 13A/F SOUTH TOWER WORLD FINANCE CTR HARBOUR CITY 17 CANTON RD TST KLN HONG KONG - HongKong HongKong 999077 - HK - EC-71-DB (hex) Reolink Innovation Limited EC71DB (base 16) Reolink Innovation Limited 705,7/F,FA YUEN COMMERCIAL BUILDING,75-77 FA YUEN STREET @@ -186833,6 +190145,12 @@ F8E57E (base 16) Cisco Systems, Inc Seoul Seocho-Gu #137-902 KR +94-7F-D8 (hex) Shenzhen Skyworth Digital Technology CO., Ltd +947FD8 (base 16) Shenzhen Skyworth Digital Technology CO., Ltd + 4F,Block A, Skyworth?Building, + Shenzhen Guangdong 518057 + CN + 38-5B-44 (hex) Silicon Laboratories 385B44 (base 16) Silicon Laboratories 400 West Cesar Chavez Street @@ -186863,8 +190181,854 @@ CCEB18 (base 16) OOO TSS Moscow Moscow 105187 RU +6C-24-08 (hex) LCFC(Hefei) Electronics Technology Co., Ltd +6C2408 (base 16) LCFC(Hefei) Electronics Technology Co., Ltd + No.3188-1,YunGu Road(Comprehensive Bonded Zone),Hefei Economic and Technological Development Area + HEFEI ANHUI 230601 + CN + +EC-60-73 (hex) TP-LINK TECHNOLOGIES CO.,LTD. +EC6073 (base 16) TP-LINK TECHNOLOGIES CO.,LTD. + Building 24(floors 1,3,4,5)and 28(floors 1-4)Central Science and Technology Park,Shennan Road,Nanshan + Shenzhen Guangdong 518057 + CN + +10-4D-15 (hex) Viaanix Inc +104D15 (base 16) Viaanix Inc + 434 N Main St. + Wichita KS 67202 + US + +50-A0-15 (hex) Shenzhen Yipingfang Network Technology Co., Ltd. +50A015 (base 16) Shenzhen Yipingfang Network Technology Co., Ltd. + 21 / F, Kangjia R & D building, No.28, Keji South 12th Road, Nanshan District, Shenzhen City, Guangdong Province, China + Shenzhen Nanshan District 518000 + CN + +C8-54-A4 (hex) Infinix mobility limited +C854A4 (base 16) Infinix mobility limited + RMS 05-15, 13A/F SOUTH TOWER WORLD FINANCE CTR HARBOUR CITY 17 CANTON RD TST KLN HONG KONG + HongKong HongKong 999077 + HK + A0-09-2E (hex) zte corporation A0092E (base 16) zte corporation 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China shenzhen guangdong 518057 CN + +B0-AF-F7 (hex) Shenzhen Yipingfang Network Technology Co., Ltd. +B0AFF7 (base 16) Shenzhen Yipingfang Network Technology Co., Ltd. + 21 / F, Kangjia R & D building, No.28, Keji South 12th Road, Nanshan District, Shenzhen City, Guangdong Province, China + Shenzhen Nanshan District 518000 + CN + +70-85-C4 (hex) Ruijie Networks Co.,LTD +7085C4 (base 16) Ruijie Networks Co.,LTD + No. 2, 7th floor, xingwangruijie, haixi hi-tech industrial park, high-tech zone, fuzhou city + Fuzhou Fujian 350002 + CN + +5C-C5-63 (hex) HUNAN FN-LINK TECHNOLOGY LIMITED +5CC563 (base 16) HUNAN FN-LINK TECHNOLOGY LIMITED + No.8, Litong Road, Liuyan Economic & Tec + Changsha HUNAN 410329 + CN + +74-DD-CB (hex) China Leadshine Technology Co.,Ltd +74DDCB (base 16) China Leadshine Technology Co.,Ltd + 9-11, Building A3, Nanshan Ipark, No.1001 Xueyuan Avenue, Nanshan? + SHENZHEN 518000 + CN + +A8-B1-3B (hex) HP Inc. +A8B13B (base 16) HP Inc. + 10300 Energy Dr + Spring TX 77389 + US + +C4-38-75 (hex) Sonos, Inc. +C43875 (base 16) Sonos, Inc. + 614 Chapala St + Santa Barbara 93101 + US + +68-B6-91 (hex) Amazon Technologies Inc. +68B691 (base 16) Amazon Technologies Inc. + P.O Box 8102 + Reno NV 89507 + US + +DC-A9-56 (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD +DCA956 (base 16) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD + NO.18 HAIBIN ROAD, + DONG GUAN GUANG DONG 523860 + CN + +48-27-C5 (hex) HUAWEI TECHNOLOGIES CO.,LTD +4827C5 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +BC-D2-06 (hex) HUAWEI TECHNOLOGIES CO.,LTD +BCD206 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +20-89-8A (hex) Shenzhen Skyworth Digital Technology CO., Ltd +20898A (base 16) Shenzhen Skyworth Digital Technology CO., Ltd + 4F,Block A, Skyworth?Building, + Shenzhen Guangdong 518057 + CN + +14-75-5B (hex) Intel Corporate +14755B (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +F4-E2-04 (hex) COYOTE SYSTEM +F4E204 (base 16) COYOTE SYSTEM + 1, rue Royale + Saint-Cloud 92210 + FR + +F8-4E-58 (hex) Samsung Electronics Co.,Ltd +F84E58 (base 16) Samsung Electronics Co.,Ltd + 129, Samsung-ro, Youngtongl-Gu + Suwon Gyeonggi-Do 16677 + KR + +B4-70-64 (hex) Samsung Electronics Co.,Ltd +B47064 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +CC-82-7F (hex) Advantech Technology (CHINA) Co., Ltd. +CC827F (base 16) Advantech Technology (CHINA) Co., Ltd. + No.666, Han-Pu Rd. Yu-Shan + Kun-Shan Jiang Su 215316 + CN + +88-3F-0C (hex) system a.v. co., ltd. +883F0C (base 16) system a.v. co., ltd. + 5-16-1,Aoe,KIta-Ku + Okayama Okayama 700-0941 + JP + +C8-BE-35 (hex) Extreme Networks, Inc. +C8BE35 (base 16) Extreme Networks, Inc. + 6480 Via Del Oro + San Jose CA 95119 + US + +78-AF-08 (hex) Intel Corporate +78AF08 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +D8-10-68 (hex) Murata Manufacturing Co., Ltd. +D81068 (base 16) Murata Manufacturing Co., Ltd. + 1-10-1, Higashikotari + Nagaokakyo-shi Kyoto 617-8555 + JP + +5C-04-5A (hex) Company NA Stage & Light +5C045A (base 16) Company NA Stage & Light + Lambertu 9 + M?rupe LV-2167 + LV + +58-C3-56 (hex) EM Microelectronic +58C356 (base 16) EM Microelectronic + Rue des Sors 3 + Marin-Epagnier Neuchatel 2074 + CH + +A0-ED-FB (hex) Quectel Wireless Solutions Co.,Ltd. +A0EDFB (base 16) Quectel Wireless Solutions Co.,Ltd. + 7th Floor, Hongye Building, No.1801 Hongmei Road, Xuhui District + Shanghai 200233 + CN + +B0-23-47 (hex) Shenzhen Giant Microelectronics Company Limited +B02347 (base 16) Shenzhen Giant Microelectronics Company Limited + Room 2108, 21 Floor, Building No.1 of Chang Fu Jin Mao Tower, No.5 Shi Hua Road, Futian District + Shenzhen Guangdong 518000 + CN + +CC-DD-58 (hex) Robert Bosch GmbH +CCDD58 (base 16) Robert Bosch GmbH + Mittlerer Pfad 9 + Stuttgart 70499 + DE + +4C-2E-5E (hex) Samsung Electronics Co.,Ltd +4C2E5E (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +64-5D-F4 (hex) Samsung Electronics Co.,Ltd +645DF4 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +88-FC-5D (hex) Cisco Systems, Inc +88FC5D (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +F4-C8-8A (hex) Intel Corporate +F4C88A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +18-3C-98 (hex) Shenzhen Hengyi Technology Co., LTD +183C98 (base 16) Shenzhen Hengyi Technology Co., LTD + Floor 5, Zone 1, Block B, Mingyou Purchasing Center, Baoyuan Road, Xixiang Street + Shenzhen Guangdong 518102 + CN + +78-71-04 (hex) Sichuan Tianyi Comheart Telecom Co.,LTD +787104 (base 16) Sichuan Tianyi Comheart Telecom Co.,LTD + No.198,First Section,Snow Mountain Avenue, Jinyuan Town, Dayi County + Chengdu Sichuan 611330 + CN + +64-C5-82 (hex) China Mobile Group Device Co.,Ltd. +64C582 (base 16) China Mobile Group Device Co.,Ltd. + 32 Xuanwumen West Street,Xicheng District + Beijing 100053 + CN + +D4-E0-53 (hex) Aruba, a Hewlett Packard Enterprise Company +D4E053 (base 16) Aruba, a Hewlett Packard Enterprise Company + 3333 Scott Blvd + Santa Clara CA 95054 + US + +5C-A4-F4 (hex) zte corporation +5CA4F4 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +94-09-C9 (hex) ALPSALPINE CO .,LTD +9409C9 (base 16) ALPSALPINE CO .,LTD + nishida 6-1 + kakuda-City Miyagi-Pref 981-1595 + JP + +50-28-4A (hex) Intel Corporate +50284A (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +98-C9-7C (hex) Shenzhen iComm Semiconductor CO.,LTD +98C97C (base 16) Shenzhen iComm Semiconductor CO.,LTD + Room 601,Block B ,Digital Building,Garden City + Shenzhen No.1079 Nanhai Road,Nanshan District 518067 + CN + +24-6C-60 (hex) Huawei Device Co., Ltd. +246C60 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +28-A3-31 (hex) Sierra Wireless +28A331 (base 16) Sierra Wireless + 13811 Wireless Way + Richmond BC V6V 3A4 + CA + +18-34-AF (hex) Kaonmedia CO., LTD. +1834AF (base 16) Kaonmedia CO., LTD. + 884-3, Seongnam-daero, Bundang-gu + Seongnam-si Gyeonggi-do 13517 + KR + +EC-62-60 (hex) Espressif Inc. +EC6260 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +B0-6E-72 (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +B06E72 (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +30-3E-A7 (hex) Intel Corporate +303EA7 (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +60-7D-09 (hex) Luxshare Precision Industry Co., Ltd +607D09 (base 16) Luxshare Precision Industry Co., Ltd + 2nd floor,A building,Sanyo New Industrial Area,West Area of Maoyi, Shajing Street,Bao'an District + Shenzhen City Guangdong Province 518100 + CN + +CC-3E-79 (hex) ARRIS Group, Inc. +CC3E79 (base 16) ARRIS Group, Inc. + 6450 Sequence Drive + San Diego CA 92121 + US + +28-F5-D1 (hex) ARRIS Group, Inc. +28F5D1 (base 16) ARRIS Group, Inc. + 6450 Sequence Drive + San Diego CA 92121 + US + +10-E1-77 (hex) ARRIS Group, Inc. +10E177 (base 16) ARRIS Group, Inc. + 6450 Sequence Drive + San Diego CA 92121 + US + +28-82-7C (hex) Bosch Automative products(Suzhou)Co.,Ltd Changzhou Branch +28827C (base 16) Bosch Automative products(Suzhou)Co.,Ltd Changzhou Branch + No.17 Longmen Road + Changzhou JiangSu 213164 + CN + +90-D4-73 (hex) vivo Mobile Communication Co., Ltd. +90D473 (base 16) vivo Mobile Communication Co., Ltd. + No.1, vivo Road, Chang'an + Dongguan Guangdong 523860 + CN + +08-EB-F6 (hex) HUAWEI TECHNOLOGIES CO.,LTD +08EBF6 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +C8-F0-9E (hex) Espressif Inc. +C8F09E (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +DC-54-75 (hex) Espressif Inc. +DC5475 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +0C-7B-C8 (hex) Cisco Meraki +0C7BC8 (base 16) Cisco Meraki + 500 Terry A. Francois Blvd + San Francisco 94158 + US + +00-16-A3 (hex) INGETEAM +0016A3 (base 16) INGETEAM + Parque Tecnologico de Bizkaia, Edificio 110 + Zamudio Bizkaia 48170 + ES + +24-CF-24 (hex) Beijing Xiaomi Mobile Software Co., Ltd +24CF24 (base 16) Beijing Xiaomi Mobile Software Co., Ltd + The Rainbow City Office Building, 68 Qinghe Middle Street Haidian District + Beijing Beijing 100085 + CN + +1C-0D-7D (hex) Apple, Inc. +1C0D7D (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +14-F2-87 (hex) Apple, Inc. +14F287 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +58-55-95 (hex) Apple, Inc. +585595 (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +F0-6C-5D (hex) Xiaomi Communications Co Ltd +F06C5D (base 16) Xiaomi Communications Co Ltd + #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road + Beijing Haidian District 100085 + CN + +40-B0-2F (hex) Miele & Cie. KG +40B02F (base 16) Miele & Cie. KG + Carl-Miele-Straße 29 + Gütersloh 33332 + DE + +18-66-F0 (hex) Jupiter Systems +1866F0 (base 16) Jupiter Systems + 31015 Huntwood Ave + Hayward CA 94544-7007 + US + +74-60-4C (hex) RØDE +74604C (base 16) RØDE + 107 Carnarvon St + Silverwater NSW 2128 + AU + +28-6F-40 (hex) Tonly Technology Co. Ltd +286F40 (base 16) Tonly Technology Co. Ltd + Section 37, Zhongkai Hi-Tech Development Zone + Huizhou Guangdong 516006 + CN + +BC-C7-DA (hex) Earda Technologies co Ltd +BCC7DA (base 16) Earda Technologies co Ltd + Block A,Lianfeng Creative Park, #2 Jisheng Rd., Nansha District + Guangzhou Guangdong 511455 + CN + +0C-86-C7 (hex) Jabil Circuit (Guangzhou) Limited +0C86C7 (base 16) Jabil Circuit (Guangzhou) Limited + Huangpu 128, JunCheng Road + GuangZhou Guangdong 510530 + CN + +14-94-6C (hex) Apple, Inc. +14946C (base 16) Apple, Inc. + 1 Infinite Loop + Cupertino CA 95014 + US + +1C-59-74 (hex) IEEE Registration Authority +1C5974 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +58-00-32 (hex) Genexis B.V. +580032 (base 16) Genexis B.V. + Lodewijkstraat 1A + Eindhoven 5652AC + NL + +B4-7D-76 (hex) KNS Group LLC +B47D76 (base 16) KNS Group LLC + Room 4, Office IV, Floor 4 Rochdelskaya street, 15, b.15 Moscow, 123376 Russia + Moscow 123376 + RU + +C0-AD-97 (hex) TECNO MOBILE LIMITED +C0AD97 (base 16) TECNO MOBILE LIMITED + ROOMS 05-15, 13A/F., SOUTH TOWER, WORLD FINANCE CENTRE, HARBOUR CITY, 17 CANTON ROAD, TSIM SHA TSUI, KOWLOON, HONG KONG + Hong Kong Hong Kong 999077 + HK + +B0-38-E2 (hex) Wanan Hongsheng Electronic Co.Ltd +B038E2 (base 16) Wanan Hongsheng Electronic Co.Ltd + 1st section of industrial pack,Wan'An County,Ji'An City,jiangxi province + Wanan China/jiangxi 343800 + CN + +4C-53-69 (hex) YanFeng Visteon(ChongQing) Automotive Electronic Co.,Ltd +4C5369 (base 16) YanFeng Visteon(ChongQing) Automotive Electronic Co.,Ltd + No.8,Gang’an 2nd Road,Jiangbei District,Chongqing,P.R.China + ChongQing ChongQing 400025 + CN + +70-A9-83 (hex) Cisco Systems, Inc +70A983 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +BC-FA-EB (hex) Cisco Systems, Inc +BCFAEB (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +74-76-7D (hex) shenzhen kexint technology co.,ltd +74767D (base 16) shenzhen kexint technology co.,ltd + 5th Floor, Building 2, Chunhu Industrial Park, Dongshen Road, Pinghu Street, Longgang District, Shenzhen City + shenzhen guangdong 518000 + CN + +E0-48-D8 (hex) Guangzhi Wulian Technology(Guangzhou) Co., Ltd +E048D8 (base 16) Guangzhi Wulian Technology(Guangzhou) Co., Ltd + Room 1407, Fuli yingkai building, No. 16, Huaxia Road, Tianhe District, + Guangzhou 510623 + CN + +F8-E4-A4 (hex) Fiberhome Telecommunication Technologies Co.,LTD +F8E4A4 (base 16) Fiberhome Telecommunication Technologies Co.,LTD + No.5 DongXin Road + Wuhan Hubei 430074 + CN + +84-85-53 (hex) Biznes Systema Telecom, LLC +848553 (base 16) Biznes Systema Telecom, LLC + room XXII/1, fl 3, block 3, 6 Barklaya street, Moscow, 121087, Russia + Moscow 121087 + RU + +D8-88-63 (hex) HUAWEI TECHNOLOGIES CO.,LTD +D88863 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +C0-3E-50 (hex) HUAWEI TECHNOLOGIES CO.,LTD +C03E50 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +80-60-36 (hex) HUAWEI TECHNOLOGIES CO.,LTD +806036 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +A0-C9-8B (hex) Nokia Solutions and Networks GmbH & Co. KG +A0C98B (base 16) Nokia Solutions and Networks GmbH & Co. KG + Werinherstrasse 91 + München Bavaria D-81541 + DE + +18-BB-1C (hex) Huawei Device Co., Ltd. +18BB1C (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +4C-9D-22 (hex) ACES Co.,Ltd +4C9D22 (base 16) ACES Co.,Ltd + TianGong Avenue #916, Tianfu New Area + ChengDu Sichuan Province 610000 + CN + +88-C9-E8 (hex) Sony Corporation +88C9E8 (base 16) Sony Corporation + Sony City Osaki 2-10-1 + Shinagawa-ku Tokyo 141-8610 + JP + +B8-F0-B9 (hex) zte corporation +B8F0B9 (base 16) zte corporation + 12/F.,zte R&D building ,kejinan Road,Shenzhen,P.R.China + shenzhen guangdong 518057 + CN + +80-5B-65 (hex) LG Innotek +805B65 (base 16) LG Innotek + 26, Hanamsandan 5beon-ro + Gwangju Gwangsan-gu 506-731 + KR + +D4-43-0E (hex) Zhejiang Dahua Technology Co., Ltd. +D4430E (base 16) Zhejiang Dahua Technology Co., Ltd. + No.1199,Waterfront Road + Hangzhou Zhejiang 310053 + CN + +00-73-8D (hex) Shenzhen TINNO Mobile Technology Corp. +00738D (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +44-D3-AD (hex) Shenzhen TINNO Mobile Technology Corp. +44D3AD (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +F8-5E-0B (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +F85E0B (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN + +94-D3-31 (hex) Xiaomi Communications Co Ltd +94D331 (base 16) Xiaomi Communications Co Ltd + #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road + Beijing Haidian District 100085 + CN + +5C-8C-30 (hex) Taicang T&W Electronics +5C8C30 (base 16) Taicang T&W Electronics + 89# Jiang Nan RD + Suzhou Jiangsu 215412 + CN + +2C-9D-65 (hex) vivo Mobile Communication Co., Ltd. +2C9D65 (base 16) vivo Mobile Communication Co., Ltd. + No.1, vivo Road, Chang'an + Dongguan Guangdong 523860 + CN + +44-88-16 (hex) Cisco Systems, Inc +448816 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +34-DD-04 (hex) Minut AB +34DD04 (base 16) Minut AB + Baltzarsgatan 23 + Malmö 21136 + SE + +E8-AC-23 (hex) HUAWEI TECHNOLOGIES CO.,LTD +E8AC23 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +68-D9-27 (hex) HUAWEI TECHNOLOGIES CO.,LTD +68D927 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +90-F9-70 (hex) HUAWEI TECHNOLOGIES CO.,LTD +90F970 (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +04-CA-ED (hex) HUAWEI TECHNOLOGIES CO.,LTD +04CAED (base 16) HUAWEI TECHNOLOGIES CO.,LTD + No.2 Xin Cheng Road, Room R6,Songshan Lake Technology Park + Dongguan 523808 + CN + +68-EE-88 (hex) Shenzhen TINNO Mobile Technology Corp. +68EE88 (base 16) Shenzhen TINNO Mobile Technology Corp. + Building, No.33, Xiandong Rd, Xili + Nanshan District, Shenzhen PRC 518053 + CN + +54-3D-92 (hex) WIRELESS-TEK TECHNOLOGY LIMITED +543D92 (base 16) WIRELESS-TEK TECHNOLOGY LIMITED + Room 402 4F, BiaoFan Technology Building, Bao'An Avenue, FuYong Town, Bao'An district, ShenZhen,China + SHENZHEN 518000 + CN + +98-26-AD (hex) Quectel Wireless Solutions Co.,Ltd. +9826AD (base 16) Quectel Wireless Solutions Co.,Ltd. + 7th Floor, Hongye Building, No.1801 Hongmei Road, Xuhui District + Shanghai 200233 + CN + +60-1E-98 (hex) Axevast Technology +601E98 (base 16) Axevast Technology + 5F., No. 20, Guanqian Road, Zhongzheng District + Taipei City 100007 + TW + +A8-F7-D9 (hex) Mist Systems, Inc. +A8F7D9 (base 16) Mist Systems, Inc. + 1601 South De Anza Blvd, Suite 248 + Cupertino CA 95014 + US + +2C-3B-70 (hex) AzureWave Technology Inc. +2C3B70 (base 16) AzureWave Technology Inc. + 8F., No. 94, Baozhong Rd. + New Taipei City Taiwan 231 + TW + +38-86-F7 (hex) Google, Inc. +3886F7 (base 16) Google, Inc. + 1600 Amphitheatre Parkway + Mountain View CA 94043 + US + +F4-22-7A (hex) Guangdong Seneasy Intelligent Technology Co., Ltd. +F4227A (base 16) Guangdong Seneasy Intelligent Technology Co., Ltd. + No. 63, Huitai Industrial Park, + Huizhou City, Guangdong Province 516000 + CN + +8C-51-09 (hex) IEEE Registration Authority +8C5109 (base 16) IEEE Registration Authority + 445 Hoes Lane + Piscataway NJ 08554 + US + +A4-75-B9 (hex) Samsung Electronics Co.,Ltd +A475B9 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +80-54-9C (hex) Samsung Electronics Co.,Ltd +80549C (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +6C-60-D0 (hex) Huawei Device Co., Ltd. +6C60D0 (base 16) Huawei Device Co., Ltd. + No.2 of Xincheng Road, Songshan Lake Zone + Dongguan Guangdong 523808 + CN + +1C-F8-D0 (hex) Samsung Electronics Co.,Ltd +1CF8D0 (base 16) Samsung Electronics Co.,Ltd + #94-1, Imsoo-Dong + Gumi Gyeongbuk 730-350 + KR + +64-0E-6A (hex) SECO-LARM USA Inc +640E6A (base 16) SECO-LARM USA Inc + 16842 Millikan + Irvine CA 92606 + US + +68-E1-54 (hex) SiMa.ai +68E154 (base 16) SiMa.ai + 226 Airport Parkway, Suite 550 + San Jose CA 95110 + US + +DC-8D-B7 (hex) ATW TECHNOLOGY, INC. +DC8DB7 (base 16) ATW TECHNOLOGY, INC. + 1F, No.236 Ba’ai Street, Shulin District + New Taipei City 23845 + TW + +70-20-84 (hex) Hon Hai Precision Industry Co., Ltd. +702084 (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +28-C1-3C (hex) Hon Hai Precision Industry Co., Ltd. +28C13C (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +1C-A0-B8 (hex) Hon Hai Precision Industry Co., Ltd. +1CA0B8 (base 16) Hon Hai Precision Industry Co., Ltd. + GuangDongShenZhen + ShenZhen GuangDong 518109 + CN + +18-AA-1E (hex) Shenzhen Skyworth Digital Technology CO., Ltd +18AA1E (base 16) Shenzhen Skyworth Digital Technology CO., Ltd + 4F,Block A, Skyworth?Building, + Shenzhen Guangdong 518057 + CN + +9C-31-C3 (hex) SKY UK LIMITED +9C31C3 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +D4-52-EE (hex) SKY UK LIMITED +D452EE (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +90-21-06 (hex) SKY UK LIMITED +902106 (base 16) SKY UK LIMITED + 130 Kings Road + Brentwood Essex 08854 + GB + +D8-FF-C3 (hex) Shenzhen 3SNIC information technology company Limited +D8FFC3 (base 16) Shenzhen 3SNIC information technology company Limited + Room 3101, Building 3, Nanshan Zhiyuan Chongwen Park, No.3370, Liuxian Avenue, Fuguang Community, Taoyuan Street, Nanshan District, + Shenzhen Guangdong 518000 + CN + +F0-87-56 (hex) Zyxel Communications Corporation +F08756 (base 16) Zyxel Communications Corporation + No. 6 Innovation Road II, Science Park + Hsichu Taiwan 300 + TW + +E8-EF-05 (hex) MIND TECH INTERNATIONAL LIMITED +E8EF05 (base 16) MIND TECH INTERNATIONAL LIMITED + FLAT E 2/F RIALTO MANSION 183 KING'S RD NORTH POINT HK + Hong Kong 999077 + HK + +48-27-E2 (hex) Espressif Inc. +4827E2 (base 16) Espressif Inc. + Room 204, Building 2, 690 Bibo Rd, Pudong New Area + Shanghai Shanghai 201203 + CN + +58-B3-8F (hex) New H3C Technologies Co., Ltd +58B38F (base 16) New H3C Technologies Co., Ltd + 466 Changhe Road, Binjiang District + Hangzhou Zhejiang 310052 + CN + +40-E1-71 (hex) Jiangsu Huitong Group Co.,Ltd. +40E171 (base 16) Jiangsu Huitong Group Co.,Ltd. + No. 24, Block 2, Taohuawu New District + Zhenjiang Jiangsu 212003 + CN + +F4-6D-3F (hex) Intel Corporate +F46D3F (base 16) Intel Corporate + Lot 8, Jalan Hi-Tech 2/3 + Kulim Kedah 09000 + MY + +6C-72-4A (hex) Onkyo Technology K.K. +6C724A (base 16) Onkyo Technology K.K. + Lux Building (5th floor),1-1-41 Kawamata + Higashiosaka City Osaka 577-0063 + JP + +18-C3-00 (hex) Nokia +18C300 (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +D4-4D-77 (hex) Nokia +D44D77 (base 16) Nokia + 600 March Road + Kanata Ontario K2K 2E6 + CA + +DC-05-39 (hex) Cisco Systems, Inc +DC0539 (base 16) Cisco Systems, Inc + 80 West Tasman Drive + San Jose CA 94568 + US + +8C-25-5E (hex) VoltServer +8C255E (base 16) VoltServer + 42 Ladd St STE 227 + East Greenwich RI 02818 + US + +B8-8F-27 (hex) Realme Chongqing Mobile Telecommunications Corp.,Ltd. +B88F27 (base 16) Realme Chongqing Mobile Telecommunications Corp.,Ltd. + No.178 Yulong Avenue, Yufengshan, Yubei District, Chongqing. + Chongqing China 401120 + CN diff --git a/hwdb.d/ma-medium.txt b/hwdb.d/ma-medium.txt index aa83fc256f5..08cdcba9362 100644 --- a/hwdb.d/ma-medium.txt +++ b/hwdb.d/ma-medium.txt @@ -2258,12 +2258,6 @@ C00000-CFFFFF (base 16) Goetting KG Lehrte Select Your State or Province 31275 DE -50-FF-99 (hex) Coyote Sytem -100000-1FFFFF (base 16) Coyote Sytem - 24 quai Gallieni - Suresnes 92150 - FR - 50-FF-99 (hex) Shenzhen Haipengxin Electronic Co., Ltd. D00000-DFFFFF (base 16) Shenzhen Haipengxin Electronic Co., Ltd. Block C3,Mingzhuo Xingye Technology Park,Guangming Avenue @@ -2720,12 +2714,6 @@ B00000-BFFFFF (base 16) Oliotalo Oy Taipei City 10656 TW -80-7B-85 (hex) Ningbo Plus and Popscreens electronic Technology Co.,LTD -C00000-CFFFFF (base 16) Ningbo Plus and Popscreens electronic Technology Co.,LTD - 7 Hong Da Road, Hong Tang Industrial Park Zone A - Ningbo Zhejiang 315040 - CN - 64-FB-81 (hex) Bronkhorst High-Tech BV A00000-AFFFFF (base 16) Bronkhorst High-Tech BV Nijverheidsstraat 1a @@ -3719,12 +3707,6 @@ B00000-BFFFFF (base 16) Fibergate Inc. Beijing Beijing 100037 CN -9C-43-1E (hex) Phoenix Audio Technologies -E00000-EFFFFF (base 16) Phoenix Audio Technologies - 2552 White Road, Suite A - Irvine CA 92614 - US - 70-69-79 (hex) Rivian Automotive LLC C00000-CFFFFF (base 16) Rivian Automotive LLC 13250 N. Haggerty Road @@ -4874,6 +4856,210 @@ C00000-CFFFFF (base 16) Shenzhen Micro&Nano Perception Computing Technology Tokyo Minato 108-0023 JP +0C-86-29 (hex) HONGKONG SAINT TECH INDUSTRIAL LIMITED +900000-9FFFFF (base 16) HONGKONG SAINT TECH INDUSTRIAL LIMITED + RM 1904A 19/F LUCKY COMMERCIAL CENTRE NO.103 DES VOEUX ROAD WEST HK + HONGKONG 999077 + CN + +0C-86-29 (hex) BEIJING BEIBIANZHIDA TECHNOLOGY CO.,LTD +D00000-DFFFFF (base 16) BEIJING BEIBIANZHIDA TECHNOLOGY CO.,LTD + 27 Shucun West Road, Haidian District, + Beijing 100089 + CN + +0C-86-29 (hex) Shenzhen protostellar technology Co., Ltd +500000-5FFFFF (base 16) Shenzhen protostellar technology Co., Ltd + 4/F, #16, DaKan Yangmen industrial park, XiLi town, Nanshan district + ShenZhen GuangDong 518055 + CN + +0C-86-29 (hex) Akribis Systems +B00000-BFFFFF (base 16) Akribis Systems + Block 5012 Techplace II, #01-05 Ang Mo Kio Avenue 5 + Singapore Singapore 569876 + SG + +6C-93-08 (hex) Shenzhen C & D Electronics Co., Ltd. +500000-5FFFFF (base 16) Shenzhen C & D Electronics Co., Ltd. + 9th FIoor, Building 9, No.1 Qingxiang road, BaoNeng Science and TechnoIogy Industrial Park, Longhua New District + ShenZhen GuangDong 518000 + CN + +6C-93-08 (hex) Braums +000000-0FFFFF (base 16) Braums + Unit M 10-16 South st + Rydalmere NSW 2116 + AU + +6C-93-08 (hex) WATERFORD CONSULTANTS LLC +100000-1FFFFF (base 16) WATERFORD CONSULTANTS LLC + 7430 NEW TECHNOLOGY WAY, Suite 150 + FREDERICK 21703 + US + +50-FF-99 (hex) COYOTE SYSTEM +100000-1FFFFF (base 16) COYOTE SYSTEM + 24 quai Gallieni + Suresnes 92150 + FR + +30-43-D7 (hex) Apollo Infoways Private Limited +200000-2FFFFF (base 16) Apollo Infoways Private Limited + G-149, Sector-63 + Noida Uttar Pradesh 201301 + IN + +30-43-D7 (hex) Luxshare Electronic Technology (Kunshan) LTD +300000-3FFFFF (base 16) Luxshare Electronic Technology (Kunshan) LTD + No.158,Jinchang Road,Jinxi Town,Kunshan City,Jiangsu Province,215324, China + Kunshan Jiangsu 215324 + CN + +38-1F-26 (hex) Avon Protection +800000-8FFFFF (base 16) Avon Protection + 503 8th Street + Cadillac MI 49601 + US + +30-43-D7 (hex) DIGICITI Technology Co.,Ltd +700000-7FFFFF (base 16) DIGICITI Technology Co.,Ltd + Room 3502,Building 1,Huide Building,North Station Community,Minzhi Street,Longhua District + Shenzhen Guangdong 518000 + CN + +38-1F-26 (hex) SERNET (SUZHOU) TECHNOLOGIES CORPORATION +100000-1FFFFF (base 16) SERNET (SUZHOU) TECHNOLOGIES CORPORATION + NO.8 Tangzhuang Road,Suzhou Industrial Park,Su ZhouCity,JiangSu Province,China + Suzhou 215021 + CN + +38-1F-26 (hex) SMS Evoko Group AB +900000-9FFFFF (base 16) SMS Evoko Group AB + Hastholmsvagen 32 + Nacka 13130 + SE + +18-A5-9C (hex) CAL-COMP INDUSTRIA E COMERCIO DE ELETRONICOS E INFORMATICA LTDA +B00000-BFFFFF (base 16) CAL-COMP INDUSTRIA E COMERCIO DE ELETRONICOS E INFORMATICA LTDA + AVENIDA TORQUATO TAPAJOS, 7503 TARUMA GALPAO 2 - CNPJ: 07.200.194/0003-80 + MANAUS AMAZONAS 69041-025 + BR + +18-A5-9C (hex) Thermia AB +500000-5FFFFF (base 16) Thermia AB + Snickaregatan 1 + Arvika 67134 + SE + +18-A5-9C (hex) BlueEyes Technology +C00000-CFFFFF (base 16) BlueEyes Technology + 7F-3, No.200, Sec. 4, Wenxin Rd., + Taichung City Taiwan 40462 + TW + +9C-43-1E (hex) SHURE INCORPORATED +E00000-EFFFFF (base 16) SHURE INCORPORATED + 2552 White Road, Suite A + Irvine CA 92614 + US + +1C-59-74 (hex) Globe Tracker ApS +E00000-EFFFFF (base 16) Globe Tracker ApS + Strandgade 91 + kobenhavn State / Province* 1401 + DK + +C4-A1-0E (hex) HYOSUNG HEAVY INDUSTRIES +000000-0FFFFF (base 16) HYOSUNG HEAVY INDUSTRIES + 119, Mapo-daero (Gongdeok-dong), Mapo-gu + Seoul 04144 + KR + +C4-A1-0E (hex) Consolinno Energy GmbH +300000-3FFFFF (base 16) Consolinno Energy GmbH + Franz-Mayer-Straße 1 + Regensburg Bayern 93053 + DE + +C4-A1-0E (hex) Connectlab SRL +D00000-DFFFFF (base 16) Connectlab SRL + via donatello 30 + Milano Milano 20131 - Milano + IT + +C4-A1-0E (hex) BARTEC PIXAVI AS +100000-1FFFFF (base 16) BARTEC PIXAVI AS + Vestre Svanholmen 24 + SANDNES Rogaland 4313 + NO + +C4-A1-0E (hex) Ayla Networks (Shenzhen) Co., Ltd. +800000-8FFFFF (base 16) Ayla Networks (Shenzhen) Co., Ltd. + Room 1501, Building B, Innovation Building, No.198 Daxin Road, Majialong Community ,Nantou Street,Nanshan District, + Shenzhen 518000 + CN + +70-50-E7 (hex) Shenzhen Dangs Science and Technology CO.,Ltd. +800000-8FFFFF (base 16) Shenzhen Dangs Science and Technology CO.,Ltd. + 9th Floor of GDC Building, Gaoxin Middle 3rd St.,Nanshan District + Shenzhen GuangDong 518063 + CN + +70-50-E7 (hex) KFBIO (KONFOONG BIOINFORMATION TECH CO.,LTD) +E00000-EFFFFF (base 16) KFBIO (KONFOONG BIOINFORMATION TECH CO.,LTD) + 3F,No.4Building,Yuyao Technology Innovation Center + Ningbo ZheJiang Province, P.R.C. 315400 + CN + +80-7B-85 (hex) SCALA Digital Technology(Ningbo) CO, LTD +C00000-CFFFFF (base 16) SCALA Digital Technology(Ningbo) CO, LTD + 7 Hong Da Road, Hong Tang Industrial Park Zone A + Ningbo Zhejiang 315040 + CN + +80-02-F4 (hex) Baicells Technologies Co., Ltd +B00000-BFFFFF (base 16) Baicells Technologies Co., Ltd + 10-11F,AL, No.1 Zhongguancun, Haidian + Beijing Beijing 100094 + CN + +80-02-F4 (hex) BK Networks Co,. Ltd. +000000-0FFFFF (base 16) BK Networks Co,. Ltd. + 330 Suin-ro, Gwonseon-gu + Suwon-si Gyeonggi-do 16371 + KR + +8C-51-09 (hex) Heliox Automotive B.V. +500000-5FFFFF (base 16) Heliox Automotive B.V. + De Waal 24 + Best 5684 PH + NL + +8C-51-09 (hex) Amzetta Technologies, LLC +100000-1FFFFF (base 16) Amzetta Technologies, LLC + 5555 Oakbrook Pkwy, Suite 280 + Norcross GA 30093 + US + +FC-61-79 (hex) Qisda Corporation +500000-5FFFFF (base 16) Qisda Corporation + No. 157, Shanying Rd., Gueishan Dist., Taoyuan City 33341, Taiwan + Taoyuan 33341 + TW + +0C-7F-ED (hex) Guangdong Tianshu New Energy Technology Co., Ltd +000000-0FFFFF (base 16) Guangdong Tianshu New Energy Technology Co., Ltd + No.8 Huishang Road, Infore Enviro Industrial Park, Jiangcun Village, Leliu Street, Shunde District, + Foshan 528000 + CN + +0C-7F-ED (hex) Annapurna labs +A00000-AFFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + 4C-4B-F9 (hex) Shenzhen dingsheng technology co., LTD 400000-4FFFFF (base 16) Shenzhen dingsheng technology co., LTD Floor 3, building 5, kaijeda industrial zone, no.97, huaxing road, langkou community, dalang street, longhua district @@ -7841,12 +8027,6 @@ BC-66-41 (hex) Shenzhen Yaguang communication CO.,LTD Shenzhen Guangdong 518029 CN -E4-95-6E (hex) Tband srl -100000-1FFFFF (base 16) Tband srl - via A. Meucci, 4 - Preganziol Treviso 31022 - IT - BC-66-41 (hex) EBlink A00000-AFFFFF (base 16) EBlink 3-5 Rue Marcel Pagnol @@ -9452,12 +9632,6 @@ D00000-DFFFFF (base 16) Shenzhen Vitalitim Technology Co., Ltd Guangzhou 511400 CN -10-54-D2 (hex) SHENZHEN CARSAFE TECHNOLOGY DEVELOPMENT CO.,LTD -700000-7FFFFF (base 16) SHENZHEN CARSAFE TECHNOLOGY DEVELOPMENT CO.,LTD - Bldg.7, N.Industrial Park,No.18 Makan Rd,Xili,Nanshan, - SHENZHEN 518000 - CN - 10-54-D2 (hex) Bamboo Dynamics Corporation., Ltd. 900000-9FFFFF (base 16) Bamboo Dynamics Corporation., Ltd. No.146, Sec. 1,Donxing Rd. @@ -9470,6 +9644,270 @@ D00000-DFFFFF (base 16) Shenzhen Vitalitim Technology Co., Ltd Mumbai Maharashtra 400054 IN +10-54-D2 (hex) Sybersense +500000-5FFFFF (base 16) Sybersense + Unit 10, 16F, Hi-Tech Industrial Centre, Block A, 5-21 Pat Tin Par Street, Tsuen Wan NT, HK + Hong Kong 999077 + CN + +10-54-D2 (hex) SHENZHEN CARSAFE TECHNOLOGY DEVELOPMENT CO.,LTD +700000-7FFFFF (base 16) SHENZHEN CARSAFE TECHNOLOGY DEVELOPMENT CO.,LTD + Bldg.7, N.Industrial Park,No.18 Makan Rd,Xili,Nanshan, + SHENZHEN 518000 + CN + +0C-86-29 (hex) Shanghai Prophet Electronic Technology Co.,Ltd +000000-0FFFFF (base 16) Shanghai Prophet Electronic Technology Co.,Ltd + 9th Floor, Building 3, 1535 Hongmei Road, Xuhui District, + Shanghai 200030 + CN + +0C-86-29 (hex) Beijing Qinmu Data Technology Co., Ltd. +100000-1FFFFF (base 16) Beijing Qinmu Data Technology Co., Ltd. + Room101,Office 701,Floor7,Building4,Courtyard1,Nongda South Road,Haidian District. + Beijing 100085 + CN + +0C-86-29 (hex) C&A Marketing, INC. +600000-6FFFFF (base 16) C&A Marketing, INC. + 114 Tived Lane East + Edison NJ 08837 + US + +0C-86-29 (hex) MyGregor Ltd +800000-8FFFFF (base 16) MyGregor Ltd + 11A, Carnegie str. + Sofia 1000 + BG + +6C-93-08 (hex) Annapurna labs +D00000-DFFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +6C-93-08 (hex) Shenzhen DOOGEE Hengtong Technology CO., LTD +900000-9FFFFF (base 16) Shenzhen DOOGEE Hengtong Technology CO., LTD + B, 2/F, Building A4, Silicon Valley Power Digital Industrial Park, No. 22, Dafu Industrial Zone, Guanlan Aobei Community, Guanlan Street, Longhua New District + Shenzhen Guangdong 518000 + CN + +6C-93-08 (hex) Shenzhen TOPWAY Technology Co.,LTD +A00000-AFFFFF (base 16) Shenzhen TOPWAY Technology Co.,LTD + Bld.20 Zone 5, Baiwangxin Industry Park, Songbai Rd.Nanshan Dist + ShenZhen Guangdong 518055 + CN + +30-43-D7 (hex) SYMES SA +000000-0FFFFF (base 16) SYMES SA + 4 allée technopolis, chemin des presses + Cagnes sur mer PACA 06800 + FR + +30-43-D7 (hex) Shenzhen Mees Hi-Tech Co., Ltd +500000-5FFFFF (base 16) Shenzhen Mees Hi-Tech Co., Ltd + 2F & 4F,Building 3 North District,2nd Qianjin Road,Liutang Village, Xixiang,Bao'an District + Shenzhen Guangdong 518102 + CN + +30-43-D7 (hex) Annapurna labs +D00000-DFFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +6C-93-08 (hex) ANDDORO LLC +E00000-EFFFFF (base 16) ANDDORO LLC + 1430 Broadway NY + New York NY 10018 + US + +38-1F-26 (hex) Synamedia +200000-2FFFFF (base 16) Synamedia + Luipaardstraat 12 + Kortrijk West-Vlaanderen 8500 + BE + +38-1F-26 (hex) Jade Bird Fire Co., Ltd. +C00000-CFFFFF (base 16) Jade Bird Fire Co., Ltd. + Jade Bird Building, 207 Chengfu Road, Haidian District, Beijing, P.R.China + Beijing 100871 + CN + +38-1F-26 (hex) Zhejiang Huazhou Intelligent Equipment Co,. Ltd +500000-5FFFFF (base 16) Zhejiang Huazhou Intelligent Equipment Co,. Ltd + Building3, No.416DdongshengAvenue, Wuzhen, Tongxiang, + Jiaxing 314000 + CN + +18-A5-9C (hex) Omwave +000000-0FFFFF (base 16) Omwave + 5 rue Barbes + Montrouge 92120 + FR + +18-A5-9C (hex) INTEGRAL PLUS +600000-6FFFFF (base 16) INTEGRAL PLUS + ul. Khalitova, 2 + Kazan 420029 + RU + +18-A5-9C (hex) estun automation co.,ltd +900000-9FFFFF (base 16) estun automation co.,ltd + 1888 Jiyin Avenue,Jiangning District + nanjing 211100 + CN + +1C-59-74 (hex) Topway Global Technology Limited +800000-8FFFFF (base 16) Topway Global Technology Limited + Room 1003, 10 / F, Tower 1, Lippo Centre, 89 Queensway, Hong Kong + Hong Kong Hong Kong 999077 + HK + +1C-59-74 (hex) King-On Technology Ltd. +C00000-CFFFFF (base 16) King-On Technology Ltd. + 13F, No.207-2, Sec#3, Beixin Rd., Xindian District. + New Taipei Taiwan 23146 + TW + +1C-59-74 (hex) Shenzhen Geshem Technology Co Ltd +D00000-DFFFFF (base 16) Shenzhen Geshem Technology Co Ltd + 12th Floor, Block B, Building 7, International Innovation Valley + Shenzhen Gunagdong 518000 + CN + +18-A5-9C (hex) Annapurna labs +D00000-DFFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +18-A5-9C (hex) BMC Messsysteme GmbH +E00000-EFFFFF (base 16) BMC Messsysteme GmbH + Haupstr. 21 + Maisach 82216 + DE + +1C-59-74 (hex) Jiangsu Welm Technology Co.,Ltd +300000-3FFFFF (base 16) Jiangsu Welm Technology Co.,Ltd + No.158 Jianghai WestRoad,Haian + Haian Jiangsu 226100 + CN + +1C-59-74 (hex) Logical Infrastructure PTY LTD +100000-1FFFFF (base 16) Logical Infrastructure PTY LTD + unit 2, 8 Carbine way + Mornington Victoria 3931 + AU + +1C-59-74 (hex) Shenzhen Shi Fang Communication Technology Co., Ltd +500000-5FFFFF (base 16) Shenzhen Shi Fang Communication Technology Co., Ltd + 601-6 Mitehuapujing No.9 Jinxiu Mid Road Longtian Street Pingshan Distinct + Shenzhen Guangdong 518118 + CN + +1C-59-74 (hex) Lynxi Technologies Co.,Ltd. +700000-7FFFFF (base 16) Lynxi Technologies Co.,Ltd. + RM 801, 8/F, No. 67 North 4th Ring West Road + Beijing Beijing 100084 + CN + +6C-15-24 (hex) D-HOME SMAART +900000-9FFFFF (base 16) D-HOME SMAART + 8, rue Edouard Herriot + Marigny le Châtel 10350 + FR + +6C-15-24 (hex) Forcite Helmet Systems Pty Ltd +300000-3FFFFF (base 16) Forcite Helmet Systems Pty Ltd + 35-39 Bourke Road, Alexandria + Sydney NSW 2015 + AU + +6C-15-24 (hex) Kunshan Abram Software Technology Co.,Ltd. +600000-6FFFFF (base 16) Kunshan Abram Software Technology Co.,Ltd. + Room 704, No. 666, Changjiang South Road + Kunshan Jiangsu 215300 + CN + +6C-15-24 (hex) Magicyo Technology CO., LTD. +400000-4FFFFF (base 16) Magicyo Technology CO., LTD. + 7F, Tower A, YuZhou Building, No.78 North Keyuan + Shenzhen Nanshan District 518057 + CN + +70-50-E7 (hex) shenzhen newbridge communication equipment CO.,LTD +C00000-CFFFFF (base 16) shenzhen newbridge communication equipment CO.,LTD + 5 / F, No. 1 building, Jinli Industrial Park, No. 1, LanJin Sixth Road, Nanbu community, Longtian street, Pingshan District, Shenzhen + SHENZHEN GUANGDONG 518000 + CN + +70-50-E7 (hex) Quantumdoor Technologies, Inc. +400000-4FFFFF (base 16) Quantumdoor Technologies, Inc. + 1st Floor 108-1,Buiding5,East Districe,No.10 Xibeiwang East Road,haidian Districe, + beijing 102629 + CN + +80-02-F4 (hex) Shenzhen Suanzi Technology Co., Ltd +300000-3FFFFF (base 16) Shenzhen Suanzi Technology Co., Ltd + Room 207, Research Building, Tsinghua Information Port, No.1, Songpingshan New East Road, Nanshan District + Shenzhen Guangdong 518057 + CN + +8C-51-09 (hex) SERNET (SUZHOU) TECHNOLOGIES CORPORATION +A00000-AFFFFF (base 16) SERNET (SUZHOU) TECHNOLOGIES CORPORATION + NO.8 Tangzhuang Road,Suzhou Industrial Park,Su ZhouCity,JiangSu Province,China + Suzhou 215021 + CN + +8C-51-09 (hex) TianJin JointOptic Technology Co., LTD. +000000-0FFFFF (base 16) TianJin JointOptic Technology Co., LTD. + Floor 3, Building 6, Teda Service Outsourcing Industrial Park, 19 Xinhuan West Road, Binhai New Area, + Tianjin 300000 + CN + +8C-51-09 (hex) Shenzhen WOWOTO Technology Co., Ltd. +400000-4FFFFF (base 16) Shenzhen WOWOTO Technology Co., Ltd. + Room B508,Building B,Gaoxingqi Industrial Park,Liuxian 1st Road,District 67,Bao'an + Shenzhen Guangdong 518100 + CN + +8C-51-09 (hex) Beijing Superhexa Century Technology Co., Ltd. +B00000-BFFFFF (base 16) Beijing Superhexa Century Technology Co., Ltd. + Room 1022, 1F, Zone A, No.1, South Back Street, Anningzhuang, Haidian District, Beijing + Beijing 100010 + CN + +E4-95-6E (hex) Tband srl +100000-1FFFFF (base 16) Tband srl + Via Camucina 27/A + PORTOGRUARO Venezia 30026 + IT + +0C-7F-ED (hex) ALT Co., Ltd. +D00000-DFFFFF (base 16) ALT Co., Ltd. + #1201, 8, Seongnam-dearo 331beon-gil + Bundang-gu, Seongnam-si Gyeonggi-do 13558 + KR + +0C-7F-ED (hex) Shenzhen ORVIBO Technology Co., Ltd. +900000-9FFFFF (base 16) Shenzhen ORVIBO Technology Co., Ltd. + F7, Block A7, Nanshan I Park, No.1001 XueYuan Avenue , NanShan District, ShenZhen 518055 PRC. + shenzhen 518000 + CN + +0C-7F-ED (hex) Netweb Technologies India Pvt Ltd +600000-6FFFFF (base 16) Netweb Technologies India Pvt Ltd + Plot H1, Pocket-9, FIT,Sector-57, Ballabhgarh + Faridabad Haryana 121004 + IN + +FC-61-79 (hex) Kvaliteta Systems and Solutions Private Limited +700000-7FFFFF (base 16) Kvaliteta Systems and Solutions Private Limited + 2207 Yamuna Building Techno Park Phase 3 + Trivandrum Kerala 695583 + IN + 20-85-93 (hex) UNILUMIN GROUP CO.,LTD 300000-3FFFFF (base 16) UNILUMIN GROUP CO.,LTD No.112 Yongfu Rd.,BaoanDistrict, @@ -14333,26 +14771,284 @@ A00000-AFFFFF (base 16) Pavana Technologies JSC. Vinh Phuc 35000 VN -10-54-D2 (hex) LUXSHARE-ICT Co., Ltd. -C00000-CFFFFF (base 16) LUXSHARE-ICT Co., Ltd. - 1F, No. 22, Lane 35, Jihu Road, Neihu district - Taipei City Taiwan 114754 +10-54-D2 (hex) GIPS Technology Co., Ltd. +000000-0FFFFF (base 16) GIPS Technology Co., Ltd. + Rm. 2, 6F., No. 395, Sec. 1, Linsen Rd., East Dist. + Tainan City TAIWAN 701024 TW +10-54-D2 (hex) Embion B.V. +A00000-AFFFFF (base 16) Embion B.V. + Biestraat 1b + Gilze Noord-Brabant 5126NH + NL + 10-54-D2 (hex) Little Array Technology (Shenzhen) Co., Ltd. 300000-3FFFFF (base 16) Little Array Technology (Shenzhen) Co., Ltd. Unit 215, 2F, A1, Zhimei Industry Park, Fuhai Industrial Zone B2, Fuyong Street, Baoan District Shenzhen Guangdong 518103 CN -4C-4B-F9 (hex) Shandong Linkotech Electronic Co., Ltd. -600000-6FFFFF (base 16) Shandong Linkotech Electronic Co., Ltd. - 22nd Floor, Building 2, Aosheng Building, No.1166 Xinyi Street, High-tech Zone - Jinan Shandong 250101 +10-54-D2 (hex) LUXSHARE-ICT Co., Ltd. +C00000-CFFFFF (base 16) LUXSHARE-ICT Co., Ltd. + 1F, No. 22, Lane 35, Jihu Road, Neihu district + Taipei City Taiwan 114754 + TW + +10-54-D2 (hex) COSMO AIOT TECHNOLOGY CO LTD +E00000-EFFFFF (base 16) COSMO AIOT TECHNOLOGY CO LTD + Haier Information Industrial Complex, No.1 HaierRoad + Qingdao Shandong 266101 CN -4C-4B-F9 (hex) Power Active Co., Ltd -300000-3FFFFF (base 16) Power Active Co., Ltd +0C-86-29 (hex) SHENZHEN YINGMU TECHNOLOGY.,LTD +C00000-CFFFFF (base 16) SHENZHEN YINGMU TECHNOLOGY.,LTD + 8 / F, Zone D, building F1, TCL International E city, Shuguang community, Xili street, Nanshan District, + Shenzhen 518000 + CN + +0C-86-29 (hex) Nipron Co.,Ltd +A00000-AFFFFF (base 16) Nipron Co.,Ltd + 1-3-30 Nishinagasucho + Amagasaki-shi Hyogo-ken 660-0805 + JP + +0C-86-29 (hex) FX TECHNOLOGY LIMITED +E00000-EFFFFF (base 16) FX TECHNOLOGY LIMITED + 38a High Street, Northwood + Middlesex - HA6 1BN + GB + +6C-93-08 (hex) LightnTec GmbH +300000-3FFFFF (base 16) LightnTec GmbH + Haid-und-Neu-Strasse 7 + Karlsruhe 76131 + DE + +30-43-D7 (hex) Shenzhen juduoping Technology Co.,Ltd +100000-1FFFFF (base 16) Shenzhen juduoping Technology Co.,Ltd + Baoan Xin'an Streat + Shenzhen 002052 + CN + +30-43-D7 (hex) Sprocomm Technologies Co., Ltd.Guangming Branch +600000-6FFFFF (base 16) Sprocomm Technologies Co., Ltd.Guangming Branch + Area A 3rd Floor, Area A 5rd Floor and 6th Floor, 301, building 2, 7th Industrial Park, Yulv Community,Yutang Street, Guangming District, + Shenzhen 518000 + CN + +6C-93-08 (hex) Shenzhen haichangxing Technology Co., Ltd. +C00000-CFFFFF (base 16) Shenzhen haichangxing Technology Co., Ltd. + Room 3102, 31 / F, Wen an Center, Wenjin Square, Luohu + SHENZHEN GUANGZHOU 518000 + CN + +30-43-D7 (hex) Guangdong Hongqin Telecom Technology Co. Ltd. +E00000-EFFFFF (base 16) Guangdong Hongqin Telecom Technology Co. Ltd. + 10 Keyuan Road, Songshan Lake + Dongguan Guangdong 523808 + CN + +38-1F-26 (hex) Bosch Automotive Electronics India Pvt. Ltd. +300000-3FFFFF (base 16) Bosch Automotive Electronics India Pvt. Ltd. + Naganathapura + Bengaluru Karnataka 560100 + IN + +18-A5-9C (hex) Erba Lachema s.r.o. +A00000-AFFFFF (base 16) Erba Lachema s.r.o. + Karasek1d + Brno 62100 + CZ + +18-A5-9C (hex) ePower Network Solution Co., Ltd. +700000-7FFFFF (base 16) ePower Network Solution Co., Ltd. + No. 2, Aly. 1, Ln. 85, Xinshu Rd., Xinzhuang Dist., + New Taipei City , 242063 + TW + +1C-59-74 (hex) Shenzhen Hanshine Technology Co.Ltd. +000000-0FFFFF (base 16) Shenzhen Hanshine Technology Co.Ltd. + Buiding 2 ,row 3,number 2 industrail zone,yulv community,Yutang street + Shenzhen Guangdong 518000 + CN + +1C-59-74 (hex) Chongqing Taishan Cable Co., Ltd +200000-2FFFFF (base 16) Chongqing Taishan Cable Co., Ltd + 17 Shiyan Avenue, Yufengshan Town, Yubei District, + Chongqing 400000 + CN + +18-A5-9C (hex) Beijing QS Medical Technology Co., Ltd. +300000-3FFFFF (base 16) Beijing QS Medical Technology Co., Ltd. + Building 5, No.11, Kechuang 14th Street, Economic-Technological Development Area + Beijing 100176 + CN + +C4-A1-0E (hex) Clinton Electronics Corporation +B00000-BFFFFF (base 16) Clinton Electronics Corporation + 6701 Clinton Road + Loves Park IL 61111 + US + +C4-A1-0E (hex) Wistron InfoComn (Kunshan) Co., Ltd. +200000-2FFFFF (base 16) Wistron InfoComn (Kunshan) Co., Ltd. + No.88 Hongyan Road, Kunshan Economic & Technological Development Zone + Kunshan Jiangsu 215300 + CN + +6C-15-24 (hex) Telsonic AG +100000-1FFFFF (base 16) Telsonic AG + Industriestrasse 6b + Bronschhofen St.Gallen 9552 + CH + +C4-A1-0E (hex) Guangzhou South Satellite Navigation Instrument Co., Ltd. +700000-7FFFFF (base 16) Guangzhou South Satellite Navigation Instrument Co., Ltd. + Area A Layer 6, Area A Layer 5, Area A Layer 4, No.39, Sicheng Road, Tianhe District, + Guangzhou GuangDong 510663 + CN + +6C-15-24 (hex) Motium Pty Ltd +700000-7FFFFF (base 16) Motium Pty Ltd + 11/4 Brodie Hall Drive, + Bentley Western Australia 6102 + AU + +6C-15-24 (hex) SYMLINK CORPORATION +D00000-DFFFFF (base 16) SYMLINK CORPORATION + 6F., No. 13, Lane. 35, Jihu Rd., Neihu Dist., Neihu Technology Park + Taipei 11492 + TW + +6C-15-24 (hex) AEC s.r.l. +E00000-EFFFFF (base 16) AEC s.r.l. + Via Zambon, 33/A + Creazzo Vicenza 36051 + IT + +C4-A1-0E (hex) Harbour Cross Technology Ltd +400000-4FFFFF (base 16) Harbour Cross Technology Ltd + Unit 622 One Island South, 2 Heung Yip Road, Wong Chuk Hang, + Hong Kong China 000000 + HK + +70-50-E7 (hex) Annapurna labs +100000-1FFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +70-50-E7 (hex) Shenzhen C & D Electronics Co., Ltd. +000000-0FFFFF (base 16) Shenzhen C & D Electronics Co., Ltd. + 9th FIoor, Building 9, No.1 Qingxiang road, BaoNeng Science and TechnoIogy Industrial Park, Longhua New District + ShenZhen GuangDong 518000 + CN + +70-50-E7 (hex) Beijing Shannoncyber Technology Co.,Ltd +B00000-BFFFFF (base 16) Beijing Shannoncyber Technology Co.,Ltd + 913 9/F,building 8,yard 2,Shenggu Middle Road,Chaoyang District + beijing beijing 100029 + CN + +80-02-F4 (hex) PassiveLogic +A00000-AFFFFF (base 16) PassiveLogic + 6405 S 3000 E, Suite 300 + Holladay UT 84121 + US + +80-02-F4 (hex) XUNDI(XIAMEN) ELECTRONIC TECHNOLOGY CO.,LTD. +900000-9FFFFF (base 16) XUNDI(XIAMEN) ELECTRONIC TECHNOLOGY CO.,LTD. + SECOND FLOOR, NO. 943-4, TONGLONG 2ND ROAD, TORCH HIGH-TECH (XIANG 'AN) INDUSTRY DISTRICT,XIAMEN CITY, FUJIAN PROVINCE,CHINA + XIAMEN 361106 + CN + +80-02-F4 (hex) Sichuan Fanyi Technology Co. Ltd. +500000-5FFFFF (base 16) Sichuan Fanyi Technology Co. Ltd. + No. 1707, Unit 1, Building 1, 888, Middle Section of Yizhou Avenue, Gaoxin District + Chengdu Sichuan 650000 + CN + +80-02-F4 (hex) Jiangsu Vedkang Medicl Sclence and Technology Co.,Ltd +D00000-DFFFFF (base 16) Jiangsu Vedkang Medicl Sclence and Technology Co.,Ltd + No. 52, Guoxiang Road, Wujin economic development zone + ChangZhou JiangSu 213100 + CN + +80-02-F4 (hex) Infors AG +400000-4FFFFF (base 16) Infors AG + Wuhrmattstr. 7 + Bottmingen 4103 + CH + +80-02-F4 (hex) Mech-Mind Robotics Technologies Ltd. +600000-6FFFFF (base 16) Mech-Mind Robotics Technologies Ltd. + Room 1001,1F,Building 3, No.8,Chuangye Road,Haidian District + Beijing 100085 + CN + +8C-51-09 (hex) ENPLUG Co., Ltd. +700000-7FFFFF (base 16) ENPLUG Co., Ltd. + #A-705, 46 Dallaenae-ro, Sujeong-gu, + Seongnam-si Gyeonggi-do 13449 + KR + +8C-51-09 (hex) Frontmatec +900000-9FFFFF (base 16) Frontmatec + Hassellunden 9 + Smørum 2765 + DK + +0C-7F-ED (hex) ShenZhen TianGang Micro Technology CO.LTD +500000-5FFFFF (base 16) ShenZhen TianGang Micro Technology CO.LTD + 3rd floor ,Building20,QingHu Industrial,QingHu community,LongHua DistrictShenZhen,China + ShenZhen GangDong 518100 + CN + +0C-7F-ED (hex) U-tec Group Inc. +800000-8FFFFF (base 16) U-tec Group Inc. + 32920 Alvarado-Niles Rd Ste 220 + Union City CA 94587 + US + +0C-7F-ED (hex) Soft dB +300000-3FFFFF (base 16) Soft dB + 1040, avenue Belvédère #215 + Québec Quebec G1S 3G3 + CA + +FC-61-79 (hex) MACH SYSTEMS s.r.o. +900000-9FFFFF (base 16) MACH SYSTEMS s.r.o. + Pocernicka 272/96 + Prague 10800 + CZ + +FC-61-79 (hex) Annapurna labs +800000-8FFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +FC-61-79 (hex) Zhuhai Anjubao Electronics Technology Co., Ltd. +000000-0FFFFF (base 16) Zhuhai Anjubao Electronics Technology Co., Ltd. + Room 603, Building 4, No. 101, Daxue Road, Tangjiawan Town, High-tech Zone, + Zhuhai Guangdong 519000 + CN + +FC-61-79 (hex) Shenzhen Shenshui Electronic Commerce Co.,Ltd +200000-2FFFFF (base 16) Shenzhen Shenshui Electronic Commerce Co.,Ltd + Room 517, Biaofan Building, No. 6, Tangwei Industrial Avenue, Fuhai Street, Baoan District + Shenzhen 518132 + CN + +4C-4B-F9 (hex) Shandong Linkotech Electronic Co., Ltd. +600000-6FFFFF (base 16) Shandong Linkotech Electronic Co., Ltd. + 22nd Floor, Building 2, Aosheng Building, No.1166 Xinyi Street, High-tech Zone + Jinan Shandong 250101 + CN + +4C-4B-F9 (hex) Power Active Co., Ltd +300000-3FFFFF (base 16) Power Active Co., Ltd 4F, No.23, Wugong 6th Rd., Wugu Dist. New Taipei City 248 TW @@ -17420,12 +18116,6 @@ A00000-AFFFFF (base 16) Winsonic Electronics Co., Ltd. Suwon-si Gyeonggi-do 443-270 KR -7C-70-BC (hex) Ametek VIS -A00000-AFFFFF (base 16) Ametek VIS - 287 27 Road - Grand Junction CO 81503 - US - BC-34-00 (hex) Parlay Labs dba Highfive C00000-CFFFFF (base 16) Parlay Labs dba Highfive 471 Emerson St. @@ -19067,12 +19757,6 @@ DC-36-43 (hex) Hangzhou Chingan Tech Co., Ltd. hangzhou zhejiang 310000 CN -08-26-AE (hex) Flextronics International Kft. -A00000-AFFFFF (base 16) Flextronics International Kft. - Zrínyi Miklós str. 38. - Zalaegerszeg 8900 - HU - 08-26-AE (hex) Wuhan Tianyu Information Industry Co., Ltd. 000000-0FFFFF (base 16) Wuhan Tianyu Information Industry Co., Ltd. Tianyu Building, S.&T.Park, Huazhong University of S.&T.,East Lake Development Zone @@ -19109,12 +19793,6 @@ DC-36-43 (hex) Hefei EA Excelsior Information Security Co., Ltd. Wijk en Aalburg 4261 LN NL -10-54-D2 (hex) ComNav Technology Ltd. -200000-2FFFFF (base 16) ComNav Technology Ltd. - 3 floor Building 2,No.618 Chengliu Middle RD. Malu town, - Shanghai 200000 - CN - 10-54-D2 (hex) Shenzhen Dinstech Technology Co.,Ltd. B00000-BFFFFF (base 16) Shenzhen Dinstech Technology Co.,Ltd. Shenzhen Qianhai Shenzhen-Hong Kong Cooperation Zone Nanshan Street Linhai Avenue No. 59 Seaside Avenue 3rd Floor D378, Port Building, Shipping Center @@ -19127,6 +19805,240 @@ D00000-DFFFFF (base 16) Sun wealth technology corporation limited shenzhen Guang dong 518000 CN +10-54-D2 (hex) ComNav Technology Ltd. +200000-2FFFFF (base 16) ComNav Technology Ltd. + 3 floor Building 2,No.618 Chengliu Middle RD. Malu town, + Shanghai 200000 + CN + +10-54-D2 (hex) Jiangxi Ofilm&Jvneng IoT Tech Co., Ltd. +100000-1FFFFF (base 16) Jiangxi Ofilm&Jvneng IoT Tech Co., Ltd. + Building 2 and 3,Intelligent Technology Industrial Park,high-tech industrial Development Zone, + Yingtan 335000 + CN + +0C-86-29 (hex) BADA SYSTEM co., Ltd +200000-2FFFFF (base 16) BADA SYSTEM co., Ltd + Saemalro 99 Kumsuk building 501 + Seoul 05808 + KR + +6C-93-08 (hex) Shenzhen EZpro Sound & Light Technology Co., Ltd. +B00000-BFFFFF (base 16) Shenzhen EZpro Sound & Light Technology Co., Ltd. + E2?TCL International E City,1001 Zhong Shan Yuan Rd,Nanshan District + shenz guangdong 518055 + CN + +0C-86-29 (hex) HagerEnergy GmbH +700000-7FFFFF (base 16) HagerEnergy GmbH + Karlstrasse 5 + Osnabrueck 49074 + DE + +30-43-D7 (hex) Xiaoniu network technology (Shanghai) Co., Ltd. +C00000-CFFFFF (base 16) Xiaoniu network technology (Shanghai) Co., Ltd. + Room 706, building 3, no.20 east road, jingan district. + Shang hai 200040 + CN + +6C-93-08 (hex) Estelar s.r.o +400000-4FFFFF (base 16) Estelar s.r.o + Palackého 744/1 + Holešov ?eská republika 76901 + CZ + +08-26-AE (hex) Flextronics International Kft +A00000-AFFFFF (base 16) Flextronics International Kft + Zrínyi Miklós str. 38. + Zalaegerszeg 8900 + HU + +38-1F-26 (hex) Airmaster A/S +400000-4FFFFF (base 16) Airmaster A/S + Industrivej 59 + Aars 9600 + DK + +38-1F-26 (hex) HWACHANG CORPORATION +D00000-DFFFFF (base 16) HWACHANG CORPORATION + 90, NONGGONGANJI-GIL + SOCHO-SI 24899 + KR + +18-A5-9C (hex) Residence Control Ltd +800000-8FFFFF (base 16) Residence Control Ltd + Cvetan Vuchkov 7 + Sofia Sofia 1614 + BG + +18-A5-9C (hex) Actiontec Electronics Inc. +200000-2FFFFF (base 16) Actiontec Electronics Inc. + 2445 Augustine Dr #501 + Santa Clara CA 95054 + US + +18-A5-9C (hex) IT-1 +400000-4FFFFF (base 16) IT-1 + 260, Changnyong-daero + Yeongtong-gu, Suwon-si Gyeonggi-do 16229 + KR + +7C-70-BC (hex) Motec GmbH +A00000-AFFFFF (base 16) Motec GmbH + 287 27 Road + Grand Junction CO 81503 + US + +1C-59-74 (hex) Syntax technology(tianjin)Co.,LTD +400000-4FFFFF (base 16) Syntax technology(tianjin)Co.,LTD + Room 510-5,Comprehensive Office Building,Carpet Industrial Park,Wuqing District + Tianjin Tianjin 301700 + CN + +1C-59-74 (hex) Beijing Flintec Electronic Technology Co.,Ltd. +B00000-BFFFFF (base 16) Beijing Flintec Electronic Technology Co.,Ltd. + Room 102,Building No.6,China Technology Venture Park,No.8,LaiGuangYing West Road,ChaoYang District + Beijing Beijing 100012 + CN + +1C-59-74 (hex) Shanghai Laisi Information Technology Co.,Ltd +900000-9FFFFF (base 16) Shanghai Laisi Information Technology Co.,Ltd + 1001,21#,No.1158 Zhongxin RD,Songjiang district Shanghai + shanghai 201614 + CN + +1C-59-74 (hex) Square Inc. +600000-6FFFFF (base 16) Square Inc. + 1455 Market St. + San Francisco CA 94103 + US + +6C-15-24 (hex) Shenzhen Electron Technology Co., LTD. +500000-5FFFFF (base 16) Shenzhen Electron Technology Co., LTD. + Building 2, Yingfeng Industrial Zone, Tantou Community, Songgang Street, Bao'an District + Shenzhen Guangzhou 51800 + CN + +6C-15-24 (hex) ShenZhen Chainway Information Technology Co., Ltd. +800000-8FFFFF (base 16) ShenZhen Chainway Information Technology Co., Ltd. + 9F Building2, Phase2, Gaoxinqi Industrial Park , Bao'an District + ShenZhen GuangDong 518102 + CN + +6C-15-24 (hex) Annapurna labs +B00000-BFFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +6C-15-24 (hex) Linkplay +200000-2FFFFF (base 16) Linkplay + 891 W. Washington Ave. + Sunnyvale CA 94086 + US + +6C-15-24 (hex) CORAL-TAIYI +C00000-CFFFFF (base 16) CORAL-TAIYI + 8F-3, No. 200, Gangqian Rd, Neihu District + Taipei City 114 + TW + +6C-15-24 (hex) DEFA AS +000000-0FFFFF (base 16) DEFA AS + Blingsmovegen 30 + Nesbyen 3540 + NO + +C4-A1-0E (hex) O-NET Industrial Technologies (Shenzhen) Limited +500000-5FFFFF (base 16) O-NET Industrial Technologies (Shenzhen) Limited + 501, Maile building, building 2, No. 28, Cuijing Road, Zhukeng community, Longtian street, Pingshan District + Shenzhen Guangdong 518118 + CN + +70-50-E7 (hex) Nippon Pulse America, Inc. +600000-6FFFFF (base 16) Nippon Pulse America, Inc. + 4 Corporate Drive + Radford VA 24141-5100 + US + +C4-A1-0E (hex) Focus-on +C00000-CFFFFF (base 16) Focus-on + Kerkeplaat 12 + Dordrecht 3313LC + NL + +70-50-E7 (hex) Eta Compute Inc. +D00000-DFFFFF (base 16) Eta Compute Inc. + 182 S. Murphy Ave + Sunnyvale CA 94086 + US + +80-02-F4 (hex) Wuhan Glory Road Intelligent Technology Co., Ltd. +C00000-CFFFFF (base 16) Wuhan Glory Road Intelligent Technology Co., Ltd. + 18F,Magic Cube Building,Optics Valley Core Center,No.303 Optics Valley Avenue,East Lake High-tech Development Zone + Wuhan Hubei 430073 + CN + +80-02-F4 (hex) Sichuan lookout environment protection technology co.,Ltd +100000-1FFFFF (base 16) Sichuan lookout environment protection technology co.,Ltd + No. 1015, floor 10, unit 2, building 1, No. 1616, Nanhua Road, high tech Zone + Chengdu Sichuan 610052 + CN + +8C-51-09 (hex) PROCET Technology Co., Ltd(HK) +200000-2FFFFF (base 16) PROCET Technology Co., Ltd(HK) + Flat B,4/F, Kjngswell Commercial Tower, 171-173 Lockhard Road, Wanchai, Hongkong + Hong kong 999077 + HK + +80-02-F4 (hex) Alfred Systems Inc +E00000-EFFFFF (base 16) Alfred Systems Inc + 13F, No. 2, Sec. 5, Xinyi Rd. + Taipei city 110 + TW + +8C-51-09 (hex) SpotterRF LLC +C00000-CFFFFF (base 16) SpotterRF LLC + 720 Timpanogos Parkway + Orem UT 84097 + US + +0C-7F-ED (hex) Tango Networks Inc +200000-2FFFFF (base 16) Tango Networks Inc + 2801 Network Blvd, Suite 200 + Frisco TX TX 75034 + US + +0C-7F-ED (hex) Purple Mountain ,Inc +400000-4FFFFF (base 16) Purple Mountain ,Inc + New District + SuZhou JiangSu 215000 + CN + +FC-61-79 (hex) CHOEUNENG +400000-4FFFFF (base 16) CHOEUNENG + 22, Ildong-ro, Sangnok-gu + Ansan-si Gyeonggi-do 15326 + KR + +FC-61-79 (hex) EchoStar Mobile +300000-3FFFFF (base 16) EchoStar Mobile + 25/28 NORTH WALL QUAY, DUBLIN 1, D01H104 Ireland + Dublin Ireland D01H104 + IE + +0C-7F-ED (hex) environmental systems corporation +E00000-EFFFFF (base 16) environmental systems corporation + 122F Commerce Park Drive + Barrie Ontario L4N 8W8 + CA + +FC-61-79 (hex) Hangzhou LiDe Communication Co.,Ltd +600000-6FFFFF (base 16) Hangzhou LiDe Communication Co.,Ltd + No.188,DongJia Rd,Tonglu Econominc Development Zone,Hangzhou,Zhejiang, + Hangzhou 311500 + CN + 20-85-93 (hex) Great Lite International 700000-7FFFFF (base 16) Great Lite International 11F., No.207-2, Sec. 3, Beixin Rd., Xindian Dist., @@ -22970,12 +23882,6 @@ CC-4F-5C (hex) Dtrovision Fair Lawn NJ 07410 US -CC-4F-5C (hex) Buttons (Beijing) Technology Limited -E00000-EFFFFF (base 16) Buttons (Beijing) Technology Limited - Room 202, Floor 2, Building No. 3, No. 9 Xiaoying Road, Chaoyang District - Beijing 100101 - CN - CC-4F-5C (hex) AZ-TECHNOLOGY SDN BHD A00000-AFFFFF (base 16) AZ-TECHNOLOGY SDN BHD A108 & A109 BLOCK A KELANA BUSINESS CENTRE NO: 97 JALAN SS7/2 KELANA JAYA @@ -23180,12 +24086,6 @@ A0-02-4A (hex) Vitec Imaging Solutions Spa Cassola Vicenza 36022 IT -78-D4-F1 (hex) Cartender -100000-1FFFFF (base 16) Cartender - Via della Meccanica 2a - Padova PD 35127 - IT - 78-D4-F1 (hex) Jiangsu byzoro intelligent technology Co.,Ltd B00000-BFFFFF (base 16) Jiangsu byzoro intelligent technology Co.,Ltd Room 301, Building D, Yunmi City, No.19 Ningshuang Road, Yuhuatai District @@ -23923,3 +24823,291 @@ E00000-EFFFFF (base 16) CEL Terminus (Shanghai) Information Technologies Co Matam Scientific Industries Center, Building 8.2 Mail box 15123 Haifa 3508409 IL + +10-54-D2 (hex) Lanao Communication Technology Limited +600000-6FFFFF (base 16) Lanao Communication Technology Limited + #B2, Zhongbaotong Creative Park Changfa West Road No.34 Bantian + Shenzhen 518029 + CN + +0C-86-29 (hex) Ag Express Electronics +400000-4FFFFF (base 16) Ag Express Electronics + 6280 NE 14th St + Des Moines IA 50313 + US + +6C-93-08 (hex) Liberty AV Solutions +700000-7FFFFF (base 16) Liberty AV Solutions + 1490 Garden of the Gods Road + Colorado Springs CO 80907 + US + +0C-86-29 (hex) Annapurna labs +300000-3FFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +6C-93-08 (hex) Hangzhou Risco System Co.,Ltd +800000-8FFFFF (base 16) Hangzhou Risco System Co.,Ltd + No. 19, Naxian street, Liangzhu street, Yuhang District + Hangzhou City Zhejiang Province 31000 + CN + +6C-93-08 (hex) Uconfree technology(shenzhen)limited +600000-6FFFFF (base 16) Uconfree technology(shenzhen)limited + Room 311 PuFeng commercial center PingHu street LongGang District ShenZhen China + SHENZHEN 518111 + CN + +6C-93-08 (hex) ZHEJIANG XIAN DA Environmental Technology Co., Ltd +200000-2FFFFF (base 16) ZHEJIANG XIAN DA Environmental Technology Co., Ltd + Room 103,1st F,unit A,Buliding 3,No. 8,Xiyuan 1st Road,Sandun Town,Xihu District + HANGZHOU ZHEJIANG 310000 + CN + +30-43-D7 (hex) PK Solutions LLC +900000-9FFFFF (base 16) PK Solutions LLC + 10811 E Harry + Wichita KS 67207 + US + +30-43-D7 (hex) Bodhi +A00000-AFFFFF (base 16) Bodhi + 3150 W. Prospect Road, Suite 330 + Fort Lauderdale FL 33309 + US + +30-43-D7 (hex) Kesu (Shanghai) Electronic Technology Co., Ltd +800000-8FFFFF (base 16) Kesu (Shanghai) Electronic Technology Co., Ltd + 3-36588?No. 1800, Panyuan Road, Changxing Town, Chongming District + Shanghai 202150 + CN + +38-1F-26 (hex) NOITAC sp. z o.o. sp.k. +600000-6FFFFF (base 16) NOITAC sp. z o.o. sp.k. + Szlak 28/3 + Kraków 31-153 + PL + +38-1F-26 (hex) JAESUNG INFORMATION & COMMUNICATION CO.LTD +000000-0FFFFF (base 16) JAESUNG INFORMATION & COMMUNICATION CO.LTD + 41-69, POWOL SAEMALGIL, YANG YANG-EUP + YANG YANG GUN 25017 + KR + +30-43-D7 (hex) FIBERME COMMUNICATIONS LLC +400000-4FFFFF (base 16) FIBERME COMMUNICATIONS LLC + 1749 Old Meadow Rd. + McLean VA 22102 + US + +38-1F-26 (hex) Deutronic Elektronik GmbH +B00000-BFFFFF (base 16) Deutronic Elektronik GmbH + Deutronicstraße 5 + Adlkofen Bayern 84166 + DE + +38-1F-26 (hex) Annapurna labs +E00000-EFFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +38-1F-26 (hex) RCE systems s.r.o. +700000-7FFFFF (base 16) RCE systems s.r.o. + Svatopluka Cecha 2008/1d + Brno CR 61200 + CZ + +38-1F-26 (hex) Sercomm Corporation. +A00000-AFFFFF (base 16) Sercomm Corporation. + 3F,No.81,Yu-Yih Rd.,Chu-Nan Chen + Miao-Lih Hsuan 115 + TW + +30-43-D7 (hex) Motec GmbH +B00000-BFFFFF (base 16) Motec GmbH + 287 27 Road + Grand Junction CO 81503 + US + +CC-4F-5C (hex) Beijing Techao Weijia Technology Limited +E00000-EFFFFF (base 16) Beijing Techao Weijia Technology Limited + Room 202, Floor 2, Building No. 3, No. 9 Xiaoying Road, Chaoyang District + Beijing 100101 + CN + +1C-59-74 (hex) Council Rock +A00000-AFFFFF (base 16) Council Rock + 11 Centre Park + Rochester 14614 + US + +C4-A1-0E (hex) Hainan World Electronic Science and Techology Co.,Ltd +600000-6FFFFF (base 16) Hainan World Electronic Science and Techology Co.,Ltd + Room 1502,15th Floor,Building 20,NO.487 Tianlin Road,Shanghai,200233 China + Shanghai Shanghai 200233 + CN + +C4-A1-0E (hex) Jiangsu Perceive World Technology Co.,Ltd. +A00000-AFFFFF (base 16) Jiangsu Perceive World Technology Co.,Ltd. + 4-5F,Hengsheng Science Park 70#,Zhonghui Ave 1588#,HuiShan District,Wuxi,Jiangsu,China + Wu xi Jiangsu 214181 + CN + +78-D4-F1 (hex) Silla Industries +100000-1FFFFF (base 16) Silla Industries + Via della Meccanica 2a + Padova PD 35127 + IT + +18-A5-9C (hex) Cuman +100000-1FFFFF (base 16) Cuman + Al-Farabi 97/1 + Nur-Sultan 010000 + KZ + +6C-15-24 (hex) STERIS +A00000-AFFFFF (base 16) STERIS + Unit 7 & 8, Stortford Hall Industrial Park, Dunmow Road + Bishops Stortford herts CM23 5GZ + GB + +C4-A1-0E (hex) XI'AN YEP TELECOM TECHNOLOGY CO.,LTD +900000-9FFFFF (base 16) XI'AN YEP TELECOM TECHNOLOGY CO.,LTD + No.211 Tiangu 8th Road, High-tech Zone + Xi 'an Shaanxi 710065 + CN + +C4-A1-0E (hex) Alio, Inc +E00000-EFFFFF (base 16) Alio, Inc + 10901 W. 120th Ave, Suite 380 + Bloomfield CO 80021 + US + +70-50-E7 (hex) Wall Box Chargers, S.L. +500000-5FFFFF (base 16) Wall Box Chargers, S.L. + Paseo Castellana 95, 28 floor + Madrid Madrid 28046 + ES + +70-50-E7 (hex) Guangzhou Tianhe High Tech Industrial Development Zone Zhongsheng Electrical Limited Company +A00000-AFFFFF (base 16) Guangzhou Tianhe High Tech Industrial Development Zone Zhongsheng Electrical Limited Company + D01, Zone D, No. 6 (Yishun), Huangcun North Road, Tianhe District + Guangzhou 510660 + CN + +70-50-E7 (hex) Electronic's Time SRL +200000-2FFFFF (base 16) Electronic's Time SRL + Via Madonna Piccola 32R/Q + Martina Franca Taranto 74015 + IT + +70-50-E7 (hex) Yoctopuce +700000-7FFFFF (base 16) Yoctopuce + Route de Cartigny 33 + Cartigny 1236 + CH + +70-50-E7 (hex) Skychers Creations ShenZhen Limited +300000-3FFFFF (base 16) Skychers Creations ShenZhen Limited + Room 907A, 9/F, Block T2, FongDa City, Longjing Village, Longzhu Avenue, Nanshan District + Shenzhen Guangdong 518073 + CN + +70-50-E7 (hex) Elastics.cloud +900000-9FFFFF (base 16) Elastics.cloud + 1730 North First Street, 5th Floor + San Jose CA 95112 + US + +80-02-F4 (hex) Annapurna labs +800000-8FFFFF (base 16) Annapurna labs + Matam Scientific Industries Center, Building 8.2 + Mail box 15123 Haifa 3508409 + IL + +8C-51-09 (hex) Avxav Electronic Trading LLC +600000-6FFFFF (base 16) Avxav Electronic Trading LLC + Office 534 Building # 6WA Dubai Airport Free Zone + Dubai Dubai 33964 + AE + +80-02-F4 (hex) Lazer Safe Pty Ltd +700000-7FFFFF (base 16) Lazer Safe Pty Ltd + 27 Action Road + Perth WA 6090 + AU + +80-02-F4 (hex) Beijing Cybercore +200000-2FFFFF (base 16) Beijing Cybercore + A206,F2,Yard#12,Building#1,JingAn DongLi,Chaoyang + Beijing Beijing 100028 + CN + +8C-51-09 (hex) SHENZHEN LDROBOT CO., LTD. +300000-3FFFFF (base 16) SHENZHEN LDROBOT CO., LTD. + Nanshan + Shenzhen 518000 + CN + +8C-51-09 (hex) nerospec +800000-8FFFFF (base 16) nerospec + 9 Freda Road, Bromhof,Skyview Retail Park + Randburg Gauteng 2169 + ZA + +8C-51-09 (hex) Surpedia Technologies Co., Ltd. +D00000-DFFFFF (base 16) Surpedia Technologies Co., Ltd. + 5F-1, No.212, Sec 3, Datong Rd. + Xhzhi Dist. New Taipei City 22103 + TW + +8C-51-09 (hex) IROOTELLUCKY Corp. +E00000-EFFFFF (base 16) IROOTELLUCKY Corp. + 609ho, 13, LS-ro + Gunpo-si Gyeonggi-do 15843 + KR + +0C-7F-ED (hex) Shenzhen MoreSense Technology Co., Ltd. +C00000-CFFFFF (base 16) Shenzhen MoreSense Technology Co., Ltd. + #206 Building A1,#663 Bulong Road,Dafapu Community,Bantian Street, + Shenzhen Guangdong 518129 + CN + +0C-7F-ED (hex) Grandway Technology (Shenzhen) Limited +700000-7FFFFF (base 16) Grandway Technology (Shenzhen) Limited + Block 7, Zhu Keng Industrial Zone + Ping Shan District Shenzhen 518118 + CN + +0C-7F-ED (hex) TelX Systems +B00000-BFFFFF (base 16) TelX Systems + UMM RAMOOL + DEIRA DUBAI 48235 + AE + +FC-61-79 (hex) Int'Act Pty Ltd +D00000-DFFFFF (base 16) Int'Act Pty Ltd + 4 Pine Street + North Ipswich Queensland 4305 + AU + +0C-7F-ED (hex) Toast, Inc. +100000-1FFFFF (base 16) Toast, Inc. + 401 Park Drive, Suite 801 + Boston MA 02215 + US + +FC-61-79 (hex) Signalinks Communication Technology Co.,Ltd +100000-1FFFFF (base 16) Signalinks Communication Technology Co.,Ltd + 3rd Floor, Building 6, Longxing Sciece park, East Huaning Road, Dalang Street , Longhua District, Shenzhen + Shenzhen Guangdong 518000 + CN + +FC-61-79 (hex) Shenzhen Dptek Technology Co., Ltd. +A00000-AFFFFF (base 16) Shenzhen Dptek Technology Co., Ltd. + Room 706, Building Pincui, Zhongcui Garden,Dafen Community, Buji Street, Longgang District + Shenzhen Guangdong 518000 + CN diff --git a/hwdb.d/ma-small.txt b/hwdb.d/ma-small.txt index d6fd58e50ab..704a346ad5d 100644 --- a/hwdb.d/ma-small.txt +++ b/hwdb.d/ma-small.txt @@ -5687,18 +5687,246 @@ F74000-F74FFF (base 16) GE AVIC Civil Avionics Systems Company Limited Shanghai 200241 CN +8C-1F-64 (hex) Stercom Power Solutions GmbH +2B6000-2B6FFF (base 16) Stercom Power Solutions GmbH + Ziegelstr. 1 + Weyarn Bayern 83629 + DE + +8C-1F-64 (hex) Shenzhen zhushida Technology lnformation Co.,Ltd +A5D000-A5DFFF (base 16) Shenzhen zhushida Technology lnformation Co.,Ltd + 1309, Block A, Innovation Building, Majialong Industrial Zone, Nantou Street, Nanshan District, + SHENZHEN 518000 + CN + 8C-1F-64 (hex) EnviroNode IoT Solutions 1AF000-1AFFFF (base 16) EnviroNode IoT Solutions 4 Malvern Avenue Sydney New South Wales 2132 AU -8C-1F-64 (hex) Stercom Power Solutions GmbH -2B6000-2B6FFF (base 16) Stercom Power Solutions GmbH - Ziegelstr. 1 - Weyarn Bayern 83629 +8C-1F-64 (hex) Gateview Technologies +B7B000-B7BFFF (base 16) Gateview Technologies + 104 White St #201 + Wake Forest 27587 + US + +8C-1F-64 (hex) Suntech Engineering +7D3000-7D3FFF (base 16) Suntech Engineering + 30, Gukgasandan-daero 34-gil, Guji-myeon, Dalseong-gun, Daegu, Republic of Korea + Daegu 43008 + KR + +8C-1F-64 (hex) Ascon Tecnologic S.r.l. +FF6000-FF6FFF (base 16) Ascon Tecnologic S.r.l. + via Indipendenza, 56 + Vigevano PV 27029 + IT + +8C-1F-64 (hex) Delta Computers LLC. +59F000-59FFFF (base 16) Delta Computers LLC. + Office 22/10, room part 22, room IV, floor 3, 41A, 3-rd Parkovaya str. + Moscow 105425 + RU + +8C-1F-64 (hex) Newtec A/S +BF0000-BF0FFF (base 16) Newtec A/S + Stærmosegårdsvej 18 + Odense SV Region Syd 5230 + DK + +8C-1F-64 (hex) Onto Innovation +FBA000-FBAFFF (base 16) Onto Innovation + 16 Jonspin rd + Wilmington MA 01887 + US + +8C-1F-64 (hex) DAVE SRL +967000-967FFF (base 16) DAVE SRL + VIA TALPONEDO 29/A + PORCIA PORDENONE 330850 + IT + +8C-1F-64 (hex) Becton Dickinson +775000-775FFF (base 16) Becton Dickinson + 7 Loveton Circle + Sparks MD 21152 + US + +8C-1F-64 (hex) FIBERME COMMUNICATIONS LLC +C68000-C68FFF (base 16) FIBERME COMMUNICATIONS LLC + 1749 Old Meadow Rd. + McLean VA 22102 + US + +8C-1F-64 (hex) TechArgos +BFB000-BFBFFF (base 16) TechArgos + Nizhnyaya Krasnoselskaya Str. 35-64 + Moscow 105066 + RU + +8C-1F-64 (hex) e.kundenservice Netz GmbH +855000-855FFF (base 16) e.kundenservice Netz GmbH + Steindamm 100 + Hamburg 20099 + DE + +8C-1F-64 (hex) Meiryo Denshi Corp. +EB5000-EB5FFF (base 16) Meiryo Denshi Corp. + 38-23 higashi maeda + Nishin City Aichi 470-0124 + JP + +8C-1F-64 (hex) Baker Hughes EMEA +40E000-40EFFF (base 16) Baker Hughes EMEA + Sensing House, Shannon Free Zone East + Shannon Co. Clare V14 V99 + IE + +8C-1F-64 (hex) Calnex Solutions plc +703000-703FFF (base 16) Calnex Solutions plc + Oracle Campus + Linlithgow West Lothian EH49 7LR + GB + +8C-1F-64 (hex) LLC NTPC +660000-660FFF (base 16) LLC NTPC + Kharkovsky alley 36g, office room 1 + Belgorod 308012 + RU + +8C-1F-64 (hex) Renukas Castle Hard- and Software +4E5000-4E5FFF (base 16) Renukas Castle Hard- and Software + Renukas Castle, 35th Ward, Kalyan Nagar, Ring Road, near Lions School + Gadag Karnataka 582103 + IN + +8C-1F-64 (hex) MB connect line GmbH Fernwartungssysteme +059000-059FFF (base 16) MB connect line GmbH Fernwartungssysteme + Winnettener Straße 6 + Dinkelsbuehl Bavaria 91550 + DE + +8C-1F-64 (hex) Tesat-Spacecom GmbH & Co. KG +F27000-F27FFF (base 16) Tesat-Spacecom GmbH & Co. KG + Gerberstrasse 49 + Backnang 71522 + DE + +8C-1F-64 (hex) REFU Storage System GmbH +53B000-53BFFF (base 16) REFU Storage System GmbH + Marktstraße 185 + Pfullingen 72793 + DE + +8C-1F-64 (hex) DEUTA-WERKE GmbH +883000-883FFF (base 16) DEUTA-WERKE GmbH + Paffrather Str. 140 + Bergisch Gladbach North Rhine-Westphalia 51465 DE +8C-1F-64 (hex) JBF +F45000-F45FFF (base 16) JBF + via goretta 90 + mappano torino 10079 + IT + +8C-1F-64 (hex) Micro Electroninc Products +765000-765FFF (base 16) Micro Electroninc Products + TT Vasumweg 150 + Amsterdam 1033 SH + NL + +8C-1F-64 (hex) Logical Product +622000-622FFF (base 16) Logical Product + 2-25-5,matoba,minamiku + Fukuoka Fukuoka 811-1314 + JP + +8C-1F-64 (hex) Dan Smith LLC +4D6000-4D6FFF (base 16) Dan Smith LLC + 4638 Cameron Ridge Drive, Apt 138 + Indianapolis IN 46240 + US + +8C-1F-64 (hex) Sicon srl +B3B000-B3BFFF (base 16) Sicon srl + Via Sila 1/3 + Isola Vicentina Vicenza 36033 + IT + +8C-1F-64 (hex) INVIXIUM ACCESS INC +274000-274FFF (base 16) INVIXIUM ACCESS INC + 111 Gordon Baker Road, Suite #300 + Toronto Ontario M2H 3R1 + CA + +8C-1F-64 (hex) Bunka Shutter Co., Ltd. +0B0000-0B0FFF (base 16) Bunka Shutter Co., Ltd. + 644-1 Tenjingoe,Ooaza-Kamiishizuka + Oyama Tochigi 323-0063 + JP + +8C-1F-64 (hex) Sanchar Telesystems limited +958000-958FFF (base 16) Sanchar Telesystems limited + A-78, GROUND FLOOR, OKHLA INDUSTRIAL AREA, PHASE - II, NEW DELHI + New Delhi Delhi 110020 + IN + +8C-1F-64 (hex) Rodgers Instruments US LLC +A42000-A42FFF (base 16) Rodgers Instruments US LLC + 6497 NE Croeni Avenue + Hillsboro 97124 + US + +8C-1F-64 (hex) Potter Electric Signal Company +316000-316FFF (base 16) Potter Electric Signal Company + 1609 Park 370 Place + Hazelwood MO 63042 + US + +8C-1F-64 (hex) Diffraction Limited +8CF000-8CFFFF (base 16) Diffraction Limited + 59 Grenfell Crescent, Unit B + Ottawa ON K2G 0G3 + CA + +8C-1F-64 (hex) Tunstall A/S +F2C000-F2CFFF (base 16) Tunstall A/S + Niels Bohrs vej 42 + Stilling Skanderborg 8660 + DK + +8C-1F-64 (hex) Tantronic AG +1EF000-1EFFFF (base 16) Tantronic AG + Gewerbering 12 + Wohlen AG 5610 + CH + +8C-1F-64 (hex) Strategic Robotic Systems +C57000-C57FFF (base 16) Strategic Robotic Systems + 14842 NE 95th StreetBuilding 5 + Redmond WA 98052 + US + +8C-1F-64 (hex) MHE Electronics +E90000-E90FFF (base 16) MHE Electronics + 49Alexander Rd, Westmead + Durban KwaZulu Natal 3610 + ZA + +8C-1F-64 (hex) tickIoT Inc. +949000-949FFF (base 16) tickIoT Inc. + 651 N Broad St Ste 206, Ste 206 + Middletown DE 19709 + US + +8C-1F-64 (hex) SYSN +2C5000-2C5FFF (base 16) SYSN + the third floor, 26, Namsan-ro 39beon-gil, Uichang-gu + Changwon-si, Gyeongsangnam-do, Republic of Korea 51368 + KR + 70-B3-D5 (hex) EVCO SPA A80000-A80FFF (base 16) EVCO SPA VIA FELTRE N. 81 @@ -9089,12 +9317,6 @@ CF3000-CF3FFF (base 16) Mesh Motion Inc Kocaeli Kocaeli 41470 TR -70-B3-D5 (hex) Nke -E75000-E75FFF (base 16) Nke - Rue Gutenberg - Hennebont Brittany 56700 - FR - 70-B3-D5 (hex) UNISOR MULTISYSTEMS LTD 05F000-05FFFF (base 16) UNISOR MULTISYSTEMS LTD HAYETZIRA 6 ST @@ -11063,12 +11285,6 @@ AD2000-AD2FFF (base 16) YUYAMA MFG Co.,Ltd Tehran 1533655514 IR -8C-1F-64 (hex) Flextronics International Kft. -A4C000-A4CFFF (base 16) Flextronics International Kft. - Zrínyi Miklós str. 38. - Zalaegerszeg 8900 - HU - 8C-1F-64 (hex) MB connect line GmbH Fernwartungssysteme 9F2000-9F2FFF (base 16) MB connect line GmbH Fernwartungssysteme Winnettener Straße 6 @@ -11267,6 +11483,234 @@ E02000-E02FFF (base 16) ITS Teknik A/S Vejle 7100 DK +8C-1F-64 (hex) NETGEN HITECH SOLUTIONS LLP +ED9000-ED9FFF (base 16) NETGEN HITECH SOLUTIONS LLP + B 301 KNOX PLAZA MALAD WEST + MUMBAI MAHARASHTRA 400064 + IN + +8C-1F-64 (hex) Vekto +4AC000-4ACFFF (base 16) Vekto + Televisieweg 75 + Almere 1322AK + NL + +8C-1F-64 (hex) Wolfspyre Labs +9D4000-9D4FFF (base 16) Wolfspyre Labs + 5007 Highland Ct #WPL-IEEE + Austin TX 78731 + US + +8C-1F-64 (hex) IO Master Technology +BD3000-BD3FFF (base 16) IO Master Technology + 4F?1 No. 258, Lian Cheng Rd, Zhong He Dist + New Taipei City 235 Taipei 235 + TW + +8C-1F-64 (hex) SpectraDynamics, Inc. +581000-581FFF (base 16) SpectraDynamics, Inc. + 1849 Cherry St. + Louisville CO 80027 + US + +8C-1F-64 (hex) TIFLEX +194000-194FFF (base 16) TIFLEX + 10 Avenue de la 1ère Armée Française Rhin - Danube + PONCIN 01450 + FR + +8C-1F-64 (hex) ESCAD AUTOMATION GmbH +05F000-05FFFF (base 16) ESCAD AUTOMATION GmbH + Escadstr. 1 + Pfullendorf 88630 + DE + +8C-1F-64 (hex) Sichuan Aiyijan Technology Company Ltd. +40C000-40CFFF (base 16) Sichuan Aiyijan Technology Company Ltd. + C1102 No. 65 Wuke West 1st Rd Wuhou District + Chengdu Sichuan 61000 + CN + +8C-1F-64 (hex) Rapidev Pvt Ltd +A44000-A44FFF (base 16) Rapidev Pvt Ltd + Office # G201-204 NSTP, NUST ISLAMABAD + ISLAMABAD Islamabad Capital Territory 44000 + PK + +8C-1F-64 (hex) Opgal Optronic Industries ltd +35C000-35CFFF (base 16) Opgal Optronic Industries ltd + Hanapach 11 + Karmiel 2165317 + IL + +8C-1F-64 (hex) Alifax S.r.l. +C24000-C24FFF (base 16) Alifax S.r.l. + VIA PETRARCA 2/1 + POLVERARA PD 35020 + IT + +8C-1F-64 (hex) Neuralog LP +115000-115FFF (base 16) Neuralog LP + 4800 Sugar Grove Blvd., Ste. 200 + Stafford TX 77479 + US + +8C-1F-64 (hex) Pietro Fiorentini Spa +8D9000-8D9FFF (base 16) Pietro Fiorentini Spa + Via Armenia, 16 + San Vito al Tagliamento (PN) 33078 + IT + +8C-1F-64 (hex) Flextronics International Kft +A4C000-A4CFFF (base 16) Flextronics International Kft + Zrínyi Miklós str. 38. + Zalaegerszeg 8900 + HU + +8C-1F-64 (hex) Flextronics International Kft +D02000-D02FFF (base 16) Flextronics International Kft + 38. Zrinyi Str. + Zalaegerszeg Zala 8900 + HU + +8C-1F-64 (hex) Autark GmbH +943000-943FFF (base 16) Autark GmbH + Platz des Friedens 8 + Baunatal Hessen D-34225 + DE + +8C-1F-64 (hex) VMukti Solutions Private Limited +E30000-E30FFF (base 16) VMukti Solutions Private Limited + 3-4, Shivalik Plaza, Panjrapole, Ambawadi + Ahmedabad Gujarat 380015 + IN + +8C-1F-64 (hex) ACTELSER S.L. +3F4000-3F4FFF (base 16) ACTELSER S.L. + CARRER ALBERT EINSTEIN, 44 + TERRASSA BARCELONA 08223 + ES + +8C-1F-64 (hex) Timegate Instruments Ltd. +7A7000-7A7FFF (base 16) Timegate Instruments Ltd. + Tutkijantie 7 + Oulu 90540 + FI + +8C-1F-64 (hex) GSP Sprachtechnologie GmbH +FED000-FEDFFF (base 16) GSP Sprachtechnologie GmbH + Teltowkanalstraße 1 + Berlin 12247 + DE + +8C-1F-64 (hex) Wartsila Voyage Limited +38E000-38EFFF (base 16) Wartsila Voyage Limited + 13-18 City Quay + Dublin 2 D02 ED70 + IE + +8C-1F-64 (hex) AZD Praha s.r.o., ZOZ Olomouc +FA2000-FA2FFF (base 16) AZD Praha s.r.o., ZOZ Olomouc + Zeleznicni + Olomouc czech republic 77900 + CZ + +8C-1F-64 (hex) Cubic ITS, Inc. dba GRIDSMART Technologies +52D000-52DFFF (base 16) Cubic ITS, Inc. dba GRIDSMART Technologies + 10545 Hardin Valley Rd + Knoxville TN 37932 + US + +8C-1F-64 (hex) Beijing Zhongchen Microelectronics Co.,Ltd +AB4000-AB4FFF (base 16) Beijing Zhongchen Microelectronics Co.,Ltd + Room 0309, 3rd Floor, Building 2, China Agricultural University International Pioneer Park, No. 10 Tianxiu Road, Haidian District + Beijing Beijing 100081 + CN + +8C-1F-64 (hex) Toolplanet Co., Ltd. +54F000-54FFFF (base 16) Toolplanet Co., Ltd. + 43-2 Himigaike-cho + Gifu-shi Gifu 500-8122 + JP + +8C-1F-64 (hex) AIDirections +702000-702FFF (base 16) AIDirections + Torch Tower + Dubai Dubai 74249 + AE + +70-B3-D5 (hex) Watteco +E75000-E75FFF (base 16) Watteco + Rue Gutenberg + Hennebont Brittany 56700 + FR + +8C-1F-64 (hex) Weidmann Tecnologia Electrica de Mexico +7B7000-7B7FFF (base 16) Weidmann Tecnologia Electrica de Mexico + Oscar Flores Tapia No. 304, Col. El Llano + Arteaga Coahuila 25350 + MX + +8C-1F-64 (hex) Ashinne Technology Co., Ltd +E7C000-E7CFFF (base 16) Ashinne Technology Co., Ltd + 10F-1, No.18, Lane 609, Sec.5, Chung Hsin Rd., San Chung Dist. + New Taipei City 241 + TW + +8C-1F-64 (hex) Forever Engineering Systems Pvt. Ltd. +AC5000-AC5FFF (base 16) Forever Engineering Systems Pvt. Ltd. + B-817, 8th floor, Advant Navis Business Park, Sector-142 + NOIDA Uttar Pradesh 201301 + IN + +8C-1F-64 (hex) AMESS +EEA000-EEAFFF (base 16) AMESS + C-1501, 60, Haan-ro + Gwangmyeong-si Gyeonggi-do 14322 + KR + +8C-1F-64 (hex) EVERNET CO,.LTD TAIWAN +B7C000-B7CFFF (base 16) EVERNET CO,.LTD TAIWAN + 12 F., No. 206-2, Sec. 2, Daxing W. Rd + Taoyuan Taiwan 330 + TW + +8C-1F-64 (hex) Farmote Limited +017000-017FFF (base 16) Farmote Limited + 92 Collingwood Street, Nelson + Nelson Nelson 7010 + NZ + +8C-1F-64 (hex) e.p.g. Elettronica s.r.l. +3D4000-3D4FFF (base 16) e.p.g. Elettronica s.r.l. + Via della Crocetta 3 + Oltrona di San Mamette Como (CO) 22070 + IT + +8C-1F-64 (hex) Stratis IOT +3C5000-3C5FFF (base 16) Stratis IOT + 4230 Main Street + Philadelphia PA 19127 + US + +8C-1F-64 (hex) Twinleaf LLC +080000-080FFF (base 16) Twinleaf LLC + 300 Deer Creek DriveSuite 300 + Plainsboro NJ 08536 + US + +8C-1F-64 (hex) Genius vision digital private limted +CC6000-CC6FFF (base 16) Genius vision digital private limted + S-39, GF JANTA MARKET, RAJOURI GARDEN,NEW DELHI - 110027 + new delhi new delhi 110027 + IN + +8C-1F-64 (hex) FMTec GmbH - Future Management Technologies +3E3000-3E3FFF (base 16) FMTec GmbH - Future Management Technologies + Austraße 59e + Bludenz Austria 6700 + AT + 70-B3-D5 (hex) System West dba ICS Electronics E06000-E06FFF (base 16) System West dba ICS Electronics 7034 Commerce Circle Suite A @@ -16826,39 +17270,219 @@ E61000-E61FFF (base 16) Stange Elektronik GmbH yokohama kanagawa 2220033 JP -70-B3-D5 (hex) YUYAMA MFG Co.,Ltd -BBB000-BBBFFF (base 16) YUYAMA MFG Co.,Ltd - 3-3-1 - TOYONAKASHI OSAKA 561-0841 - JP +8C-1F-64 (hex) Beijing Tongtech Technology Co., Ltd. +12B000-12BFFF (base 16) Beijing Tongtech Technology Co., Ltd. + Room 3017, Building 1, Hongfu Science Park, Changping District + Beijing Beijing 100029 + CN -70-B3-D5 (hex) D-E-K GmbH & Co.KG -219000-219FFF (base 16) D-E-K GmbH & Co.KG - Südfeld 9 - Ascheberg / Herbern 58387 - DE +8C-1F-64 (hex) Abbott Diagnostics Technologies AS +429000-429FFF (base 16) Abbott Diagnostics Technologies AS + P. O. Box 6863 Rodeløkka + Oslo Oslo 0504 + NO -70-B3-D5 (hex) AvMap srlu -B4F000-B4FFFF (base 16) AvMap srlu - Viale Zaccagna 6 - Carrara 54033 - IT +8C-1F-64 (hex) EOLANE +911000-911FFF (base 16) EOLANE + ZI DU VAL D OMBREE + COMBREE - 49520 + FR -70-B3-D5 (hex) Theatrixx Technologies, Inc. -5DD000-5DDFFF (base 16) Theatrixx Technologies, Inc. - 1655 Richardson - Montreal QC H3K3J7 +8C-1F-64 (hex) Huz Electronics Ltd +BC2000-BC2FFF (base 16) Huz Electronics Ltd + 10 Avondale road + Cwmbran S Wales NP44 1UD + GB + +8C-1F-64 (hex) Microlynx Systems Ltd +F3C000-F3CFFF (base 16) Microlynx Systems Ltd + #107, 1925 - 18 Ave NE + Calgary AB T2E 7T8 CA -70-B3-D5 (hex) EA Elektroautomatik GmbH & Co. KG -6BC000-6BCFFF (base 16) EA Elektroautomatik GmbH & Co. KG - Helmholtzstraße 31-33 - Viersen NRW 41747 - DE +8C-1F-64 (hex) ANDDORO LLC +6F9000-6F9FFF (base 16) ANDDORO LLC + 1430 Broadway NY + New York NY 10018 + US -70-B3-D5 (hex) Adolf Nissen Elektrobau GmbH + Co. KG -101000-101FFF (base 16) Adolf Nissen Elektrobau GmbH + Co. KG - Friedrichstädter Chaussee 4 +8C-1F-64 (hex) GIORDANO CONTROLS SPA +807000-807FFF (base 16) GIORDANO CONTROLS SPA + VIA PARALLELA 2/4 + VILLA BARTOLOMEA IT 37049 + IT + +8C-1F-64 (hex) VEILUX INC. +045000-045FFF (base 16) VEILUX INC. + 802 GREENVIEW DR. STE 200 + GRAND PRAIRIE 75050 + US + +8C-1F-64 (hex) Cleanwatts Digital, S.A. +0E6000-0E6FFF (base 16) Cleanwatts Digital, S.A. + Ladeira da Paula, 6 + Antanhol-Coimbra 3040-574 + PT + +8C-1F-64 (hex) FORSEE POWER +0AF000-0AFFFF (base 16) FORSEE POWER + 2 chemin du ruisseau + ECULLY 69130 + FR + +8C-1F-64 (hex) Sakura Seiki Co.,Ltd. +28C000-28CFFF (base 16) Sakura Seiki Co.,Ltd. + 75-5, Imojiya + Chikuma-city Nagano Prefecture 387-0015 + JP + +8C-1F-64 (hex) Indefac company +E64000-E64FFF (base 16) Indefac company + Ka-211, Whangmool ro 190, DongDaemoon Gu + Seoul 02622 + KR + +8C-1F-64 (hex) Jide Car Rastreamento e Monitoramento LTDA +22E000-22EFFF (base 16) Jide Car Rastreamento e Monitoramento LTDA + Rua Arcipreste Andrade 630 + São Paulo São Paulo 04268020 + BR + +8C-1F-64 (hex) Fingoti Limited +CD9000-CD9FFF (base 16) Fingoti Limited + Barnam Ham Farm + Bickleigh, Plymouth Devon PL6 7AL + GB + +8C-1F-64 (hex) Grace Design/Lunatec LLC +FB7000-FB7FFF (base 16) Grace Design/Lunatec LLC + 4689 Ute Highway + Longmont CO 80503 + US + +8C-1F-64 (hex) Farmobile LLC +672000-672FFF (base 16) Farmobile LLC + 4001 W. 114th, Suite 300 + Leawood KS 66251 + US + +8C-1F-64 (hex) Real Digital +3B2000-3B2FFF (base 16) Real Digital + 655 SW James Pl + Pullman WA 99163 + US + +8C-1F-64 (hex) Zhuhai Yunzhou Intelligence Technology Ltd. +254000-254FFF (base 16) Zhuhai Yunzhou Intelligence Technology Ltd. + Room 311,312A,Floor 3,Heung Shan TechPort,No.3888 Qinglv North Road,Tangjiawan Town + Zhuhai Guangdong 519000 + CN + +8C-1F-64 (hex) AIQuatro +AC0000-AC0FFF (base 16) AIQuatro + 143B + São Paulo São Paulo 02433-070 + BR + +8C-1F-64 (hex) Active Research Limited +0C0000-0C0FFF (base 16) Active Research Limited + 21 Harwell Road + Poole Dorset BH17 0GE + GB + +8C-1F-64 (hex) Beijing Redlink Information Technology Co., Ltd. +D9A000-D9AFFF (base 16) Beijing Redlink Information Technology Co., Ltd. + Room 5, 2nd floor, Deshi Building, Haidian District, Beijing, China + Beijing 100085 + CN + +8C-1F-64 (hex) Sphere Com Services Pvt Ltd +A6A000-A6AFFF (base 16) Sphere Com Services Pvt Ltd + Sphere Com Services Pvt Ltd, F-16-22, pankaj plaza, plot-no-7, Sector - 12, Dwarka, New Delhi - 110075, New Delhi + New Delhi Delhi 110075 + IN + +8C-1F-64 (hex) suzhou yuecrown Electronic Technology Co.,LTD +CCB000-CCBFFF (base 16) suzhou yuecrown Electronic Technology Co.,LTD + B6,no.1599,West Chengbei Road,Gusu District + suzhou jiangsu 215000 + CN + +8C-1F-64 (hex) nke marine electronics +817000-817FFF (base 16) nke marine electronics + 6 rue gutenberg + Hennebont 56700 + FR + +8C-1F-64 (hex) GS Industrie-Elektronik GmbH +6B9000-6B9FFF (base 16) GS Industrie-Elektronik GmbH + Porschestrasse 11 + Leverkusen 51381 + DE + +8C-1F-64 (hex) Paragraf +01A000-01AFFF (base 16) Paragraf + 7-8 West Newlands + Somersham Cambridgeshire PE28 3EB + GB + +8C-1F-64 (hex) YUYAMA MFG Co.,Ltd +5AC000-5ACFFF (base 16) YUYAMA MFG Co.,Ltd + 1-4-30 + MEISHINGUCHI,TOYONAKA OSAKA 561-0841 + JP + +8C-1F-64 (hex) Transdigital Pty Ltd +7CF000-7CFFFF (base 16) Transdigital Pty Ltd + 1/160 Stirling Highway + Nedlands Western Australia 6009 + AU + +8C-1F-64 (hex) Talleres de Escoriaza SA +F65000-F65FFF (base 16) Talleres de Escoriaza SA + Barrio Ventas, 35 + Irun Gipuzkoa 20305 + ES + +8C-1F-64 (hex) EUROPEAN TELECOMMUNICATION INTERNATIONAL KFT +CDB000-CDBFFF (base 16) EUROPEAN TELECOMMUNICATION INTERNATIONAL KFT + 1132 Budapest, Váci út 22-24. 3. em.) + Budapest 1132 + HU + +70-B3-D5 (hex) YUYAMA MFG Co.,Ltd +BBB000-BBBFFF (base 16) YUYAMA MFG Co.,Ltd + 3-3-1 + TOYONAKASHI OSAKA 561-0841 + JP + +70-B3-D5 (hex) D-E-K GmbH & Co.KG +219000-219FFF (base 16) D-E-K GmbH & Co.KG + Südfeld 9 + Ascheberg / Herbern 58387 + DE + +70-B3-D5 (hex) AvMap srlu +B4F000-B4FFFF (base 16) AvMap srlu + Viale Zaccagna 6 + Carrara 54033 + IT + +70-B3-D5 (hex) Theatrixx Technologies, Inc. +5DD000-5DDFFF (base 16) Theatrixx Technologies, Inc. + 1655 Richardson + Montreal QC H3K3J7 + CA + +70-B3-D5 (hex) EA Elektroautomatik GmbH & Co. KG +6BC000-6BCFFF (base 16) EA Elektroautomatik GmbH & Co. KG + Helmholtzstraße 31-33 + Viersen NRW 41747 + DE + +70-B3-D5 (hex) Adolf Nissen Elektrobau GmbH + Co. KG +101000-101FFF (base 16) Adolf Nissen Elektrobau GmbH + Co. KG + Friedrichstädter Chaussee 4 Tönning 25832 DE @@ -17366,12 +17990,6 @@ A7B000-A7BFFF (base 16) SmartSafe Jinan City Shandong Province 250101 CN -70-B3-D5 (hex) AVA Technologies Inc. -72F000-72FFFF (base 16) AVA Technologies Inc. - 45 East Cordova St, AVA Technologies Inc. - Vancouver BC V6A 1K3 - CA - 70-B3-D5 (hex) Position Imaging A5D000-A5DFFF (base 16) Position Imaging 22 marin way unit 1 @@ -19259,12 +19877,6 @@ E9B000-E9BFFF (base 16) NUMATA R&D Co.,Ltd Osaki city 989-6161 JP -70-B3-D5 (hex) Active Research Limited -6A0000-6A0FFF (base 16) Active Research Limited - Unit 5, Wessex Trade Centre, Ringwood Road - Poole Dorset BH12 3PF - GB - 70-B3-D5 (hex) Scame Sistemi srl 2F3000-2F3FFF (base 16) Scame Sistemi srl Via Lombardia 5 @@ -21287,12 +21899,6 @@ E73000-E73FFF (base 16) Zeus Control Systems Ltd Nuneaton CV13 0PE GB -70-B3-D5 (hex) Flextronics International Kft. -E2F000-E2FFFF (base 16) Flextronics International Kft. - Zrínyi Miklós str. 38. - Zalaegerszeg 8900 - HU - 70-B3-D5 (hex) Beijing Lihong Create Co., Ltd. ED3000-ED3FFF (base 16) Beijing Lihong Create Co., Ltd. Changping, Zhenxinglu. 46 @@ -22328,12 +22934,6 @@ CCB000-CCBFFF (base 16) RealD, Inc. Wakefield West Yorkshire WF1 2ED GB -8C-1F-64 (hex) Flextronics International Kft. -F5C000-F5CFFF (base 16) Flextronics International Kft. - Zrínyi Miklós str. 38. - Zalaegerszeg 8900 - HU - 8C-1F-64 (hex) Bulwark 6A8000-6A8FFF (base 16) Bulwark 2/3 Sahra Grove @@ -22484,12 +23084,288 @@ EFB000-EFBFFF (base 16) WARECUBE,INC Suwon-si 16648 KR +8C-1F-64 (hex) Missing Link Electronics, Inc. +47A000-47AFFF (base 16) Missing Link Electronics, Inc. + 2880 Zanker Road, Ste 203 + San Jose 95134 + US + 8C-1F-64 (hex) Gemini Electronics B.V. 81A000-81AFFF (base 16) Gemini Electronics B.V. Burg. van Meeuwenstraat 14 Beek Limburg 6191 ND NL +8C-1F-64 (hex) AixControl GmbH +08F000-08FFFF (base 16) AixControl GmbH + Sonnenweg 15 + Aachen NRW 52070 + DE + +8C-1F-64 (hex) Zilica Limited +A1B000-A1BFFF (base 16) Zilica Limited + 8 Hasting Close, Bray, Bray + Maidenhead Bray Berks SL6 2DA + GB + +8C-1F-64 (hex) REO AG +73C000-73CFFF (base 16) REO AG + Brühlerstr. 100 + Solingen 42657 + DE + +8C-1F-64 (hex) Borrell USA Corp +38B000-38BFFF (base 16) Borrell USA Corp + 240 RIGGS AV + MERCED 95341 + US + +8C-1F-64 (hex) NOVA Products GmbH +BD6000-BD6FFF (base 16) NOVA Products GmbH + Thierschstr. 11 + Munich 80538 + DE + +70-B3-D5 (hex) Flextronics International Kft +E2F000-E2FFFF (base 16) Flextronics International Kft + Zrínyi Miklós str. 38. + Zalaegerszeg 8900 + HU + +8C-1F-64 (hex) Flextronics International Kft +F5C000-F5CFFF (base 16) Flextronics International Kft + Zrínyi Miklós str. 38. + Zalaegerszeg 8900 + HU + +8C-1F-64 (hex) ECO-ADAPT +C38000-C38FFF (base 16) ECO-ADAPT + 39 Rue de Chateaudun + Paris Ile-de-France 75009 + FR + +8C-1F-64 (hex) In-lite Design BV +557000-557FFF (base 16) In-lite Design BV + Stephensonweg 18 + Gorinchem Zuid-Holland 4207 HB + NL + +8C-1F-64 (hex) SMS group GmbH +FF4000-FF4FFF (base 16) SMS group GmbH + Hirtenwiese 4 + Elkenroth Rhineland-Palantine 57578 + DE + +8C-1F-64 (hex) CyberneX Co., Ltd +A6D000-A6DFFF (base 16) CyberneX Co., Ltd + Kamata, 5-26-8, Ardel Kamata #1107 + O-taku Tokyo-to 1440052 + JP + +8C-1F-64 (hex) Enestone Corporation +2FD000-2FDFFF (base 16) Enestone Corporation + 3-24-5 Shin yokohama Kohoku + YOKOHAMA Kanagawa 222-0033 + JP + +8C-1F-64 (hex) ADETEC SAS +AE8000-AE8FFF (base 16) ADETEC SAS + 8 rue de l'Angoumois + ARGENTEUIL 95100 + FR + +8C-1F-64 (hex) AML +634000-634FFF (base 16) AML + 2190 Regal Parkway + Euless TX 76040 + US + +70-B3-D5 (hex) Active Research Limited +6A0000-6A0FFF (base 16) Active Research Limited + 21 Harwell Road + Poole Dorset BH17 0GE + GB + +8C-1F-64 (hex) SiEngine Technology Co., Ltd. +F7A000-F7AFFF (base 16) SiEngine Technology Co., Ltd. + 6th floor,Building 23,No.1999,Yi Shan Road + Shanghai Shanghai 201114 + CN + +8C-1F-64 (hex) Vesperix Corporation +8E9000-8E9FFF (base 16) Vesperix Corporation + 803 West Broad St Suite 520 + Falls Church VA 22046 + US + +8C-1F-64 (hex) SOCNOC AI Inc +7DE000-7DEFFF (base 16) SOCNOC AI Inc + 2800 Innovation Avenue, Innovation Industrial Park? + Hefei Anhui 230000 + CN + +8C-1F-64 (hex) Sontay Ltd. +697000-697FFF (base 16) Sontay Ltd. + Four Elms Road + Edenbridge TN86AB + GB + +8C-1F-64 (hex) Lumiplan Duhamel +C4C000-C4CFFF (base 16) Lumiplan Duhamel + 2 rue de l'industrie + Domène Isère 38420 + FR + +8C-1F-64 (hex) BRICKMAKERS GmbH +E5E000-E5EFFF (base 16) BRICKMAKERS GmbH + Am Plan 14-16 + Koblenz 56068 + DE + +8C-1F-64 (hex) AvMap srlu +84C000-84CFFF (base 16) AvMap srlu + Viale Zaccagna 6 + Carrara 54033 + IT + +8C-1F-64 (hex) Neurable +B92000-B92FFF (base 16) Neurable + 45 Bromfield St + Chicago IL 60641 + US + +8C-1F-64 (hex) ADiCo Corporation +D69000-D69FFF (base 16) ADiCo Corporation + 2045-32, Takaragi-honcho + Utsunomiya-shi Tochigi 320-0075 + JP + +8C-1F-64 (hex) METRONA-Union GmbH +9FA000-9FAFFF (base 16) METRONA-Union GmbH + Aidenbachstr. 40 + München 81379 + DE + +8C-1F-64 (hex) Wittra Networks AB +DF8000-DF8FFF (base 16) Wittra Networks AB + Västra Järnvägsgatan 39th floor(Convendum) + Stockholm Stockholm 111 64 + SE + +8C-1F-64 (hex) Unitron Systems b.v. +FA8000-FA8FFF (base 16) Unitron Systems b.v. + SCHANSESTRAAT 7 + IJzendijke 4515 RN + NL + +8C-1F-64 (hex) University of Geneva - Department of Particle Physics +D88000-D88FFF (base 16) University of Geneva - Department of Particle Physics + Quai Ernest-Ansermet 24 + Geneva 1211 + CH + +8C-1F-64 (hex) Massar Networks +FAA000-FAAFFF (base 16) Massar Networks + Postfach 1207PEAX ID 473.1849.6740.89 + Baar Zug CH-6341 + CH + +8C-1F-64 (hex) Vytahy-Vymyslicky s.r.o. +737000-737FFF (base 16) Vytahy-Vymyslicky s.r.o. + Pivovarska 542 + Uherske Hradiste - Jarosov 60801 + CZ + +8C-1F-64 (hex) Retency +BBF000-BBFFFF (base 16) Retency + 19 rue Vivienne + Paris 75002 + FR + +8C-1F-64 (hex) Camius +601000-601FFF (base 16) Camius + 41593 Winchester Rd., Ste 200 + Temecula CA 92590 + US + +8C-1F-64 (hex) Patch Technologies, Inc. +0AC000-0ACFFF (base 16) Patch Technologies, Inc. + 100 S Cincinnati Ave, Fifth Floor + Tulsa OK 74103 + US + +8C-1F-64 (hex) BNB +0BE000-0BEFFF (base 16) BNB + Deongmyeongdong-ro 22beon-gil + Daejeon Yuseong-gu 34155 + KR + +8C-1F-64 (hex) Pionierkraft GmbH +CD3000-CD3FFF (base 16) Pionierkraft GmbH + Agnes-Pockels-Bogen 1 + Munich Bavaria 80992 + DE + +8C-1F-64 (hex) Comm-ence, Inc. +B73000-B73FFF (base 16) Comm-ence, Inc. + 1813 Limerick Ct + Darien IL 60561 + US + +8C-1F-64 (hex) YUSUR Technology Co., Ltd. +C3A000-C3AFFF (base 16) YUSUR Technology Co., Ltd. + Room 1401,building 4,yard 1, Beiqing Road No.81, Haidian District + Beijing Beijing 100086 + CN + +70-B3-D5 (hex) Ava Technologies +72F000-72FFFF (base 16) Ava Technologies + 2409 E. Pender St. + Vancouver BC V5K 2B2 + CA + +8C-1F-64 (hex) Benison Tech +3AC000-3ACFFF (base 16) Benison Tech + 2100 Geng Road, Suite 210 + Palo Alto CA 94043 + US + +8C-1F-64 (hex) HIGHVOLT Prüftechnik +8F8000-8F8FFF (base 16) HIGHVOLT Prüftechnik + Marie-Curie-Straße10 + Dresden 01139 + DE + +8C-1F-64 (hex) Stresstech OY +625000-625FFF (base 16) Stresstech OY + Tikkutehtaantie 1 + Vaajakoski 40800 + FI + +8C-1F-64 (hex) BCMTECH +94C000-94CFFF (base 16) BCMTECH + 803ho(Gongjang-dong), Simin-daero 109beon-gil, Dongan-gu, + Anyang-si Gyeonggi-do 14042 + KR + +8C-1F-64 (hex) MB connect line GmbH Fernwartungssysteme +97C000-97CFFF (base 16) MB connect line GmbH Fernwartungssysteme + Winnettener Straße 6 + Dinkelsbuehl Bavaria 91550 + DE + +8C-1F-64 (hex) SLAT +683000-683FFF (base 16) SLAT + 11 Rue Jean-Elysée DUPUY + Champagne au Mont d'Or Rhône 69543 + FR + +8C-1F-64 (hex) E VISION INDIA PVT LTD +7AF000-7AFFFF (base 16) E VISION INDIA PVT LTD + 9/205, MAIN MARKET OLD FARIDABAD HARYANA INDIA 121002 + Faridabad HARYANA 121002 + IN + 70-B3-D5 (hex) DISMUNTEL SAL 92C000-92CFFF (base 16) DISMUNTEL SAL Pol ind cotes @@ -22952,12 +23828,6 @@ E1F000-E1FFFF (base 16) THETA432 El Segundo CA 90245 US -70-B3-D5 (hex) Root Automation -6A2000-6A2FFF (base 16) Root Automation - 1916 Fort Jones Rd - Yreka CA 96097 - US - 70-B3-D5 (hex) DIEHL Connectivity Solutions 1F1000-1F1FFF (base 16) DIEHL Connectivity Solutions Stephanstraße 49 @@ -27934,3 +28804,288 @@ A9A000-A9AFFF (base 16) Signasystems Elektronik San. ve Tic. Ltd. Sti. 2683 151st Place NE Redmond WA 98052 US + +8C-1F-64 (hex) Pigs Can Fly Labs LLC +DC0000-DC0FFF (base 16) Pigs Can Fly Labs LLC + 9450 SW Gemini Dr, PMB 41687 + Beaverton OR 97008 + US + +8C-1F-64 (hex) United States Technologies Inc. +525000-525FFF (base 16) United States Technologies Inc. + 1701 Pollitt Drive + Fair Lawn NJ 07410 + US + +8C-1F-64 (hex) EMBSYS SISTEMAS EMBARCADOS +FD4000-FD4FFF (base 16) EMBSYS SISTEMAS EMBARCADOS + AV. SIGISMUNDO NUNES DE OLIVEIRA,570 CASA 324 + MARILIA SAO PAULO 17512752 + BR + +8C-1F-64 (hex) Cardinal Scales Manufacturing Co +DD5000-DD5FFF (base 16) Cardinal Scales Manufacturing Co + 203 East Daugherty Street + Webb City MO 64870 + US + +8C-1F-64 (hex) PuS GmbH und Co. KG +4E0000-4E0FFF (base 16) PuS GmbH und Co. KG + Hainstr. 13 + Gera Germany 07545 + DE + +8C-1F-64 (hex) EA Elektroautomatik GmbH & Co. KG +504000-504FFF (base 16) EA Elektroautomatik GmbH & Co. KG + Helmholtzstraße 31-33 + Viersen NRW 41747 + DE + +8C-1F-64 (hex) Rumble, Inc +837000-837FFF (base 16) Rumble, Inc + Bluebonnet Ln + Austin TX 78704 + US + +8C-1F-64 (hex) Cinetix Srl +89E000-89EFFF (base 16) Cinetix Srl + Via Armentera, 8 + Borgo Valsugana Trento 38051 + IT + +8C-1F-64 (hex) Mitsubishi Electric India Pvt. Ltd. +D92000-D92FFF (base 16) Mitsubishi Electric India Pvt. Ltd. + EL3, J BLOCK, M.I.D.C. Bhosari + PUNE Maharastra 411027 + IN + +8C-1F-64 (hex) ATM SOLUTIONS +9BD000-9BDFFF (base 16) ATM SOLUTIONS + Office 10, Krishna Arcade, Plot 65, Sector 2A, Koparkharine + Navi Mumbai Maharashatra 400709 + IN + +8C-1F-64 (hex) Integer.pl S.A. +A97000-A97FFF (base 16) Integer.pl S.A. + Wielicka 28 + Krakow 30-552 + PL + +8C-1F-64 (hex) Monnit Corporation +94E000-94EFFF (base 16) Monnit Corporation + 450 South Simmons STE 670 + Kaysville UT 84037 + US + +8C-1F-64 (hex) SASYS e.K. +1CB000-1CBFFF (base 16) SASYS e.K. + Spannstiftstr. 16 + Hagen 58119 + DE + +8C-1F-64 (hex) SCIREQ Scientific Respiratory Equipment Inc +01E000-01EFFF (base 16) SCIREQ Scientific Respiratory Equipment Inc + 6600 rue St. Urbain, Suite 300 + Montreal Quebec H2S 3G8 + CA + +8C-1F-64 (hex) Beijing Wenrise Technology Co., Ltd. +A84000-A84FFF (base 16) Beijing Wenrise Technology Co., Ltd. + No.10 Shangdi Road, Haidian District + Beijing Beijing 100085 + CN + +8C-1F-64 (hex) XSENSOR Technology Corp. +7AA000-7AAFFF (base 16) XSENSOR Technology Corp. + 133 12 Ave SE + Calgary Alberta T2G 0Z9 + CA + +8C-1F-64 (hex) ADAMCZEWSKI elektronische Messtechnik GmbH +F4E000-F4EFFF (base 16) ADAMCZEWSKI elektronische Messtechnik GmbH + Felix-Wankel-Str. 13 + Zaberfeld Baden-Württemberg 74374 + DE + +8C-1F-64 (hex) MG s.r.l. +67A000-67AFFF (base 16) MG s.r.l. + via Monte Bianco, 1 + Solbiate Olona VA 21058 + IT + +8C-1F-64 (hex) AMF Medical SA +F52000-F52FFF (base 16) AMF Medical SA + Chemin de la Dent-d'Oche 1 A + Ecublens VD Vaud 1024 + CH + +8C-1F-64 (hex) Qualitrol LLC +905000-905FFF (base 16) Qualitrol LLC + 1385 Fairport Rd + Fairport NY 14450 + US + +8C-1F-64 (hex) HUPI +489000-489FFF (base 16) HUPI + 45 allée théodore monod + Bidart Sélectionnez un département / état 64210 + FR + +8C-1F-64 (hex) TTC TELEKOMUNIKACE, s.r.o. +E4C000-E4CFFF (base 16) TTC TELEKOMUNIKACE, s.r.o. + Trebohosticka 5 + Praha 10 Praha 10000 + CZ + +70-B3-D5 (hex) Root Automation +6A2000-6A2FFF (base 16) Root Automation + 112 4 H Way + Yreka CA 96097 + US + +8C-1F-64 (hex) WINTUS SYSTEM +9BA000-9BAFFF (base 16) WINTUS SYSTEM + E1102, 7 yeonmujang 5ga gil, seongdong-gu + SEOUL SEOUL 04782 + KR + +8C-1F-64 (hex) eumig industrie-TV GmbH. +5B3000-5B3FFF (base 16) eumig industrie-TV GmbH. + Gewerbeparkstrasse 9 + Anif Salzburg 5081 + AT + +8C-1F-64 (hex) Proterra, Inc +552000-552FFF (base 16) Proterra, Inc + 1 Whitlee Court + Greenville SC 29607 + US + +8C-1F-64 (hex) TeraDiode / Panasonic +2C3000-2C3FFF (base 16) TeraDiode / Panasonic + 30 Upton Dr + Wilmington MA 01887 + US + +8C-1F-64 (hex) QUERCUS TECHNOLOGIES, S.L. +D7C000-D7CFFF (base 16) QUERCUS TECHNOLOGIES, S.L. + Av. Onze de Setembre 19 + Reus Tarragona 43203 + ES + +8C-1F-64 (hex) SPIT Technology, Inc +939000-939FFF (base 16) SPIT Technology, Inc + 2F, 91-1, Gyeongui-ro + Uijeongbu-si Gyonggi-do 11652 + KR + +8C-1F-64 (hex) M/S MILIND RAMACHANDRA RAJWADE +721000-721FFF (base 16) M/S MILIND RAMACHANDRA RAJWADE + 713, Sinhgad Road, P.cast S. No. 39, Manikbaug Industries Wadagaon Budru + Pune Maharashtra 411051 + IN + +8C-1F-64 (hex) JW Froehlich Maschinenfabrik GmbH +C8F000-C8FFFF (base 16) JW Froehlich Maschinenfabrik GmbH + Kohlhammerstrasse 18-24 + Leinfelden-Echterdingen 70771 + DE + +8C-1F-64 (hex) VECOS Europe B.V. +C80000-C80FFF (base 16) VECOS Europe B.V. + ESP 237 + Eindhoven Noord-Brabant 5633 AD + NL + +8C-1F-64 (hex) EMIT GmbH +3D1000-3D1FFF (base 16) EMIT GmbH + Johannes-Mauthe-Straße 14 + Albstadt Baden Württemberg 72458 + DE + +8C-1F-64 (hex) Power Electronics Espana, S.L. +D08000-D08FFF (base 16) Power Electronics Espana, S.L. + Poligono Industrial Carrases. Ronda del camp d Aviacio 4 + Lliria Valencia 46160 + ES + +8C-1F-64 (hex) Mediana +C6B000-C6BFFF (base 16) Mediana + Wonju Medical Industry Park, 1650-1 Donghwa-Ri, + Wonju-Si Gangwon-Do 220-801 + KR + +8C-1F-64 (hex) noah +B01000-B01FFF (base 16) noah + Augustusplatz 1-4 + Leipzig 04109 + DE + +8C-1F-64 (hex) eumig industrie-TV GmbH. +426000-426FFF (base 16) eumig industrie-TV GmbH. + Gewerbeparkstrasse 9 + Anif Salzburg 5081 + AT + +8C-1F-64 (hex) Hamamatsu Photonics K.K. +67F000-67FFFF (base 16) Hamamatsu Photonics K.K. + 314-5 Shimokanzo + Iwata Shizuoka 4380193 + JP + +8C-1F-64 (hex) Telemetrics Inc. +5E5000-5E5FFF (base 16) Telemetrics Inc. + 75 Commerce Dr + Allendale 07401 + US + +8C-1F-64 (hex) Nokeval Oy +E0E000-E0EFFF (base 16) Nokeval Oy + Rounionkatu 107 + Nokia 37150 + FI + +8C-1F-64 (hex) NextT Microwave Inc +8C5000-8C5FFF (base 16) NextT Microwave Inc + 121 Hymus Boulevard + Pointe-Claire Quebec H9R 1E6 + CA + +8C-1F-64 (hex) Fuzhou Tucsen Photonics Co.,Ltd +45D000-45DFFF (base 16) Fuzhou Tucsen Photonics Co.,Ltd + 5# Wanwushe Smart Industrial Park , No.2 Yangqi Branch Rd, Gaishan Town, Cangshan Area, Fuzhou, Fujian,PRC + fuzhou 350008 + CN + +8C-1F-64 (hex) TEKVOX, Inc +197000-197FFF (base 16) TEKVOX, Inc + 1965 Post Rd, Suite 400 + New Braunfels TX 78130 + US + +8C-1F-64 (hex) ACSL Ltd. +A2D000-A2DFFF (base 16) ACSL Ltd. + 3-6-4 Rinkaicho + Edogawa-ku Tokyo 134-0086 + JP + +8C-1F-64 (hex) Private +EE0000-EE0FFF (base 16) Private + +8C-1F-64 (hex) Agar Corporation Inc. +301000-301FFF (base 16) Agar Corporation Inc. + 5150 Tacoma Dr + Houston TX 77041 + US + +8C-1F-64 (hex) Sensus Healthcare +746000-746FFF (base 16) Sensus Healthcare + 851 Broken Sound Parkway NW, Suite 215 + Boca Raton FL 33487 + US + +8C-1F-64 (hex) Nuvation Energy +DFE000-DFEFFF (base 16) Nuvation Energy + 40 Bathurst Drive + Waterloo Ontario N2V 1V6 + CA diff --git a/hwdb.d/pci.ids b/hwdb.d/pci.ids index 4c99c149f48..c657b038fbb 100644 --- a/hwdb.d/pci.ids +++ b/hwdb.d/pci.ids @@ -1,8 +1,8 @@ # # List of PCI ID's # -# Version: 2021.12.15 -# Date: 2021-12-15 03:15:02 +# Version: 2022.04.16 +# Date: 2022-04-16 00:17:00 # # Maintained by Albert Pool, Martin Mares, and other volunteers from # the PCI ID Project at https://pci-ids.ucw.cz/. @@ -103,16 +103,33 @@ 0731 7212 JM7200 0731 7214 JM7500 0731 7215 JM7200 + 9100 JM9100 + 0731 9101 JM9100 + 0731 9102 JM9100-I + 910a JH910 + 0731 910a JH910 + 0731 910b JH910-I + 0731 910c JH910-M 9200 JM9200 920a JH920 + 0731 920a JH920 + 0731 920b JH920-I + 0731 920c JH920-M 920b JH920-I 920c JH920-M 9210 JM9210 + 0731 9210 JM9210 + 0731 9211 JM9210-I 9211 JM9210-I 9230 JM9230 + 0731 9230 JM9230 + 0731 9231 JM9230-I 9231 JM9231-I 9250 JM9250 + 0731 9250 JM9250 930a JH930-I + 0731 930a JH930-I + 0731 930b JH930-M 930b JH930-M 0777 Ubiquiti Networks, Inc. 0795 Wired Inc. @@ -658,6 +675,7 @@ 1000 3050 SAS9217-8i 1000 3060 SAS9217-4i4e 1014 0472 N2125 External Host Bus Adapter + 1014 047a N2115 Internal Host Bus Adapter 1590 0041 H220i 1590 0042 H221 / 9207-8e 1590 0044 H220i @@ -715,16 +733,16 @@ 1000 46a0 MegaRAID 9660-24i Tri-Mode Storage Adapter 1000 46c0 eHBA 9680W-16e Tri-Mode Storage Adapter 1000 46d0 eHBA 9600-8i8e Tri-Mode Storage Adapter - 1028 2114 PERC H965 Adapter - 1028 2115 PERC H965 Front - 1028 2117 PERC H965 MX + 1028 2114 PERC H965i Adapter + 1028 2115 PERC H965i Front + 1028 2117 PERC H965i MX 1028 213a PERC H965e Adapter - 1028 213b PERC H765 Adapter - 1028 213c PERC H765 Front + 1028 213b PERC H765i Adapter + 1028 213c PERC H765i Front 1028 213d PERC H765N Front - 1028 213e PERC H765 MX - 1028 213f PERC H365 Adapter - 1028 2140 PERC H365 Front + 1028 213e PERC H765i MX + 1028 213f PERC H365i Adapter + 1028 2140 PERC H365i Front 1028 2141 PERC H360 MX 1028 2142 HBA 465e Adapter 00ab SAS3516 Fusion-MPT Tri-Mode RAID On Chip (ROC) @@ -821,14 +839,16 @@ 1028 200c HBA355i Front 1028 200d HBA355e Adapter 1028 200e HBA350i MX + 1028 2170 HBA350i MM 1028 2175 HBA350i Adapter + 1028 2197 HBA350i MM LP 1d49 0205 ThinkSystem 440-16i SAS/SATA PCIe Gen4 12Gb Internal HBA 1d49 0206 ThinkSystem 440-16e SAS/SATA PCIe Gen4 12Gb HBA 1d49 0207 ThinkSystem 440-8i SAS/SATA PCIe Gen4 12Gb HBA 1d49 0208 ThinkSystem 440-16i SAS/SATA PCIe Gen4 12Gb HBA 1d49 0209 ThinkSystem 440-8e SAS/SATA PCIe Gen4 12Gb HBA - 8086 4050 Storage Controller RS3P4QF160F - 8086 4070 Storage Controller RS3P4GF016F + 8086 4050 Storage Controller RS3P4QF160J + 8086 4070 Storage Controller RS3P4GF016J 00e7 Fusion-MPT 12GSAS/PCIe Unsupported SAS38xx # Tampered part 1028 200b HBA355i Adapter Tampered @@ -932,6 +952,8 @@ 10e2 MegaRAID 12GSAS/PCIe Secure SAS39xx # 9560 16 internal port RAID controller 1000 4000 MegaRAID 9560-16i +# 9561 16 internal port RAID controller + 1000 4002 MegaRAID 9561-16i # 9560 8 internal port RAID controller 1000 4010 MegaRAID 9560-8i # 9580 8 internal & 8 external port RAID controller @@ -965,6 +987,7 @@ 1028 2173 PERC H355 Front 1028 2174 PERC H350 Mini 1028 2177 PERC H350 Adapter + 1028 2199 PERC H350 Mini LP 1d49 0505 ThinkSystem RAID 540-8i PCIe Gen4 12Gb Adapter 1d49 0506 ThinkSystem RAID 540-16i PCIe Gen4 12Gb Adapter 10e7 MegaRAID 12GSAS/PCIe Unsupported SAS38xx @@ -986,6 +1009,7 @@ c010 PEX88048 50 lane, 50 port, PCI Express Gen 4.0 ExpressFabric Platform c012 PEX880xx PCIe Gen 4 Switch 1d49 0003 ThinkSystem 1611-8P PCIe Gen4 NVMe Switch Adapter + c030 PEX890xx PCIe Gen 5 Switch 1001 Kolter Electronic 0010 PCI 1616 Measurement card with 32 digital I/O lines 0011 OPTO-PCI Opto-Isolated digital I/O board @@ -1059,10 +1083,12 @@ 1636 Renoir 1637 Renoir Radeon High Definition Audio Controller 1638 Cezanne - 163f VanGogh +# Used in the Steam Deck + 163f VanGogh [AMD Custom GPU 0405] + 1640 Rembrandt Radeon High Definition Audio Controller 164c Lucienne 164d Rembrandt - 1681 Rembrandt + 1681 Rembrandt [Radeon 680M] 1714 BeaverCreek HDMI Audio [Radeon HD 6500D and 6400G-6600G series] 103c 168b ProBook 4535s 3150 RV380/M24 [Mobility Radeon X600] @@ -2032,9 +2058,10 @@ 174b a240 Radeon R7 240 OEM 174b d340 Radeon R7 340 OEM 1b0a 90d3 Radeon R7 240 OEM - 6613 Oland PRO [Radeon R7 240/340] + 6613 Oland PRO [Radeon R7 240/340 / Radeon 520] 148c 7340 Radeon R7 340 1682 7240 R7 240 2048 MB + 1dcf 3000 Oland PRO [Radeon R7 240/340 / Radeon 520] 6631 Oland 6640 Saturn XT [FirePro M6100] 106b 014b Tropo XT [Radeon R9 M380 Mac Edition] @@ -3742,23 +3769,29 @@ 73a2 Navi 21 Pro-XTA [Radeon Pro W6900X] 73a3 Navi 21 GL-XL [Radeon PRO W6800] 73a4 Navi 21 USB + 73a5 Navi 21 [Radeon RX 6950 XT] 73ab Navi 21 Pro-XLA [Radeon Pro W6800X/Radeon Pro W6800X Duo] 73af Navi 21 [Radeon RX 6900 XT] + 148c 2414 Navi 21 XTXH [PowerColor Red Devil RX 6900 XT Ultimate] 73bf Navi 21 [Radeon RX 6800/6800 XT / 6900 XT] 1002 0e3a Radeon RX 6900 XT + 148c 2408 Red Devil AMD Radeon RX 6900 XT 1eae 6701 XFX Speedster MERC 319 AMD Radeon RX 6800 XT Black 73c3 Navi 22 73c4 Navi 22 USB - 73df Navi 22 [Radeon RX 6700/6700 XT / 6800M] + 73df Navi 22 [Radeon RX 6700/6700 XT/6750 XT / 6800M] 73e0 Navi 23 73e1 Navi 23 WKS-XM [Radeon PRO W6600M] 73e3 Navi 23 WKS-XL [Radeon PRO W6600] 73e4 Navi 23 USB + 73ef Navi 23 [Radeon RX 6650 XT] 73ff Navi 23 [Radeon RX 6600/6600 XT/6600M] 148c 2412 PowerColor Red Devil RX 6600 XT 7408 Aldebaran 740c Aldebaran 740f Aldebaran + 743f Navi 24 [Radeon RX 6400 / 6500 XT] + 1da2 e457 PULSE AMD Radeon RX 6500 XT 7833 RS350 Host Bridge 7834 RS350 [Radeon 9100 PRO/XT IGP] 7835 RS350M [Mobility Radeon 9000 IGP] @@ -4161,7 +4194,7 @@ ab10 Lexa HDMI Audio ab18 Vega 12 HDMI Audio ab20 Vega 20 HDMI Audio [Radeon VII] - ab28 Navi 21 HDMI Audio [Radeon RX 6800/6800 XT / 6900 XT] + ab28 Navi 21/23 HDMI/DP Audio Controller ab38 Navi 10 HDMI Audio ac00 Theater 506 World-Wide Analog Decoder ac01 Theater 506 World-Wide Analog Decoder @@ -4956,14 +4989,14 @@ 1043 876b PRIME Motherboard 17aa 5124 ThinkPad E595 ea50 ce19 mCOM10-L1900 - 15e2 Raven/Raven2/FireFlight/Renoir Audio Processor + 15e2 ACP/ACP3X/ACP6x Audio Coprocessor 17aa 5124 ThinkPad E595 ea50 ce19 mCOM10-L1900 - 15e3 Family 17h (Models 10h-1fh) HD Audio Controller + 15e3 Family 17h/19h HD Audio Controller 103c 8615 Pavilion Laptop 15-cw1xxx 1043 86c7 PRIME B450M-A Motherboard 17aa 5124 ThinkPad E595 - 15e4 Raven/Raven2/Renoir Sensor Fusion Hub + 15e4 Sensor Fusion Hub 15e5 Raven2 USB 3.1 ea50 ce19 mCOM10-L1900 15e6 Raven/Raven2/Renoir Non-Sensor Fusion Hub KMDF driver @@ -5139,6 +5172,13 @@ 43c7 400 Series Chipset PCIe Port 43c8 400 Series Chipset SATA Controller 43d5 400 Series Chipset USB 3.1 XHCI Controller + 43e9 500 Series Chipset Switch Upstream Port + 43eb 500 Series Chipset SATA Controller +# or ASM106X Serial ATA Controller + 1b21 1062 ASM1062 Serial ATA Controller + 43ee 500 Series Chipset USB 3.1 XHCI Controller +# maybe + 1b21 1142 ASM1042A USB 3.0 Host Controller 57a3 Matisse PCIe GPP Bridge 57a4 Matisse PCIe GPP Bridge 57ad Matisse Switch Upstream @@ -11492,6 +11532,7 @@ 10ef GP102 HDMI Audio Controller 10f0 GP104 High Definition Audio Controller 10f1 GP106 High Definition Audio Controller + 1043 85b6 DUAL-GTX1060-O6G [GeForce GTX 1060 6GB Dual] 10f7 TU102 High Definition Audio Controller 10f8 TU104 HD Audio Controller 10f9 TU106 High Definition Audio Controller @@ -12189,6 +12230,7 @@ 1c01 GP106 1c02 GP106 [GeForce GTX 1060 3GB] 1c03 GP106 [GeForce GTX 1060 6GB] + 1043 85b6 DUAL-GTX1060-O6G [GeForce GTX 1060 6GB Dual] 1c04 GP106 [GeForce GTX 1060 5GB] 1c06 GP106 [GeForce GTX 1060 6GB Rev. 2] 1c07 GP106 [P106-100] @@ -12321,6 +12363,7 @@ 1ef5 TU104GLM [Quadro RTX 5000 Mobile Refresh] 1f02 TU106 [GeForce RTX 2070] 1043 8673 TURBO RTX 2070 + 1f03 TU106 [GeForce RTX 2060 12GB] 1f04 TU106 1f06 TU106 [GeForce RTX 2060 SUPER] 1f07 TU106 [GeForce RTX 2070 Rev. A] @@ -12354,29 +12397,44 @@ 1f99 TU117M 1f9c TU117M [GeForce MX450] 1f9d TU117M [GeForce GTX 1650 Mobile / Max-Q] +# via Lenovo 496.90 + 1f9f TU117M [GeForce MX550] + 1fa0 TU117M [GeForce MX550] 1fae TU117GL 1fb0 TU117GLM [Quadro T1000 Mobile] 1fb1 TU117GL [T600] 1fb2 TU117GLM [Quadro T400 Mobile] + 1fb6 TU117GLM [T600 Laptop GPU] + 1fb7 TU117GLM [T550 Laptop GPU] 1fb8 TU117GLM [Quadro T2000 Mobile / Max-Q] 1fb9 TU117GLM [Quadro T1000 Mobile] 1fba TU117GLM [T600 Mobile] 1fbb TU117GLM [Quadro T500 Mobile] + 1fbc TU117GLM [T1200 Laptop GPU] 1fbf TU117GL 1fd9 TU117BM [GeForce GTX 1650 Mobile Refresh] 1fdd TU117BM [GeForce GTX 1650 Mobile Refresh] + 1ff0 TU117GL [T1000 8GB] + 1ff2 TU117GL [T400 4GB] 1ff9 TU117GLM [Quadro T1000 Mobile] + 2082 GA100 [CMP 170HX] 20b0 GA100 [A100 SXM4 40GB] 20b1 GA100 [A100 PCIe 40GB] 20b2 GA100 [A100 SXM4 80GB] +# 20B3 14A7 10DE PG506-242 / 20B3 14A8 10DE PG506-243 + 20b3 GA100 [PG506-242/243] 20b5 GA100 [A100 PCIe 80GB] 20b6 GA100GL [PG506-232] 20b7 GA100GL [A30 PCIe] + 20b8 GA100 [A100X] + 20b9 GA100 [A30X] 20bb GA100 [DRIVE A100 PROD] 20be GA100 [GRID A100A] 20bf GA100 [GRID A100B] 20c2 GA100 [CMP 170HX] + 20f0 GA100 [A100-PG506-207] 20f1 GA100 [A100 PCIe 40GB] + 20f2 GA100 [A100-PG506-217] 2182 TU116 [GeForce GTX 1660 Ti] 2183 TU116 2184 TU116 [GeForce GTX 1660] @@ -12391,6 +12449,7 @@ 21c4 TU116 [GeForce GTX 1660 SUPER] 21d1 TU116BM [GeForce GTX 1660 Ti Mobile] 2200 GA102 + 2203 GA102 [GeForce RTX 3090 Ti] 2204 GA102 [GeForce RTX 3090] 147d 10de NVIDIA Geforce RTX 3090 Founders Edition 2205 GA102 [GeForce RTX 3080 Ti 20GB] @@ -12399,6 +12458,7 @@ 10de 146d GA102 [GeForce RTX 3080 20GB] 1462 3892 RTX 3080 10GB GAMING X TRIO 2208 GA102 [GeForce RTX 3080 Ti] + 220a GA102 [GeForce RTX 3080 12GB] 220d GA102 [CMP 90HX] 2216 GA102 [GeForce RTX 3080 Lite Hash Rate] 222b GA102 [GeForce RTX 3090 Engineering Sample] @@ -12406,15 +12466,20 @@ 2230 GA102GL [RTX A6000] 2231 GA102GL [RTX A5000] 2232 GA102GL [RTX A4500] + 2233 GA102GL [RTX A5500] 2235 GA102GL [A40] 2236 GA102GL [A10] 2237 GA102GL [A10G] + 2238 GA102GL [A10M] 223f GA102GL 228b GA104 High Definition Audio Controller 2296 Tegra PCIe Endpoint Virtual Network 2302 GA103 2321 GA103 + 2414 GA103 [GeForce RTX 3060 Ti] 2420 GA103M [GeForce RTX 3080 Ti Mobile] + 2438 GA103GLM [RTX A5500 Laptop GPU] + 2460 GA103M [GeForce RTX 3080 Ti Laptop GPU] 2482 GA104 [GeForce RTX 3070 Ti] 2483 GA104 2484 GA104 [GeForce RTX 3070] @@ -12433,32 +12498,52 @@ 24ad GA104 [GeForce RTX 3060 Engineering Sample] 24af GA104 [GeForce RTX 3070 Engineering Sample] 24b0 GA104GL [RTX A4000] + 24b1 GA104GL [RTX A4000H] 24b6 GA104GLM [RTX A5000 Mobile] 24b7 GA104GLM [RTX A4000 Mobile] 24b8 GA104GLM [RTX A3000 Mobile] + 24b9 GA104GLM [RTX A3000 12GB Laptop GPU] + 24ba GA104GLM [RTX A4500 Laptop GPU] + 24bb GA104GLM [RTX A3000 Laptop GPU] 24bf GA104 [GeForce RTX 3070 Engineering Sample] 24dc GA104M [GeForce RTX 3080 Mobile / Max-Q 8GB/16GB] 24dd GA104M [GeForce RTX 3070 Mobile / Max-Q] + 24e0 GA104M [Geforce RTX 3070 Ti Laptop GPU] + 24fa GA104 [RTX A4500 Embedded GPU ] 2501 GA106 [GeForce RTX 3060] 2503 GA106 [GeForce RTX 3060] 2504 GA106 [GeForce RTX 3060 Lite Hash Rate] 2505 GA106 + 2507 GA106 [Geforce RTX 3050] 2520 GA106M [GeForce RTX 3060 Mobile / Max-Q] 2523 GA106M [GeForce RTX 3050 Ti Mobile / Max-Q] 252f GA106 [GeForce RTX 3060 Engineering Sample] + 2531 GA106 [RTX A2000] 2560 GA106M [GeForce RTX 3060 Mobile / Max-Q] 2563 GA106M [GeForce RTX 3050 Ti Mobile / Max-Q] + 2571 GA106 [RTX A2000 12GB] 2583 GA107 [GeForce RTX 3050] 25a0 GA107M [GeForce RTX 3050 Ti Mobile] 25a2 GA107M [GeForce RTX 3050 Mobile] + 25a3 GA107 25a4 GA107 25a5 GA107M [GeForce RTX 3050 Mobile] + 25a6 GA107M [GeForce MX570] + 25a7 GA107M [GeForce MX570] + 25a9 GA107M [GeForce RTX 2050] + 25aa GA107M [GeForce MX570 A] 25af GA107 [GeForce RTX 3050 Engineering Sample] 25b5 GA107GLM [RTX A4 Mobile] +# A16 - 25B6 10DE 14A9 / A2 - 25B6 10DE 157E + 25b6 GA107GL [A2 / A16] 25b8 GA107GLM [RTX A2000 Mobile] + 25b9 GA107GLM [RTX A1000 Laptop GPU] + 25ba GA107GLM [RTX A2000 8GB Laptop GPU] 25e0 GA107BM [GeForce RTX 3050 Ti Mobile] 25e2 GA107BM [GeForce RTX 3050 Mobile] 25e5 GA107BM [GeForce RTX 3050 Mobile] + 25f9 GA107 [RTX A1000 Embedded GPU ] + 25fa GA107 [RTX A2000 Embedded GPU] 10df Emulex Corporation 0720 OneConnect NIC (Skyhawk) 103c 1934 FlexFabric 20Gb 2-port 650M Adapter @@ -12499,6 +12584,7 @@ e300 LPe31000/LPe32000 Series 16Gb/32Gb Fibre Channel Adapter 1014 0614 PCIe3 4-Port 16Gb Fibre Channel Adapter for POWER (FC EN1C/EN1D; CCIN 578E) 1014 0615 PCIe3 2-Port 32Gb Fibre Channel Adapter for POWER (FC EN1A/EN1B; CCIN 578F) + 1014 06a0 PCIe3 2-Port 16Gb Fibre Channel Adapter for POWER (FC EN1L/EN1M; CCIN 2CFC) 10df e300 LPe32002-M2 2-Port 32Gb Fibre Channel Adapter 10df e301 LPe32000-M2 1-Port 32Gb Fibre Channel Adapter 10df e310 LPe31002-M6 2-Port 16Gb Fibre Channel Adapter @@ -12552,9 +12638,13 @@ 10df f411 LPe35000-M2-D 1-Port 32Gb Fibre Channel Adapter 10df f418 LPe35000-M2-L 1-Port 32Gb PCIe Fibre Channel Adapter 10df f419 LPe35002-M2-L 2-Port 32Gb PCIe Fibre Channel Adapter + 10df f421 LPe36002-M2-L 2-Port 64Gb PCIe Fibre Channel Adapter + 10df f422 LPe36002-M64-D 2-Port 64Gb Fibre Channel Adapter 1590 02d5 StoreFabric SN1610E 1-Port 32Gb Fibre Channel Adapter 1590 02d6 StoreFabric SN1610E 2-Port 32Gb Fibre Channel Adapter f500 LPe37000/LPe38000 Series 32Gb/64Gb Fibre Channel Adapter + 1014 06c1 PCIe4 4-Port 32Gb Fibre Channel Adapter for POWER (FC EN1L/EN1M; CCIN 2CFC) + 1014 06c2 PCIe4 2-Port 64Gb Fibre Channel Adapter for POWER (FC EN1N/EN1P; CCIN 2CFD) f700 LP7000 Fibre Channel Host Adapter f701 LP7000 Fibre Channel Host Adapter Alternate ID (JX1:2-3, JX2:1-2) f800 LP8000 Fibre Channel Host Adapter @@ -12689,6 +12779,7 @@ 1028 09be Latitude 7410 17aa 224f ThinkPad X1 Carbon 5th Gen 5260 RTS5260 PCI Express Card Reader + 5261 RTS5261 PCI Express Card Reader 5286 RTS5286 PCI Express Card Reader 5287 RTL8411B PCI Express Card Reader 1025 1094 Acer Aspire E5-575G @@ -12790,6 +12881,8 @@ 103c 2a6f Asus IPIBL-LB Motherboard 103c 825b OMEN-17-w001nv 103c 8615 Pavilion Laptop 15-cw1xxx +# Rev 29, uses r8169 Driver on Linux + 103c 8882 HP ProDesk 405 G8 Desktop Mini PC 1043 11f5 Notebook motherboard (one of many models) 1043 16d5 U6V/U31J laptop 1043 81aa P5B @@ -13699,6 +13792,8 @@ 9082 Standard AHCI 1.0 SATA Controller 9140 HDMI Audio Device 9201 USB3.0 Controller +# Centaur CNS Coprocessor + 9380 Ncore Coprocessor 9530 VX800/820/900 Series Secure Digital Memory Card Controller 95d0 VX800/820/900 Series SDIO Host Controller a208 PT890 PCI to PCI Bridge Controller @@ -15803,6 +15898,7 @@ 8534 PM8534 PFX 64xG3 PCIe Fanout Switch 8535 PM8535 PFX 80xG3 PCIe Fanout Switch 8536 PM8536 PFX 96xG3 PCIe Fanout Switch + 1bd4 0081 PM8536 PFX 96xG3 PCIe Fanout Switch 8546 PM8546 B-FEIP PSX 96xG3 PCIe Storage Switch 8562 PM8562 Switchtec PFX-L 32xG3 Fanout-Lite PCIe Gen3 Switch 11f9 I-Cube Inc @@ -16795,6 +16891,7 @@ # PI7C9X20508GP 5Port-8Lane PCI Express Switch GreenPacket Family 0508 PI7C9X20508GP PCI Express Switch 5Port-8Lane 2304 PI7C9X2G304 EL/SL PCIe2 3-Port/4-Lane Packet Switch + 2308 PI7C9X2G308GP 8-lane PCI Express 2.0 Switch with 3 PCI Express ports 2404 PI7C9X2G404 EL/SL PCIe2 4-Port/4-Lane Packet Switch 2608 PI7C9X2G608GP PCIe2 6-Port/8-Lane Packet Switch ea50 cc10 RXi2-BP @@ -17112,6 +17209,8 @@ 5190 9200 ECO NVMe SSD 5191 9200 PRO NVMe SSD 5192 9200 MAX NVMe SSD + 51a2 9300 PRO NVMe SSD + 51a3 9300 MAX NVMe SSD 1345 Arescom Inc 1347 Odetics 1349 Sumitomo Electric Industries, Ltd. @@ -17454,6 +17553,8 @@ 13a3 0036 DX1730 Acceleration Card 0037 8204 Acceleration Processor 13a3 0036 DX1740 Acceleration Card + 9240 XR9240 Compression and Security Coprocessor [Panther II] + 13a3 9200 DX2040 Compression and Security Acceleration Card [Panther II] 13a4 Rascom Inc 13a5 Audio Digital Imaging Inc 13a6 Videonics Inc @@ -19077,11 +19178,15 @@ 103c 1240 Myrinet M2L-PCI64/2-3.0 LANai 7.4 (HP OEM) 14c2 DTK Computer 14c3 MEDIATEK Corp. + 0608 RZ608 Wi-Fi 6E 80MHz + 0616 MT7922 802.11ax PCI Express Wireless Network Adapter 7612 MT7612E 802.11acbgn PCI Express Wireless Network Adapter + 7615 MT7615E 802.11ac PCI Express Wireless Network Adapter 7630 MT7630e 802.11bgn Wireless Network Adapter # MT7612E too? 7662 MT7662E 802.11ac PCI Express Wireless Network Adapter 7915 MT7915E 802.11ax PCI Express Wireless Network Adapter + 7961 MT7921 802.11ax PCI Express Wireless Network Adapter 14c4 IWASAKI Information Systems Co Ltd 14c5 Automation Products AB 14c6 Data Race Inc @@ -19424,6 +19529,10 @@ 1259 2708 AT-2712 FX # The Broadcom 57800 device has two 1Gig ports and two 10Gig ports. The subsystem information can be used to differentiate. 168a NetXtreme II BCM57800 1/10 Gigabit Ethernet +# SFP+ ports + 1014 0493 PCIe2 LP 4-Port (10Gb+1GbE) SR+RJ45 Adapter (FC EN0T; CCIN 2CC3) +# RJ-45 ports + 1014 0494 PCIe2 LP 4-Port (10Gb+1GbE) SR+RJ45 Adapter (FC EN0T; CCIN 2CC3) 1028 1f5c BCM57800 10-Gigabit Ethernet 1028 1f5d BCM57800 10-Gigabit Ethernet 1028 1f67 BCM57800 1-Gigabit Ethernet @@ -19595,6 +19704,8 @@ 14e4 4126 NetXtreme-E Dual-port 10G SFP+ Ethernet OCP 3.0 Adapter (BCM957412N4120C) 152d 8b20 BCM57412 NetXtreme-E 10Gb RDMA Ethernet Controller 152d 8b22 BCM57412 NetXtreme-E 25Gb RDMA Ethernet Controller +# NIC-ETH531F-LP-2P BCM57412 2 x 10G SFP+ Ethernet PCIe Card + 193d 1024 NIC-ETH531F-LP-2P 16d7 BCM57414 NetXtreme-E 10Gb/25Gb RDMA Ethernet Controller 14e4 1402 BCM957414A4142CC 10Gb/25Gb Ethernet PCIe 14e4 1404 BCM957414M4142C OCP 2x25G Type1 wRoCE @@ -19948,6 +20059,7 @@ 9027 CN99xx [ThunderX2] Integrated AHCI/SATA 3 Host Controller a8d8 BCM43224/5 Wireless Network Adapter aa52 BCM43602 802.11ac Wireless LAN SoC + b080 BCM56080 Firelight2 Switch ASIC b302 BCM56302 StrataXGS 24x1GE 2x10GE Switch Controller b334 BCM56334 StrataXGS 24x1GE 4x10GE Switch Controller b370 BCM56370 Switch ASIC @@ -20635,6 +20747,7 @@ 07b0 VMXNET3 Ethernet Controller 07c0 PVSCSI SCSI Controller 07e0 SATA AHCI controller + 07f0 NVMe SSD Controller 0801 Virtual Machine Interface 15ad 0800 Hypervisor ROM Interface 0820 Paravirtual RDMA controller @@ -20668,6 +20781,8 @@ 021d MT43244 Family [BlueField-3 Secure Flash Recovery] 021e CX8 Family [ConnectX-8 Flash Recovery] 021f CX8 Family [ConnectX-8 Secure Flash Recovery] + 0220 BF4 Family Flash Recovery [BlueField-4 SoC Flash Recovery] + 0221 BF4 Family Secure Flash Recovery [BlueField-4 Secure Flash Recovery] 024e MT53100 [Spectrum-2, Flash recovery mode] 024f MT53100 [Spectrum-2, Secure Flash recovery mode] 0250 Spectrum-3, Flash recovery mode @@ -20679,6 +20794,7 @@ 0256 Abir GearBox 0257 Quantum-2 in Flash Recovery Mode 0258 Quantum-2 RMA + 0259 Abir Chiplet 0262 MT27710 [ConnectX-4 Lx Programmable] EN 0263 MT27710 [ConnectX-4 Lx Programmable Virtual Function] EN 0264 Innova-2 Flex Burn image @@ -20686,6 +20802,7 @@ 0271 Spectrum-4L, RMA 0274 Spectrum-4C, Flash recovery mode 0275 Spectrum-4C RMA + 0277 Spectrum-4TOR RMA 0281 NPS-600 Flash Recovery 1002 MT25400 Family [ConnectX-2 Virtual Function] 1003 MT27500 Family [ConnectX-3] @@ -20857,10 +20974,14 @@ a2da MT43244 BlueField-3 SoC Crypto enabled a2db MT43244 BlueField-3 SoC Crypto disabled a2dc MT43244 BlueField-3 integrated ConnectX-7 network controller + a2dd BF4 Family Crypto enabled [BlueField-4 SoC Crypto enabled] + a2de BF4 Family Crypto disabled [BlueField-4 SoC Crypto disabled] + a2df BF4 Family integrated network controller [BlueField-4 integrated network controller] c2d2 MT416842 BlueField SoC management interfac c2d3 MT42822 BlueField-2 SoC Management Interface c2d4 MT43162 BlueField-3 Lx SoC Management Interface c2d5 MT43244 BlueField-3 SoC Management Interface + c2d6 BF4 Family Management Interface [BlueField-4 SoC Management Interface] # SwitchX-2, 40GbE switch c738 MT51136 c739 MT51136 GW @@ -20956,8 +21077,9 @@ 15cc Hotrail Inc 15cd Dreamtech Co Ltd 15ce Genrad Inc -15cf Hilscher GmbH - 0000 CIFX 50E-DP(M/S) +# https://www.hilscher.com/imprint/ +15cf Hilscher Gesellschaft für Systemautomation mbH + 0000 CIFX PCI/PCIe 15d1 Infineon Technologies AG 15d2 FIC (First International Computer Inc) 15d3 NDS Technologies Israel Ltd @@ -21819,6 +21941,32 @@ a036 ThunderX RAD (RAID acceleration engine) virtual function a037 THUNDERX ZIP virtual function a040 THUNDERX CPT Cryptographic Accelerator +# MAC found on OcteonTx2 series of silicons + a059 Octeon TX2 CGX (MAC) +# MAC found on Octeon 10 series of silicons + a060 Octeon 10 RPM (MAC) +# Octeon Tx2 Loopback Interface block + a061 Octeon Tx2 Loopback Interface (LBK) +# Octeon Tx2 Resource Virtualization Unit Physical Function + a063 Octeon Tx2 RVU Physical Function +# Octeon Tx2 Resource Virtualization Unit Virtual Function + a064 Octeon Tx2 RVU Virtual Function +# Octeon Tx2 Resource Virtualization Unit Admin Function + a065 Octeon Tx2 RVU Admin Function +# PTP Timestamping unit on Octeon 10 silicon series + a09e Octeon 10 PTP controller +# Cryptographic Accelerator found on Octeon 10 series of silicons + a0f2 Octeon 10 CPT Cryptographic Accelerator, Physical function + a0f3 Octeon 10 CPT Cryptographic Accelerator, Virtual function +# Octeon Tx2 System DPI Interface (SDP) Physical Function + a0f6 Octeon Tx2 SDP Physical Function +# Octeon Tx2 System DPI Interface (SDP) Virtual Function + a0f7 Octeon Tx2 SDP Virtual Function + a0f8 Octeon Tx2 Loopback Interface Virtual Function (LBKVF) +# Cryptographic Accelerator found on OcteonTx2 series of silicons + a0fd Octeon Tx2 CPT Cryptographic Accelerator, Physical function +# Cryptographic Accelerator found on OcteonTx2 series of silicons + a0fe Octeon Tx2 CPT Cryptographic Accelerator, Virtual function a100 THUNDERX CN88XX 48 core SoC a200 OCTEON TX CN81XX/CN80XX a300 OCTEON TX CN83XX @@ -21932,7 +22080,9 @@ 0400 Datacenter Technologies QDF2432 PCI Express Root Port 0401 Datacenter Technologies QDF2400 PCI Express Root Port 1000 QCS405 PCIe Root Complex - 1101 QCA6390 Wireless Network Adapter [AX500-DBS (2x2)] + 1101 QCA6390 Wireless Network Adapter + 1103 QCNFA765 Wireless Network Adapter + 1104 QCN6024/9024/9074 Wireless Network Adapter 17cc NetChip Technology, Inc 2280 USB 2.0 17cd Cadence Design Systems, Inc. @@ -22806,6 +22956,10 @@ 0011 FlexCard PMC-II Ethernet 0018 FlexCard PXIe3 0019 FlexCard PCIe3 +# IO card for std ethernet and automotive ethernet (ieee 1000Base-T1) + 001a FlexCard PXIe Ethernet +# IO card for std ethernet and automotive ethernet (ieee 1000Base-T1) + 001b FlexCard PCIe Ethernet 1976 TRENDnet 1977 Parsec 197b JMicron Technology Corp. @@ -23137,6 +23291,11 @@ 1aa8 Ciprico, Inc. 0009 RAIDCore Controller 000a RAIDCore Controller +1aa9 Schweitzer Engineering Laboratories + 000d SEL-3390S8 Serial Adapter + 000e SEL-3390E4 Ethernet Adapter + 0014 SEL-3390T Time and Ethernet Adapter + 0018 SEL-3390E4 Ethernet Adapter 1aae Global Velocity, Inc. 1ab4 Distributed Management Task Force, Inc. (DMTF) 1ab6 CalDigit, Inc. @@ -23207,6 +23366,8 @@ 0a58 microEnable 5 VD8-CL # CameraLink frame grabber 0a5a microEnable 5 AD8-CL +# CoaXpress frame grabber + 0a64 imaWorx CXP-12 Quad # OEM product 0b52 mE5 Abacus 4G Base # OEM product @@ -23311,12 +23472,15 @@ 1080 ASM1083/1085 PCIe to PCI Bridge 1849 1080 Motherboard 1142 ASM1042A USB 3.0 Host Controller + 1166 ASM1166 Serial ATA Controller 1182 ASM1182e 2-Port PCIe x1 Gen2 Packet Switch 1b21 118f ASM1182e 2-Port PCIe x1 Gen2 Packet Switch 1184 ASM1184e 4-Port PCIe x1 Gen2 Packet Switch 1849 1184 ASM1184e 4-Port PCIe x1 Gen2 Packet Switch + 1187 ASM1187e 7-Port PCIe x1 Gen2 Packet Switch 1242 ASM1142 USB 3.1 Host Controller 1343 ASM1143 USB 3.1 Host Controller + 1812 ASM1812 6-Port PCIe x4 Gen2 Packet Switch 2142 ASM2142 USB 3.1 Host Controller 1462 7a72 H270 PC MATE 2824 ASM2824 PCIe Gen3 Packet Switch @@ -23392,6 +23556,8 @@ 2241 88NR2241 Non-Volatile memory controller 1028 2112 BOSS-N1 Monolithic 1028 2113 BOSS-N1 Modular + 1028 2151 BOSS-N1 Modular ET + 1028 2196 ROR-N100 1d49 0306 ThinkSystem M.2 NVMe 2-Bay RAID Enablement Kit 1d49 0307 ThinkSystem 7mm NVMe 2-Bay Rear RAID Enablement Kit 9120 88SE9120 SATA 6Gb/s Controller @@ -23401,6 +23567,7 @@ 9128 88SE9128 PCIe SATA 6 Gb/s RAID controller 9130 88SE9128 PCIe SATA 6 Gb/s RAID controller with HyperDuo 1043 8438 P8P67 Deluxe Motherboard + 9170 88SE9170 PCIe 2.0 x1 2-port SATA 6 Gb/s Controller 9172 88SE9172 SATA 6Gb/s Controller 9178 88SE9170 PCIe SATA 6Gb/s Controller 917a 88SE9172 SATA III 6Gb/s RAID Controller @@ -23532,9 +23699,54 @@ 1bb1 0151 Nytro 5520 # Kersey 2.5" TCG 1bb1 0152 Nytro 5520 TCG +# Nytro 5050H (Ebonhawk - High Performance) + 1bb1 0153 Nytro 5050H +# Nytro 5050H TCG (Ebonhawk High Performance) + 1bb1 0154 Nytro 5050H TCG +# Nytro 5050M (Ebonhawk Mainstream Performance) + 1bb1 0155 Nytro 5050M +# Nytro 5050M TCG (Ebonhawk Mainstream Performance) + 1bb1 0156 Nytro 5050M TCG +# Nytro 5050M (Ebonhawk Mainstream Performance) - 7mm + 1bb1 0157 Nytro 5050M 7mm +# Nytro 5050M (Ebonhawk Mainstream Performance) TCG - 7mm + 1bb1 0158 Nytro 5050M TCG 7mm +# Nytro 5060M (Rocinante Mainstream Performance) - 15mm + 1bb1 0159 Nytro 5060M +# Nytro 5050M TCG (Rocinante Mainstream Performance) - 15mm + 1bb1 0160 Nytro 5060M TCG +# Nytro 5060M 7mm (Rocinante Mainstream Performance) + 1bb1 0161 Nytro 5060M 7mm +# Nytro 5060M TCG (Rocinante Mainstream Performance) - 7mm + 1bb1 0162 Nytro 5060M TCG 7mm +# Nytro 5060H (Rocinante High Performance) + 1bb1 0163 Nytro 5060H +# Nytro 5060H TCG (Rocinante High Performance) + 1bb1 0164 Nytro 5060H TCG +# Nytro 5060H (Rocinante - High Performance) - E3.S 1T + 1bb1 0165 Nytro 5060H E3.S 1T +# Nytro 5060H (Rocinante - High Performance) - E3.S 1T TCG + 1bb1 0166 Nytro 5060H E3.S 1T TCG +# Nytro 5060H (Rocinante - High Performance) - E3.L 1T + 1bb1 0167 Nytro 5060H E3.L 1T +# Nytro 5060H (Rocinante - High Performance) - E3.L 1T TCG + 1bb1 0168 Nytro 5060H E3.L 1T TCG +# Nytro 5060M (Rocinante Mainstream Performance) - E3.S 1T + 1bb1 0169 Nytro 5060M E3.S 1T +# Nytro 5060M (Rocinante Mainstream Performance) - E3.S 1T TCG + 1bb1 0170 Nytro 5060M E3.S 1T TCG +# Nytro 5060M (Rocinante Mainstream Performance) - E3.L 1T + 1bb1 0171 Nytro 5060M E3.L 1T +# Nytro 5060M (Rocinante Mainstream Performance) - E3.L 1T TCG + 1bb1 0172 Nytro 5060M E3.L 1T TCG +# Nytro 5060M (Rocinante Mainstream Performance) - E1.S + 1bb1 0173 Nytro 5060M E1.S +# Nytro 5060M (Rocinante Mainstream Performance) - E1.S TCG + 1bb1 0174 Nytro 5060M E1.S TCG 1bb1 01a1 Nytro XP7102 5012 FireCuda 510 SSD 5016 FireCuda 520 SSD + 5018 FireCuda 530 SSD 1bb3 Bluecherry 4304 BC-04120A MPEG4 4 port video encoder / decoder 4309 BC-08240A MPEG4 4 port video encoder / decoder @@ -23688,8 +23900,22 @@ 1028 2149 DC NVMe SED PE8010 RI U.2 7.68TB 1028 214a DC NVMe PE8010 RI U.2 7.68TB 1c5c 0100 PE8000 Series NVMe Solid State Drive + 2849 PE81x0 U.2/3 NVMe Solid State Drive 1c5f Beijing Memblaze Technology Co. Ltd. 000d PBlaze5 520/526 + 000e PBlaze6 6530 + 1c5f 0b20 NVMe SSD PBlaze6 6530 1920G AIC + 1c5f 0b21 NVMe SSD PBlaze6 6530 1920G 2.5" U.2 + 1c5f 0b30 NVMe SSD PBlaze6 6530 3840G AIC + 1c5f 0b31 NVMe SSD PBlaze6 6530 3840G 2.5" U.2 + 1c5f 0b40 NVMe SSD PBlaze6 6530 7680G AIC + 1c5f 0b41 NVMe SSD PBlaze6 6530 7680G 2.5" U.2 + 1c5f 4b20 NVMe SSD PBlaze6 6530 1600G AIC + 1c5f 4b21 NVMe SSD PBlaze6 6530 1600G 2.5" U.2 + 1c5f 4b30 NVMe SSD PBlaze6 6530 3200G AIC + 1c5f 4b31 NVMe SSD PBlaze6 6530 3200G 2.5" U.2 + 1c5f 4b40 NVMe SSD PBlaze6 6530 6400G AIC + 1c5f 4b41 NVMe SSD PBlaze6 6530 6400G 2.5" U.2 003d PBlaze5 920/926 003e PBlaze6 6920 1c5f 0a31 NVMe SSD PBlaze6 6920 3840GB 2.5" U.2 @@ -23738,6 +23964,8 @@ 0002 Clarett 1cb8 Dawning Information Industry Co., Ltd. 1cc1 ADATA Technology Co., Ltd. +# 256GB NVMe SSD + 5766 ADATA XPG GAMMIXS1 1L Media 8201 XPG SX8200 Pro PCIe Gen3x4 M.2 2280 Solid State Drive 1cc4 Union Memory (Shenzhen) 1203 NVMe SSD Controller UHXXXa series @@ -23751,6 +23979,7 @@ 1cc4 a213 NVMe SSD UHXXXa series U.2 3200GB 1cc4 a214 NVMe SSD UHXXXa series U.2 6400GB 17ab NVMe 256G SSD device + 6303 AM630 PCIe 4.0 x4 NVMe SSD Controller 1cc5 Embedded Intelligence, Inc. 0100 CAN-PCIe-02 1cc7 Radian Memory Systems Inc. @@ -23906,10 +24135,16 @@ 0001 AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 00b1 AQC100 10G Ethernet MAC controller [AQtion] 07b1 AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] +# Older revision of QNAP QM2 M.2 2280 PCIe SSD & 10GbE Expansion Card + 1baa 07b1 QM2-2P10G1TA [QXG 10GbE Network Adapter] +# Newer revision of QNAP QM2 M.2 2280 PCIe SSD & 10GbE Expansion Card + 1baa 07b2 QM2-2P10G1TA [QM2 Expansion Adapter] 08b1 AQC108 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 11b1 AQC111 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 12b1 AQC112 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 87b1 AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] + 94c0 AQC113CS NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] + 1043 87f5 ProArt X570-CREATOR WIFI d107 AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 1043 8741 XG-C100C d108 AQC108 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] @@ -23946,6 +24181,7 @@ 101c AR-ARK-SRIOV-VF [Arkville Virtual Function] 101d AR-ARK-NIC [Arkville ArkNIC Kernel Path Device] 101e AR-ARKA-FX1 [Arkville 64B DPDK Data Mover for Agilex R-Tile] + 101f AR-TK242 [2x100GbE Packet Capture Device] 4200 A5PL-E1-10GETI [10 GbE Ethernet Traffic Instrument] 1d72 Xiaomi 1d78 DERA Storage @@ -24157,6 +24393,9 @@ 2000 NoLoad Hardware Development Kit 3000 eBPF-based PCIe Accelerator 1ded Alibaba (China) Co., Ltd. +# A RDMA (iWarp) device provided by Alibaba Cloud used in ECS environment + 107f Elastic RDMA Adapter + 5007 Elastic RDMA Adapter 8000 M1 Root Port 8001 ACC-RCiEP 8002 RCiEP VF @@ -24264,9 +24503,20 @@ 1028 210e Dell Ent NVMe FIPS CM6 MU 1.6TB 1028 210f Dell Ent NVMe FIPS CM6 MU 3.2TB 1028 2110 Dell Ent NVMe FIPS CM6 MU 6.4TB - 1e0f 0001 Generic NVMe CM6 RI 3.84TB + 1e0f 0001 Generic NVMe CM6 0009 NVMe SSD 1e0f 0001 Toshiba RC500 NVMe SSD 500GB + 0011 NVMe SSD Controller CD7 + 1028 2189 DC NVMe SED CD7 RI 960GB + 1028 218a DC NVMe CD7 RI 960GB + 1028 218b DC NVMe SED CD7 RI 1.92TB + 1028 218c DC NVMe CD7 RI 1.92TB + 1028 218d DC NVMe SED CD7 RI 3.84TB + 1028 218e DC NVMe CD7 RI 3.84TB + 1028 218f DC NVMe SED CD7 RI 7.68TB + 1028 2190 DC NVMe CD7 RI 7.68TB + 1028 2191 DC NVMe SED CD7 RI 15.36TB + 1028 2192 DC NVMe CD7 RI 15.36TB 1e17 Arnold & Richter Cine Technik GmbH & Co. Betriebs KG 1e24 Squirrels Research Labs 0101 Acorn CLE-101 @@ -24296,7 +24546,7 @@ 0102 Xplorer X1600 # https://www.medion.com/ 1e39 MEDION AG -1e3b Shenzhen DAPU Microelectronics Co., Ltd +1e3b DapuStor Corporation 0600 NVMe SSD Controller DPU600 1e3b 0030 Enterprise NVMe SSD U.2 3.84TB (J5100) 1e3b 0031 Enterprise NVMe SSD U.2 7.68TB (J5100) @@ -24359,6 +24609,7 @@ 1e3b 0091 Enterprise NVMe SSD HHHL 0.75TB (H3900) 1e3d Burlywood, Inc 1e49 Yangtze Memory Technologies Co.,Ltd + 0041 ZHITAI TiPro7000 # YMTC PCIe/NVMe SSD 1013 PC210 1e4b MAXIO Technology (Hangzhou) Ltd. @@ -24377,6 +24628,9 @@ 0000 0100 PY8800 64GB Accelerator 1e59 Oxford Nanopore Technologies 0001 MinION Mk1C +1e5d ASR Microelectronics + 7000 AI controller A7000 + 7010 AI controller A7010 1e60 Hailo Technologies Ltd. 2864 Hailo-8 AI Processor 1e68 Jiangsu Xinsheng Intelligent Technology Co., Ltd @@ -24414,14 +24668,29 @@ 1eab Hefei DATANG Storage Technology Co.,LTD. 300a NVMe SSD Controller 300A 300b NVMe SSD Controller 300B +1eac Quectel Wireless Solutions Co., Ltd. + 1001 EM120R-GL LTE Modem + 1002 EM160R-GL LTE Modem 1eae XFX Limited 1eb1 VeriSilicon Inc 1001 Video Accelerator +1eb4 Quantum Nebula Microelectronics Technology Co.,Ltd. + 3401 SSD Contoller 1ebd EMERGETECH Company Ltd. 0101 Seirios 2063 Video Codec 1ed2 FuriosaAI, Inc. 0000 Warboy 1ed3 Yeston +1ed5 Moore Threads Technology Co.,Ltd + 0100 MTT S10 + 0101 MTT S10 + 0102 MTT S30 + 0105 MTT S50 + 0106 MTT S60 + 0111 MTT S100 + 0121 MTT S1000M + 0122 MTT S1000 + 0123 MTT S2000 1ed8 Digiteq Automotive 0101 FG4 PCIe Frame Grabber 1ed9 Myrtle.ai @@ -24429,6 +24698,9 @@ 1eec Viscore Technologies Ltd 0102 VSE250231S Dual-port 10Gb/25Gb Ethernet PCIe 1eec VSE250231S Dual-port 10Gb/25Gb Ethernet PCIe +1eed Xiangdixian Computing Technology (Chongqing) Ltd. + 0100 XDX P100 VGA controller + 0101 XDX P101 High Definition Audio Controller 1efb Flexxon Pte Ltd 1f02 Beijing Dayu Technology 1f03 Shenzhen Shichuangyi Electronics Co., Ltd @@ -24439,6 +24711,13 @@ 5220 IG5220-Based NVMe SSD 5236 IG5236-Based NVMe SSD 5636 IG5636-Based NVMe SSD +1f2f China Mobile (Hangzhou) Information Technology Co.Ltd. + 1513 DERA MENG NVMe Controller + 1f2f 6113 KM660 U.2 1.6TB NVMe SSD + 1f2f 6114 KM560 U.2 1.92TB NVMe SSD + 1f2f 6115 KM660 U.2 3.2TB NVMe SSD + 1f2f 6116 KM560 U.2 3.84TB NVMe SSD + 1f2f 6118 KM560 U.2 7.68TB NVMe SSD 1fab Unifabrix Ltd. 0000 Nexus Alpha IVPU # nee Tumsan Oy @@ -24952,6 +25231,8 @@ 0d10 SB-365x Motion Feedback Device 2f00 SB-3642 Motion Feedback Device 3000 SB-3644 Motion Feedback Device +4e58 Nutanix, Inc. + 0001 Virtual NVMe Controller 5045 University of Toronto 4243 BLASTbus PCI Interface Card v1 5046 GemTek Technology Corporation @@ -25182,6 +25463,12 @@ 1400 CooVOX TDM GSM Module 1600 CooVOX TDM E1/T1 Module 1800 CooVOX TDM BRI Module +6766 Glenfly Tech Co., Ltd. + 3d00 Arise-GT-10C0 + 3d02 Arise 1020 + 3d40 Arise-GT-10C0 High Definition Audio Controller + 3d41 Arise 1020 High Definition Audio Controller +6899 ZT Systems # nee Qumranet 6900 Red Hat, Inc. 7063 pcHDTV @@ -25194,6 +25481,9 @@ 7401 EndRun Technologies e100 PTP3100 PCIe PTP Slave Clock 7470 TP-LINK Technologies Co., Ltd. +7526 HongQin (Beijing) Technology Co., Ltd. + 0082 HQ SSD 1TB + 0083 HQ SSD 2TB M.2 NVMe 7604 O.N. Electronic Co Ltd. 7bde MIDAC Corporation 7fed PowerTV @@ -26006,6 +26296,12 @@ 1028 2102 NVMe RI U.2 1.92TB (P5500) 1028 2103 NVMe RI U.2 3.84TB (P5500) 1028 2104 NVMe RI U.2 7.68TB (P5500) + 1028 219a NVMe P5316 RI 15.36TB + 1028 219b NVMe P5316 RI 30.72TB + 1028 219c NVMe SED P5316 RI 15.36 + 1028 219d NVMe SED P5316 RI 30.72 + 1028 219e NVMe FIPS P5316 RI 15.36TB + 1028 219f NVMe FIPS P5316 RI 30.72 8086 8008 NVMe Datacenter SSD [3DNAND] SE 2.5" U.2 (P5510) 8086 8d08 NVMe Datacenter SSD [3DNAND] VE 2.5" U.2 (P5316) 8086 8d1d NVMe Datacenter SSD [3DNAND] VE E1.L 9.5/18mm (P5316) @@ -26114,8 +26410,16 @@ 8086 0001 Ethernet Controller XXV710 Intel(R) FPGA Programmable Acceleration Card N3000 for Networking 0d9f Ethernet Controller (2) I225-IT 0dd2 Ethernet Network Adapter I710 + 1137 0000 I710T4LG 4x1 GbE RJ45 PCIe NIC + 1137 02e3 I710T4LG 4x1 GbE RJ45 PCIe NIC + 8086 0000 Ethernet Network Adapter I710-T4L 8086 000d Ethernet Network Adapter I710-T4L 8086 0010 Ethernet Network Adapter I710-T4L for OCP 3.0 + 8086 401a Ethernet Network Adapter I710-T4L + 8086 401b Ethernet Network Adapter I710-T4L for OCP 3.0 + 0dd5 Ethernet Adaptive Virtual Function + 0dda Ethernet Connection X722 for 10GbE SFP+ + 1bd4 0076 Ethernet Connection F102IX722 for 10GbE SFP 0e00 Xeon E7 v2/Xeon E5 v2/Core i7 DMI2 1028 04f7 Xeon E5 v2 on PowerEdge R320 server 15d9 066b X9SRL-F @@ -27466,8 +27770,13 @@ 8086 000c Ethernet 100G 2P E810-C OCP 8086 000d Ethernet Network Adapter E810-L-Q2 for OCP 3.0 8086 000e Ethernet Network Adapter E810-2C-Q2 + 8086 000f Ethernet Network Adapter E810-C-Q2T + 8086 0010 Ethernet 100G 2P E810-C-stg Adapter + 8086 0011 Ethernet Network Adapter E810-C-Q1 for OCP3.0 1593 Ethernet Controller E810-C for SFP 1137 02c3 E810XXVDA4 4x25/10 GbE SFP28 PCIe NIC + 1137 02e9 E810XXVDA4TG 4x25/10 GbE SFP28 PCIe NIC + 1137 02ea E810XXVDA4T 4x25/10 GbE SFP28 PCIe NIC 8086 0002 Ethernet Network Adapter E810-L-2 8086 0005 Ethernet Network Adapter E810-XXV-4 8086 0006 Ethernet Network Adapter E810-XXV-4 @@ -27478,7 +27787,12 @@ 8086 000c Ethernet Network Adapter E810-XXV-4 for OCP 3.0 8086 000d Ethernet 25G 4P E810-XXV OCP 8086 000e Ethernet Network Adapter E810-XXV-4T + 8086 000f Ethernet 25G 4P E810-XXV-stg Adapter + 8086 0010 Ethernet 25G 4P E810-XXV-st Adapter + 8086 4010 Ethernet Network Adapter E810-XXV-4 + 8086 4013 Ethernet Network Adapter E810-XXV-4 for OCP 3.0 1599 Ethernet Controller E810-XXV for backplane + 8086 0001 Ethernet 25G 2P E810-XXV-k Mezz 159a Ethernet Controller E810-XXV for QSFP 159b Ethernet Controller E810-XXV for SFP 1137 02be E810XXVDA2 2x25/10 GbE SFP28 PCIe NIC @@ -27493,6 +27807,7 @@ 8086 4001 Ethernet Network Adapter E810-XXV-2 8086 4002 Ethernet Network Adapter E810-XXV-2 for OCP 3.0 8086 4003 Ethernet Network Adapter E810-XXV-2 + 8086 4015 Ethernet Network Adapter E810-XXV-2 for OCP 3.0 15a0 Ethernet Connection (2) I218-LM 15a1 Ethernet Connection (2) I218-V 15a2 Ethernet Connection (3) I218-LM @@ -31187,6 +31502,7 @@ 3432 5520/5500/X58 Chipset QuickData Technology Device 3433 5520/5500/X58 Chipset QuickData Technology Device 3438 7500/5520/5500/X58 I/O Hub Throttle Registers + 347e Ice Lake Xeon Non-Transparent Bridge 3482 Ice Lake-LP LPC Controller 34a3 Ice Lake-LP SMBus Controller 34a4 Ice Lake-LP SPI Controller @@ -31198,6 +31514,7 @@ 34b7 Ice Lake-LP PCI Express Root Port #16 34ba Ice Lake-LP PCI Express Root Port #3 34bc Ice Lake-LP PCI Express Root Port #5 + 34c4 Ice Lake-LP SD Host Controller 34c5 Ice Lake-LP Serial IO I2c Controller #4 34c6 Ice Lake-LP Serial IO I2c Controller #5 34c8 Ice Lake-LP Smart Sound Technology Audio Controller @@ -31997,8 +32314,10 @@ 8086 02a4 Wireless-AC 9462 444e Turbo Memory Controller 460d 12th Gen Core Processor PCI Express x16 Controller #1 + 461d Alder Lake Innovation Platform Framework Processor Participant 461e Alder Lake-P Thunderbolt 4 USB Controller 461f Alder Lake-P Thunderbolt 4 PCI Express Root Port #3 + 4626 Alder Lake-P Integrated Graphics Controller 4629 12th Gen Core Processor Host Bridge/DRAM Registers 462f Alder Lake-P Thunderbolt 4 PCI Express Root Port #2 463d 12th Gen Core Processor PCI Express x4 Controller #2 @@ -32007,6 +32326,7 @@ 4641 12th Gen Core Processor Host Bridge/DRAM Registers 464d 12th Gen Core Processor PCI Express x4 Controller #0 464f 12th Gen Core Processor Gaussian & Neural Accelerator + 4660 12th Gen Core Processor Host Bridge/DRAM Registers 466d Alder Lake-P Thunderbolt 4 NHI #1 466e Alder Lake-P Thunderbolt 4 PCI Express Root Port #0 467d Platform Monitoring Technology @@ -32015,6 +32335,7 @@ 46a0 AlderLake-P GT2 46a1 UHD Graphics 46a3 Alder Lake-P GT1 [UHD Graphics] + 46a6 Alder Lake-P Integrated Graphics Controller 46c0 AlderLake-M GT1 4905 DG1 [Iris Xe MAX Graphics] 4906 DG1 [Iris Xe Pod] @@ -32026,8 +32347,9 @@ 4c8b RocketLake-S GT1 [UHD Graphics 730] 4c90 RocketLake-S GT1 [UHD Graphics P750] 4c9a RocketLake-S [UHD Graphics] - 4da3 JaserLake SMBus - 4da4 JaserLake SPI (flash) Controller + 4da3 Jasper Lake SMBus + 4da4 Jasper Lake SPI Controller + 4dc8 Jasper Lake HD Audio 4de0 Management Engine Interface 4de8 Serial IO I2C Host Controller 4de9 Serial IO I2C Host Controller @@ -32088,8 +32410,11 @@ 504b EP80579 Reserved 504c EP80579 Integrated Processor with QuickAssist TDM 5181 Alder Lake PCH-P LPC/eSPI Controller + 5182 Alder Lake PCH eSPI Controller 51a3 Alder Lake PCH-P SMBus Host Controller 51a4 Alder Lake-P PCH SPI Controller + 51a8 Alder Lake PCH UART #0 + 51a9 Alder Lake PCH UART #1 51bf Alder Lake PCH-P PCI Express Root Port #9 51c5 Alder Lake-P Serial IO I2C Controller #0 51c6 Alder Lake-P Serial IO I2C Controller #1 @@ -32471,6 +32796,20 @@ 10b4 202f Lightspeed 740 8086 0000 Terminator 2x/i 8086 0100 Intel740 Graphics Accelerator +# Unlike other PCH components. The eSPI controller is specific to each chipset model + 7a84 Z690 Chipset LPC/eSPI Controller + 7aa3 Alder Lake-S PCH SMBus Controller + 7aa4 Alder Lake-S PCH SPI Controller + 7aa7 Alder Lake-S PCH Shared SRAM + 7ab4 Alder Lake-S PCH PCI Express Root Port #13 + 7abd Alder Lake-S PCH PCI Express Root Port #6 + 7acc Alder Lake-S PCH I2C Controller #0 + 7ad0 Alder Lake-S HD Audio Controller + 7ae0 Alder Lake-S PCH USB 3.2 Gen 2x2 XHCI Controller + 7ae2 Alder Lake-S PCH SATA Controller [AHCI Mode] + 7ae8 Alder Lake-S PCH HECI Controller #1 + 7af0 Alder Lake-S PCH CNVi WiFi + 8086 0094 Wi-Fi 6 AX201 160MHz 8002 Trusted Execution Technology Registers 8003 Trusted Execution Technology Registers 8100 US15W/US15X SCH [Poulsbo] Host Bridge @@ -32552,6 +32891,7 @@ 8a23 Ice Lake Thunderbolt 3 PCI Express Root Port #3 8a51 Iris Plus Graphics G7 (Ice Lake) 8a52 Iris Plus Graphics G7 + 8a53 Iris Plus Graphics G7 8a56 Iris Plus Graphics G1 (Ice Lake) 8a5a Iris Plus Graphics G4 (Ice Lake) 8a5c Iris Plus Graphics G4 (Ice Lake) @@ -32840,6 +33180,7 @@ 1028 09be Latitude 7410 9b63 10th Gen Core Processor Host Bridge/DRAM Registers 9b64 10th Gen Core Processor Host Bridge/DRAM Registers + 9ba8 CometLake-S GT1 [UHD Graphics 610] 9bc4 CometLake-H GT2 [UHD Graphics] 9bc5 CometLake-S GT2 [UHD Graphics 630] 9bc8 CometLake-S GT2 [UHD Graphics 630] @@ -33040,6 +33381,7 @@ 9d3d Sunrise Point-LP Active Management Technology - SOL 103c 8079 EliteBook 840 G3 17aa 2247 ThinkPad T570 + 9d3e iTouch Controller 9d43 Sunrise Point-LP LPC Controller 17aa 382a B51-80 Laptop 9d46 LPC/eSPI Controller @@ -33094,6 +33436,7 @@ 9da4 Cannon Point-LP SPI Controller 9da8 Cannon Point-LP Serial IO UART Controller #2 9daa Cannon Point-LP Serial IO SPI Controller + 9dab Cannon Point-LP Serial IO SPI Controller 9db0 Cannon Point-LP PCI Express Root Port #9 9db1 Cannon Point-LP PCI Express Root Port #10 9db2 Cannon Point-LP PCI Express Root Port #1 @@ -33104,6 +33447,7 @@ 9dbc Cannon Point-LP PCI Express Root Port #5 9dbe Cannon Point-LP PCI Express Root Port #7 9dbf Cannon Point PCI Express Root Port #8 + 9dc4 Cannon Point-LP SD Host Controller 9dc5 Cannon Point-LP Serial IO I2C Host Controller 9dc8 Cannon Point-LP High Definition Audio Controller 1028 089e Inspiron 5482 @@ -33467,7 +33811,7 @@ a397 Comet Lake PCI Express Root Port #08 a398 Comet Lake PCI Express Root Port 9 a39a Comet Lake PCI Express Root Port 11 - a3a1 Memory controller + a3a1 Cannon Lake PCH Power Management Controller a3a3 Comet Lake PCH-V SMBus Host Controller a3af Comet Lake PCH-V USB Controller a3b1 Comet Lake PCH-V Thermal Subsystem @@ -33586,6 +33930,7 @@ 2008 Video assistant component 8820 Stryker Corporation 2724 Mako Front Side Motor Controller [cPCI] +8848 Wuxi Micro Innovation Integrated Circuit Design Co.,Ltd 8866 T-Square Design Inc. 8888 Silicon Magic 8912 TRX @@ -33958,6 +34303,12 @@ 1bd4 0070 RS0800M5E24i 1bd4 0071 RS0800M5H16i 1bd4 0072 RS0800M5E16i + 1bd4 0077 RS0800M5E16iM + 1bd4 0078 RS0800M5E24iM + 1bd4 0079 RS0800M5H24iM + 1bd4 0080 RS0804M5R16iM + 1cc4 0101 Ramaxel FBGF-RAD PM8204 + 1cc4 0201 Ramaxel FBGF-RAD PM8222 1d49 0220 ThinkSystem 4350-8i SAS/SATA 12Gb HBA 1d49 0221 ThinkSystem 4350-16i SAS/SATA 12Gb HBA 1d49 0520 ThinkSystem RAID 5350-8i PCIe 12Gb Adapter @@ -34244,6 +34595,8 @@ cddd Tyzx, Inc. 0101 DeepSea 1 High Speed Stereo Vision Frame Grabber 0200 DeepSea 2 High Speed Stereo Vision Frame Grabber ceba KEBA AG +cf86 Spectrum-4TOR + 0276 Spectrum-4TOR in Flash Recovery Mode d161 Digium, Inc. 0120 Wildcard TE120P single-span T1/E1/J1 card 0205 Wildcard TE205P/TE207P dual-span T1/E1/J1 card 5.0V @@ -34583,7 +34936,6 @@ C 05 Memory controller 01 FLASH memory 02 CXL 00 CXL Memory Device - vendor specific -# Devices compliant to CXL spec 10 CXL Memory Device (CXL 2.x) 80 Memory controller C 06 Bridge @@ -34728,8 +35080,7 @@ C 11 Signal processing controller 80 Signal processing controller C 12 Processing accelerators 00 Processing accelerators -# For the class of PCI attached devices which perform a function of Deep Learning Neural Network inference acceleration - 01 AI Inference Accelerator + 01 SNIA Smart Data Accelerator Interface (SDXI) controller C 13 Non-Essential Instrumentation C 40 Coprocessor C ff Unassigned class diff --git a/hwdb.d/pnp_id_registry.html b/hwdb.d/pnp_id_registry.html index 9b98e18c667..ac15190e4cd 100644 --- a/hwdb.d/pnp_id_registry.html +++ b/hwdb.d/pnp_id_registry.html @@ -1262,7 +1262,7 @@ MatroxMTX11/29/1996 Mat's ComputersMCQ07/22/2004 Matsushita Communication Industrial Co., Ltd.WPA03/15/2001 - Matsushita Electric Ind. Company LtdMAT11/29/1996 + Panasonic Connect Co.,Ltd.MAT04/01/2022 MaxCom Technical IncMTI11/29/1996 MaxData Computer AGVOB02/21/2000 MaxData Computer GmbH & Co.KGMXD04/19/2000 @@ -2499,6 +2499,9 @@ Kopin CorporationKOP10/01/2021 Anker Innovations LimitedAKR12/10/2021 SAMPO CORPORATIONSPO12/10/2021 + Shiftall Inc.SFL12/31/2021 + AudioControlAUD12/31/2021 + Schneider Consumer GroupSCA02/08/2022 diff --git a/hwdb.d/usb.ids b/hwdb.d/usb.ids index 1b9f9f82bae..8e19afff931 100644 --- a/hwdb.d/usb.ids +++ b/hwdb.d/usb.ids @@ -9,8 +9,8 @@ # The latest version can be obtained from # http://www.linux-usb.org/usb.ids # -# Version: 2021.10.24 -# Date: 2021-10-24 20:34:08 +# Version: 2022.04.13 +# Date: 2022-04-13 20:34:10 # # Vendors, devices and interfaces. Please keep sorted. @@ -2712,6 +2712,8 @@ 0845 ConferenceCam CC3000e Camera 0846 ConferenceCam CC3000e Speakerphone 084b ConferenceCam Connect Video + 084c ConferenceCam Connect Audio + 084e ConferenceCam Connect 0850 QuickCam Web 0857 Logi Group Speakerphone 085c C922 Pro Stream Webcam @@ -2764,7 +2766,7 @@ 08d7 QuickCam Communicate STX 08d8 QuickCam for Notebook Deluxe 08d9 QuickCam IM/Connect - 08da QuickCam Messanger + 08da QuickCam Messenger 08dd QuickCam for Notebooks 08e0 QuickCam Express 08e1 Labtec Webcam @@ -2903,7 +2905,7 @@ c06a USB Optical Mouse c06b G700 Wireless Gaming Mouse c06c Optical Mouse - c077 M105 Optical Mouse + c077 Mouse c07c M-R0017 [G700s Rechargeable Gaming Mouse] c07d G502 Mouse c07e G402 Gaming Mouse @@ -2911,7 +2913,7 @@ c083 G403 Prodigy Gaming Mouse c084 G203 Gaming Mouse c08b G502 SE HERO Gaming Mouse - c092 G203 LIGHTSYNC Gaming Mouse + c092 G102/G203 LIGHTSYNC Gaming Mouse c101 UltraX Media Remote c110 Harmony 785/880/885 Remote c111 Harmony 525 Remote @@ -3060,6 +3062,7 @@ c532 Unifying Receiver c534 Unifying Receiver c537 Cordless Mouse Receiver + c539 Cordless Mouse Receiver c53a PowerPlay Wireless Charging System c53d G631 Keyboard c603 3Dconnexion Spacemouse Plus XT @@ -3409,6 +3412,12 @@ 069b ECOSYS M2635dn 06b4 ECOSYS M5526cdw 0483 STMicroelectronics + 0102 Remote NDIS Network device with Android debug (ADB) + 0103 Remote NDIS Network device + 0104 MTP device with Android debug (ADB) + 0105 MTP device + 0106 PTP device with Android debug (ADB) + 0107 PTP device 0137 BeWAN ADSL USB ST (blue or green) 0138 Unicorn II (ST70138B + MTC-20174TQ chipset) 0adb Android Debug Bridge (ADB) device @@ -14961,6 +14970,10 @@ 0e23 Liou Yuane Enterprise Co., Ltd 0e25 VinChip Systems, Inc. 0e26 J-Phone East Co., Ltd +0e2e Brady Worldwide, Inc. + 000b BMP 51 + 000c BMP 61 + 000d BMP 41 0e30 HeartMath LLC 0e34 Micro Computer Control Corp. 0e35 3Pea Technologies, Inc. @@ -19572,10 +19585,11 @@ 5512 CH341 in EPP/MEM/I2C mode, EPP/I2C adapter 5523 CH341 in serial mode, usb to serial port converter 5584 CH341 in parallel mode, usb to printer port converter + 7522 CH340 serial converter 7523 CH340 serial converter 752d CH345 MIDI adapter 7584 CH340S - e008 HID-based serial adapater + e008 HID-based serial adapter 1a89 Dynalith Systems Co., Ltd. 1a8b SGS Taiwan Ltd. 1a8d BandRich, Inc. @@ -20338,7 +20352,7 @@ 6052 APB Team Robotic Development Board 6053 Darkgame Controller 6054 Satlab/AAUSAT3 BlueBox - 6055 RADiuS ER900TRS-02 transciever with SMA Connector + 6055 RADiuS ER900TRS-02 transceiver with SMA Connector 6056 The Glitch 6057 OpenPipe MIDI Shield 6058 Novena OTG port @@ -20475,10 +20489,10 @@ 60ec Duet 2 WiFi or Duet 2 Ethernet 3D printer control electronics 60ed Duet 2 Maestro 3D printer control electronics 60ee Duet 3 motion control electronics - 60f0 UDAD-T1 data aquisition device (boot) - 60f1 UDAD-T1 data aquisition device - 60f2 UDAD-T2 data aquisition device (boot) - 60f3 UDAD-T2 data aquisition device + 60f0 UDAD-T1 data acquisition device (boot) + 60f1 UDAD-T1 data acquisition device + 60f2 UDAD-T2 data acquisition device (boot) + 60f3 UDAD-T2 data acquisition device 60f4 Uniti ARC motor controller 60f5 EightByEight Blinky Badge (DFU) 60f6 EightByEight Blinky Badge @@ -20494,6 +20508,7 @@ 6118 Thomson MO5 keyboard 6122 Ultimate Hacking Keyboard 614c dwtk In-Circuit Emulator + 614d Generic Display 8085 Box0 (box0-v5) cc15 rad1o badge for CCC summer camp 2015 1d57 Xenta @@ -20511,7 +20526,7 @@ ad03 [T3] 2.4GHz and IR Air Mouse Remote Control af01 AUVIO Universal Remote Receiver for PlayStation 3 af03 Wireless Receiver - fa20 2.4GHz Wireless Reciever (Mini Keyboard & Mouse) + fa20 2.4GHz Wireless Receiver (Mini Keyboard & Mouse) 1d5b Smartronix, Inc. 1d5c Fresco Logic 2000 FL2000/FL2000DX VGA/DVI/HDMI Adapter @@ -20819,7 +20834,12 @@ 0001 Wi-Fi Body Scale (WBS01) 1fba DERMALOG Identification Systems GmbH 1fbd Delphin Technology AG - 0001 Expert Key - Data aquisition system + 0001 Expert Key - Data acquisition system + 0004 MetiOS Device (RNDIS) + 0005 Loggito + 0006 LoggitoLab 8 AI-RTD + 0007 LoggitoLab 8 TC + 0008 LoggitoLab 4 AI-RTD 4 TC 1fc9 NXP Semiconductors 0003 LPC1343 000c LPC4330FET180 [ARM Cortex M4 + M0] (device firmware upgrade mode) @@ -22644,6 +22664,14 @@ f190 MSO-19 f280 MSO-28 f281 MSO-28 +3197 Katusha + 1001 M151 + 1002 M250 + 1003 P130 + 1004 M130 + 1101 P247 + 1102 M247 + 1103 M348 31c9 BeiJing LanXum Computer Technology Co., Ltd. 1001 Printer 1301 Black and White Laser Printer @@ -23238,7 +23266,12 @@ 0780 CS780 Microphone Input 07d3 BLOB boot loader firmware 07dc Bluetooth 4.0* Smart Ready (low energy) + 0a66 RealSense 3D Camera (Front F200) + 0aa5 RealSense SR300 + 0ad2 RealSense D410 + 0ad3 RealSense D415 0b07 RealSense D435 + 0b64 RealSense L515 0dad Cherry MiniatureCard Keyboard 1010 AnyPoint(TM) Home Network 10 Mbps Phoneline Adapter 110a Bluetooth Controller from (Ericsson P4A) @@ -23264,6 +23297,7 @@ 9303 8x930Hx Hub 9500 CE 9500 DVB-T 9890 82930 Test Board + a36d Host Controller beef SCM Miniature Card Reader/Writer c013 Wireless HID Station dead Galileo @@ -23278,7 +23312,6 @@ 0032 AX210 Bluetooth 0716 Modem Flashloader 07da Centrino Bluetooth Wireless Transceiver - 8087 07da Centrino Advanced-N 6235 07db Atom C2000 Root Hub 07dc Bluetooth wireless interface 07eb Oaktrail tablet From 4a31fa2fb040005b73253da75cf84949b8485175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 28 Apr 2022 19:42:25 +0200 Subject: [PATCH 305/703] hwdb: run "update-hwdb-autosuspend" --- hwdb.d/60-autosuspend-fingerprint-reader.hwdb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/hwdb.d/60-autosuspend-fingerprint-reader.hwdb b/hwdb.d/60-autosuspend-fingerprint-reader.hwdb index 91a07937472..9704680cd11 100644 --- a/hwdb.d/60-autosuspend-fingerprint-reader.hwdb +++ b/hwdb.d/60-autosuspend-fingerprint-reader.hwdb @@ -137,6 +137,7 @@ usb:v04F3p0C32* usb:v04F3p0C33* usb:v04F3p0C3D* usb:v04F3p0C42* +usb:v04F3p0C4B* usb:v04F3p0C4D* usb:v04F3p0C4F* usb:v04F3p0C63* @@ -148,6 +149,7 @@ usb:v04F3p0C58* # Supported by libfprint driver elanmoc usb:v04F3p0C7D* usb:v04F3p0C7E* +usb:v04F3p0C82* ID_AUTOSUSPEND=1 ID_PERSIST=0 @@ -185,13 +187,13 @@ usb:v06CBp00DF* usb:v06CBp00F9* usb:v06CBp00FC* usb:v06CBp00C2* -usb:v06CBp00C9* usb:v06CBp0100* usb:v06CBp00F0* usb:v06CBp0103* usb:v06CBp0123* usb:v06CBp0126* usb:v06CBp0129* +usb:v06CBp0168* ID_AUTOSUSPEND=1 ID_PERSIST=0 @@ -261,7 +263,6 @@ usb:v138Ap0091* # Known unsupported devices usb:v04F3p036B* usb:v04F3p0C00* -usb:v04F3p0C4B* usb:v04F3p0C4C* usb:v04F3p0C57* usb:v04F3p0C5E* @@ -272,15 +273,19 @@ usb:v06CBp008A* usb:v06CBp009A* usb:v06CBp009B* usb:v06CBp00A2* +usb:v06CBp00A8* usb:v06CBp00B7* usb:v06CBp00BB* usb:v06CBp00BE* usb:v06CBp00C4* usb:v06CBp00CB* +usb:v06CBp00C9* usb:v06CBp00D8* usb:v06CBp00DA* +usb:v06CBp00DC* usb:v06CBp00E7* usb:v06CBp00E9* +usb:v06CBp00FD* usb:v0A5Cp5801* usb:v0A5Cp5805* usb:v0A5Cp5834* @@ -292,6 +297,7 @@ usb:v0A5Cp5844* usb:v0A5Cp5845* usb:v0BDAp5812* usb:v10A5p0007* +usb:v10A5p9200* usb:v1188p9545* usb:v138Ap0007* usb:v138Ap003A* @@ -309,6 +315,7 @@ usb:v1491p0088* usb:v16D1p1027* usb:v1C7Ap0300* usb:v1C7Ap0575* +usb:v1C7Ap0576* usb:v27C6p5042* usb:v27C6p5110* usb:v27C6p5117* @@ -328,7 +335,9 @@ usb:v27C6p55A2* usb:v27C6p55A4* usb:v27C6p55B4* usb:v27C6p5740* +usb:v27C6p5E0A* usb:v2808p9338* +usb:v298Dp2020* usb:v298Dp2033* usb:v3538p0930* ID_AUTOSUSPEND=1 From b3b66a7a0e5048f58c30d564c25a9fa7158176c1 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 5 Apr 2022 22:11:55 +0100 Subject: [PATCH 306/703] semaphoreci: check keys.opengpgp.org first Always resolves and it's faster than the others + for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com" + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 1 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 4 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 9 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 16 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 25 + for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com" + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 1 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 4 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 9 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 16 + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net Setting up the GPG keyring ERROR: Unable to fetch GPG key from keyserver lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64 + sleep 25 + for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com" + for retry in {1..5} + sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.openpgp.org Setting up the GPG keyring Downloading the image index Downloading the rootfs (cherry picked from commit 93de997d1249830cba73cb6c07f1e8dd54776fa0) --- .semaphore/semaphore-runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index d02b449e0eb..f42ac1d1957 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -21,7 +21,7 @@ UBUNTU_RELEASE="$(lsb_release -cs)" create_container() { # Create autopkgtest LXC image; this sometimes fails with "Unable to fetch # GPG key from keyserver", so retry a few times with different keyservers. - for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com"; do + for keyserver in "keys.openpgp.org" "" "keyserver.ubuntu.com" "keys.gnupg.net"; do for retry in {1..5}; do sudo lxc-create -n "$CONTAINER" -t download -- -d "$DISTRO" -r "$RELEASE" -a "$ARCH" ${keyserver:+--keyserver "$keyserver"} && break 2 sleep $((retry*retry)) From 1bf61b557009b8af5ab56b39263dbaf80eed1432 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 5 Apr 2022 22:23:49 +0100 Subject: [PATCH 307/703] semaphoreci: run dhclient manually on setup For some reason the guest container stopped having its network interface configured. Run the dhcp client manually. (cherry picked from commit 9a6260b19460aca3b343ac4485be93eeb85d13b4) --- .semaphore/semaphore-runner.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index f42ac1d1957..8b2d843f567 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -36,8 +36,11 @@ create_container() { # enable source repositories so that apt-get build-dep works sudo lxc-attach -n "$CONTAINER" -- sh -ex <> /etc/apt/sources.list.d/sources.list -# wait until online -while [ -z "\$(ip route list 0/0)" ]; do sleep 1; done +# We might attach the console too soon +while ! systemctl --quiet --wait is-system-running; do sleep 1; done +# For some reason, it is necessary to run this manually or the interface won't be configured +# Note that we avoid networkd, as some of the tests will break it later on +dhclient apt-get -q --allow-releaseinfo-change update apt-get -y dist-upgrade apt-get install -y eatmydata From c1c73c64ea2675e473c3300da28f02a48736c6eb Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 5 Apr 2022 23:45:27 +0100 Subject: [PATCH 308/703] semaphoreci: speed up package installation Disable updating the manpage database, and use dpkg's unsafe-io flag (cherry picked from commit b6529646e77271bfa08ef8b764db6b8a19b10a7f) --- .semaphore/semaphore-runner.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index 8b2d843f567..f9004fa14e6 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -38,6 +38,11 @@ create_container() { sed 's/^deb/deb-src/' /etc/apt/sources.list >> /etc/apt/sources.list.d/sources.list # We might attach the console too soon while ! systemctl --quiet --wait is-system-running; do sleep 1; done +# Manpages database trigger takes a lot of time and is not useful in a CI +echo 'man-db man-db/auto-update boolean false' | debconf-set-selections +# Speed up dpkg, image is thrown away after the test +mkdir -p /etc/dpkg/dpkg.cfg.d/ +echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/unsafe_io # For some reason, it is necessary to run this manually or the interface won't be configured # Note that we avoid networkd, as some of the tests will break it later on dhclient From 8ed918d4e57c0d449776fcf73932482ccb2c4012 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 5 Apr 2022 22:15:42 +0100 Subject: [PATCH 309/703] semaphoreci: move runner from Bionic to Focal (cherry picked from commit 16ae1984851dfac78cf9734b2984acc310db90a8) --- .semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index bd5d135e9e1..07742337e8a 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -7,7 +7,7 @@ name: Debian autopkgtest (LXC) agent: machine: type: e1-standard-2 - os_image: ubuntu1804 + os_image: ubuntu2004 # Cancel any running or queued job for the same ref auto_cancel: From 6d380ae6045a0df312374c0e5de4954f0c1da8fd Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 8 Apr 2022 23:52:38 +0100 Subject: [PATCH 310/703] networkd-test: lazy umount tmp directories In Semaphore CI, for some reason, /run/systemd/resolve is busy so the umount fails at the end of the test run: Verify link states with Unmanaged= settings, cold-plug. ... umount: /run/systemd/resolve: target is busy.14:57 ok14:57 ERROR14:57 ======================================================================14:57 ERROR: tearDownModule (__main__)14:57 ----------------------------------------------------------------------14:57 Traceback (most recent call last):14:57 File /tmp/autopkgtest-lxc.6islza9t/downtmp/build.A9b/src/test/networkd-test.py, line 94, in tearDownModule14:57 subprocess.check_call([umount, d])14:57 File /usr/lib/python3.9/subprocess.py, line 373, in check_call14:57 raise CalledProcessError(retcode, cmd)14:57 subprocess.CalledProcessError: Command '['umount', '/run/systemd/resolve']' returned non-zero exit status 32.14:57 ----------------------------------------------------------------------14:58 Ran 35 tests in 138.868s14:58 FAILED (errors=1, skipped=2) Use lazy umount to avoid erroring out. (cherry picked from commit 471cac19a6fb3c192faf61d3724db2509643c760) --- test/networkd-test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/networkd-test.py b/test/networkd-test.py index 60622077a22..f4598c7b7cf 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -91,7 +91,7 @@ def setUpModule(): def tearDownModule(): global tmpmounts for d in tmpmounts: - subprocess.check_call(["umount", d]) + subprocess.check_call(["umount", "--lazy", d]) for u in stopped_units: subprocess.call(["systemctl", "stop", u]) for u in running_units: From 6ce475733ae548edbefc92ca6efa321d0a9d992f Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 9 May 2022 14:37:20 +0100 Subject: [PATCH 311/703] mkosi: add shadow package to SUSE Tumbleweed [1958/1958] Generating export-dbus-interfaces with a custom command /root/mkosi.build: line 70: groupadd: command not found (cherry picked from commit 37b7eef35daad03c9d72222dcbfcc11dfe6dc073) --- mkosi.default.d/opensuse/10-mkosi.opensuse | 1 + 1 file changed, 1 insertion(+) diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse index e11a46c5f9f..a2d35378f79 100644 --- a/mkosi.default.d/opensuse/10-mkosi.opensuse +++ b/mkosi.default.d/opensuse/10-mkosi.opensuse @@ -39,6 +39,7 @@ BuildPackages= python3-Jinja2 python3-lxml qrencode-devel + shadow system-user-nobody systemd-sysvinit zlib-devel From 73be9643910c3f7f3ff84765d63060846c110016 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Wed, 19 Jan 2022 10:15:36 +0100 Subject: [PATCH 312/703] bus: Use OrderedSet for introspection Otherwise, the generated xml files are not reproducible. (cherry picked from commit acac88340ace3cd631126eebb6d0390cd54e8231) --- src/libsystemd/sd-bus/bus-introspect.c | 4 +-- src/libsystemd/sd-bus/bus-introspect.h | 4 +-- src/libsystemd/sd-bus/bus-objects.c | 45 +++++++++++++------------- src/shared/bus-object.c | 4 +-- 4 files changed, 28 insertions(+), 29 deletions(-) diff --git a/src/libsystemd/sd-bus/bus-introspect.c b/src/libsystemd/sd-bus/bus-introspect.c index b9ef6af631c..eed0dae82fa 100644 --- a/src/libsystemd/sd-bus/bus-introspect.c +++ b/src/libsystemd/sd-bus/bus-introspect.c @@ -110,7 +110,7 @@ static int set_interface_name(struct introspect *intro, const char *interface_na return free_and_strdup(&intro->interface_name, interface_name); } -int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix) { +int introspect_write_child_nodes(struct introspect *i, OrderedSet *s, const char *prefix) { char *node; assert(i); @@ -118,7 +118,7 @@ int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefi assert_se(set_interface_name(i, NULL) >= 0); - while ((node = set_steal_first(s))) { + while ((node = ordered_set_steal_first(s))) { const char *e; e = object_path_startswith(node, prefix); diff --git a/src/libsystemd/sd-bus/bus-introspect.h b/src/libsystemd/sd-bus/bus-introspect.h index 34f32a4cf9f..19e3ef09e24 100644 --- a/src/libsystemd/sd-bus/bus-introspect.h +++ b/src/libsystemd/sd-bus/bus-introspect.h @@ -5,7 +5,7 @@ #include "sd-bus.h" -#include "set.h" +#include "ordered-set.h" struct introspect { FILE *f; @@ -17,7 +17,7 @@ struct introspect { int introspect_begin(struct introspect *i, bool trusted); int introspect_write_default_interfaces(struct introspect *i, bool object_manager); -int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefix); +int introspect_write_child_nodes(struct introspect *i, OrderedSet *s, const char *prefix); int introspect_write_interface( struct introspect *i, const char *interface_name, diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c index 28d83367182..b8524754191 100644 --- a/src/libsystemd/sd-bus/bus-objects.c +++ b/src/libsystemd/sd-bus/bus-objects.c @@ -9,7 +9,6 @@ #include "bus-slot.h" #include "bus-type.h" #include "missing_capability.h" -#include "set.h" #include "string-util.h" #include "strv.h" @@ -99,7 +98,7 @@ static int add_enumerated_to_set( sd_bus *bus, const char *prefix, struct node_enumerator *first, - Set *s, + OrderedSet *s, sd_bus_error *error) { struct node_enumerator *c; @@ -146,7 +145,7 @@ static int add_enumerated_to_set( continue; } - r = set_consume(s, *k); + r = ordered_set_consume(s, *k); if (r == -EEXIST) r = 0; } @@ -171,7 +170,7 @@ static int add_subtree_to_set( const char *prefix, struct node *n, unsigned flags, - Set *s, + OrderedSet *s, sd_bus_error *error) { struct node *i; @@ -198,7 +197,7 @@ static int add_subtree_to_set( if (!t) return -ENOMEM; - r = set_consume(s, t); + r = ordered_set_consume(s, t); if (r < 0 && r != -EEXIST) return r; @@ -220,10 +219,10 @@ static int get_child_nodes( const char *prefix, struct node *n, unsigned flags, - Set **_s, + OrderedSet **_s, sd_bus_error *error) { - Set *s = NULL; + OrderedSet *s = NULL; int r; assert(bus); @@ -231,13 +230,13 @@ static int get_child_nodes( assert(n); assert(_s); - s = set_new(&string_hash_ops); + s = ordered_set_new(&string_hash_ops); if (!s) return -ENOMEM; r = add_subtree_to_set(bus, prefix, n, flags, s, error); if (r < 0) { - set_free_free(s); + ordered_set_free_free(s); return r; } @@ -935,7 +934,7 @@ int introspect_path( char **ret, sd_bus_error *error) { - _cleanup_set_free_free_ Set *s = NULL; + _cleanup_ordered_set_free_ OrderedSet *s = NULL; _cleanup_(introspect_free) struct introspect intro = {}; struct node_vtable *c; bool empty; @@ -961,7 +960,7 @@ int introspect_path( if (r < 0) return r; - empty = set_isempty(s); + empty = ordered_set_isempty(s); LIST_FOREACH(vtables, c, n->vtables) { if (require_fallback && !c->is_fallback) @@ -1231,7 +1230,7 @@ static int process_get_managed_objects( _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_set_free_free_ Set *s = NULL; + _cleanup_ordered_set_free_free_ OrderedSet *s = NULL; char *path; int r; @@ -1261,7 +1260,7 @@ static int process_get_managed_objects( if (r < 0) return r; - SET_FOREACH(path, s) { + ORDERED_SET_FOREACH(path, s) { r = object_manager_serialize_path_and_fallbacks(bus, reply, path, &error); if (r < 0) return bus_maybe_reply_error(m, r, &error); @@ -2350,7 +2349,7 @@ _public_ int sd_bus_emit_properties_changed( static int object_added_append_all_prefix( sd_bus *bus, sd_bus_message *m, - Set *s, + OrderedSet *s, const char *prefix, const char *path, bool require_fallback) { @@ -2390,10 +2389,10 @@ static int object_added_append_all_prefix( * skip it on any of its parents. The child vtables * always fully override any conflicting vtables of * any parent node. */ - if (set_get(s, c->interface)) + if (ordered_set_get(s, c->interface)) continue; - r = set_put(s, c->interface); + r = ordered_set_put(s, c->interface); if (r < 0) return r; @@ -2439,7 +2438,7 @@ static int object_added_append_all_prefix( } static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { - _cleanup_set_free_ Set *s = NULL; + _cleanup_ordered_set_free_ OrderedSet *s = NULL; _cleanup_free_ char *prefix = NULL; size_t pl; int r; @@ -2463,7 +2462,7 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p * a parent that were overwritten by a child. */ - s = set_new(&string_hash_ops); + s = ordered_set_new(&string_hash_ops); if (!s) return -ENOMEM; @@ -2570,7 +2569,7 @@ _public_ int sd_bus_emit_object_added(sd_bus *bus, const char *path) { static int object_removed_append_all_prefix( sd_bus *bus, sd_bus_message *m, - Set *s, + OrderedSet *s, const char *prefix, const char *path, bool require_fallback) { @@ -2603,7 +2602,7 @@ static int object_removed_append_all_prefix( * skip it on any of its parents. The child vtables * always fully override any conflicting vtables of * any parent node. */ - if (set_get(s, c->interface)) + if (ordered_set_get(s, c->interface)) continue; r = node_vtable_get_userdata(bus, path, c, &u, &error); @@ -2614,7 +2613,7 @@ static int object_removed_append_all_prefix( if (r == 0) continue; - r = set_put(s, c->interface); + r = ordered_set_put(s, c->interface); if (r < 0) return r; @@ -2629,7 +2628,7 @@ static int object_removed_append_all_prefix( } static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { - _cleanup_set_free_ Set *s = NULL; + _cleanup_ordered_set_free_ OrderedSet *s = NULL; _cleanup_free_ char *prefix = NULL; size_t pl; int r; @@ -2640,7 +2639,7 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char /* see sd_bus_emit_object_added() for details */ - s = set_new(&string_hash_ops); + s = ordered_set_new(&string_hash_ops); if (!s) return -ENOMEM; diff --git a/src/shared/bus-object.c b/src/shared/bus-object.c index f2e53913fbf..4ed5215e3d1 100644 --- a/src/shared/bus-object.c +++ b/src/shared/bus-object.c @@ -156,10 +156,10 @@ int bus_introspect_implementations( if (impl != main_impl) bus_introspect_implementation(&intro, impl); - _cleanup_set_free_ Set *nodes = NULL; + _cleanup_ordered_set_free_ OrderedSet *nodes = NULL; for (size_t i = 0; impl->children && impl->children[i]; i++) { - r = set_put_strdup(&nodes, impl->children[i]->path); + r = ordered_set_put_strdup(&nodes, impl->children[i]->path); if (r < 0) return log_oom(); } From fc589e5a8ede673bcc52c607fd3c172c0e571292 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 26 Apr 2022 08:54:39 +0200 Subject: [PATCH 313/703] oomd: actually fail if configuration is bad Follow-up for a858355e4a7168625ec1b9e5d17fdb6a11dfecb8. (cherry picked from commit c0a96b1b1d19a06a3828885b10a275c423a5e6f2) --- src/oom/oomd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oom/oomd.c b/src/oom/oomd.c index 603baada5ae..28de6c5502d 100644 --- a/src/oom/oomd.c +++ b/src/oom/oomd.c @@ -170,7 +170,7 @@ static int run(int argc, char *argv[]) { assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0); if (arg_mem_pressure_usec > 0 && arg_mem_pressure_usec < 1 * USEC_PER_SEC) - log_error_errno(SYNTHETIC_ERRNO(EINVAL), "DefaultMemoryPressureDurationSec= must be 0 or at least 1s"); + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "DefaultMemoryPressureDurationSec= must be 0 or at least 1s"); r = manager_new(&m); if (r < 0) From e0de3d19204b2eab6d876a3e61a4a43e504d2153 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 27 Apr 2022 17:44:46 +0900 Subject: [PATCH 314/703] login: make RuntimeDirectoryInodesMax= support K, G, M suffixes Fixes #23017. (cherry picked from commit 08a767f1e03bd59c0960a96ad585dbc3ef0bc78d) --- src/login/logind-gperf.gperf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf index 867db365336..f11ab8ada5d 100644 --- a/src/login/logind-gperf.gperf +++ b/src/login/logind-gperf.gperf @@ -45,7 +45,7 @@ Login.HoldoffTimeoutSec, config_parse_sec, 0, offse Login.IdleAction, config_parse_handle_action, 0, offsetof(Manager, idle_action) Login.IdleActionSec, config_parse_sec, 0, offsetof(Manager, idle_action_usec) Login.RuntimeDirectorySize, config_parse_tmpfs_size, 0, offsetof(Manager, runtime_dir_size) -Login.RuntimeDirectoryInodesMax, config_parse_uint64, 0, offsetof(Manager, runtime_dir_inodes) +Login.RuntimeDirectoryInodesMax, config_parse_iec_uint64, 0, offsetof(Manager, runtime_dir_inodes) Login.RemoveIPC, config_parse_bool, 0, offsetof(Manager, remove_ipc) Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max) Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max) From a2a0b93574f7ee4144e95561798a92fd38015c51 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 28 Apr 2022 19:53:12 +0900 Subject: [PATCH 315/703] login: drop non-default value for RuntimeDirectoryInodesMax= (cherry picked from commit 0bc055cf52251a98e41391a7587b7222120c67d2) --- src/login/logind.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in index 926bd6cfe98..37a46f9d1c4 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in @@ -39,7 +39,7 @@ #IdleAction=ignore #IdleActionSec=30min #RuntimeDirectorySize=10% -#RuntimeDirectoryInodesMax=400k +#RuntimeDirectoryInodesMax= #RemoveIPC=yes #InhibitorsMax=8192 #SessionsMax=8192 From 7ccaf3a5df814dfcf417f37bf7f6393ababaaa71 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 2 May 2022 16:42:50 +0200 Subject: [PATCH 316/703] man: document that systemd-fstab-generator actually cares about roothash=/usrhash= on the kernel cmdline It doesn't really care about the hash value passed (which is processed by systemd-veritysetup-generator), but it does care about the fact that it is set (and mounts the DM nodes /dev/mapper/usr + /dev/mapper/root in that case). (cherry picked from commit ba4b74cbc7bceed60dbf8b8ff992371e949c80fd) --- man/systemd-fstab-generator.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml index 3c5a5cc50a3..21fa85da7d8 100644 --- a/man/systemd-fstab-generator.xml +++ b/man/systemd-fstab-generator.xml @@ -171,6 +171,18 @@ initrd. + + roothash= + usrhash= + + These options are primarily read by + systemd-veritysetup-generator8. When + set this indicates that the root file system (or /usr/) shall be mounted from + Verity volumes with the specified hashes. If these kernel command line options are set the root (or + /usr/) file system is thus mounted from a device mapper volume + /dev/mapper/root (or /dev/mapper/usr). + + systemd.volatile= From d30d6d8166964defbac5f7f78f7c2f7028b46de8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 4 May 2022 15:45:13 +0900 Subject: [PATCH 317/703] libsystemd-network: refuse too large raw_size Closes #23258. (cherry picked from commit 4e88a46bfe1d8c1b833f3d05b259a54947ce6b17) --- src/libsystemd-network/lldp-neighbor.c | 3 +++ src/libsystemd-network/ndisc-router.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c index 44847b2b925..372bc2ef937 100644 --- a/src/libsystemd-network/lldp-neighbor.c +++ b/src/libsystemd-network/lldp-neighbor.c @@ -116,6 +116,9 @@ sd_lldp_neighbor *lldp_neighbor_unlink(sd_lldp_neighbor *n) { sd_lldp_neighbor *lldp_neighbor_new(size_t raw_size) { sd_lldp_neighbor *n; + if (raw_size > SIZE_MAX - ALIGN(sizeof(sd_lldp_neighbor))) + return NULL; + n = malloc0(ALIGN(sizeof(sd_lldp_neighbor)) + raw_size); if (!n) return NULL; diff --git a/src/libsystemd-network/ndisc-router.c b/src/libsystemd-network/ndisc-router.c index 464b002c2f0..26615ac666e 100644 --- a/src/libsystemd-network/ndisc-router.c +++ b/src/libsystemd-network/ndisc-router.c @@ -21,6 +21,9 @@ DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(sd_ndisc_router, sd_ndisc_router, mfree); sd_ndisc_router *ndisc_router_new(size_t raw_size) { sd_ndisc_router *rt; + if (raw_size > SIZE_MAX - ALIGN(sizeof(sd_ndisc_router))) + return NULL; + rt = malloc0(ALIGN(sizeof(sd_ndisc_router)) + raw_size); if (!rt) return NULL; From 073eba2319b6cf986c73aab9932e095d9549e4d6 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 4 May 2022 16:03:57 +0900 Subject: [PATCH 318/703] sd-ndisc: drop unused function (cherry picked from commit 9a44966e633f7821067eafc582d641bd069817be) --- src/libsystemd-network/ndisc-router.c | 21 --------------------- src/systemd/sd-ndisc.h | 1 - 2 files changed, 22 deletions(-) diff --git a/src/libsystemd-network/ndisc-router.c b/src/libsystemd-network/ndisc-router.c index 26615ac666e..e4cbf714b97 100644 --- a/src/libsystemd-network/ndisc-router.c +++ b/src/libsystemd-network/ndisc-router.c @@ -34,27 +34,6 @@ sd_ndisc_router *ndisc_router_new(size_t raw_size) { return rt; } -int sd_ndisc_router_from_raw(sd_ndisc_router **ret, const void *raw, size_t raw_size) { - _cleanup_(sd_ndisc_router_unrefp) sd_ndisc_router *rt = NULL; - int r; - - assert_return(ret, -EINVAL); - assert_return(raw || raw_size <= 0, -EINVAL); - - rt = ndisc_router_new(raw_size); - if (!rt) - return -ENOMEM; - - memcpy(NDISC_ROUTER_RAW(rt), raw, raw_size); - r = ndisc_router_parse(NULL, rt); - if (r < 0) - return r; - - *ret = TAKE_PTR(rt); - - return r; -} - int sd_ndisc_router_get_address(sd_ndisc_router *rt, struct in6_addr *ret_addr) { assert_return(rt, -EINVAL); assert_return(ret_addr, -EINVAL); diff --git a/src/systemd/sd-ndisc.h b/src/systemd/sd-ndisc.h index ab9ff55ddb1..d39a6ddb310 100644 --- a/src/systemd/sd-ndisc.h +++ b/src/systemd/sd-ndisc.h @@ -82,7 +82,6 @@ int sd_ndisc_set_ifname(sd_ndisc *nd, const char *interface_name); int sd_ndisc_get_ifname(sd_ndisc *nd, const char **ret); int sd_ndisc_set_mac(sd_ndisc *nd, const struct ether_addr *mac_addr); -int sd_ndisc_router_from_raw(sd_ndisc_router **ret, const void *raw, size_t raw_size); sd_ndisc_router *sd_ndisc_router_ref(sd_ndisc_router *rt); sd_ndisc_router *sd_ndisc_router_unref(sd_ndisc_router *rt); From 5e069e405a73ff5a406598436fe21d6dabbb281c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 4 May 2022 16:05:04 +0900 Subject: [PATCH 319/703] sd-lldp: use memcpy_safe() as the buffer size may be zero (cherry picked from commit 87bd4b79e692f384c2190c9b3824df4853333018) --- src/libsystemd-network/lldp-neighbor.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c index 372bc2ef937..bc98235ce1f 100644 --- a/src/libsystemd-network/lldp-neighbor.c +++ b/src/libsystemd-network/lldp-neighbor.c @@ -652,7 +652,8 @@ int sd_lldp_neighbor_from_raw(sd_lldp_neighbor **ret, const void *raw, size_t ra if (!n) return -ENOMEM; - memcpy(LLDP_NEIGHBOR_RAW(n), raw, raw_size); + memcpy_safe(LLDP_NEIGHBOR_RAW(n), raw, raw_size); + r = lldp_neighbor_parse(n); if (r < 0) return r; From a5f4849165e2159bf5c493d67a8e69e65d0e076f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 4 May 2022 21:22:56 +0900 Subject: [PATCH 320/703] man/networkctl: mention initialized state Closes #23262. (cherry picked from commit c322cfafbab04b0eb29cfcb796eec92e972318fb) --- man/networkctl.xml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/man/networkctl.xml b/man/networkctl.xml index 23cd048de53..f67ad99adfa 100644 --- a/man/networkctl.xml +++ b/man/networkctl.xml @@ -137,9 +137,9 @@ - failed + initialized - networkd failed to manage the link + udev has processed the link, but we don't yet know if we will manage it @@ -160,6 +160,12 @@ networkd is not handling the link + + failed + + networkd failed to manage the link + + linger From 71d2356edffafe8c40797c64f6fb82a8885d1da9 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 4 May 2022 11:35:19 +0000 Subject: [PATCH 321/703] timedatectl: fix a memory leak ``` timedatectl list-timezones --no-pager ... ==164329==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8192 byte(s) in 1 object(s) allocated from: #0 0x7fe8a74b6f8c in reallocarray (/lib64/libasan.so.6+0xaef8c) #1 0x7fe8a63485dc in strv_push ../src/basic/strv.c:419 #2 0x7fe8a6349419 in strv_consume ../src/basic/strv.c:490 #3 0x7fe8a634958d in strv_extend ../src/basic/strv.c:542 #4 0x7fe8a643d787 in bus_message_read_strv_extend ../src/libsystemd/sd-bus/bus-message.c:5606 #5 0x7fe8a643db9d in sd_bus_message_read_strv ../src/libsystemd/sd-bus/bus-message.c:5628 #6 0x4085fb in list_timezones ../src/timedate/timedatectl.c:314 #7 0x7fe8a61ef3e1 in dispatch_verb ../src/shared/verbs.c:103 #8 0x410f91 in timedatectl_main ../src/timedate/timedatectl.c:1025 #9 0x41111c in run ../src/timedate/timedatectl.c:1043 #10 0x411242 in main ../src/timedate/timedatectl.c:1046 #11 0x7fe8a489df1f in __libc_start_call_main (/lib64/libc.so.6+0x40f1f) ``` (cherry picked from commit a2e37d52312806b1847800df2358e61276cda052) --- src/timedate/timedatectl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c index 75ca6195da5..31909064cfa 100644 --- a/src/timedate/timedatectl.c +++ b/src/timedate/timedatectl.c @@ -304,7 +304,7 @@ static int list_timezones(int argc, char **argv, void *userdata) { sd_bus *bus = userdata; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; int r; - char** zones; + _cleanup_strv_free_ char **zones = NULL; r = bus_call_method(bus, bus_timedate, "ListTimezones", &error, &reply, NULL); if (r < 0) From 0aaceca2d0303d850b1846cc72a7535ceb98db43 Mon Sep 17 00:00:00 2001 From: Matthijs van Duin Date: Wed, 4 May 2022 15:18:55 +0200 Subject: [PATCH 322/703] Fix placement of TTL TLV in LLDP transmit The LLDP spec (IEEE 802.1AB) requires the three mandatory TLVs (Chassis ID, Port ID, and TTL) to be the first three TLVs in the packet, in that specific order, whereas systemd put the TTL near the end of the packet. This violation caused the ethernet switch in our office to discard these packets as malformed, and Wireshark's packet parser also chokes on them. (cherry picked from commit b0221bb6a468e84841ad366ff39dcc4de97dc5db) --- src/libsystemd-network/sd-lldp-tx.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/src/libsystemd-network/sd-lldp-tx.c b/src/libsystemd-network/sd-lldp-tx.c index a5f60346eb0..4066237d338 100644 --- a/src/libsystemd-network/sd-lldp-tx.c +++ b/src/libsystemd-network/sd-lldp-tx.c @@ -230,6 +230,8 @@ static size_t lldp_tx_calculate_maximum_packet_size(sd_lldp_tx *lldp_tx, const c 2 + 1 + (SD_ID128_STRING_MAX - 1) + /* Port ID */ 2 + 1 + strlen_ptr(lldp_tx->ifname) + + /* TTL */ + 2 + 2 + /* Port description */ 2 + strlen_ptr(lldp_tx->port_description) + /* System name */ @@ -238,8 +240,6 @@ static size_t lldp_tx_calculate_maximum_packet_size(sd_lldp_tx *lldp_tx, const c 2 + strlen_ptr(pretty_hostname) + /* MUD URL */ 2 + sizeof(SD_LLDP_OUI_IANA_MUD) + strlen_ptr(lldp_tx->mud_url) + - /* TTL */ - 2 + 2 + /* System Capabilities */ 2 + 4 + /* End */ @@ -369,6 +369,13 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u memcpy(header->ether_shost, &lldp_tx->hwaddr, ETH_ALEN); offset = sizeof(struct ether_header); + + /* The three mandatory TLVs must appear first, in this specific order: + * 1. Chassis ID + * 2. Port ID + * 3. Time To Live + */ + r = packet_append_prefixed_string(packet, packet_size, &offset, SD_LLDP_TYPE_CHASSIS_ID, 1, (const uint8_t[]) { SD_LLDP_CHASSIS_SUBTYPE_LOCALLY_ASSIGNED }, SD_ID128_TO_STRING(machine_id)); @@ -381,6 +388,15 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u if (r < 0) return r; + r = packet_append_tlv_header(packet, packet_size, &offset, SD_LLDP_TYPE_TTL, 2); + if (r < 0) + return r; + + unaligned_write_be16(packet + offset, LLDP_TX_TTL); + offset += 2; + + /* Optional TLVs follow, in no specific order: */ + r = packet_append_string(packet, packet_size, &offset, SD_LLDP_TYPE_PORT_DESCRIPTION, lldp_tx->port_description); if (r < 0) @@ -416,13 +432,6 @@ static int lldp_tx_create_packet(sd_lldp_tx *lldp_tx, size_t *ret_packet_size, u if (r < 0) return r; - r = packet_append_tlv_header(packet, packet_size, &offset, SD_LLDP_TYPE_TTL, 2); - if (r < 0) - return r; - - unaligned_write_be16(packet + offset, LLDP_TX_TTL); - offset += 2; - r = packet_append_tlv_header(packet, packet_size, &offset, SD_LLDP_TYPE_SYSTEM_CAPABILITIES, 4); if (r < 0) return r; From 15c596800bb3715833ab5c5379347067ba215caf Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 4 May 2022 16:15:06 +0200 Subject: [PATCH 323/703] basic: Add some missing headers to compress.h (cherry picked from commit 746ea80b77cc8fd671f4ee7a3aab5cff1c973d6d) --- src/libsystemd/sd-journal/compress.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libsystemd/sd-journal/compress.h b/src/libsystemd/sd-journal/compress.h index 005e60e2e3e..569b9ca1f5d 100644 --- a/src/libsystemd/sd-journal/compress.h +++ b/src/libsystemd/sd-journal/compress.h @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once +#include +#include #include #include "journal-def.h" From 1a48a63a4ea56ca2620ed1e976c87064deb27774 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 8 May 2022 13:34:11 +0900 Subject: [PATCH 324/703] bash-completion: resolvectl: add missing options and verb (cherry picked from commit 4e5f4733c59048fe9984dc00432e1732f8b0ec8c) --- shell-completion/bash/resolvectl | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/shell-completion/bash/resolvectl b/shell-completion/bash/resolvectl index cbe2aa48707..fa4a27a8aec 100644 --- a/shell-completion/bash/resolvectl +++ b/shell-completion/bash/resolvectl @@ -34,16 +34,18 @@ _resolvectl() { local i comps verb name local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} local -A OPTS=( - [STANDALONE]='-h --help --version --no-pager -4 -6 - --service-address=no --service-txt=no - --cname=no --search=no --legend=no' - [ARG]='-i --interface -p --protocol -t --type -c --class --raw' + [STANDALONE]='-h --help --version -4 -6 --legend=no --cname=no + --validate=no --synthesize=no --cache=no --zone=no + --trust-anchor=no --network=no --service-address=no + --service-txt=no --search=no --no-pager' + [ARG]='-t --type -c --class -i --interface -p --protocol --raw' ) local -A VERBS=( [DOMAIN]='query service openpgp' [FAMILY]='tlsa' [STATUS]='status' [LINK]='revert dns domain nta' + [BOOLEAN]='default-route' [RESOLVE]='llmnr mdns' [DNSSEC]='dnssec' [DNSOVERTLS]='dnsovertls' @@ -52,6 +54,7 @@ _resolvectl() { ) local -A ARGS=( [FAMILY]='tcp udp sctp' + [BOOLEAN]='yes no' [RESOLVE]='yes no resolve' [DNSSEC]='yes no allow-downgrade' [DNSOVERTLS]='yes no opportunistic' @@ -113,7 +116,7 @@ _resolvectl() { comps="" fi - elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[DNSOVERTLS]}; then + elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[BOOLEAN]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[DNSOVERTLS]}; then for ((i++; i < COMP_CWORD; i++)); do if __contains_word "${COMP_WORDS[i]}" $interfaces && ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then @@ -141,6 +144,22 @@ _resolvectl() { comps='' fi + elif __contains_word "$verb" ${VERBS[BOOLEAN]}; then + name= + for ((i++; i < COMP_CWORD; i++)); do + if __contains_word "${COMP_WORDS[i]}" ${ARGS[BOOLEAN]} && + ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then + name=${COMP_WORDS[i]} + break; + fi + done + + if [[ -z $name ]]; then + comps=${ARGS[BOOLEAN]} + else + comps='' + fi + elif __contains_word "$verb" ${VERBS[DNSSEC]}; then name= for ((i++; i < COMP_CWORD; i++)); do From 3daae8785764304a65892ddcd548b6aae16c9463 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 9 May 2022 00:56:05 +0900 Subject: [PATCH 325/703] core/unit: fix use-after-free Fixes #23312. (cherry picked from commit 734582830b58e000a26e18807ea277c18778573c) --- src/core/unit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c index af6cf097fcc..b233aca28c3 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -671,8 +671,8 @@ Unit* unit_free(Unit *u) { unit_dequeue_rewatch_pids(u); - sd_bus_slot_unref(u->match_bus_slot); - sd_bus_track_unref(u->bus_track); + u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); + u->bus_track = sd_bus_track_unref(u->bus_track); u->deserialized_refs = strv_free(u->deserialized_refs); u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message); From 412b89a6e8055f2c8c9db4b6b847f081e00461ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 6 May 2022 17:36:47 +0200 Subject: [PATCH 326/703] shared/bootspec: avoid crashing on config without a value (cherry picked from commit b6bd2562ebb01b48cdb55a970d9daa1799b59876) --- src/shared/bootspec.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c index 0076092c2ab..9e2b2899bd6 100644 --- a/src/shared/bootspec.c +++ b/src/shared/bootspec.c @@ -124,6 +124,13 @@ static int boot_entry_load( continue; } + if (isempty(p)) { + /* Some fields can reasonably have an empty value. In other cases warn. */ + if (!STR_IN_SET(field, "options", "devicetree-overlay")) + log_warning("%s:%u: Field %s without value", tmp.path, line, field); + continue; + } + if (streq(field, "title")) r = free_and_strdup(&tmp.title, p); else if (streq(field, "version")) From 760881f8e81401bdd57e7f19798f7889d0f6b1d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 7 May 2022 22:36:06 +0200 Subject: [PATCH 327/703] shared/bootspec: add missing terminator to table (cherry picked from commit d4f72d104ff1870fc379d05c6325e7b7d71ef702) --- src/shared/bootspec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c index 9e2b2899bd6..807d199854e 100644 --- a/src/shared/bootspec.c +++ b/src/shared/bootspec.c @@ -776,6 +776,7 @@ int boot_entries_augment_from_loader( "auto-efi-shell", "EFI Shell", "auto-efi-default", "EFI Default Loader", "auto-reboot-to-firmware-setup", "Reboot Into Firmware Interface", + NULL, }; char **i; From 5f82701d48c9b559584afac1cc35581adb79cf43 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 9 May 2022 09:50:32 +0200 Subject: [PATCH 328/703] shared: Fix memory leak in bus_append_execute_property() Fixes #23317 (cherry picked from commit 2aaf6d407e8541985a15b7106abf6fbdfed0766a) --- src/shared/bus-unit-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index dcce530c999..ef134bcee45 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1952,7 +1952,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con path_simplify(source); if (isempty(destination)) { - r = strv_extend(&sources, TAKE_PTR(source)); + r = strv_consume(&sources, TAKE_PTR(source)); if (r < 0) return bus_log_create_error(r); } else { From 1ebbd665ea84109d9e0d8e2ca91e8b10aceb0939 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 9 May 2022 12:07:54 +0200 Subject: [PATCH 329/703] test: JSON_BUILD_REAL nowadays expects 'double', not 'long double' Follow-up for 337712e777bff389f53e26d5b378d2ceba7d98a8, aka "the great un-long-double-ification of 2021". (cherry picked from commit f9a1fd2a3b2d8212ba84ef1c3b55657ced34475e) --- src/test/test-json.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test-json.c b/src/test/test-json.c index b385edc269e..1178843f685 100644 --- a/src/test/test-json.c +++ b/src/test/test-json.c @@ -315,7 +315,7 @@ TEST(build) { a = json_variant_unref(a); b = json_variant_unref(b); - assert_se(json_build(&a, JSON_BUILD_REAL(M_PIl)) >= 0); + assert_se(json_build(&a, JSON_BUILD_REAL(M_PI)) >= 0); s = mfree(s); assert_se(json_variant_format(a, 0, &s) >= 0); From 4617bad0a3b5d8026243cb4e72a5cae25ca106f0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 6 May 2022 14:01:22 +0900 Subject: [PATCH 330/703] core/slice: make slice_freezer_action() return 0 if freezing state is unchanged Fixes #23278. (cherry picked from commit d171e72e7afa11b238ba20758384d223b0c76e39) --- src/core/slice.c | 6 +----- src/core/unit.c | 2 ++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/core/slice.c b/src/core/slice.c index 2e43c001190..c453aa033e7 100644 --- a/src/core/slice.c +++ b/src/core/slice.c @@ -389,11 +389,7 @@ static int slice_freezer_action(Unit *s, FreezerAction action) { return r; } - r = unit_cgroup_freezer_action(s, action); - if (r < 0) - return r; - - return 1; + return unit_cgroup_freezer_action(s, action); } static int slice_freeze(Unit *s) { diff --git a/src/core/unit.c b/src/core/unit.c index b233aca28c3..3bceba13170 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -5831,6 +5831,8 @@ static int unit_freezer_action(Unit *u, FreezerAction action) { if (r <= 0) return r; + assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING)); + return 1; } From 7670af4addb62cf174fbdd1a6b630ab9ae35d5cf Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 9 May 2022 13:55:28 +0200 Subject: [PATCH 331/703] socket-util: don't reference field by macro parameter name Let's avoid ambigituies here. (Interesting that the current users compiled at all, in fact) (cherry picked from commit b501e42e7137fc890e02f18046edb2262df643f9) --- src/basic/socket-util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h index 57e655154c5..38759ed40ee 100644 --- a/src/basic/socket-util.h +++ b/src/basic/socket-util.h @@ -224,9 +224,9 @@ struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t leng strnlen(_sa->sun_path, sizeof(_sa->sun_path))+1); \ }) -#define SOCKADDR_LEN(sa) \ +#define SOCKADDR_LEN(saddr) \ ({ \ - const union sockaddr_union *__sa = &(sa); \ + const union sockaddr_union *__sa = &(saddr); \ size_t _len; \ switch(__sa->sa.sa_family) { \ case AF_INET: \ From 66784467a31c15baa926abebe6d187e8c92cc8df Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 9 May 2022 23:43:40 +0200 Subject: [PATCH 332/703] core: annotate Reexecute() as NoReply So we're able to tell from the introspection data that the method doesn't reply. (cherry picked from commit 624f685fe8ff1a90370e02faf60d0292a8e01f26) --- man/org.freedesktop.systemd1.xml | 1 + src/core/dbus-manager.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 8211e421924..0a1dab298a8 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -165,6 +165,7 @@ node /org/freedesktop/systemd1 { Dump(out s output); DumpByFileDescriptor(out h fd); Reload(); + @org.freedesktop.DBus.Method.NoReply("true") Reexecute(); @org.freedesktop.systemd1.Privileged("true") Exit(); diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 9b64a8074d9..1a3098ceb14 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -3105,7 +3105,7 @@ const sd_bus_vtable bus_manager_vtable[] = { NULL, NULL, method_reexecute, - SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_METHOD_NO_REPLY), SD_BUS_METHOD("Exit", NULL, NULL, From 82362b16ac842fc38340d21ebf39b259c5edaed3 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 10 May 2022 14:09:24 +0900 Subject: [PATCH 333/703] core/timer: fix memleak Fixes #23326. (cherry picked from commit d3ab7b8078944db28bc621f43dd942a3c878fffb) --- src/core/timer.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/core/timer.c b/src/core/timer.c index a13b8647415..0dc49dd46b3 100644 --- a/src/core/timer.c +++ b/src/core/timer.c @@ -135,6 +135,7 @@ static int timer_add_trigger_dependencies(Timer *t) { } static int timer_setup_persistent(Timer *t) { + _cleanup_free_ char *stamp_path = NULL; int r; assert(t); @@ -148,13 +149,13 @@ static int timer_setup_persistent(Timer *t) { if (r < 0) return r; - t->stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); + stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); } else { const char *e; e = getenv("XDG_DATA_HOME"); if (e) - t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); + stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); else { _cleanup_free_ char *h = NULL; @@ -163,14 +164,14 @@ static int timer_setup_persistent(Timer *t) { if (r < 0) return log_unit_error_errno(UNIT(t), r, "Failed to determine home directory: %m"); - t->stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); + stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); } } - if (!t->stamp_path) + if (!stamp_path) return log_oom(); - return 0; + return free_and_replace(t->stamp_path, stamp_path); } static uint64_t timer_get_fixed_delay_hash(Timer *t) { From 38410e13ec9b1b67364f2f0af3b27d9e934bcd96 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 10 May 2022 14:10:17 +0900 Subject: [PATCH 334/703] core/timer: fix potential use-after-free (cherry picked from commit 756491af392a99c4286d876b0041535e50df80ad) --- src/core/timer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/timer.c b/src/core/timer.c index 0dc49dd46b3..b439802bc2b 100644 --- a/src/core/timer.c +++ b/src/core/timer.c @@ -68,7 +68,7 @@ static void timer_done(Unit *u) { t->monotonic_event_source = sd_event_source_disable_unref(t->monotonic_event_source); t->realtime_event_source = sd_event_source_disable_unref(t->realtime_event_source); - free(t->stamp_path); + t->stamp_path = mfree(t->stamp_path); } static int timer_verify(Timer *t) { From e5cb0c072d53523193a47e72e29dba35a1c14f3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 May 2022 10:25:01 +0200 Subject: [PATCH 335/703] shared/calendarspec: fix printing of second ranges which start with 0 0..3 is not the same as 0..infinity, we need to check both ends of the range. This logic was added in 3215e35c405278491f55fb486d349f132e93f516, and back then the field was called .value. .stop was added later and apparently wasn't taken into account here. (cherry picked from commit 3aff2ae9d5427498f673bcb086d3439d2047e6c9) --- src/shared/calendarspec.c | 2 +- src/test/test-calendarspec.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c index 79fd1359b66..37cfe17805d 100644 --- a/src/shared/calendarspec.c +++ b/src/shared/calendarspec.c @@ -304,7 +304,7 @@ static void format_chain(FILE *f, int space, const CalendarComponent *c, bool us return; } - if (usec && c->start == 0 && c->repeat == USEC_PER_SEC && !c->next) { + if (usec && c->start == 0 && c->stop < 0 && c->repeat == USEC_PER_SEC && !c->next) { fputc('*', f); return; } diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c index 71814e3115b..1c383fff06b 100644 --- a/src/test/test-calendarspec.c +++ b/src/test/test-calendarspec.c @@ -157,6 +157,8 @@ TEST(calendar_spec_one) { test_one("00:00:1.0..3.8", "*-*-* 00:00:01..03"); test_one("00:00:01..03", "*-*-* 00:00:01..03"); test_one("00:00:01/2,02..03", "*-*-* 00:00:01/2,02..03"); + test_one("*:4,30:0..3", "*-*-* *:04,30:00..03"); + test_one("*:4,30:0/1", "*-*-* *:04,30:*"); test_one("*-*~1 Utc", "*-*~01 00:00:00 UTC"); test_one("*-*~05,3 ", "*-*~03,05 00:00:00"); test_one("*-*~* 00:00:00", "*-*-* 00:00:00"); @@ -247,6 +249,9 @@ TEST(calendar_spec_from_string) { assert_se(calendar_spec_from_string("00:00:2300", &c) < 0); assert_se(calendar_spec_from_string("00:00:18446744073709551615", &c) < 0); assert_se(calendar_spec_from_string("@88588582097858858", &c) == -ERANGE); + assert_se(calendar_spec_from_string("*:4,30:*,5", &c) == -EINVAL); + assert_se(calendar_spec_from_string("*:4,30:5,*", &c) == -EINVAL); + assert_se(calendar_spec_from_string("*:4,30:*\n", &c) == -EINVAL); } DEFINE_TEST_MAIN(LOG_INFO); From 18b3b28e38fcfe48b3539781e71f08aafa8fe795 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 May 2022 11:35:52 +0200 Subject: [PATCH 336/703] shared/calendarspec: fix formatting of entries which collapse to a star MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We canonicalize repeats that cover the whole range: "0:0:0/1" → "0:0:*". But we'd also do "0:0:0/1,0" → "0:0:*,0", which we then refuse to parse. Thus, first go throug the whole chain, and print a '*' and nothing else if any of the components covers the whole range. (cherry picked from commit 8e1e59b9ade5b737e24a76bae1944ce84acf564c) --- src/shared/calendarspec.c | 27 +++++++++++++++++++-------- src/test/test-calendarspec.c | 1 + 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c index 37cfe17805d..ea830c8e310 100644 --- a/src/shared/calendarspec.c +++ b/src/shared/calendarspec.c @@ -294,17 +294,24 @@ static void format_weekdays(FILE *f, const CalendarSpec *c) { } } -static void format_chain(FILE *f, int space, const CalendarComponent *c, bool usec) { +static bool chain_is_star(const CalendarComponent *c, bool usec) { + /* Return true if the whole chain can be replaced by '*'. + * This happens when the chain is empty or one of the components covers all. */ + if (!c) + return true; + if (usec) + for (; c; c = c->next) + if (c->start == 0 && c->stop < 0 && c->repeat == USEC_PER_SEC) + return true; + return false; +} + +static void _format_chain(FILE *f, int space, const CalendarComponent *c, bool start, bool usec) { int d = usec ? (int) USEC_PER_SEC : 1; assert(f); - if (!c) { - fputc('*', f); - return; - } - - if (usec && c->start == 0 && c->stop < 0 && c->repeat == USEC_PER_SEC && !c->next) { + if (start && chain_is_star(c, usec)) { fputc('*', f); return; } @@ -327,10 +334,14 @@ static void format_chain(FILE *f, int space, const CalendarComponent *c, bool us if (c->next) { fputc(',', f); - format_chain(f, space, c->next, usec); + _format_chain(f, space, c->next, false, usec); } } +static void format_chain(FILE *f, int space, const CalendarComponent *c, bool usec) { + _format_chain(f, space, c, /* start = */ true, usec); +} + int calendar_spec_to_string(const CalendarSpec *c, char **p) { char *buf = NULL; size_t sz = 0; diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c index 1c383fff06b..d10c76d36a9 100644 --- a/src/test/test-calendarspec.c +++ b/src/test/test-calendarspec.c @@ -159,6 +159,7 @@ TEST(calendar_spec_one) { test_one("00:00:01/2,02..03", "*-*-* 00:00:01/2,02..03"); test_one("*:4,30:0..3", "*-*-* *:04,30:00..03"); test_one("*:4,30:0/1", "*-*-* *:04,30:*"); + test_one("*:4,30:0/1,3,5", "*-*-* *:04,30:*"); test_one("*-*~1 Utc", "*-*~01 00:00:00 UTC"); test_one("*-*~05,3 ", "*-*~03,05 00:00:00"); test_one("*-*~* 00:00:00", "*-*-* 00:00:00"); From c1dbf637d7f5588a19b5d9ea812fee2e68a6dcfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 9 May 2022 14:28:36 +0200 Subject: [PATCH 337/703] shared/json: fix memory leak on failed normalization We need to increase the counter immediately after taking the ref, otherwise we may not unref it properly if we fail before incrementing. (cherry picked from commit 7e4be6a5845f983a299932d4ccb2c4349cf8dd52) --- src/shared/json.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/shared/json.c b/src/shared/json.c index dff95eda265..711aa36c878 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -4680,10 +4680,11 @@ int json_variant_normalize(JsonVariant **v) { if (!a) return -ENOMEM; - for (i = 0; i < m; i++) { + for (i = 0; i < m; ) { a[i] = json_variant_ref(json_variant_by_index(*v, i)); + i++; - r = json_variant_normalize(a + i); + r = json_variant_normalize(&a[i-1]); if (r < 0) goto finish; } From f9029ca7d562df90d9e4a568249d3e9e92d0514d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Jan 2022 15:12:42 +0100 Subject: [PATCH 338/703] networkctl: open the bus just once We'd connect to the bus twice: the first time to check networkd namespace, and then the second time to do the deed we were asked to do. It's nicer to open the bus just once, for efficience and also to avoid the open call in all functions. An ASSERT_PTR helper is added: - sd_bus *bus = userdata; ... - assert(bus); + sd_bus *bus = ASSERT_PTR(userdata); ... It can be used in other place too, but I'm leaving that for a later refactoring. (cherry picked from commit d821e40ca96d2b14216f7a18e4512364bfb83628) --- src/fundamental/macro-fundamental.h | 8 ++++ src/network/networkctl.c | 74 ++++++++++------------------- 2 files changed, 33 insertions(+), 49 deletions(-) diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h index f87839d47bb..d597c743bbb 100644 --- a/src/fundamental/macro-fundamental.h +++ b/src/fundamental/macro-fundamental.h @@ -66,6 +66,14 @@ #define free(a) FreePool(a) #endif +/* This passes the argument through after (if asserts are enabled) checking that it is not null. */ +#define ASSERT_PTR(expr) \ + ({ \ + typeof(expr) _expr_ = (expr); \ + assert(_expr_); \ + _expr_; \ + }) + #if defined(static_assert) #define assert_cc(expr) \ static_assert(expr, #expr) diff --git a/src/network/networkctl.c b/src/network/networkctl.c index 68dd4b185c7..c35f851bdb6 100644 --- a/src/network/networkctl.c +++ b/src/network/networkctl.c @@ -79,17 +79,12 @@ static bool arg_full = false; static unsigned arg_lines = 10; static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF; -static int get_description(JsonVariant **ret) { +static int get_description(sd_bus *bus, JsonVariant **ret) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; const char *text = NULL; int r; - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - r = bus_call_method(bus, bus_network_mgr, "Describe", &error, &reply, NULL); if (r < 0) return log_error_errno(r, "Failed to get description: %s", bus_error_message(&error, r)); @@ -105,11 +100,11 @@ static int get_description(JsonVariant **ret) { return 0; } -static int dump_manager_description(void) { +static int dump_manager_description(sd_bus *bus) { _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; int r; - r = get_description(&v); + r = get_description(bus, &v); if (r < 0) return r; @@ -117,14 +112,14 @@ static int dump_manager_description(void) { return 0; } -static int dump_link_description(char **patterns) { +static int dump_link_description(sd_bus *bus, char **patterns) { _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; _cleanup_free_ bool *matched_patterns = NULL; JsonVariant *i; size_t c = 0; int r; - r = get_description(&v); + r = get_description(bus, &v); if (r < 0) return r; @@ -790,6 +785,7 @@ static int acquire_link_info(sd_bus *bus, sd_netlink *rtnl, char **patterns, Lin } static int list_links(int argc, char *argv[], void *userdata) { + sd_bus *bus = ASSERT_PTR(userdata); _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; _cleanup_(link_info_array_freep) LinkInfo *links = NULL; _cleanup_(table_unrefp) Table *table = NULL; @@ -798,9 +794,9 @@ static int list_links(int argc, char *argv[], void *userdata) { if (arg_json_format_flags != JSON_FORMAT_OFF) { if (arg_all || argc <= 1) - return dump_manager_description(); + return dump_manager_description(bus); else - return dump_link_description(strv_skip(argv, 1)); + return dump_link_description(bus, strv_skip(argv, 1)); } r = sd_netlink_open(&rtnl); @@ -2383,7 +2379,7 @@ static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) { } static int link_status(int argc, char *argv[], void *userdata) { - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + sd_bus *bus = ASSERT_PTR(userdata); _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; _cleanup_(link_info_array_freep) LinkInfo *links = NULL; @@ -2391,17 +2387,13 @@ static int link_status(int argc, char *argv[], void *userdata) { if (arg_json_format_flags != JSON_FORMAT_OFF) { if (arg_all || argc <= 1) - return dump_manager_description(); + return dump_manager_description(bus); else - return dump_link_description(strv_skip(argv, 1)); + return dump_link_description(bus, strv_skip(argv, 1)); } pager_open(arg_pager_flags); - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - r = sd_netlink_open(&rtnl); if (r < 0) return log_error_errno(r, "Failed to connect to netlink: %m"); @@ -2738,14 +2730,10 @@ static int link_renew_one(sd_bus *bus, int index, const char *name) { } static int link_renew(int argc, char *argv[], void *userdata) { - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + sd_bus *bus = ASSERT_PTR(userdata); _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; int index, k = 0, r; - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - for (int i = 1; i < argc; i++) { index = rtnl_resolve_interface_or_warn(&rtnl, argv[i]); if (index < 0) @@ -2772,14 +2760,10 @@ static int link_force_renew_one(sd_bus *bus, int index, const char *name) { } static int link_force_renew(int argc, char *argv[], void *userdata) { - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; + sd_bus *bus = ASSERT_PTR(userdata); _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; int k = 0, r; - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - for (int i = 1; i < argc; i++) { int index = rtnl_resolve_interface_or_warn(&rtnl, argv[i]); if (index < 0) @@ -2794,14 +2778,10 @@ static int link_force_renew(int argc, char *argv[], void *userdata) { } static int verb_reload(int argc, char *argv[], void *userdata) { + sd_bus *bus = ASSERT_PTR(userdata); _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; int r; - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - r = bus_call_method(bus, bus_network_mgr, "Reload", &error, NULL, NULL); if (r < 0) return log_error_errno(r, "Failed to reload network settings: %m"); @@ -2810,17 +2790,13 @@ static int verb_reload(int argc, char *argv[], void *userdata) { } static int verb_reconfigure(int argc, char *argv[], void *userdata) { + sd_bus *bus = ASSERT_PTR(userdata); _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL; _cleanup_set_free_ Set *indexes = NULL; int index, r; void *p; - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - indexes = set_new(NULL); if (!indexes) return log_oom(); @@ -2968,7 +2944,7 @@ static int parse_argv(int argc, char *argv[]) { return 1; } -static int networkctl_main(int argc, char *argv[]) { +static int networkctl_main(sd_bus *bus, int argc, char *argv[]) { static const Verb verbs[] = { { "list", VERB_ANY, VERB_ANY, VERB_DEFAULT, list_links }, { "status", VERB_ANY, VERB_ANY, 0, link_status }, @@ -2984,20 +2960,15 @@ static int networkctl_main(int argc, char *argv[]) { {} }; - return dispatch_verb(argc, argv, verbs, NULL); + return dispatch_verb(argc, argv, verbs, bus); } -static int check_netns_match(void) { +static int check_netns_match(sd_bus *bus) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; struct stat st; uint64_t id; int r; - r = sd_bus_open_system(&bus); - if (r < 0) - return log_error_errno(r, "Failed to connect system bus: %m"); - r = sd_bus_get_property_trivial( bus, "org.freedesktop.network1", @@ -3035,6 +3006,7 @@ static void warn_networkd_missing(void) { } static int run(int argc, char* argv[]) { + _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; int r; log_setup(); @@ -3043,13 +3015,17 @@ static int run(int argc, char* argv[]) { if (r <= 0) return r; - r = check_netns_match(); + r = sd_bus_open_system(&bus); + if (r < 0) + return log_error_errno(r, "Failed to connect system bus: %m"); + + r = check_netns_match(bus); if (r < 0) return r; warn_networkd_missing(); - return networkctl_main(argc, argv); + return networkctl_main(bus, argc, argv); } DEFINE_MAIN_FUNCTION(run); From ec354e792a79008b57b0b5bdedb4247bd9e336a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 9 May 2022 15:10:36 +0200 Subject: [PATCH 339/703] shared/json: add helper to ref first, unref second This normally wouldn't happen, but if some of those places were called with lhs and rhs being the same object, we could unref the last ref first, and then try to take the ref again. It's easier to be safe, and with the helper we save some lines too. (cherry picked from commit ce913e0ec4c97651c7c1509b72fb81ee61d80c6a) --- src/shared/json.c | 36 ++++++++++-------------------------- src/shared/json.h | 8 ++++++++ 2 files changed, 18 insertions(+), 26 deletions(-) diff --git a/src/shared/json.c b/src/shared/json.c index 711aa36c878..e93aa93c7bc 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -1871,9 +1871,7 @@ int json_variant_filter(JsonVariant **v, char **to_remove) { return r; json_variant_propagate_sensitive(*v, w); - - json_variant_unref(*v); - *v = TAKE_PTR(w); + JSON_VARIANT_REPLACE(*v, TAKE_PTR(w)); return (int) n; } @@ -1942,9 +1940,7 @@ int json_variant_set_field(JsonVariant **v, const char *field, JsonVariant *valu return r; json_variant_propagate_sensitive(*v, w); - - json_variant_unref(*v); - *v = TAKE_PTR(w); + JSON_VARIANT_REPLACE(*v, TAKE_PTR(w)); return 1; } @@ -2025,8 +2021,7 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) { return 0; /* nothing to do */ if (v_blank) { - json_variant_unref(*v); - *v = json_variant_ref(m); + JSON_VARIANT_REPLACE(*v, json_variant_ref(m)); return 1; } @@ -2063,9 +2058,7 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) { json_variant_propagate_sensitive(*v, w); json_variant_propagate_sensitive(m, w); - - json_variant_unref(*v); - *v = TAKE_PTR(w); + JSON_VARIANT_REPLACE(*v, TAKE_PTR(w)); return 1; } @@ -2107,9 +2100,7 @@ int json_variant_append_array(JsonVariant **v, JsonVariant *element) { return r; json_variant_propagate_sensitive(*v, nv); - - json_variant_unref(*v); - *v = TAKE_PTR(nv); + JSON_VARIANT_REPLACE(*v, TAKE_PTR(nv)); return 0; } @@ -2323,8 +2314,7 @@ static int json_variant_set_source(JsonVariant **v, JsonSource *source, unsigned w->line = line; w->column = column; - json_variant_unref(*v); - *v = w; + JSON_VARIANT_REPLACE(*v, w); return 1; } @@ -4524,14 +4514,10 @@ int json_dispatch_strv(const char *name, JsonVariant *variant, JsonDispatchFlags } int json_dispatch_variant(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { - JsonVariant **p = userdata; - + JsonVariant **p = ASSERT_PTR(userdata); assert(variant); - assert(p); - - json_variant_unref(*p); - *p = json_variant_ref(variant); + JSON_VARIANT_REPLACE(*p, json_variant_ref(variant)); return 0; } @@ -4653,8 +4639,7 @@ int json_variant_sort(JsonVariant **v) { if (!n->sorted) /* Check if this worked. This will fail if there are multiple identical keys used. */ return -ENOTUNIQ; - json_variant_unref(*v); - *v = n; + JSON_VARIANT_REPLACE(*v, n); return 1; } @@ -4709,8 +4694,7 @@ int json_variant_normalize(JsonVariant **v) { goto finish; } - json_variant_unref(*v); - *v = n; + JSON_VARIANT_REPLACE(*v, n); r = 1; diff --git a/src/shared/json.h b/src/shared/json.h index 8760354b661..dd73c1e4975 100644 --- a/src/shared/json.h +++ b/src/shared/json.h @@ -82,6 +82,14 @@ JsonVariant *json_variant_ref(JsonVariant *v); JsonVariant *json_variant_unref(JsonVariant *v); void json_variant_unref_many(JsonVariant **array, size_t n); +#define JSON_VARIANT_REPLACE(v, q) \ + do { \ + typeof(v)* _v = &(v); \ + typeof(q) _q = (q); \ + json_variant_unref(*_v); \ + *_v = _q; \ + } while(0) + DEFINE_TRIVIAL_CLEANUP_FUNC(JsonVariant *, json_variant_unref); const char *json_variant_string(JsonVariant *v); From e0241a05d2ca3a3b4155013f6bc903cacefbe451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 9 May 2022 11:01:32 +0200 Subject: [PATCH 340/703] shared/json: reduce scope of variables (cherry picked from commit a4669764f7329d1e8a3d364db519500355cea5f0) --- src/shared/json.c | 133 +++++++++++++++++++--------------------------- 1 file changed, 54 insertions(+), 79 deletions(-) diff --git a/src/shared/json.c b/src/shared/json.c index e93aa93c7bc..6c8d9e5a818 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -574,9 +574,6 @@ int json_variant_new_array(JsonVariant **ret, JsonVariant **array, size_t n) { } int json_variant_new_array_bytes(JsonVariant **ret, const void *p, size_t n) { - JsonVariant *v; - size_t i; - assert_return(ret, -EINVAL); if (n == 0) { *ret = JSON_VARIANT_MAGIC_EMPTY_ARRAY; @@ -584,7 +581,7 @@ int json_variant_new_array_bytes(JsonVariant **ret, const void *p, size_t n) { } assert_return(p, -EINVAL); - v = new(JsonVariant, n + 1); + JsonVariant *v = new(JsonVariant, n + 1); if (!v) return -ENOMEM; @@ -595,7 +592,7 @@ int json_variant_new_array_bytes(JsonVariant **ret, const void *p, size_t n) { .depth = 1, }; - for (i = 0; i < n; i++) { + for (size_t i = 0; i < n; i++) { JsonVariant *w = v + 1 + i; *w = (JsonVariant) { @@ -790,12 +787,9 @@ static void json_variant_free_inner(JsonVariant *v, bool force_sensitive) { return; } - if (IN_SET(v->type, JSON_VARIANT_ARRAY, JSON_VARIANT_OBJECT)) { - size_t i; - - for (i = 0; i < v->n_elements; i++) + if (IN_SET(v->type, JSON_VARIANT_ARRAY, JSON_VARIANT_OBJECT)) + for (size_t i = 0; i < v->n_elements; i++) json_variant_free_inner(v + 1 + i, sensitive); - } if (sensitive) explicit_bzero_safe(v, json_variant_size(v)); @@ -839,11 +833,9 @@ JsonVariant *json_variant_unref(JsonVariant *v) { } void json_variant_unref_many(JsonVariant **array, size_t n) { - size_t i; - assert(array || n == 0); - for (i = 0; i < n; i++) + for (size_t i = 0; i < n; i++) json_variant_unref(array[i]); } @@ -1218,8 +1210,6 @@ JsonVariant *json_variant_by_index(JsonVariant *v, size_t idx) { } JsonVariant *json_variant_by_key_full(JsonVariant *v, const char *key, JsonVariant **ret_key) { - size_t i; - if (!v) goto not_found; if (!key) @@ -1241,6 +1231,7 @@ JsonVariant *json_variant_by_key_full(JsonVariant *v, const char *key, JsonVaria while (b > a) { JsonVariant *p; const char *f; + size_t i; int c; i = (a + b) / 2; @@ -1264,7 +1255,7 @@ JsonVariant *json_variant_by_key_full(JsonVariant *v, const char *key, JsonVaria } /* The variant is not sorted, hence search for the field linearly */ - for (i = 0; i < v->n_elements; i += 2) { + for (size_t i = 0; i < v->n_elements; i += 2) { JsonVariant *p; p = json_variant_dereference(v + 1 + i); @@ -1335,34 +1326,28 @@ bool json_variant_equal(JsonVariant *a, JsonVariant *b) { return true; case JSON_VARIANT_ARRAY: { - size_t i, n; - - n = json_variant_elements(a); + size_t n = json_variant_elements(a); if (n != json_variant_elements(b)) return false; - for (i = 0; i < n; i++) { + for (size_t i = 0; i < n; i++) if (!json_variant_equal(json_variant_by_index(a, i), json_variant_by_index(b, i))) return false; - } return true; } case JSON_VARIANT_OBJECT: { - size_t i, n; - - n = json_variant_elements(a); + size_t n = json_variant_elements(a); if (n != json_variant_elements(b)) return false; /* Iterate through all keys in 'a' */ - for (i = 0; i < n; i += 2) { + for (size_t i = 0; i < n; i += 2) { bool found = false; - size_t j; /* Match them against all keys in 'b' */ - for (j = 0; j < n; j += 2) { + for (size_t j = 0; j < n; j += 2) { JsonVariant *key_b; key_b = json_variant_by_index(b, j); @@ -1470,16 +1455,14 @@ static int print_source(FILE *f, JsonVariant *v, JsonFormatFlags flags, bool whi DECIMAL_STR_MAX(unsigned) -1; if (whitespace) { - size_t i, n; - - n = 1 + (v->source ? strlen(v->source->name) : 0) + - ((v->source && (v->line > 0 || v->column > 0)) ? 1 : 0) + - (v->line > 0 ? w : 0) + - (((v->source || v->line > 0) && v->column > 0) ? 1 : 0) + - (v->column > 0 ? k : 0) + - 2; - - for (i = 0; i < n; i++) + size_t n = 1 + (v->source ? strlen(v->source->name) : 0) + + ((v->source && (v->line > 0 || v->column > 0)) ? 1 : 0) + + (v->line > 0 ? w : 0) + + (((v->source || v->line > 0) && v->column > 0) ? 1 : 0) + + (v->column > 0 ? k : 0) + + 2; + + for (size_t i = 0; i < n; i++) fputc(' ', f); } else { fputc('[', f); @@ -1631,10 +1614,7 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha break; case JSON_VARIANT_ARRAY: { - size_t i, n; - - n = json_variant_elements(v); - + size_t n = json_variant_elements(v); if (n == 0) fputs("[]", f); else { @@ -1653,7 +1633,7 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha fputc('[', f); } - for (i = 0; i < n; i++) { + for (size_t i = 0; i < n; i++) { JsonVariant *e; assert_se(e = json_variant_by_index(v, i)); @@ -1687,10 +1667,7 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha } case JSON_VARIANT_OBJECT: { - size_t i, n; - - n = json_variant_elements(v); - + size_t n = json_variant_elements(v); if (n == 0) fputs("{}", f); else { @@ -1709,7 +1686,7 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha fputc('{', f); } - for (i = 0; i < n; i += 2) { + for (size_t i = 0; i < n; i += 2) { JsonVariant *e; e = json_variant_by_index(v, i); @@ -1826,7 +1803,7 @@ void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const cha int json_variant_filter(JsonVariant **v, char **to_remove) { _cleanup_(json_variant_unrefp) JsonVariant *w = NULL; _cleanup_free_ JsonVariant **array = NULL; - size_t i, n = 0, k = 0; + size_t n = 0, k = 0; int r; assert(v); @@ -1839,7 +1816,7 @@ int json_variant_filter(JsonVariant **v, char **to_remove) { if (strv_isempty(to_remove)) return 0; - for (i = 0; i < json_variant_elements(*v); i += 2) { + for (size_t i = 0; i < json_variant_elements(*v); i += 2) { JsonVariant *p; p = json_variant_by_index(*v, i); @@ -1879,7 +1856,7 @@ int json_variant_filter(JsonVariant **v, char **to_remove) { int json_variant_set_field(JsonVariant **v, const char *field, JsonVariant *value) { _cleanup_(json_variant_unrefp) JsonVariant *field_variant = NULL, *w = NULL; _cleanup_free_ JsonVariant **array = NULL; - size_t i, k = 0; + size_t k = 0; int r; assert(v); @@ -1894,7 +1871,7 @@ int json_variant_set_field(JsonVariant **v, const char *field, JsonVariant *valu if (!json_variant_is_object(*v)) return -EINVAL; - for (i = 0; i < json_variant_elements(*v); i += 2) { + for (size_t i = 0; i < json_variant_elements(*v); i += 2) { JsonVariant *p; p = json_variant_by_index(*v, i); @@ -2003,7 +1980,7 @@ int json_variant_set_field_strv(JsonVariant **v, const char *field, char **l) { int json_variant_merge(JsonVariant **v, JsonVariant *m) { _cleanup_(json_variant_unrefp) JsonVariant *w = NULL; _cleanup_free_ JsonVariant **array = NULL; - size_t v_elements, m_elements, i, k; + size_t v_elements, m_elements, k; bool v_blank, m_blank; int r; @@ -2035,7 +2012,7 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) { return -ENOMEM; k = 0; - for (i = 0; i < v_elements; i += 2) { + for (size_t i = 0; i < v_elements; i += 2) { JsonVariant *u; u = json_variant_by_index(*v, i); @@ -2049,7 +2026,7 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) { array[k++] = json_variant_by_index(*v, i + 1); } - for (i = 0; i < m_elements; i++) + for (size_t i = 0; i < m_elements; i++) array[k++] = json_variant_by_index(m, i); r = json_variant_new_object(&w, array, k); @@ -2082,19 +2059,17 @@ int json_variant_append_array(JsonVariant **v, JsonVariant *element) { if (blank) r = json_variant_new_array(&nv, (JsonVariant*[]) { element }, 1); else { - _cleanup_free_ JsonVariant **array = NULL; - size_t i; - - array = new(JsonVariant*, json_variant_elements(*v) + 1); + _cleanup_free_ JsonVariant **array = new(JsonVariant*, json_variant_elements(*v) + 1); if (!array) return -ENOMEM; - for (i = 0; i < json_variant_elements(*v); i++) + size_t size = json_variant_elements(*v); + for (size_t i = 0; i < size; i++) array[i] = json_variant_by_index(*v, i); - array[i] = element; + array[size] = element; - r = json_variant_new_array(&nv, array, i + 1); + r = json_variant_new_array(&nv, array, size + 1); } if (r < 0) return r; @@ -2107,7 +2082,6 @@ int json_variant_append_array(JsonVariant **v, JsonVariant *element) { int json_variant_strv(JsonVariant *v, char ***ret) { char **l = NULL; - size_t n, i; bool sensitive; int r; @@ -2127,12 +2101,12 @@ int json_variant_strv(JsonVariant *v, char ***ret) { sensitive = v->sensitive; - n = json_variant_elements(v); + size_t n = json_variant_elements(v); l = new(char*, n+1); if (!l) return -ENOMEM; - for (i = 0; i < n; i++) { + for (size_t i = 0; i < n; i++) { JsonVariant *e; assert_se(e = json_variant_by_index(v, i)); @@ -2151,7 +2125,7 @@ int json_variant_strv(JsonVariant *v, char ***ret) { } } - l[i] = NULL; + l[n] = NULL; *ret = TAKE_PTR(l); return 0; @@ -2837,7 +2811,7 @@ static int json_parse_internal( unsigned *column, bool continue_end) { - size_t n_stack = 1, i; + size_t n_stack = 1; unsigned line_buffer = 0, column_buffer = 0; void *tokenizer_state = NULL; JsonStack *stack = NULL; @@ -3176,7 +3150,7 @@ static int json_parse_internal( r = 0; finish: - for (i = 0; i < n_stack; i++) + for (size_t i = 0; i < n_stack; i++) json_stack_release(stack + i); free(stack); @@ -3219,7 +3193,7 @@ int json_parse_file_at(FILE *f, int dir_fd, const char *path, JsonParseFlags fla int json_buildv(JsonVariant **ret, va_list ap) { JsonStack *stack = NULL; - size_t n_stack = 1, i; + size_t n_stack = 1; int r; assert_return(ret, -EINVAL); @@ -4137,7 +4111,7 @@ int json_buildv(JsonVariant **ret, va_list ap) { r = 0; finish: - for (i = 0; i < n_stack; i++) + for (size_t i = 0; i < n_stack; i++) json_stack_release(stack + i); free(stack); @@ -4221,8 +4195,7 @@ int json_log_internal( } int json_dispatch(JsonVariant *v, const JsonDispatch table[], JsonDispatchCallback bad, JsonDispatchFlags flags, void *userdata) { - const JsonDispatch *p; - size_t i, n, m; + size_t m; int r, done = 0; bool *found; @@ -4235,14 +4208,16 @@ int json_dispatch(JsonVariant *v, const JsonDispatch table[], JsonDispatchCallba return -EINVAL; } - for (p = table, m = 0; p->name; p++) + m = 0; + for (const JsonDispatch *p = table; p->name; p++) m++; found = newa0(bool, m); - n = json_variant_elements(v); - for (i = 0; i < n; i += 2) { + size_t n = json_variant_elements(v); + for (size_t i = 0; i < n; i += 2) { JsonVariant *key, *value; + const JsonDispatch *p; assert_se(key = json_variant_by_index(v, i)); assert_se(value = json_variant_by_index(v, i+1)); @@ -4316,7 +4291,7 @@ int json_dispatch(JsonVariant *v, const JsonDispatch table[], JsonDispatchCallba } } - for (p = table; p->name; p++) { + for (const JsonDispatch *p = table; p->name; p++) { JsonDispatchFlags merged_flags = p->flags | flags; if ((merged_flags & JSON_MANDATORY) && !found[p-table]) { @@ -4607,7 +4582,7 @@ static int json_cmp_strings(const void *x, const void *y) { int json_variant_sort(JsonVariant **v) { _cleanup_free_ JsonVariant **a = NULL; JsonVariant *n = NULL; - size_t i, m; + size_t m; int r; assert(v); @@ -4625,7 +4600,7 @@ int json_variant_sort(JsonVariant **v) { if (!a) return -ENOMEM; - for (i = 0; i < m; i++) + for (size_t i = 0; i < m; i++) a[i] = json_variant_by_index(*v, i); qsort(a, m/2, sizeof(JsonVariant*)*2, json_cmp_strings); @@ -4647,7 +4622,7 @@ int json_variant_sort(JsonVariant **v) { int json_variant_normalize(JsonVariant **v) { _cleanup_free_ JsonVariant **a = NULL; JsonVariant *n = NULL; - size_t i, j, m; + size_t i, m; int r; assert(v); @@ -4699,7 +4674,7 @@ int json_variant_normalize(JsonVariant **v) { r = 1; finish: - for (j = 0; j < i; j++) + for (size_t j = 0; j < i; j++) json_variant_unref(a[j]); return r; From dcd7dfa5205fb29c44ac50787d12afe327318552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 May 2022 09:05:43 +0200 Subject: [PATCH 341/703] shared/json: fix another memleak in normalization (cherry picked from commit 3b6ce05537cd3544a15073f920347cabd7a39450) --- src/shared/json.c | 4 ++-- test/fuzz/fuzz-json/leak-normalize-object | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 test/fuzz/fuzz-json/leak-normalize-object diff --git a/src/shared/json.c b/src/shared/json.c index 6c8d9e5a818..44fc9e229a5 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -4621,7 +4621,7 @@ int json_variant_sort(JsonVariant **v) { int json_variant_normalize(JsonVariant **v) { _cleanup_free_ JsonVariant **a = NULL; - JsonVariant *n = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *n = NULL; size_t i, m; int r; @@ -4669,7 +4669,7 @@ int json_variant_normalize(JsonVariant **v) { goto finish; } - JSON_VARIANT_REPLACE(*v, n); + JSON_VARIANT_REPLACE(*v, TAKE_PTR(n)); r = 1; diff --git a/test/fuzz/fuzz-json/leak-normalize-object b/test/fuzz/fuzz-json/leak-normalize-object new file mode 100644 index 00000000000..0a8caa426ca --- /dev/null +++ b/test/fuzz/fuzz-json/leak-normalize-object @@ -0,0 +1 @@ +[7,7,7,7,{"":7,"":7,"^t":7,"-":7},2777,7,7,7,3] \ No newline at end of file From 5fa1f78f716971830808b646e5bc5958fc842942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 10 May 2022 10:51:43 +0200 Subject: [PATCH 342/703] shared/json: fix memleak in sort (cherry picked from commit 99b1145aae682ddd7554c7e3ac5ebf778e88f87d) --- src/shared/json.c | 4 ++-- test/fuzz/fuzz-json/leak-sort | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 test/fuzz/fuzz-json/leak-sort diff --git a/src/shared/json.c b/src/shared/json.c index 44fc9e229a5..4b3ab715ff7 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -4581,7 +4581,7 @@ static int json_cmp_strings(const void *x, const void *y) { int json_variant_sort(JsonVariant **v) { _cleanup_free_ JsonVariant **a = NULL; - JsonVariant *n = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *n = NULL; size_t m; int r; @@ -4614,7 +4614,7 @@ int json_variant_sort(JsonVariant **v) { if (!n->sorted) /* Check if this worked. This will fail if there are multiple identical keys used. */ return -ENOTUNIQ; - JSON_VARIANT_REPLACE(*v, n); + JSON_VARIANT_REPLACE(*v, TAKE_PTR(n)); return 1; } diff --git a/test/fuzz/fuzz-json/leak-sort b/test/fuzz/fuzz-json/leak-sort new file mode 100644 index 00000000000..f8446dbdc7f --- /dev/null +++ b/test/fuzz/fuzz-json/leak-sort @@ -0,0 +1 @@ +{"":2,"":6,"-":7} \ No newline at end of file From eadea065e7070e73993e94810ed539462e403753 Mon Sep 17 00:00:00 2001 From: Kazuo Moriwaka Date: Tue, 10 May 2022 17:41:21 +0900 Subject: [PATCH 343/703] add missing cleanup-age to quickref (cherry picked from commit 6f310287dbc4af7e8c8bceb0496608115a59df6a) --- man/tmpfiles.d.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 305033b672e..19a564bab36 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -46,9 +46,9 @@ w+ /file/to/append-to - - - - conte d /directory/to/create-and-cleanup mode user group cleanup-age - D /directory/to/create-and-remove mode user group cleanup-age - e /directory/to/cleanup mode user group cleanup-age - -v /subvolume-or-directory/to/create mode user group - - -q /subvolume-or-directory/to/create mode user group - - -Q /subvolume-or-directory/to/create mode user group - - +v /subvolume-or-directory/to/create mode user group cleanup-age - +q /subvolume-or-directory/to/create mode user group cleanup-age - +Q /subvolume-or-directory/to/create mode user group cleanup-age - p /fifo/to/create mode user group - - p+ /fifo/to/[re]create mode user group - - L /symlink/to/create - - - - symlink/target/path @@ -57,9 +57,9 @@ c /dev/char-device-to-create mode user group - major c+ /dev/char-device-to-[re]create mode user group - major:minor b /dev/block-device-to-create mode user group - major:minor b+ /dev/block-device-to-[re]create mode user group - major:minor -C /target/to/create - - - - /source/to/copy -x /path-or-glob/to/ignore/recursively - - - - - -X /path-or-glob/to/ignore - - - - - +C /target/to/create - - - cleanup-age /source/to/copy +x /path-or-glob/to/ignore/recursively - - - cleanup-age - +X /path-or-glob/to/ignore - - - cleanup-age - r /empty/dir/to/remove - - - - - R /dir/to/remove/recursively - - - - - z /path-or-glob/to/adjust/mode mode user group - - From 767cd7c75b3e841f646c85820a5ef38d56a4f97e Mon Sep 17 00:00:00 2001 From: Kazuo Moriwaka Date: Wed, 11 May 2022 15:08:34 +0900 Subject: [PATCH 344/703] man: mention to Age parameter in C Type (cherry picked from commit 4da5e566e7e92fd45539b8e7e7079bcb46fc9dd7) --- man/tmpfiles.d.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 19a564bab36..3267454f3b2 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -330,7 +330,9 @@ L /tmp/foobar - - - - /dev/null exists and is not empty. Instead, the entire copy operation is skipped. If the argument is omitted, files from the source directory /usr/share/factory/ with the same name - are copied. Does not follow symlinks. + are copied. Does not follow symlinks. Contents of the directories + are subject to time based cleanup if the age argument is specified. + From 16b95a18e703ff17ab589cb663d30345c4e5eb48 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 11 May 2022 12:24:10 +0100 Subject: [PATCH 345/703] test: ignore LXC filesystem when checking for writable locations test-execute checks that only /var/lib/private/waldo is writable, but there are some filesystems that are always writable and excluded. Add /sys/devices/system/cpu which is created by lxcfs. Fixes https://github.com/systemd/systemd/issues/23263 (cherry picked from commit 646cba5c4208c28c56dbe52d676ab1a176c69b7f) --- test/test-execute/exec-dynamicuser-statedir.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index 2555142d7b3..07692e1c124 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -14,7 +14,7 @@ ExecStart=test -f /var/lib/private/quux/pief/yayyay ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/waldo:%S/quux/pief"' # Make sure that /var/lib/private/waldo is really the only writable directory besides the obvious candidates -ExecStart=sh -x -c 'test $$(find / \\( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc \\) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d "\\\\n") = /var/lib/private/quux/pief/var/lib/private/waldo' +ExecStart=sh -x -c 'test $$(find / \\( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc -o -path /sys/devices/system/cpu \\) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d "\\\\n") = /var/lib/private/quux/pief/var/lib/private/waldo' Type=oneshot DynamicUser=yes From 95058a435e8267146e6d44f65237dfe45a113d60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 8 May 2022 17:21:09 +0200 Subject: [PATCH 346/703] logind: fix crash in logind on user-specified message string This is trivially exploitable (in the sense of causing a crash from SEGV) e.g. by 'shutdown now "Message %s %s %n"'. The message is settable through polkit, but is limited to auth_admin: Set a wall message Authentication is required to set a wall message auth_admin_keep auth_admin_keep auth_admin_keep Bug introduced in 9ef15026c0e7e6600372056c43442c99ec53746e ('logind/systemctl: introduce SetWallMessage and --message', 2015-09-15). Based on 0cb09bcb825ab86ba4ca70be4e6322eaf9baee95. --- src/login/logind-dbus.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index c05c0d02cca..faae5464040 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1492,12 +1492,13 @@ _printf_(2, 0) static int log_with_wall_message(Manager *m, const char *d, const char *p, const char *q) { assert(m); - if (isempty(m->wall_message)) + if (isempty(m->wall_message)) { p = strjoina(p, "."); - else - p = strjoina(p, " (", m->wall_message, ")."); - - return log_struct(LOG_NOTICE, d, p, q); + return log_struct(LOG_NOTICE, d, p, q); + } else { + p = strjoina(p, " (%s)."); + return log_struct(LOG_NOTICE, d, p, m->wall_message, q); + } } static int bus_manager_log_shutdown( From 013de49db51f70ca52f04ea29b474755f3acfd59 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 11 May 2022 22:32:32 +0000 Subject: [PATCH 347/703] tests: ignore dbus-broker-launcher There are memory leaks there https://github.com/bus1/dbus-broker/issues/289 and it crashes from time to time https://github.com/matusmarhefka/dfuzzer/issues/20#issuecomment-1114097840 so let's just skip it by analogy with dbus-daemon to avoid reports that have nothing to do with systemd itself. It's kind of a part of https://github.com/systemd/systemd/pull/22547 (cherry picked from commit d0880faa5dda495c7c77425697b82a94b4e68bf6) --- test/test-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/test/test-functions b/test/test-functions index 37c1402c358..f781c3337c6 100644 --- a/test/test-functions +++ b/test/test-functions @@ -1326,6 +1326,7 @@ check_asan_reports() { BEGIN { %services_to_ignore = ( "dbus-daemon" => undef, + "dbus-broker-launch" => undef, ); } print $2 if /\s(\S*)\[(\d+)\]:\s*SUMMARY:\s+\w+Sanitizer/ && !exists $services_to_ignore{$1}' From 61e030e173d2d88bad7a221674394033a03aab8a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 6 May 2022 21:32:37 +0900 Subject: [PATCH 348/703] resolve: first increment the reference counter When `exist->rr` and `rr` point to the same object, then it may be freed by the `dns_resource_record_unref()`. (cherry picked from commit 4ce30e4de05971ea93bc727695000d0025eb1591) --- src/resolve/resolved-dns-answer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c index 479af69d0fc..bbc1bdeecda 100644 --- a/src/resolve/resolved-dns-answer.c +++ b/src/resolve/resolved-dns-answer.c @@ -169,8 +169,9 @@ int dns_answer_add( /* Entry already exists, keep the entry with the higher TTL. */ if (rr->ttl > exist->rr->ttl) { + dns_resource_record_ref(rr); dns_resource_record_unref(exist->rr); - exist->rr = dns_resource_record_ref(rr); /* lgtm [cpp/inconsistent-null-check] */ + exist->rr = rr; /* Update RRSIG and RR at the same time */ if (rrsig) { From fbd34591480cd635fd9efd84316f0a33e75bddd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 12 May 2022 17:35:24 +0200 Subject: [PATCH 349/703] man,mkosi: fedora 36 has been released (cherry picked from commit 7353de27b7b4382783dad8437cd9d3b56d41156d) --- man/custom-entities.ent.in | 4 ++-- mkosi.default.d/fedora/10-mkosi.fedora | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/custom-entities.ent.in b/man/custom-entities.ent.in index 929ba8e83f5..6d662a380a8 100644 --- a/man/custom-entities.ent.in +++ b/man/custom-entities.ent.in @@ -15,5 +15,5 @@ - - + + diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index d68405e91ba..f6400bb10e7 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -5,7 +5,7 @@ [Distribution] Distribution=fedora -Release=35 +Release=36 [Packages] BuildPackages= From edb479849c3ba35317b6350bf17a2490e64a0fe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 May 2022 20:06:59 +0200 Subject: [PATCH 350/703] rpm: remove check if systemd is running in a few cases rpms can be installed in two different modes: into a chroot, where the system is not running, and onto a live system. In the first mode, where should create all changes that are "permanent", and in the second mode, all changes which are "permanent" but also those which only affect the running system. Thus, changes like new modprobe rules, tmpfiles rules, binfmt rules, udev rules, etc., are guarded by 'test -d "/run/systemd/system"' which is the official way to check if systemd is running, so that they are *not* executed when installed into a chroot. But the same logic does not apply to sysusers, hwdb, and the journal catalog: all those files can and should result in changes being performed immediately to the system. This makes the creation of immutable images possible (because there are no permanent changes to executed after a reboot), and allows other packages to depend on the the effect of those changes. Thus, the guard to check if we're not in a chroot is dropped from triggers for sysusers, hwdb, and the journal catalog. This means that those triggers will execute, and no subsequent work is needed. systemd-sysusers.service, systemd-journal-catalog-update.service, and systemd-hwdb-update.service.in all have ConditionNeedsUpdate= so they they generally won't be invoked after a reboot. (systemd.rpm does not touch /usr to trigger the condition, because the %transfiletriggers make that unnecessary.) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2085481 (cherry picked from commit 2fd7ecd2da699d2fece777062e408b62162768f6) --- src/rpm/triggers.systemd.in | 36 ++++++++++++++-------------------- src/rpm/triggers.systemd.sh.in | 12 +++--------- 2 files changed, 18 insertions(+), 30 deletions(-) diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in index 8aeb2049c1d..4755cdafe86 100644 --- a/src/rpm/triggers.systemd.in +++ b/src/rpm/triggers.systemd.in @@ -72,37 +72,31 @@ end -- This script will process files installed in {{SYSUSERS_DIR}} to create -- specified users automatically. The priority is set such that it -- will run before the tmpfiles file trigger. -if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then - assert(posix.execp("systemd-sysusers")) - elseif pid > 0 then - posix.wait(pid) - end +pid = posix.fork() +if pid == 0 then + assert(posix.execp("systemd-sysusers")) +elseif pid > 0 then + posix.wait(pid) end %transfiletriggerin -P 1000700 udev -p -- {{UDEV_HWDB_DIR}} -- This script will automatically invoke hwdb update if files have been -- installed or updated in {{UDEV_HWDB_DIR}}. -if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then - assert(posix.execp("systemd-hwdb", "update")) - elseif pid > 0 then - posix.wait(pid) - end +pid = posix.fork() +if pid == 0 then + assert(posix.execp("systemd-hwdb", "update")) +elseif pid > 0 then + posix.wait(pid) end %transfiletriggerin -P 1000700 -p -- {{SYSTEMD_CATALOG_DIR}} -- This script will automatically invoke journal catalog update if files -- have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. -if posix.access("/run/systemd/system") then - pid = posix.fork() - if pid == 0 then - assert(posix.execp("journalctl", "--update-catalog")) - elseif pid > 0 then - posix.wait(pid) - end +pid = posix.fork() +if pid == 0 then + assert(posix.execp("journalctl", "--update-catalog")) +elseif pid > 0 then + posix.wait(pid) end %transfiletriggerin -P 1000700 -p -- {{BINFMT_DIR}} diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in index 694cd94e8d8..8c301f5ed9d 100644 --- a/src/rpm/triggers.systemd.sh.in +++ b/src/rpm/triggers.systemd.sh.in @@ -43,23 +43,17 @@ # This script will process files installed in {{SYSUSERS_DIR}} to create # specified users automatically. The priority is set such that it # will run before the tmpfiles file trigger. -if test -d "/run/systemd/system"; then - systemd-sysusers || : -fi +systemd-sysusers || : %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}} # This script will automatically invoke hwdb update if files have been # installed or updated in {{UDEV_HWDB_DIR}}. -if test -d "/run/systemd/system"; then - systemd-hwdb update || : -fi +systemd-hwdb update || : %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}} # This script will automatically invoke journal catalog update if files # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}. -if test -d "/run/systemd/system"; then - journalctl --update-catalog || : -fi +journalctl --update-catalog || : %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}} # This script will automatically apply binfmt rules if files have been From fb4634471d10cfeb67e7a6f8c3d58c463a0c2cb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 May 2022 11:49:52 +0200 Subject: [PATCH 351/703] man: fix typo (cherry picked from commit f2f40edcb99295bc4655d0f057b8321b63db0e10) --- man/systemd.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd.xml b/man/systemd.xml index 468edfb2d39..e58923f4f5d 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -621,7 +621,7 @@ Environment The environment block for the system manager is initially set by the kernel. (In particular, - key=value assignments on the kernel command line are returned into environment + key=value assignments on the kernel command line are turned into environment variables for PID 1). For the user manager, the system manager sets the environment as described in the "Environment Variables in Spawned Processes" section of systemd.exec5. The From 89968d6397dd25a1eb1524275fe63e605cd27710 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 18 Apr 2022 23:21:12 +0900 Subject: [PATCH 352/703] resolve: drop unused argument (cherry picked from commit cd2cdba2fedf2dc71ff6429157c2e3b39938a93d) --- src/resolve/resolved-dns-dnssec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 5c2e936163d..c36609a8d11 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -778,8 +778,7 @@ static hash_md_t algorithm_to_implementation_id(uint8_t algorithm) { static void dnssec_fix_rrset_ttl( DnsResourceRecord *list[], unsigned n, - DnsResourceRecord *rrsig, - usec_t realtime) { + DnsResourceRecord *rrsig) { assert(list); assert(n > 0); @@ -1109,7 +1108,7 @@ int dnssec_verify_rrset( /* Now, fix the ttl, expiry, and remember the synthesizing source and the signer */ if (r > 0) - dnssec_fix_rrset_ttl(list, n, rrsig, realtime); + dnssec_fix_rrset_ttl(list, n, rrsig); if (r == 0) *result = DNSSEC_INVALID; From 5ec8884fea86a1417caba16309779d9d62edd725 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 19 Apr 2022 03:58:50 +0900 Subject: [PATCH 353/703] resolve: always request records to validate negative answer Otherwise, dns_transaction_requires_nsec() may not find no required transaction, and return true. That sets `answer_dnssec_result = DNSSEC_NO_SIGNATURE`, and the entire transaction fails. Fixes #21414. (cherry picked from commit 26b23d11870185b2ddab51bb1684d6761e8aa553) --- src/resolve/resolved-dns-transaction.c | 28 ++++++++++---------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index f937f9f7b59..19069289c7f 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -2217,7 +2217,7 @@ static int dns_transaction_negative_trust_anchor_lookup(DnsTransaction *t, const return link_negative_trust_anchor_lookup(t->scope->link, name); } -static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) { +static int dns_transaction_has_negative_answer(DnsTransaction *t) { int r; assert(t); @@ -2236,14 +2236,7 @@ static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) { r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(dns_transaction_key(t))); if (r < 0) return r; - if (r > 0) - return false; - - /* The answer does not contain any RRs that match to the - * question. If so, let's see if there are any NSEC/NSEC3 RRs - * included. If not, the answer is unsigned. */ - - return !dns_answer_contains_nsec_or_nsec3(t->answer); + return !r; } static int dns_transaction_is_primary_response(DnsTransaction *t, DnsResourceRecord *rr) { @@ -2567,14 +2560,15 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) { * we got. Now, let's request what we need to validate what we * didn't get... */ - r = dns_transaction_has_unsigned_negative_answer(t); + r = dns_transaction_has_negative_answer(t); if (r < 0) return r; if (r > 0) { - const char *name; + const char *name, *signed_status; uint16_t type = 0; name = dns_resource_key_name(dns_transaction_key(t)); + signed_status = dns_answer_contains_nsec_or_nsec3(t->answer) ? "signed" : "unsigned"; /* If this was a SOA or NS request, then check if there's a DS RR for the same domain. Note that this * could also be used as indication that we are not at a zone apex, but in real world setups there are @@ -2587,21 +2581,21 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) { r = dns_name_parent(&name); if (r > 0) { type = DNS_TYPE_SOA; - log_debug("Requesting parent SOA (→ %s) to validate transaction %" PRIu16 " (%s, unsigned empty DS response).", - name, t->id, dns_resource_key_name(dns_transaction_key(t))); + log_debug("Requesting parent SOA (→ %s) to validate transaction %" PRIu16 " (%s, %s empty DS response).", + name, t->id, dns_resource_key_name(dns_transaction_key(t)), signed_status); } else name = NULL; } else if (IN_SET(dns_transaction_key(t)->type, DNS_TYPE_SOA, DNS_TYPE_NS)) { type = DNS_TYPE_DS; - log_debug("Requesting DS (→ %s) to validate transaction %" PRIu16 " (%s, unsigned empty SOA/NS response).", - name, t->id, name); + log_debug("Requesting DS (→ %s) to validate transaction %" PRIu16 " (%s, %s empty SOA/NS response).", + name, t->id, name, signed_status); } else { type = DNS_TYPE_SOA; - log_debug("Requesting SOA (→ %s) to validate transaction %" PRIu16 " (%s, unsigned empty non-SOA/NS/DS response).", - name, t->id, name); + log_debug("Requesting SOA (→ %s) to validate transaction %" PRIu16 " (%s, %s empty non-SOA/NS/DS response).", + name, t->id, name, signed_status); } if (name) { From c87bdab92755d2845c46aa677aa17ded6860c369 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 17 May 2022 22:20:32 +0900 Subject: [PATCH 354/703] networkctl: fix units for bond parameters Fixes RHBZ#2086166 (https://bugzilla.redhat.com/show_bug.cgi?id=2086166). (cherry picked from commit 05e022a913533560a86a9b6a3ffda252df0cad1f) --- src/network/networkctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/network/networkctl.c b/src/network/networkctl.c index c35f851bdb6..d5bedda409e 100644 --- a/src/network/networkctl.c +++ b/src/network/networkctl.c @@ -1813,13 +1813,13 @@ static int link_status_one( TABLE_STRING, bond_mode_to_string(info->mode), TABLE_EMPTY, TABLE_STRING, "Miimon:", - TABLE_TIMESPAN_MSEC, jiffies_to_usec(info->miimon), + TABLE_TIMESPAN_MSEC, info->miimon * USEC_PER_MSEC, TABLE_EMPTY, TABLE_STRING, "Updelay:", - TABLE_TIMESPAN_MSEC, jiffies_to_usec(info->updelay), + TABLE_TIMESPAN_MSEC, info->updelay * USEC_PER_MSEC, TABLE_EMPTY, TABLE_STRING, "Downdelay:", - TABLE_TIMESPAN_MSEC, jiffies_to_usec(info->downdelay)); + TABLE_TIMESPAN_MSEC, info->downdelay * USEC_PER_MSEC); if (r < 0) return table_log_add_error(r); From a6f542c0d0c4034bf25b30666a3d0bd397af4d6e Mon Sep 17 00:00:00 2001 From: Tomasz Pala Date: Wed, 18 May 2022 18:11:42 +0200 Subject: [PATCH 355/703] udev: fixed config_parse_ifalias() logic not to skip setting IFLA_IFALIAS this flaw was introduced in 6a74900002981eacbde382f659ab706ca36155cc (cherry picked from commit d1df0466d9d312eb06dac2bd41e85a15061e7429) --- src/udev/net/link-config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c index 05f0f2e0a61..58abcdb72b9 100644 --- a/src/udev/net/link-config.c +++ b/src/udev/net/link-config.c @@ -883,7 +883,7 @@ int config_parse_ifalias( assert(rvalue); assert(data); - if (!isempty(rvalue)) { + if (isempty(rvalue)) { *s = mfree(*s); return 0; } From 2db4bf991ea26cda9e418dceecefe819887801c2 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 19 May 2022 00:44:31 +0200 Subject: [PATCH 356/703] portable: Remove unnecessary assert() Fixes #23433 matches is plumbed through until it finally gets used in unit_match() which can deal with NULL matches so the assert() is unnecessary and can be removed. The two call sites of extract_image_and_extensions() also don't assert() on matches either. (cherry picked from commit 1751d8c80cef40777b782c737947b4e86d99e7d6) --- src/portable/portable.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/portable/portable.c b/src/portable/portable.c index 0e6461ba939..dfdae1f323d 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -521,7 +521,6 @@ static int extract_image_and_extensions( int r; assert(name_or_path); - assert(matches); r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); if (r < 0) From 236c55d1c5eace0ff28f83c99d669fbfdce18ca5 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 19 May 2022 23:59:50 +0200 Subject: [PATCH 357/703] sd-bus: Fix introspect memory leak We have to free the contents of the set on top of the set itself. Fixes #23443. (cherry picked from commit dcb4e45ad8cb74b84c89b136060385c454d13c69) --- src/libsystemd/sd-bus/bus-objects.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c index b8524754191..5c6c6c5c5f1 100644 --- a/src/libsystemd/sd-bus/bus-objects.c +++ b/src/libsystemd/sd-bus/bus-objects.c @@ -934,7 +934,7 @@ int introspect_path( char **ret, sd_bus_error *error) { - _cleanup_ordered_set_free_ OrderedSet *s = NULL; + _cleanup_ordered_set_free_free_ OrderedSet *s = NULL; _cleanup_(introspect_free) struct introspect intro = {}; struct node_vtable *c; bool empty; From 1b83390ff4844a87087dc47057d3a406c96c479c Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Thu, 19 May 2022 11:01:04 -0700 Subject: [PATCH 358/703] Add sys/stat.h for S_IFDIR Fixes ../git/src/shared/mkdir-label.c:13:61: error: use of undeclared identifier 'S_IFDIR' r = mac_selinux_create_file_prepare_at(dirfd, path, S_IFDIR); Signed-off-by: Khem Raj (cherry picked from commit 29b7114c5d9624002aa7c17748d960cd1e45362d) --- src/shared/mkdir-label.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c index d36a6466d77..5b1ac5d1e01 100644 --- a/src/shared/mkdir-label.c +++ b/src/shared/mkdir-label.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include + #include "mkdir-label.h" #include "selinux-util.h" #include "smack-util.h" From 7970db60f585ab5d36ad2a47db2403aca7c38d6b Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 20 May 2022 12:05:34 +0100 Subject: [PATCH 359/703] dissect: ID from os-release should be non-empty, not just non-NULL (cherry picked from commit a2cf73f0b602a93a32107cfc066a5e307263c577) --- src/shared/dissect-image.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index c16d98b1278..b7302fd8793 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3540,7 +3540,7 @@ int verity_dissect_and_mount( * First, check the distro ID. If that matches, then check the new SYSEXT_LEVEL value if * available, or else fallback to VERSION_ID. If neither is present (eg: rolling release), * then a simple match on the ID will be performed. */ - if (required_host_os_release_id) { + if (!isempty(required_host_os_release_id)) { _cleanup_strv_free_ char **extension_release = NULL; r = load_extension_release_pairs(dest, dissected_image->image_name, &extension_release); From 7ff8ddd6230244609b3e3b14c5b16766ba57b53a Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 20 May 2022 12:24:45 +0100 Subject: [PATCH 360/703] portable: reject root directories without an ID field in os-release We always require at least ID to be set in os-release, reject and propagate error to the caller instead of asserting later (cherry picked from commit 7b2e763242e7736ef941f275977aa0c30d832c63) --- src/portable/portable.c | 2 ++ test/units/testsuite-29.sh | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/src/portable/portable.c b/src/portable/portable.c index dfdae1f323d..3f73151bfe3 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -575,6 +575,8 @@ static int extract_image_and_extensions( "PORTABLE_PREFIXES", &prefixes); if (r < 0) return r; + if (isempty(id)) + return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s os-release metadata lacks the ID field", name_or_path); if (prefixes) { valid_prefixes = strv_split(prefixes, WHITESPACE); diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 5dccad04f9b..b95adad8472 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -124,6 +124,16 @@ umount /tmp/overlay umount /tmp/rootdir umount /tmp/app1 +# Lack of ID field in os-release should be rejected, but it caused a crash in the past instead +mkdir -p /tmp/emptyroot/usr/lib +mkdir -p /tmp/emptyext/usr/lib/extension-release.d +touch /tmp/emptyroot/usr/lib/os-release +touch /tmp/emptyext/usr/lib/extension-release.d/extension-release.emptyext + +# Remote peer disconnected -> portabled crashed +res="$(! portablectl attach --extension /tmp/emptyext /tmp/emptyroot 2> >(grep "Remote peer disconnected"))" +test -z "${res}" + echo OK >/testok exit 0 From a03ce6d1a2d8239c2173786ee502405a306882e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 May 2022 14:53:22 +0200 Subject: [PATCH 361/703] portabled: refuse queries for empty image name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I took inspiration from pid1: bus_unit_find() → find_unit() → manager_load_unit_from_dbus_path() → unit_name_from_dbus_path() → !startswith(path, "/org/freedesktop/systemd1/unit/") → return -EINVAL ← ← ← ← if (r < 0) return 0 ← 0 ← i.e. we return 0 when queried for "/org/freedesktop/systemd1/unit". Fixes #23445. (cherry picked from commit 4313e2b69fe1bcddd7b551e171f1fa3554155968) --- src/portable/portabled-image-bus.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index 7bbe4663fed..d0b098801d3 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -1093,6 +1093,9 @@ int bus_image_object_find( return 0; if (r == 0) goto not_found; + if (isempty(e)) + /* The path is "/org/freedesktop/portable1/image" itself */ + goto not_found; r = bus_image_acquire(m, sd_bus_get_current_message(bus), e, NULL, BUS_IMAGE_REFUSE_BY_PATH, NULL, &image, error); if (r == -ENOENT) From 4abf21875c67580b6e27562fc0266647e2bc13ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 May 2022 14:53:50 +0200 Subject: [PATCH 362/703] portabled: wrap long lines and fix typo in error message (cherry picked from commit 5943d85f34bc39742291cb1a43f040d4bd581477) --- src/portable/portabled-image-bus.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index d0b098801d3..829e479c84a 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -1018,19 +1018,23 @@ int bus_image_acquire( /* If it's a short name, let's search for it */ r = image_find(IMAGE_PORTABLE, name_or_path, NULL, &loaded); if (r == -ENOENT) - return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PORTABLE_IMAGE, "No image '%s' found.", name_or_path); + return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PORTABLE_IMAGE, + "No image '%s' found.", name_or_path); /* other errors are handled below… */ } else { /* Don't accept path if this is always forbidden */ if (mode == BUS_IMAGE_REFUSE_BY_PATH) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Expected image name, not path in place of '%s'.", name_or_path); + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, + "Expected image name, not path in place of '%s'.", name_or_path); if (!path_is_absolute(name_or_path)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is not valid or not a valid path.", name_or_path); + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, + "Image name '%s' is not valid or not a valid path.", name_or_path); if (!path_is_normalized(name_or_path)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image path '%s' is not normalized.", name_or_path); + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, + "Image path '%s' is not normalized.", name_or_path); if (mode == BUS_IMAGE_AUTHENTICATE_BY_PATH) { r = bus_verify_polkit_async( @@ -1053,7 +1057,9 @@ int bus_image_acquire( r = image_from_path(name_or_path, &loaded); } if (r == -EMEDIUMTYPE) { - sd_bus_error_setf(error, BUS_ERROR_BAD_PORTABLE_IMAGE_TYPE, "Typ of image '%s' not recognized; supported image types are directories/btrfs subvolumes, block devices, and raw disk image files with suffix '.raw'.", name_or_path); + sd_bus_error_setf(error, BUS_ERROR_BAD_PORTABLE_IMAGE_TYPE, + "Type of image '%s' not recognized; supported image types are directories/btrfs subvolumes, block devices, and raw disk image files with suffix '.raw'.", + name_or_path); return r; } if (r < 0) From 54201434be2ae79f1bce56e132ffb20a486310db Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 20 May 2022 14:00:39 +0100 Subject: [PATCH 363/703] sd-bus: add comment and test in sd_bus_path_decode() for empty string 3970 e = object_path_startswith(path, prefix); (gdb) p path $1 = 0x55c5a166f768 "/org/freedesktop/portable1/image" (gdb) p prefix $2 = 0x55c59ffc2928 "/org/freedesktop/portable1/image" (gdb) p e $1 = 0x5581a1675788 "" This can be a bit confusing in certain cases, so add a comment and a test to make the behaviour clearer and explicit. (cherry picked from commit 54cd2d6869d20f0df3d8264168e17c31893dc0ca) --- src/libsystemd/sd-bus/sd-bus.c | 4 ++++ src/libsystemd/sd-bus/test-bus-marshal.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index 9e1d29cc1d0..59003437aa9 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -3974,6 +3974,10 @@ _public_ int sd_bus_path_decode(const char *path, const char *prefix, char **ext return 0; } + /* Note that 'e' might be an empty string here. That's expected. E.g. a case where the subtree + * corresponds to a subtree on a disk, and we want to return something that represents the root + * of the filesystem. */ + ret = bus_label_unescape(e); if (!ret) return -ENOMEM; diff --git a/src/libsystemd/sd-bus/test-bus-marshal.c b/src/libsystemd/sd-bus/test-bus-marshal.c index 9feeaf48fd3..e1afbc2f1be 100644 --- a/src/libsystemd/sd-bus/test-bus-marshal.c +++ b/src/libsystemd/sd-bus/test-bus-marshal.c @@ -36,7 +36,7 @@ static void test_bus_path_encode_unique(void) { } static void test_bus_path_encode(void) { - _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL; + _cleanup_free_ char *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL, *g = NULL; assert_se(sd_bus_path_encode("/foo/bar", "waldo", &a) >= 0 && streq(a, "/foo/bar/waldo")); assert_se(sd_bus_path_decode(a, "/waldo", &b) == 0 && b == NULL); @@ -50,6 +50,8 @@ static void test_bus_path_encode(void) { assert_se(sd_bus_path_encode("/foo/bar", "foo.bar", &e) >= 0 && streq(e, "/foo/bar/foo_2ebar")); assert_se(sd_bus_path_decode(e, "/foo/bar", &f) > 0 && streq(f, "foo.bar")); + + assert_se(sd_bus_path_decode("/waldo", "/waldo", &g) > 0 && streq(g, "")); } static void test_bus_path_encode_many(void) { From 684585719b438dff6969472fe20ff8b3e6347113 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 May 2022 17:19:56 +0200 Subject: [PATCH 364/703] kernel-install: restore priority of check for /boot/loader/entries Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2071034. Based on 1b43f868934e971480249a6e0fa2f45da906ea2e. --- src/kernel-install/kernel-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install index d85852532b6..a19256196e7 100755 --- a/src/kernel-install/kernel-install +++ b/src/kernel-install/kernel-install @@ -107,8 +107,8 @@ fi [ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ] && source /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID" [ -z "$MACHINE_ID" ] && MACHINE_ID="Default" -[ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do - for pref in "/efi" "/boot" "/boot/efi" ; do +[ -z "$BOOT_ROOT" ] && for pref in "/efi" "/boot" "/boot/efi" ; do + for suff in "$MACHINE_ID" "loader/entries"; do if [ -d "$pref/$suff" ]; then BOOT_ROOT="$pref" break 2 From 6100e1dded709f681aca0cf913095e2591a54e33 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 21 May 2022 03:03:21 +0900 Subject: [PATCH 365/703] sysext: refuse empty release ID to avoid triggering assertion Otherwise, the assertion in extension_release_validate() will be triggered. (cherry picked from commit 30e29edf4c0bb025aa7dc03c415b727fddf996ac) --- src/sysext/sysext.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 60789e0f2c1..4245bf1760b 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -483,6 +483,10 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { "SYSEXT_LEVEL", &host_os_release_sysext_level); if (r < 0) return log_error_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(arg_root)); + if (isempty(host_os_release_id)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", + empty_to_root(arg_root)); /* Let's now mount all images */ HASHMAP_FOREACH(img, images) { From 6f8adbad80f017dd753d65f1433e659c94b6e4de Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 24 May 2022 11:40:53 +0200 Subject: [PATCH 366/703] bootctl: Make sure bootctl install returns 0 on success This backports the same fix from 6e9165397faa1b546d367bdfc28dd4377a8f1d0a in systemd upstream that we can't backport directly because that commit introduces a new feature. (cherry picked from commit eb76587f33a08c91f025d4c7fa685c44f7b2d332) --- src/boot/bootctl.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index ebe25751262..7fd9baf3dd8 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -1852,13 +1852,16 @@ static int verb_install(int argc, char *argv[], void *userdata) { (void) sync_everything(); - if (arg_touch_variables) - r = install_variables(arg_esp_path, - part, pstart, psize, uuid, - "/EFI/systemd/systemd-boot" EFI_MACHINE_TYPE_NAME ".efi", - install); + if (!arg_touch_variables) + return 0; - return r; + r = install_variables(arg_esp_path, part, pstart, psize, uuid, + "/EFI/systemd/systemd-boot" EFI_MACHINE_TYPE_NAME ".efi", + install); + if (r < 0) + return r; + + return 0; } static int verb_remove(int argc, char *argv[], void *userdata) { From 9d6fa4e17d62e98701c21d36592a4072111227c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 17 May 2022 10:11:05 +0200 Subject: [PATCH 367/703] core/bpf: lsm_bpf_supported() returns a boolean The code was corret, but confusing, because it was treating the int as a boolean. (cherry picked from commit 389db516df2106bf50d7c83192a05f033baa4c2b) --- src/core/bpf-lsm.c | 22 +++++++++++----------- src/core/bpf-lsm.h | 2 +- src/test/test-bpf-lsm.c | 3 +-- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 83f3199349c..174aa259c02 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -125,7 +125,7 @@ static int mac_bpf_use(void) { } } -int lsm_bpf_supported(void) { +bool lsm_bpf_supported(void) { _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL; static int supported = -1; int r; @@ -136,44 +136,44 @@ int lsm_bpf_supported(void) { r = dlopen_bpf(); if (r < 0) { log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m"); - return supported = 0; + return (supported = false); } r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); if (r < 0) { log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m"); - return supported = 0; + return (supported = false); } if (r == 0) { log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not running with unified cgroup hierarchy, LSM BPF is not supported"); - return supported = 0; + return (supported = false); } r = mac_bpf_use(); if (r < 0) { log_warning_errno(r, "Can't determine whether the BPF LSM module is used: %m"); - return supported = 0; + return (supported = false); } if (r == 0) { log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "BPF LSM hook not enabled in the kernel, LSM BPF not supported"); - return supported = 0; + return (supported = false); } r = prepare_restrict_fs_bpf(&obj); if (r < 0) - return supported = 0; + return (supported = false); if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) { log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Failed to link BPF program. Assuming BPF is not available"); - return supported = 0; + return (supported = false); } - return supported = 1; + return (supported = true); } int lsm_bpf_setup(Manager *m) { @@ -297,8 +297,8 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) { restrict_fs_bpf__destroy(prog); } #else /* ! BPF_FRAMEWORK */ -int lsm_bpf_supported(void) { - return 0; +bool lsm_bpf_supported(void) { + return false; } int lsm_bpf_setup(Manager *m) { diff --git a/src/core/bpf-lsm.h b/src/core/bpf-lsm.h index 8bd58a29e53..e609d99330b 100644 --- a/src/core/bpf-lsm.h +++ b/src/core/bpf-lsm.h @@ -14,7 +14,7 @@ typedef struct Manager Manager; typedef struct restrict_fs_bpf restrict_fs_bpf; -int lsm_bpf_supported(void); +bool lsm_bpf_supported(void); int lsm_bpf_setup(Manager *m); int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list); int lsm_bpf_cleanup(const Unit *u); diff --git a/src/test/test-bpf-lsm.c b/src/test/test-bpf-lsm.c index 258c2e575ed..8c7e9111df7 100644 --- a/src/test/test-bpf-lsm.c +++ b/src/test/test-bpf-lsm.c @@ -81,8 +81,7 @@ int main(int argc, char *argv[]) { if (!can_memlock()) return log_tests_skipped("Can't use mlock(), skipping."); - r = lsm_bpf_supported(); - if (r <= 0) + if (!lsm_bpf_supported()) return log_tests_skipped("LSM BPF hooks are not supported"); r = enter_cgroup_subroot(NULL); From 3784472f64ec3393fb3d07b27427c7332b3cc16d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 17 May 2022 10:13:49 +0200 Subject: [PATCH 368/703] manager: skip BPF cleanup if we never initialized This fixes a spurious warning from the manager running in user mode: systemd[1668]: Reached target sockets.target. systemd[1669]: Failed to create BPF map: Operation not permitted systemd[1669]: Finished systemd-tmpfiles-setup.service. systemd[1669]: Listening on dbus.socket. systemd[1669]: Reached target sockets.target. systemd[1669]: Reached target basic.target. systemd[1]: Started user@6.service. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2084955. (cherry picked from commit ba187c9c9ce9c0d16e09aca8c3d3c38975ce05a9) --- src/core/bpf-lsm.c | 9 ++++++--- src/core/bpf-lsm.h | 2 +- src/core/manager.c | 2 +- src/test/test-bpf-lsm.c | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 174aa259c02..d3e92b98a62 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -125,13 +125,15 @@ static int mac_bpf_use(void) { } } -bool lsm_bpf_supported(void) { +bool lsm_bpf_supported(bool initialize) { _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL; static int supported = -1; int r; if (supported >= 0) return supported; + if (!initialize) + return false; r = dlopen_bpf(); if (r < 0) { @@ -267,7 +269,8 @@ int lsm_bpf_cleanup(const Unit *u) { assert(u); assert(u->manager); - if (!lsm_bpf_supported()) + /* If we never successfully detected support, there is nothing to clean up. */ + if (!lsm_bpf_supported(/* initialize = */ false)) return 0; if (!u->manager->restrict_fs) @@ -297,7 +300,7 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) { restrict_fs_bpf__destroy(prog); } #else /* ! BPF_FRAMEWORK */ -bool lsm_bpf_supported(void) { +bool lsm_bpf_supported(bool initialize) { return false; } diff --git a/src/core/bpf-lsm.h b/src/core/bpf-lsm.h index e609d99330b..dff581279d7 100644 --- a/src/core/bpf-lsm.h +++ b/src/core/bpf-lsm.h @@ -14,7 +14,7 @@ typedef struct Manager Manager; typedef struct restrict_fs_bpf restrict_fs_bpf; -bool lsm_bpf_supported(void); +bool lsm_bpf_supported(bool initialize); int lsm_bpf_setup(Manager *m); int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list); int lsm_bpf_cleanup(const Unit *u); diff --git a/src/core/manager.c b/src/core/manager.c index 12c49e7fca4..93e34867f4b 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -930,7 +930,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager return r; #if HAVE_LIBBPF - if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported()) { + if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported(/* initialize = */ true)) { r = lsm_bpf_setup(m); if (r < 0) log_warning_errno(r, "Failed to setup LSM BPF, ignoring: %m"); diff --git a/src/test/test-bpf-lsm.c b/src/test/test-bpf-lsm.c index 8c7e9111df7..2d1b09a79d2 100644 --- a/src/test/test-bpf-lsm.c +++ b/src/test/test-bpf-lsm.c @@ -81,7 +81,7 @@ int main(int argc, char *argv[]) { if (!can_memlock()) return log_tests_skipped("Can't use mlock(), skipping."); - if (!lsm_bpf_supported()) + if (!lsm_bpf_supported(/* initialize = */ true)) return log_tests_skipped("LSM BPF hooks are not supported"); r = enter_cgroup_subroot(NULL); From 33542857398a6b8435d0fc2ede2b07063f4575a4 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 17 Jan 2022 22:17:04 +0000 Subject: [PATCH 369/703] ci: switch from unstable to testing on mkosi (cherry picked from commit b0f1f76ca11e4c3f12de3ec4ade1af4bb9894bcf) --- mkosi.default.d/debian/10-mkosi.debian | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index 2be71f3c7f6..d35b1d72a64 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -5,7 +5,7 @@ [Distribution] Distribution=debian -Release=unstable +Release=testing [Packages] BuildPackages= From e5613d202d7885452d470e3d32ed890109904192 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 13 May 2022 03:09:42 +0900 Subject: [PATCH 370/703] mkosi: test-acl-util requires getfacl (cherry picked from commit 2481f0369ca680085001c8779bbbce1a2d61dd43) --- mkosi.default.d/fedora/10-mkosi.fedora | 1 + 1 file changed, 1 insertion(+) diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index f6400bb10e7..d8d71107efe 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -65,6 +65,7 @@ BuildPackages= /usr/bin/xsltproc Packages= + acl gdb nano # procps-ng provides a set of useful utilities (ps, free, etc) From 0041f0d6090279f08be6c0a324a7f98dc2b86969 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 13 May 2022 04:19:29 +0900 Subject: [PATCH 371/703] mkosi: drop libiptc from build for Fedora It is mostly deprecated on Fedora. (cherry picked from commit ab2129004956d5b075267fce8b304c2d8ebf8c57) --- mkosi.default.d/fedora/10-mkosi.fedora | 1 - 1 file changed, 1 deletion(-) diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index d8d71107efe..be158534632 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -38,7 +38,6 @@ BuildPackages= pkgconfig(libfido2) pkgconfig(libgcrypt) pkgconfig(libidn2) - pkgconfig(libiptc) pkgconfig(libkmod) pkgconfig(liblz4) pkgconfig(liblzma) From f0c465037808beda223d869e359656fb630b2f12 Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Tue, 24 May 2022 10:51:27 -0700 Subject: [PATCH 372/703] test-seccomp: check for CAP_IPC_OWNER before calling shmat() shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER, memory_deny_write_execute_shmat would fail. This fixes it. (cherry picked from commit 7e46a5c093e9e0d2e1ec734058e0caf1725ff37e) (cherry picked from commit d4ca019870e9c31026c75633be12b5893ffa4ecf) (cherry picked from commit 9a50c7c1499cb84b068552c503b9139c9e3a2e17) --- src/test/test-seccomp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 7ccfeadbb81..45fe8f7c599 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) { log_notice("Seccomp not available, skipping %s", __func__); return; } - if (!have_seccomp_privs()) { + if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) { log_notice("Not privileged, skipping %s", __func__); return; } From 4278dbdb1e2fb6859262e6063aba4c56fe959d40 Mon Sep 17 00:00:00 2001 From: Eduard Tolosa Date: Thu, 26 May 2022 15:53:24 -0500 Subject: [PATCH 373/703] loader.conf: Clarify the default value of timeout. (cherry picked from commit 815068d3a3bab32df94dff2cfe8e84d0ab973ceb) (cherry picked from commit d5be9159995ce29c4002fc2f401996ab3087b6bd) --- man/loader.conf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/loader.conf.xml b/man/loader.conf.xml index 9fdd1e78d44..61d84da4611 100644 --- a/man/loader.conf.xml +++ b/man/loader.conf.xml @@ -109,7 +109,7 @@ will be stored as an EFI variable in that case, overriding this option. - If set to menu-hidden or 0 no menu + If set to menu-hidden or 0 (the default) no menu is shown and the default entry will be booted immediately. The menu can be shown by pressing and holding a key before systemd-boot is launched. Setting this to menu-force disables the timeout while always showing the menu. From a402228745f701485a5bb5ec1727fcdef5a88d2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 20 May 2022 17:35:17 +0200 Subject: [PATCH 374/703] man/systemd.automount: move the main description up and clarify deps (cherry picked from commit 93dbc22a9533ab4fbf8a4b6c176b95f8cef7a9a6) (cherry picked from commit 0d3ba825e224ddf8ea5838cd6c7be9ff9892a4ea) --- man/systemd.automount.xml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/man/systemd.automount.xml b/man/systemd.automount.xml index da35a7d26b0..628a6615e66 100644 --- a/man/systemd.automount.xml +++ b/man/systemd.automount.xml @@ -26,10 +26,9 @@ Description - A unit configuration file whose name ends in - .automount encodes information about a file - system automount point controlled and supervised by - systemd. + A unit configuration file whose name ends in .automount encodes information + about a file system automount point controlled and supervised by systemd. Automount units may be used to + implement on-demand mounting as well as parallelized mounting of file systems. This man page lists the configuration options specific to this unit type. See @@ -55,9 +54,6 @@ accesses /home/lennart the mount unit home-lennart.mount will be activated. - Automount units may be used to implement on-demand mounting - as well as parallelized mounting of file systems. - Note that automount units are separate from the mount itself, so you should not set After= or Requires= for mount dependencies here. For example, you should not set @@ -65,8 +61,8 @@ filesystems. Doing so may result in an ordering cycle. Note that automount support on Linux is privileged, automount units are hence only available in the - system service manager (and root's user service manager), but not in unprivileged user's service - manager. + system service manager (and root's user service manager), but not in unprivileged users' service + managers. @@ -78,12 +74,12 @@ The following dependencies are implicitly added: - If an automount unit is beneath another mount unit in the - file system hierarchy, both a requirement and an ordering - dependency between both units are created automatically. + If an automount unit is beneath another mount unit in the file system hierarchy, a + requirement and ordering dependencies are created to the on the unit higher in the hierarchy. + - An implicit Before= dependency is created - between an automount unit and the mount unit it activates. + An implicit Before= dependency is created between an automount + unit and the mount unit it activates. From ba9008454207d62e4e9a52da79f0c065fe62b016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 May 2022 14:28:43 +0200 Subject: [PATCH 375/703] man/automount: say that automounts should not be nested Fixes #21832. (cherry picked from commit 223a359f21af1572a5b98629a3c684f764f3f26e) (cherry picked from commit 7a73f995e29d8e1c673c5c032e0ad2ac9e3f66a9) --- man/systemd.automount.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/man/systemd.automount.xml b/man/systemd.automount.xml index 628a6615e66..c7c8b91e14d 100644 --- a/man/systemd.automount.xml +++ b/man/systemd.automount.xml @@ -63,6 +63,9 @@ Note that automount support on Linux is privileged, automount units are hence only available in the system service manager (and root's user service manager), but not in unprivileged users' service managers. + + Note that automount units should not be nested. (The establishment of the inner automount point + would unconditionally pin the outer mount point, defeating its purpose.) @@ -157,6 +160,7 @@ creating these directories. Takes an access mode in octal notation. Defaults to 0755. + TimeoutIdleSec= Configures an idle timeout. Once the mount has been From 01816042886fede1cef3b4e63b9f381802497aac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 May 2022 13:14:08 +0200 Subject: [PATCH 376/703] man/shutdown: explain -h more Fixes #23401 (cherry picked from commit 5ee38adea4d590424fc840cd0e411a3cde73695e) (cherry picked from commit 7c2b2f279c3dc6163330e7c79190b1559203af2f) --- man/shutdown.xml | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/man/shutdown.xml b/man/shutdown.xml index b07736ee680..97f33e802a9 100644 --- a/man/shutdown.xml +++ b/man/shutdown.xml @@ -18,7 +18,7 @@ shutdown - Halt, power-off or reboot the machine + Halt, power off or reboot the machine @@ -33,8 +33,7 @@ Description - shutdown may be used to halt, power-off - or reboot the machine. + shutdown may be used to halt, power off, or reboot the machine. The first argument may be a time string (which is usually now). Optionally, this may be followed by a @@ -81,47 +80,41 @@ - Power-off the machine (the - default). + Power the machine off (the default). - Reboot the - machine. + Reboot the machine. - Equivalent to , - unless is specified. + The same as , but does not override the action to take if + it is "halt". E.g. shutdown --reboot -h means "poweroff", but shutdown + --halt -h means "halt". - Do not halt, power-off, reboot, just write - wall message. + Do not halt, power off, or reboot, but just write the wall message. - Do not send wall - message before - halt, power-off, reboot. + Do not send wall message before halt, power off, or reboot. - Cancel a pending shutdown. This may be used - to cancel the effect of an invocation of - shutdown with a time argument that is not - +0 or + Cancel a pending shutdown. This may be used to cancel the effect of an invocation of + shutdown with a time argument that is not +0 or now. From 80f6c459b53cd50d9a8fbe98123fa45cac26ea0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 May 2022 14:04:52 +0200 Subject: [PATCH 377/703] man/sd-bus: discuss negative-return values and add example Fixes #22816. (cherry picked from commit 8f2477715691f96b93d277b023f086203f76653f) (cherry picked from commit 11b806992986cc44df303b2de1ccdc15407e3698) --- man/sd_bus_error-example.c | 18 ++++++++++ man/sd_bus_error.xml | 68 ++++++++++++++++++++++++++------------ 2 files changed, 65 insertions(+), 21 deletions(-) create mode 100644 man/sd_bus_error-example.c diff --git a/man/sd_bus_error-example.c b/man/sd_bus_error-example.c new file mode 100644 index 00000000000..abea13ca451 --- /dev/null +++ b/man/sd_bus_error-example.c @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: CC0-1.0 */ + +#include +#include +#include +#include + +int writer_with_negative_errno_return(int fd, sd_bus_error *error) { + const char *message = "Hello, World!\n"; + + ssize_t n = write(fd, message, strlen(message)); + if (n >= 0) + return n; /* On success, return the number of bytes written, possibly 0. */ + + /* On error, initialize the error structure, and also propagate the errno + * value that write(2) set for us. */ + return sd_bus_error_set_errnof(error, errno, "Failed to write to fd %i: %m", fd); +} diff --git a/man/sd_bus_error.xml b/man/sd_bus_error.xml index 5697ce73230..f4d0fea2e65 100644 --- a/man/sd_bus_error.xml +++ b/man/sd_bus_error.xml @@ -246,10 +246,15 @@ values in e, if e has been set with an error value before. Otherwise, it will return immediately. If the strings in e were set using sd_bus_error_set_const(), they will be shared. Otherwise, they will be - copied. Returns a converted errno-like, negative error code or 0. - Before this call, dst must be unset, i.e. either freshly initialized with + copied. Before this call, dst must be unset, i.e. either freshly initialized with NULL or reset using sd_bus_error_free(). + sd_bus_error_copy() generally returns 0 or a negative + errno-like value based on the input parameter e: + 0 if it was unset and a negative integer if it was set to some error, similarly to + sd_bus_error_set(). It may however also return an error generated internally, for + example -ENOMEM if a memory allocation fails. + sd_bus_error_move() is similar to sd_bus_error_copy(), but will move any error information from e into dst, resetting the former. This function cannot fail, as no new memory is allocated. Note that if @@ -286,6 +291,18 @@ to NULL. The structure may be reused afterwards. + + Reference ownership + + sd_bus_error is not reference-counted. Users should destroy resources held + by it by calling sd_bus_error_free(). Usually, error structures are allocated on the + stack or passed in as function parameters, but they may also be allocated dynamically, in which case it + is the duty of the caller to free3 the memory + held by the structure itself after freeing its contents with + sd_bus_error_free(). + + Return Value @@ -297,7 +314,8 @@ sd_bus_error_set_errnofv(), return 0 when the specified error value is 0, and a negative errno-like value corresponding to the error parameter otherwise. If an error occurs internally, one of the negative - error values listed below will be returned. + error values listed below will be returned. This allows those functions to be conveniently used in a + return statement, see the example below. sd_bus_error_get_errno() returns false when e is @@ -305,7 +323,9 @@ e->name otherwise. sd_bus_error_copy() and sd_bus_error_move() return a - negative error value converted from the source error, and zero if the error has not been set. + negative error value converted from the source error, and zero if the error has not been set. This + allows those functions to be conveniently used in a return statement, see the + example below. sd_bus_error_is_set() returns a non-zero value when e and the @@ -316,32 +336,18 @@ sd_bus_error_has_names_sentinel() return a non-zero value when e is non-NULL and the name field is equal to one of the given names, zero otherwise. - - - - Reference ownership - sd_bus_error is not reference - counted. Users should destroy resources held by it by calling - sd_bus_error_free(). Usually, error structures - are allocated on the stack or passed in as function parameters, - but they may also be allocated dynamically, in which case it is - the duty of the caller to free3 - the memory held by the structure itself after freeing its contents - with sd_bus_error_free(). Errors - Returned errors may indicate the following problems: + Return value may indicate the following problems in the invocation of the function itself: - -EINVAL - Error was already set in sd_bus_error structure when one - the error-setting functions was called. + Error was already set in the sd_bus_error structure when + one the error-setting functions was called. @@ -350,9 +356,29 @@ Memory allocation failed. + + On success, sd_bus_error_set(), sd_bus_error_setf(), + sd_bus_error_set_const(), sd_bus_error_set_errno(), + sd_bus_error_set_errnof(), sd_bus_error_set_errnofv(), + sd_bus_error_copy(), and sd_bus_error_move() will return a + negative converted errno-style value, or 0 if the error + parameter is NULL or unset. D-Bus errors are converted to the integral + errno-style value, and the mapping mechanism is extensible, see the discussion + above. This effectively means that almost any negative errno-style value can be + returned. + + Examples + + + Using the negative return value to propagate an error + + + + + From fb406eac6512e1eeff248e8e0af7bfbf0fcf6895 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 26 May 2022 14:23:27 +0200 Subject: [PATCH 378/703] man/homectl: adjust man page to match code Fixes #22966. Since there are competing conventions, let's not change our code, but make the docs match what is implemented. (cherry picked from commit b72308d34440530df3bb8b6b3d272dfc303d1d37) (cherry picked from commit cfd6a14c7d21fc4e4b0d8a5b684127b69231fa96) --- man/homectl.xml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/man/homectl.xml b/man/homectl.xml index eaed7897b1c..7993f96e8b0 100644 --- a/man/homectl.xml +++ b/man/homectl.xml @@ -673,7 +673,7 @@ CIPHER MODE - BITS + BYTES TYPE ALGORITHM SECONDS @@ -683,7 +683,12 @@ Configures various cryptographic parameters for the LUKS2 storage mechanism. See cryptsetup8 - for details on the specific attributes. + for details on the specific attributes. + + Note that homectl uses bytes for key size, like + /proc/crypto, but cryptsetup8 + uses bits. From ebe423270efa3890c02f6bb73c75d2ec753949a9 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Thu, 26 May 2022 14:32:20 -0400 Subject: [PATCH 379/703] sd-hwdb: include sys/stat.h in hwdb-internal.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Include this header to fix errors when including hwdb-internal.h: ../src/libsystemd/sd-hwdb/hwdb-internal.h:16:21: error: field ‘st’ has incomplete type 16 | struct stat st; (cherry picked from commit 9745b51c73c78a63003b4cb6e0714829144d297c) (cherry picked from commit f00716615d54711f0fd584568f04615e4a206c05) --- src/libsystemd/sd-hwdb/hwdb-internal.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libsystemd/sd-hwdb/hwdb-internal.h b/src/libsystemd/sd-hwdb/hwdb-internal.h index 5ddc2211e62..62d27f7b896 100644 --- a/src/libsystemd/sd-hwdb/hwdb-internal.h +++ b/src/libsystemd/sd-hwdb/hwdb-internal.h @@ -2,6 +2,7 @@ #pragma once #include +#include #include "def.h" #include "hashmap.h" From a5b0338e896338774226a3bd8a56f63555c7b9ce Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 27 May 2022 04:23:10 +0900 Subject: [PATCH 380/703] sd-bus: fix buffer overflow Fixes #23486. (cherry picked from commit 89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e) (cherry picked from commit a5c4e29b2ca83b0956ea4635e1db7b02ae007d55) --- src/libsystemd/sd-bus/bus-message.c | 30 ++++++++++++++---- test/fuzz/fuzz-bus-message/issue-23486-case-1 | Bin 0 -> 32 bytes test/fuzz/fuzz-bus-message/issue-23486-case-2 | Bin 0 -> 16 bytes test/fuzz/fuzz-bus-message/issue-23486-case-3 | Bin 0 -> 16 bytes 4 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-1 create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-2 create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-3 diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 96529b422be..ca0b290ed29 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -428,7 +428,7 @@ int bus_message_from_header( _cleanup_free_ sd_bus_message *m = NULL; struct bus_header *h; - size_t a, label_sz; + size_t a, label_sz = 0; /* avoid false maybe-uninitialized warning */ assert(bus); assert(header || header_accessible <= 0); @@ -506,7 +506,10 @@ int bus_message_from_header( m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size); m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size); - if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size) + assert(message_size >= sizeof(struct bus_header)); + if (m->fields_size > message_size - sizeof(struct bus_header) || + ALIGN8(m->fields_size) > message_size - sizeof(struct bus_header) || + m->body_size != message_size - sizeof(struct bus_header) - ALIGN8(m->fields_size)) return -EBADMSG; } @@ -3062,15 +3065,21 @@ void bus_body_part_unmap(struct bus_body_part *part) { return; } -static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { +static int buffer_peek(const void *p, size_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { size_t k, start, end; assert(rindex); assert(align > 0); - start = ALIGN_TO((size_t) *rindex, align); - end = start + nbytes; + start = ALIGN_TO(*rindex, align); + if (start > sz) + return -EBADMSG; + + /* Avoid overflow below */ + if (nbytes > SIZE_MAX - start) + return -EBADMSG; + end = start + nbytes; if (end > sz) return -EBADMSG; @@ -3273,10 +3282,17 @@ static int message_peek_body( assert(rindex); assert(align > 0); - start = ALIGN_TO((size_t) *rindex, align); + start = ALIGN_TO(*rindex, align); + if (start > m->user_body_size) + return -EBADMSG; + padding = start - *rindex; - end = start + nbytes; + /* Avoid overflow below */ + if (nbytes > SIZE_MAX - start) + return -EBADMSG; + + end = start + nbytes; if (end > m->user_body_size) return -EBADMSG; diff --git a/test/fuzz/fuzz-bus-message/issue-23486-case-1 b/test/fuzz/fuzz-bus-message/issue-23486-case-1 new file mode 100644 index 0000000000000000000000000000000000000000..fe8338b42ba6af6c080aa92aa619e05a6e6e1cc8 GIT binary patch literal 32 gcmd1dVrFCj0xbpQd;uUW! Date: Mon, 30 May 2022 22:08:07 +0700 Subject: [PATCH 381/703] cgroup-util: Properly handle conditions where cgroup.threads is empty after SIGKILL but processes still remain After sending a SIGKILL to a process, the process might disappear from `cgroup.threads` but still show up in `cgroup.procs` and still remains in the cgroup and cause migrating new processes to `Delegate=yes` cgroups to fail with `-EBUSY`. This is especially likely for heavyweight processes that consume more kernel CPU time to clean up. Fix this by only returning 0 when both `cgroup.threads` and `cgroup.procs` are empty. (cherry picked from commit 37f0289bf5f2283c187032f83c33ea955b75f119) (cherry picked from commit 1961d84ab55c18cfd908a3a80d60455aea96f369) --- src/basic/cgroup-util.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c index a626ecf2e2f..b33acf8df1c 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -357,20 +357,29 @@ int cg_kill( Set *s, cg_kill_log_func_t log_kill, void *userdata) { - int r; + + int r, ret; r = cg_kill_items(controller, path, sig, flags, s, log_kill, userdata, "cgroup.procs"); if (r < 0 || sig != SIGKILL) return r; + ret = r; + /* Only in case of killing with SIGKILL and when using cgroupsv2, kill remaining threads manually as a workaround for kernel bug. It was fixed in 5.2-rc5 (c03cd7738a83), backported to 4.19.66 (4340d175b898) and 4.14.138 (feb6b123b7dd). */ r = cg_unified_controller(controller); - if (r <= 0) + if (r < 0) + return r; + if (r == 0) + return ret; + + r = cg_kill_items(controller, path, sig, flags, s, log_kill, userdata, "cgroup.threads"); + if (r < 0) return r; - return cg_kill_items(controller, path, sig, flags, s, log_kill, userdata, "cgroup.threads"); + return r > 0 || ret > 0; } int cg_kill_kernel_sigkill(const char *controller, const char *path) { From 7a2f1363bb266c24a969c0228a7fd8935723364e Mon Sep 17 00:00:00 2001 From: Benjamin Franzke Date: Tue, 31 May 2022 21:36:55 +0200 Subject: [PATCH 382/703] resolved: define source address for proxy-only stub replies DnsPacket.ifindex=1 (loopback) is normalized to 0 whenever a message is received on the loopback iface, so for both listeners, 127.0.0.53 and 127.0.0.54, the ifindex will be set to 0 by manager_recv() for queries that have a local origin. Replies to such local messages need to set a proper ifindex in any case, as the supplied source-address would otherwise be ignored in manager_ipv4_send() (CMSG generation is skipped due to ifindex > 0 check). Note that this change only forces `ifindex` to loopback if it was actually normalized to `0` before (due to a loopback detection) in order to keep the nat-to-127.0.0.54-from-another-interface usecase that was described in a8d09063447568d87288a8e868fe386c1da7ce09 intact. Also note that nat is not supported for the main stub 127.0.0.53 which is why forcing LOOPBACK_IFINDEX was/is fine for that case. Fixes #23495 (cherry picked from commit dfa14e2859418593b2f9bfae8936d780148c4e6a) (cherry picked from commit 7ee5cde34348fb5f75577d2fdfa000f33ea7876c) --- src/resolve/resolved-dns-stub.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 9e34161eb32..89d1f1cdfc2 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -528,18 +528,26 @@ static int dns_stub_send( if (s) r = dns_stream_write_packet(s, reply); else { - int fd; + int fd, ifindex; fd = find_socket_fd(m, l, p->family, &p->sender, SOCK_DGRAM); if (fd < 0) return fd; + if (address_is_proxy(p->family, &p->destination)) + /* Force loopback iface if this is the loopback proxy stub + * and ifindex was normalized to 0 by manager_recv(). */ + ifindex = p->ifindex ?: LOOPBACK_IFINDEX; + else + /* Force loopback iface if this is the main listener stub. */ + ifindex = l ? p->ifindex : LOOPBACK_IFINDEX; + /* Note that it is essential here that we explicitly choose the source IP address for this * packet. This is because otherwise the kernel will choose it automatically based on the - * routing table and will thus pick 127.0.0.1 rather than 127.0.0.53. */ + * routing table and will thus pick 127.0.0.1 rather than 127.0.0.53/54. */ r = manager_send(m, fd, - l || address_is_proxy(p->family, &p->destination) ? p->ifindex : LOOPBACK_IFINDEX, /* force loopback iface if this is the main listener stub */ + ifindex, p->family, &p->sender, p->sender_port, &p->destination, reply); } From d6abfffdc5d00bcc8ef00f5da080e6b1d675abb3 Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Thu, 2 Jun 2022 15:58:33 +0200 Subject: [PATCH 383/703] man: add missing arguments to systemd-creds synopsis (cherry picked from commit 5ad0109cd8ec31b6a7fd72e0fdeaabde2669afe7) (cherry picked from commit 98a39c30145f527d8c8c0d5c4d2b922efa7f3c0b) --- man/systemd-creds.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml index 73999f425a1..9254bb87065 100644 --- a/man/systemd-creds.xml +++ b/man/systemd-creds.xml @@ -25,6 +25,8 @@ systemd-creds OPTIONS + COMMAND + ARGS From b4cdb3f346c1c78162cd29eee5206d4af4e832b9 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 1 Jun 2022 02:31:10 +0900 Subject: [PATCH 384/703] sha256: use memcpy() when result buffer is unaligned Fixes #23578. (cherry picked from commit c7a5eabeba1bc12adab79d2dc2cb20a78fe33227) (cherry picked from commit 761fc09a001fa8f06ca990736d5189fee7e6353a) --- src/fundamental/sha256.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c index 0577a24920b..cd16aec4dd0 100644 --- a/src/fundamental/sha256.c +++ b/src/fundamental/sha256.c @@ -47,6 +47,20 @@ # define SWAP64(n) (n) #endif +/* The condition below is from glibc's string/string-inline.c. + * See definition of _STRING_INLINE_unaligned. */ +#if !defined(__mc68020__) && !defined(__s390__) && !defined(__i386__) + +/* To check alignment gcc has an appropriate operator. Other compilers don't. */ +# if __GNUC__ >= 2 +# define UNALIGNED_P(p) (((size_t) p) % __alignof__(uint32_t) != 0) +# else +# define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) +# endif +#else +# define UNALIGNED_P(p) false +#endif + /* This array contains the bytes used to pad the buffer to the next 64-byte boundary. (FIPS 180-2:5.1.1) */ static const uint8_t fillbuf[64] = { @@ -94,10 +108,7 @@ void sha256_init_ctx(struct sha256_ctx *ctx) { } /* Process the remaining bytes in the internal buffer and the usual - prolog according to the standard and write the result to RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ + prolog according to the standard and write the result to RESBUF. */ void *sha256_finish_ctx(struct sha256_ctx *ctx, void *resbuf) { /* Take yet unprocessed bytes into account. */ uint32_t bytes = ctx->buflen; @@ -122,7 +133,10 @@ void *sha256_finish_ctx(struct sha256_ctx *ctx, void *resbuf) { /* Put result from CTX in first 32 bytes following RESBUF. */ for (size_t i = 0; i < 8; ++i) - ((uint32_t *) resbuf)[i] = SWAP(ctx->H[i]); + if (UNALIGNED_P(resbuf)) + memcpy((uint8_t*) resbuf + i * sizeof(uint32_t), (uint32_t[]) { SWAP(ctx->H[i]) }, sizeof(uint32_t)); + else + ((uint32_t *) resbuf)[i] = SWAP(ctx->H[i]); return resbuf; } @@ -156,17 +170,6 @@ void sha256_process_bytes(const void *buffer, size_t len, struct sha256_ctx *ctx /* Process available complete blocks. */ if (len >= 64) { - -/* The condition below is from glibc's string/string-inline.c. - * See definition of _STRING_INLINE_unaligned. */ -#if !defined(__mc68020__) && !defined(__s390__) && !defined(__i386__) - -/* To check alignment gcc has an appropriate operator. Other compilers don't. */ -# if __GNUC__ >= 2 -# define UNALIGNED_P(p) (((size_t) p) % __alignof__(uint32_t) != 0) -# else -# define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) -# endif if (UNALIGNED_P(buffer)) while (len > 64) { memcpy(ctx->buffer, buffer, 64); @@ -174,9 +177,7 @@ void sha256_process_bytes(const void *buffer, size_t len, struct sha256_ctx *ctx buffer = (const char *) buffer + 64; len -= 64; } - else -#endif - { + else { sha256_process_block(buffer, len & ~63, ctx); buffer = (const char *) buffer + (len & ~63); len &= 63; From d4cff445e4b8edaf01c6e377b1f2d72ac94d91dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 2 Jun 2022 00:27:52 +0200 Subject: [PATCH 385/703] shared/bpf: install log callback and suppress most messages from libbpf $ build/test-socket-bind ... libbpf: load bpf program failed: Operation not permitted libbpf: failed to load program 'sd_bind4' libbpf: failed to load object 'socket_bind_bpf' libbpf: failed to load BPF skeleton 'socket_bind_bpf': -1 Failed to load BPF object: Operation not permitted Now all lines with "libbpf:" are at debug level and will be hidden by default. Partially fixes https://bugzilla.redhat.com/show_bug.cgi?id=2084955#c14 (i.e. the error that was exposed when the initial error was fixed.) (cherry picked from commit 44005a5778ca66848bf7e8dfe4c51ae62919bd69) (cherry picked from commit eceaa72f8786f378a63df442d1466b46afd3cb7b) --- src/shared/bpf-dlopen.c | 28 ++++++++++++++++++++++++++-- src/shared/bpf-dlopen.h | 3 ++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/src/shared/bpf-dlopen.c b/src/shared/bpf-dlopen.c index 6f82002ff83..d8e778794c2 100644 --- a/src/shared/bpf-dlopen.c +++ b/src/shared/bpf-dlopen.c @@ -9,7 +9,6 @@ static void *bpf_dl = NULL; struct bpf_link* (*sym_bpf_program__attach_cgroup)(struct bpf_program *, int); struct bpf_link* (*sym_bpf_program__attach_lsm)(struct bpf_program *); -long (*sym_libbpf_get_error)(const void *); int (*sym_bpf_link__fd)(const struct bpf_link *); int (*sym_bpf_link__destroy)(struct bpf_link *); int (*sym_bpf_map__fd)(const struct bpf_map *); @@ -26,9 +25,27 @@ void (*sym_bpf_object__detach_skeleton)(struct bpf_object_skeleton *); void (*sym_bpf_object__destroy_skeleton)(struct bpf_object_skeleton *); bool (*sym_bpf_probe_prog_type)(enum bpf_prog_type, __u32); const char* (*sym_bpf_program__name)(const struct bpf_program *); +libbpf_print_fn_t (*sym_libbpf_set_print)(libbpf_print_fn_t); +long (*sym_libbpf_get_error)(const void *); + +_printf_(2,0) +static int bpf_print_func(enum libbpf_print_level level, const char *fmt, va_list ap) { +#if !LOG_TRACE + /* libbpf logs a lot of details at its debug level, which we don't need to see. */ + if (level == LIBBPF_DEBUG) + return 0; +#endif + /* All other levels are downgraded to LOG_DEBUG */ + + /* errno is used here, on the assumption that if the log message uses %m, errno will be set to + * something useful. Otherwise, it shouldn't matter, we may pass 0 or some bogus value. */ + return log_internalv(LOG_DEBUG, errno, NULL, 0, NULL, fmt, ap); +} int dlopen_bpf(void) { - return dlopen_many_sym_or_warn( + int r; + + r = dlopen_many_sym_or_warn( &bpf_dl, "libbpf.so.0", LOG_DEBUG, DLSYM_ARG(bpf_link__destroy), DLSYM_ARG(bpf_link__fd), @@ -48,7 +65,14 @@ int dlopen_bpf(void) { DLSYM_ARG(bpf_program__attach_cgroup), DLSYM_ARG(bpf_program__attach_lsm), DLSYM_ARG(bpf_program__name), + DLSYM_ARG(libbpf_set_print), DLSYM_ARG(libbpf_get_error)); + if (r < 0) + return r; + + /* We set the print helper unconditionally. Otherwise libbpf will emit not useful log messages. */ + (void) sym_libbpf_set_print(bpf_print_func); + return r; } #else diff --git a/src/shared/bpf-dlopen.h b/src/shared/bpf-dlopen.h index 713c41c3f40..f0d40325d90 100644 --- a/src/shared/bpf-dlopen.h +++ b/src/shared/bpf-dlopen.h @@ -8,7 +8,6 @@ extern struct bpf_link* (*sym_bpf_program__attach_cgroup)(struct bpf_program *, int); extern struct bpf_link* (*sym_bpf_program__attach_lsm)(struct bpf_program *); -extern long (*sym_libbpf_get_error)(const void *); extern int (*sym_bpf_link__fd)(const struct bpf_link *); extern int (*sym_bpf_link__destroy)(struct bpf_link *); extern int (*sym_bpf_map__fd)(const struct bpf_map *); @@ -27,6 +26,8 @@ extern void (*sym_bpf_object__detach_skeleton)(struct bpf_object_skeleton *); extern void (*sym_bpf_object__destroy_skeleton)(struct bpf_object_skeleton *); extern bool (*sym_bpf_probe_prog_type)(enum bpf_prog_type, __u32); extern const char* (*sym_bpf_program__name)(const struct bpf_program *); +extern libbpf_print_fn_t (*sym_libbpf_set_print)(libbpf_print_fn_t); +extern long (*sym_libbpf_get_error)(const void *); #endif From 255264cdf677257215cb43aaa46c282a6013ad5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 1 Jun 2022 23:56:25 +0200 Subject: [PATCH 386/703] core: define a helper function for basic bpf checks (cherry picked from commit bb0b01ed20436a6322f8b59b19b0b5b98a6ac2bc) (cherry picked from commit 1b4511849bde3dffe60f7707ecf61558568edf96) --- src/core/bpf-lsm.c | 18 ++---------------- src/core/bpf-socket-bind.c | 13 +++---------- src/core/bpf-util.c | 34 ++++++++++++++++++++++++++++++++++ src/core/bpf-util.h | 5 +++++ src/core/meson.build | 7 +++++++ src/core/restrict-ifaces.c | 20 ++++++-------------- 6 files changed, 57 insertions(+), 40 deletions(-) create mode 100644 src/core/bpf-util.c create mode 100644 src/core/bpf-util.h diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index d3e92b98a62..1c1ca89e048 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -26,6 +26,7 @@ /* libbpf, clang and llc compile time dependencies are satisfied */ #include "bpf-dlopen.h" #include "bpf-link.h" +#include "bpf-util.h" #include "bpf/restrict_fs/restrict-fs-skel.h" #define CGROUP_HASH_SIZE_MAX 2048 @@ -135,23 +136,8 @@ bool lsm_bpf_supported(bool initialize) { if (!initialize) return false; - r = dlopen_bpf(); - if (r < 0) { - log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m"); - return (supported = false); - } - - r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); - if (r < 0) { - log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m"); + if (!cgroup_bpf_supported()) return (supported = false); - } - - if (r == 0) { - log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "Not running with unified cgroup hierarchy, LSM BPF is not supported"); - return (supported = false); - } r = mac_bpf_use(); if (r < 0) { diff --git a/src/core/bpf-socket-bind.c b/src/core/bpf-socket-bind.c index c5176aa481a..e8bffe6496f 100644 --- a/src/core/bpf-socket-bind.c +++ b/src/core/bpf-socket-bind.c @@ -11,8 +11,9 @@ /* libbpf, clang, llvm and bpftool compile time dependencies are satisfied */ #include "bpf-dlopen.h" #include "bpf-link.h" -#include "bpf/socket_bind/socket-bind-skel.h" +#include "bpf-util.h" #include "bpf/socket_bind/socket-bind-api.bpf.h" +#include "bpf/socket_bind/socket-bind-skel.h" static struct socket_bind_bpf *socket_bind_bpf_free(struct socket_bind_bpf *obj) { /* socket_bind_bpf__destroy handles object == NULL case */ @@ -119,15 +120,7 @@ int bpf_socket_bind_supported(void) { _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; int r; - r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); - if (r < 0) - return log_debug_errno(r, "Can't determine whether the unified hierarchy is used: %m"); - if (r == 0) { - log_debug("Not running with unified cgroup hierarchy, BPF is not supported"); - return false; - } - - if (dlopen_bpf() < 0) + if (!cgroup_bpf_supported()) return false; if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, /*ifindex=*/0)) { diff --git a/src/core/bpf-util.c b/src/core/bpf-util.c new file mode 100644 index 00000000000..9130aa373f2 --- /dev/null +++ b/src/core/bpf-util.c @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "bpf-dlopen.h" +#include "bpf-util.h" +#include "cgroup-util.h" +#include "log.h" + +bool cgroup_bpf_supported(void) { + static int supported = -1; + int r; + + if (supported >= 0) + return supported; + + r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); + if (r < 0) { + log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m"); + return (supported = false); + } + + if (r == 0) { + log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "Not running with unified cgroup hierarchy, disabling cgroup BPF features."); + return (supported = false); + } + + r = dlopen_bpf(); + if (r < 0) { + log_info_errno(r, "Failed to open libbpf, cgroup BPF features disabled: %m"); + return (supported = false); + } + + return (supported = true); +} diff --git a/src/core/bpf-util.h b/src/core/bpf-util.h new file mode 100644 index 00000000000..a6c55cd7e54 --- /dev/null +++ b/src/core/bpf-util.h @@ -0,0 +1,5 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include + +bool cgroup_bpf_supported(void); diff --git a/src/core/meson.build b/src/core/meson.build index d229d46779a..5d78f1fe291 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -133,6 +133,13 @@ libcore_sources = ''' unit.h '''.split() +if conf.get('BPF_FRAMEWORK') == 1 + libcore_sources += files( + 'bpf-util.c', + 'bpf-util.h', + ) +endif + subdir('bpf') subdir('bpf/socket_bind') diff --git a/src/core/restrict-ifaces.c b/src/core/restrict-ifaces.c index 0132c3c877e..2ec924c56cb 100644 --- a/src/core/restrict-ifaces.c +++ b/src/core/restrict-ifaces.c @@ -9,7 +9,7 @@ #include "bpf-dlopen.h" #include "bpf-link.h" - +#include "bpf-util.h" #include "bpf/restrict_ifaces/restrict-ifaces-skel.h" static struct restrict_ifaces_bpf *restrict_ifaces_bpf_free(struct restrict_ifaces_bpf *obj) { @@ -76,29 +76,21 @@ int restrict_network_interfaces_supported(void) { if (supported >= 0) return supported; - r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); - if (r < 0) - return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m"); - if (r == 0) { - log_debug("Not running with unified cgroup hierarchy, BPF is not supported"); - return supported = 0; - } - - if (dlopen_bpf() < 0) - return false; + if (!cgroup_bpf_supported()) + return (supported = false); if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SKB, /*ifindex=*/0)) { log_debug("BPF program type cgroup_skb is not supported"); - return supported = 0; + return (supported = false); } r = prepare_restrict_ifaces_bpf(NULL, true, NULL, &obj); if (r < 0) { log_debug_errno(r, "Failed to load BPF object: %m"); - return supported = 0; + return (supported = false); } - return supported = bpf_can_link_program(obj->progs.sd_restrictif_i); + return (supported = bpf_can_link_program(obj->progs.sd_restrictif_i)); } static int restrict_network_interfaces_install_impl(Unit *u) { From 8feb4b17665990cbc09b8a2585d0b5d0bbbd4a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 1 Jun 2022 17:49:27 +0200 Subject: [PATCH 387/703] various: add %m in messages Sometimes we want to suppress strerror() message because the are providing something better. But in those cases, it seems it was just forgotten. (cherry picked from commit 2e09b2235a27df3ada3542a2402b6e1727fc2c6c) (cherry picked from commit b9f0194aabcce280121fb2f657e38e12f1f0a5b9) --- src/core/bpf-lsm.c | 2 +- src/userdb/userwork.c | 2 +- src/volatile-root/volatile-root.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 1c1ca89e048..3ebc2fd1661 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -84,7 +84,7 @@ static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) { r = restrict_fs_bpf__load(obj); assert(r <= 0); if (r < 0) - return log_error_errno(r, "Failed to load BPF object"); + return log_error_errno(r, "Failed to load BPF object: %m"); *ret_obj = TAKE_PTR(obj); diff --git a/src/userdb/userwork.c b/src/userdb/userwork.c index 18d58c308c0..490e42b0143 100644 --- a/src/userdb/userwork.c +++ b/src/userdb/userwork.c @@ -556,7 +556,7 @@ static int run(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Parent already died?"); if (kill(parent, SIGUSR2) < 0) - return log_error_errno(errno, "Failed to kill our own parent."); + return log_error_errno(errno, "Failed to kill our own parent: %m"); } } diff --git a/src/volatile-root/volatile-root.c b/src/volatile-root/volatile-root.c index 90065b410b0..f780cdbcd12 100644 --- a/src/volatile-root/volatile-root.c +++ b/src/volatile-root/volatile-root.c @@ -127,7 +127,7 @@ static int run(int argc, char *argv[]) { r = query_volatile_mode(&m); if (r < 0) - return log_error_errno(r, "Failed to determine volatile mode from kernel command line."); + return log_error_errno(r, "Failed to determine volatile mode from kernel command line: %m"); if (r == 0 && argc >= 2) { /* The kernel command line always wins. However if nothing was set there, the argument passed here wins instead. */ m = volatile_mode_from_string(argv[1]); From a78e72be51da31126d77c6fdc085576afed32db6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 22 May 2022 14:36:07 +0200 Subject: [PATCH 388/703] coredump: Fix format string type mismatch Fixes #23471 (cherry picked from commit 08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4) (cherry picked from commit 421a99e2d681e52a7d471f34bb1bd8a2a4e56540) --- src/coredump/coredump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index 6a6e9765d4a..deb3edbb85a 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -506,8 +506,8 @@ static int save_external_coredump( if (truncated) log_struct(LOG_INFO, - LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size), - "SIZE_LIMIT=%zu", max_size, + LOG_MESSAGE("Core file was truncated to %"PRIu64" bytes.", max_size), + "SIZE_LIMIT=%"PRIu64, max_size, "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); r = fix_permissions(fd, tmp, fn, context, uid); From c62d033a9184d2225622114b481c9d5bd4b8b9b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 5 Jun 2022 10:24:15 +0200 Subject: [PATCH 389/703] shared/microhttp-util: silence gcc warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ../src/journal-remote/microhttpd-util.c: In function ‘check_permissions’: ../src/journal-remote/microhttpd-util.c:301:5: error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn] 301 | int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) { | ^~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Fixes #23630. (cherry picked from commit b547241728487c0dca22780241b04964f2eb37af) (cherry picked from commit ad74be8f3746dcca066860cbb23befada4af84c6) --- src/journal-remote/microhttpd-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c index 7c59d90ef4c..29af39d2a5f 100644 --- a/src/journal-remote/microhttpd-util.c +++ b/src/journal-remote/microhttpd-util.c @@ -299,7 +299,7 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn } #else -int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) { +_noreturn_ int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) { assert_not_reached(); } From ec340a3978fbbb9ec9c5e8b482f65bca42cf2266 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 3 Jun 2022 09:32:02 +0200 Subject: [PATCH 390/703] sha256: fix compilation on efi-ia32 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /usr/bin/gcc -c ../src/fundamental/sha256.c -o src/boot/efi/sha256.c.o -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -fno-stack-protector -fno-strict-aliasing -fpic -fwide-exec-charset=UCS2 -Wall -Wextra -Wsign-compare -nostdlib -std=gnu99 -ffreestanding -fshort-wchar -fvisibility=hidden -isystem /usr/include/efi -isystem /usr/include/efi/ia32 -I /builddir/build/BUILD/systemd-stable-250.7/src/fundamental -DSD_BOOT -DGNU_EFI_USE_MS_ABI -include src/boot/efi/efi_config.h -include version.h -mno-sse -mno-mmx -flto -O2 -flto=auto ../src/fundamental/sha256.c: In function ‘sha256_finish_ctx’: ../src/fundamental/sha256.c:61:25: error: ‘false’ undeclared (first use in this function) 61 | # define UNALIGNED_P(p) false | ^~~~~ ../src/fundamental/sha256.c:136:21: note: in expansion of macro ‘UNALIGNED_P’ 136 | if (UNALIGNED_P(resbuf)) | ^~~~~~~~~~~ ../src/fundamental/sha256.c:32:1: note: ‘false’ is defined in header ‘’; did you forget to ‘#include ’? 31 | #include "sha256.h" +++ |+#include 32 | ... (cherry picked from commit 38c87ca2ab96d085158485ecfc46c7cb6af0f166) (cherry picked from commit 46db77075da0f4d554b82ee6d54ef64125afec40) --- src/fundamental/sha256.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c index cd16aec4dd0..58b1a80d339 100644 --- a/src/fundamental/sha256.c +++ b/src/fundamental/sha256.c @@ -58,7 +58,7 @@ # define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) # endif #else -# define UNALIGNED_P(p) false +# define UNALIGNED_P(p) sd_false #endif /* This array contains the bytes used to pad the buffer to the next From 4ee49a624c97381eb4ffb59f2c38648cd47a9370 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Tue, 24 May 2022 14:15:59 +0200 Subject: [PATCH 391/703] boot: Fix bad CompareMem call (cherry picked from commit 2d5d72c62b3d7bfd4d0d3e59cf252852237aa10c) (cherry picked from commit f65f0b642981de071a474a2522969682bbd615ec) --- src/boot/efi/xbootldr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c index 4972877d209..bf150489afa 100644 --- a/src/boot/efi/xbootldr.c +++ b/src/boot/efi/xbootldr.c @@ -38,7 +38,7 @@ static BOOLEAN verify_gpt(union GptHeaderBuffer *gpt_header_buffer, EFI_LBA lba_ h = &gpt_header_buffer->gpt_header; /* Some superficial validation of the GPT header */ - if(CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature) != 0)) + if (CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature)) != 0) return FALSE; if (h->Header.HeaderSize < 92 || h->Header.HeaderSize > 512) From 666d792e851f980d002b955a3b641f855d8d6407 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 13 May 2022 04:43:37 +0900 Subject: [PATCH 392/703] network: do not update interface group by default This fixes a minor bug introduced by 10af8bb24b39a815079f6bf31b449c6e5aaa2adf. Before the commit, the interface group was set only when Group= is explicitly specified, otherwise the interface group was kept. However, after the commit, we need to specify Group= with an empty string to keep the current interface group. (cherry picked from commit cee683394328ae271348fad93c3474b5784bcc78) --- src/network/networkd-network.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 8a53b29d489..efdedfaa1bf 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -381,6 +381,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi .required_for_online = -1, .required_operstate_for_online = LINK_OPERSTATE_RANGE_DEFAULT, .activation_policy = _ACTIVATION_POLICY_INVALID, + .group = -1, .arp = -1, .multicast = -1, .allmulticast = -1, From c46b908d6eaabefb35fa0aadd342dbca7418924f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Jun 2022 17:32:39 +0200 Subject: [PATCH 393/703] Revert "tree-wide: explicitly unpoison getdents64() memory" This partially reverts commit 0dbce03c37d1e11837dd7f9b80b9964ca539c914. --- src/basic/stat-util.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c index c2269844f81..77788bbece6 100644 --- a/src/basic/stat-util.c +++ b/src/basic/stat-util.c @@ -103,8 +103,6 @@ int dir_is_empty_at(int dir_fd, const char *path) { if (n < 0) return -errno; - msan_unpoison(&buffer, n); - FOREACH_DIRENT_IN_BUFFER(de, &buffer.de, n) if (!dot_or_dot_dot(de->d_name)) return 0; From 51089e007f2f45fc15e37e7a9dcf3045416e1239 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Jun 2022 17:33:46 +0200 Subject: [PATCH 394/703] Revert "stat-util: optimize dir_is_empty_at() a bit, by using getdents64()" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit a068aceafbffcba85398cce636c25d659265087a. https://github.com/systemd/systemd/pull/23236 fixes a regression introduced by this patch. But there was a bunch of follow-ups, and unrelated fixups… So let's just revert this instead. --- src/basic/dirent-util.h | 6 ------ src/basic/stat-util.c | 21 +++++++-------------- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h index 5fde9043a30..04bc53003f6 100644 --- a/src/basic/dirent-util.h +++ b/src/basic/dirent-util.h @@ -51,9 +51,3 @@ assert_cc(sizeof_field(struct dirent, d_name) == sizeof_field(struct dirent64, d for (void *_end = (uint8_t*) ({ (de) = (buf); }) + (sz); \ (uint8_t*) (de) < (uint8_t*) _end; \ (de) = (struct dirent*) ((uint8_t*) (de) + (de)->d_reclen)) - -#define DEFINE_DIRENT_BUFFER(name, sz) \ - union { \ - struct dirent de; \ - uint8_t data[(sz) * DIRENT_SIZE_MAX]; \ - } name diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c index 77788bbece6..728f6428374 100644 --- a/src/basic/stat-util.c +++ b/src/basic/stat-util.c @@ -73,11 +73,7 @@ int is_device_node(const char *path) { int dir_is_empty_at(int dir_fd, const char *path) { _cleanup_close_ int fd = -1; - /* Allocate space for at least 3 full dirents, since every dir has at least two entries ("." + - * ".."), and only once we have seen if there's a third we know whether the dir is empty or not. */ - DEFINE_DIRENT_BUFFER(buffer, 3); - struct dirent *de; - ssize_t n; + _cleanup_closedir_ DIR *d = NULL; if (path) { assert(dir_fd >= 0 || dir_fd == AT_FDCWD); @@ -90,22 +86,19 @@ int dir_is_empty_at(int dir_fd, const char *path) { if (fd < 0) return -errno; } else { - /* Note that DUPing is not enough, as the internal pointer would still be shared and moved - * getedents64(). */ - assert(dir_fd >= 0); - + /* Note that DUPing is not enough, as the internal pointer + * would still be shared and moved by FOREACH_DIRENT. */ fd = fd_reopen(dir_fd, O_RDONLY|O_DIRECTORY|O_CLOEXEC); if (fd < 0) return fd; } - n = getdents64(fd, &buffer, sizeof(buffer)); - if (n < 0) + d = take_fdopendir(&fd); + if (!d) return -errno; - FOREACH_DIRENT_IN_BUFFER(de, &buffer.de, n) - if (!dot_or_dot_dot(de->d_name)) - return 0; + FOREACH_DIRENT(de, d, return -errno) + return 0; return 1; } From 39f2ccdb379b9d0bae5525e4d8a6e66bf9e3a7aa Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 7 Mar 2022 15:32:22 +0900 Subject: [PATCH 395/703] tree-wide: fix typo (cherry picked from commit a17e54783a6c899309bd5e32f1d68e95a0db0abf) --- man/sd_bus_add_object.xml | 2 +- meson.build | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml index 3249b7f98de..991f3a8064f 100644 --- a/man/sd_bus_add_object.xml +++ b/man/sd_bus_add_object.xml @@ -561,7 +561,7 @@ SD_BUS_VTABLE_CAPABILITY(capability) - Access to this vtable entry will be allowed if the calling proccess has the + Access to this vtable entry will be allowed if the calling process has the capability capability, as described in sd_bus_query_sender_privilege3. If used for SD_BUS_VTABLE_START(), provides a default for all entries in the diff --git a/meson.build b/meson.build index cb9936ee8be..43c28442a38 100644 --- a/meson.build +++ b/meson.build @@ -373,7 +373,7 @@ possible_common_cc_flags = [ '-Wno-string-plus-int', # clang ] -# Disable -Wmaybe-unitialized when compiling with -Os/-O1/-O3/etc. There are +# Disable -Wmaybe-uninitialized when compiling with -Os/-O1/-O3/etc. There are # too many false positives with gcc >= 8. Effectively, we only test with -O0 # and -O2; this should be enough to catch most important cases without too much # busywork. See https://github.com/systemd/systemd/pull/19226. From 77fabe49e199d1356188ddd7cae0c7beb6875fe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 29 Apr 2022 14:35:20 +0200 Subject: [PATCH 396/703] meson: also check c_args to maybe add -Wno-maybe-uninitialized MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit People (and build systems) sometimes set flags through -Dc_args=… or $CFLAGS. Let's catch this common case too. meson will set c_args from $CFLAGS, so we only need to check the former. (cherry picked from commit b528a62863961658165091985b565cf7be48ea98) --- meson.build | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 43c28442a38..c0aad38aa6f 100644 --- a/meson.build +++ b/meson.build @@ -373,12 +373,18 @@ possible_common_cc_flags = [ '-Wno-string-plus-int', # clang ] +c_args = get_option('c_args') + # Disable -Wmaybe-uninitialized when compiling with -Os/-O1/-O3/etc. There are # too many false positives with gcc >= 8. Effectively, we only test with -O0 # and -O2; this should be enough to catch most important cases without too much # busywork. See https://github.com/systemd/systemd/pull/19226. if cc.get_id() == 'gcc' and (not '02'.contains(get_option('optimization')) or - cc.version().version_compare('<10')) + cc.version().version_compare('<10') or + '-Os' in c_args or + '-O1' in c_args or + '-O3' in c_args or + '-Og' in c_args) possible_common_cc_flags += '-Wno-maybe-uninitialized' endif @@ -3546,7 +3552,7 @@ test_cflags = ['-DTEST_CODE=1'] # bunch of _cleanup_ variables in tests, to ensure valgrind is triggered if we # use the variable unexpectedly. This triggers a lot of maybe-uninitialized # false positives when the combination of -O2 and -flto is used. Suppress them. -if '-O2' in get_option('c_args') and '-flto=auto' in get_option('c_args') +if '-O2' in c_args and '-flto=auto' in c_args test_cflags += cc.first_supported_argument('-Wno-maybe-uninitialized') endif From cfe1936465278581f3b4d2239246ad138a59ca04 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 29 Apr 2022 23:50:11 +0100 Subject: [PATCH 397/703] analyze: fix crash with online security check 1449b0f8a96b27 fixed seccomp arch check for the offline case, but broke it for the normal case, as when coming from D-Bus the list of seccomp architectures is already converted to string. Fixes https://github.com/systemd/systemd/issues/23224 (cherry picked from commit e22f2cfa5e79135d9abf53152a292357fe807dc9) --- src/analyze/analyze-security.c | 20 +++++++++++++------- test/units/testsuite-65.sh | 2 ++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 111fab6b86b..12d11b5cd8d 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -536,19 +536,16 @@ static int assess_system_call_architectures( uint64_t *ret_badness, char **ret_description) { - uint32_t native = 0; char *d; uint64_t b; assert(ret_badness); assert(ret_description); - assert_se(seccomp_arch_from_string("native", &native) >= 0); - if (set_isempty(info->system_call_architectures)) { b = 10; d = strdup("Service may execute system calls with all ABIs"); - } else if (set_contains(info->system_call_architectures, UINT32_TO_PTR(native + 1)) && + } else if (set_contains(info->system_call_architectures, "native") && set_size(info->system_call_architectures) == 1) { b = 0; d = strdup("Service may execute system calls only with native ABI"); @@ -2571,11 +2568,20 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security return log_oom(); } info->_umask = c->umask; - if (c->syscall_archs) { - info->system_call_architectures = set_copy(c->syscall_archs); - if (!info->system_call_architectures) + +#if HAVE_SECCOMP + SET_FOREACH(key, c->syscall_archs) { + const char *name; + + name = seccomp_arch_to_string(PTR_TO_UINT32(key) - 1); + if (!name) + continue; + + if (set_put_strdup(&info->system_call_architectures, name) < 0) return log_oom(); } +#endif + info->system_call_filter_allow_list = c->syscall_allow_list; if (c->syscall_filter) { info->system_call_filter = hashmap_copy(c->syscall_filter); diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh index 18684d41702..38403a45b76 100755 --- a/test/units/testsuite-65.sh +++ b/test/units/testsuite-65.sh @@ -600,6 +600,8 @@ if systemd-analyze --version | grep -q -F "+ELFUTILS"; then systemd-analyze inspect-elf --json=short /lib/systemd/systemd | grep -q -F '"elfType":"executable"' fi +systemd-analyze --threshold=90 security systemd-journald.service + systemd-analyze log-level info echo OK >/testok From 28390fa98462cb69b480d67712682e82e9636e32 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 22 Mar 2022 22:01:08 +0900 Subject: [PATCH 398/703] network: do not enable IPv4 ACD for IPv4 link-local address if ACD is disabled explicitly The commit 1cf4ed142d6c1e2b9dc6a0bc74b6a83ae30b0f8e makes the IPv4 ACD enabled unconditionally for IPv4 link-local addresses even if users explicitly disable ACD. This makes the IPv4 ACD is enabled by default, but honor user setting. Fixes #22763. (cherry picked from commit 2859932bd64d61a89f85fa027762bc16961fcf53) --- man/systemd.network.xml | 3 ++- src/network/networkd-address.c | 26 ++++++++++++++++++-------- src/network/networkd-address.h | 3 +++ 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 3e8e5357cc3..e0fe24d986f 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -1133,7 +1133,8 @@ Table=1234 Detection. See RFC 5227. When ipv6, performs IPv6 Duplicate Address Detection. See RFC 4862. Defaults to - ipv6. + ipv4 for IPv4 link-local addresses, ipv6 for IPv6 + addresses, and none otherwise. diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c index 7df743efb55..3d669b7ec16 100644 --- a/src/network/networkd-address.c +++ b/src/network/networkd-address.c @@ -68,7 +68,6 @@ int address_new(Address **ret) { .lifetime_valid_usec = USEC_INFINITY, .lifetime_preferred_usec = USEC_INFINITY, .set_broadcast = -1, - .duplicate_address_detection = ADDRESS_FAMILY_IPV6, }; *ret = TAKE_PTR(address); @@ -106,6 +105,8 @@ static int address_new_static(Network *network, const char *filename, unsigned s address->network = network; address->section = TAKE_PTR(n); address->source = NETWORK_CONFIG_SOURCE_STATIC; + /* This will be adjusted in address_section_verify(). */ + address->duplicate_address_detection = _ADDRESS_FAMILY_INVALID; r = ordered_hashmap_ensure_put(&network->addresses_by_section, &network_config_hash_ops, address->section, address); if (r < 0) @@ -1909,6 +1910,8 @@ static int address_section_verify(Address *address) { address->section->filename, address->section->line); } + assert(IN_SET(address->family, AF_INET, AF_INET6)); + if (address_may_have_broadcast(address)) address_set_broadcast(address); else if (address->broadcast.s_addr != 0) { @@ -1934,17 +1937,24 @@ static int address_section_verify(Address *address) { address->scope = RT_SCOPE_LINK; } + if (address->duplicate_address_detection < 0) { + if (address->family == AF_INET6) + address->duplicate_address_detection = ADDRESS_FAMILY_IPV6; + else if (in4_addr_is_link_local(&address->in_addr.in)) + address->duplicate_address_detection = ADDRESS_FAMILY_IPV4; + else + address->duplicate_address_detection = ADDRESS_FAMILY_NO; + } else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV6 && address->family == AF_INET) + log_warning("%s: DuplicateAddressDetection=ipv6 is specified for IPv4 address, ignoring.", + address->section->filename); + else if (address->duplicate_address_detection == ADDRESS_FAMILY_IPV4 && address->family == AF_INET6) + log_warning("%s: DuplicateAddressDetection=ipv4 is specified for IPv6 address, ignoring.", + address->section->filename); + if (address->family == AF_INET6 && !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV6)) address->flags |= IFA_F_NODAD; - if (address->family == AF_INET && in4_addr_is_link_local(&address->in_addr.in) && - !FLAGS_SET(address->duplicate_address_detection, ADDRESS_FAMILY_IPV4)) { - log_debug("%s: An IPv4 link-local address is specified, enabling IPv4 Address Conflict Detection (ACD).", - address->section->filename); - address->duplicate_address_detection |= ADDRESS_FAMILY_IPV4; - } - return 0; } diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h index 41c4ce6fa4d..99c35f5512e 100644 --- a/src/network/networkd-address.h +++ b/src/network/networkd-address.h @@ -47,6 +47,9 @@ struct Address { bool scope_set:1; bool ip_masquerade_done:1; + + /* duplicate_address_detection is only used by static or IPv4 dynamic addresses. + * To control DAD for IPv6 dynamic addresses, set IFA_F_NODAD to flags. */ AddressFamily duplicate_address_detection; sd_ipv4acd *acd; From e74e1dc8cc339ee7bd6bc5c5a329f75ac5cf4821 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 24 Feb 2022 08:20:44 +0900 Subject: [PATCH 399/703] network: create stacked netdevs after the underlying link is activated Otherwise, the activation policy for the netdevs are ignored. Fixes #22593. (cherry picked from commit 047b9991a4d0d93d0dfe3d144410c619a8b74699) --- src/network/netdev/netdev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c index 8e7fe11c182..b46b9ecc909 100644 --- a/src/network/netdev/netdev.c +++ b/src/network/netdev/netdev.c @@ -628,6 +628,11 @@ static bool netdev_is_ready_to_create(NetDev *netdev, Link *link) { if (link->set_link_messages > 0) return false; + /* If stacked netdevs are created before the underlying interface being activated, then + * the activation policy for the netdevs are ignored. See issue #22593. */ + if (!link->activated) + return false; + return true; } From 8f46abbd8e66507596301fe46dc9c848cad918c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Apr 2022 11:51:52 +0200 Subject: [PATCH 400/703] Move systemd_installation_has_version() to src/nspawn/ This function implements a heuristic that is only used by nspawn. It doesn't belong in basic. I opted for a new file "nspawn-utils.c", because it seems likely that we'll need some other new utilities like that in the future. No functional change. (cherry picked from commit c9394f4f93b9a6baa54f9d1c953035f26dcee253) --- src/basic/path-util.c | 71 ------------------------------- src/basic/path-util.h | 2 - src/nspawn/meson.build | 7 ++++ src/nspawn/nspawn-util.c | 79 +++++++++++++++++++++++++++++++++++ src/nspawn/nspawn-util.h | 4 ++ src/nspawn/nspawn.c | 2 +- src/nspawn/test-nspawn-util.c | 19 +++++++++ src/test/test-path-util.c | 15 ------- 8 files changed, 110 insertions(+), 89 deletions(-) create mode 100644 src/nspawn/nspawn-util.c create mode 100644 src/nspawn/nspawn-util.h create mode 100644 src/nspawn/test-nspawn-util.c diff --git a/src/basic/path-util.c b/src/basic/path-util.c index 4c952d863ca..fe28d8aeb7c 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -17,11 +17,8 @@ #include "extract-word.h" #include "fd-util.h" #include "fs-util.h" -#include "glob-util.h" #include "log.h" #include "macro.h" -#include "nulstr-util.h" -#include "parse-util.h" #include "path-util.h" #include "stat-util.h" #include "string-util.h" @@ -1318,74 +1315,6 @@ bool valid_device_allow_pattern(const char *path) { return valid_device_node_path(path); } -int systemd_installation_has_version(const char *root, unsigned minimal_version) { - const char *pattern; - int r; - - /* Try to guess if systemd installation is later than the specified version. This - * is hacky and likely to yield false negatives, particularly if the installation - * is non-standard. False positives should be relatively rare. - */ - - NULSTR_FOREACH(pattern, - /* /lib works for systems without usr-merge, and for systems with a sane - * usr-merge, where /lib is a symlink to /usr/lib. /usr/lib is necessary - * for Gentoo which does a merge without making /lib a symlink. - */ - "lib/systemd/libsystemd-shared-*.so\0" - "lib64/systemd/libsystemd-shared-*.so\0" - "usr/lib/systemd/libsystemd-shared-*.so\0" - "usr/lib64/systemd/libsystemd-shared-*.so\0") { - - _cleanup_strv_free_ char **names = NULL; - _cleanup_free_ char *path = NULL; - char *c, **name; - - path = path_join(root, pattern); - if (!path) - return -ENOMEM; - - r = glob_extend(&names, path, 0); - if (r == -ENOENT) - continue; - if (r < 0) - return r; - - assert_se(c = endswith(path, "*.so")); - *c = '\0'; /* truncate the glob part */ - - STRV_FOREACH(name, names) { - /* This is most likely to run only once, hence let's not optimize anything. */ - char *t, *t2; - unsigned version; - - t = startswith(*name, path); - if (!t) - continue; - - t2 = endswith(t, ".so"); - if (!t2) - continue; - - t2[0] = '\0'; /* truncate the suffix */ - - r = safe_atou(t, &version); - if (r < 0) { - log_debug_errno(r, "Found libsystemd shared at \"%s.so\", but failed to parse version: %m", *name); - continue; - } - - log_debug("Found libsystemd shared at \"%s.so\", version %u (%s).", - *name, version, - version >= minimal_version ? "OK" : "too old"); - if (version >= minimal_version) - return true; - } - } - - return false; -} - bool dot_or_dot_dot(const char *path) { if (!path) return false; diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 518f3340bf2..2f55b3abb16 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -181,8 +181,6 @@ bool is_device_path(const char *path); bool valid_device_node_path(const char *path); bool valid_device_allow_pattern(const char *path); -int systemd_installation_has_version(const char *root, unsigned minimal_version); - bool dot_or_dot_dot(const char *path); static inline const char *skip_dev_prefix(const char *p) { diff --git a/src/nspawn/meson.build b/src/nspawn/meson.build index dba8239a410..0c5db90b465 100644 --- a/src/nspawn/meson.build +++ b/src/nspawn/meson.build @@ -28,6 +28,8 @@ libnspawn_core_sources = files( 'nspawn-setuid.h', 'nspawn-stub-pid1.c', 'nspawn-stub-pid1.h', + 'nspawn-util.c', + 'nspawn-util.h', 'nspawn.h', ) @@ -58,6 +60,11 @@ tests += [ libshared], [libseccomp]], + [['src/nspawn/test-nspawn-util.c'], + [libnspawn_core, + libshared], + [libseccomp]], + [['src/nspawn/test-patch-uid.c'], [libnspawn_core, libshared], diff --git a/src/nspawn/nspawn-util.c b/src/nspawn/nspawn-util.c new file mode 100644 index 00000000000..39d7b733e6f --- /dev/null +++ b/src/nspawn/nspawn-util.c @@ -0,0 +1,79 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "alloc-util.h" +#include "glob-util.h" +#include "log.h" +#include "nspawn-util.h" +#include "nulstr-util.h" +#include "parse-util.h" +#include "path-util.h" +#include "string-util.h" + +int systemd_installation_has_version(const char *root, unsigned minimal_version) { + const char *pattern; + int r; + + /* Try to guess if systemd installation is later than the specified version. This + * is hacky and likely to yield false negatives, particularly if the installation + * is non-standard. False positives should be relatively rare. + */ + + NULSTR_FOREACH(pattern, + /* /lib works for systems without usr-merge, and for systems with a sane + * usr-merge, where /lib is a symlink to /usr/lib. /usr/lib is necessary + * for Gentoo which does a merge without making /lib a symlink. + */ + "lib/systemd/libsystemd-shared-*.so\0" + "lib64/systemd/libsystemd-shared-*.so\0" + "usr/lib/systemd/libsystemd-shared-*.so\0" + "usr/lib64/systemd/libsystemd-shared-*.so\0") { + + _cleanup_strv_free_ char **names = NULL; + _cleanup_free_ char *path = NULL; + char **name; + char *c; + + path = path_join(root, pattern); + if (!path) + return -ENOMEM; + + r = glob_extend(&names, path, 0); + if (r == -ENOENT) + continue; + if (r < 0) + return r; + + assert_se(c = endswith(path, "*.so")); + *c = '\0'; /* truncate the glob part */ + + STRV_FOREACH(name, names) { + /* This is most likely to run only once, hence let's not optimize anything. */ + char *t, *t2; + unsigned version; + + t = startswith(*name, path); + if (!t) + continue; + + t2 = endswith(t, ".so"); + if (!t2) + continue; + + t2[0] = '\0'; /* truncate the suffix */ + + r = safe_atou(t, &version); + if (r < 0) { + log_debug_errno(r, "Found libsystemd shared at \"%s.so\", but failed to parse version: %m", *name); + continue; + } + + log_debug("Found libsystemd shared at \"%s.so\", version %u (%s).", + *name, version, + version >= minimal_version ? "OK" : "too old"); + if (version >= minimal_version) + return true; + } + } + + return false; +} diff --git a/src/nspawn/nspawn-util.h b/src/nspawn/nspawn-util.h new file mode 100644 index 00000000000..1e90862c9d0 --- /dev/null +++ b/src/nspawn/nspawn-util.h @@ -0,0 +1,4 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +int systemd_installation_has_version(const char *root, unsigned minimal_version); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index a2af4948c04..23bc4d6325d 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -78,13 +78,13 @@ #include "nspawn-settings.h" #include "nspawn-setuid.h" #include "nspawn-stub-pid1.h" +#include "nspawn-util.h" #include "nspawn.h" #include "nulstr-util.h" #include "os-util.h" #include "pager.h" #include "parse-argument.h" #include "parse-util.h" -#include "path-util.h" #include "pretty-print.h" #include "process-util.h" #include "ptyfwd.h" diff --git a/src/nspawn/test-nspawn-util.c b/src/nspawn/test-nspawn-util.c new file mode 100644 index 00000000000..7d55db89340 --- /dev/null +++ b/src/nspawn/test-nspawn-util.c @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "nspawn-util.h" +#include "string-util.h" +#include "tests.h" + +TEST(systemd_installation_has_version) { + static const unsigned versions[] = {0, 231, PROJECT_VERSION, 999}; + int r; + + for (size_t i = 0; i < ELEMENTSOF(versions); i++) { + r = systemd_installation_has_version(saved_argv[1], versions[i]); + assert_se(r >= 0); + log_info("%s has systemd >= %u: %s", + saved_argv[1] ?: "Current installation", versions[i], yes_no(r)); + } +} + +DEFINE_TEST_MAIN(LOG_DEBUG); diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c index b9c4ef41267..37cb53df448 100644 --- a/src/test/test-path-util.c +++ b/src/test/test-path-util.c @@ -961,21 +961,6 @@ TEST(hidden_or_backup_file) { assert_se(!hidden_or_backup_file("test.dpkg-old.foo")); } -TEST(systemd_installation_has_version) { - int r; - const unsigned versions[] = {0, 231, PROJECT_VERSION, 999}; - unsigned i; - - log_info("/* %s */", __func__); - - for (i = 0; i < ELEMENTSOF(versions); i++) { - r = systemd_installation_has_version(saved_argv[1], versions[i]); - assert_se(r >= 0); - log_info("%s has systemd >= %u: %s", - saved_argv[1] ?: "Current installation", versions[i], yes_no(r)); - } -} - TEST(skip_dev_prefix) { assert_se(streq(skip_dev_prefix("/"), "/")); assert_se(streq(skip_dev_prefix("/dev"), "")); From 88631ec5449a805e30cd75cec3526f6b05f91621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Apr 2022 12:15:04 +0200 Subject: [PATCH 401/703] nspawn: fix comparisons of versions with non-numerical suffixes See a2b0cd3f5ab3f450e74e2085ad20372a05451c74. When -Dshared-lib-tag is used, libsystemd-shared.so and libsystemd-core.so get a suffix which breaks the parsing done by systemd_installation_has_version(). We can assume that the tag will be something like "251-rc1-1.fc37" that is currently used in Fedora. (Anything that does *not* start with the version would be completely crazy.) By switching to strverscmp_improved() we simplify the code and fix comparisons with such versions. $ build/test-nspawn-util /var/lib/machines/rawhide ... Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251-rc1-1.fc37 (OK). /var/lib/machines/rawhide has systemd >= 251: yes ... I noticed this when I started a systemd-nspawn container with Redora rawhide and got the message "Not running with unified cgroup hierarchy, LSM BPF is not supported". I thought the message is in error, but it was actually correct: nspawn was misdetecting that the container does not sport new-enough systemd to support cgroups-v2. (cherry picked from commit 7e6821ed4e09d68c45858ba463a013eb7593c2c6) --- src/nspawn/nspawn-util.c | 21 +++++++-------------- src/nspawn/nspawn-util.h | 2 +- src/nspawn/nspawn.c | 4 ++-- src/nspawn/test-nspawn-util.c | 11 ++++++----- 4 files changed, 16 insertions(+), 22 deletions(-) diff --git a/src/nspawn/nspawn-util.c b/src/nspawn/nspawn-util.c index 39d7b733e6f..6db6ba3b09f 100644 --- a/src/nspawn/nspawn-util.c +++ b/src/nspawn/nspawn-util.c @@ -9,7 +9,7 @@ #include "path-util.h" #include "string-util.h" -int systemd_installation_has_version(const char *root, unsigned minimal_version) { +int systemd_installation_has_version(const char *root, const char *minimal_version) { const char *pattern; int r; @@ -49,7 +49,6 @@ int systemd_installation_has_version(const char *root, unsigned minimal_version) STRV_FOREACH(name, names) { /* This is most likely to run only once, hence let's not optimize anything. */ char *t, *t2; - unsigned version; t = startswith(*name, path); if (!t) @@ -58,19 +57,13 @@ int systemd_installation_has_version(const char *root, unsigned minimal_version) t2 = endswith(t, ".so"); if (!t2) continue; + *t2 = '\0'; - t2[0] = '\0'; /* truncate the suffix */ - - r = safe_atou(t, &version); - if (r < 0) { - log_debug_errno(r, "Found libsystemd shared at \"%s.so\", but failed to parse version: %m", *name); - continue; - } - - log_debug("Found libsystemd shared at \"%s.so\", version %u (%s).", - *name, version, - version >= minimal_version ? "OK" : "too old"); - if (version >= minimal_version) + r = strverscmp_improved(t, minimal_version); + log_debug("Found libsystemd shared at \"%s.so\", version %s (%s).", + *name, t, + r >= 0 ? "OK" : "too old"); + if (r >= 0) return true; } } diff --git a/src/nspawn/nspawn-util.h b/src/nspawn/nspawn-util.h index 1e90862c9d0..e83cd564dad 100644 --- a/src/nspawn/nspawn-util.h +++ b/src/nspawn/nspawn-util.h @@ -1,4 +1,4 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -int systemd_installation_has_version(const char *root, unsigned minimal_version); +int systemd_installation_has_version(const char *root, const char *minimal_version); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 23bc4d6325d..8ee41bf8700 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -511,7 +511,7 @@ static int detect_unified_cgroup_hierarchy_from_image(const char *directory) { if (r > 0) { /* Unified cgroup hierarchy support was added in 230. Unfortunately the detection * routine only detects 231, so we'll have a false negative here for 230. */ - r = systemd_installation_has_version(directory, 230); + r = systemd_installation_has_version(directory, "230"); if (r < 0) return log_error_errno(r, "Failed to determine systemd version in container: %m"); if (r > 0) @@ -520,7 +520,7 @@ static int detect_unified_cgroup_hierarchy_from_image(const char *directory) { arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_NONE; } else if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0) { /* Mixed cgroup hierarchy support was added in 233 */ - r = systemd_installation_has_version(directory, 233); + r = systemd_installation_has_version(directory, "233"); if (r < 0) return log_error_errno(r, "Failed to determine systemd version in container: %m"); if (r > 0) diff --git a/src/nspawn/test-nspawn-util.c b/src/nspawn/test-nspawn-util.c index 7d55db89340..b13c2bba2b1 100644 --- a/src/nspawn/test-nspawn-util.c +++ b/src/nspawn/test-nspawn-util.c @@ -2,17 +2,18 @@ #include "nspawn-util.h" #include "string-util.h" +#include "strv.h" #include "tests.h" TEST(systemd_installation_has_version) { - static const unsigned versions[] = {0, 231, PROJECT_VERSION, 999}; + const char *version; int r; - for (size_t i = 0; i < ELEMENTSOF(versions); i++) { - r = systemd_installation_has_version(saved_argv[1], versions[i]); + FOREACH_STRING(version, "0", "231", STRINGIFY(PROJECT_VERSION), "999") { + r = systemd_installation_has_version(saved_argv[1], version); assert_se(r >= 0); - log_info("%s has systemd >= %u: %s", - saved_argv[1] ?: "Current installation", versions[i], yes_no(r)); + log_info("%s has systemd >= %s: %s", + saved_argv[1] ?: "Current installation", version, yes_no(r)); } } From 947ddf732abbe8a16269aa9c8e5aa36190537f7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 7 Apr 2022 12:33:25 +0200 Subject: [PATCH 402/703] test-nspawn-util: fix the test to actually find anything MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We would use a relative path, looking for globs like 'lib/systemd/libsystemd-shared-*.so' under the build directory, and never find anything. The test was supposed to find library in the current installation. But we cannot assume that the right library is installed, so the test only printed the result for manual inspection. Thus nobody noticed when it broke. I think it broke in c6134d3e2f1d1d17b32b6e06556cd0c5429bc78a, path-util: get rid of prefix_root(). But that commit doesn't compile because of changes in meson, so this is just a guess. Before: /* test_systemd_installation_has_version */ Current installation has systemd >= 0: no Current installation has systemd >= 231: no Current installation has systemd >= 249: no Current installation has systemd >= 999: no With the fix: $ build/test-nspawn-util /* test_systemd_installation_has_version */ Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (OK). Current installation has systemd >= 0: yes Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (OK). Current installation has systemd >= 231: yes Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old). Found libsystemd shared at "/lib/systemd/libsystemd-shared-251.so.so", version 251 (OK). Current installation has systemd >= 251: yes Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old). Found libsystemd shared at "/lib/systemd/libsystemd-shared-251.so.so", version 251 (too old). Found libsystemd shared at "/lib/systemd/libsystemd-shared-250.so.so", version 250 (too old). Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old). Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-251.so.so", version 251 (too old). Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-250.so.so", version 250 (too old). Current installation has systemd >= 999: no $ build/test-nspawn-util /var/lib/machines/rawhide /* test_systemd_installation_has_version */ /* test_systemd_installation_has_version */ Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK). /var/lib/machines/rawhide has systemd >= 0: yes Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK). /var/lib/machines/rawhide has systemd >= 231: yes Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK). /var/lib/machines/rawhide has systemd >= 251: yes Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (too old). Found libsystemd shared at "/var/lib/machines/rawhide/usr/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (too old). /var/lib/machines/rawhide has systemd >= 999: no While at it, NULSTR_FOREACH → FOREACH_STRING. (cherry picked from commit 0643001c2838d244a8698ea782414115034804bc) --- src/nspawn/nspawn-util.c | 11 +++++------ src/nspawn/test-nspawn-util.c | 3 +++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/nspawn/nspawn-util.c b/src/nspawn/nspawn-util.c index 6db6ba3b09f..06e6cee10da 100644 --- a/src/nspawn/nspawn-util.c +++ b/src/nspawn/nspawn-util.c @@ -4,7 +4,6 @@ #include "glob-util.h" #include "log.h" #include "nspawn-util.h" -#include "nulstr-util.h" #include "parse-util.h" #include "path-util.h" #include "string-util.h" @@ -18,15 +17,15 @@ int systemd_installation_has_version(const char *root, const char *minimal_versi * is non-standard. False positives should be relatively rare. */ - NULSTR_FOREACH(pattern, + FOREACH_STRING(pattern, /* /lib works for systems without usr-merge, and for systems with a sane * usr-merge, where /lib is a symlink to /usr/lib. /usr/lib is necessary * for Gentoo which does a merge without making /lib a symlink. */ - "lib/systemd/libsystemd-shared-*.so\0" - "lib64/systemd/libsystemd-shared-*.so\0" - "usr/lib/systemd/libsystemd-shared-*.so\0" - "usr/lib64/systemd/libsystemd-shared-*.so\0") { + "/lib/systemd/libsystemd-shared-*.so", + "/lib64/systemd/libsystemd-shared-*.so", + "/usr/lib/systemd/libsystemd-shared-*.so", + "/usr/lib64/systemd/libsystemd-shared-*.so") { _cleanup_strv_free_ char **names = NULL; _cleanup_free_ char *path = NULL; diff --git a/src/nspawn/test-nspawn-util.c b/src/nspawn/test-nspawn-util.c index b13c2bba2b1..687f7de5ab2 100644 --- a/src/nspawn/test-nspawn-util.c +++ b/src/nspawn/test-nspawn-util.c @@ -17,4 +17,7 @@ TEST(systemd_installation_has_version) { } } +/* This program can be called with a path to an installation root. + * For example: build/test-nspawn-util /var/lib/machines/rawhide + */ DEFINE_TEST_MAIN(LOG_DEBUG); From 51c18be68d86d05c3ee8848689f68d7c04adc97d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 11 Jun 2022 05:51:03 +0900 Subject: [PATCH 403/703] dns-domain: make each label nul-terminated dns_label_unescape() does not nul-terminate the buffer if it does not have enough space. Hence, if a lable is enough long, then strjoin() triggers buffer-overflow. Fixes #23705. (cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a) (cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321) --- src/shared/dns-domain.c | 2 +- src/test/test-dns-domain.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c index f54b187a1b9..5e0d9214878 100644 --- a/src/shared/dns-domain.c +++ b/src/shared/dns-domain.c @@ -1035,7 +1035,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) { int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) { _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; const char *p = joined, *q = NULL, *d = NULL; - char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX]; + char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1]; int an, bn, cn, r; unsigned x = 0; diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c index a6e0c8501e8..cec38902e96 100644 --- a/src/test/test-dns-domain.c +++ b/src/test/test-dns-domain.c @@ -540,6 +540,7 @@ TEST(dns_service_split) { test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0); test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0); test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0); + test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0); } static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) { From f2b1c270bcf2471332f9e39be0b84b5fc3facd1c Mon Sep 17 00:00:00 2001 From: Jan Luebbe Date: Mon, 13 Jun 2022 16:40:18 +0200 Subject: [PATCH 404/703] hwdb: analyzers: remove generic "STM Device in DFU Mode" The USB ID v0483pDF11 is used by the ROM code in many STMicroelectronics devices (for firmware download) and not just signal analyzers. (cherry picked from commit 5d049ff9204b9aad48c62c296def4daa4b53005e) (cherry picked from commit adcd34515687e7e150d71d2ee45da74208d26f2f) --- hwdb.d/70-analyzers.hwdb | 1 - 1 file changed, 1 deletion(-) diff --git a/hwdb.d/70-analyzers.hwdb b/hwdb.d/70-analyzers.hwdb index 899ece3a012..0a1911507a2 100644 --- a/hwdb.d/70-analyzers.hwdb +++ b/hwdb.d/70-analyzers.hwdb @@ -29,7 +29,6 @@ usb:v1679p3001* # Power Delivery Analyzers usb:v1679p6003* -usb:v0483pDF11* ID_SIGNAL_ANALYZER=1 ########################################################### From 6bd461a55ed5275d8325265f56149251d86339cb Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Tue, 14 Jun 2022 10:28:37 +0530 Subject: [PATCH 405/703] sd-journal: check retval of sd_id128_from_string call Fixes: CID#1469712 CID 1469712 (#1 of 1): Unused value (UNUSED_VALUE) returned_value: Assigning value from sd_id128_from_string(word + 2, &boot_id) to r here, but that stored value is overwritten before it can be used. (cherry picked from commit c9f5ac0917409cd9eb3d55b72c2443d9b5374709) (cherry picked from commit 73a327d2f4cca00bdca61ee4f1103ad120b74368) --- src/libsystemd/sd-journal/sd-journal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c index 7a6cc4aca35..fa022cffcc2 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -989,6 +989,8 @@ _public_ int sd_journal_seek_cursor(sd_journal *j, const char *cursor) { case 'b': boot_id_set = true; r = sd_id128_from_string(word + 2, &boot_id); + if (r < 0) + return r; break; case 'm': From 074e76f21120d358f46d1d2d15939184515629aa Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 15 Jun 2022 22:32:40 +0900 Subject: [PATCH 406/703] nspawn: fix UID map string We send/recv the set of payload uid, host uid, payload gid, host gid. Hence, the index must be incremented with 4, instead of 2. Fixes #23664. (cherry picked from commit 05ab439a62de8bb47e4137d2a8a473a307ccfb33) (cherry picked from commit 20037219b702dd34b9b34050bf64030d4f93db98) --- src/nspawn/nspawn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 8ee41bf8700..717bdff6da6 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4125,8 +4125,8 @@ static int make_uid_map_string( * quadruplet, consisting of host and container UID + GID. */ for (size_t i = 0; i < n_bind_user_uid; i++) { - uid_t payload_uid = bind_user_uid[i*2+offset], - host_uid = bind_user_uid[i*2+offset+1]; + uid_t payload_uid = bind_user_uid[i*4+offset], + host_uid = bind_user_uid[i*4+offset+1]; assert(previous_uid <= payload_uid); assert(payload_uid < arg_uid_range); From 89c1fccb1edfe5bfc968c20d7af8e40264ef6b3d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 16 Jun 2022 01:20:20 +0900 Subject: [PATCH 407/703] set: introduce set_put_strndup() Note, if `n != SIZE_MAX`, we cannot check the existence of the specified string in the set without duplicating the string. And, set_consume() also checks the existence of the string. Hence, it is not necessary to call set_contains() if `n != SIZE_MAX`. (cherry picked from commit cb649d12bf3283974305c98ecf51e4bf7596a8bf) (cherry picked from commit a64c080ccf0e854c005798870783f3f02a3d843c) --- src/basic/hashmap.c | 13 ++++++++----- src/basic/set.h | 9 ++++++--- src/test/test-set.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+), 8 deletions(-) diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c index b51d70bc879..dee50299142 100644 --- a/src/basic/hashmap.c +++ b/src/basic/hashmap.c @@ -1841,7 +1841,7 @@ int _hashmap_put_strdup_full(Hashmap **h, const struct hash_ops *hash_ops, const return r; } -int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p HASHMAP_DEBUG_PARAMS) { +int _set_put_strndup_full(Set **s, const struct hash_ops *hash_ops, const char *p, size_t n HASHMAP_DEBUG_PARAMS) { char *c; int r; @@ -1852,10 +1852,13 @@ int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p if (r < 0) return r; - if (set_contains(*s, (char*) p)) - return 0; + if (n == SIZE_MAX) { + if (set_contains(*s, (char*) p)) + return 0; - c = strdup(p); + c = strdup(p); + } else + c = strndup(p, n); if (!c) return -ENOMEM; @@ -1869,7 +1872,7 @@ int _set_put_strdupv_full(Set **s, const struct hash_ops *hash_ops, char **l HA assert(s); STRV_FOREACH(i, l) { - r = _set_put_strdup_full(s, hash_ops, *i HASHMAP_DEBUG_PASS_ARGS); + r = _set_put_strndup_full(s, hash_ops, *i, SIZE_MAX HASHMAP_DEBUG_PASS_ARGS); if (r < 0) return r; diff --git a/src/basic/set.h b/src/basic/set.h index 5cae13160bc..c3d91cfee86 100644 --- a/src/basic/set.h +++ b/src/basic/set.h @@ -127,9 +127,12 @@ int _set_ensure_consume(Set **s, const struct hash_ops *hash_ops, void *key HAS int set_consume(Set *s, void *value); -int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p HASHMAP_DEBUG_PARAMS); -#define set_put_strdup_full(s, hash_ops, p) _set_put_strdup_full(s, hash_ops, p HASHMAP_DEBUG_SRC_ARGS) -#define set_put_strdup(s, p) set_put_strdup_full(s, &string_hash_ops_free, p) +int _set_put_strndup_full(Set **s, const struct hash_ops *hash_ops, const char *p, size_t n HASHMAP_DEBUG_PARAMS); +#define set_put_strndup_full(s, hash_ops, p, n) _set_put_strndup_full(s, hash_ops, p, n HASHMAP_DEBUG_SRC_ARGS) +#define set_put_strdup_full(s, hash_ops, p) set_put_strndup_full(s, hash_ops, p, SIZE_MAX) +#define set_put_strndup(s, p, n) set_put_strndup_full(s, &string_hash_ops_free, p, n) +#define set_put_strdup(s, p) set_put_strndup(s, p, SIZE_MAX) + int _set_put_strdupv_full(Set **s, const struct hash_ops *hash_ops, char **l HASHMAP_DEBUG_PARAMS); #define set_put_strdupv_full(s, hash_ops, l) _set_put_strdupv_full(s, hash_ops, l HASHMAP_DEBUG_SRC_ARGS) #define set_put_strdupv(s, l) set_put_strdupv_full(s, &string_hash_ops_free, l) diff --git a/src/test/test-set.c b/src/test/test-set.c index 4dd98ef4f8d..6d55dd50e3b 100644 --- a/src/test/test-set.c +++ b/src/test/test-set.c @@ -90,6 +90,27 @@ TEST(set_put) { assert_se(strv_length(t) == 3); } +TEST(set_put_strndup) { + _cleanup_set_free_ Set *m = NULL; + + assert_se(set_put_strndup(&m, "12345", 0) == 1); + assert_se(set_put_strndup(&m, "12345", 1) == 1); + assert_se(set_put_strndup(&m, "12345", 2) == 1); + assert_se(set_put_strndup(&m, "12345", 3) == 1); + assert_se(set_put_strndup(&m, "12345", 4) == 1); + assert_se(set_put_strndup(&m, "12345", 5) == 1); + assert_se(set_put_strndup(&m, "12345", 6) == 0); + + assert_se(set_contains(m, "")); + assert_se(set_contains(m, "1")); + assert_se(set_contains(m, "12")); + assert_se(set_contains(m, "123")); + assert_se(set_contains(m, "1234")); + assert_se(set_contains(m, "12345")); + + assert_se(set_size(m) == 6); +} + TEST(set_put_strdup) { _cleanup_set_free_ Set *m = NULL; @@ -98,6 +119,10 @@ TEST(set_put_strdup) { assert_se(set_put_strdup(&m, "bbb") == 1); assert_se(set_put_strdup(&m, "bbb") == 0); assert_se(set_put_strdup(&m, "aaa") == 0); + + assert_se(set_contains(m, "aaa")); + assert_se(set_contains(m, "bbb")); + assert_se(set_size(m) == 2); } @@ -106,6 +131,11 @@ TEST(set_put_strdupv) { assert_se(set_put_strdupv(&m, STRV_MAKE("aaa", "aaa", "bbb", "bbb", "aaa")) == 2); assert_se(set_put_strdupv(&m, STRV_MAKE("aaa", "aaa", "bbb", "bbb", "ccc")) == 1); + + assert_se(set_contains(m, "aaa")); + assert_se(set_contains(m, "bbb")); + assert_se(set_contains(m, "ccc")); + assert_se(set_size(m) == 3); } From c96ff736c67da99898efd6c2ac1965890237e4be Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 16 Jun 2022 01:23:20 +0900 Subject: [PATCH 408/703] analyze-security: always save syscall name This reverts dd51e725df9aec2847482131ef601e0215b371a0 and fixes bugs introduced by 1624114d74f55ad9791b7624b08d89d2339a68b3. Previously, - On online scan, the syscall filter was a string Hashmap, but it might contain syscall name with errno or error action. Hence, we need to drop the errno or error action in the string. - On offline scan, the syscall filter was a Hashmap of syscall ID, so hashmap_contains() with syscall name did not work. We need to convert syscall IDs to syscall names. - If hashmap_contains() in syscall_names_in_filter() is true, then the syscall is allowed when the list is an allow-list, and vice versa. Hence, the condition in syscall_names_in_filter() was errnously inverted by dd51e725df9aec2847482131ef601e0215b371a0. This makes syscalls are always stored with its name, instead of ID, and also correct the condition. Fixes #23663. (cherry picked from commit 5862e5561c9bbe87ad201e8d6b2ce2d0f04e7c37) (cherry picked from commit 20a265b4160c5c0bbfeed2a9e8a1ca0b41f8edc3) --- src/analyze/analyze-security.c | 39 +++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 12d11b5cd8d..6c5b3b373a4 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -102,7 +102,7 @@ typedef struct SecurityInfo { Set *system_call_architectures; bool system_call_filter_allow_list; - Hashmap *system_call_filter; + Set *system_call_filter; mode_t _umask; } SecurityInfo; @@ -168,8 +168,7 @@ static SecurityInfo *security_info_free(SecurityInfo *i) { strv_free(i->supplementary_groups); set_free(i->system_call_architectures); - - hashmap_free(i->system_call_filter); + set_free(i->system_call_filter); return mfree(i); } @@ -563,12 +562,10 @@ static int assess_system_call_architectures( return 0; } -static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) { +static bool syscall_names_in_filter(Set *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) { const char *syscall; NULSTR_FOREACH(syscall, f->value) { - int id; - if (syscall[0] == '@') { const SyscallFilterSet *g; @@ -580,11 +577,10 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi } /* Let's see if the system call actually exists on this platform, before complaining */ - id = seccomp_syscall_resolve_name(syscall); - if (id < 0) + if (seccomp_syscall_resolve_name(syscall) < 0) continue; - if (hashmap_contains(s, syscall) != allow_list) { + if (set_contains(s, syscall) == allow_list) { log_debug("Offending syscall filter item: %s", syscall); if (ret_offending_syscall) *ret_offending_syscall = syscall; @@ -615,7 +611,7 @@ static int assess_system_call_filter( uint64_t b; int r; - if (!info->system_call_filter_allow_list && hashmap_isempty(info->system_call_filter)) { + if (!info->system_call_filter_allow_list && set_isempty(info->system_call_filter)) { r = free_and_strdup(&d, "Service does not filter system calls"); b = 10; } else { @@ -2129,9 +2125,8 @@ static int property_read_system_call_filter( if (r == 0) break; - /* The actual ExecContext stores the system call id as the map value, which we don't - * need. So we assign NULL to all values here. */ - r = hashmap_put_strdup(&info->system_call_filter, name, NULL); + /* ignore errno or action after colon */ + r = set_put_strndup(&info->system_call_filter, name, strchrnul(name, ':') - name); if (r < 0) return r; } @@ -2580,14 +2575,24 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security if (set_put_strdup(&info->system_call_architectures, name) < 0) return log_oom(); } -#endif info->system_call_filter_allow_list = c->syscall_allow_list; - if (c->syscall_filter) { - info->system_call_filter = hashmap_copy(c->syscall_filter); - if (!info->system_call_filter) + + void *id, *num; + HASHMAP_FOREACH_KEY(num, id, c->syscall_filter) { + _cleanup_free_ char *name = NULL; + + if (info->system_call_filter_allow_list && PTR_TO_INT(num) >= 0) + continue; + + name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1); + if (!name) + continue; + + if (set_ensure_consume(&info->system_call_filter, &string_hash_ops_free, TAKE_PTR(name)) < 0) return log_oom(); } +#endif } if (g) { From ba1d285ed0f9c8a07b9739431d153289217d0678 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 16 Jun 2022 03:18:44 +0900 Subject: [PATCH 409/703] seccomp-util: make @known include @obsolete @known is generated from syscall-list.txt, which generated from kernel headers. So, some syscalls in @obsolete may not be listed in syscall-list.txt. (cherry picked from commit 6d6a08547c03f96dc798cda1ef4a8d3013d292d5) (cherry picked from commit 996979f5137d3a890acec39f427019721a4add1d) --- src/shared/seccomp-util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index bb91e4447a6..6cf47d2e586 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -925,6 +925,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .name = "@known", .help = "All known syscalls declared in the kernel", .value = + "@obsolete\0" #include "syscall-list.h" }, }; From 39a47af2e505ecbf7a892a0ab23234eea37e758f Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde Date: Fri, 17 Jun 2022 19:10:51 +0200 Subject: [PATCH 410/703] networkctl: fix output of "status": replace "Queue Length" by "Number of Queues" Commit 0307afc681e1 ("networkctl: add support to display Transmit/Recieve queue length (#12633)") added the display of the number of RX and TX Queues to the output of `networkctl status $DEV`. However the row description says "Queue Length". This patch fixes the output by replacing "Queue Length" by "Number of Queues". Fixes: 0307afc681e1 ("networkctl: add support to display Transmit/Recieve queue length (#12633)") (cherry picked from commit 25ed7633b1d231acf61246bbdca29faa80d7f00f) (cherry picked from commit 16b8ae51b0eca798ad595f84de0dd4f392eff0ea) --- src/network/networkctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network/networkctl.c b/src/network/networkctl.c index d5bedda409e..46f195f56c5 100644 --- a/src/network/networkctl.c +++ b/src/network/networkctl.c @@ -2132,7 +2132,7 @@ static int link_status_one( if (info->has_tx_queues || info->has_rx_queues) { r = table_add_many(table, TABLE_EMPTY, - TABLE_STRING, "Queue Length (Tx/Rx):"); + TABLE_STRING, "Number of Queues (Tx/Rx):"); if (r < 0) return table_log_add_error(r); r = table_add_cell_stringf(table, NULL, "%" PRIu32 "/%" PRIu32, info->tx_queues, info->rx_queues); From dcd77da1f4afd7805be65b15071c85f20049e266 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 20 Jun 2022 12:27:39 +0200 Subject: [PATCH 411/703] test: use saved process PID instead of %% As the `%%` specifier might fail if the current job (i.e. the last background job) already finished: ``` [ 61.692196] testsuite-04.sh[656]: ++ systemd-id128 new [ 61.705407] testsuite-04.sh[263]: + ID=912cb8f8ef304153a123f772bb0fe9e0 [ 61.706318] testsuite-04.sh[657]: + systemd-cat -t 912cb8f8ef304153a123f772bb0fe9e0 bash -c 'echo parent; (echo child) & wait' [ 61.720940] testsuite-04.sh[263]: + PID=657 [ 61.721126] testsuite-04.sh[263]: + wait %% [ 61.723014] testsuite-04.sh[263]: /usr/lib/systemd/tests/testdata/units/testsuite-04.sh: line 96: wait: %%: no such job ``` (cherry picked from commit 08970485003c25ce2c4adfaeea2d58558d311d42) (cherry picked from commit 9facc51e2f510e58f496d1a7f3714786b4307605) --- test/units/testsuite-04.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/units/testsuite-04.sh b/test/units/testsuite-04.sh index 7521a6d2e5a..b5468cbea40 100755 --- a/test/units/testsuite-04.sh +++ b/test/units/testsuite-04.sh @@ -93,7 +93,7 @@ cmp /expected /output ID=$(systemd-id128 new) systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' & PID=$! -wait %% +wait $PID journalctl --sync # We can drop this grep when https://github.com/systemd/systemd/issues/13937 # has a fix. From ee2ecdff713099f6868279ab3001a3fa5c9f6bdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 20 Jun 2022 15:06:09 +0200 Subject: [PATCH 412/703] pkgconfig,rpm: expose vars for user-tmpfiles.d location Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2098553. (cherry picked from commit 107795a7592084699f68125f3d79c25a0ebca819) (cherry picked from commit a82d8d19161f7dac971738f25a77aa9f188ecc03) --- meson.build | 2 ++ src/core/systemd.pc.in | 2 ++ src/rpm/macros.systemd.in | 1 + 3 files changed, 5 insertions(+) diff --git a/meson.build b/meson.build index c0aad38aa6f..b3e16b9fca5 100644 --- a/meson.build +++ b/meson.build @@ -153,6 +153,7 @@ pkgsysconfdir = sysconfdir / 'systemd' userunitdir = prefixdir / 'lib/systemd/user' userpresetdir = prefixdir / 'lib/systemd/user-preset' tmpfilesdir = prefixdir / 'lib/tmpfiles.d' +usertmpfilesdir = prefixdir / 'share/user-tmpfiles.d' sysusersdir = prefixdir / 'lib/sysusers.d' sysctldir = prefixdir / 'lib/sysctl.d' binfmtdir = prefixdir / 'lib/binfmt.d' @@ -278,6 +279,7 @@ conf.set_quoted('SYSTEM_SYSVINIT_PATH', sysvinit_path) conf.set_quoted('SYSTEM_SYSVRCND_PATH', sysvrcnd_path) conf.set_quoted('SYSUSERS_DIR', sysusersdir) conf.set_quoted('TMPFILES_DIR', tmpfilesdir) +conf.set_quoted('USER_TMPFILES_DIR', usertmpfilesdir) conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in index fc0f8c34fac..693433b34b8 100644 --- a/src/core/systemd.pc.in +++ b/src/core/systemd.pc.in @@ -65,6 +65,8 @@ systemdshutdowndir=${systemd_shutdown_dir} tmpfiles_dir=${prefix}/lib/tmpfiles.d tmpfilesdir=${tmpfiles_dir} +user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d + sysusers_dir=${rootprefix}/lib/sysusers.d sysusersdir=${sysusers_dir} diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in index caa2e455950..8880078b1b3 100644 --- a/src/rpm/macros.systemd.in +++ b/src/rpm/macros.systemd.in @@ -17,6 +17,7 @@ %_sysctldir {{SYSCTL_DIR}} %_sysusersdir {{SYSUSERS_DIR}} %_tmpfilesdir {{TMPFILES_DIR}} +%_user_tmpfilesdir {{USER_TMPFILES_DIR}} %_environmentdir {{ENVIRONMENT_DIR}} %_modulesloaddir {{MODULESLOAD_DIR}} %_modprobedir {{MODPROBE_DIR}} From 6785d1aa74c875a7fbabd2973e3a25c596a620ff Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Tue, 21 Jun 2022 08:23:00 +0200 Subject: [PATCH 413/703] Add sys/file.h for LOCK_ Fixes build with musl: | ../git/src/shared/dissect-image.c: In function 'mount_image_privately_interactively': | ../git/src/shared/dissect-image.c:2986:34: error: 'LOCK_SH' undeclared (first use in this function) | 2986 | r = loop_device_flock(d, LOCK_SH); | | ^~~~~~~ (cherry picked from commit 19df770fe14da601d4e54e1592c11c10ffe4df5a) (cherry picked from commit b7773908142cf158e959302de43dea148a02ebf8) --- src/core/namespace.c | 1 + src/dissect/dissect.c | 1 + src/shared/dissect-image.c | 1 + src/sysext/sysext.c | 1 + src/test/test-loop-block.c | 1 + 5 files changed, 5 insertions(+) diff --git a/src/core/namespace.c b/src/core/namespace.c index 9d53d98a16a..71c1aea3407 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index a9632a3f163..501ba90b242 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index b7302fd8793..df95ae53d44 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -6,6 +6,7 @@ #include #include +#include #include #include #include diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 4245bf1760b..bcee8e38565 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include diff --git a/src/test/test-loop-block.c b/src/test/test-loop-block.c index 1642f82e40d..7597fb19861 100644 --- a/src/test/test-loop-block.c +++ b/src/test/test-loop-block.c @@ -3,6 +3,7 @@ #include #include #include +#include #include "alloc-util.h" #include "dissect-image.h" From 639423416c18c3a41a8f326618e340c25585a40a Mon Sep 17 00:00:00 2001 From: Alban Bedel Date: Wed, 15 Jun 2022 13:12:46 +0200 Subject: [PATCH 414/703] units: remove the restart limit on the modprobe@.service They are various cases where the same module might be repeatedly loaded in a short time frame, for example if a service depending on a module keep restarting, or if many instances of such service get started at the same time. If this happend the modprobe@.service instance will be marked as failed because it hit the restart limit. Overall it doesn't seems to make much sense to have a restart limit on the modprobe service so just disable it. Fixes: #23742 (cherry picked from commit 9625350e5381a68c1179ae4581e7586c206663e1) (cherry picked from commit 8539a62207c9d0cc1656458eb53ffc9177b2c7c8) --- units/modprobe@.service | 1 + 1 file changed, 1 insertion(+) diff --git a/units/modprobe@.service b/units/modprobe@.service index cf8baf60846..85a2c08dee6 100644 --- a/units/modprobe@.service +++ b/units/modprobe@.service @@ -13,6 +13,7 @@ DefaultDependencies=no Before=sysinit.target Documentation=man:modprobe(8) ConditionCapability=CAP_SYS_MODULE +StartLimitIntervalSec=0 [Service] Type=oneshot From a87e130a452ba1fce40e75fe6eddb5fab663089e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 24 Jun 2022 13:49:15 +0900 Subject: [PATCH 415/703] udev: allow to execute longer command line Fixes #23607. (cherry picked from commit c3613ee51e3aff61dfea22501c48d19c20cb7b71) (cherry picked from commit 0c5b7ee3187e96b3522610a7dce980f8c9e1160d) --- src/udev/udev-rules.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c index 1a384d6b384..dd7a7eba47e 100644 --- a/src/udev/udev-rules.c +++ b/src/udev/udev-rules.c @@ -1693,7 +1693,7 @@ static int udev_rule_apply_token_to_event( return token->op == (match ? OP_MATCH : OP_NOMATCH); } case TK_M_PROGRAM: { - char buf[UDEV_PATH_SIZE], result[UDEV_LINE_SIZE]; + char buf[UDEV_LINE_SIZE], result[UDEV_LINE_SIZE]; size_t count; event->program_result = mfree(event->program_result); @@ -1767,7 +1767,7 @@ static int udev_rule_apply_token_to_event( } case TK_M_IMPORT_PROGRAM: { _cleanup_strv_free_ char **lines = NULL; - char buf[UDEV_PATH_SIZE], result[UDEV_LINE_SIZE], **line; + char buf[UDEV_LINE_SIZE], result[UDEV_LINE_SIZE], **line; (void) udev_event_apply_format(event, token->value, buf, sizeof(buf), false); log_rule_debug(dev, rules, "Importing properties from results of '%s'", buf); @@ -1812,7 +1812,7 @@ static int udev_rule_apply_token_to_event( UdevBuiltinCommand cmd = PTR_TO_UDEV_BUILTIN_CMD(token->data); assert(cmd >= 0 && cmd < _UDEV_BUILTIN_MAX); unsigned mask = 1U << (int) cmd; - char buf[UDEV_PATH_SIZE]; + char buf[UDEV_LINE_SIZE]; if (udev_builtin_run_once(cmd)) { /* check if we ran already */ @@ -2202,7 +2202,7 @@ static int udev_rule_apply_token_to_event( case TK_A_RUN_BUILTIN: case TK_A_RUN_PROGRAM: { _cleanup_free_ char *cmd = NULL; - char buf[UDEV_PATH_SIZE]; + char buf[UDEV_LINE_SIZE]; if (event->run_final) break; From 2772e75771ac8964f90a538375a5fced20acd4ef Mon Sep 17 00:00:00 2001 From: Jacek Migacz Date: Sun, 26 Jun 2022 16:22:25 +0200 Subject: [PATCH 416/703] emacs: ignore .dir-locals-2.el (personal customization) versioning (cherry picked from commit 25e17bddec601b97516a071c6ee73060abc8b09c) (cherry picked from commit 596dc75d18b75deec53d0c5026fda41589007c6c) --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b3aba0921b2..8a93986a163 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ __pycache__/ # Ignore any mkosi config files with "local" in the name /mkosi.default.d/**/*local*.conf /tags +.dir-locals-2.el From 29e3dc0dfd0548dfffa2ccbd56b2d4479a81d908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 23 Jun 2022 16:21:18 +0200 Subject: [PATCH 417/703] test-sd-hwdb: adjust the test to actually do anything Without the terminating colon we wouldn't match anything, so the loop over properties was skipped. (cherry picked from commit 6b0485c29a28aa238cfd8ccf123bf6f4ff3507f2) (cherry picked from commit 09e0ccf29327be2c27ed3e7b87e072180dd9d18d) --- src/test/test-sd-hwdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c index 7961c17c4ad..9781b9161bd 100644 --- a/src/test/test-sd-hwdb.c +++ b/src/test/test-sd-hwdb.c @@ -21,7 +21,7 @@ TEST(failed_enumerate) { } #define DELL_MODALIAS \ - "evdev:atkbd:dmi:bvnXXX:bvrYYY:bdZZZ:svnDellXXX:pnYYY" + "evdev:atkbd:dmi:bvnXXX:bvrYYY:bdZZZ:svnDellXXX:pnYYY:" TEST(basic_enumerate) { _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL; From 2e54ed4043b1d52e73715234f6f3e84da03ca4cf Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 26 Jun 2022 06:42:22 +0900 Subject: [PATCH 418/703] sd-event: make sd_event_prepare() return positive when buffered inotify data exists Previously, even if there is buffered inotify data, sd_event_prepare() did not process the data when there is no pending event source. Fixes #23826. (cherry picked from commit 067fc917026fd1fe601de0198c5ea7b3ba782d1e) (cherry picked from commit 632ba5b2f09646152feef0182cc94fe1b05e15ed) --- src/libsystemd/sd-event/sd-event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 426a7807f7b..5e5fec15ff1 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -3880,7 +3880,7 @@ _public_ int sd_event_prepare(sd_event *e) { event_close_inode_data_fds(e); - if (event_next_pending(e) || e->need_process_child) + if (event_next_pending(e) || e->need_process_child || !LIST_IS_EMPTY(e->inotify_data_buffered)) goto pending; e->state = SD_EVENT_ARMED; From a53e5e0e2f574f9943f09a5de0a510620b22798d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 29 Jun 2022 06:17:44 +0900 Subject: [PATCH 419/703] virt: fix detection of Parallels virtualization If Parallels virtualization is detected from DMI, then trust that over CPUID. Fixes issue caused by 28b1a3eac252d471de4fbb6f317353af30d68878. Fixes #23856. (cherry picked from commit 840a49f3dcee9a5243f9a31ede2edaa0a3b89e26) (cherry picked from commit 0c36233a84c0f6c9b46523390960e60a9adae37c) --- src/basic/virt.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/basic/virt.c b/src/basic/virt.c index 284ad952778..f6063e98592 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -432,18 +432,22 @@ int detect_vm(void) { /* We have to use the correct order here: * - * → First, try to detect Oracle Virtualbox and Amazon EC2 Nitro, even if they use KVM, as well as Xen even if - * it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also since it runs as a user-process - * nested inside other VMs. Also check for Xen now, because Xen PV mode does not override CPUID when nested - * inside another hypervisor. + * → First, try to detect Oracle Virtualbox, Amazon EC2 Nitro, and Parallels, even if they use KVM, + * as well as Xen even if it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also + * since it runs as a user-process nested inside other VMs. Also check for Xen now, because Xen PV + * mode does not override CPUID when nested inside another hypervisor. * - * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is - * overwritten. + * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if + * info in DMI is overwritten. * * → Third, try to detect from DMI. */ dmi = detect_vm_dmi(); - if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN, VIRTUALIZATION_AMAZON)) { + if (IN_SET(dmi, + VIRTUALIZATION_ORACLE, + VIRTUALIZATION_XEN, + VIRTUALIZATION_AMAZON, + VIRTUALIZATION_PARALLELS)) { r = dmi; goto finish; } From 001d00ac698d8fe39fc2f74aafb0ebc2cde21b0e Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 29 Jun 2022 12:13:21 +0200 Subject: [PATCH 420/703] journal: Fix missing parenthesis (cherry picked from commit f63d1b0efa64fe716c2855a0410ac47ad67f7dec) (cherry picked from commit 437978fe51983d39cd2fc6437a1152761b7f6f6d) --- src/libsystemd/sd-journal/journal-verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-journal/journal-verify.c b/src/libsystemd/sd-journal/journal-verify.c index 8288ebcd6e9..a6604679164 100644 --- a/src/libsystemd/sd-journal/journal-verify.c +++ b/src/libsystemd/sd-journal/journal-verify.c @@ -279,7 +279,7 @@ static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o if (le64toh(o->entry.items[i].object_offset) == 0 || !VALID64(le64toh(o->entry.items[i].object_offset))) { error(offset, - "Invalid entry item (%"PRIu64"/%"PRIu64" offset: "OFSfmt, + "Invalid entry item (%"PRIu64"/%"PRIu64") offset: "OFSfmt, i, journal_file_entry_n_items(o), le64toh(o->entry.items[i].object_offset)); return -EBADMSG; From c094ef34a65e1f3517a93d51a6c0d2d576be710a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 1 Jul 2022 15:12:22 +0900 Subject: [PATCH 421/703] journalctl: fix to show user slice Fixes #23867. (cherry picked from commit 3daf1f913c3bcf500f2c7e2b186185090c495256) (cherry picked from commit 9d86a5ac92361896673ff74c3ca2350ebe522879) --- src/shared/logs-show.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index cf83eb6bcaf..e2315e6eb19 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -1494,7 +1494,7 @@ int add_matches_for_user_unit(sd_journal *j, const char *unit, uid_t uid) { if (r == 0 && endswith(unit, ".slice")) { const char *m5; - m5 = strjoina("_SYSTEMD_SLICE=", unit); + m5 = strjoina("_SYSTEMD_USER_SLICE=", unit); /* Show all messages belonging to a slice */ (void)( From 256ce359630c290ee0addc6425f456ed2d8ca05c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 27 Jun 2022 10:31:53 +0900 Subject: [PATCH 422/703] nspawn: support PrivateUsers=identity Follow-up for 33eac552ab22af58b303342b1fa912900fa42820. Fixes #23825. (cherry picked from commit 5ad08191d85d6dd058b9d07ccf37ae4b709564e5) (cherry picked from commit 5478878067e8e06b8150a418f07c6874761c3515) --- src/nspawn/nspawn-settings.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index 1f58bf3ed48..c4be8f5d4ed 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -623,6 +623,11 @@ int config_parse_private_users( settings->userns_mode = USER_NAMESPACE_PICK; settings->uid_shift = UID_INVALID; settings->uid_range = UINT32_C(0x10000); + } else if (streq(rvalue, "identity")) { + /* identity: User namespacing on, UID range is 0:65536 */ + settings->userns_mode = USER_NAMESPACE_FIXED; + settings->uid_shift = 0; + settings->uid_range = UINT32_C(0x10000); } else { const char *range, *shift; uid_t sh, rn; From aa65f1f24f09d490e3201bcdb377786bc3dda19e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 5 Jul 2022 14:10:33 +0200 Subject: [PATCH 423/703] sd-id128: don't allow chars > f in valid id128 values (cherry picked from commit 82c3a0b74c8decccf2e1e384e7ad02def4a07459) (cherry picked from commit 6e6da09bd0138a2570f01022530dd81f62d417e3) --- src/libsystemd/sd-id128/id128-util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libsystemd/sd-id128/id128-util.c b/src/libsystemd/sd-id128/id128-util.c index 7c66d1c2dbf..c0fae60dc5f 100644 --- a/src/libsystemd/sd-id128/id128-util.c +++ b/src/libsystemd/sd-id128/id128-util.c @@ -49,8 +49,8 @@ bool id128_is_valid(const char *s) { char c = s[i]; if (!(c >= '0' && c <= '9') && - !(c >= 'a' && c <= 'z') && - !(c >= 'A' && c <= 'Z')) + !(c >= 'a' && c <= 'f') && + !(c >= 'A' && c <= 'F')) return false; } @@ -66,8 +66,8 @@ bool id128_is_valid(const char *s) { return false; } else { if (!(c >= '0' && c <= '9') && - !(c >= 'a' && c <= 'z') && - !(c >= 'A' && c <= 'Z')) + !(c >= 'a' && c <= 'f') && + !(c >= 'A' && c <= 'F')) return false; } } From 84715375d5d3e6ae1761d1ab46ebf73ae5a1d22e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 5 Jul 2022 16:27:09 +0200 Subject: [PATCH 424/703] json: actually use numeric C locale we just allocated This fixes formatting of JSON real values, and uses C locale for them. It's kinda interesting that this wasn't noticed before: the C locale object we allocated was not used, hence doing the dance had zero effect. This makes "test-varlink" pass again on systems with non-C locale. (My guess: noone noticed this because "long double" was used before by the JSON code and that had no locale supporting printer or so?) (cherry picked from commit 93258c7d72fae23c9f8103c98dd0e79a24838e26) (cherry picked from commit 2e6e30a92f5a36f84cf068f2b3c31ced7d7a9865) --- src/shared/json.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/shared/json.c b/src/shared/json.c index 4b3ab715ff7..0aa5d5f5dd0 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -1546,7 +1546,7 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha switch (json_variant_type(v)) { case JSON_VARIANT_REAL: { - locale_t loc; + locale_t loc, old_loc; loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t) 0); if (loc == (locale_t) 0) @@ -1555,7 +1555,9 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha if (flags & JSON_FORMAT_COLOR) fputs(ansi_highlight_blue(), f); + old_loc = uselocale(loc); fprintf(f, "%.*e", DECIMAL_DIG, json_variant_real(v)); + uselocale(old_loc); if (flags & JSON_FORMAT_COLOR) fputs(ANSI_NORMAL, f); From 2317d49cfb1ade050c7b05c9a97555fd53cfdfd4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 6 Jul 2022 13:14:20 +0200 Subject: [PATCH 425/703] man: "enabled commands are started at boot" is rubbish it's enabled units, and they might be started by various forms of activation, not just "at boot". Fix that. (cherry picked from commit 0c772b1cc1f08bee260addbecb8adc6cdf4ddeef) (cherry picked from commit 81d33ab7f60a5fe672f3869d97bf4e007aa49510) --- man/systemctl.xml | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/man/systemctl.xml b/man/systemctl.xml index 1c149095239..202eed125a9 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -237,29 +237,31 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: Current Time Service could not be Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output error (5) - The dot ("●") uses color on supported terminals to summarize the unit state at a glance. Along with - its color, its shape varies according to its state: inactive or - maintenance is a white circle ("○"), active is a green dot ("●"), - deactivating is a white dot, failed or error is - a red cross ("×"), and reloading is a green clockwise circle arrow ("↻"). - - - The "Loaded:" line in the output will show loaded if the unit has been loaded into - memory. Other possible values for "Loaded:" include: error if there was a problem - loading it, not-found if no unit file was found for this unit, - bad-setting if an essential unit file setting could not be parsed and - masked if the unit file has been masked. Along with showing the path to the unit file, - this line will also show the enablement state. Enabled commands start at boot. See the full table of - possible enablement states — including the definition of masked — in the documentation - for the is-enabled command. + The dot ("●") uses color on supported terminals to summarize the unit state at a + glance. Along with its color, its shape varies according to its state: + inactive or maintenance is a white circle ("○"), + active is a green dot ("●"), deactivating is a white dot, + failed or error is a red cross ("×"), and + reloading is a green clockwise circle arrow ("↻"). + + The "Loaded:" line in the output will show loaded if the unit has been + loaded into memory. Other possible values for "Loaded:" include: error if + there was a problem loading it, not-found if no unit file was found for this + unit, bad-setting if an essential unit file setting could not be parsed and + masked if the unit file has been masked. Along with showing the path to the + unit file, this line will also show the enablement state. Enabled units are included in the + dependency network between units, and thus are started at boot or via some other form of + activation. See the full table of possible enablement states — including the definition of + masked — in the documentation for the is-enabled command. The "Active:" line shows active state. The value is usually active or - inactive. Active could mean started, bound, plugged in, etc depending on the unit type. - The unit could also be in process of changing states, reporting a state of activating or - deactivating. A special failed state is entered when the service - failed in some way, such as a crash, exiting with an error code or timing out. If the failed state is - entered the cause will be logged for later reference. + inactive. Active could mean started, bound, plugged in, etc depending on the + unit type. The unit could also be in process of changing states, reporting a state of + activating or deactivating. A special + failed state is entered when the service failed in some way, such as a crash, + exiting with an error code or timing out. If the failed state is entered the cause will be logged + for later reference. From 859f107020d47e948da07f353faafdb47b7c80e4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 7 Jul 2022 23:20:31 +0200 Subject: [PATCH 426/703] namespace: fix propagated error number (cherry picked from commit 1ce268c7892be2221bec6bf5ef795a82df92e48f) (cherry picked from commit c377dc4832083dfd7bd42fc9fbad9f0e0e7a8bf8) --- src/core/namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index 71c1aea3407..6a9a032e0da 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -874,7 +874,7 @@ static int mount_private_dev(MountEntry *m) { r = label_fix_container(dev, "/dev", 0); if (r < 0) { - log_debug_errno(errno, "Failed to fix label of '%s' as /dev: %m", dev); + log_debug_errno(r, "Failed to fix label of '%s' as /dev: %m", dev); goto fail; } From 9e9d8b8ef7f4b1edae4b93e2472e450338edebfd Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 8 Jul 2022 09:59:57 +0200 Subject: [PATCH 427/703] tmpfiles: correct error variable to use (cherry picked from commit 149e0ca6c77692b82a9e4602ca4ffb7108346379) (cherry picked from commit 9e73f919abad4166214c704bbd2cde9ea0e5614b) --- src/tmpfiles/tmpfiles.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index fcab51c2081..c3f349e4ccc 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -621,7 +621,7 @@ static int dir_cleanup( continue; if (r < 0) { /* FUSE, NFS mounts, SELinux might return EACCES */ - r = log_full_errno(errno == EACCES ? LOG_DEBUG : LOG_ERR, errno, + r = log_full_errno(r == -EACCES ? LOG_DEBUG : LOG_ERR, r, "statx(%s/%s) failed: %m", p, de->d_name); continue; } From c32530f5bdd11c74e8f5a86eecd7c36b3bae739f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 7 Jul 2022 18:27:02 +0900 Subject: [PATCH 428/703] time-util: fix buffer-over-run Fixes #23928. (cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e) (cherry picked from commit 72d4c15a946d20143cd4c6783c802124bc894dc7) --- src/basic/time-util.c | 2 +- src/test/test-time-util.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/basic/time-util.c b/src/basic/time-util.c index b659d6905d9..89dc593d446 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -588,7 +588,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { t = b; } - n = MIN((size_t) k, l); + n = MIN((size_t) k, l-1); l -= n; p += n; diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c index 4d0131827ed..8db6b25279f 100644 --- a/src/test/test-time-util.c +++ b/src/test/test-time-util.c @@ -238,6 +238,11 @@ TEST(format_timespan) { test_format_timespan_accuracy(1); test_format_timespan_accuracy(USEC_PER_MSEC); test_format_timespan_accuracy(USEC_PER_SEC); + + /* See issue #23928. */ + _cleanup_free_ char *buf; + assert_se(buf = new(char, 5)); + assert_se(buf == format_timespan(buf, 5, 100005, 1000)); } TEST(verify_timezone) { From 63c0ce2346cb70a2959bd539541119866223a619 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 8 Jul 2022 22:00:58 +0900 Subject: [PATCH 429/703] resolve: fix heap-buffer-overflow reported by ASAN with strict_string_checks=1 Fixes #23942. (cherry picked from commit beeab352de413e1c04de0a67ee36525fcf6e99dd) (cherry picked from commit feb244676baa246e660b713544c2cb8766c25b34) --- src/resolve/resolved-dns-packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index d45f87ff5d1..ff1ef4454d2 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -1392,7 +1392,7 @@ int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) { if (memchr(d, 0, c)) return -EBADMSG; - t = strndup(d, c); + t = memdup_suffix0(d, c); if (!t) return -ENOMEM; From 79d9afd3d67e4d244cac85408e6c6d4903e3c607 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 8 Jul 2022 22:13:24 +0900 Subject: [PATCH 430/703] resolve: fix possible integer overflow (cherry picked from commit 370999c05bd21b18056686dfb27f999acda7c0b6) (cherry picked from commit b7fc4ffe9747b7a967b43cbff5a96286976946ee) --- src/resolve/resolved-dns-packet.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index ff1ef4454d2..3ff5ac341c9 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -1254,8 +1254,9 @@ int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a, unsigned *completed) { int dns_packet_read(DnsPacket *p, size_t sz, const void **ret, size_t *start) { assert(p); + assert(p->rindex <= p->size); - if (p->rindex + sz > p->size) + if (sz > p->size - p->rindex) return -EMSGSIZE; if (ret) @@ -1595,17 +1596,19 @@ static int dns_packet_read_type_windows(DnsPacket *p, Bitmap **types, size_t siz _cleanup_(rewind_dns_packet) DnsPacketRewinder rewinder = REWINDER_INIT(p); int r; - while (p->rindex < rewinder.saved_rindex + size) { + while (p->rindex - rewinder.saved_rindex < size) { r = dns_packet_read_type_window(p, types, NULL); if (r < 0) return r; + assert(p->rindex >= rewinder.saved_rindex); + /* don't read past end of current RR */ - if (p->rindex > rewinder.saved_rindex + size) + if (p->rindex - rewinder.saved_rindex > size) return -EBADMSG; } - if (p->rindex != rewinder.saved_rindex + size) + if (p->rindex - rewinder.saved_rindex != size) return -EBADMSG; if (start) @@ -1716,7 +1719,7 @@ int dns_packet_read_rr( if (r < 0) return r; - if (p->rindex + rdlength > p->size) + if (rdlength > p->size - p->rindex) return -EBADMSG; offset = p->rindex; @@ -1760,7 +1763,7 @@ int dns_packet_read_rr( } else { DnsTxtItem *last = NULL; - while (p->rindex < offset + rdlength) { + while (p->rindex - offset < rdlength) { DnsTxtItem *i; const void *data; size_t sz; @@ -1992,7 +1995,7 @@ int dns_packet_read_rr( if (r < 0) return r; - if (rdlength + offset < p->rindex) + if (rdlength < p->rindex - offset) return -EBADMSG; r = dns_packet_read_memdup(p, offset + rdlength - p->rindex, @@ -2019,6 +2022,9 @@ int dns_packet_read_rr( if (r < 0) return r; + if (rdlength < p->rindex - offset) + return -EBADMSG; + r = dns_packet_read_type_windows(p, &rr->nsec.types, offset + rdlength - p->rindex, NULL); /* We accept empty NSEC bitmaps. The bit indicating the presence of the NSEC record itself @@ -2064,6 +2070,9 @@ int dns_packet_read_rr( if (r < 0) return r; + if (rdlength < p->rindex - offset) + return -EBADMSG; + r = dns_packet_read_type_windows(p, &rr->nsec3.types, offset + rdlength - p->rindex, NULL); /* empty non-terminals can have NSEC3 records, so empty bitmaps are allowed */ @@ -2107,7 +2116,7 @@ int dns_packet_read_rr( if (r < 0) return r; - if (rdlength + offset < p->rindex) + if (rdlength < p->rindex - offset) return -EBADMSG; r = dns_packet_read_memdup(p, @@ -2126,7 +2135,7 @@ int dns_packet_read_rr( } if (r < 0) return r; - if (p->rindex != offset + rdlength) + if (p->rindex - offset != rdlength) return -EBADMSG; if (ret) From e2335238d9cffa4ed578a47fe23d366757dd1c2e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 8 Jul 2022 06:10:36 +0900 Subject: [PATCH 431/703] core/load-fragment: fix error value in log_syntax() `extract_first_word()` may return positive value on success. (cherry picked from commit 6a35d52d786137f8f955d41dbc505a818169d904) (cherry picked from commit 900af2155833107e502feade072694b402aa831e) --- src/core/load-fragment.c | 58 +++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 9523d822b70..a3f3b1618a2 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -4212,11 +4212,16 @@ int config_parse_io_device_weight( r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || isempty(p)) { + if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract device path and weight from '%s', ignoring.", rvalue); return 0; } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid device path or weight specified in '%s', ignoring.", rvalue); + return 0; + } r = unit_path_printf(userdata, path, &resolved); if (r < 0) { @@ -4281,11 +4286,16 @@ int config_parse_io_device_latency( r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || isempty(p)) { + if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract device path and latency from '%s', ignoring.", rvalue); return 0; } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid device path or latency specified in '%s', ignoring.", rvalue); + return 0; + } r = unit_path_printf(userdata, path, &resolved); if (r < 0) { @@ -4351,11 +4361,16 @@ int config_parse_io_limit( r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || isempty(p)) { + if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue); return 0; } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue); + return 0; + } r = unit_path_printf(userdata, path, &resolved); if (r < 0) { @@ -4437,11 +4452,16 @@ int config_parse_blockio_device_weight( r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || isempty(p)) { + if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract device node and weight from '%s', ignoring.", rvalue); return 0; } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid device node or weight specified in '%s', ignoring.", rvalue); + return 0; + } r = unit_path_printf(userdata, path, &resolved); if (r < 0) { @@ -4510,11 +4530,16 @@ int config_parse_blockio_bandwidth( r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || isempty(p)) { + if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue); return 0; } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue); + return 0; + } r = unit_path_printf(userdata, path, &resolved); if (r < 0) { @@ -4731,8 +4756,12 @@ int config_parse_set_credential( r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || !p) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract credential name, ignoring: %s", rvalue); + return 0; + } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", rvalue); return 0; } @@ -5211,7 +5240,7 @@ int config_parse_bind_paths( if (r == -ENOMEM) return log_oom(); if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue); + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring: %s", lvalue, rvalue); return 0; } @@ -5861,6 +5890,7 @@ int config_parse_bpf_foreign_program( void *userdata) { _cleanup_free_ char *resolved = NULL, *word = NULL; CGroupContext *c = data; + const char *p = rvalue; Unit *u = userdata; int attach_type, r; @@ -5875,13 +5905,17 @@ int config_parse_bpf_foreign_program( return 0; } - r = extract_first_word(&rvalue, &word, ":", 0); + r = extract_first_word(&p, &word, ":", 0); if (r == -ENOMEM) return log_oom(); - if (r <= 0 || isempty(rvalue)) { + if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse foreign BPF program, ignoring: %s", rvalue); return 0; } + if (r == 0 || isempty(p)) { + log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax in %s=, ignoring: %s", lvalue, rvalue); + return 0; + } attach_type = bpf_cgroup_attach_type_from_string(word); if (attach_type < 0) { @@ -5889,9 +5923,9 @@ int config_parse_bpf_foreign_program( return 0; } - r = unit_path_printf(u, rvalue, &resolved); + r = unit_path_printf(u, p, &resolved); if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue); + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %s", p, rvalue); return 0; } From 45944e44a799488d77a3662ccc73175f93828fe2 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 10 Jun 2022 09:12:55 +0900 Subject: [PATCH 432/703] network: drop redundant warning If file is world readable, then `read_full_file_full()` will warn about that. (cherry picked from commit d5ad2ec1d409e983cc8727f343137bfb8615a57d) (cherry picked from commit c87c7e723193d6a19f0d8c195296b6f00eeb3b55) --- src/network/netdev/macsec.c | 2 -- src/network/netdev/wireguard.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c index f1a566a9ca6..df0d9244434 100644 --- a/src/network/netdev/macsec.c +++ b/src/network/netdev/macsec.c @@ -973,8 +973,6 @@ static int macsec_read_key_file(NetDev *netdev, SecurityAssociation *sa) { if (!sa->key_file) return 0; - (void) warn_file_is_world_accessible(sa->key_file, NULL, NULL, 0); - r = read_full_file_full( AT_FDCWD, sa->key_file, UINT64_MAX, SIZE_MAX, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNHEX | READ_FULL_FILE_WARN_WORLD_READABLE | READ_FULL_FILE_CONNECT_SOCKET, diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c index 88f668753a5..6c251b3a2e2 100644 --- a/src/network/netdev/wireguard.c +++ b/src/network/netdev/wireguard.c @@ -1083,8 +1083,6 @@ static int wireguard_read_key_file(const char *filename, uint8_t dest[static WG_ assert(dest); - (void) warn_file_is_world_accessible(filename, NULL, NULL, 0); - r = read_full_file_full( AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, READ_FULL_FILE_SECURE | READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_WARN_WORLD_READABLE | READ_FULL_FILE_CONNECT_SOCKET, From 3f909ca95a9436cc4ed597312562792dc63aceb3 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Jul 2022 07:52:11 +0900 Subject: [PATCH 433/703] sd-dhcp-client: fix log message (cherry picked from commit 3857d367f0028dd5480498ba5d3507866c7f294e) (cherry picked from commit d56649142b01652976b6ee647f51fa25f4227542) --- src/libsystemd-network/sd-dhcp-lease.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index b87af047365..952c6740593 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -821,7 +821,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void break; default: - log_debug("Ignoring option DHCP option %"PRIu8" while parsing.", code); + log_debug("Ignoring DHCP option %"PRIu8" while parsing.", code); break; } From b791f05992beb5fe85953bc7dfa6bec643a6f04d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Jul 2022 15:56:50 +0900 Subject: [PATCH 434/703] resolve: introduce FORMAT_DNS_RCODE() macro Fixes #23958. (cherry picked from commit 0d609349ba7e4df07c548c1cfe5127b431de7554) (cherry picked from commit a03ea9798afa4f2c757c2a2556f735b6aa600c99) --- src/resolve/resolved-bus.c | 8 +------- src/resolve/resolved-dns-cache.c | 2 +- src/resolve/resolved-dns-packet.c | 9 +++++++++ src/resolve/resolved-dns-packet.h | 2 ++ src/resolve/resolved-dns-transaction.c | 12 ++++++------ 5 files changed, 19 insertions(+), 14 deletions(-) diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index 88c67e1c39a..9909145936d 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -115,14 +115,8 @@ static int reply_query_state(DnsQuery *q) { sd_bus_error_setf(&error, _BUS_ERROR_DNS "NXDOMAIN", "'%s' not found", dns_query_string(q)); else { const char *rc, *n; - char p[DECIMAL_STR_MAX(q->answer_rcode)]; - - rc = dns_rcode_to_string(q->answer_rcode); - if (!rc) { - xsprintf(p, "%i", q->answer_rcode); - rc = p; - } + rc = FORMAT_DNS_RCODE(q->answer_rcode); n = strjoina(_BUS_ERROR_DNS, rc); sd_bus_error_setf(&error, n, "Could not resolve '%s', server or network returned error %s", dns_query_string(q), rc); } diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 57e0ac3acc6..aeff9f8be6d 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -1115,7 +1115,7 @@ int dns_cache_lookup( if (found_rcode >= 0) { log_debug("RCODE %s cache hit for %s", - dns_rcode_to_string(found_rcode), + FORMAT_DNS_RCODE(found_rcode), dns_resource_key_to_string(key, key_str, sizeof(key_str))); if (ret_rcode) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 3ff5ac341c9..1fcb26a203a 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -9,6 +9,7 @@ #include "memory-util.h" #include "resolved-dns-packet.h" #include "set.h" +#include "stdio-util.h" #include "string-table.h" #include "strv.h" #include "unaligned.h" @@ -2649,6 +2650,14 @@ static const char* const dns_rcode_table[_DNS_RCODE_MAX_DEFINED] = { }; DEFINE_STRING_TABLE_LOOKUP(dns_rcode, int); +const char *format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) { + const char *p = dns_rcode_to_string(i); + if (p) + return p; + + return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i); +} + static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = { [DNS_PROTOCOL_DNS] = "dns", [DNS_PROTOCOL_MDNS] = "mdns", diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 0b797ecb1a1..b33e38fa758 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -275,6 +275,8 @@ enum { const char* dns_rcode_to_string(int i) _const_; int dns_rcode_from_string(const char *s) _pure_; +const char *format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]); +#define FORMAT_DNS_RCODE(i) format_dns_rcode(i, (char [DECIMAL_STR_MAX(int)]) {}) const char* dns_protocol_to_string(DnsProtocol p) _const_; DnsProtocol dns_protocol_from_string(const char *s) _pure_; diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 19069289c7f..8256aa32260 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -868,7 +868,7 @@ static int dns_transaction_dnssec_ready(DnsTransaction *t) { case DNS_TRANSACTION_RCODE_FAILURE: if (!IN_SET(dt->answer_rcode, DNS_RCODE_NXDOMAIN, DNS_RCODE_SERVFAIL)) { - log_debug("Auxiliary DNSSEC RR query failed with rcode=%s.", dns_rcode_to_string(dt->answer_rcode)); + log_debug("Auxiliary DNSSEC RR query failed with rcode=%s.", FORMAT_DNS_RCODE(dt->answer_rcode)); goto fail; } @@ -1053,7 +1053,7 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt log_debug("Processing incoming packet of size %zu on transaction %" PRIu16" (rcode=%s).", p->size, - t->id, dns_rcode_to_string(DNS_PACKET_RCODE(p))); + t->id, FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p))); switch (t->scope->protocol) { @@ -1143,7 +1143,7 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt return; /* Give up, accept the rcode */ - log_debug("Server returned error: %s", dns_rcode_to_string(DNS_PACKET_RCODE(p))); + log_debug("Server returned error: %s", FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p))); break; } @@ -1157,7 +1157,7 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt t->clamp_feature_level_servfail < 0) { t->clamp_feature_level_servfail = t->current_feature_level; log_debug("Server returned error %s, retrying transaction.", - dns_rcode_to_string(DNS_PACKET_RCODE(p))); + FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p))); } else { /* Reduce this feature level by one and try again. */ switch (t->current_feature_level) { @@ -1173,7 +1173,7 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt } log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", - dns_rcode_to_string(DNS_PACKET_RCODE(p)), + FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)), dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); } @@ -1314,7 +1314,7 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt t->clamp_feature_level_nxdomain = DNS_SERVER_FEATURE_LEVEL_UDP; log_debug("Server returned error %s in EDNS0 mode, retrying transaction with reduced feature level %s (DVE-2018-0001 mitigation)", - dns_rcode_to_string(DNS_PACKET_RCODE(p)), + FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)), dns_server_feature_level_to_string(t->clamp_feature_level_nxdomain)); dns_transaction_retry(t, false /* use the same server */); From b16a4d45eb6c0b5ddb2d7ea5fbcf86c4f839c13d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 11 Jul 2022 12:02:04 +0200 Subject: [PATCH 435/703] sd-device: make sd_device_get_is_initialized() not return -ENOENT (cherry picked from commit 591c186f2fc11523e098fbb09b3c1f0a07d49ca4) (cherry picked from commit d36b2af98783cafb2789473c2ea2cce3ce055ebc) --- src/libsystemd/sd-device/sd-device.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index b163a0fb6bb..718a92549de 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -1496,6 +1496,9 @@ _public_ int sd_device_get_is_initialized(sd_device *device) { assert_return(device, -EINVAL); r = device_read_db(device); + if (r == -ENOENT) + /* The device may be already removed or renamed. */ + return false; if (r < 0) return r; From c2939963fe20016420905a594e160d45bb833a73 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 29 Apr 2022 20:29:11 +0900 Subject: [PATCH 436/703] core/device: ignore DEVICE_FOUND_UDEV bit on switching root The issue #12953 is caused by the following: On switching root, - deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT, - deserialized_state == DEVICE_PLUGGED, - enumerated_found == DEVICE_FOUND_MOUNT, On switching root, most devices are not found by the enumeration process. Hence, the device state is set to plugged by device_coldplug(), and then changed to the dead state in device_catchup(). So the corresponding mount point is unmounted. Later when the device is processed by udevd, it will be changed to plugged state again. The issue #23208 is caused by the fact that generated udev database in initramfs and the main system are often different. So, the two issues have the same root; we should not honor DEVICE_FOUND_UDEV bit in the deserialized_found on switching root. This partially reverts c6e892bc0eebe1d42c282bd2d8bae149fbeba85f. Fixes #12953 and #23208. Replaces #23215. Co-authored-by: Martin Wilck (cherry picked from commit 75d7b5989f99125e52d5c0e5656fa1cd0fae2405) --- src/core/device.c | 59 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 10 deletions(-) diff --git a/src/core/device.c b/src/core/device.c index 43f49573b91..8b3f5de2191 100644 --- a/src/core/device.c +++ b/src/core/device.c @@ -161,14 +161,57 @@ static int device_coldplug(Unit *u) { assert(d->state == DEVICE_DEAD); /* First, let's put the deserialized state and found mask into effect, if we have it. */ + if (d->deserialized_state < 0) + return 0; + + Manager *m = u->manager; + DeviceFound found = d->deserialized_found; + DeviceState state = d->deserialized_state; + + /* On initial boot, switch-root, reload, reexecute, the following happen: + * 1. MANAGER_IS_RUNNING() == false + * 2. enumerate devices: manager_enumerate() -> device_enumerate() + * Device.enumerated_found is set. + * 3. deserialize devices: manager_deserialize() -> device_deserialize() + * Device.deserialize_state and Device.deserialized_found are set. + * 4. coldplug devices: manager_coldplug() -> device_coldplug() + * deserialized properties are copied to the main properties. + * 5. MANAGER_IS_RUNNING() == true: manager_ready() + * 6. catchup devices: manager_catchup() -> device_catchup() + * Device.enumerated_found is applied to Device.found, and state is updated based on that. + * + * Notes: + * - On initial boot, no udev database exists. Hence, no devices are enumerated in the step 2. + * Also, there is no deserialized device. Device units are (a) generated based on dependencies of + * other units, or (b) generated when uevents are received. + * + * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. + * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, + * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be + * ignored, as udev rules in initramfs and the main system are often different. If the deserialized + * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody + * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false + * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. + * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd + * will (re-)process all devices, and the Device.found and Device.state will be adjusted. + * + * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. + * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by + * device_catchup() or uevents. */ + + if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { + found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ + if (state == DEVICE_PLUGGED) + state = DEVICE_TENTATIVE; /* downgrade state */ + if (found == DEVICE_NOT_FOUND) + state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ + } - if (d->deserialized_state < 0 || - (d->deserialized_state == d->state && - d->deserialized_found == d->found)) + if (d->found == found && d->state == state) return 0; - d->found = d->deserialized_found; - device_set_state(d, d->deserialized_state); + d->found = found; + device_set_state(d, state); return 0; } @@ -683,13 +726,9 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no } static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { - Manager *m; - assert(d); - m = UNIT(d)->manager; - - if (MANAGER_IS_RUNNING(m) && (m->honor_device_enumeration || MANAGER_IS_USER(m))) { + if (MANAGER_IS_RUNNING(UNIT(d)->manager)) { DeviceFound n, previous; /* When we are already running, then apply the new mask right-away, and trigger state changes From b927b303c139fb8213a3e8b11687dd274d6238c1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 20 May 2022 10:25:12 +0200 Subject: [PATCH 437/703] core/device: do not downgrade device state if it is already enumerated On switching root, a device may have a persistent databse. In that case, Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not necessary to downgrade the Device.deserialized_found and Device.deserialized_state. Otherwise, the state of the device unit may be changed plugged -> dead -> plugged, if the device has not been mounted. Fixes #23429. [mwilck: cherry-picked from #23437] (cherry picked from commit 4fc69e8a0949c2537019466f839d9b7aee5628c9) (cherry picked from commit 131206de786cd5c4d82d7a49ec1f6e562775022d) --- src/core/device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/device.c b/src/core/device.c index 8b3f5de2191..a171d9d1563 100644 --- a/src/core/device.c +++ b/src/core/device.c @@ -199,7 +199,8 @@ static int device_coldplug(Unit *u) { * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by * device_catchup() or uevents. */ - if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { + if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && + !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ if (state == DEVICE_PLUGGED) state = DEVICE_TENTATIVE; /* downgrade state */ From 60a239c54eed012b35ec9d230bf73684da902b9e Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 9 Jun 2022 16:20:43 +0200 Subject: [PATCH 438/703] pstore: Run after modules are loaded The systemd-pstore service takes pstore files on boot and transfers them to disk. It only does it once on boot and only if it finds any. The typical location of the pstore on modern systems is the UEFI variable store. Most distributions ship with CONFIG_EFI_VARS_PSTORE=m. That means, the UEFI variable store is only available on boot after the respective module is loaded. In most situations, the pstore service gets loaded before the UEFI pstore, so we don't get to transfer logs. Instead, they accumulate, filling up the pstore over time, potentially breaking the UEFI variable store. Let's add a service dependency on any kernel module that can provide a pstore to ensure we only scan for pstate after we can actually see pstate. I have seen live occurences of systems breaking because we did not erase the pstates and ran out of UEFI nvram space. Fixes https://github.com/systemd/systemd/issues/18540 (cherry picked from commit 70e74a5997ae2ce7ba72a74ac949c3b2dad1a1d6) --- units/systemd-pstore.service.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/units/systemd-pstore.service.in b/units/systemd-pstore.service.in index 848e311e964..86de30ad4a7 100644 --- a/units/systemd-pstore.service.in +++ b/units/systemd-pstore.service.in @@ -15,6 +15,8 @@ ConditionVirtualization=!container DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target +After=modprobe@efi_pstore.service modprobe@mtdpstore.service modprobe@chromeos_pstore.service modprobe@ramoops.service modprobe@pstore_zone.service modprobe@pstore_blk.service +Wants=modprobe@efi_pstore.service modprobe@mtdpstore.service modprobe@chromeos_pstore.service modprobe@ramoops.service modprobe@pstore_zone.service modprobe@pstore_blk.service [Service] Type=oneshot From 608264bb63c8072373a51d9949cc472cdfe44c82 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Wed, 7 Sep 2022 13:25:13 -0400 Subject: [PATCH 439/703] pstore: do not try to load all known pstore modules Commit 70e74a5997 ("pstore: Run after modules are loaded") added After= and Wants= entries for all known kernel modules providing a pstore. While adding these dependencies on systems where one of the modules is not present, or not configured, should not have a real affect on the system, it can produce annoying error messages in the kernel log. E.g. "mtd device must be supplied (device name is empty)" when the mtdpstore module is not configured correctly. Since dependencies cannot be removed with drop-ins, if a distro wants to remove some of these modules from systemd-pstore.service, they need to patch units/systemd-pstore.service.in. On the other hand, if they want to append to the dependencies this can be done by shipping a drop-in. Since the original intent of the previous commit was to fix [1], which only requires the efi_pstore module, remove all other kernel module dependencies from systemd-pstore.service, and let distros ship drop-ins to add dependencies if needed. [1] https://github.com/systemd/systemd/issues/18540 (cherry picked from commit 8b8bd621e1d16808678fc3afed257df1fa03a281) --- units/systemd-pstore.service.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/units/systemd-pstore.service.in b/units/systemd-pstore.service.in index 86de30ad4a7..02ac29caa4e 100644 --- a/units/systemd-pstore.service.in +++ b/units/systemd-pstore.service.in @@ -15,8 +15,8 @@ ConditionVirtualization=!container DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target -After=modprobe@efi_pstore.service modprobe@mtdpstore.service modprobe@chromeos_pstore.service modprobe@ramoops.service modprobe@pstore_zone.service modprobe@pstore_blk.service -Wants=modprobe@efi_pstore.service modprobe@mtdpstore.service modprobe@chromeos_pstore.service modprobe@ramoops.service modprobe@pstore_zone.service modprobe@pstore_blk.service +After=modprobe@efi_pstore.service +Wants=modprobe@efi_pstore.service [Service] Type=oneshot From a96ef943b4b39d97f36e9bd29190fc179d6b87e0 Mon Sep 17 00:00:00 2001 From: Martin Wilck Date: Wed, 25 May 2022 12:01:00 +0200 Subject: [PATCH 440/703] core/device: device_coldplug(): don't set DEVICE_DEAD dm-crypt device units generated by systemd-cryptsetup-generator habe BindsTo= dependencies on their backend devices. The dm-crypt devices have the db_persist flag set, and thus survive the udev db cleanup while switching root. But backend devices usually don't survive. These devices are neither mounted nor used for swap, thus they will seen as DEVICE_NOT_FOUND after switching root. The BindsTo dependency will cause systemd to schedule a stop job for the dm-crypt device, breaking boot: [ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device. [ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace [ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343 Avoid this by not setting the state of the backend devices to DEVICE_DEAD. Fixes the LUKS setup issue reported in #23429. (cherry picked from commit cf1ac0cfe44997747b0f857a1d0b67cea1298272) (cherry picked from commit 4f86dd28499cf3f7338dc3368d18eccbb126b4a9) --- src/core/device.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/core/device.c b/src/core/device.c index a171d9d1563..3cf0872ad57 100644 --- a/src/core/device.c +++ b/src/core/device.c @@ -204,8 +204,6 @@ static int device_coldplug(Unit *u) { found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ if (state == DEVICE_PLUGGED) state = DEVICE_TENTATIVE; /* downgrade state */ - if (found == DEVICE_NOT_FOUND) - state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ } if (d->found == found && d->state == state) From 885e4e531b58743750ff1a656826a3648eac36a3 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 22 Jun 2022 13:11:13 +0200 Subject: [PATCH 441/703] Do not fail EFI build with newer binutils Newer binutils versions currently trigger the following warnings due to a bug in gnu-efi on arm64: /usr/bin/ld.bfd: warning: src/boot/efi/systemd-bootaa64.elf has a LOAD segment with RWX permissions on amd64: /usr/bin/ld.bfd: warning: /usr/lib/crt0-efi-x86_64.o: missing .note.GNU-stack section implies executable stack This results in a build failure due to --fatal-warnings. Work around this issue by suppressing those warnings until gnu-efi has been fixed. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013341 (cherry picked from commit b0e5bf0451a6bc94e6e7b2a1de668b75c63f38c8) (cherry picked from commit 8a6f966be404897b5333c218701965ac3b5a0806) --- src/boot/efi/meson.build | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 2c283b8c7b6..8dc35c0e4ab 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -240,6 +240,13 @@ efi_ldflags = [ '-z', 'nocombreloc', efi_crt0, ] + +possible_link_flags = [ + '-Wl,--no-warn-execstack', + '-Wl,--no-warn-rwx-segments', +] +efi_ldflags += cc.get_supported_link_arguments(possible_link_flags) + if efi_arch[1] in ['aarch64', 'arm', 'riscv64'] efi_ldflags += ['-shared'] # Aarch64, ARM32 and 64bit RISC-V don't have an EFI capable objcopy. From 922e717ee940edad59fec81be390212dbfbc5cfa Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 11 Jul 2022 15:12:24 +0200 Subject: [PATCH 442/703] man: explain why pam_systemd_home wants to be in all four stacks Suggested here: https://bugzilla.redhat.com/show_bug.cgi?id=2085485#c5 (cherry picked from commit 90bc309aa2c1430941f4c50f73e681ab3e488bd3) (cherry picked from commit 69de3e810a7e7996bc757faa5e8b1e2e982f117e) --- man/pam_systemd_home.xml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/man/pam_systemd_home.xml b/man/pam_systemd_home.xml index 906d1c15169..93153b57aa0 100644 --- a/man/pam_systemd_home.xml +++ b/man/pam_systemd_home.xml @@ -93,8 +93,13 @@ Module Types Provided - The module provides all four management operations: , , - , . + The module implements all four PAM operations: (reason: when per-user + disk encryption is used, the disk encryption key is derived from the authentication credential supplied + at login time), (reason: systemd-homed.service account + validity may be configured in more detail than in the traditional Linux user database, and thus needs to + be verified separately), (user sessions must be tracked, in order to implement + automatic release when the last session of a managed user is gone), (user + passwords may be changed through PAM). From 05763bb446bbe07b020c2739685755484ebf9118 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 24 Jun 2022 13:00:34 +0900 Subject: [PATCH 443/703] sd-device: change type of properties nulstr from uint8_t* to char* (cherry picked from commit cff31876dabdfdc0d70c0b72917d6b66ab973a54) (cherry picked from commit 0ecda6fdf065286007e873b8d3d0a27b127a2c9a) --- src/libsystemd/sd-device/device-internal.h | 2 +- src/libsystemd/sd-device/device-monitor.c | 4 ++-- src/libsystemd/sd-device/device-private.c | 28 ++++++++++------------ src/libsystemd/sd-device/device-private.h | 4 ++-- src/libsystemd/sd-device/test-sd-device.c | 7 +++--- 5 files changed, 21 insertions(+), 24 deletions(-) diff --git a/src/libsystemd/sd-device/device-internal.h b/src/libsystemd/sd-device/device-internal.h index 76a1727b1c1..6db1fb6f279 100644 --- a/src/libsystemd/sd-device/device-internal.h +++ b/src/libsystemd/sd-device/device-internal.h @@ -55,7 +55,7 @@ struct sd_device { dev_t devnum; char **properties_strv; /* the properties hashmap as a strv */ - uint8_t *properties_nulstr; /* the same as a nulstr */ + char *properties_nulstr; /* the same as a nulstr */ size_t properties_nulstr_len; char *syspath; diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c index 524d10b9d80..6602f12a7c7 100644 --- a/src/libsystemd/sd-device/device-monitor.c +++ b/src/libsystemd/sd-device/device-monitor.c @@ -507,7 +507,7 @@ int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) { "sd-device-monitor: Invalid message header"); } - r = device_new_from_nulstr(&device, (uint8_t*) &buf.raw[bufpos], buflen - bufpos); + r = device_new_from_nulstr(&device, &buf.raw[bufpos], buflen - bufpos); if (r < 0) return log_debug_errno(r, "sd-device-monitor: Failed to create device from received message: %m"); @@ -573,7 +573,7 @@ int device_monitor_send_device( assert(m); assert(device); - r = device_get_properties_nulstr(device, (const uint8_t **) &buf, &blen); + r = device_get_properties_nulstr(device, &buf, &blen); if (r < 0) return log_device_debug_errno(device, r, "sd-device-monitor: Failed to get device properties: %m"); if (blen < 32) diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c index 37eda23a5f6..abbf4b321ff 100644 --- a/src/libsystemd/sd-device/device-private.c +++ b/src/libsystemd/sd-device/device-private.c @@ -461,7 +461,7 @@ int device_new_from_strv(sd_device **ret, char **strv) { return 0; } -int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len) { +int device_new_from_nulstr(sd_device **ret, char *nulstr, size_t len) { _cleanup_(sd_device_unrefp) sd_device *device = NULL; const char *major = NULL, *minor = NULL; int r; @@ -478,7 +478,7 @@ int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len) { char *key; const char *end; - key = (char*) &nulstr[i]; + key = nulstr + i; end = memchr(key, '\0', len - i); if (!end) return log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), @@ -511,10 +511,9 @@ int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len) { } static int device_update_properties_bufs(sd_device *device) { + _cleanup_free_ char **buf_strv = NULL, *buf_nulstr = NULL; + size_t nulstr_len = 0, num = 0; const char *val, *prop; - _cleanup_free_ char **buf_strv = NULL; - _cleanup_free_ uint8_t *buf_nulstr = NULL; - size_t nulstr_len = 0, num = 0, i = 0; assert(device); @@ -530,32 +529,31 @@ static int device_update_properties_bufs(sd_device *device) { if (!buf_nulstr) return -ENOMEM; - strscpyl((char *)buf_nulstr + nulstr_len, len + 1, prop, "=", val, NULL); + strscpyl(buf_nulstr + nulstr_len, len + 1, prop, "=", val, NULL); nulstr_len += len + 1; - ++num; + num++; } /* build buf_strv from buf_nulstr */ - buf_strv = new0(char *, num + 1); + buf_strv = new0(char*, num + 1); if (!buf_strv) return -ENOMEM; - NULSTR_FOREACH(val, (char*) buf_nulstr) { - buf_strv[i] = (char *) val; - assert(i < num); - i++; - } + size_t i = 0; + char *p; + NULSTR_FOREACH(p, buf_nulstr) + buf_strv[i++] = p; + assert(i == num); free_and_replace(device->properties_nulstr, buf_nulstr); device->properties_nulstr_len = nulstr_len; free_and_replace(device->properties_strv, buf_strv); device->properties_buf_outdated = false; - return 0; } -int device_get_properties_nulstr(sd_device *device, const uint8_t **nulstr, size_t *len) { +int device_get_properties_nulstr(sd_device *device, const char **nulstr, size_t *len) { int r; assert(device); diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h index 04b932309cf..e04aa13ccc2 100644 --- a/src/libsystemd/sd-device/device-private.h +++ b/src/libsystemd/sd-device/device-private.h @@ -10,7 +10,7 @@ #include "macro.h" -int device_new_from_nulstr(sd_device **ret, uint8_t *nulstr, size_t len); +int device_new_from_nulstr(sd_device **ret, char *nulstr, size_t len); int device_new_from_strv(sd_device **ret, char **strv); int device_new_from_watch_handle_at(sd_device **ret, int dirfd, int wd); static inline int device_new_from_watch_handle(sd_device **ret, int wd) { @@ -46,7 +46,7 @@ uint64_t device_get_tags_generation(sd_device *device); uint64_t device_get_devlinks_generation(sd_device *device); int device_properties_prepare(sd_device *device); -int device_get_properties_nulstr(sd_device *device, const uint8_t **nulstr, size_t *len); +int device_get_properties_nulstr(sd_device *device, const char **nulstr, size_t *len); int device_get_properties_strv(sd_device *device, char ***strv); int device_rename(sd_device *device, const char *name); diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c index aaa16f740d6..4762fbcdf75 100644 --- a/src/libsystemd/sd-device/test-sd-device.c +++ b/src/libsystemd/sd-device/test-sd-device.c @@ -174,9 +174,8 @@ static void test_sd_device_new_from_nulstr(void) { "\0"; _cleanup_(sd_device_unrefp) sd_device *device = NULL, *from_nulstr = NULL; - _cleanup_free_ uint8_t *nulstr_copy = NULL; - const char *devlink; - const uint8_t *nulstr; + _cleanup_free_ char *nulstr_copy = NULL; + const char *devlink, *nulstr; size_t len; log_info("/* %s */", __func__); @@ -196,7 +195,7 @@ static void test_sd_device_new_from_nulstr(void) { assert_se(device_add_property_internal(device, "ACTION", "change") >= 0); assert_se(device_get_properties_nulstr(device, &nulstr, &len) >= 0); - assert_se(nulstr_copy = newdup(uint8_t, nulstr, len)); + assert_se(nulstr_copy = newdup(char, nulstr, len)); assert_se(device_new_from_nulstr(&from_nulstr, nulstr_copy, len) >= 0); NULSTR_FOREACH(devlink, devlinks) { From 665c2f340c2647b8199263bd9c8779b3f820c987 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 9 Jul 2022 04:13:49 +0900 Subject: [PATCH 444/703] sd-device: make device_get_properties_{nulstr,strv}() take NULL for result value In most cases, it is not necessary to call them without retrieving result. But, most of other getter functions for sd-device can take NULL. Let's follow the way for consistency. (cherry picked from commit 793ab3e9dd733d743e1d3825a26ff65384ac3cbb) (cherry picked from commit 925cff4a15022b3452eab289b8631675e0e755e8) --- src/libsystemd/sd-device/device-private.c | 16 ++++++++-------- src/libsystemd/sd-device/device-private.h | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c index abbf4b321ff..021c22de75a 100644 --- a/src/libsystemd/sd-device/device-private.c +++ b/src/libsystemd/sd-device/device-private.c @@ -553,34 +553,34 @@ static int device_update_properties_bufs(sd_device *device) { return 0; } -int device_get_properties_nulstr(sd_device *device, const char **nulstr, size_t *len) { +int device_get_properties_nulstr(sd_device *device, const char **ret_nulstr, size_t *ret_len) { int r; assert(device); - assert(nulstr); - assert(len); r = device_update_properties_bufs(device); if (r < 0) return r; - *nulstr = device->properties_nulstr; - *len = device->properties_nulstr_len; + if (ret_nulstr) + *ret_nulstr = device->properties_nulstr; + if (ret_len) + *ret_len = device->properties_nulstr_len; return 0; } -int device_get_properties_strv(sd_device *device, char ***strv) { +int device_get_properties_strv(sd_device *device, char ***ret) { int r; assert(device); - assert(strv); r = device_update_properties_bufs(device); if (r < 0) return r; - *strv = device->properties_strv; + if (ret) + *ret = device->properties_strv; return 0; } diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h index e04aa13ccc2..7d860c19367 100644 --- a/src/libsystemd/sd-device/device-private.h +++ b/src/libsystemd/sd-device/device-private.h @@ -46,8 +46,8 @@ uint64_t device_get_tags_generation(sd_device *device); uint64_t device_get_devlinks_generation(sd_device *device); int device_properties_prepare(sd_device *device); -int device_get_properties_nulstr(sd_device *device, const char **nulstr, size_t *len); -int device_get_properties_strv(sd_device *device, char ***strv); +int device_get_properties_nulstr(sd_device *device, const char **ret_nulstr, size_t *ret_len); +int device_get_properties_strv(sd_device *device, char ***ret); int device_rename(sd_device *device, const char *name); int device_shallow_clone(sd_device *old_device, sd_device **new_device); From bbcc9f2e5be9afdf3006447b899f5e9bf1fae0ae Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 24 Jun 2022 13:05:13 +0900 Subject: [PATCH 445/703] sd-device: send udev database version Otherwise, sd-device object received through sd-device-monitor does not show current tags. Fixes #23799. (cherry picked from commit 4bc4040bc0a57e8bdd811c53b0db7cd443315f33) (cherry picked from commit 7f801023432bd4857e3d9633747f5640769c52fa) --- src/libsystemd/sd-device/device-private.c | 13 +++++++++++++ src/libsystemd/sd-device/test-sd-device.c | 15 +++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c index 021c22de75a..91fec434f0e 100644 --- a/src/libsystemd/sd-device/device-private.c +++ b/src/libsystemd/sd-device/device-private.c @@ -349,6 +349,10 @@ static int device_amend(sd_device *device, const char *key, const char *value) { if (r < 0) return log_device_debug_errno(device, r, "sd-device: Failed to add tag '%s': %m", word); } + } else if (streq(key, "UDEV_DATABASE_VERSION")) { + r = safe_atou(value, &device->database_version); + if (r < 0) + return log_device_debug_errno(device, r, "sd-device: Failed to parse udev database version '%s': %m", value); } else { r = device_add_property_internal(device, key, value); if (r < 0) @@ -520,6 +524,15 @@ static int device_update_properties_bufs(sd_device *device) { if (!device->properties_buf_outdated) return 0; + /* append udev database version */ + buf_nulstr = newdup(char, "UDEV_DATABASE_VERSION=" STRINGIFY(LATEST_UDEV_DATABASE_VERSION) "\0", + STRLEN("UDEV_DATABASE_VERSION=" STRINGIFY(LATEST_UDEV_DATABASE_VERSION)) + 2); + if (!buf_nulstr) + return -ENOMEM; + + nulstr_len += STRLEN("UDEV_DATABASE_VERSION=" STRINGIFY(LATEST_UDEV_DATABASE_VERSION)) + 1; + num++; + FOREACH_DEVICE_PROPERTY(device, prop, val) { size_t len = 0; diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c index 4762fbcdf75..df9856921c8 100644 --- a/src/libsystemd/sd-device/test-sd-device.c +++ b/src/libsystemd/sd-device/test-sd-device.c @@ -190,6 +190,12 @@ static void test_sd_device_new_from_nulstr(void) { assert_se(set_contains(device->devlinks, devlink)); } + /* For issue #23799 */ + assert_se(device_add_tag(device, "tag1", false) >= 0); + assert_se(device_add_tag(device, "tag2", false) >= 0); + assert_se(device_add_tag(device, "current-tag1", true) >= 0); + assert_se(device_add_tag(device, "current-tag2", true) >= 0); + /* These properties are necessary for device_new_from_nulstr(). See device_verify(). */ assert_se(device_add_property_internal(device, "SEQNUM", "1") >= 0); assert_se(device_add_property_internal(device, "ACTION", "change") >= 0); @@ -198,6 +204,15 @@ static void test_sd_device_new_from_nulstr(void) { assert_se(nulstr_copy = newdup(char, nulstr, len)); assert_se(device_new_from_nulstr(&from_nulstr, nulstr_copy, len) >= 0); + assert_se(sd_device_has_tag(from_nulstr, "tag1") == 1); + assert_se(sd_device_has_tag(from_nulstr, "tag2") == 1); + assert_se(sd_device_has_tag(from_nulstr, "current-tag1") == 1); + assert_se(sd_device_has_tag(from_nulstr, "current-tag2") == 1); + assert_se(sd_device_has_current_tag(from_nulstr, "tag1") == 0); + assert_se(sd_device_has_current_tag(from_nulstr, "tag2") == 0); + assert_se(sd_device_has_current_tag(from_nulstr, "current-tag1") == 1); + assert_se(sd_device_has_current_tag(from_nulstr, "current-tag2") == 1); + NULSTR_FOREACH(devlink, devlinks) { log_device_info(from_nulstr, "checking devlink: %s", devlink); assert_se(set_contains(from_nulstr->devlinks, devlink)); From ca6ee4241a96f0aed7d9c61a58881d355c463c47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 13 Jul 2022 10:19:19 +0200 Subject: [PATCH 446/703] man: lift pam_systemd_homed description to Summary Also change the title to describe the module more comprehensively. Follow-up for 90bc309aa2c1430941f4c50f73e681ab3e488bd3. Suggested in https://bugzilla.redhat.com/show_bug.cgi?id=2085485#c5. (cherry picked from commit 9e6df034128936895df2d6348eefce61317ebcc2) (cherry picked from commit a4af8592c66900734d2561b2f6809baaefdbcce8) --- man/pam_systemd_home.xml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/man/pam_systemd_home.xml b/man/pam_systemd_home.xml index 93153b57aa0..9fa0e0a7e7c 100644 --- a/man/pam_systemd_home.xml +++ b/man/pam_systemd_home.xml @@ -17,8 +17,8 @@ pam_systemd_home - Automatically mount home directories managed by systemd-homed.service on - login, and unmount them on logout + Authenticate users and mount home directories via systemd-homed.service + @@ -31,7 +31,11 @@ pam_systemd_home ensures that home directories managed by systemd-homed.service8 are automatically activated (mounted) on user login, and are deactivated (unmounted) when the last - session of the user ends. + session of the user ends. For such users, it also provides authentication (when per-user disk encryption + is used, the disk encryption key is derived from the authentication credential supplied at login time), + account management (the JSON user record embedded in + the home store contains account details), and implements the updating of the encryption password (which + is also used for user authentication). @@ -93,13 +97,13 @@ Module Types Provided - The module implements all four PAM operations: (reason: when per-user - disk encryption is used, the disk encryption key is derived from the authentication credential supplied - at login time), (reason: systemd-homed.service account - validity may be configured in more detail than in the traditional Linux user database, and thus needs to - be verified separately), (user sessions must be tracked, in order to implement - automatic release when the last session of a managed user is gone), (user - passwords may be changed through PAM). + The module implements all four PAM operations: (reason: to allow + authentication using the encrypted data), (reason: users with + systemd-homed.service user accounts are described in a JSON user record and may be configured in more detail than + in the traditional Linux user database), (user sessions must be tracked in order + to implement automatic release when the last session of the user is gone), (to + change the encryption password — also used for user authentication — through PAM). From a6aa5b2f7262ba67acfddd6dfa304144639a9ca4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 14 Jul 2022 10:53:54 +0900 Subject: [PATCH 447/703] sd-bus: do not pass NULL when received message with invalid type Fixes #24003. (cherry picked from commit 3f0dbb0f0c4e3c0013fa5fe54441ca7f969555a7) (cherry picked from commit e56bfc8a417d1877c25b943b75cd73163246fbf2) --- src/libsystemd/sd-bus/sd-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index 59003437aa9..8f12be6d564 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -48,7 +48,7 @@ do { \ sd_bus_message *_mm = (m); \ log_debug("Got message type=%s sender=%s destination=%s path=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " signature=%s error-name=%s error-message=%s", \ - bus_message_type_to_string(_mm->header->type), \ + strna(bus_message_type_to_string(_mm->header->type)), \ strna(sd_bus_message_get_sender(_mm)), \ strna(sd_bus_message_get_destination(_mm)), \ strna(sd_bus_message_get_path(_mm)), \ From e39019fd1065c8e2eb078b72359c5e755b013493 Mon Sep 17 00:00:00 2001 From: undef Date: Thu, 14 Jul 2022 05:53:15 +0000 Subject: [PATCH 448/703] growfs: don't actually resize on dry-run This causes systemd-growfs to exit before resizing the partition when `--dry-run` is passed. Resizing during a dry run of a change breaks the users expectations. (cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0) (cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678) --- src/partition/growfs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/partition/growfs.c b/src/partition/growfs.c index af6a9ef600d..a1d23522c50 100644 --- a/src/partition/growfs.c +++ b/src/partition/growfs.c @@ -240,6 +240,10 @@ static int run(int argc, char *argv[]) { return log_error_errno(errno, "Failed to query size of \"%s\": %m", devpath); log_debug("Resizing \"%s\" to %"PRIu64" bytes...", arg_target, size); + + if (arg_dry_run) + return 0; + r = resize_fs(mountfd, size, &newsize); if (r < 0) return log_error_errno(r, "Failed to resize \"%s\" to %"PRIu64" bytes: %m", From 71e8f6de62fb43d0c779f51c9ee445cecec029fe Mon Sep 17 00:00:00 2001 From: undef Date: Thu, 14 Jul 2022 09:03:28 +0000 Subject: [PATCH 449/703] growfs: Expand FS even if underlying block expansion fails This allows growfs to expand the filesystem even when the underlying block device cannot be expanded. This has been useful for example on LUKS devices that have already been expanded using systemd-repart. This works around the following error: ``` root@mobian:/home/mobian# /usr/lib/systemd/systemd-growfs / crypt_resize() of /dev/block/179:2 failed: Operation not permitted ``` (cherry picked from commit e9a28b8ccd3352da3e0a75a18fc1185e52476a80) (cherry picked from commit 378e187ed49d28fed2adfb4848f89aa438854f28) --- src/partition/growfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/partition/growfs.c b/src/partition/growfs.c index a1d23522c50..ced54f14134 100644 --- a/src/partition/growfs.c +++ b/src/partition/growfs.c @@ -222,7 +222,7 @@ static int run(int argc, char *argv[]) { r = maybe_resize_underlying_device(arg_target, devno); if (r < 0) - return r; + log_warning_errno(r, "Unable to resize underlying device of \"%s\", proceeding anyway: %m", arg_target); mountfd = open(arg_target, O_RDONLY|O_CLOEXEC); if (mountfd < 0) From a77b81f1240ff7e0ea5d084d61875e1bdefc075d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 13 Jul 2022 23:43:36 +0200 Subject: [PATCH 450/703] stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call This new call can execute both of the old operations, but also do generic fstatat() like behaviour. (cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d) (cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b) --- src/basic/stat-util.c | 20 ++++++-------------- src/basic/stat-util.h | 9 +++++++-- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c index 728f6428374..db22f06d0ff 100644 --- a/src/basic/stat-util.c +++ b/src/basic/stat-util.c @@ -35,31 +35,23 @@ int is_symlink(const char *path) { return !!S_ISLNK(info.st_mode); } -int is_dir(const char* path, bool follow) { +int is_dir_full(int atfd, const char* path, bool follow) { struct stat st; int r; - assert(path); + assert(atfd >= 0 || atfd == AT_FDCWD); + assert(atfd >= 0 || path); - if (follow) - r = stat(path, &st); + if (path) + r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW); else - r = lstat(path, &st); + r = fstat(atfd, &st); if (r < 0) return -errno; return !!S_ISDIR(st.st_mode); } -int is_dir_fd(int fd) { - struct stat st; - - if (fstat(fd, &st) < 0) - return -errno; - - return !!S_ISDIR(st.st_mode); -} - int is_device_node(const char *path) { struct stat info; diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h index f7d2f12aa9d..40862ad3a21 100644 --- a/src/basic/stat-util.h +++ b/src/basic/stat-util.h @@ -13,8 +13,13 @@ #include "missing_stat.h" int is_symlink(const char *path); -int is_dir(const char *path, bool follow); -int is_dir_fd(int fd); +int is_dir_full(int atfd, const char *fname, bool follow); +static inline int is_dir(const char *path, bool follow) { + return is_dir_full(AT_FDCWD, path, follow); +} +static inline int is_dir_fd(int fd) { + return is_dir_full(fd, NULL, false); +} int is_device_node(const char *path); int dir_is_empty_at(int dir_fd, const char *path); From 8b674cf43f1ba8137da3a90c67826f13c865838c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 13 Jul 2022 23:44:45 +0200 Subject: [PATCH 451/703] tmpfiles: check the directory we were supposed to create, not its parent This current code checks the wrong directory. This was broken in 4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous code incorrectly. (cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe) (cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb) --- src/tmpfiles/tmpfiles.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index c3f349e4ccc..41ac11e29c0 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -1641,15 +1641,12 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub r = btrfs_is_subvol(empty_to_root(arg_root)) > 0; } if (!r) - /* Don't create a subvolume unless the root directory is - * one, too. We do this under the assumption that if the - * root directory is just a plain directory (i.e. very - * light-weight), we shouldn't try to split it up into - * subvolumes (i.e. more heavy-weight). Thus, chroot() - * environments and suchlike will get a full brtfs - * subvolume set up below their tree only if they - * specifically set up a btrfs subvolume for the root - * dir too. */ + /* Don't create a subvolume unless the root directory is one, too. We do this under + * the assumption that if the root directory is just a plain directory (i.e. very + * light-weight), we shouldn't try to split it up into subvolumes (i.e. more + * heavy-weight). Thus, chroot() environments and suchlike will get a full brtfs + * subvolume set up below their tree only if they specifically set up a btrfs + * subvolume for the root dir too. */ subvol = false; else { @@ -1669,7 +1666,7 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub if (!IN_SET(r, -EEXIST, -EROFS)) return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path); - k = is_dir_fd(pfd); + k = is_dir_full(pfd, basename(path), /* follow= */ false); if (k == -ENOENT && r == -EROFS) return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path); if (k < 0) From 296bd564cc9e5d521ecc938e472daf3eaa3a80f7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 13 Jul 2022 23:47:31 +0200 Subject: [PATCH 452/703] base-filesystem: pick more conservative access mode for /root/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's not allow anyone to look into /root/ if we create it via the base-filesystem logic. i.e. change 0755 → 0750 as default access mode for /root/, in case we create it if it happens to be missing. (cherry picked from commit 93cbc9ca12043a13a2a80087a00012e009216f13) (cherry picked from commit 64be8d8a345424021d837e922679816595d4b9ee) --- src/shared/base-filesystem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c index 5f5328c8cfa..102b2c4f5a2 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -31,7 +31,7 @@ typedef struct BaseFilesystem { static const BaseFilesystem table[] = { { "bin", 0, "usr/bin\0", NULL }, { "lib", 0, "usr/lib\0", NULL }, - { "root", 0755, NULL, NULL, true }, + { "root", 0750, NULL, NULL, true }, { "sbin", 0, "usr/sbin\0", NULL }, { "usr", 0755, NULL, NULL }, { "var", 0755, NULL, NULL }, From a791dc67f8b0ade319b773e7bd0f8191ebf03f66 Mon Sep 17 00:00:00 2001 From: Andre Kalb Date: Wed, 13 Jul 2022 23:56:50 +0200 Subject: [PATCH 453/703] man/network: ServerAddress= drop "literal" from IP address ranges (cherry picked from commit 1df6201882607666daec13d7f7c056e8366ef5aa) (cherry picked from commit 098d70f438661fee40dba45d8f00f2b6415e0d15) --- man/systemd.network.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index e0fe24d986f..b5103685ac0 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -2593,7 +2593,7 @@ Token=prefixstable:2002:da8:1:: ServerAddress= Specifies server address for the DHCP server. Takes an IPv4 address with prefix - length, for example 192.168.0.1/24. This setting may be useful when the link on + length, for example 192.168.0.1/24. This setting may be useful when the link on which the DHCP server is running has multiple static addresses. When unset, one of static addresses in the link will be automatically selected. Defaults to unset. From e655a7ac7bbaf349620676da6abd9c2eeca265f0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 14 Jul 2022 18:04:01 +0200 Subject: [PATCH 454/703] man: drop misplaced ',' (cherry picked from commit 3840b147818882a0d8e3ad5427c464796bb713f5) (cherry picked from commit 83203873ee90e943966b36e5d6b4506d2526fa46) --- man/systemd-sysctl.service.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd-sysctl.service.xml b/man/systemd-sysctl.service.xml index 751aa2b09e0..ea810846f19 100644 --- a/man/systemd-sysctl.service.xml +++ b/man/systemd-sysctl.service.xml @@ -122,7 +122,7 @@ kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t %P %I systemd1, sysctl.d5, - sysctl8, + sysctl8 From 7e7a6d60f4d229990c119e4a172f36553a1cb37b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 14 Jul 2022 18:50:52 +0200 Subject: [PATCH 455/703] man: explain why various resource limits don't make sense and should not be used. (cherry picked from commit 8c8889577238749007c9bc129635af7c608723df) (cherry picked from commit 724d52146abcdc02187d7cc2a12aec5e56300a9b) --- man/systemd.exec.xml | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 77eb2d9be5b..9efb5dafecc 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -792,13 +792,13 @@ CapabilityBoundingSet=~CAP_B CAP_C Set soft and hard limits on various resources for executed processes. See setrlimit2 for - details on the resource limit concept. Resource limits may be specified in two formats: either as - single value to set a specific soft and hard limit to the same value, or as colon-separated pair - to set both limits individually (e.g. LimitAS=4G:16G). - Use the string to configure no limit on a specific resource. The - multiplicative suffixes K, M, G, T, P and E (to the base 1024) may be used for resource limits - measured in bytes (e.g. LimitAS=16G). For the limits referring to time values, the - usual time units ms, s, min, h and so on may be used (see + details on the process resource limit concept. Process resource limits may be specified in two formats: + either as single value to set a specific soft and hard limit to the same value, or as colon-separated + pair to set both limits individually + (e.g. LimitAS=4G:16G). Use the string to configure no + limit on a specific resource. The multiplicative suffixes K, M, G, T, P and E (to the base 1024) may + be used for resource limits measured in bytes (e.g. LimitAS=16G). For the limits + referring to time values, the usual time units ms, s, min, h and so on may be used (see systemd.time7 for details). Note that if no time unit is specified for LimitCPU= the default unit of seconds is implied, while for LimitRTTIME= the default unit of microseconds is @@ -840,15 +840,17 @@ CapabilityBoundingSet=~CAP_B CAP_C Resource limit directives, their equivalent <command>ulimit</command> shell commands and the unit used - + + Directive ulimit equivalent Unit + Notes @@ -856,81 +858,97 @@ CapabilityBoundingSet=~CAP_B CAP_CLimitCPU=ulimit -tSeconds + - LimitFSIZE= ulimit -f Bytes + - LimitDATA= ulimit -d Bytes + Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. LimitSTACK= ulimit -s Bytes + - LimitCORE= ulimit -c Bytes + - LimitRSS= ulimit -m Bytes + Don't use. No effect on Linux. LimitNOFILE= ulimit -n Number of File Descriptors + Don't use. Be careful when raising the soft limit above 1024, since select() cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use select(). Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use MemoryMax= to control overall service memory use, including file descriptor memory. LimitAS= ulimit -v Bytes + Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see MemoryMax= in systemd.resource-control5. LimitNPROC= ulimit -u Number of Processes + This limit is enforced based on the number of processes belonging to the user. Typically it's better to track processes per service, i.e. use TasksMax=, see systemd.resource-control5. LimitMEMLOCK= ulimit -l Bytes + - LimitLOCKS= ulimit -x Number of Locks + - LimitSIGPENDING= ulimit -i Number of Queued Signals + - LimitMSGQUEUE= ulimit -q Bytes + - LimitNICE= ulimit -e Nice Level + - LimitRTPRIO= ulimit -r Realtime Priority + - LimitRTTIME= - No equivalent + ulimit -R Microseconds + - From 3e1224d4ac3f44558c7bc3ceec2d6080afe21dc3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 15 Jul 2022 01:49:25 +0200 Subject: [PATCH 456/703] coredump: Connect stdout/stderr to /dev/null before doing anything When invoked as the coredump handler by the kernel, systemd-coredump's stdout and stderr streams are closed. This is dangerous as this means the fd's can get reallocated, leading to hard to debug errors such as log messages ending up being appended to a compressed coredump file. To avoid such issues in the future, let's bind stdout/stderr to /dev/null so the file descriptors can't get used for anything else. (cherry picked from commit 1f9d2a8199c261593aa6a11df9cce5d31e23c714) (cherry picked from commit fba50bc0fc5a69e5573ceadb5d6224f365d3c3f5) --- src/coredump/coredump.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index deb3edbb85a..eaea63f6824 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -1269,6 +1269,13 @@ static int process_kernel(int argc, char* argv[]) { struct iovec_wrapper *iovw; int r; + /* When we're invoked by the kernel, stdout/stderr are closed which is dangerous because the fds + * could get reallocated. To avoid hard to debug issues, let's instead bind stdout/stderr to + * /dev/null. */ + r = rearrange_stdio(STDIN_FILENO, -1, -1); + if (r < 0) + return log_error_errno(r, "Failed to connect stdout/stderr to /dev/null: %m"); + log_debug("Processing coredump received from the kernel..."); iovw = iovw_new(); From d8464304f03e6644bfc6ed42e13fb3a460b9ff60 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 15 Jul 2022 11:02:40 +0200 Subject: [PATCH 457/703] cgroups-agent: connect stdin/stdout/stderr to /dev/null Inspired by https://github.com/systemd/systemd/pull/24024 this is another user mode helper, where this might be an issue. hence let's rather be safe than sorry, and also connect stdin/stdout/stderr explicitly with /dev/null. (cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf) (cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde) --- src/cgroups-agent/cgroups-agent.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c index 071cba30996..91267362351 100644 --- a/src/cgroups-agent/cgroups-agent.c +++ b/src/cgroups-agent/cgroups-agent.c @@ -16,6 +16,13 @@ int main(int argc, char *argv[]) { _cleanup_close_ int fd = -1; ssize_t n; size_t l; + int r; + + r = rearrange_stdio(-1, -1, -1); + if (r < 0) { + log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m"); + return EXIT_FAILURE; + } if (argc != 2) { log_error("Incorrect number of arguments."); From 217b3e012b22a7cf9ab9000db5c8ccfda1103784 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= Date: Tue, 12 Jul 2022 13:57:32 +0200 Subject: [PATCH 458/703] core: drop ambient capabilities in user manager Ambient capabilities should not be passed implicitly to user services. Dropping them does not affect the permitted and effective sets which are important for the manager itself to operate. (cherry picked from commit 963b6b906e5666876f5c90b47600b13ae94d5e4c) (cherry picked from commit c88309d5cd69d9997cfb74a77e340783a7ac63a9) --- src/core/main.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core/main.c b/src/core/main.c index 57aedb9b93b..8a83b96fcfc 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -2875,6 +2875,11 @@ int main(int argc, char *argv[]) { /* clear the kernel timestamp, because we are not PID 1 */ kernel_timestamp = DUAL_TIMESTAMP_NULL; + /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does + * not affect the permitted and effective sets which are important for the manager itself to + * operate. */ + capability_ambient_set_apply(0, /* also_inherit= */ false); + if (mac_selinux_init() < 0) { error_message = "Failed to initialize SELinux support"; goto finish; From c93fb9a57ebfde6312293651743cd364c01ee677 Mon Sep 17 00:00:00 2001 From: lastkrick Date: Fri, 15 Jul 2022 18:45:56 +0300 Subject: [PATCH 459/703] man: fix typo in systemd.network documentation in IPv6RoutePrefix section (#24030) (cherry picked from commit 69a7d108327fa5d4b4e8e913441e924b2187cd78) (cherry picked from commit 7632ff4cccb03893800d36bbf1966f8c20829c9f) --- man/systemd.network.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index b5103685ac0..e5e87353381 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -2973,7 +2973,7 @@ Token=prefixstable:2002:da8:1:: The IPv6 route that is to be distributed to hosts. Similarly to configuring static IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length, - separated by a / character. Use multiple [IPv6PrefixRoutes] sections to configure + separated by a / character. Use multiple [IPv6RoutePrefix] sections to configure multiple IPv6 prefix routes. From c4c647fdb9d16d2bf879d90f06569806e093c846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 13 Jul 2022 15:02:39 +0200 Subject: [PATCH 460/703] man: fix formatting of "BARRIER=1" Whitespace inside of the field was propagated to the displayed form, causing strange indentation. (cherry picked from commit 9cfc294fe0e2637d96f8e5c29143c10e2173daa3) (cherry picked from commit b7c5530a1f6874650628cc4771cb99ae353c2495) --- man/sd_notify.xml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/man/sd_notify.xml b/man/sd_notify.xml index 4a0a7b34dc6..31388b9c3da 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -272,13 +272,14 @@ BARRIER=1 - Tells the service manager that the client is explicitly requesting synchronization by means of - closing the file descriptor sent with this command. The service manager guarantees that the processing of a - BARRIER=1 command will only happen after all previous notification messages sent before this command - have been processed. Hence, this command accompanied with a single file descriptor can be used to synchronize - against reception of all previous status messages. Note that this command cannot be mixed with other notifications, - and has to be sent in a separate message to the service manager, otherwise all assignments will be ignored. Note that - sending 0 or more than 1 file descriptor with this command is a violation of the protocol. + Tells the service manager that the client is explicitly requesting synchronization by + means of closing the file descriptor sent with this command. The service manager guarantees that the + processing of a BARRIER=1 command will only happen after all previous notification + messages sent before this command have been processed. Hence, this command accompanied with a single + file descriptor can be used to synchronize against reception of all previous status messages. Note + that this command cannot be mixed with other notifications, and has to be sent in a separate message + to the service manager, otherwise all assignments will be ignored. Note that sending 0 or more than 1 + file descriptor with this command is a violation of the protocol. @@ -341,7 +342,7 @@ sd_notify_barrier() allows the caller to synchronize against reception of previously sent notification messages - and uses the BARRIER=1 command. It takes a relative + and uses the BARRIER=1 command. It takes a relative timeout value in microseconds which is passed to ppoll2 . A value of UINT64_MAX is interpreted as infinite timeout. From 32848f4559a8202864046c9f3ab0b79ab09c1147 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Fri, 15 Jul 2022 21:19:42 +0200 Subject: [PATCH 461/703] core: drop a stray %m specifier from a warning message since in this specific case (r == 0) `errno` is irrelevant and most likely set to zero, leading up to a confusing message: ``` [ 120.595085] H systemd[1]: session-5.scope: No PIDs left to attach to the scope's control group, refusing: Success [ 120.595144] H systemd[1]: session-5.scope: Failed with result 'resources'. ``` (cherry picked from commit e99b9285cb289115a64d775c768e6e831e39f12e) (cherry picked from commit 5c822e33c90bd7f15c44e7375fd0c83ccec54918) --- src/core/scope.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/scope.c b/src/core/scope.c index 63d3288caf1..080bb713560 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -392,7 +392,7 @@ static int scope_start(Unit *u) { return r; } if (r == 0) { - log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing: %m"); + log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing."); scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); return -ECHILD; } From 919b10b361f3752bb016f04102b26c97377f9f13 Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Fri, 15 Jul 2022 18:53:43 -0700 Subject: [PATCH 462/703] man: fix grammatical error in --cursor-file description Just a minor cleanup to fix unparseable wording (cherry picked from commit 729d2df8065ac90ac606e1fff91dc2d588b2795d) (cherry picked from commit 110d49d15138ff6de17c7d964cd20ac124697c3e) --- man/journalctl.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 424acc9f163..e226663a51f 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -650,7 +650,7 @@ If FILE exists and contains a cursor, start showing entries after this location. - Otherwise the show entries according the other given options. At the end, + Otherwise show entries according to the other given options. At the end, write the cursor of the last entry to FILE. Use this option to continually read the journal by sequentially calling journalctl. From 1dbe819311d6fd4bde15f71cc8c4003664c13a66 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Sat, 16 Jul 2022 13:23:46 +0200 Subject: [PATCH 463/703] systemctl: include upheld units in dependencies Fixes: #22706 (cherry picked from commit cbc2593eeaf35a42881319d7fa50b12fc5584bf9) (cherry picked from commit 8e466d902d56b7a815abc81536a71b92690d8c51) --- src/systemctl/systemctl-util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c index ae02af280e8..25da6e7b5cc 100644 --- a/src/systemctl/systemctl-util.c +++ b/src/systemctl/systemctl-util.c @@ -710,13 +710,14 @@ int maybe_extend_with_unit_dependencies(sd_bus *bus, char ***list) { int unit_get_dependencies(sd_bus *bus, const char *name, char ***ret) { _cleanup_strv_free_ char **deps = NULL; - static const struct bus_properties_map map[_DEPENDENCY_MAX][6] = { + static const struct bus_properties_map map[_DEPENDENCY_MAX][7] = { [DEPENDENCY_FORWARD] = { { "Requires", "as", NULL, 0 }, { "Requisite", "as", NULL, 0 }, { "Wants", "as", NULL, 0 }, { "ConsistsOf", "as", NULL, 0 }, { "BindsTo", "as", NULL, 0 }, + { "Upholds", "as", NULL, 0 }, {} }, [DEPENDENCY_REVERSE] = { @@ -725,6 +726,7 @@ int unit_get_dependencies(sd_bus *bus, const char *name, char ***ret) { { "WantedBy", "as", NULL, 0 }, { "PartOf", "as", NULL, 0 }, { "BoundBy", "as", NULL, 0 }, + { "UpheldBy", "as", NULL, 0 }, {} }, [DEPENDENCY_AFTER] = { From 44725ecccd24b2e016a539e6c1a32cc9d3d12bf1 Mon Sep 17 00:00:00 2001 From: Richard Huang Date: Sun, 17 Jul 2022 20:28:33 -0700 Subject: [PATCH 464/703] Update sleep.conf HibernateDelaySec default to match implementation (cherry picked from commit 5f2b4f9cb9555f3beb582e95624418a8277128e9) (cherry picked from commit 9f3ed4f5ccccd1ab36e099b548a71c5518cd28ba) --- src/sleep/sleep.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sleep/sleep.conf b/src/sleep/sleep.conf index 174f5ea3e8b..a3d31140d8b 100644 --- a/src/sleep/sleep.conf +++ b/src/sleep/sleep.conf @@ -23,4 +23,4 @@ #HibernateState=disk #HybridSleepMode=suspend platform shutdown #HybridSleepState=disk -#HibernateDelaySec=180min +#HibernateDelaySec=120min From aa97e014fa84abbfd9366826f73cd44c4f2caeb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 22 Jul 2022 11:45:12 +0200 Subject: [PATCH 465/703] manager: limit access to private dbus socket For the system manager, /run/systemd/private is publicly accessible, because /run/systemd is 0755, and /run/systemd/private is 0777. For the user manager, /run/user/ is 0700, and /run/user//systemd/private is 0777. This does not directly cause any security issue because we check the sender in bus_check_peercred (ucred.uid != 0 && ucred.uid != geteuid()). But it makes sense to limit access to the socket to avoid wasting time in PID1. Somebody could send messages there that'd we'd reject anyway. It also makes things more explicit. (cherry picked from commit df1cbd1adf26071aab41d96e054452a3d66103a4) (cherry picked from commit dc3333bcc992003607582e4a05ca8699ee9317aa) --- src/core/dbus.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/dbus.c b/src/core/dbus.c index 2c5bda58f98..857a8cf86e1 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -42,6 +42,7 @@ #include "string-util.h" #include "strv.h" #include "strxcpyx.h" +#include "umask-util.h" #include "user-util.h" #define CONNECTIONS_MAX 4096 @@ -946,7 +947,8 @@ int bus_init_private(Manager *m) { if (fd < 0) return log_error_errno(errno, "Failed to allocate private socket: %m"); - r = bind(fd, &sa.sa, sa_len); + RUN_WITH_UMASK(0077) + r = bind(fd, &sa.sa, sa_len); if (r < 0) return log_error_errno(errno, "Failed to bind private socket: %m"); From 0e7214c8b5c95bc378ad6b9353e944ec0fba4e21 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 23 Jul 2022 12:48:35 +0900 Subject: [PATCH 466/703] unit-file: avoid (null) in debugging logs The variable `inst` was set to NULL by TAKE_PTR(). This fixes the following log message: ``` systemd[1]: Unit getty@tty2.service has alias (null). ``` (cherry picked from commit 7c35b78a0b96085e3d634542212c5521bc2a2f21) (cherry picked from commit 9ac0ad80fe97c22ec3dc4670e859abaae9a1f8bf) --- src/basic/unit-file.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c index faea92f66dd..455bc45f8b1 100644 --- a/src/basic/unit-file.c +++ b/src/basic/unit-file.c @@ -592,12 +592,9 @@ static int add_names( continue; } - r = set_consume(*names, TAKE_PTR(inst)); - if (r > 0) - log_debug("Unit %s has alias %s.", unit_name, inst); + r = add_name(unit_name, names, inst); } else r = add_name(unit_name, names, *alias); - if (r < 0) return r; } From 998b08ec5fb49695edd896b289c2e2a01342f273 Mon Sep 17 00:00:00 2001 From: Rudi Heitbaum Date: Sat, 23 Jul 2022 10:38:49 +0000 Subject: [PATCH 467/703] glibc: Remove #include to resolve fsconfig_command/mount_attr conflict with glibc 2.36 (cherry picked from commit 3657d3a01c7e25ff86d7a4642065b367c4ff7484) (cherry picked from commit 8fe0c121787efe16c2a7a0f27a3d9862d0a12c81) --- meson.build | 13 ++++++++++++- src/core/namespace.c | 2 ++ src/shared/mount-util.c | 2 ++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index b3e16b9fca5..64152310ab3 100644 --- a/meson.build +++ b/meson.build @@ -482,7 +482,6 @@ decl_headers = ''' #include #include #include -#include ''' foreach decl : ['char16_t', @@ -494,6 +493,17 @@ foreach decl : ['char16_t', # We get -1 if the size cannot be determined have = cc.sizeof(decl, prefix : decl_headers, args : '-D_GNU_SOURCE') > 0 + if decl == 'struct mount_attr' + if have + want_linux_fs_h = false + else + have = cc.sizeof(decl, + prefix : decl_headers + '#include ', + args : '-D_GNU_SOURCE') > 0 + want_linux_fs_h = have + endif + endif + if decl == 'struct statx' if have want_linux_stat_h = false @@ -509,6 +519,7 @@ foreach decl : ['char16_t', endforeach conf.set10('WANT_LINUX_STAT_H', want_linux_stat_h) +conf.set10('WANT_LINUX_FS_H', want_linux_fs_h) foreach ident : ['secure_getenv', '__secure_getenv'] conf.set10('HAVE_' + ident.to_upper(), cc.has_function(ident)) diff --git a/src/core/namespace.c b/src/core/namespace.c index 6a9a032e0da..2d7ea878cf6 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -7,7 +7,9 @@ #include #include #include +#if WANT_LINUX_FS_H #include +#endif #include "alloc-util.h" #include "base-filesystem.h" diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index fd6a5c09b5b..af7b7bf52c8 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -7,7 +7,9 @@ #include #include #include +#if WANT_LINUX_FS_H #include +#endif #include "alloc-util.h" #include "chase-symlinks.h" From 8ead3d8e0789d2656e7982fbb14610d11e950549 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 13 Jul 2022 11:08:09 +0900 Subject: [PATCH 468/703] udev: downgrade error level and mention that the error is ignored (cherry picked from commit 6e40ed53257604f81b14ddefadf5a782dc8ad279) (cherry picked from commit a9dd0f6fc962e9cf00bfd98b056928fc956f78b7) --- src/udev/udevd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 8380d674c50..6a3a7f69542 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -1865,7 +1865,7 @@ static int main_loop(Manager *manager) { r = udev_rules_apply_static_dev_perms(manager->rules); if (r < 0) - log_error_errno(r, "Failed to apply permissions on static device nodes: %m"); + log_warning_errno(r, "Failed to apply permissions on static device nodes, ignoring: %m"); notify_ready(); From 81bc16ab7c3167036e51f1f3efefcc64e9324081 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 25 Jul 2022 11:31:05 +0200 Subject: [PATCH 469/703] localed: don't fail if we cannot copy an xattr We ignore xattr copy failures on all other cases, and we should do so here too. Fixes: #24106 (cherry picked from commit d3efe29452aeddc395865469b776fe7a1eb45eae) (cherry picked from commit 200cbc299bddd6f0c896167be8a8be6475d76f20) --- src/locale/keymap-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c index 10d2ed7aece..eaa1c6f0d28 100644 --- a/src/locale/keymap-util.c +++ b/src/locale/keymap-util.c @@ -848,7 +848,7 @@ int locale_gen_enable_locale(const char *locale) { return r; r = copy_xattr(fileno(fr), fileno(fw), COPY_ALL_XATTRS); if (r < 0) - return r; + log_debug_errno(r, "Failed to copy all xattrs from old to new /etc/locale.gen file, ignoring: %m"); } if (!write_new) { From ed66376b0566bbf3cda1f418ec6b5157d122cd32 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 26 Jul 2022 19:31:31 +0900 Subject: [PATCH 470/703] homed: fix dbus node enumerator Fixes #24114. (cherry picked from commit 52023622d2f8312887fcf72ca29bab4ad42c8eb7) (cherry picked from commit 834632a4775e72d361a493979fd038f48163f65c) --- src/home/homed-home-bus.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c index b39ca3262c7..4663792e5c3 100644 --- a/src/home/homed-home-bus.c +++ b/src/home/homed-home-bus.c @@ -771,6 +771,8 @@ static int bus_home_node_enumerator( r = bus_home_path(h, l + k); if (r < 0) return r; + + k++; } *nodes = TAKE_PTR(l); From f0f5e74b2b05455309bffc973777bef860e17ae8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 26 Jul 2022 20:03:12 +0900 Subject: [PATCH 471/703] home: drop conflicted headers Fixes #24117. (cherry picked from commit 0a58cd00454cc7b57b04f3a4a334584d743d7f7a) (cherry picked from commit 739d7130cb7cfc67e79bd2dbf13856b6a2fc666d) --- src/basic/missing_fs.h | 5 +++++ src/home/homework-cifs.c | 5 +++++ src/home/homework-luks.c | 1 - src/home/homework-mount.c | 2 ++ src/home/homework.h | 3 ++- 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/basic/missing_fs.h b/src/basic/missing_fs.h index cc43d7c277a..7e390ba909b 100644 --- a/src/basic/missing_fs.h +++ b/src/basic/missing_fs.h @@ -60,3 +60,8 @@ #ifndef FS_PROJINHERIT_FL #define FS_PROJINHERIT_FL 0x20000000 #endif + +/* linux/fscrypt.h */ +#ifndef FS_KEY_DESCRIPTOR_SIZE +#define FS_KEY_DESCRIPTOR_SIZE 8 +#endif diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c index ed06d1f221d..383f09c66a4 100644 --- a/src/home/homework-cifs.c +++ b/src/home/homework-cifs.c @@ -1,5 +1,10 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include +#if WANT_LINUX_FS_H +#include +#endif + #include "dirent-util.h" #include "fd-util.h" #include "fileio.h" diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 80632063589..f606c92f9c7 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -4,7 +4,6 @@ #include #include #include -#include #include #if HAVE_VALGRIND_MEMCHECK_H diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c index 0b028dad376..82d54213de9 100644 --- a/src/home/homework-mount.c +++ b/src/home/homework-mount.c @@ -2,7 +2,9 @@ #include #include +#if WANT_LINUX_FS_H #include +#endif #include "alloc-util.h" #include "fd-util.h" diff --git a/src/home/homework.h b/src/home/homework.h index 882a3f500b3..b27c31d56ba 100644 --- a/src/home/homework.h +++ b/src/home/homework.h @@ -1,13 +1,14 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include #include #include "sd-id128.h" +#include "cryptsetup-util.h" #include "homework-password-cache.h" #include "loop-util.h" +#include "missing_fs.h" /* for FS_KEY_DESCRIPTOR_SIZE, do not include linux/fs.h */ #include "missing_keyctl.h" #include "missing_syscall.h" #include "user-record.h" From f26f99510882b6df75c09674f5a2cb616bc27d1b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 26 Jul 2022 23:15:01 +0900 Subject: [PATCH 472/703] Revert "core/mount: fail early if directory cannot be created" This reverts commit e4de58c8231e47509ffeb3aa47620ca42f22d7f6. If mkdir() fails and the path does exist, then the later mount command fails anyway. Hence, it is not necessary to fail here. Fixes #24120. (cherry picked from commit e5e6b7c225987551ebda14d2d7feadb66a64fb3c) (cherry picked from commit b1e494d64ded9b1f4927d41d0165420bf1def996) --- src/core/mount.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/core/mount.c b/src/core/mount.c index c650b5abe2f..0170406351a 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -1027,10 +1027,8 @@ static void mount_enter_mounting(Mount *m) { r = mkdir_p_label(p->what, m->directory_mode); /* mkdir_p_label() can return -EEXIST if the target path exists and is not a directory - which is * totally OK, in case the user wants us to overmount a non-directory inode. */ - if (r < 0 && r != -EEXIST) { + if (r < 0 && r != -EEXIST) log_unit_error_errno(UNIT(m), r, "Failed to make bind mount source '%s': %m", p->what); - goto fail; - } } if (p) { From 40cdad350601c374a2646759eba5f8d77973604e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 26 Jul 2022 23:23:01 +0900 Subject: [PATCH 473/703] core/mount: downgrade log level about several mkdir failures (cherry picked from commit 574febda6b0e00aae164b18b70aa80744d950500) (cherry picked from commit 9f8b7ee55a38ac94fe88e396772efeda8a020693) --- src/core/mount.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/core/mount.c b/src/core/mount.c index 0170406351a..fd0c9ab0cdb 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -1026,9 +1026,13 @@ static void mount_enter_mounting(Mount *m) { if (p && mount_is_bind(p)) { r = mkdir_p_label(p->what, m->directory_mode); /* mkdir_p_label() can return -EEXIST if the target path exists and is not a directory - which is - * totally OK, in case the user wants us to overmount a non-directory inode. */ + * totally OK, in case the user wants us to overmount a non-directory inode. Also -EROFS can be + * returned on read-only filesystem. Moreover, -EACCES (and also maybe -EPERM?) may be returned + * when the path is on NFS. See issue #24120. All such errors will be logged in the debug level. */ if (r < 0 && r != -EEXIST) - log_unit_error_errno(UNIT(m), r, "Failed to make bind mount source '%s': %m", p->what); + log_unit_full_errno(UNIT(m), + (r == -EROFS || ERRNO_IS_PRIVILEGE(r)) ? LOG_DEBUG : LOG_WARNING, + r, "Failed to make bind mount source '%s', ignoring: %m", p->what); } if (p) { From 74c33f69bb205e28788edb91d875f8849dc571e0 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 26 Jul 2022 17:41:51 +0100 Subject: [PATCH 474/703] portable: set PrivateTmp=yes in trusted profile too When running on images you don't want to modify the /tmp directory even if it's writable, and often it will just be read-only. Set PrivateTmp=yes. Fixes https://github.com/systemd/systemd/issues/23592 (cherry picked from commit f2d26cd89b195e53f184387f1a5b97a98512c82a) (cherry picked from commit 6e111d2811b12e67879e66fc9fdf39cc96977681) --- src/portable/profile/trusted/service.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/portable/profile/trusted/service.conf b/src/portable/profile/trusted/service.conf index 9a6af70b939..04deeb2262e 100644 --- a/src/portable/profile/trusted/service.conf +++ b/src/portable/profile/trusted/service.conf @@ -1,7 +1,8 @@ -# The "trusted" profile for services, i.e. no restrictions are applied +# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp [Service] MountAPIVFS=yes +PrivateTmp=yes BindPaths=/run BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/etc/resolv.conf From dc3faeed0525bf0740e3221591ddb1e74482384e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 1 Jul 2022 14:46:20 +0900 Subject: [PATCH 475/703] resolve: mdns: fix use-after-free Fixes #23843 and #23873. (cherry picked from commit d50a58e7252b763043485aa79a61094bfae9d7ff) (cherry picked from commit e832a277ead1b1a4ec0d4757d24c44dfee8889e2) --- src/resolve/resolved-mdns.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c index 0d19d084556..24241249b1e 100644 --- a/src/resolve/resolved-mdns.c +++ b/src/resolve/resolved-mdns.c @@ -400,12 +400,28 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us } } - LIST_FOREACH(transactions_by_scope, t, scope->transactions) { - r = dns_answer_match_key(p->answer, t->key, NULL); - if (r < 0) - log_debug_errno(r, "Failed to match resource key, ignoring: %m"); - else if (r > 0) /* This packet matches the transaction, let's pass it on as reply */ + for (bool match = true; match;) { + match = false; + LIST_FOREACH(transactions_by_scope, t, scope->transactions) { + if (t->state != DNS_TRANSACTION_PENDING) + continue; + + r = dns_answer_match_key(p->answer, dns_transaction_key(t), NULL); + if (r <= 0) { + if (r < 0) + log_debug_errno(r, "Failed to match resource key, ignoring: %m"); + continue; + } + + /* This packet matches the transaction, let's pass it on as reply */ dns_transaction_process_reply(t, p, false); + + /* The dns_transaction_process_reply() -> dns_transaction_complete() -> + * dns_query_candidate_stop() may free multiple transactions. Hence, restart + * the loop. */ + match = true; + break; + } } dns_cache_put(&scope->cache, scope->manager->enable_cache, NULL, DNS_PACKET_RCODE(p), p->answer, NULL, false, _DNSSEC_RESULT_INVALID, UINT32_MAX, p->family, &p->sender); From 324bacfe9a5d7b2959149cae895be9fc080147f5 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Jul 2022 05:34:25 +0900 Subject: [PATCH 476/703] resolve: drop unnecessary else, and add short comment (cherry picked from commit 4b2ceb8a48c3aeef4147e335b5f31bc2ed4aa6fb) (cherry picked from commit a1edebfde068a07179817259db270763067ebcd3) --- src/resolve/resolved-dns-transaction.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 8256aa32260..46ad9d5af08 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -1575,11 +1575,12 @@ static usec_t transaction_get_resend_timeout(DnsTransaction *t) { return DNS_TIMEOUT_USEC; case DNS_PROTOCOL_MDNS: - assert(t->n_attempts > 0); if (t->probing) return MDNS_PROBING_INTERVAL_USEC; - else - return (1 << (t->n_attempts - 1)) * USEC_PER_SEC; + + /* See RFC 6762 Section 5.1 suggests that timeout should be a few seconds. */ + assert(t->n_attempts > 0); + return (1 << (t->n_attempts - 1)) * USEC_PER_SEC; case DNS_PROTOCOL_LLMNR: return t->scope->resend_timeout; From 23d0a99497db407db56a37f823cb03282348871c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Jul 2022 05:36:20 +0900 Subject: [PATCH 477/703] resolve: fix misuse of accuracy parameter in sd_event_add_time() Also, this makes mDNS regular queries sent without delay (except for one caused by the default accuracy of sd-event). Note, RFC 6762 Section 5.2 is about continuous mDNS query, which is not implemented yet. (cherry picked from commit 765647ba805727e93ac8607e38c7b60da2aab2dd) (cherry picked from commit 41810cb16653058c529d123412ed78064406b34e) --- src/resolve/resolved-dns-scope.c | 10 +++------- src/resolve/resolved-dns-transaction.c | 17 ++++++++++------- src/resolve/resolved-dns-transaction.h | 4 ---- 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index ab40d692ae9..9d800f8ee61 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -1212,7 +1212,6 @@ static int on_conflict_dispatch(sd_event_source *es, usec_t usec, void *userdata } int dns_scope_notify_conflict(DnsScope *scope, DnsResourceRecord *rr) { - usec_t jitter; int r; assert(scope); @@ -1241,15 +1240,12 @@ int dns_scope_notify_conflict(DnsScope *scope, DnsResourceRecord *rr) { if (scope->conflict_event_source) return 0; - random_bytes(&jitter, sizeof(jitter)); - jitter %= LLMNR_JITTER_INTERVAL_USEC; - r = sd_event_add_time_relative( scope->manager->event, &scope->conflict_event_source, clock_boottime_or_monotonic(), - jitter, - LLMNR_JITTER_INTERVAL_USEC, + random_u64_range(LLMNR_JITTER_INTERVAL_USEC), + 0, on_conflict_dispatch, scope); if (r < 0) return log_debug_errno(r, "Failed to add conflict dispatch event: %m"); @@ -1516,7 +1512,7 @@ int dns_scope_announce(DnsScope *scope, bool goodbye) { &scope->announce_event_source, clock_boottime_or_monotonic(), MDNS_ANNOUNCE_DELAY, - MDNS_JITTER_RANGE_USEC, + 0, on_announcement_timeout, scope); if (r < 0) return log_debug_errno(r, "Failed to schedule second announcement: %m"); diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 46ad9d5af08..496bc2f1557 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -1959,10 +1959,12 @@ int dns_transaction_go(DnsTransaction *t) { if (!t->initial_jitter_scheduled && IN_SET(t->scope->protocol, DNS_PROTOCOL_LLMNR, DNS_PROTOCOL_MDNS)) { - usec_t jitter, accuracy; + usec_t jitter; - /* RFC 4795 Section 2.7 suggests all queries should be delayed by a random time from 0 to - * JITTER_INTERVAL. */ + /* RFC 4795 Section 2.7 suggests all LLMNR queries should be delayed by a random time from 0 to + * JITTER_INTERVAL. + * RFC 6762 Section 8.1 suggests initial probe queries should be delayed by a random time from + * 0 to 250ms. */ t->initial_jitter_scheduled = true; @@ -1970,12 +1972,13 @@ int dns_transaction_go(DnsTransaction *t) { case DNS_PROTOCOL_LLMNR: jitter = random_u64_range(LLMNR_JITTER_INTERVAL_USEC); - accuracy = LLMNR_JITTER_INTERVAL_USEC; break; case DNS_PROTOCOL_MDNS: - jitter = usec_add(random_u64_range(MDNS_JITTER_RANGE_USEC), MDNS_JITTER_MIN_USEC); - accuracy = MDNS_JITTER_RANGE_USEC; + if (t->probing) + jitter = random_u64_range(MDNS_PROBING_INTERVAL_USEC); + else + jitter = 0; break; default: assert_not_reached(); @@ -1987,7 +1990,7 @@ int dns_transaction_go(DnsTransaction *t) { t->scope->manager->event, &t->timeout_event_source, clock_boottime_or_monotonic(), - jitter, accuracy, + jitter, 0, on_transaction_timeout, t); if (r < 0) return r; diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h index 498cabb7e50..ab86f0f01f5 100644 --- a/src/resolve/resolved-dns-transaction.h +++ b/src/resolve/resolved-dns-transaction.h @@ -201,10 +201,6 @@ DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_; /* LLMNR Jitter interval, see RFC 4795 Section 7 */ #define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC) -/* mDNS Jitter interval, see RFC 6762 Section 5.2 */ -#define MDNS_JITTER_MIN_USEC (20 * USEC_PER_MSEC) -#define MDNS_JITTER_RANGE_USEC (100 * USEC_PER_MSEC) - /* mDNS probing interval, see RFC 6762 Section 8.1 */ #define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC) From 30d24c8df600545d1878a868bcd409e65479af77 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Jul 2022 11:23:33 +0900 Subject: [PATCH 478/703] resolve: mdns_packet_extract_matching_rrs() may return 0 Fixes the following assertion: --- Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting. --- (cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad) (cherry picked from commit 0070302b3cdc1350bf7bfd5d032dbea420f4ed40) --- src/resolve/resolved-mdns.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c index 24241249b1e..8c8ee81da1c 100644 --- a/src/resolve/resolved-mdns.c +++ b/src/resolve/resolved-mdns.c @@ -165,8 +165,6 @@ static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p if (r < 0) return r; - assert(r > 0); - if (proposed_rrs_cmp(remote, r, our, size) > 0) return 1; From d935dd7e9db06c5b8d81d0b0989b21f848e166bd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 4 Jul 2022 11:44:46 +0900 Subject: [PATCH 479/703] resolve: do not trigger assertions on invalid query (cherry picked from commit 055acd4d8b385fd9ff29e49e0c46856a9e705433) (cherry picked from commit b61a61ec53bb07550d71b5e8611e06ebc0b41755) --- src/resolve/resolved-dns-scope.c | 4 +++- src/resolve/resolved-mdns.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 9d800f8ee61..99d5ff69577 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -1019,7 +1019,9 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) { return; } - assert(dns_question_size(p->question) == 1); + if (dns_question_size(p->question) != 1) + return (void) log_debug("Received LLMNR query without question or multiple questions, ignoring."); + key = dns_question_first_key(p->question); r = dns_zone_lookup(&s->zone, key, 0, &answer, &soa, &tentative); diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c index 8c8ee81da1c..23c084130b1 100644 --- a/src/resolve/resolved-mdns.c +++ b/src/resolve/resolved-mdns.c @@ -243,7 +243,8 @@ static int mdns_scope_process_query(DnsScope *s, DnsPacket *p) { if (r < 0) return log_debug_errno(r, "Failed to extract resource records from incoming packet: %m"); - assert_return((dns_question_size(p->question) > 0), -EINVAL); + if (dns_question_size(p->question) <= 0) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Received mDNS query without question, ignoring."); unicast_reply = mdns_should_reply_using_unicast(p); if (unicast_reply && !sender_on_local_subnet(s, p)) { From fb48f600cf37548edf33f6acccfac0fb9ba6b7a1 Mon Sep 17 00:00:00 2001 From: Vishal Chillara Srinivas Date: Wed, 15 Jun 2022 18:16:06 +0530 Subject: [PATCH 480/703] RFC 6762 section 7.1: a Multicast DNS querier SHOULD NOT include records in the Known-Answer list whose remaining TTL is less than half of their original TTL (cherry picked from commit f941c124273ac1b3bce0029f69f9664ba6f01f7f) (cherry picked from commit ef6c37908904f27e1322a03b1859c66ead4b629d) --- src/resolve/resolved-dns-cache.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index aeff9f8be6d..13dcddf38b0 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -1261,11 +1261,14 @@ int dns_cache_check_conflicts(DnsCache *cache, DnsResourceRecord *rr, int owner_ int dns_cache_export_shared_to_packet(DnsCache *cache, DnsPacket *p) { unsigned ancount = 0; DnsCacheItem *i; + usec_t t; int r; assert(cache); assert(p); + t = now(CLOCK_BOOTTIME); + HASHMAP_FOREACH(i, cache->by_key) { DnsCacheItem *j; @@ -1276,6 +1279,11 @@ int dns_cache_export_shared_to_packet(DnsCache *cache, DnsPacket *p) { if (!j->shared_owner) continue; + /* RFC6762 7.1: Don't append records with less than half the TTL remaining + * as known answers. */ + if (usec_sub_unsigned(j->until, t) < j->rr->ttl * USEC_PER_SEC / 2) + continue; + r = dns_packet_append_rr(p, j->rr, 0, NULL, NULL); if (r == -EMSGSIZE && p->protocol == DNS_PROTOCOL_MDNS) { /* For mDNS, if we're unable to stuff all known answers into the given packet, From 62ea1502e0f3efea7b1a45682f9ed8d1eaa969ac Mon Sep 17 00:00:00 2001 From: w30023233 Date: Tue, 19 Apr 2022 21:05:25 +0800 Subject: [PATCH 481/703] virt: detect OpenStack Nova instance (cherry picked from commit 01d9fbccddd694bc584aed24eaa0543f831dc929) --- src/basic/virt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/basic/virt.c b/src/basic/virt.c index f6063e98592..b609ee8c473 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -154,6 +154,7 @@ static int detect_vm_dmi_vendor(void) { int id; } dmi_vendor_table[] = { { "KVM", VIRTUALIZATION_KVM }, + { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ { "Amazon EC2", VIRTUALIZATION_AMAZON }, { "QEMU", VIRTUALIZATION_QEMU }, { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ From 427995b49b5bb9c61799966fb4c4c844afec41d9 Mon Sep 17 00:00:00 2001 From: Fei Li Date: Fri, 17 Jun 2022 19:26:28 +0800 Subject: [PATCH 482/703] virt: detect KubeVirt instance Kubevirt is currently technically based on KVM (but not xen yet[1]). The systemd-detect-virt command, used to differentiate the current virtualization environment, works fine on x86 relying on CPUID, while fails to get the correct value (none instead of kvm) on aarch64. Let's fix this by adding a new 'vendor[KubeVirt] = kvm' classification considering the sys_vendor is always KubeVirt. [1] https://groups.google.com/g/kubevirt-dev/c/C6cUgzTOsVg Signed-off-by: Fei Li (cherry picked from commit c15d1ac2c4e8ce46c6d07621f7d5531cbc2160a8) (cherry picked from commit e7d635f0b92dcd205802b459e25843de461022fe) --- src/basic/virt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/basic/virt.c b/src/basic/virt.c index b609ee8c473..52fbffbefb7 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -155,6 +155,7 @@ static int detect_vm_dmi_vendor(void) { } dmi_vendor_table[] = { { "KVM", VIRTUALIZATION_KVM }, { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ + { "KubeVirt", VIRTUALIZATION_KVM }, /* Detect KubeVirt instance as KVM in non x86 architecture */ { "Amazon EC2", VIRTUALIZATION_AMAZON }, { "QEMU", VIRTUALIZATION_QEMU }, { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ From 97c82a3abb7ad2bacda56d8e4ee73296714d238b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Tue, 26 Jul 2022 18:24:12 +0000 Subject: [PATCH 483/703] gcrypt: prefer the OS RNG by default, gcrypt defaults to an userspace RNG, this is the wrong thing (tm) to do on linux. Switch to the SYSTEM rng instead. (cherry picked from commit 80f967311ac53ae43b5a26332f32cc6665661338) (cherry picked from commit ca0ed3a78cc2414706a59384d50b9048e1f00357) --- src/basic/gcrypt-util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/basic/gcrypt-util.c b/src/basic/gcrypt-util.c index 64c63cdab1f..1927fdfe460 100644 --- a/src/basic/gcrypt-util.c +++ b/src/basic/gcrypt-util.c @@ -15,6 +15,8 @@ void initialize_libgcrypt(bool secmem) { * feature should initialize the library manually */ if (!secmem) gcry_control(GCRYCTL_DISABLE_SECMEM); + + gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); } From 9359dd6977dba250e60cda5183da72e7de716e38 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Tue, 26 Jul 2022 21:49:48 -0400 Subject: [PATCH 484/703] meson: fix broken boolean kwarg Everywhere else that `conf.get('ENABLE_*')` is used as a boolean key for something (for example in if statements) it always checks if == 1, but in this one case it neglects to do so. This is important because conf.get yields the same int that was stored, but if statements require booleans. So does executable's "install" kwarg, at least according to the documentation. In actuality, it accepts all types without sanity checking, then uses python "if bool(var)", so you can actually do `install: 'do not'` and that's treated identical to `true`. This is a type-checking bug which Meson will eventually fix. muon fails on the same code, today. (cherry picked from commit 9e4a50bcdf7a275766e4f5c7af012c32bc22128d) (cherry picked from commit 3a382bf86bd2da98cdb9094165e4da0aaee68c9c) --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 64152310ab3..fcb1332b43e 100644 --- a/meson.build +++ b/meson.build @@ -2073,7 +2073,7 @@ public_programs += executable( libmount, libblkid], install_rpath : rootlibexecdir, - install : conf.get('ENABLE_ANALYZE')) + install : conf.get('ENABLE_ANALYZE') == 1) executable( 'systemd-journald', From 427d1894795f7b82efc8bfdb6a5d350e95e91abf Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Sat, 30 Jul 2022 08:46:27 +0200 Subject: [PATCH 485/703] docs: Correct StandartOutput documentation fix #2114 (cherry picked from commit e0a12b96344b1d7ee499df1d0447b14ced62c1b4) (cherry picked from commit 79de67e2dfebf3c40a65010d4d261dda28489f3e) --- man/systemd.exec.xml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 9efb5dafecc..c7ea48a4809 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2741,7 +2741,11 @@ SystemCallErrorNumber=EPERM writing text to stderr will not work. To mitigate this use the construct echo "hello" >&2 instead, which is mostly equivalent and avoids this pitfall. - This setting defaults to the value set with DefaultStandardOutput= in + If StandardInput= is set to one of , , + , , or , this + setting defaults to . + + In other cases, this setting defaults to the value set with DefaultStandardOutput= in systemd-system.conf5, which defaults to . Note that setting this parameter might result in additional dependencies to be added to the unit (see above). From c57e95e8fad666a85a947eb47f89410de448a73f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Mon, 1 Aug 2022 01:04:27 -0400 Subject: [PATCH 486/703] gcrypt: switch to system rng before gcry_check_version (#24162) Current docs claim this must be done before gcry_check_version. (cherry picked from commit 91375fb9cf38aca397a6d50e3f22dfb7a4aa1b98) (cherry picked from commit 695eb673222cbf35c3afce0892fedcc7d08fb4af) --- src/basic/gcrypt-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/gcrypt-util.c b/src/basic/gcrypt-util.c index 1927fdfe460..41c9362be18 100644 --- a/src/basic/gcrypt-util.c +++ b/src/basic/gcrypt-util.c @@ -9,6 +9,7 @@ void initialize_libgcrypt(bool secmem) { if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) return; + gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM); assert_se(gcry_check_version("1.4.5")); /* Turn off "secmem". Clients which wish to make use of this @@ -16,7 +17,6 @@ void initialize_libgcrypt(bool secmem) { if (!secmem) gcry_control(GCRYCTL_DISABLE_SECMEM); - gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); } From a2fc30409d9c779209197176519b6676fd69c43a Mon Sep 17 00:00:00 2001 From: Jacek Migacz Date: Wed, 27 Jul 2022 18:38:12 +0200 Subject: [PATCH 487/703] resolved: fix single-label resolution over DNS Fixes: #23494 (when ResolveUnicastSingleLabel=yes) (cherry picked from commit ff0a5070d45f20df7744b1090892be797bf18365) (cherry picked from commit 7384d152c811c4c87616b67a2f4bb1783c5a2373) --- src/resolve/resolved-dns-scope.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 99d5ff69577..30c1b7ab4a2 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -700,6 +700,11 @@ DnsScopeMatch dns_scope_good_domain( if (has_search_domains && dns_name_is_single_label(domain)) return DNS_SCOPE_YES_BASE + 1; + /* If ResolveUnicastSingleLabel=yes and the query is single-label, then bump match result + to prevent LLMNR monopoly among candidates. */ + if (s->manager->resolve_unicast_single_label && dns_name_is_single_label(domain)) + return DNS_SCOPE_YES_BASE + 1; + /* Let's return the number of labels in the best matching result */ if (n_best >= 0) { assert(n_best <= DNS_SCOPE_YES_END - DNS_SCOPE_YES_BASE); From 8e6ba03724b87c5479f040b9a22f5983e9b7b96d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 2 Aug 2022 18:16:21 +0200 Subject: [PATCH 488/703] repart: when keeping ref to backing inode/devnode, use fd_reopen() rathern than F_DUPFD Via the "backing_fd" variable we intend to pin the backing inode through our entire code. So far we typically created the fd via F_DUPFD_CLOEXEC, and thus any BSD lock taken one the original fd is shared with our backing_fd reference. And if the origina fd is closed but our backing_fd is not, we'll keep the BSD lock open, even if we then reopen the block device through the backing_fd. If hit, this results in a deadlock. Let's fix that by creating the backing_fd via fd_reopen(), so that the locks are no longer shared, and if the original fd is closed all BSD locks on it that are in effect are auto-released. (Note the deadlock is only triggered if multiple operations on the same backing inode are executed, i.e. factory reset, resize and applying of partitions.) Replaces: #24181 (cherry picked from commit 38f81e937426993cfc899aa09298f69f00935852) (cherry picked from commit d3e84e47035753b3c24a27ebab6ae2a7db87b71d) --- src/partition/repart.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/partition/repart.c b/src/partition/repart.c index d08f47f2c47..25369120080 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -1593,9 +1593,9 @@ static int context_load_partition_table( if (*backing_fd < 0) { /* If we have no fd referencing the device yet, make a copy of the fd now, so that we have one */ - *backing_fd = fcntl(fdisk_get_devfd(c), F_DUPFD_CLOEXEC, 3); + *backing_fd = fd_reopen(fdisk_get_devfd(c), O_RDONLY|O_CLOEXEC); if (*backing_fd < 0) - return log_error_errno(errno, "Failed to duplicate fdisk fd: %m"); + return log_error_errno(*backing_fd, "Failed to duplicate fdisk fd: %m"); } /* Tell udev not to interfere while we are processing the device */ From 618b8d5a6d71b6e69cc4865d7c93611441f97e88 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 2 Aug 2022 17:27:29 +0200 Subject: [PATCH 489/703] systemctl: clarify that "status" is about the most recent invocation of a service And point people to "journalctl --unit=" for information of prior runs. Inspired by: #24159 (cherry picked from commit 157cb4337b83359267050bff43c1ad39b0303f10) (cherry picked from commit 0cfe2d7e88e197795209dbf7442fc05f814468ad) --- man/systemctl.xml | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/man/systemctl.xml b/man/systemctl.xml index 202eed125a9..d166bc114b5 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -196,25 +196,24 @@ Sun 2017-02-26 20:57:49 EST 2h 3min left Sun 2017-02-26 11:56:36 EST 6h ago ). If a PID is passed, show information about the unit the process belongs to. - This function is intended to generate human-readable - output. If you are looking for computer-parsable output, - use show instead. By default, this - function only shows 10 lines of output and ellipsizes - lines to fit in the terminal window. This can be changed - with and , - see above. In addition, journalctl - --unit=NAME or - journalctl - --user-unit=NAME use - a similar filter for messages and might be more - convenient. - - - systemd implicitly loads units as necessary, so just running the status will - attempt to load a file. The command is thus not useful for determining if something was already loaded or - not. The units may possibly also be quickly unloaded after the operation is completed if there's no reason - to keep it in memory thereafter. - + This function is intended to generate human-readable output. If you are looking for + computer-parsable output, use show instead. By default, this function only + shows 10 lines of output and ellipsizes lines to fit in the terminal window. This can be changed + with and , see above. In addition, + journalctl --unit=NAME or journalctl + --user-unit=NAME use a similar filter for messages and might + be more convenient. + + Note that this operation only displays runtime status, i.e. information about + the current invocation of the unit (if it is running) or the most recent invocation (if it is not + running anymore, and has not been released from memory). Information about earlier invocations, + invocations from previous system boots, or prior invocations that have already been released from + memory may be retrieved via journalctl --unit=. + + systemd implicitly loads units as necessary, so just running the status + will attempt to load a file. The command is thus not useful for determining if something was + already loaded or not. The units may possibly also be quickly unloaded after the operation is + completed if there's no reason to keep it in memory thereafter. Example output from systemctl status From 12b041584a75fc850dcb92f818b64dab8c87466a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Collignon?= Date: Wed, 3 Aug 2022 11:42:28 +0200 Subject: [PATCH 490/703] Fix 24172: __STDC_VERSION__ may be defined in C++ According to the C++ ISO standard, a conformant compiler is allowed to define this macro to any value for any reason as it is implementation defined: https://timsong-cpp.github.io/cppwp/cpp.predefined#2.3 This mean that it cannot be assumed that it is not defined in a C++. Change the condition to reflect that. (cherry picked from commit 00852912edc69e652f4932fa536da60528f08ed3) (cherry picked from commit 45faf77d4d0e349d7a7b84c46f943504d8f3b4cf) --- src/systemd/_sd-common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/systemd/_sd-common.h b/src/systemd/_sd-common.h index e121429640b..f7db3706ff4 100644 --- a/src/systemd/_sd-common.h +++ b/src/systemd/_sd-common.h @@ -85,7 +85,7 @@ typedef void (*_sd_destroy_t)(void *userdata); #endif #ifndef _SD_ARRAY_STATIC -# if __STDC_VERSION__ >= 199901L +# if __STDC_VERSION__ >= 199901L && !defined(__cplusplus) # define _SD_ARRAY_STATIC static # else # define _SD_ARRAY_STATIC From 4fa81b6a2da60e7a3ea62282a0fd2812330513aa Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Mon, 1 Aug 2022 01:11:47 +0000 Subject: [PATCH 491/703] bpf: fix is_allow_list section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The llvm bpf compiler appears to place const volatile variables in a non-standard section which creates an incompatibility with the gcc bpf compiler. To fix this force GCC to also use the rodata section. Note this does emit an assembler warning: Generating src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o with a custom command /tmp/ccM2b7jP.s: Assembler messages: /tmp/ccM2b7jP.s:87: Warning: setting incorrect section attributes for .rodata See: https://github.com/llvm/llvm-project/issues/56468 Fixes: ../src/core/restrict-ifaces.c:45:14: error: ‘struct restrict_ifaces_bpf’ has no member named ‘rodata’; did you mean ‘data’? 45 | obj->rodata->is_allow_list = is_allow_list; | ^~~~~~ | data (cherry picked from commit e8b1e9cf1095f9d6d0f1e2dce2503e25fec2e6c5) (cherry picked from commit cdd3f180b0777e3f94dd1666a7a07a494277beed) --- src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c b/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c index 347a3a8d215..6c960b86f30 100644 --- a/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c +++ b/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c @@ -6,7 +6,7 @@ #include #include -const volatile __u8 is_allow_list = 0; +const volatile __u8 is_allow_list SEC(".rodata") = 0; /* Map containing the network interfaces indexes. * The interpretation of the map depends on the value of is_allow_list. From 3367e1bf482aad78614438db6306c5cd185dab45 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 3 Aug 2022 18:51:45 +0200 Subject: [PATCH 492/703] man: fix docbook (cherry picked from commit 1374f5a03aec469ad2f0ce56650f26da285d8660) (cherry picked from commit 6b58b06c7d52db11e48213628370b25a7e2da69a) --- man/systemctl.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemctl.xml b/man/systemctl.xml index d166bc114b5..bf83b8e4837 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -204,7 +204,7 @@ Sun 2017-02-26 20:57:49 EST 2h 3min left Sun 2017-02-26 11:56:36 EST 6h ago --user-unit=NAME use a similar filter for messages and might be more convenient. - Note that this operation only displays runtime status, i.e. information about + Note that this operation only displays runtime status, i.e. information about the current invocation of the unit (if it is running) or the most recent invocation (if it is not running anymore, and has not been released from memory). Information about earlier invocations, invocations from previous system boots, or prior invocations that have already been released from From 215b6ce2d6d21708db1e45cfd4da2b6bd5301fb5 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 3 Aug 2022 15:52:29 +0200 Subject: [PATCH 493/703] man: Clarify that tools should prefer mount units over editing fstab (cherry picked from commit 29e804dffd52496aaad2d0fc6a50d18a9940010d) (cherry picked from commit 3814bd0e719dee925b4f3e47efe7cbd5ce03005a) --- man/systemd.mount.xml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index 6d21d32778b..0b247c1f32a 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -155,16 +155,14 @@ <filename>fstab</filename> - Mount units may either be configured via unit files, or via - /etc/fstab (see + Mount units may either be configured via unit files, or via /etc/fstab (see fstab5 - for details). Mounts listed in /etc/fstab - will be converted into native units dynamically at boot and when - the configuration of the system manager is reloaded. In general, - configuring mount points through /etc/fstab - is the preferred approach. See - systemd-fstab-generator8 - for details about the conversion. + for details). Mounts listed in /etc/fstab will be converted into native units + dynamically at boot and when the configuration of the system manager is reloaded. In general, configuring + mount points through /etc/fstab is the preferred approach to manage mounts for + humans. For tooling, writing mount units should be preferred over editing /etc/fstab. + See systemd-fstab-generator8 + for details about the conversion from /etc/fstab to mount units. The NFS mount option for NFS background mounts as documented in nfs5 From c454d5fafb248a830c72e650d492f7ba68d2e953 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 3 Aug 2022 18:41:13 +0100 Subject: [PATCH 494/703] integritysetup: do not use crypt_init_data_device after crypt_init crypt_init_data_device() replaces the crypt_device struct with a new allocation, losing the old one, which we get from crypt_init(). Use crypt_set_data_device() instead. Enhance the test to cover this option too. (cherry picked from commit 872f9da4d8b67b012f1b1b227416d0c99bcdf43c) (cherry picked from commit a27b69445384ec190503ec957cb9f81b1a382694) --- src/integritysetup/integritysetup.c | 12 ++++++------ test/units/testsuite-67.sh | 29 +++++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/src/integritysetup/integritysetup.c b/src/integritysetup/integritysetup.c index d8cfd12e952..722f7d42ced 100644 --- a/src/integritysetup/integritysetup.c +++ b/src/integritysetup/integritysetup.c @@ -151,12 +151,6 @@ static int run(int argc, char *argv[]) { return 0; } - if (!isempty(arg_existing_data_device)) { - r = crypt_init_data_device(&cd, device, arg_existing_data_device); - if (r < 0) - return log_error_errno(r, "Failed to add separate data device: %m"); - } - r = crypt_load(cd, CRYPT_INTEGRITY, &(struct crypt_params_integrity) { @@ -167,6 +161,12 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_error_errno(r, "Failed to load integrity superblock: %m"); + if (!isempty(arg_existing_data_device)) { + r = crypt_set_data_device(cd, arg_existing_data_device); + if (r < 0) + return log_error_errno(r, "Failed to add separate data device: %m"); + } + r = crypt_activate_by_volume_key(cd, volume, key_buf, key_buf_size, arg_activate_flags); if (r < 0) return log_error_errno(r, "Failed to set up integrity device: %m"); diff --git a/test/units/testsuite-67.sh b/test/units/testsuite-67.sh index ac7e7ba0163..b813621055f 100755 --- a/test/units/testsuite-67.sh +++ b/test/units/testsuite-67.sh @@ -41,6 +41,7 @@ if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then fi dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1 +dd if=/dev/zero of="${image_dir}/data" bs=1048576 count=64 || exit 1 loop="$(losetup --show -f "${image_dir}/image")" if [[ ! -e ${loop} ]]; then @@ -48,10 +49,18 @@ if [[ ! -e ${loop} ]]; then exit 1 fi +# Do one iteration with a separate data device, to test those branches +separate_data=1 + for algorithm in crc32c crc32 sha1 sha256 do - integritysetup format "${loop}" --batch-mode -I "${algorithm}" || exit 1 - integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" || exit 1 + if [ "${separate_data}" -eq 1 ]; then + data_option="--data-device=${image_dir}/data" + else + data_option="" + fi + integritysetup format "${loop}" --batch-mode -I "${algorithm}" "${data_option}" || exit 1 + integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" "${data_option}" || exit 1 mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1 # Give userspace time to handle udev events for new FS showing up ... @@ -60,7 +69,12 @@ do integritysetup close "${DM_NAME}" || exit 1 # create integritytab, generate units, start service - build_integrity_tab ${algorithm} + if [ "${separate_data}" -eq 1 ]; then + data_option=",data-device=${image_dir}/data" + else + data_option="" + fi + build_integrity_tab "${algorithm}${data_option}" # Cause the generator to re-run systemctl daemon-reload || exit 1 @@ -77,7 +91,13 @@ do # Check the signature on the FS to ensure we can retrieve it and that is matches if [ -e "${FULL_DM_DEV_NAME}" ]; then - if [ "${FULL_DM_DEV_NAME}" != "$(blkid -U "${FS_UUID}")" ]; then + # If a separate device is used for the metadata storage, then blkid will return one of the loop devices + if [ "${separate_data}" -eq 1 ]; then + dev_name="$(integritysetup status ${DM_NAME} | grep '^\s*device:' | awk '{print $2}')" + else + dev_name="${FULL_DM_DEV_NAME}" + fi + if [ "${dev_name}" != "$(blkid -U "${FS_UUID}")" ]; then echo "Failed to locate FS with matching UUID!" exit 1 fi @@ -93,6 +113,7 @@ do exit 1 fi + separate_data=0 done echo OK >/testok From 8625211cc852b75f46490d640517c424f96f7b94 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 19 Jul 2022 17:29:45 +0200 Subject: [PATCH 495/703] pull: fix PullFlags numbering (cherry picked from commit 5243331fb8b77812177cf327f7d8c86c2e4ce323) (cherry picked from commit 6a9cf204a724cbe02bb8dcbb28566fcb2065c6c9) --- src/import/pull-common.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/import/pull-common.h b/src/import/pull-common.h index 2347db3bacf..475613a9076 100644 --- a/src/import/pull-common.h +++ b/src/import/pull-common.h @@ -9,15 +9,15 @@ typedef enum PullFlags { PULL_FORCE = 1 << 0, /* replace existing image */ PULL_READ_ONLY = 1 << 1, /* make generated image read-only */ - PULL_SETTINGS = 1 << 1, /* download .nspawn settings file */ - PULL_ROOTHASH = 1 << 2, /* only for raw: download .roothash file for verity */ - PULL_ROOTHASH_SIGNATURE = 1 << 3, /* only for raw: download .roothash.p7s file for verity */ - PULL_VERITY = 1 << 4, /* only for raw: download .verity file for verity */ - PULL_BTRFS_SUBVOL = 1 << 2, /* tar: preferably create images as btrfs subvols */ - PULL_BTRFS_QUOTA = 1 << 3, /* tar: set up btrfs quota for new subvolume as child of parent subvolume */ - PULL_CONVERT_QCOW2 = 1 << 4, /* raw: if we detect a qcow2 image, unpack it */ - PULL_DIRECT = 1 << 5, /* download without rename games */ - PULL_SYNC = 1 << 6, /* fsync() right before we are done */ + PULL_SETTINGS = 1 << 2, /* download .nspawn settings file */ + PULL_ROOTHASH = 1 << 3, /* only for raw: download .roothash file for verity */ + PULL_ROOTHASH_SIGNATURE = 1 << 4, /* only for raw: download .roothash.p7s file for verity */ + PULL_VERITY = 1 << 5, /* only for raw: download .verity file for verity */ + PULL_BTRFS_SUBVOL = 1 << 6, /* tar: preferably create images as btrfs subvols */ + PULL_BTRFS_QUOTA = 1 << 7, /* tar: set up btrfs quota for new subvolume as child of parent subvolume */ + PULL_CONVERT_QCOW2 = 1 << 8, /* raw: if we detect a qcow2 image, unpack it */ + PULL_DIRECT = 1 << 9, /* download without rename games */ + PULL_SYNC = 1 << 10, /* fsync() right before we are done */ /* The supported flags for the tar and the raw pulling */ PULL_FLAGS_MASK_TAR = PULL_FORCE|PULL_READ_ONLY|PULL_SETTINGS|PULL_BTRFS_SUBVOL|PULL_BTRFS_QUOTA|PULL_DIRECT|PULL_SYNC, From b9216947a3767700e246aaeb8dd5d11abfb28907 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Sat, 6 Aug 2022 09:07:47 +0200 Subject: [PATCH 496/703] boot: Build with at least -O1 as workaround Fixes: #24202 (cherry picked from commit 2fb11652381c199ad19bb469e530543366d99dd4) (cherry picked from commit b0da0d61023ccc912e4d254b03d2350ec65ce87a) --- src/boot/efi/meson.build | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 8dc35c0e4ab..2769dd8dfe2 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -182,6 +182,12 @@ efi_cflags = cc.get_supported_arguments( '-include', version_h, ] +# On some distros, sd-boot/-stub may trigger some bug somewhere that will cause +# kernel execution to fail. The cause seems to be purely based on code size and +# always compiling with at least -O1 will work around that. +# https://github.com/systemd/systemd/issues/24202 +efi_cflags += '-O1' + efi_cflags += cc.get_supported_arguments({ 'ia32': ['-mno-sse', '-mno-mmx'], 'x86_64': ['-mno-red-zone', '-mno-sse', '-mno-mmx'], From 89a5b7752f6454d139d79cd9246d3178571800dc Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 14 Jul 2022 05:05:32 +0900 Subject: [PATCH 497/703] network: dhcp4: disable DHCPv4 client on interfaces with non-supported types Replaces f42d41cc5f9cd8cac538a1c30fda04d346b5bae2. (cherry picked from commit 7e2f684e1fa391bd511b52bbbe4a3971cdc5ec33) (cherry picked from commit 9951ea07d5a9a43b3a4c8225f1b79f446e62eebe) --- src/network/networkd-dhcp-common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c index 7996960bd12..4f13eada057 100644 --- a/src/network/networkd-dhcp-common.c +++ b/src/network/networkd-dhcp-common.c @@ -52,6 +52,10 @@ bool link_dhcp_enabled(Link *link, int family) { assert(link); assert(IN_SET(family, AF_INET, AF_INET6)); + /* Currently, sd-dhcp-client supports only ethernet and infiniband. */ + if (family == AF_INET && !IN_SET(link->iftype, ARPHRD_ETHER, ARPHRD_INFINIBAND)) + return false; + if (family == AF_INET6 && !socket_ipv6_is_supported()) return false; From d1166a9060b3a9e6c579cf308887b55a26bad2a7 Mon Sep 17 00:00:00 2001 From: undef Date: Sat, 6 Aug 2022 05:47:03 +0000 Subject: [PATCH 498/703] shared/generator: Ensure growfs unit runs after repart When deploying an image using systemd-repart and systemd-growfs one should have the image expanded entirely and ready to use after the first boot. This ensures that growfs does not occur before repart, thus requiring a second boot. (cherry picked from commit 7b45d6b6f64e9f5c006bdf31559a77294dbe00ad) (cherry picked from commit 4fdca1ab9e90341d63113c7b3109daef08d1e04d) --- src/shared/generator.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/generator.c b/src/shared/generator.c index 014b34747db..82265fde3b4 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -536,7 +536,7 @@ int generator_hook_up_growfs( "DefaultDependencies=no\n" "BindsTo=%%i.mount\n" "Conflicts=shutdown.target\n" - "After=%%i.mount\n" + "After=systemd-repart.service %%i.mount\n" "Before=shutdown.target%s%s\n", program_invocation_short_name, target ? " " : "", From 647c44c21a350b1fffd45483c9615d0dd77d9cfe Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 6 Aug 2022 03:42:29 +0900 Subject: [PATCH 499/703] udev-util: assume system is running on AC power when no battery found Fixes #24214. (cherry picked from commit 96788d2aa4f4b0b49874b4a240ce47d9e8485d1b) (cherry picked from commit ed2955f8fe194040c3b29fb58e6dc02d397d79d5) --- src/shared/udev-util.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 5c1b4a44705..608f546cff8 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -643,7 +643,7 @@ static int device_is_power_sink(sd_device *device) { int on_ac_power(void) { _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; - bool found_offline = false, found_online = false; + bool found_offline = false, found_online = false, found_battery = false; sd_device *d; int r; @@ -674,6 +674,7 @@ int on_ac_power(void) { * for defined power source types. Also see: * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ if (streq(val, "Battery")) { + found_battery = true; log_device_debug(d, "The power supply is battery, ignoring."); continue; } @@ -714,10 +715,12 @@ int on_ac_power(void) { log_debug("Found at least one online non-battery power supply, system is running on AC power."); else if (!found_offline) log_debug("Found no offline non-battery power supply, assuming system is running on AC power."); + else if (!found_battery) + log_debug("Found no battery, assuming system is running on AC power."); else log_debug("All non-battery power supplies are offline, assuming system is running with battery."); - return found_online || !found_offline; + return found_online || !found_offline || !found_battery; } bool udev_available(void) { From 887837a5a9425945b91488db661122459af94c52 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 6 Aug 2022 13:05:59 +0900 Subject: [PATCH 500/703] dhcp: fix potential buffer overflow Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315. This also renames several macros for DHCP packet size. (cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b) (cherry picked from commit 037b1a8acc50cbeeebb82f95594a4909375577c2) --- src/libsystemd-network/dhcp-protocol.h | 7 ++++--- src/libsystemd-network/sd-dhcp-client.c | 11 +++++------ src/libsystemd-network/sd-dhcp-lease.c | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/libsystemd-network/dhcp-protocol.h b/src/libsystemd-network/dhcp-protocol.h index 11f4201ab2a..686cf67e84c 100644 --- a/src/libsystemd-network/dhcp-protocol.h +++ b/src/libsystemd-network/dhcp-protocol.h @@ -43,9 +43,10 @@ typedef struct DHCPPacket DHCPPacket; #define DHCP_IP_SIZE (int32_t)(sizeof(struct iphdr)) #define DHCP_IP_UDP_SIZE (int32_t)(sizeof(struct udphdr) + DHCP_IP_SIZE) -#define DHCP_MESSAGE_SIZE (int32_t)(sizeof(DHCPMessage)) -#define DHCP_DEFAULT_MIN_SIZE 576 /* the minimum internet hosts must be able to receive */ -#define DHCP_MIN_OPTIONS_SIZE (DHCP_DEFAULT_MIN_SIZE - DHCP_IP_UDP_SIZE - DHCP_MESSAGE_SIZE) +#define DHCP_HEADER_SIZE (int32_t)(sizeof(DHCPMessage)) +#define DHCP_MIN_MESSAGE_SIZE 576 /* the minimum internet hosts must be able to receive, see RFC 2132 Section 9.10 */ +#define DHCP_MIN_OPTIONS_SIZE (DHCP_MIN_MESSAGE_SIZE - DHCP_HEADER_SIZE) +#define DHCP_MIN_PACKET_SIZE (DHCP_MIN_MESSAGE_SIZE + DHCP_IP_UDP_SIZE) #define DHCP_MAGIC_COOKIE (uint32_t)(0x63825363) enum { diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index c33be947b74..6e0c8952000 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -645,7 +645,7 @@ int sd_dhcp_client_set_client_port( int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) { assert_return(client, -EINVAL); - assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE); + assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE); client->mtu = mtu; @@ -812,7 +812,6 @@ static int client_message_init( _cleanup_free_ DHCPPacket *packet = NULL; size_t optlen, optoffset, size; - be16_t max_size; usec_t time_now; uint16_t secs; int r; @@ -963,9 +962,9 @@ static int client_message_init( */ /* RFC7844 section 3: SHOULD NOT contain any other option. */ - if (!client->anonymize && type != DHCP_RELEASE) { - max_size = htobe16(size); - r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0, + if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) { + be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX)); + r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0, SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE, 2, &max_size); if (r < 0) @@ -2279,7 +2278,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { .state = DHCP_STATE_INIT, .ifindex = -1, .fd = -1, - .mtu = DHCP_DEFAULT_MIN_SIZE, + .mtu = DHCP_MIN_PACKET_SIZE, .port = DHCP_PORT_CLIENT, .anonymize = !!anonymize, .max_attempts = UINT64_MAX, diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index 952c6740593..2359df32bf9 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -712,9 +712,9 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void r = lease_parse_u16(option, len, &lease->mtu, 68); if (r < 0) log_debug_errno(r, "Failed to parse MTU, ignoring: %m"); - if (lease->mtu < DHCP_DEFAULT_MIN_SIZE) { - log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_DEFAULT_MIN_SIZE); - lease->mtu = DHCP_DEFAULT_MIN_SIZE; + if (lease->mtu < DHCP_MIN_PACKET_SIZE) { + log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_MIN_PACKET_SIZE); + lease->mtu = DHCP_MIN_PACKET_SIZE; } break; From 6ab318435ee2f62cfd308bbbd946b719f4a05d98 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Mon, 8 Aug 2022 15:52:33 +0000 Subject: [PATCH 501/703] sysusers: only check whether the requested GID is available This relaxes the availability check when creating a group, if an explicit GID has been requested. It avoids mixing up users and groups entries with valid and unique UIDs/GIDs, but each having the same ID number. (cherry picked from commit 6b6e45eb7386bb4399746b70f6f606caea450fed) (cherry picked from commit ec5a46ca341f4f62779a54385ba7cae6a1dfcdb3) --- src/sysusers/sysusers.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 07a65a2ebc1..873003ca22d 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1171,7 +1171,7 @@ static int add_user(Item *i) { return 0; } -static int gid_is_ok(gid_t gid) { +static int gid_is_ok(gid_t gid, bool check_with_uid) { struct group *g; struct passwd *p; @@ -1179,13 +1179,13 @@ static int gid_is_ok(gid_t gid) { return 0; /* Avoid reusing gids that are already used by a different user */ - if (ordered_hashmap_get(todo_uids, UID_TO_PTR(gid))) + if (check_with_uid && ordered_hashmap_get(todo_uids, UID_TO_PTR(gid))) return 0; if (hashmap_contains(database_by_gid, GID_TO_PTR(gid))) return 0; - if (hashmap_contains(database_by_uid, UID_TO_PTR(gid))) + if (check_with_uid && hashmap_contains(database_by_uid, UID_TO_PTR(gid))) return 0; if (!arg_root) { @@ -1196,12 +1196,14 @@ static int gid_is_ok(gid_t gid) { if (!IN_SET(errno, 0, ENOENT)) return -errno; - errno = 0; - p = getpwuid((uid_t) gid); - if (p) - return 0; - if (!IN_SET(errno, 0, ENOENT)) - return -errno; + if (check_with_uid) { + errno = 0; + p = getpwuid((uid_t) gid); + if (p) + return 0; + if (!IN_SET(errno, 0, ENOENT)) + return -errno; + } } return 1; @@ -1252,7 +1254,7 @@ static int add_group(Item *i) { /* Try to use the suggested numeric GID */ if (i->gid_set) { - r = gid_is_ok(i->gid); + r = gid_is_ok(i->gid, false); if (r < 0) return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); if (i->id_set_strict) { @@ -1275,7 +1277,7 @@ static int add_group(Item *i) { /* Try to reuse the numeric uid, if there's one */ if (!i->gid_set && i->uid_set) { - r = gid_is_ok((gid_t) i->uid); + r = gid_is_ok((gid_t) i->uid, true); if (r < 0) return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); if (r > 0) { @@ -1293,7 +1295,7 @@ static int add_group(Item *i) { if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c)) log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name); else { - r = gid_is_ok(c); + r = gid_is_ok(c, true); if (r < 0) return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); else if (r > 0) { @@ -1315,7 +1317,7 @@ static int add_group(Item *i) { if (r < 0) return log_error_errno(r, "No free group ID available for %s.", i->name); - r = gid_is_ok(search_uid); + r = gid_is_ok(search_uid, true); if (r < 0) return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); else if (r > 0) From 3733943f5afb044d397705c0b5bfcc9058551799 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Mon, 8 Aug 2022 15:56:06 +0000 Subject: [PATCH 502/703] sysusers: properly process user entries with an explicit GID This tweaks user creation logic to properly take into consideration an explicitly requested GID. It fixes a bug where the creation flow would mistakenly fall back to use the username instead, resulting in wrong lookups in case of users and groups using the same name. (cherry picked from commit 5ed47c4d230b9491339c16c6ea4181dfd293bc98) (cherry picked from commit f9d936b86561c23f5b40211254544b91e33eae7a) --- src/sysusers/sysusers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 873003ca22d..558df57b887 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1350,9 +1350,11 @@ static int process_item(Item *i) { switch (i->type) { case ADD_USER: { - Item *j; + Item *j = NULL; + + if (!i->gid_set) + j = ordered_hashmap_get(groups, i->group_name ?: i->name); - j = ordered_hashmap_get(groups, i->group_name ?: i->name); if (j && j->todo_group) { /* When a group with the target name is already in queue, * use the information about the group and do not create From 658013a7f788c301fd40d901b697312cffc520ac Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Tue, 9 Aug 2022 10:32:41 +0200 Subject: [PATCH 503/703] meson: Test correct efi linker for supported args Fixes: #24241 (cherry picked from commit 6a941db798e3c5d896f6732afb4e6e482d708900) Closes https://github.com/systemd/systemd-stable/issues/216 (cherry picked from commit b3dd66f32beb1e2daea31c73ce4c3b4c4ad844fb) --- src/boot/efi/meson.build | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 2769dd8dfe2..22432e2cba6 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -247,11 +247,19 @@ efi_ldflags = [ efi_crt0, ] -possible_link_flags = [ - '-Wl,--no-warn-execstack', - '-Wl,--no-warn-rwx-segments', -] -efi_ldflags += cc.get_supported_link_arguments(possible_link_flags) +foreach arg : ['-Wl,--no-warn-execstack', + '-Wl,--no-warn-rwx-segments'] + # We need to check the correct linker for supported args. This is what + # cc.has_multi_link_arguments() is for, but it helpfully overrides our + # choice of linker by putting its own -fuse-ld= arg after ours. + if run_command('bash', '-c', + 'exec "$@" -x c -o/dev/null <(echo "int main(void){return 0;}")' + + ' -fuse-ld=' + efi_ld + ' -Wl,--fatal-warnings ' + arg, + 'bash', cc.cmd_array(), + check : false).returncode() == 0 + efi_ldflags += arg + endif +endforeach if efi_arch[1] in ['aarch64', 'arm', 'riscv64'] efi_ldflags += ['-shared'] From 2aeff0f39aed7f278660617bb04e45dcc0884ab9 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 10 Aug 2022 19:26:42 +0900 Subject: [PATCH 504/703] oom: drop invalid %m in the log message Fixes https://github.com/systemd/systemd/issues/23785#issuecomment-1210030100. (cherry picked from commit b6f6df4cb07ebf736f0f4b60a845049306088797) (cherry picked from commit a3348ba748e17d18e2bbf56776cdb1b331cd4525) --- src/oom/oomd-manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c index b0a81474ccf..71c6847c9e8 100644 --- a/src/oom/oomd-manager.c +++ b/src/oom/oomd-manager.c @@ -83,7 +83,7 @@ static int process_managed_oom_message(Manager *m, uid_t uid, JsonVariant *param r = cg_path_get_owner_uid(message.path, &cg_uid); if (r < 0) { - log_debug("Failed to get cgroup %s owner uid: %m", message.path); + log_debug_errno(r, "Failed to get cgroup %s owner uid: %m", message.path); continue; } From 45e46fb4b2b2463b4ec99b85313c0446e31ca126 Mon Sep 17 00:00:00 2001 From: exploide Date: Wed, 10 Aug 2022 17:35:21 +0200 Subject: [PATCH 505/703] resolvctl: only remove protocol after last dot when mangling ifname for resolvconf ifname_resolvconf_mangle is supposed to remove protocol suffixes like .dhcp from interface names. But this removed also valid parts of the ifname like VLAN IDs, e.g. enp2s0u4.72.dhcp -> enp2s0u4 instead of enp2s0u4.72 After this change, everything behind the last dot is removed instead of the first. (cherry picked from commit e8d0eb3915ac33cc0d3da87a836cee6e61645227) (cherry picked from commit 1760559918c6299a31c4b28a4ce07e5d6322d986) --- src/resolve/resolvectl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index 5b3ceeff36a..2d04d98569a 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -138,7 +138,7 @@ int ifname_resolvconf_mangle(const char *s) { assert(s); - dot = strchr(s, '.'); + dot = strrchr(s, '.'); if (dot) { _cleanup_free_ char *iface = NULL; From 02a5c22ec192a2938a400470346a606159812725 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 12 Aug 2022 04:16:56 +0900 Subject: [PATCH 506/703] sd-device-monitor: fix inversed condition Fixes an issue introduced by b3d06b9226db96fddb6bb45a4708e2e8d413d91d. (cherry picked from commit 133d78966fe8b1469e593bd467d9055f7afa5858) (cherry picked from commit 81339c45e8d3372096599525397a632714da2dd5) --- src/libsystemd/sd-device/device-monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c index 6602f12a7c7..49af7a70c58 100644 --- a/src/libsystemd/sd-device/device-monitor.c +++ b/src/libsystemd/sd-device/device-monitor.c @@ -445,7 +445,7 @@ int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) { buflen = recvmsg(m->sock, &smsg, 0); if (buflen < 0) { - if (ERRNO_IS_TRANSIENT(errno)) + if (!ERRNO_IS_TRANSIENT(errno)) log_debug_errno(errno, "sd-device-monitor: Failed to receive message: %m"); return -errno; } From b48a17f13fb85145c17ee1dd3beb450d1dcc4b08 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 12 Aug 2022 04:19:27 +0900 Subject: [PATCH 507/703] sd-device-monitor: actually refuse to send invalid devices Fixes an issue introduced by 9e79123884a36ce095b98d1c0fe247dddf02dbec. (cherry picked from commit 8bb4989906a1659b0f6adfa03dc7585e294a392b) (cherry picked from commit 6e1acfe81823b67b6b830d3ae8d0f0184eab8b2f) --- src/libsystemd/sd-device/device-monitor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c index 49af7a70c58..f126d88dbd5 100644 --- a/src/libsystemd/sd-device/device-monitor.c +++ b/src/libsystemd/sd-device/device-monitor.c @@ -577,8 +577,8 @@ int device_monitor_send_device( if (r < 0) return log_device_debug_errno(device, r, "sd-device-monitor: Failed to get device properties: %m"); if (blen < 32) - log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), - "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); + return log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), + "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); /* fill in versioned header */ r = sd_device_get_subsystem(device, &val); From 462b20cbd6caccfc1e5b1331f7768687b51b374d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Aug 2022 15:24:31 +0200 Subject: [PATCH 508/703] cryptenroll: fix memory leak (cherry picked from commit 7e196e9aac41da206792d96a16b712dd300b0e82) (cherry picked from commit f279a6f4d1feceaf32fdc790ae242044bb672a16) --- src/cryptenroll/cryptenroll.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c index c9bc9a24891..c96f23ffe2f 100644 --- a/src/cryptenroll/cryptenroll.c +++ b/src/cryptenroll/cryptenroll.c @@ -45,6 +45,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_pkcs11_token_uri, freep); STATIC_DESTRUCTOR_REGISTER(arg_fido2_device, freep); STATIC_DESTRUCTOR_REGISTER(arg_tpm2_device, freep); STATIC_DESTRUCTOR_REGISTER(arg_node, freep); +STATIC_DESTRUCTOR_REGISTER(arg_wipe_slots, freep); static bool wipe_requested(void) { return arg_n_wipe_slots > 0 || From da1589db45d278d6c50763943fde84e0562d7065 Mon Sep 17 00:00:00 2001 From: bin456789 Date: Sun, 14 Aug 2022 03:29:37 +0800 Subject: [PATCH 509/703] firstboot: fix can't overwrite timezone (cherry picked from commit e56dc320d39ade1795118ebe400308a80511e9c9) (cherry picked from commit 52c631b02edcd32e4d20bc8c390df54e4cc40fa8) --- src/firstboot/firstboot.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index d28a416e5d4..2ee59d5de58 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -479,8 +479,9 @@ static int process_timezone(void) { return log_error_errno(r, "Failed to read host timezone: %m"); (void) mkdir_parents(etc_localtime, 0755); - if (symlink(p, etc_localtime) < 0) - return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); + r = symlink_atomic(p, etc_localtime); + if (r < 0) + return log_error_errno(r, "Failed to create %s symlink: %m", etc_localtime); log_info("%s copied.", etc_localtime); return 0; @@ -497,8 +498,9 @@ static int process_timezone(void) { e = strjoina("../usr/share/zoneinfo/", arg_timezone); (void) mkdir_parents(etc_localtime, 0755); - if (symlink(e, etc_localtime) < 0) - return log_error_errno(errno, "Failed to create %s symlink: %m", etc_localtime); + r = symlink_atomic(e, etc_localtime); + if (r < 0) + return log_error_errno(r, "Failed to create %s symlink: %m", etc_localtime); log_info("%s written", etc_localtime); return 0; From c3fcff52912b0323e11f535fce151dc758f111e6 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 14 Aug 2022 06:00:10 +0900 Subject: [PATCH 510/703] udev/cdrom_id: check last track info Fixes off-by-one issue. Fixes #24306. (cherry picked from commit 628998ecfa0d39b38874e1aecdb28022f80f3269) (cherry picked from commit c67a388aeffcdc27ff280f01b7939005f7a9c8e9) --- src/udev/cdrom_id/cdrom_id.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c index cdb66bb3b7b..964eb6988e1 100644 --- a/src/udev/cdrom_id/cdrom_id.c +++ b/src/udev/cdrom_id/cdrom_id.c @@ -704,7 +704,7 @@ static int cd_media_toc(Context *c) { /* Take care to not iterate beyond the last valid track as specified in * the TOC, but also avoid going beyond the TOC length, just in case * the last track number is invalidly large */ - for (size_t i = 4; i + 8 < len && num_tracks > 0; i += 8, --num_tracks) { + for (size_t i = 4; i + 8 <= len && num_tracks > 0; i += 8, --num_tracks) { bool is_data_track; uint32_t block; From 7ca021b87e92a4e775af22c04a2ab2bf404ae313 Mon Sep 17 00:00:00 2001 From: Avram Lubkin Date: Tue, 16 Aug 2022 08:51:21 -0400 Subject: [PATCH 511/703] sysusers: add fsync for passwd (#24324) https://github.com/systemd/systemd/pull/6636 added `fsync()` when temporary shadow, group, and gshadow files are created, but it was not added for passwd. As far as I can tell, this seems to have been an oversight. I'm seeing real world issues where a blank /etc/passwd file is being created if a machine loses power early in the boot process. (cherry picked from commit 19193b489841a7bcccda7122ac0849cf6efe59fd) (cherry picked from commit 9f2f3911539c453037aecd51f875dfd75ed04113) --- src/sysusers/sysusers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 558df57b887..685b9618a91 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -509,7 +509,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char break; } - r = fflush_and_check(passwd); + r = fflush_sync_and_check(passwd); if (r < 0) return log_debug_errno(r, "Failed to flush %s: %m", passwd_tmp); From ef7b17be53293afe527bf3fc2750c345e9335592 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 16 Aug 2022 23:04:40 +0100 Subject: [PATCH 512/703] bash-completion: autocomplete cgroup names in systemd-cgtop (cherry picked from commit 0a152619aca5b6c16d022cc3e6ab2fc3786d0284) (cherry picked from commit 5219a99ccbaaf3b7a13bec74441443560b3f23fc) --- shell-completion/bash/systemd-cgtop | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/shell-completion/bash/systemd-cgtop b/shell-completion/bash/systemd-cgtop index 2c59b6c9f69..4c077e9b50a 100644 --- a/shell-completion/bash/systemd-cgtop +++ b/shell-completion/bash/systemd-cgtop @@ -56,6 +56,11 @@ _systemd_cgtop() { fi COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) + if [ -d /sys/fs/cgroup/systemd/ ]; then + COMPREPLY+=( $(cd /sys/fs/cgroup/systemd/ && compgen -o nospace -o dirnames "$cur") ) + elif [ -d /sys/fs/cgroup/ ]; then + COMPREPLY+=( $(cd /sys/fs/cgroup/ && compgen -o nospace -o dirnames "$cur") ) + fi } complete -F _systemd_cgtop systemd-cgtop From 503ebc858fb48555471cea73fc4cc3138cacd739 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 15 Jul 2022 20:46:04 +0200 Subject: [PATCH 513/703] booctl: do not say uuids differ if one of the uuids is unset We allow ESP autodetection to fail, e.g. if it is not mounted, but then we'd say that the detected one is different than the one reported by the bootloader, which is rather confusing. While at it, if we actually detect a mismatch, print the two uuids. (cherry picked from commit 22e54dd6de4d0be41ab70e0a94d7bd273e47c60a) (cherry picked from commit 4ffde70981b2502cc5c13fffbfe77c72b59b460a) --- src/boot/bootctl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c index 7fd9baf3dd8..3884767bd70 100644 --- a/src/boot/bootctl.c +++ b/src/boot/bootctl.c @@ -1520,8 +1520,11 @@ static int verb_status(int argc, char *argv[], void *userdata) { bool have_bootloader_esp_uuid = efi_loader_get_device_part_uuid(&bootloader_esp_uuid) >= 0; print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP information"); - if (have_bootloader_esp_uuid && !sd_id128_equal(esp_uuid, bootloader_esp_uuid)) - printf("WARNING: The boot loader reports a different ESP UUID than detected!\n"); + if (have_bootloader_esp_uuid && !sd_id128_is_null(esp_uuid) && + !sd_id128_equal(esp_uuid, bootloader_esp_uuid)) + printf("WARNING: The boot loader reports a different ESP UUID than detected ("SD_ID128_UUID_FORMAT_STR" vs. "SD_ID128_UUID_FORMAT_STR")!\n", + SD_ID128_FORMAT_VAL(bootloader_esp_uuid), + SD_ID128_FORMAT_VAL(esp_uuid)); if (stub) printf(" Stub: %s\n", stub); From bff3edb1ca71c25442f961deb623ba9523d83202 Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Mon, 22 Aug 2022 14:23:57 +0200 Subject: [PATCH 514/703] sysext: add missing COMMAND to the help output and man synopsis (cherry picked from commit 782e41ab8891673575ec03366d17d5e5c1da7b0d) (cherry picked from commit ada437cfb1e1d8feeecab9f6391561027d5987f1) --- man/systemd-sysext.xml | 1 + src/sysext/sysext.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml index 3ceb9fe7de1..a6ec4cf1f6e 100644 --- a/man/systemd-sysext.xml +++ b/man/systemd-sysext.xml @@ -26,6 +26,7 @@ systemd-sysext OPTIONS + COMMAND systemd-sysext.service diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index bcee8e38565..3d99fafb22d 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -887,7 +887,7 @@ static int verb_help(int argc, char **argv, void *userdata) { if (r < 0) return log_oom(); - printf("%1$s [OPTIONS...] [DEVICE]\n" + printf("%1$s [OPTIONS...] COMMAND\n" "\n%5$sMerge extension images into /usr/ and /opt/ hierarchies.%6$s\n" "\n%3$sCommands:%4$s\n" " status Show current merge status (default)\n" From 683980d5513010e070263bcc7154a7248d71a8e6 Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Mon, 22 Aug 2022 15:05:53 +0200 Subject: [PATCH 515/703] bash-completion: add systemd-sysext support (cherry picked from commit aa2118cb0b5478c6b8a30f8c55507ee5d5854943) (cherry picked from commit cf67d5ed1be38db5ea3f54551f4509ce315f7877) --- shell-completion/bash/systemd-sysext | 85 ++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 shell-completion/bash/systemd-sysext diff --git a/shell-completion/bash/systemd-sysext b/shell-completion/bash/systemd-sysext new file mode 100644 index 00000000000..b3f9f32fd50 --- /dev/null +++ b/shell-completion/bash/systemd-sysext @@ -0,0 +1,85 @@ +# systemd-sysext(8) completion -*- shell-script -*- +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see . + +__contains_word() { + local w word=$1; shift + for w in "$@"; do + [[ $w = "$word" ]] && return + done +} + +_systemd-sysext() { + local i verb comps + local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword + local -A OPTS=( + [STANDALONE]='-h --help --version + --no-pager + --no-legend + --force' + [ARG]='--root + --json' + ) + + local -A VERBS=( + [STANDALONE]='status + merge + unmerge + refresh + list' + ) + + _init_completion || return + + if __contains_word "$prev" ${OPTS[ARG]}; then + case $prev in + --root) + comps=$(compgen -A directory -- "$cur" ) + compopt -o dirnames + ;; + --json) + comps='pretty short off' + ;; + esac + COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) + return 0 + fi + + if [[ "$cur" = -* ]]; then + COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) + return 0 + fi + + for ((i=0; i < COMP_CWORD; i++)); do + if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} && + ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then + verb=${COMP_WORDS[i]} + break + fi + done + + if [[ -z ${verb-} ]]; then + comps=${VERBS[*]} + elif __contains_word "$verb" ${VERBS[STANDALONE]}; then + comps='' + fi + + COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) + return 0 +} + +complete -F _systemd-sysext systemd-sysext From 5fe4b668cd8b60711285fa2d29006ec89008049f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 20 Aug 2022 10:52:39 +0900 Subject: [PATCH 516/703] gpt: fix native uuids for s390x __s390__ is defined for both s390 and s390x. Hence, we need to define the native uuids for s390x at first. (cherry picked from commit 4565246911adbdd1b20d8944c0754772788a768c) (cherry picked from commit 8ad143e684c57d8fd9801fad3c379253d2cec92f) --- src/shared/gpt.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/shared/gpt.h b/src/shared/gpt.h index 00c829ca79a..9fca0ad6d49 100644 --- a/src/shared/gpt.h +++ b/src/shared/gpt.h @@ -21,8 +21,8 @@ #define GPT_ROOT_PPC64_LE SD_ID128_MAKE(c3,1c,45,e6,3f,39,41,2e,80,fb,48,09,c4,98,05,99) #define GPT_ROOT_RISCV32 SD_ID128_MAKE(60,d5,a7,fe,8e,7d,43,5c,b7,14,3d,d8,16,21,44,e1) #define GPT_ROOT_RISCV64 SD_ID128_MAKE(72,ec,70,a6,cf,74,40,e6,bd,49,4b,da,08,e8,f2,24) -#define GPT_ROOT_S390 SD_ID128_MAKE(08,a7,ac,ea,62,4c,4a,20,91,e8,6e,0f,a6,7d,23,f9) #define GPT_ROOT_S390X SD_ID128_MAKE(5e,ea,d9,a9,fe,09,4a,1e,a1,d7,52,0d,00,53,13,06) +#define GPT_ROOT_S390 SD_ID128_MAKE(08,a7,ac,ea,62,4c,4a,20,91,e8,6e,0f,a6,7d,23,f9) #define GPT_ROOT_TILEGX SD_ID128_MAKE(c5,0c,dd,70,38,62,4c,c3,90,e1,80,9a,8c,93,ee,2c) #define GPT_ROOT_X86 SD_ID128_MAKE(44,47,95,40,f2,97,41,b2,9a,f7,d1,31,d5,f0,45,8a) #define GPT_ROOT_X86_64 SD_ID128_MAKE(4f,68,bc,e3,e8,cd,4d,b1,96,e7,fb,ca,f9,84,b7,09) @@ -39,8 +39,8 @@ #define GPT_USR_PPC64_LE SD_ID128_MAKE(15,bb,03,af,77,e7,4d,4a,b1,2b,c0,d0,84,f7,49,1c) #define GPT_USR_RISCV32 SD_ID128_MAKE(b9,33,fb,22,5c,3f,4f,91,af,90,e2,bb,0f,a5,07,02) #define GPT_USR_RISCV64 SD_ID128_MAKE(be,ae,c3,4b,84,42,43,9b,a4,0b,98,43,81,ed,09,7d) -#define GPT_USR_S390 SD_ID128_MAKE(cd,0f,86,9b,d0,fb,4c,a0,b1,41,9e,a8,7c,c7,8d,66) #define GPT_USR_S390X SD_ID128_MAKE(8a,4f,57,70,50,aa,4e,d3,87,4a,99,b7,10,db,6f,ea) +#define GPT_USR_S390 SD_ID128_MAKE(cd,0f,86,9b,d0,fb,4c,a0,b1,41,9e,a8,7c,c7,8d,66) #define GPT_USR_TILEGX SD_ID128_MAKE(55,49,70,29,c7,c1,44,cc,aa,39,81,5e,d1,55,86,30) #define GPT_USR_X86 SD_ID128_MAKE(75,25,0d,76,8c,c6,45,8e,bd,66,bd,47,cc,81,a8,12) #define GPT_USR_X86_64 SD_ID128_MAKE(84,84,68,0c,95,21,48,c6,9c,11,b0,72,06,56,f6,9e) @@ -223,14 +223,6 @@ # define GPT_USR_NATIVE_VERITY GPT_USR_RISCV64_VERITY # define GPT_USR_NATIVE_VERITY_SIG GPT_USR_RISCV64_VERITY_SIG -#elif defined(__s390__) -# define GPT_ROOT_NATIVE GPT_ROOT_S390 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_S390_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_S390_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_S390 -# define GPT_USR_NATIVE_VERITY GPT_USR_S390_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_S390_VERITY_SIG - #elif defined(__s390x__) # define GPT_ROOT_NATIVE GPT_ROOT_S390X # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_S390X_VERITY @@ -239,6 +231,14 @@ # define GPT_USR_NATIVE_VERITY GPT_USR_S390X_VERITY # define GPT_USR_NATIVE_VERITY_SIG GPT_USR_S390X_VERITY_SIG +#elif defined(__s390__) +# define GPT_ROOT_NATIVE GPT_ROOT_S390 +# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_S390_VERITY +# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_S390_VERITY_SIG +# define GPT_USR_NATIVE GPT_USR_S390 +# define GPT_USR_NATIVE_VERITY GPT_USR_S390_VERITY +# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_S390_VERITY_SIG + #elif defined(__tilegx__) # define GPT_ROOT_NATIVE GPT_ROOT_TILEGX # define GPT_ROOT_NATIVE_VERITY GPT_ROOT_TILEGX_VERITY From eb53ee4a2f7462ebca8e167cccb9538874ccbb78 Mon Sep 17 00:00:00 2001 From: Goffredo Baroncelli Date: Mon, 22 Aug 2022 21:25:45 +0200 Subject: [PATCH 517/703] Allow uneven length BootXXXX variables The BootXXXX variables may have an uneven length. Don't return error in this case. Signed-off-by: Goffredo Baroncelli (cherry picked from commit 046f101bf6ecbe2c18fd969760256ada3e6230f0) (cherry picked from commit 2e372afc358f50408580323c56a44a7a6284cce0) --- src/shared/efi-loader.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c index b14a2c32aa8..1b71777af63 100644 --- a/src/shared/efi-loader.c +++ b/src/shared/efi-loader.c @@ -185,9 +185,6 @@ static ssize_t utf16_size(const uint16_t *s, size_t buf_len_bytes) { /* Returns the size of the string in bytes without the terminating two zero bytes */ - if (buf_len_bytes % sizeof(uint16_t) != 0) - return -EINVAL; - while (l < buf_len_bytes / sizeof(uint16_t)) { if (s[l] == 0) return (l + 1) * sizeof(uint16_t); From d59171e3625533e4a7658d6b05380053176ec859 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 6 Jul 2022 15:15:09 +0900 Subject: [PATCH 518/703] core/mount: adjust deserialized state based on /proc/self/mountinfo Fixes #23796. Replaces #23803 and #23851. (cherry picked from commit 01400460ae16c6522d11d08dd9a4b0928e7980d9) (cherry picked from commit d572a74163428e52982ee70844f8cc54c814a741) --- src/core/mount.c | 55 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/src/core/mount.c b/src/core/mount.c index fd0c9ab0cdb..b5e2c58e2e9 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -51,6 +51,9 @@ static const UnitActiveState state_translation_table[_MOUNT_STATE_MAX] = { static int mount_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata); static int mount_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata); +static void mount_enter_dead(Mount *m, MountResult f); +static void mount_enter_mounted(Mount *m, MountResult f); +static void mount_cycle_clear(Mount *m); static int mount_process_proc_self_mountinfo(Manager *m); static bool MOUNT_STATE_WITH_PROCESS(MountState state) { @@ -726,23 +729,17 @@ static void mount_set_state(Mount *m, MountState state) { static int mount_coldplug(Unit *u) { Mount *m = MOUNT(u); - MountState new_state = MOUNT_DEAD; int r; assert(m); assert(m->state == MOUNT_DEAD); - if (m->deserialized_state != m->state) - new_state = m->deserialized_state; - else if (m->from_proc_self_mountinfo) - new_state = MOUNT_MOUNTED; - - if (new_state == m->state) + if (m->deserialized_state == m->state) return 0; if (m->control_pid > 0 && pid_is_unwaited(m->control_pid) && - MOUNT_STATE_WITH_PROCESS(new_state)) { + MOUNT_STATE_WITH_PROCESS(m->deserialized_state)) { r = unit_watch_pid(UNIT(m), m->control_pid, false); if (r < 0) @@ -753,15 +750,52 @@ static int mount_coldplug(Unit *u) { return r; } - if (!IN_SET(new_state, MOUNT_DEAD, MOUNT_FAILED)) { + if (!IN_SET(m->deserialized_state, MOUNT_DEAD, MOUNT_FAILED)) { (void) unit_setup_dynamic_creds(u); (void) unit_setup_exec_runtime(u); } - mount_set_state(m, new_state); + mount_set_state(m, m->deserialized_state); return 0; } +static void mount_catchup(Unit *u) { + Mount *m = MOUNT(ASSERT_PTR(u)); + + assert(m); + + /* Adjust the deserialized state. See comments in mount_process_proc_self_mountinfo(). */ + if (m->from_proc_self_mountinfo) + switch (m->state) { + case MOUNT_DEAD: + case MOUNT_FAILED: + assert(m->control_pid == 0); + unit_acquire_invocation_id(u); + mount_cycle_clear(m); + mount_enter_mounted(m, MOUNT_SUCCESS); + break; + case MOUNT_MOUNTING: + assert(m->control_pid > 0); + mount_set_state(m, MOUNT_MOUNTING_DONE); + break; + default: + break; + } + else + switch (m->state) { + case MOUNT_MOUNTING_DONE: + assert(m->control_pid > 0); + mount_set_state(m, MOUNT_MOUNTING); + break; + case MOUNT_MOUNTED: + assert(m->control_pid == 0); + mount_enter_dead(m, MOUNT_SUCCESS); + break; + default: + break; + } +} + static void mount_dump(Unit *u, FILE *f, const char *prefix) { Mount *m = MOUNT(u); MountParameters *p; @@ -2226,6 +2260,7 @@ const UnitVTable mount_vtable = { .done = mount_done, .coldplug = mount_coldplug, + .catchup = mount_catchup, .dump = mount_dump, From 7cb0c3bc9974049678faa7ddb77e0f30a5c9aaa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Ja=C5=A1a?= Date: Tue, 23 Aug 2022 23:58:09 +0200 Subject: [PATCH 519/703] check-os-release.py compatible with Python < 3.8 The ":=" operator was only added in Python 3.8 so splitting the line with it into two makes check-os-release.py actually fulfill its claim of working with any python version. (cherry picked from commit ce0a056abc41168e1b45537505ca9f65bf6f5c30) (cherry picked from commit 951e99231e539c11861d62ce9cfc5b186a3a3e6e) --- man/check-os-release.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/man/check-os-release.py b/man/check-os-release.py index 91a5494b4a1..1a57c7a20d0 100644 --- a/man/check-os-release.py +++ b/man/check-os-release.py @@ -17,7 +17,8 @@ def read_os_release(): line = line.rstrip() if not line or line.startswith('#'): continue - if m := re.match(r'([A-Z][A-Z_0-9]+)=(.*)', line): + m = re.match(r'([A-Z][A-Z_0-9]+)=(.*)', line) + if m: name, val = m.groups() if val and val[0] in '"\'': val = ast.literal_eval(val) From 85ec3345fc3c86e2d2142fe4c41fad074ad62073 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 11 Jul 2022 14:13:33 +0200 Subject: [PATCH 520/703] virt: align tables (cherry picked from commit 5c86cec1f3466b2f4ed169fd3f32e944a0bca06e) (cherry picked from commit 6e47e75c86965e4f28ac94970116f86b99be8851) --- src/basic/virt.c | 142 +++++++++++++++++++++++------------------------ 1 file changed, 71 insertions(+), 71 deletions(-) diff --git a/src/basic/virt.c b/src/basic/virt.c index 52fbffbefb7..ab80826ca9b 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -885,68 +885,68 @@ struct cpuid_table_entry { }; static const struct cpuid_table_entry leaf1_edx[] = { - { 0, "fpu" }, - { 1, "vme" }, - { 2, "de" }, - { 3, "pse" }, - { 4, "tsc" }, - { 5, "msr" }, - { 6, "pae" }, - { 7, "mce" }, - { 8, "cx8" }, - { 9, "apic" }, - { 11, "sep" }, - { 12, "mtrr" }, - { 13, "pge" }, - { 14, "mca" }, - { 15, "cmov" }, - { 16, "pat" }, - { 17, "pse36" }, + { 0, "fpu" }, + { 1, "vme" }, + { 2, "de" }, + { 3, "pse" }, + { 4, "tsc" }, + { 5, "msr" }, + { 6, "pae" }, + { 7, "mce" }, + { 8, "cx8" }, + { 9, "apic" }, + { 11, "sep" }, + { 12, "mtrr" }, + { 13, "pge" }, + { 14, "mca" }, + { 15, "cmov" }, + { 16, "pat" }, + { 17, "pse36" }, { 19, "clflush" }, - { 23, "mmx" }, - { 24, "fxsr" }, - { 25, "sse" }, - { 26, "sse2" }, - { 28, "ht" }, + { 23, "mmx" }, + { 24, "fxsr" }, + { 25, "sse" }, + { 26, "sse2" }, + { 28, "ht" }, }; static const struct cpuid_table_entry leaf1_ecx[] = { - { 0, "pni" }, - { 1, "pclmul" }, + { 0, "pni" }, + { 1, "pclmul" }, { 3, "monitor" }, - { 9, "ssse3" }, - { 12, "fma3" }, - { 13, "cx16" }, - { 19, "sse4_1" }, - { 20, "sse4_2" }, - { 22, "movbe" }, - { 23, "popcnt" }, - { 25, "aes" }, - { 26, "xsave" }, + { 9, "ssse3" }, + { 12, "fma3" }, + { 13, "cx16" }, + { 19, "sse4_1" }, + { 20, "sse4_2" }, + { 22, "movbe" }, + { 23, "popcnt" }, + { 25, "aes" }, + { 26, "xsave" }, { 27, "osxsave" }, - { 28, "avx" }, - { 29, "f16c" }, - { 30, "rdrand" }, + { 28, "avx" }, + { 29, "f16c" }, + { 30, "rdrand" }, }; static const struct cpuid_table_entry leaf7_ebx[] = { - { 3, "bmi1" }, - { 5, "avx2" }, - { 8, "bmi2" }, + { 3, "bmi1" }, + { 5, "avx2" }, + { 8, "bmi2" }, { 18, "rdseed" }, - { 19, "adx" }, + { 19, "adx" }, { 29, "sha_ni" }, }; static const struct cpuid_table_entry leaf81_edx[] = { { 11, "syscall" }, - { 27, "rdtscp" }, - { 29, "lm" }, + { 27, "rdtscp" }, + { 29, "lm" }, }; static const struct cpuid_table_entry leaf81_ecx[] = { { 0, "lahf_lm" }, - { 5, "abm" }, + { 5, "abm" }, }; static const struct cpuid_table_entry leaf87_edx[] = { @@ -1004,34 +1004,34 @@ bool has_cpu_with_flag(const char *flag) { } static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { - [VIRTUALIZATION_NONE] = "none", - [VIRTUALIZATION_KVM] = "kvm", - [VIRTUALIZATION_AMAZON] = "amazon", - [VIRTUALIZATION_QEMU] = "qemu", - [VIRTUALIZATION_BOCHS] = "bochs", - [VIRTUALIZATION_XEN] = "xen", - [VIRTUALIZATION_UML] = "uml", - [VIRTUALIZATION_VMWARE] = "vmware", - [VIRTUALIZATION_ORACLE] = "oracle", - [VIRTUALIZATION_MICROSOFT] = "microsoft", - [VIRTUALIZATION_ZVM] = "zvm", - [VIRTUALIZATION_PARALLELS] = "parallels", - [VIRTUALIZATION_BHYVE] = "bhyve", - [VIRTUALIZATION_QNX] = "qnx", - [VIRTUALIZATION_ACRN] = "acrn", - [VIRTUALIZATION_POWERVM] = "powervm", - [VIRTUALIZATION_VM_OTHER] = "vm-other", - - [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn", - [VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt", - [VIRTUALIZATION_LXC] = "lxc", - [VIRTUALIZATION_OPENVZ] = "openvz", - [VIRTUALIZATION_DOCKER] = "docker", - [VIRTUALIZATION_PODMAN] = "podman", - [VIRTUALIZATION_RKT] = "rkt", - [VIRTUALIZATION_WSL] = "wsl", - [VIRTUALIZATION_PROOT] = "proot", - [VIRTUALIZATION_POUCH] = "pouch", + [VIRTUALIZATION_NONE] = "none", + [VIRTUALIZATION_KVM] = "kvm", + [VIRTUALIZATION_AMAZON] = "amazon", + [VIRTUALIZATION_QEMU] = "qemu", + [VIRTUALIZATION_BOCHS] = "bochs", + [VIRTUALIZATION_XEN] = "xen", + [VIRTUALIZATION_UML] = "uml", + [VIRTUALIZATION_VMWARE] = "vmware", + [VIRTUALIZATION_ORACLE] = "oracle", + [VIRTUALIZATION_MICROSOFT] = "microsoft", + [VIRTUALIZATION_ZVM] = "zvm", + [VIRTUALIZATION_PARALLELS] = "parallels", + [VIRTUALIZATION_BHYVE] = "bhyve", + [VIRTUALIZATION_QNX] = "qnx", + [VIRTUALIZATION_ACRN] = "acrn", + [VIRTUALIZATION_POWERVM] = "powervm", + [VIRTUALIZATION_VM_OTHER] = "vm-other", + + [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn", + [VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt", + [VIRTUALIZATION_LXC] = "lxc", + [VIRTUALIZATION_OPENVZ] = "openvz", + [VIRTUALIZATION_DOCKER] = "docker", + [VIRTUALIZATION_PODMAN] = "podman", + [VIRTUALIZATION_RKT] = "rkt", + [VIRTUALIZATION_WSL] = "wsl", + [VIRTUALIZATION_PROOT] = "proot", + [VIRTUALIZATION_POUCH] = "pouch", [VIRTUALIZATION_CONTAINER_OTHER] = "container-other", }; From 86e121dd7b0a4caf104cb60cf7ea0784bf0f3c42 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Mon, 22 Aug 2022 10:35:21 -0600 Subject: [PATCH 521/703] virt: Support detection of Apple Virtualization.framework guests (cherry picked from commit f5558306746c0791dab666e76d51e7ef1ce38362) (cherry picked from commit cd2fad23008f1f339625904925e21ccf9147b50a) --- man/systemd-detect-virt.xml | 7 ++++++- man/systemd.unit.xml | 1 + src/basic/virt.c | 30 ++++++++++++++++-------------- src/basic/virt.h | 1 + 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml index 14bfd19b622..22104c2fd6d 100644 --- a/man/systemd-detect-virt.xml +++ b/man/systemd-detect-virt.xml @@ -62,7 +62,7 @@ - VM + VM qemu QEMU software virtualization, without KVM @@ -137,6 +137,11 @@ ACRN hypervisor + + apple + Apple Virtualization.framework + + Container openvz diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index f17fa66b110..6e553e1b3c2 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -1235,6 +1235,7 @@ uml, bhyve, qnx, + apple, openvz, lxc, lxc-libvirt, diff --git a/src/basic/virt.c b/src/basic/virt.c index ab80826ca9b..71cbc9756c9 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -153,21 +153,22 @@ static int detect_vm_dmi_vendor(void) { const char *vendor; int id; } dmi_vendor_table[] = { - { "KVM", VIRTUALIZATION_KVM }, - { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ - { "KubeVirt", VIRTUALIZATION_KVM }, /* Detect KubeVirt instance as KVM in non x86 architecture */ - { "Amazon EC2", VIRTUALIZATION_AMAZON }, - { "QEMU", VIRTUALIZATION_QEMU }, - { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ - { "VMW", VIRTUALIZATION_VMWARE }, - { "innotek GmbH", VIRTUALIZATION_ORACLE }, - { "VirtualBox", VIRTUALIZATION_ORACLE }, - { "Xen", VIRTUALIZATION_XEN }, - { "Bochs", VIRTUALIZATION_BOCHS }, - { "Parallels", VIRTUALIZATION_PARALLELS }, + { "KVM", VIRTUALIZATION_KVM }, + { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ + { "KubeVirt", VIRTUALIZATION_KVM }, /* Detect KubeVirt instance as KVM in non x86 architecture */ + { "Amazon EC2", VIRTUALIZATION_AMAZON }, + { "QEMU", VIRTUALIZATION_QEMU }, + { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ + { "VMW", VIRTUALIZATION_VMWARE }, + { "innotek GmbH", VIRTUALIZATION_ORACLE }, + { "VirtualBox", VIRTUALIZATION_ORACLE }, + { "Xen", VIRTUALIZATION_XEN }, + { "Bochs", VIRTUALIZATION_BOCHS }, + { "Parallels", VIRTUALIZATION_PARALLELS }, /* https://wiki.freebsd.org/bhyve */ - { "BHYVE", VIRTUALIZATION_BHYVE }, - { "Hyper-V", VIRTUALIZATION_MICROSOFT }, + { "BHYVE", VIRTUALIZATION_BHYVE }, + { "Hyper-V", VIRTUALIZATION_MICROSOFT }, + { "Apple Virtualization", VIRTUALIZATION_APPLE }, }; int r; @@ -1020,6 +1021,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { [VIRTUALIZATION_QNX] = "qnx", [VIRTUALIZATION_ACRN] = "acrn", [VIRTUALIZATION_POWERVM] = "powervm", + [VIRTUALIZATION_APPLE] = "apple", [VIRTUALIZATION_VM_OTHER] = "vm-other", [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn", diff --git a/src/basic/virt.h b/src/basic/virt.h index 1eafbe2cbec..0309eff21b4 100644 --- a/src/basic/virt.h +++ b/src/basic/virt.h @@ -24,6 +24,7 @@ enum { VIRTUALIZATION_QNX, VIRTUALIZATION_ACRN, VIRTUALIZATION_POWERVM, + VIRTUALIZATION_APPLE, VIRTUALIZATION_VM_OTHER, VIRTUALIZATION_VM_LAST = VIRTUALIZATION_VM_OTHER, From 3ce09d9127957ac5a721f88351cf42a69cbd9335 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Aug 2022 14:18:41 +0200 Subject: [PATCH 522/703] shared/udev-util: say "ignoring device", not "ignoring" The short form sounds like we're ignoring the error. (cherry picked from commit 406fbeca32d9abacdcc28b0cc00d2beefcc4feb2) (cherry picked from commit 6d4c1385347e73fd68466f51eae33dad78a46125) --- src/shared/udev-util.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 608f546cff8..5b232a9ca39 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -665,7 +665,7 @@ int on_ac_power(void) { r = sd_device_get_sysattr_value(d, "type", &val); if (r < 0) { - log_device_debug_errno(d, r, "Failed to read 'type' sysfs attribute, ignoring: %m"); + log_device_debug_errno(d, r, "Failed to read 'type' sysfs attribute, ignoring device: %m"); continue; } @@ -675,7 +675,7 @@ int on_ac_power(void) { * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ if (streq(val, "Battery")) { found_battery = true; - log_device_debug(d, "The power supply is battery, ignoring."); + log_device_debug(d, "The power supply is battery, ignoring device."); continue; } @@ -684,22 +684,22 @@ int on_ac_power(void) { r = device_is_power_sink(d); if (r <= 0) { if (r < 0) - log_device_debug_errno(d, r, "Failed to determine the current power role, ignoring: %m"); + log_device_debug_errno(d, r, "Failed to determine the current power role, ignoring device: %m"); else - log_device_debug(d, "USB power supply is in source mode, ignoring."); + log_device_debug(d, "USB power supply is in source mode, ignoring device."); continue; } } r = sd_device_get_sysattr_value(d, "online", &val); if (r < 0) { - log_device_debug_errno(d, r, "Failed to read 'online' sysfs attribute, ignoring: %m"); + log_device_debug_errno(d, r, "Failed to read 'online' sysfs attribute, ignoring device: %m"); continue; } r = safe_atou(val, &v); if (r < 0) { - log_device_debug_errno(d, r, "Failed to parse 'online' attribute, ignoring: %m"); + log_device_debug_errno(d, r, "Failed to parse 'online' attribute, ignoring device: %m"); continue; } From 9e62e7facbd5d54e0ac0a07fe8774f2f49032214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Aug 2022 16:30:05 +0200 Subject: [PATCH 523/703] on-ac-power: rework logic History of the function: 96788d2aa4f4b0b49874b4a240ce47d9e8485d1b assume system is running on AC power when no battery found 795e86b4f1e8a1fd440f8c817621779c6aedbdb5 ignore USB-C ports in power source mode when detecting system is running on AC power c19a51bec40ae5e5073464e72411e7920d05d683 invert ac_power() source type check 6d89003462484c8656b698e07b9cf0a337e3818e assume ac when /sys/class/power_supply is missing 240dbaa44f8e5ad51775c776fc3ce9cd2f19f037 add ConditionACPower= Interestingly, the return condition 'on_ac_power == found_online || !found_offline' was there from the very beginning, and even Yu's latest change doesn't change this, but only extends it to 'on_ac_power == found_online || !found_offline || !found_battery'. This means that any system with no AC power supply will be unconditionally classified as on_ac_power. Let's change the logic: if we have an online AC supply, answer is "yes". If no supplies, but we have a battery, answer is "no". Otherwise, assume "yes", based on the assumption that presense of a battery would at least be always reported, even if an AC power supply might not be. Fixes #24407. It also shouldn't impact previous fixes: assume ac when /sys/class/power_supply is missing, ignore USB-C ports in power source mode, assume system is running on AC power when no battery found. (cherry picked from commit 4a52514b371bf8013e89c421dfc2405a443feef8) (cherry picked from commit 9886011356f9cd3737263b5bf9070181c7859f26) --- src/shared/udev-util.c | 79 +++++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 35 deletions(-) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 5b232a9ca39..4cf83378c6a 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -641,9 +641,28 @@ static int device_is_power_sink(sd_device *device) { return found_sink || !found_source; } +static int device_get_sysattr_unsigned(sd_device *device, const char *sysattr, unsigned *ret_value) { + const char *value; + int r; + + r = sd_device_get_sysattr_value(device, sysattr, &value); + if (r < 0) + return r; + + unsigned v; + r = safe_atou(value, &v); + if (r < 0) + return log_device_debug_errno(device, r, "Failed to parse '%s' attribute: %m", sysattr); + + if (ret_value) + *ret_value = v; + /* We return "true" if the value is positive. */ + return v > 0; +} + int on_ac_power(void) { _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; - bool found_offline = false, found_online = false, found_battery = false; + bool found_ac_online = false, found_battery = false; sd_device *d; int r; @@ -660,25 +679,18 @@ int on_ac_power(void) { return r; FOREACH_DEVICE(e, d) { - const char *val; - unsigned v; + /* See + * https://github.com/torvalds/linux/blob/4eef766b7d4d88f0b984781bc1bcb574a6eafdc7/include/linux/power_supply.h#L176 + * for defined power source types. Also see: + * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ + const char *val; r = sd_device_get_sysattr_value(d, "type", &val); if (r < 0) { log_device_debug_errno(d, r, "Failed to read 'type' sysfs attribute, ignoring device: %m"); continue; } - /* We assume every power source is AC, except for batteries. See - * https://github.com/torvalds/linux/blob/4eef766b7d4d88f0b984781bc1bcb574a6eafdc7/include/linux/power_supply.h#L176 - * for defined power source types. Also see: - * https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-power */ - if (streq(val, "Battery")) { - found_battery = true; - log_device_debug(d, "The power supply is battery, ignoring device."); - continue; - } - /* Ignore USB-C power supply in source mode. See issue #21988. */ if (streq(val, "USB")) { r = device_is_power_sink(d); @@ -691,36 +703,33 @@ int on_ac_power(void) { } } - r = sd_device_get_sysattr_value(d, "online", &val); - if (r < 0) { - log_device_debug_errno(d, r, "Failed to read 'online' sysfs attribute, ignoring device: %m"); + bool is_battery = streq(val, "Battery"); + if (is_battery) { + found_battery = true; + log_device_debug(d, "The power supply is battery."); continue; } - r = safe_atou(val, &v); + r = device_get_sysattr_unsigned(d, "online", NULL); if (r < 0) { - log_device_debug_errno(d, r, "Failed to parse 'online' attribute, ignoring device: %m"); + log_device_debug_errno(d, r, "Failed to query 'online' sysfs attribute: %m"); continue; - } + } else if (r > 0) /* At least 1 and 2 are defined as different types of 'online' */ + found_ac_online = true; - if (v > 0) /* At least 1 and 2 are defined as different types of 'online' */ - found_online = true; - else - found_offline = true; - - log_device_debug(d, "The power supply is currently %s.", v > 0 ? "online" : "offline"); + log_device_debug(d, "The power supply is currently %s.", r > 0 ? "online" : "offline"); } - if (found_online) - log_debug("Found at least one online non-battery power supply, system is running on AC power."); - else if (!found_offline) - log_debug("Found no offline non-battery power supply, assuming system is running on AC power."); - else if (!found_battery) - log_debug("Found no battery, assuming system is running on AC power."); - else - log_debug("All non-battery power supplies are offline, assuming system is running with battery."); - - return found_online || !found_offline || !found_battery; + if (found_ac_online) { + log_debug("Found at least one online non-battery power supply, system is running on AC."); + return true; + } else if (found_battery) { + log_debug("Found battery and no online power sources, assuming system is running from battery."); + return false; + } else { + log_debug("No power supply reported online and no battery, assuming system is running on AC."); + return true; + } } bool udev_available(void) { From 1f5ccc9931cce66eeda81d72eca0b97acd412cac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 23 Aug 2022 16:48:26 +0200 Subject: [PATCH 524/703] on-ac-power: ignore devices with scope==Device My mouse is reported as: P: /devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4.4/1-4.4:1.2/0003:046D:C52B.001E/0003:046D:4051.001F/power_supply/hidpp_battery_4 M: hidpp_battery_4 R: 4 U: power_supply E: DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4.4/1-4.4:1.2/0003:046D:C52B.001E/0003:046D:4051.001F/power_supply/hidpp_battery_4 E: SUBSYSTEM=power_supply E: POWER_SUPPLY_NAME=hidpp_battery_4 E: POWER_SUPPLY_TYPE=Battery E: POWER_SUPPLY_ONLINE=1 E: POWER_SUPPLY_STATUS=Discharging E: POWER_SUPPLY_SCOPE=Device E: POWER_SUPPLY_MODEL_NAME=Wireless Mouse M510 E: POWER_SUPPLY_MANUFACTURER=Logitech E: POWER_SUPPLY_SERIAL_NUMBER=4051-bc-cd-d2-5b E: POWER_SUPPLY_CAPACITY_LEVEL=Normal See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=25a0bc2dfc2ea732f40af2dae52426ead66ae76e Effectively, "System" and "Unkown" are passed through, "Device" is rejected. (cherry picked from commit 3c69e94a5ce8076fa1240028f24d9b4ba1b67408) (cherry picked from commit b00cb050c80e8a8005420020bc1ea8f432992de8) --- src/shared/udev-util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index 4cf83378c6a..c7ff00eeb18 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -705,6 +705,14 @@ int on_ac_power(void) { bool is_battery = streq(val, "Battery"); if (is_battery) { + r = sd_device_get_sysattr_value(d, "scope", &val); + if (r < 0) + log_device_debug_errno(d, r, "Failed to read 'scope' sysfs attribute, ignoring: %m"); + else if (streq(val, "Device")) { + log_device_debug(d, "The power supply is a device battery, ignoring."); + continue; + } + found_battery = true; log_device_debug(d, "The power supply is battery."); continue; From deb03fe7e51067bc1461558ff82203c2f2d550f9 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 28 Aug 2022 06:10:44 +0900 Subject: [PATCH 525/703] shell-completion: drop unused $mode Fixes #24473. (cherry picked from commit c4c9714464a0e8138f247405c3a52bab00f60781) (cherry picked from commit 49f9fa87b2186fe77c373dc8a8cf6759ff285687) --- shell-completion/zsh/_systemctl.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in index 6fbe8737c23..0a3e19f44d6 100644 --- a/shell-completion/zsh/_systemctl.in +++ b/shell-completion/zsh/_systemctl.in @@ -191,8 +191,8 @@ __systemctl() (( $+functions[_systemctl_get_non_template_names] )) || _systemctl_get_non_template_names() { echo -E - ${^${(R)${(f)"$( - __systemctl $mode list-unit-files "$PREFIX*" - __systemctl $mode list-units --all "$PREFIX*" + __systemctl list-unit-files "$PREFIX*" + __systemctl list-units --all "$PREFIX*" )"}:#*@.*}%%[[:space:]]*} } (( $+functions[_systemctl_get_template_names] )) || @@ -205,8 +205,8 @@ __systemctl() _systemctl_startable_units(){ _sys_startable_units=( $( _filter_units_by_property ActiveState inactive $( _filter_units_by_property CanStart yes ${${${(f)"$( - __systemctl $mode list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient "$PREFIX*" - __systemctl $mode list-units --state inactive,failed "$PREFIX*" + __systemctl list-unit-files --state enabled,enabled-runtime,linked,linked-runtime,static,indirect,disabled,generated,transient "$PREFIX*" + __systemctl list-units --state inactive,failed "$PREFIX*" )"}:#*@.*}%%[[:space:]]*} )) ) } @@ -214,8 +214,8 @@ __systemctl() (( $+functions[_systemctl_restartable_units] )) || _systemctl_restartable_units(){ _sys_restartable_units=( $( _filter_units_by_property CanStart yes ${${${(f)"$( - __systemctl $mode list-unit-files --state enabled,disabled,static "$PREFIX*" - __systemctl $mode list-units "$PREFIX*" + __systemctl list-unit-files --state enabled,disabled,static "$PREFIX*" + __systemctl list-units "$PREFIX*" )"}:#*@.*}%%[[:space:]]*} ) ) } From e22632a9dabd19b9f91569a62ec8936325af9fc7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 27 Aug 2022 15:44:17 +0900 Subject: [PATCH 526/703] udev-util: minor cleanups for on_ac_power() Follow-ups for #24420. (cherry picked from commit 8676bdb70842ebb8d55fcc50774ba69f8a14b51a) (cherry picked from commit 96da39ddb11cd4ea5514def19480c0b88b4b33f5) --- src/shared/udev-util.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c index c7ff00eeb18..803548af246 100644 --- a/src/shared/udev-util.c +++ b/src/shared/udev-util.c @@ -703,13 +703,13 @@ int on_ac_power(void) { } } - bool is_battery = streq(val, "Battery"); - if (is_battery) { + if (streq(val, "Battery")) { r = sd_device_get_sysattr_value(d, "scope", &val); - if (r < 0) - log_device_debug_errno(d, r, "Failed to read 'scope' sysfs attribute, ignoring: %m"); - else if (streq(val, "Device")) { - log_device_debug(d, "The power supply is a device battery, ignoring."); + if (r < 0) { + if (r != -ENOENT) + log_device_debug_errno(d, r, "Failed to read 'scope' sysfs attribute, ignoring: %m"); + } else if (streq(val, "Device")) { + log_device_debug(d, "The power supply is a device battery, ignoring device."); continue; } @@ -720,7 +720,7 @@ int on_ac_power(void) { r = device_get_sysattr_unsigned(d, "online", NULL); if (r < 0) { - log_device_debug_errno(d, r, "Failed to query 'online' sysfs attribute: %m"); + log_device_debug_errno(d, r, "Failed to query 'online' sysfs attribute, ignoring device: %m"); continue; } else if (r > 0) /* At least 1 and 2 are defined as different types of 'online' */ found_ac_online = true; From ba29bb342deb4eeb55debfa7abb4ba97d50df076 Mon Sep 17 00:00:00 2001 From: Daniel Braunwarth Date: Sun, 28 Aug 2022 20:02:50 +0200 Subject: [PATCH 527/703] condition: fix device-tree firmware path The path /sys/firmware/device-tree doesn't exist. This should be either /proc/device-tree or /sys/firmware/devicetree. The first path is only a link. So lets use the second path. See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218. (cherry picked from commit 1037178acfd093fb10d8f5e74f3072f78afdf7e8) (cherry picked from commit 254b77e73cb81265146de653563a7fe3f9936b56) --- src/shared/condition.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/shared/condition.c b/src/shared/condition.c index 68fbbf643a9..1a8225ae520 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -555,9 +555,9 @@ static int condition_test_firmware(Condition *c, char **env) { assert(c->type == CONDITION_FIRMWARE); if (streq(c->parameter, "device-tree")) { - if (access("/sys/firmware/device-tree/", F_OK) < 0) { + if (access("/sys/firmware/devicetree/", F_OK) < 0) { if (errno != ENOENT) - log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/device-tree/: %m"); + log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/devicetree/: %m"); return false; } else return true; From 40cedddab7e5c84c8fa4738de423971997d9aef5 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 2 Sep 2022 18:35:03 +0200 Subject: [PATCH 528/703] log: don't attempt to duplicate closed fd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit if the console fd is not open we shouldn#t try to move it out of the 0…2 range. Fixes: #24535 Alternative-for: #24537 (cherry picked from commit f1ee066840eea748ad4074ac2bc859bb897953b9) (cherry picked from commit e0dde8a14f8b05b88e1add1abdb68c364913346b) --- src/basic/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/log.c b/src/basic/log.c index 12071e2ebd3..ac36d2564e4 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -1488,7 +1488,7 @@ int log_dup_console(void) { /* Duplicate the fd we use for fd logging if it's < 3 and use the copy from now on. This call is useful * whenever we want to continue logging through the original fd, but want to rearrange stderr. */ - if (console_fd >= 3) + if (console_fd < 0 || console_fd >= 3) return 0; copy = fcntl(console_fd, F_DUPFD_CLOEXEC, 3); From 559e851a95abdfa4aefcffd60d0cdc0f5bb5ea2d Mon Sep 17 00:00:00 2001 From: Jade Bilkey <425547+Fumon@users.noreply.github.com> Date: Sat, 3 Sep 2022 17:37:45 -0400 Subject: [PATCH 529/703] man: fix static bridge example A NetDev is needed to create the bridge in order to match the example's description "This creates a bridge..." (cherry picked from commit bc33789a06e5a727fa4662b0dfcbe02ef7e46687) (cherry picked from commit 44660d2e12d8fb418307f2a701cd97823618574c) --- man/systemd.network.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/systemd.network.xml b/man/systemd.network.xml index e5e87353381..0ab4f602efa 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -4526,6 +4526,11 @@ DHCPPrefixDelegation=yes A bridge with two enslaved links + # /etc/systemd/network/25-bridge-static.netdev +[NetDev] +Name=bridge0 +Kind=bridge + # /etc/systemd/network/25-bridge-static.network [Match] Name=bridge0 From 7c2a025984d36c7a8dfdb8da36a7ba97877c1f98 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 5 Sep 2022 15:14:11 +0200 Subject: [PATCH 530/703] homed: don't wait indefinitely for workers on exit Let's put some time-limit on it. Fixes: #22901 (cherry picked from commit f8f621821a30b5b7e6c69dfb770e1c4cbc3db715) (cherry picked from commit 202a79e7c506df0606bd17d1c7522bacc776398d) --- src/home/homed-home.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/home/homed-home.c b/src/home/homed-home.c index 470c7f07f62..91831392ace 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -3143,13 +3143,21 @@ int home_set_current_message(Home *h, sd_bus_message *m) { } int home_wait_for_worker(Home *h) { + int r; + assert(h); if (h->worker_pid <= 0) return 0; log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name); - (void) wait_for_terminate(h->worker_pid, NULL); + + r = wait_for_terminate_with_timeout(h->worker_pid, 30 * USEC_PER_SEC); + if (r == -ETIMEDOUT) + log_warning_errno(r, "Waiting for worker process for home %s timed out. Ignoring.", h->user_name); + else + log_warning_errno(r, "Failed to wait for worker process for home %s. Ignoring.", h->user_name); + (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h); h->worker_pid = 0; return 1; From 78319729710c78f4cf032a85fc720a17934297c6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 5 Sep 2022 15:15:36 +0200 Subject: [PATCH 531/703] units: prolong the stop timeout for homed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's give IO/resizing/… more time then usual. Fixes: #22901 (cherry picked from commit d3d2dd5e4f07c5d513c06df69f2c214681ddcd2a) (cherry picked from commit 8b89e677e92b728383e203d98db45ae919fe6c97) --- units/systemd-homed.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in index c2f8548897e..3448157134f 100644 --- a/units/systemd-homed.service.in +++ b/units/systemd-homed.service.in @@ -34,6 +34,7 @@ StateDirectory=systemd/home SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @mount +TimeoutStopSec=3min {{SERVICE_WATCHDOG}} [Install] From 6fd508a3ae97053d544674613ede897b5fad43f3 Mon Sep 17 00:00:00 2001 From: Sebastian Scheibner Date: Fri, 22 May 2020 10:37:43 +0200 Subject: [PATCH 532/703] busctl: Fix warning about invaild introspection data The set_put function returns 0 if the element is already in the set and not EEXIST, like e.g. hashmap does. (cherry picked from commit bdff06de069fc83f18a126bf6b899ae2341572c3) (cherry picked from commit 175ba30cf64772b136b5b982f04ff3c9a8295e23) --- src/busctl/busctl.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c index c0c9b23ae99..1640c977d9d 100644 --- a/src/busctl/busctl.c +++ b/src/busctl/busctl.c @@ -808,8 +808,9 @@ static int on_interface(const char *interface, uint64_t flags, void *userdata) { return log_oom(); r = set_put(members, m); - if (r == -EEXIST) - return log_error_errno(r, "Invalid introspection data: duplicate interface '%s'.", interface); + if (r == 0) + return log_error_errno(SYNTHETIC_ERRNO(EEXIST), + "Invalid introspection data: duplicate interface '%s'.", interface); if (r < 0) return log_oom(); @@ -851,8 +852,9 @@ static int on_method(const char *interface, const char *name, const char *signat return log_oom(); r = set_put(members, m); - if (r == -EEXIST) - return log_error_errno(r, "Invalid introspection data: duplicate method '%s' on interface '%s'.", name, interface); + if (r == 0) + return log_error_errno(SYNTHETIC_ERRNO(EEXIST), + "Invalid introspection data: duplicate method '%s' on interface '%s'.", name, interface); if (r < 0) return log_oom(); @@ -890,8 +892,9 @@ static int on_signal(const char *interface, const char *name, const char *signat return log_oom(); r = set_put(members, m); - if (r == -EEXIST) - return log_error_errno(r, "Invalid introspection data: duplicate signal '%s' on interface '%s'.", name, interface); + if (r == 0) + return log_error_errno(SYNTHETIC_ERRNO(EEXIST), + "Invalid introspection data: duplicate signal '%s' on interface '%s'.", name, interface); if (r < 0) return log_oom(); @@ -930,8 +933,9 @@ static int on_property(const char *interface, const char *name, const char *sign return log_oom(); r = set_put(members, m); - if (r == -EEXIST) - return log_error_errno(r, "Invalid introspection data: duplicate property '%s' on interface '%s'.", name, interface); + if (r == 0) + return log_error_errno(SYNTHETIC_ERRNO(EEXIST), + "Invalid introspection data: duplicate property '%s' on interface '%s'.", name, interface); if (r < 0) return log_oom(); From bb2d46fc68f6bc657a816d40ddc9145f191288d5 Mon Sep 17 00:00:00 2001 From: Daniel Braunwarth Date: Fri, 16 Sep 2022 11:15:06 +0200 Subject: [PATCH 533/703] journalctl: respect --quiet flag during file concistency verification Fixes #24563. (cherry picked from commit 43deb1a8dce012c67a1285f7ef1bd40d971a4730) (cherry picked from commit ac805eac156155bb8afdbaf704400e0ef854a6c9) --- src/journal/journalctl.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 3c4a7c0a7a5..24b6ba72b53 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -1997,7 +1997,7 @@ static int setup_keys(void) { #endif } -static int verify(sd_journal *j) { +static int verify(sd_journal *j, bool verbose) { int r = 0; JournalFile *f; @@ -2014,7 +2014,7 @@ static int verify(sd_journal *j) { log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path); #endif - k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true); + k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, verbose); if (k == -EINVAL) /* If the key was invalid give up right-away. */ return k; @@ -2022,19 +2022,22 @@ static int verify(sd_journal *j) { r = log_warning_errno(k, "FAIL: %s (%m)", f->path); else { char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX]; - log_info("PASS: %s", f->path); + log_full(verbose ? LOG_INFO : LOG_DEBUG, "PASS: %s", f->path); if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) { if (validated > 0) { - log_info("=> Validated from %s to %s, final %s entries not sealed.", + log_full(verbose ? LOG_INFO : LOG_DEBUG, + "=> Validated from %s to %s, final %s entries not sealed.", format_timestamp_maybe_utc(a, sizeof(a), first), format_timestamp_maybe_utc(b, sizeof(b), validated), FORMAT_TIMESPAN(last > validated ? last - validated : 0, 0)); } else if (last > 0) - log_info("=> No sealing yet, %s of entries not sealed.", + log_full(verbose ? LOG_INFO : LOG_DEBUG, + "=> No sealing yet, %s of entries not sealed.", FORMAT_TIMESPAN(last - first, 0)); else - log_info("=> No sealing yet, no entries in file."); + log_full(verbose ? LOG_INFO : LOG_DEBUG, + "=> No sealing yet, no entries in file."); } } } @@ -2335,7 +2338,7 @@ int main(int argc, char *argv[]) { goto finish; case ACTION_VERIFY: - r = verify(j); + r = verify(j, !arg_quiet); goto finish; case ACTION_DISK_USAGE: { From 259a84d5c21cef8dd781b74258150610cbc85ec6 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 26 Aug 2022 07:50:32 +0900 Subject: [PATCH 534/703] mkdir: chase_symlinks_and_stat() does not return 0 This reverts commits e22916e61d1fdb7b46918b605ebf783d9017f9d8 and 1e146d738232acbe7f72903e9c5e4d1166ea67f5. (cherry picked from commit f1d93b84bcc7c722a03928587023b144d4cc5e48) (cherry picked from commit b3a9f7b5cb6a6ff56c60232b63f56d4b3cbae92f) --- src/basic/mkdir.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 51a0d74e875..27144dd45a6 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -19,7 +19,8 @@ int mkdir_safe_internal( const char *path, mode_t mode, - uid_t uid, gid_t gid, + uid_t uid, + gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdirat) { @@ -42,13 +43,16 @@ int mkdir_safe_internal( if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) { _cleanup_free_ char *p = NULL; - r = chase_symlinks_and_stat(path, NULL, 0, &p, &st, NULL); + r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p, NULL); if (r < 0) return r; if (r == 0) return mkdir_safe_internal(p, mode, uid, gid, flags & ~MKDIR_FOLLOW_SYMLINK, _mkdirat); + + if (lstat(p, &st) < 0) + return -errno; } if (!S_ISDIR(st.st_mode)) From 0ae11d2942ffe680abc1975ac6db3197f81ee378 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 26 Aug 2022 07:19:59 +0900 Subject: [PATCH 535/703] test: add more test cases for mkdir_p_safe() and mkdir_p_root() (cherry picked from commit f8d5048dbf633f1bcccedbd337d751b33c5996a2) (cherry picked from commit e5157050d1012cc621dd5608efbad366f57f8b12) --- src/test/test-mkdir.c | 101 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 96 insertions(+), 5 deletions(-) diff --git a/src/test/test-mkdir.c b/src/test/test-mkdir.c index c715d5f0964..2ea7257609a 100644 --- a/src/test/test-mkdir.c +++ b/src/test/test-mkdir.c @@ -2,29 +2,120 @@ #include +#include "fs-util.h" #include "mkdir.h" #include "path-util.h" #include "rm-rf.h" +#include "stat-util.h" #include "tests.h" #include "tmpfile-util.h" +#include "user-util.h" -TEST(mkdir_p) { +TEST(mkdir_p_safe) { _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL; - _cleanup_free_ char *p = NULL; + _cleanup_free_ char *p = NULL, *q = NULL; assert_se(mkdtemp_malloc("/tmp/test-mkdir-XXXXXX", &tmp) >= 0); - assert_se(p = path_join(tmp, "run")); + assert_se(p = path_join(tmp, "run/aaa/bbb")); assert_se(mkdir_p(p, 0755) >= 0); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "run/ccc/ddd")); + assert_se(mkdir_p_safe(tmp, p, 0755, UID_INVALID, GID_INVALID, 0) >= 0); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); p = mfree(p); assert_se(p = path_join(tmp, "var/run")); - assert_se(mkdir_parents(p, 0755) >= 0); + assert_se(mkdir_parents_safe(tmp, p, 0755, UID_INVALID, GID_INVALID, 0) >= 0); assert_se(symlink("../run", p) >= 0); + assert_se(is_dir(p, false) == 0); + assert_se(is_dir(p, true) > 0); p = mfree(p); assert_se(p = path_join(tmp, "var/run/hoge/foo/baz")); - assert_se(mkdir_p(p, 0755) >= 0); + assert_se(mkdir_p_safe(tmp, p, 0755, UID_INVALID, GID_INVALID, 0) >= 0); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "not-exists")); + assert_se(q = path_join(p, "aaa")); + assert_se(mkdir_p_safe(p, q, 0755, UID_INVALID, GID_INVALID, 0) == -ENOENT); + + p = mfree(p); + q = mfree(q); + assert_se(p = path_join(tmp, "regular-file")); + assert_se(q = path_join(p, "aaa")); + assert_se(touch(p) >= 0); + assert_se(mkdir_p_safe(p, q, 0755, UID_INVALID, GID_INVALID, 0) == -ENOTDIR); + + p = mfree(p); + q = mfree(q); + assert_se(p = path_join(tmp, "symlink")); + assert_se(q = path_join(p, "hoge/foo")); + assert_se(symlink("aaa", p) >= 0); + assert_se(mkdir_p_safe(tmp, q, 0755, UID_INVALID, GID_INVALID, 0) >= 0); + assert_se(is_dir(q, false) > 0); + assert_se(is_dir(q, true) > 0); + q = mfree(q); + assert_se(q = path_join(tmp, "aaa/hoge/foo")); + assert_se(is_dir(q, false) > 0); + assert_se(is_dir(q, true) > 0); + + assert_se(mkdir_p_safe(tmp, "/tmp/test-mkdir-outside", 0755, UID_INVALID, GID_INVALID, 0) == -ENOTDIR); +} + +TEST(mkdir_p_root) { + _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL; + _cleanup_free_ char *p = NULL; + + assert_se(mkdtemp_malloc("/tmp/test-mkdir-XXXXXX", &tmp) >= 0); + + assert_se(p = path_join(tmp, "run/aaa/bbb")); + assert_se(mkdir_p_root(tmp, "/run/aaa/bbb", UID_INVALID, GID_INVALID, 0755) >= 0); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "var/run")); + assert_se(mkdir_parents_safe(tmp, p, 0755, UID_INVALID, GID_INVALID, 0) >= 0); + assert_se(symlink("../run", p) >= 0); + assert_se(is_dir(p, false) == 0); + assert_se(is_dir(p, true) > 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "var/run/hoge/foo/baz")); + assert_se(mkdir_p_root(tmp, "/var/run/hoge/foo/baz", UID_INVALID, GID_INVALID, 0755) >= 0); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); + + p = mfree(p); + assert_se(p = path_join(tmp, "not-exists")); + assert_se(mkdir_p_root(p, "/aaa", UID_INVALID, GID_INVALID, 0755) == -ENOENT); + + p = mfree(p); + assert_se(p = path_join(tmp, "regular-file")); + assert_se(touch(p) >= 0); + assert_se(mkdir_p_root(p, "/aaa", UID_INVALID, GID_INVALID, 0755) == -ENOTDIR); + + /* FIXME: The tests below do not work. + p = mfree(p); + assert_se(p = path_join(tmp, "symlink")); + assert_se(symlink("aaa", p) >= 0); + assert_se(mkdir_p_root(tmp, "/symlink/hoge/foo", UID_INVALID, GID_INVALID, 0755) >= 0); + p = mfree(p); + assert_se(p = path_join(tmp, "symlink/hoge/foo")); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); + p = mfree(p); + assert_se(p = path_join(tmp, "aaa/hoge/foo")); + assert_se(is_dir(p, false) > 0); + assert_se(is_dir(p, true) > 0); + */ } DEFINE_TEST_MAIN(LOG_DEBUG); From 40766f6a48095f11538cfaa79f371b7d51e14286 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 22 Sep 2022 15:08:43 -0700 Subject: [PATCH 536/703] kbd-model-map: add a mapping for switched czech qwerty/us See https://bugzilla.redhat.com/show_bug.cgi?id=2121106 for the background on this. One of Fedora's QA folks ran an install and chose two keyboard layouts: Czech (qwerty) and US. Due to the sad details of how the whole logic flow for trying to decide what kbd layout best matches a given xkb config works (see details in the bug comments), we wound up deciding the best- matching kbd layout for this situation was cz-us-qwertz, which is a czech/us switched layout, but is qwertz, not qwerty. This seems like a poor outcome. Adding this line should result in us picking cz-qwerty in this case. Which may be the 'legacy' cz-qwerty.map from upstream kbd project (which is switched cz/us), or may be the auto-converted xkb layout (which obviously isn't switched). But either way, at least its primary mode is Czech qwerty, which seems like a *better* choice than a layout whose primary mode is Czech qwertz. Signed-off-by: Adam Williamson (cherry picked from commit 97f99506980d92e858dc4685a2e84d9548d6eca4) (cherry picked from commit 7bb204620dc7515146d02fc475768203d0037f9d) --- src/locale/kbd-model-map | 1 + 1 file changed, 1 insertion(+) diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map index 46708a7ebe9..348e90f0eba 100644 --- a/src/locale/kbd-model-map +++ b/src/locale/kbd-model-map @@ -33,6 +33,7 @@ fr-pc fr pc105 - terminate:ctrl_alt_bksp bg_pho-utf8 bg,us pc105 ,phonetic terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll it-ibm it pc105 - terminate:ctrl_alt_bksp cz-us-qwertz cz,us pc105 - terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll +cz-qwerty cz,us pc105 qwerty terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll br-abnt2 br abnt2 - terminate:ctrl_alt_bksp ro ro pc105 - terminate:ctrl_alt_bksp us-acentos us pc105 intl terminate:ctrl_alt_bksp From 3f074e438a1781bd243de519c55315f4992b23bd Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 22 Sep 2022 14:21:46 +0200 Subject: [PATCH 537/703] run: make --working-directory= work for --scope too This sounds like a more user-friendly alternative to #24780 (cherry picked from commit fecc44776638a24099ce7e9ac227bcaa2c34f1e0) (cherry picked from commit c948091cc54fda83923f3c13be51f4de1b422c59) --- src/run/run.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/run/run.c b/src/run/run.c index ff24373847c..eaa95b1cb2e 100644 --- a/src/run/run.c +++ b/src/run/run.c @@ -1531,6 +1531,9 @@ static int start_transient_scope(sd_bus *bus) { return log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", uid); } + if (arg_working_directory && chdir(arg_working_directory) < 0) + return log_error_errno(errno, "Failed to change directory to '%s': %m", arg_working_directory); + env = strv_env_merge(environ, user_env, arg_environment); if (!env) return log_oom(); From d24b8586878f56acdf899ed9a568b8499ec96c45 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 21 Sep 2022 02:26:42 +0900 Subject: [PATCH 538/703] udev: support by-path devlink for multipath nvme block devices If multipath feature is enabled, nvme block devices may belong to the "nvme-subsystem" subsystem, instead of "nvme" subsystem. (What a confusing name...) Then, the syspath is something like the following, /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 Hence, we need to find the 'real parent' device, such as /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964. Replaces #24748. (cherry picked from commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e) (cherry picked from commit 3137ac6ef5db1dcebd297e6d8c6af372d6acf23d) --- rules.d/60-persistent-storage.rules | 1 + src/udev/udev-builtin-path_id.c | 61 +++++++++++++++++++++++++---- 2 files changed, 54 insertions(+), 8 deletions(-) diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules index 6ac17f2b645..bfab0c0a7c0 100644 --- a/rules.d/60-persistent-storage.rules +++ b/rules.d/60-persistent-storage.rules @@ -88,6 +88,7 @@ KERNEL=="msblk[0-9]p[0-9]|mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL} # by-path ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" +ENV{DEVTYPE}=="disk", SUBSYSTEMS=="nvme-subsystem", IMPORT{builtin}="path_id" KERNEL=="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-boot%n" KERNEL!="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c index ae92e452059..93069c70acb 100644 --- a/src/udev/udev-builtin-path_id.c +++ b/src/udev/udev-builtin-path_id.c @@ -543,19 +543,55 @@ static sd_device *handle_ap(sd_device *parent, char **path) { return skip_subsystem(parent, "ap"); } +static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { + _cleanup_(sd_device_unrefp) sd_device *nvme = NULL; + const char *sysname, *end; + int r; + + /* If the device belongs to "nvme-subsystem" (not to be confused with "nvme"), which happens when + * NVMe multipathing is enabled in the kernel (/sys/module/nvme_core/parameters/multipath is Y), + * then the syspath is something like the following: + * /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 + * Hence, we need to find the 'real parent' in "nvme" subsystem, e.g, + * /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 */ + + assert(dev); + assert(nvme); + + r = sd_device_get_sysname(dev, &sysname); + if (r < 0) + return r; + + /* The sysname format of nvme block device is nvme%d[c%d]n%d[p%d], e.g. nvme0n1p2 or nvme0c1n2. + * (Note, nvme device with 'c' can be ignored, as they are hidden. ) + * The sysname format of nvme subsystem device is nvme%d. + * See nvme_alloc_ns() and nvme_init_ctrl() in drivers/nvme/host/core.c for more details. */ + end = startswith(sysname, "nvme"); + if (!end) + return -ENXIO; + + end += strspn(end, DIGITS); + sysname = strndupa(sysname, end - sysname); + + r = sd_device_new_from_subsystem_sysname(&nvme, "nvme", sysname); + if (r < 0) + return r; + + *ret = TAKE_PTR(nvme); + return 0; +} + static int builtin_path_id(sd_device *dev, sd_netlink **rtnl, int argc, char *argv[], bool test) { - sd_device *parent; - _cleanup_free_ char *path = NULL; - _cleanup_free_ char *compat_path = NULL; - bool supported_transport = false; - bool supported_parent = false; + _cleanup_(sd_device_unrefp) sd_device *dev_other_branch = NULL; + _cleanup_free_ char *path = NULL, *compat_path = NULL; + bool supported_transport = false, supported_parent = false; const char *subsystem; + int r; assert(dev); /* walk up the chain of devices and compose path */ - parent = dev; - while (parent) { + for (sd_device *parent = dev; parent; ) { const char *subsys, *sysname; if (sd_device_get_subsystem(parent, &subsys) < 0 || @@ -642,13 +678,22 @@ static int builtin_path_id(sd_device *dev, sd_netlink **rtnl, int argc, char *ar parent = skip_subsystem(parent, "iucv"); supported_transport = true; supported_parent = true; - } else if (streq(subsys, "nvme")) { + } else if (STR_IN_SET(subsys, "nvme", "nvme-subsystem")) { const char *nsid; if (sd_device_get_sysattr_value(dev, "nsid", &nsid) >= 0) { path_prepend(&path, "nvme-%s", nsid); if (compat_path) path_prepend(&compat_path, "nvme-%s", nsid); + + if (streq(subsys, "nvme-subsystem")) { + r = find_real_nvme_parent(dev, &dev_other_branch); + if (r < 0) + return r; + + parent = dev_other_branch; + } + parent = skip_subsystem(parent, "nvme"); supported_parent = true; supported_transport = true; From 5670a04b3dd01c84b2c50969b98fb6e5d20e232c Mon Sep 17 00:00:00 2001 From: msizanoen1 Date: Tue, 27 Sep 2022 21:48:48 +0700 Subject: [PATCH 539/703] resolve: persist DNSOverTLS configuration in state file Currently, NetworkManager will set DNSOverTLS according to its `connection.dnsovertls` configuration only once during connection, instead of every single restart of systemd-resolved, causing resolved to lose the configuration on restart. Fix this by persisting DNSOverTLS in the runtime state file, which will also make it more consistent with other interface-specific settings. (cherry picked from commit b49e029a9953dd0f327efe9035a7c429c3cfeb92) (cherry picked from commit 9d1ebb22479b16e10623138ccbf3cd27378bf230) --- src/resolve/resolved-link.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c index 6c910498a25..43150cf7cac 100644 --- a/src/resolve/resolved-link.c +++ b/src/resolve/resolved-link.c @@ -1211,6 +1211,10 @@ int link_save_user(Link *l) { if (v) fprintf(f, "DNSSEC=%s\n", v); + v = dns_over_tls_mode_to_string(l->dns_over_tls_mode); + if (v) + fprintf(f, "DNSOVERTLS=%s\n", v); + if (l->default_route >= 0) fprintf(f, "DEFAULT_ROUTE=%s\n", yes_no(l->default_route)); @@ -1292,6 +1296,7 @@ int link_load_user(Link *l) { *llmnr = NULL, *mdns = NULL, *dnssec = NULL, + *dns_over_tls = NULL, *servers = NULL, *domains = NULL, *ntas = NULL, @@ -1316,6 +1321,7 @@ int link_load_user(Link *l) { "LLMNR", &llmnr, "MDNS", &mdns, "DNSSEC", &dnssec, + "DNSOVERTLS", &dns_over_tls, "SERVERS", &servers, "DOMAINS", &domains, "NTAS", &ntas, @@ -1343,6 +1349,9 @@ int link_load_user(Link *l) { /* If we can't recognize the DNSSEC setting, then set it to invalid, so that the daemon default is used. */ l->dnssec_mode = dnssec_mode_from_string(dnssec); + /* Same for DNSOverTLS */ + l->dns_over_tls_mode = dns_over_tls_mode_from_string(dns_over_tls); + for (p = servers;;) { _cleanup_free_ char *word = NULL; From d44dbdb6826bca941544bd7b8e5cb63cf2207cc0 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 29 Sep 2022 12:58:03 -0700 Subject: [PATCH 540/703] kbd-model-map: correct variants for cz-qwerty to include comma As explained by @poncovka , the 'xvariant' string should contain the same number of comma-separated elements as 'xlayout'. When we have two layouts we need two items in xvariant, in this case one of them is empty. See https://github.com/rhinstaller/anaconda/pull/4355#pullrequestreview-1119913870 for @poncovka's full explanation. Signed-off-by: Adam Williamson (cherry picked from commit 950aeeb8ffc950637fac22cb5a42074f227d57f3) (cherry picked from commit 1a2d93a7700d5056f01ee5b42605b1245310f690) --- src/locale/kbd-model-map | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/locale/kbd-model-map b/src/locale/kbd-model-map index 348e90f0eba..fd90f3c7248 100644 --- a/src/locale/kbd-model-map +++ b/src/locale/kbd-model-map @@ -33,7 +33,7 @@ fr-pc fr pc105 - terminate:ctrl_alt_bksp bg_pho-utf8 bg,us pc105 ,phonetic terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll it-ibm it pc105 - terminate:ctrl_alt_bksp cz-us-qwertz cz,us pc105 - terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll -cz-qwerty cz,us pc105 qwerty terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll +cz-qwerty cz,us pc105 qwerty, terminate:ctrl_alt_bksp,grp:shifts_toggle,grp_led:scroll br-abnt2 br abnt2 - terminate:ctrl_alt_bksp ro ro pc105 - terminate:ctrl_alt_bksp us-acentos us pc105 intl terminate:ctrl_alt_bksp From 165b8f88536cab9876d3dabfa2faf89ae5fc54dd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 29 Sep 2022 16:50:27 +0900 Subject: [PATCH 541/703] resolve: do not cache mDNS goodbye packet Fixes #24842. (cherry picked from commit a78049fc0e6a75446cb782b548ae9db8edf7a107) (cherry picked from commit 140fee4627dccf0e5ad5fed9dacb9384698668f8) --- src/resolve/resolved-dns-cache.c | 7 +++++++ src/resolve/resolved-dns-cache.h | 1 + src/resolve/resolved-dns-transaction.c | 1 + src/resolve/resolved-mdns.c | 14 +++++++++++++- 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 13dcddf38b0..53096f77b22 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -410,6 +410,7 @@ static void dns_cache_item_update_positive( static int dns_cache_put_positive( DnsCache *c, + DnsProtocol protocol, DnsResourceRecord *rr, DnsAnswer *answer, DnsPacket *full_packet, @@ -471,6 +472,10 @@ static int dns_cache_put_positive( return 0; } + /* Do not cache mDNS goodbye packet. */ + if (protocol == DNS_PROTOCOL_MDNS && rr->ttl <= 1) + return 0; + /* Otherwise, add the new RR */ r = dns_cache_init(c); if (r < 0) @@ -681,6 +686,7 @@ static bool rr_eligible(DnsResourceRecord *rr) { int dns_cache_put( DnsCache *c, DnsCacheMode cache_mode, + DnsProtocol protocol, DnsResourceKey *key, int rcode, DnsAnswer *answer, @@ -774,6 +780,7 @@ int dns_cache_put( r = dns_cache_put_positive( c, + protocol, item->rr, primary ? answer : NULL, primary ? full_packet : NULL, diff --git a/src/resolve/resolved-dns-cache.h b/src/resolve/resolved-dns-cache.h index 621b52f8926..1ddd04b088b 100644 --- a/src/resolve/resolved-dns-cache.h +++ b/src/resolve/resolved-dns-cache.h @@ -26,6 +26,7 @@ void dns_cache_prune(DnsCache *c); int dns_cache_put( DnsCache *c, DnsCacheMode cache_mode, + DnsProtocol protocol, DnsResourceKey *key, int rcode, DnsAnswer *answer, diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 496bc2f1557..724aa90cd6a 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -821,6 +821,7 @@ static void dns_transaction_cache_answer(DnsTransaction *t) { dns_cache_put(&t->scope->cache, t->scope->manager->enable_cache, + t->scope->protocol, dns_transaction_key(t), t->answer_rcode, t->answer, diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c index 23c084130b1..5fc782ed0c3 100644 --- a/src/resolve/resolved-mdns.c +++ b/src/resolve/resolved-mdns.c @@ -423,7 +423,19 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us } } - dns_cache_put(&scope->cache, scope->manager->enable_cache, NULL, DNS_PACKET_RCODE(p), p->answer, NULL, false, _DNSSEC_RESULT_INVALID, UINT32_MAX, p->family, &p->sender); + dns_cache_put( + &scope->cache, + scope->manager->enable_cache, + DNS_PROTOCOL_MDNS, + NULL, + DNS_PACKET_RCODE(p), + p->answer, + NULL, + false, + _DNSSEC_RESULT_INVALID, + UINT32_MAX, + p->family, + &p->sender); } else if (dns_packet_validate_query(p) > 0) { log_debug("Got mDNS query packet for id %u", DNS_PACKET_ID(p)); From d4b9c0477d864e5f1d5f4868a2bf2f7ac425b1f8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 27 Sep 2022 12:18:43 +0200 Subject: [PATCH 542/703] man: document the Dump() calls of the PID 1 D-Bus interface, and what they are (cherry picked from commit 0df8512124b05ed2d3be1537a4023e89ec33f0f7) (cherry picked from commit c4fd38f7d221ae5b438f81df6171701fcf3df352) --- man/org.freedesktop.systemd1.xml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 0a1dab298a8..9515d117ae4 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -549,10 +549,6 @@ node /org/freedesktop/systemd1 { - - - - @@ -1299,6 +1295,20 @@ node /org/freedesktop/systemd1 { all clients which previously asked for Subscribe() either closed their connection to the bus or invoked Unsubscribe(). + Dump() returns a text dump of the internal service manager state. This is a + privileged, low-level debugging interface only. The returned string is supposed to be readable + exclusively by developers, and not programmatically. There's no interface stability on the returned + string guaranteed, and new fields may be added any time, and old fields removed. The general structure + may be rearranged drastically between releases. This is exposed by + systemd-analyze1's + dump command. The DumpByFileDescriptor() method is identical to + Dump() but returns the data serialized into a file descriptor (the client should + read the text data from it until hitting EOF). Given the size limits on D-Bus messages and the possibly + large size of the returned string, DumpByFileDescriptor() is usually the + preferable interface, since it ensures the data can be passed reliably from the service manager to the + client. (Note though that DumpByFileDescriptor() cannot work when communicating + with the service manager remotely, as file descriptors are strictly local to a system.) + Reload() may be invoked to reload all unit files. Reexecute() may be invoked to reexecute the main manager process. It will From 787034e0916c25df6d11709751b5b008fb981c7c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 27 Sep 2022 12:18:47 +0200 Subject: [PATCH 543/703] manager: make clear internal Dump() logic is debugging only. (cherry picked from commit acf2de52171106f7084e9410f4cc838b9a4183dd) (cherry picked from commit 1531a496e37be4da0e094f72f6f5c8eb8d4a150a) --- src/core/manager-dump.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/manager-dump.c b/src/core/manager-dump.c index 789c552723e..61717d8006f 100644 --- a/src/core/manager-dump.c +++ b/src/core/manager-dump.c @@ -33,6 +33,10 @@ void manager_dump(Manager *m, FILE *f, const char *prefix) { assert(m); assert(f); + /* NB: this is a debug interface for developers. It's not supposed to be machine readable or be + * stable between versions. We take the liberty to restructure it entirely between versions and + * add/remove fields at will. */ + fprintf(f, "%sManager: systemd " STRINGIFY(PROJECT_VERSION) " (" GIT_VERSION ")\n", strempty(prefix)); fprintf(f, "%sFeatures: %s\n", strempty(prefix), systemd_features); From eb06b4cd8f5f7d8d98b3c72c336429dbe32a6b67 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 30 Sep 2022 10:26:43 +0200 Subject: [PATCH 544/703] systemctl: color ignored exit status in yellow, not red If the executable path is prefixed with "-", an exit code of the command normally considered a failure (i.e. non-zero exit status or abnormal exit due to signal) is recorded, but has no further effect and is considered equivalent to success. Let's honor this with `systemctl status`, and color ignored exit status in yellow, not red. (cherry picked from commit e879434df550c6dcfc02f23e613f4dda7f741089) (cherry picked from commit de08edca171be09c10e6860664497b101fc36bc6) --- src/systemctl/systemctl-show.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c index 9181a22eb78..a23d6677b51 100644 --- a/src/systemctl/systemctl-show.c +++ b/src/systemctl/systemctl-show.c @@ -559,7 +559,7 @@ static void print_status_info( good = is_clean_exit(p->code, p->status, EXIT_CLEAN_DAEMON, NULL); if (!good) { - on = ansi_highlight_red(); + on = p->ignore ? ansi_highlight_yellow() : ansi_highlight_red(); off = ansi_normal(); } else on = off = ""; From a9b264eb6b16266a42ae62f50b4015ab5c7cdc70 Mon Sep 17 00:00:00 2001 From: David Rheinsberg Date: Wed, 29 Jun 2022 13:37:40 +0200 Subject: [PATCH 545/703] bus: use inline trace argument for ANONYMOUS auth Rather than using a separate DATA round to transmit the trace-string of the ANONYMOUS authentication scheme, transmit it inline as argument. This requires a refactor of the client-side SASL parser, as we now have a different set of replies depending on the mode used. This fixes an issue where libdbus-1 does not query for trace-strings if not transmit inline as AUTH-ANONYMOUS argument. It is unclear from the wording of the spec whether this is a violation by libdbus-1. However, we can work around it by simply changing our mode of transmittal. (cherry picked from commit 347f48246f7014f2e266b1fcb4527edee93037da) (cherry picked from commit bb803856bc8f86c76fbfdd3f5c61f84264e79ab4) --- src/libsystemd/sd-bus/bus-socket.c | 114 ++++++++++++++++------------- 1 file changed, 62 insertions(+), 52 deletions(-) diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 14951ccb330..af67fc70eb1 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -156,75 +156,86 @@ static int bus_socket_write_auth(sd_bus *b) { } static int bus_socket_auth_verify_client(sd_bus *b) { - char *d, *e, *f, *start; + char *l, *lines[4] = {}; sd_id128_t peer; + size_t i, n; int r; assert(b); /* - * We expect three response lines: - * "DATA\r\n" + * We expect up to three response lines: + * "DATA\r\n" (optional) * "OK \r\n" * "AGREE_UNIX_FD\r\n" (optional) */ - d = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2); - if (!d) - return 0; - - e = memmem_safe(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2); - if (!e) - return 0; - - if (b->accept_fd) { - f = memmem_safe(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2); - if (!f) - return 0; - - start = f + 2; - } else { - f = NULL; - start = e + 2; + n = 0; + lines[n] = b->rbuffer; + for (i = 0; i < 3; ++i) { + l = memmem_safe(lines[n], b->rbuffer_size - (lines[n] - (char*) b->rbuffer), "\r\n", 2); + if (l) + lines[++n] = l + 2; + else + break; } - /* Nice! We got all the lines we need. First check the DATA line. */ - - if (d - (char*) b->rbuffer == 4) { - if (memcmp(b->rbuffer, "DATA", 4)) - return -EPERM; - } else if (d - (char*) b->rbuffer == 3 + 32) { - /* - * Old versions of the server-side implementation of `sd-bus` replied with "OK " to - * "AUTH" requests from a client, even if the "AUTH" line did not contain inlined - * arguments. Therefore, we also accept "OK " here, even though it is technically the - * wrong reply. We ignore the "" parameter, though, since it has no real value. - */ - if (memcmp(b->rbuffer, "OK ", 3)) + /* + * If we sent a non-empty initial response, then we just expect an OK + * reply. We currently do this if, and only if, we picked ANONYMOUS. + * If we did not send an initial response, then we expect a DATA + * challenge, reply with our own DATA, and expect an OK reply. We do + * this for EXTERNAL. + * If FD negotiation was requested, we additionally expect + * an AGREE_UNIX_FD response in all cases. + */ + if (n < (b->anonymous_auth ? 1U : 2U) + !!b->accept_fd) + return 0; /* wait for more data */ + + i = 0; + + /* In case of EXTERNAL, verify the first response was DATA. */ + if (!b->anonymous_auth) { + l = lines[i++]; + if (lines[i] - l == 4 + 2) { + if (memcmp(l, "DATA", 4)) + return -EPERM; + } else if (lines[i] - l == 3 + 32 + 2) { + /* + * Old versions of the server-side implementation of + * `sd-bus` replied with "OK " to "AUTH" requests + * from a client, even if the "AUTH" line did not + * contain inlined arguments. Therefore, we also accept + * "OK " here, even though it is technically the + * wrong reply. We ignore the "" parameter, though, + * since it has no real value. + */ + if (memcmp(l, "OK ", 3)) + return -EPERM; + } else return -EPERM; - } else - return -EPERM; + } /* Now check the OK line. */ + l = lines[i++]; - if (e - d != 2 + 3 + 32) + if (lines[i] - l != 3 + 32 + 2) return -EPERM; - - if (memcmp(d + 2, "OK ", 3)) + if (memcmp(l, "OK ", 3)) return -EPERM; b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL; - for (unsigned i = 0; i < 32; i += 2) { + for (unsigned j = 0; j < 32; j += 2) { int x, y; - x = unhexchar(d[2 + 3 + i]); - y = unhexchar(d[2 + 3 + i + 1]); + x = unhexchar(l[3 + j]); + y = unhexchar(l[3 + j + 1]); if (x < 0 || y < 0) return -EINVAL; - peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y); + peer.bytes[j/2] = ((uint8_t) x << 4 | (uint8_t) y); } if (!sd_id128_is_null(b->server_id) && @@ -234,15 +245,15 @@ static int bus_socket_auth_verify_client(sd_bus *b) { b->server_id = peer; /* And possibly check the third line, too */ + if (b->accept_fd) { + l = lines[i++]; + b->can_fds = !!memory_startswith(l, lines[i] - l, "AGREE_UNIX_FD"); + } - if (f) - b->can_fds = - (f - e == STRLEN("\r\nAGREE_UNIX_FD")) && - memcmp(e + 2, "AGREE_UNIX_FD", - STRLEN("AGREE_UNIX_FD")) == 0; + assert(i == n); - b->rbuffer_size -= (start - (char*) b->rbuffer); - memmove(b->rbuffer, start, b->rbuffer_size); + b->rbuffer_size -= (lines[i] - (char*) b->rbuffer); + memmove(b->rbuffer, lines[i], b->rbuffer_size); r = bus_start_running(b); if (r < 0) @@ -646,9 +657,8 @@ static int bus_socket_start_auth_client(sd_bus *b) { * message broker to aid debugging of clients. We fully anonymize the connection and use a * static default. */ - "\0AUTH ANONYMOUS\r\n" - /* HEX a n o n y m o u s */ - "DATA 616e6f6e796d6f7573\r\n" + /* HEX a n o n y m o u s */ + "\0AUTH ANONYMOUS 616e6f6e796d6f7573\r\n" }; static const char sasl_auth_external[] = { "\0AUTH EXTERNAL\r\n" From b2082bbad0a2a8c44f0c9fe9b48589f0151a00f7 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 8 Aug 2022 11:50:01 +0200 Subject: [PATCH 546/703] stub: Use EfiLoaderCode for kernel memory Fixes: #24237 (cherry picked from commit 79a7ef89aa5dd9d99a904f1253bad7512d3feee5) (cherry picked from commit 7dacfb3fb4eaceedf994705d63fa1a1b72f8f12a) --- src/boot/efi/linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c index ce0f4985c04..42cb69ecac6 100644 --- a/src/boot/efi/linux.c +++ b/src/boot/efi/linux.c @@ -146,7 +146,7 @@ EFI_STATUS linux_exec( */ /* allocate SizeOfImage + SectionAlignment because the new_buffer can move up to Alignment-1 bytes */ kernel.num = EFI_SIZE_TO_PAGES(ALIGN_TO(kernel_size_of_image, kernel_alignment) + kernel_alignment); - err = BS->AllocatePages(AllocateAnyPages, EfiLoaderData, kernel.num, &kernel.addr); + err = BS->AllocatePages(AllocateAnyPages, EfiLoaderCode, kernel.num, &kernel.addr); if (EFI_ERROR(err)) return EFI_OUT_OF_RESOURCES; new_buffer = PHYSICAL_ADDRESS_TO_POINTER(ALIGN_TO(kernel.addr, kernel_alignment)); From 260633c50b5da5522b714d7989a138ecd73febd6 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 4 Sep 2022 22:34:38 +0900 Subject: [PATCH 547/703] mount-util: fix error code If multiple service is starting simultaneously with a shared image, then one of the service may fail to create a mount node: systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... systemd[696]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... systemd[695]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory systemd[696]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... systemd[696]: Failed to create destination mount point node '/run/systemd/unit-root/run/host/os-release': Operation not permitted systemd[695]: Successfully mounted /usr/lib/os-release to /run/systemd/unit-root/run/host/os-release The function apply_one_mount() in src/core/namespace.c gracefully handles -EEXIST from make_mount_point_inode_from_path(), but it erroneously returned -EPERM previously. This fixes the issue. Fixes one of the issues in #24147, especially reported at https://github.com/systemd/systemd/issues/24147#issuecomment-1236194671. (cherry picked from commit b6ca2b281eff254dce2293990360e799af806ad4) (cherry picked from commit 24238be484e6d7633bc68c784f7b3180299a80d4) --- src/shared/mount-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index af7b7bf52c8..79a50a0adbc 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -1120,7 +1120,7 @@ int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mo if (S_ISDIR(st->st_mode)) return mkdir_label(dest, mode); else - return mknod(dest, S_IFREG|(mode & ~0111), 0); + return RET_NERRNO(mknod(dest, S_IFREG|(mode & ~0111), 0)); } int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode) { From 99a630479b860a594caeb7c82cf7cca569556f1f Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt Date: Mon, 12 Sep 2022 14:55:14 +0200 Subject: [PATCH 548/703] base-filesystem.c: add trailing zero byte for s390x entry (cherry picked from commit 4167e2135e0df7ce21820107e73492bb749280b9) (cherry picked from commit 654ae8c1e4b6ba367ba09936462fe2eb1ad8ea2e) --- src/shared/base-filesystem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c index 102b2c4f5a2..2847bcb0fb7 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -97,7 +97,7 @@ static const BaseFilesystem table[] = { /* s390-linux-gnu */ #elif defined(__s390x__) { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64", "ld-lsb-s390x.so.3" }, + "usr/lib64\0", "ld-lsb-s390x.so.3" }, # define KNOW_LIB64_DIRS 1 #elif defined(__sparc__) #endif From 01ea6ba5f13a38f369acf57a128953dcda3c08bb Mon Sep 17 00:00:00 2001 From: David Edmundson Date: Tue, 13 Sep 2022 13:06:09 +0100 Subject: [PATCH 549/703] xdg-autostart-service: Use common boolean parser Technically the desktop entry specification says value should be the string "true" or "false". Pragmatically every desktop has their own parsing rules which are typically less strict on how to interpret other values. This caused some regressions downstream when we switched to the xdg-autostart-generator where existing handmade files contained values with "True" or "False". (cherry picked from commit 38429cb1e3f37c298aa20ab25d644c87a23dd2e2) (cherry picked from commit c40fa78968821096b3e9757107bfd10657ef92ff) --- .../test-xdg-autostart.c | 3 +++ .../xdg-autostart-service.c | 18 +++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/xdg-autostart-generator/test-xdg-autostart.c b/src/xdg-autostart-generator/test-xdg-autostart.c index c7a816bc259..b0dd2ab56be 100644 --- a/src/xdg-autostart-generator/test-xdg-autostart.c +++ b/src/xdg-autostart-generator/test-xdg-autostart.c @@ -48,6 +48,8 @@ static const char* const xdg_desktop_file[] = { ("[Desktop Entry]\n" "Hidden=\t true\n"), + ("[Desktop Entry]\n" + "Hidden=\t True\n"), }; static void test_xdg_desktop_parse(unsigned i, const char *s) { @@ -75,6 +77,7 @@ static void test_xdg_desktop_parse(unsigned i, const char *s) { assert_se(streq(service->exec_string, "a")); break; case 2: + case 3: assert_se(service->hidden); break; } diff --git a/src/xdg-autostart-generator/xdg-autostart-service.c b/src/xdg-autostart-generator/xdg-autostart-service.c index c60a9d81ac0..f17aba98180 100644 --- a/src/xdg-autostart-generator/xdg-autostart-service.c +++ b/src/xdg-autostart-generator/xdg-autostart-service.c @@ -8,15 +8,17 @@ #include "conf-parser.h" #include "escape.h" -#include "unit-name.h" -#include "path-util.h" #include "fd-util.h" #include "generator.h" #include "log.h" +#include "nulstr-util.h" +#include "parse-util.h" +#include "path-util.h" #include "specifier.h" #include "string-util.h" -#include "nulstr-util.h" #include "strv.h" +#include "user-util.h" +#include "unit-name.h" XdgAutostartService* xdg_autostart_service_free(XdgAutostartService *s) { if (!s) @@ -74,19 +76,17 @@ static int xdg_config_parse_bool( void *userdata) { bool *b = data; + int r; assert(filename); assert(lvalue); assert(rvalue); assert(data); - if (streq(rvalue, "true")) - *b = true; - else if (streq(rvalue, "false")) - *b = false; - else + r = parse_boolean(rvalue); + if (r < 0) return log_syntax(unit, LOG_ERR, filename, line, SYNTHETIC_ERRNO(EINVAL), "Invalid value for boolean: %s", rvalue); - + *b = r; return 0; } From 87d6e6a14f807a4a64c9076477bfcceeeae3d0ea Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 12 Sep 2022 18:41:34 +0200 Subject: [PATCH 550/703] meson: add libatomic dependency Building with GCC 12.2 and binutils 2.39 fails on riscv64 Ubuntu Kinetic with: FAILED: systemd-oomd /usr/bin/ld: systemd-oomd.p/src_oom_oomd-util.c.o: in function `oomd_cgroup_context_acquire': build/../src/oom/oomd-util.c:415: undefined reference to `__atomic_exchange_1' We have to link with -latomic. Signed-off-by: Heinrich Schuchardt (cherry picked from commit 132c73b57ad1d363e97e1f4720f0e920826f34e1) (cherry picked from commit 738eca5e05cf6494dc3f4126f6e33f03c7bac54d) --- meson.build | 12 +++++++++++- src/network/meson.build | 4 ++-- src/oom/meson.build | 4 +++- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/meson.build b/meson.build index fcb1332b43e..42115ec0a88 100644 --- a/meson.build +++ b/meson.build @@ -981,6 +981,16 @@ endif ##################################################################### +libatomic = [] +if not cc.links('''#include + int main() { + char i; + __atomic_exchange_1(&i, 1, 0); + return 1; + }''', + name : 'Atomic builtin requires -latomic') + libatomic = cc.find_library('atomic') +endif threads = dependency('threads') librt = cc.find_library('rt') libm = cc.find_library('m') @@ -2968,7 +2978,7 @@ if conf.get('ENABLE_OOMD') == 1 systemd_oomd_sources, include_directories : includes, link_with : [libshared], - dependencies : [], + dependencies : [libatomic], install_rpath : rootlibexecdir, install : true, install_dir : rootlibexecdir) diff --git a/src/network/meson.build b/src/network/meson.build index 48d185195cc..150ef0b3e4c 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -280,13 +280,13 @@ tests += [ [['src/network/test-networkd-address.c'], [libnetworkd_core, libsystemd_network], - [], + [libatomic], network_includes], [['src/network/test-networkd-conf.c'], [libnetworkd_core, libsystemd_network], - [], + [libatomic], network_includes], [['src/network/test-networkd-util.c'], diff --git a/src/oom/meson.build b/src/oom/meson.build index 579bc0d4eb5..b87ed6c4488 100644 --- a/src/oom/meson.build +++ b/src/oom/meson.build @@ -28,5 +28,7 @@ endif tests += [ [['src/oom/test-oomd-util.c', 'src/oom/oomd-util.c', - 'src/oom/oomd-util.h']], + 'src/oom/oomd-util.h'], + [], + [libatomic]], ] From 5a18b43801203afe080c72cbec579ff7012e99c3 Mon Sep 17 00:00:00 2001 From: j00512545 Date: Thu, 15 Sep 2022 22:10:33 +0800 Subject: [PATCH 551/703] fix typo in log (cherry picked from commit 365c2885f01371e547ae880ebfd920131b436735) (cherry picked from commit 4cb75191c45c0c8f67759cf61137a65c220f8932) --- src/core/service.c | 2 +- src/libsystemd/sd-event/sd-event.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/service.c b/src/core/service.c index 87f0d34c8cd..a425e0702ac 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -270,7 +270,7 @@ static void service_extend_event_source_timeout(Service *s, sd_event_source *sou if (r < 0) { const char *desc; (void) sd_event_source_get_description(s->timer_event_source, &desc); - log_unit_warning_errno(UNIT(s), r, "Failed to set timeout time for even source '%s', ignoring %m", strna(desc)); + log_unit_warning_errno(UNIT(s), r, "Failed to set timeout time for event source '%s', ignoring %m", strna(desc)); } } diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 5e5fec15ff1..9fe67d3d434 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -3818,7 +3818,7 @@ static void event_close_inode_data_fds(sd_event *e) { /* Close the fds pointing to the inodes to watch now. We need to close them as they might otherwise pin * filesystems. But we can't close them right-away as we need them as long as the user still wants to make - * adjustments to the even source, such as changing the priority (which requires us to remove and re-add a watch + * adjustments to the event source, such as changing the priority (which requires us to remove and re-add a watch * for the inode). Hence, let's close them when entering the first iteration after they were added, as a * compromise. */ From 2009ecad44e90e1cb78ef4c3fa495e9019b22e40 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 16 Sep 2022 18:08:19 +0200 Subject: [PATCH 552/703] nspawn: fix two error strings (cherry picked from commit c941b650753f8ceada80a1df70fe8285a84995bc) (cherry picked from commit 2e6e0498aa4bd72ade6479a67e5e5e390bc69766) --- src/nspawn/nspawn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 717bdff6da6..1d2bdcde196 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1623,9 +1623,9 @@ static int parse_argv(int argc, char *argv[]) { if (r == -ENOMEM) return log_oom(); if (r < 0) - return log_error_errno(r, "Failed to parse --set-credential= parameter: %m"); + return log_error_errno(r, "Failed to parse --load-credential= parameter: %m"); if (r == 0 || !p) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Missing value for --set-credential=: %s", optarg); + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Missing value for --load-credential=: %s", optarg); if (!credential_name_valid(word)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential name is not valid: %s", word); From f3869ed8df9b8284e71e799baf928fded525b818 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20K=C3=BCmmerlin?= Date: Thu, 29 Sep 2022 18:51:03 +0200 Subject: [PATCH 553/703] generator: skip fsck if fsck command is missing This is useful for systems which don't have any fsck. We already skip emitting the fsck dependency when the fsck.$fstype helper is missing, but fstab-generator doesn't necessarily know the fstype when handling the root= parameter. Previously, systemd-fsck was started for these mounts and then exited immediately because it couldn't find the fsck.$fstype helper. (cherry picked from commit 13556724379a52951eb1977c2b7989a0159fd77c) (cherry picked from commit 73db7d99323c236625656f906eb4e429613d324b) --- src/basic/path-util.c | 11 ++++++++++- src/basic/path-util.h | 3 ++- src/fsck/fsck.c | 10 +++++++++- src/home/homework-luks.c | 2 +- src/mount/mount-tool.c | 2 +- src/shared/dissect-image.c | 2 +- src/shared/generator.c | 11 ++++++++++- src/test/test-path-util.c | 6 +++--- 8 files changed, 37 insertions(+), 10 deletions(-) diff --git a/src/basic/path-util.c b/src/basic/path-util.c index fe28d8aeb7c..2f2695ba955 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -810,14 +810,23 @@ static int executable_is_good(const char *executable) { "/dev/null"); } -int fsck_exists(const char *fstype) { +int fsck_exists(void) { + return executable_is_good("fsck"); +} + +int fsck_exists_for_fstype(const char *fstype) { const char *checker; + int r; assert(fstype); if (streq(fstype, "auto")) return -EINVAL; + r = fsck_exists(); + if (r <= 0) + return r; + checker = strjoina("fsck.", fstype); return executable_is_good(checker); } diff --git a/src/basic/path-util.h b/src/basic/path-util.h index 2f55b3abb16..9c194ea4d68 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -106,7 +106,8 @@ static inline int find_executable(const char *name, char **ret_filename) { bool paths_check_timestamp(const char* const* paths, usec_t *paths_ts_usec, bool update); -int fsck_exists(const char *fstype); +int fsck_exists(void); +int fsck_exists_for_fstype(const char *fstype); /* Iterates through the path prefixes of the specified path, going up * the tree, to root. Also returns "" (and not "/"!) for the root diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c index 745d01ff502..ea76312db5f 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -327,13 +327,21 @@ static int run(int argc, char *argv[]) { } if (sd_device_get_property_value(dev, "ID_FS_TYPE", &type) >= 0) { - r = fsck_exists(type); + r = fsck_exists_for_fstype(type); if (r < 0) log_device_warning_errno(dev, r, "Couldn't detect if fsck.%s may be used, proceeding: %m", type); else if (r == 0) { log_device_info(dev, "fsck.%s doesn't exist, not checking file system.", type); return 0; } + } else { + r = fsck_exists(); + if (r < 0) + log_device_warning_errno(dev, r, "Couldn't detect if the fsck command may be used, proceeding: %m"); + else if (r == 0) { + log_device_info(dev, "The fsck command does not exist, not checking file system."); + return 0; + } } console = fopen("/dev/console", "we"); diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index f606c92f9c7..2cfe8e414cd 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -214,7 +214,7 @@ static int run_fsck(const char *node, const char *fstype) { assert(node); assert(fstype); - r = fsck_exists(fstype); + r = fsck_exists_for_fstype(fstype); if (r < 0) return log_error_errno(r, "Failed to check if fsck for file system %s exists: %m", fstype); if (r == 0) { diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c index dd0afc6e111..25e18d279cb 100644 --- a/src/mount/mount-tool.c +++ b/src/mount/mount-tool.c @@ -1497,7 +1497,7 @@ static int run(int argc, char* argv[]) { arg_fsck = false; if (arg_fsck && arg_mount_type && arg_transport == BUS_TRANSPORT_LOCAL) { - r = fsck_exists(arg_mount_type); + r = fsck_exists_for_fstype(arg_mount_type); if (r < 0) log_warning_errno(r, "Couldn't determine whether fsck for %s exists, proceeding anyway.", arg_mount_type); else if (r == 0) { diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index df95ae53d44..4900d26325b 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1621,7 +1621,7 @@ static int run_fsck(const char *node, const char *fstype) { assert(node); assert(fstype); - r = fsck_exists(fstype); + r = fsck_exists_for_fstype(fstype); if (r < 0) { log_debug_errno(r, "Couldn't determine whether fsck for %s exists, proceeding anyway.", fstype); return 0; diff --git a/src/shared/generator.c b/src/shared/generator.c index 82265fde3b4..e31b8419521 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -164,7 +164,7 @@ int generator_write_fsck_deps( } if (!isempty(fstype) && !streq(fstype, "auto")) { - r = fsck_exists(fstype); + r = fsck_exists_for_fstype(fstype); if (r < 0) log_warning_errno(r, "Checking was requested for %s, but couldn't detect if fsck.%s may be used, proceeding: %m", what, fstype); else if (r == 0) { @@ -172,6 +172,15 @@ int generator_write_fsck_deps( log_debug("Checking was requested for %s, but fsck.%s does not exist.", what, fstype); return 0; } + } else { + r = fsck_exists(); + if (r < 0) + log_warning_errno(r, "Checking was requested for %s, but couldn't detect if the fsck command may be used, proceeding: %m", what); + else if (r == 0) { + /* treat missing fsck as essentially OK */ + log_debug("Checking was requested for %s, but the fsck command does not exist.", what); + return 0; + } } if (path_equal(where, "/")) { diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c index 37cb53df448..1b79b81d02a 100644 --- a/src/test/test-path-util.c +++ b/src/test/test-path-util.c @@ -445,10 +445,10 @@ TEST(fsck_exists) { assert_se(unsetenv("PATH") == 0); /* fsck.minix is provided by util-linux and will probably exist. */ - assert_se(fsck_exists("minix") == 1); + assert_se(fsck_exists_for_fstype("minix") == 1); - assert_se(fsck_exists("AbCdE") == 0); - assert_se(fsck_exists("/../bin/") == 0); + assert_se(fsck_exists_for_fstype("AbCdE") == 0); + assert_se(fsck_exists_for_fstype("/../bin/") == 0); } static void test_path_make_relative_one(const char *from, const char *to, const char *expected) { From 6d6e6a6be1b39229f59ba67c3836a6277651a726 Mon Sep 17 00:00:00 2001 From: Jacek Migacz Date: Wed, 21 Sep 2022 08:23:22 +0200 Subject: [PATCH 554/703] resolve: unsupported DNSSEC algorithms are considered INSECURE; not BOGUS Resolves: #19824 (cherry picked from commit 1ca3600120c6db775f0fe357f6fc6cb3a13f1cc6) (cherry picked from commit e91ea65aba5c146262074494a4d1de52bc919b6b) --- src/resolve/resolved-dns-transaction.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 724aa90cd6a..30105488723 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -3291,10 +3291,19 @@ static int dnssec_validate_records( } } + /* https://datatracker.ietf.org/doc/html/rfc6840#section-5.2 */ + if (result == DNSSEC_UNSUPPORTED_ALGORITHM) { + r = dns_answer_move_by_key(validated, &t->answer, rr->key, 0, NULL); + if (r < 0) + return r; + + manager_dnssec_verdict(t->scope->manager, DNSSEC_INSECURE, rr->key); + return 1; + } + if (IN_SET(result, DNSSEC_MISSING_KEY, - DNSSEC_SIGNATURE_EXPIRED, - DNSSEC_UNSUPPORTED_ALGORITHM)) { + DNSSEC_SIGNATURE_EXPIRED)) { r = dns_transaction_dnskey_authenticated(t, rr); if (r < 0 && r != -ENXIO) From b1881b45b78ad7d829b55a401acffb611f0e12f3 Mon Sep 17 00:00:00 2001 From: Arnaud Ferraris Date: Tue, 4 Oct 2022 18:52:33 +0200 Subject: [PATCH 555/703] repart: always honour `--discard=no` Currently, even if `--discard=no` is passed to `systemd-repart`, the `context_discard_gap_after()` function still runs normally, discarding e.g. all blocks between the GPT and the start of the first partition. This can lead to issues on some embedded devices, where this space holds the bootloader and shouldn't be modified (creating a protective partition there is not always possible due to the specifics of the boot process of some ARM-based SoC's). This commit ensures passing `--discard=no` would be enough to ensure the bootloader isn't wiped in such cases. Signed-off-by: Arnaud Ferraris (cherry picked from commit 5113436b054aea7185a0287590aa64486fec3cec) (cherry picked from commit 4abc5b2cfe11a00f14982f9b01717685c4601fcd) --- src/partition/repart.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/partition/repart.c b/src/partition/repart.c index 25369120080..37b74e007a2 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -2428,6 +2428,9 @@ static int context_discard_gap_after(Context *context, Partition *p) { assert(context); assert(!p || (p->offset != UINT64_MAX && p->new_size != UINT64_MAX)); + if (!arg_discard) + return 0; + if (p) gap = p->offset + p->new_size; else From f7d1325f3c2fc75f2acc352b9172b7793bbf9bef Mon Sep 17 00:00:00 2001 From: anarcat Date: Thu, 6 Oct 2022 10:20:39 -0400 Subject: [PATCH 556/703] man/shutdown: document how to switch to single-user mode Before Debian switched to systemd, `shutdown now` would reset the system into single user mode, doing roughly the equivalent of `telinit 1`. Now, systemd's `shutdown` command does not behave that way; it defaults to `poweroff` which might be confusing for users (like me) used to the previous method. Because I don't use the command often, I keep being stumped by this behavior, and every time I look at the `shutdown(1)` manpage, I don't understand why I can't find what I am looking for. This patch should make sure that people like me find their way back to some sort of reason. Maybe the *proper* way to fix this would be to restore the more classic behavior, but I'm definitely not going to climb that hill. Besides, I clearly remember the time I found out about the `shutdown` command and was *really* confused when it brought me back to a command-line prompt. That was really counter-intuitive and I find that change to actually be a good thing. So I'm not proposing to change this behavior, merely document it better. I originally added this to the `-P` option but it was suggested adding a new `COMPATIBILITY` section instead, where other such issues could be added. The `COMPATIBILITY` section is not actually officially documented. `man(1)` talks about a `CONFORMING TO` section, but `shutdown(1)` is not POSIX (`shutdown(2)` is, of course), so there's no actual standard on how this should work. The other option I considered was to add a `BUGS` section, but that seemed to inflammatory, and definitely counter-productive. (cherry picked from commit 9aafd310cc42716a923e0d40e56db7952e16a9a3) (cherry picked from commit 78a8e938e44c76788a8c1d8dfa1f299cc5e2ba14) --- man/shutdown.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/man/shutdown.xml b/man/shutdown.xml index 97f33e802a9..24a934f45ec 100644 --- a/man/shutdown.xml +++ b/man/shutdown.xml @@ -135,6 +135,14 @@ otherwise. + + Compatibility + + The shutdown command in previous init systems (including sysvinit) defaulted to + single-user mode instead of powering off the machine. To change into single-user mode, use + systemctl rescue instead. + + See Also From 6475b8902f088844087350d8140ca2f4c6bef002 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 10 Oct 2022 14:20:33 +0900 Subject: [PATCH 557/703] udev: drop assertion which is always false Fixes a bug introduced by 67c3e1f63a5221b47a8fea85ae421671f29f3b7e. Fixes #24945. (cherry picked from commit 6209bbbd4b1c9ed2886028ab2ee3df0a7d0e2494) (cherry picked from commit bf13ffec5932ced47861bfc440c879d9cdf6891a) --- src/udev/udev-builtin-path_id.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c index 93069c70acb..1084eb2d819 100644 --- a/src/udev/udev-builtin-path_id.c +++ b/src/udev/udev-builtin-path_id.c @@ -556,7 +556,6 @@ static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { * /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 */ assert(dev); - assert(nvme); r = sd_device_get_sysname(dev, &sysname); if (r < 0) From fa93c572f7d0fb80f5293e078088ea090ee7cfb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 11 Oct 2022 13:59:45 +0200 Subject: [PATCH 558/703] logind: do not emit beep in wall messages Those may go via the PC speaker, which is annoying and unexpected. Most people have it off, so this doesn't work reliably anyway, so we can disable it without much loss. Fixes #23520. (cherry picked from commit ef3458cd5dc8d5b400c9abbea92986c43aef18cc) (cherry picked from commit 3e38c39600dcc0b54b05a870937e57f08dfdc679) --- src/shared/utmp-wtmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c index f2f53380adf..e6269de568a 100644 --- a/src/shared/utmp-wtmp.c +++ b/src/shared/utmp-wtmp.c @@ -360,7 +360,7 @@ int utmp_wall( } if (asprintf(&text, - "\a\r\n" + "\r\n" "Broadcast message from %s@%s%s%s (%s):\r\n\r\n" "%s\r\n\r\n", un ?: username, hn, From c54086dad883eae5d3d65d81d8775f0126827c87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 6 Oct 2022 13:07:49 +0200 Subject: [PATCH 559/703] basic/log: include the log syntax callback in the errno protection block In general, log_syntax_internal() must keep errno unchanged. But the call to log_syntax_callback() was added outside of the block protected by PROTECT_ERRNO. (cherry picked from commit 6b7834fe5de3de690e6efb9467c61691c4b2f30f) (cherry picked from commit 40742ac74f6b8c0dd2b87a34817cf1b74f089ad1) --- src/basic/log.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/basic/log.c b/src/basic/log.c index ac36d2564e4..10de8bd7c0e 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -1369,18 +1369,19 @@ int log_syntax_internal( const char *func, const char *format, ...) { + PROTECT_ERRNO; + if (log_syntax_callback) log_syntax_callback(unit, level, log_syntax_callback_userdata); - PROTECT_ERRNO; - char buffer[LINE_MAX]; - va_list ap; - const char *unit_fmt = NULL; - if (_likely_(LOG_PRI(level) > log_max_level) || log_target == LOG_TARGET_NULL) return -ERRNO_VALUE(error); + char buffer[LINE_MAX]; + va_list ap; + const char *unit_fmt = NULL; + errno = ERRNO_VALUE(error); va_start(ap, format); From 1316666e98accf6b8ab8cb0fb5ef73d275049a34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Oct 2022 15:52:33 +0200 Subject: [PATCH 560/703] analyze: add forgotten return statement We would fail with an assert in sd_bus_message_enter_container() afterwards. (cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5) (cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc) --- src/analyze/analyze.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index ba6d8f74fe9..3ecbdb10ce1 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -1340,7 +1340,7 @@ static int dot(int argc, char *argv[], void *userdata) { r = bus_call_method(bus, bus_systemd_mgr, "ListUnits", &error, &reply, NULL); if (r < 0) - log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); + return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)"); if (r < 0) From 950aa1d7020ce0b3173d2569b93fbd5bc7459b05 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 11 Oct 2022 16:19:12 +0900 Subject: [PATCH 561/703] sd-ndisc: ignore failure in sending solicitation Even if a bonding master interface has carrier, the underlying slave interfaces may not. In such a case, sending solicitation fails with -ENOBUS. Here, let's unconditionally ignore errors, as anyway we will send a solicitation later. Fixes #24717. (cherry picked from commit 852bf93826b151be8b85d894071d95eb3b0d4498) (cherry picked from commit d7b83b99862fd51226ec2960d65a6e3fdc8dfeed) --- src/libsystemd-network/sd-ndisc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c index 7e16f512999..e49b8a78b29 100644 --- a/src/libsystemd-network/sd-ndisc.c +++ b/src/libsystemd-network/sd-ndisc.c @@ -289,13 +289,12 @@ static int ndisc_timeout(sd_event_source *s, uint64_t usec, void *userdata) { goto fail; r = icmp6_send_router_solicitation(nd->fd, &nd->mac_addr); - if (r < 0) { - log_ndisc_errno(nd, r, "Error sending Router Solicitation: %m"); - goto fail; - } - - log_ndisc(nd, "Sent Router Solicitation, next solicitation in %s", - FORMAT_TIMESPAN(nd->retransmit_time, USEC_PER_SEC)); + if (r < 0) + log_ndisc_errno(nd, r, "Failed to send Router Solicitation, next solicitation in %s, ignoring: %m", + FORMAT_TIMESPAN(nd->retransmit_time, USEC_PER_SEC)); + else + log_ndisc(nd, "Sent Router Solicitation, next solicitation in %s", + FORMAT_TIMESPAN(nd->retransmit_time, USEC_PER_SEC)); return 0; From bfe7236f55ebebf5d8a76447d40741b9475fb06a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 22 Sep 2022 13:01:15 +0900 Subject: [PATCH 562/703] core: make exec_directory_add() extends existing symlinks Follow-up for 211a3d87fb1fe971dc42a47b4c5cc167def8ab4e. Previously, although ExecDirectoryItem.symlinks is strv, it always contains at most one symlink. (cherry picked from commit 564e5c987877f7e481d896c7fd82e8e5a69addc2) (cherry picked from commit 1de3cb97ee0157dd53e583b369a41e55d3ca8977) --- src/core/dbus-execute.c | 19 +++---------------- src/core/execute.c | 35 ++++++++++++++++++++++++++++------- src/core/execute.h | 2 +- src/core/load-fragment.c | 10 ++-------- 4 files changed, 34 insertions(+), 32 deletions(-) diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 5c499e5d060..4b21917e432 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -3378,7 +3378,7 @@ int bus_exec_context_set_transient_property( char **source; STRV_FOREACH(source, l) { - r = exec_directory_add(&d->items, &d->n_items, *source, NULL); + r = exec_directory_add(d, *source, NULL); if (r < 0) return log_oom(); } @@ -3823,21 +3823,8 @@ int bus_exec_context_set_transient_property( if (!UNIT_WRITE_FLAGS_NOOP(flags)) { _cleanup_free_ char *destination_escaped = NULL, *source_escaped = NULL; - ExecDirectoryItem *item = NULL; - - /* Adding new directories is supported from both *DirectorySymlink methods and the - * older ones, so try to find an existing configuration first and create it if it's - * not there yet. */ - for (size_t j = 0; j < directory->n_items; ++j) - if (path_equal(source, directory->items[j].path)) { - item = &directory->items[j]; - break; - } - - if (item) - r = strv_extend(&item->symlinks, destination); - else - r = exec_directory_add(&directory->items, &directory->n_items, source, STRV_MAKE(destination)); + + r = exec_directory_add(directory, source, destination); if (r < 0) return r; diff --git a/src/core/execute.c b/src/core/execute.c index 0b20d386d35..a74071726c2 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -6837,33 +6837,54 @@ void exec_directory_done(ExecDirectory *d) { d->mode = 0755; } -int exec_directory_add(ExecDirectoryItem **d, size_t *n, const char *path, char **symlinks) { +static ExecDirectoryItem *exec_directory_find(ExecDirectory *d, const char *path) { + assert(d); + assert(path); + + for (size_t i = 0; i < d->n_items; i++) + if (path_equal(d->items[i].path, path)) + return &d->items[i]; + + return NULL; +} + +int exec_directory_add(ExecDirectory *d, const char *path, const char *symlink) { _cleanup_strv_free_ char **s = NULL; _cleanup_free_ char *p = NULL; + ExecDirectoryItem *existing; + int r; assert(d); - assert(n); assert(path); + existing = exec_directory_find(d, path); + if (existing) { + r = strv_extend(&existing->symlinks, symlink); + if (r < 0) + return r; + + return 0; /* existing item is updated */ + } + p = strdup(path); if (!p) return -ENOMEM; - if (symlinks) { - s = strv_copy(symlinks); + if (symlink) { + s = strv_new(symlink); if (!s) return -ENOMEM; } - if (!GREEDY_REALLOC(*d, *n + 1)) + if (!GREEDY_REALLOC(d->items, d->n_items + 1)) return -ENOMEM; - (*d)[(*n) ++] = (ExecDirectoryItem) { + d->items[d->n_items++] = (ExecDirectoryItem) { .path = TAKE_PTR(p), .symlinks = TAKE_PTR(s), }; - return 0; + return 1; /* new item is added */ } DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(exec_set_credential_hash_ops, char, string_hash_func, string_compare_func, ExecSetCredential, exec_set_credential_free); diff --git a/src/core/execute.h b/src/core/execute.h index a898cbcc648..0e66a07d164 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -489,7 +489,7 @@ ExecLoadCredential *exec_load_credential_free(ExecLoadCredential *lc); DEFINE_TRIVIAL_CLEANUP_FUNC(ExecLoadCredential*, exec_load_credential_free); void exec_directory_done(ExecDirectory *d); -int exec_directory_add(ExecDirectoryItem **d, size_t *n, const char *path, char **symlinks); +int exec_directory_add(ExecDirectory *d, const char *path, const char *symlink); extern const struct hash_ops exec_set_credential_hash_ops; extern const struct hash_ops exec_load_credential_hash_ops; diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index a3f3b1618a2..1181122ac05 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -4688,10 +4688,8 @@ int config_parse_exec_directories( /* For State and Runtime directories we support an optional destination parameter, which * will be used to create a symlink to the source. */ - _cleanup_strv_free_ char **symlinks = NULL; + _cleanup_free_ char *dresolved = NULL; if (!isempty(dest)) { - _cleanup_free_ char *dresolved = NULL; - if (streq(lvalue, "ConfigurationDirectory")) { log_syntax(unit, LOG_WARNING, filename, line, 0, "Destination parameter is not supported for ConfigurationDirectory, ignoring: %s", tuple); @@ -4708,13 +4706,9 @@ int config_parse_exec_directories( r = path_simplify_and_warn(dresolved, PATH_CHECK_RELATIVE, unit, filename, line, lvalue); if (r < 0) continue; - - r = strv_consume(&symlinks, TAKE_PTR(dresolved)); - if (r < 0) - return log_oom(); } - r = exec_directory_add(&ed->items, &ed->n_items, sresolved, symlinks); + r = exec_directory_add(ed, sresolved, dresolved); if (r < 0) return log_oom(); } From ef3ef05f391a7e0674529f864b4bdbe8ecfddb03 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 22 Sep 2022 13:06:54 +0900 Subject: [PATCH 563/703] core: do not create symlink to private directory if parent already exists The very basic functinality of StateDirectory= or friends is creating specified directories. That should work if one entry is a subdirectory of another. However, it does not when combined with DynamicUser=yes. To support such case, this adds ExecDirectoryItem.only_create flag, and if it is set PID1 only create private directory, and not create the symlink to the private directory. Fixes #24783. (cherry picked from commit a2ab603cc42e1484c799f76a233b077c17db91cb) (cherry picked from commit 0ba2e4bb6943545a4e43855970a3a3102dffbbc0) --- src/core/dbus-execute.c | 3 ++ src/core/execute.c | 65 ++++++++++++++++++++++++++++++++++++----- src/core/execute.h | 2 ++ src/core/unit.c | 3 ++ 4 files changed, 65 insertions(+), 8 deletions(-) diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 4b21917e432..db1698393c5 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -3382,6 +3382,7 @@ int bus_exec_context_set_transient_property( if (r < 0) return log_oom(); } + exec_directory_sort(d); joined = unit_concat_strv(l, UNIT_ESCAPE_SPECIFIERS); if (!joined) @@ -3845,6 +3846,8 @@ int bus_exec_context_set_transient_property( if (r < 0) return r; + exec_directory_sort(directory); + r = sd_bus_message_exit_container(message); if (r < 0) return r; diff --git a/src/core/execute.c b/src/core/execute.c index a74071726c2..147381f9de9 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -90,6 +90,7 @@ #include "signal-util.h" #include "smack-util.h" #include "socket-util.h" +#include "sort-util.h" #include "special.h" #include "stat-util.h" #include "string-table.h" @@ -2421,12 +2422,24 @@ static int setup_exec_directory( goto fail; } - /* And link it up from the original place. Note that if a mount namespace is going to be - * used, then this symlink remains on the host, and a new one for the child namespace will - * be created later. */ - r = symlink_idempotent(pp, p, true); - if (r < 0) - goto fail; + if (!context->directories[type].items[i].only_create) { + /* And link it up from the original place. + * Notes + * 1) If a mount namespace is going to be used, then this symlink remains on + * the host, and a new one for the child namespace will be created later. + * 2) It is not necessary to create this symlink when one of its parent + * directories is specified and already created. E.g. + * StateDirectory=foo foo/bar + * In that case, the inode points to pp and p for "foo/bar" are the same: + * pp = "/var/lib/private/foo/bar" + * p = "/var/lib/foo/bar" + * and, /var/lib/foo is a symlink to /var/lib/private/foo. So, not only + * we do not need to create the symlink, but we cannot create the symlink. + * See issue #24783. */ + r = symlink_idempotent(pp, p, true); + if (r < 0) + goto fail; + } } else { _cleanup_free_ char *target = NULL; @@ -3082,7 +3095,8 @@ static int compile_bind_mounts( if (!params->prefix[t]) continue; - n += context->directories[t].n_items; + for (size_t i = 0; i < context->directories[t].n_items; i++) + n += !context->directories[t].items[i].only_create; } if (n <= 0) { @@ -3151,6 +3165,11 @@ static int compile_bind_mounts( for (size_t i = 0; i < context->directories[t].n_items; i++) { char *s, *d; + /* When one of the parent directories is in the list, we cannot create the symlink + * for the child directory. See also the comments in setup_exec_directory(). */ + if (context->directories[t].items[i].only_create) + continue; + if (exec_directory_is_private(context, t)) s = path_join(params->prefix[t], "private", context->directories[t].items[i].path); else @@ -3231,7 +3250,9 @@ static int compile_symlinks( return r; } - if (!exec_directory_is_private(context, dt) || exec_context_with_rootfs(context)) + if (!exec_directory_is_private(context, dt) || + exec_context_with_rootfs(context) || + context->directories[dt].items[i].only_create) continue; private_path = path_join(params->prefix[dt], "private", context->directories[dt].items[i].path); @@ -6887,6 +6908,34 @@ int exec_directory_add(ExecDirectory *d, const char *path, const char *symlink) return 1; /* new item is added */ } +static int exec_directory_item_compare_func(const ExecDirectoryItem *a, const ExecDirectoryItem *b) { + assert(a); + assert(b); + + return path_compare(a->path, b->path); +} + +void exec_directory_sort(ExecDirectory *d) { + assert(d); + + /* Sort the exec directories to make always parent directories processed at first in + * setup_exec_directory(), e.g., even if StateDirectory=foo/bar foo, we need to create foo at first, + * then foo/bar. Also, set .only_create flag if one of the parent directories is contained in the + * list. See also comments in setup_exec_directory() and issue #24783. */ + + if (d->n_items <= 1) + return; + + typesafe_qsort(d->items, d->n_items, exec_directory_item_compare_func); + + for (size_t i = 1; i < d->n_items; i++) + for (size_t j = 0; j < i; j++) + if (path_startswith(d->items[i].path, d->items[j].path)) { + d->items[i].only_create = true; + break; + } +} + DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(exec_set_credential_hash_ops, char, string_hash_func, string_compare_func, ExecSetCredential, exec_set_credential_free); DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(exec_load_credential_hash_ops, char, string_hash_func, string_compare_func, ExecLoadCredential, exec_load_credential_free); diff --git a/src/core/execute.h b/src/core/execute.h index 0e66a07d164..65b249ee27b 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -135,6 +135,7 @@ typedef enum ExecDirectoryType { typedef struct ExecDirectoryItem { char *path; char **symlinks; + bool only_create; } ExecDirectoryItem; typedef struct ExecDirectory { @@ -490,6 +491,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(ExecLoadCredential*, exec_load_credential_free); void exec_directory_done(ExecDirectory *d); int exec_directory_add(ExecDirectory *d, const char *path, const char *symlink); +void exec_directory_sort(ExecDirectory *d); extern const struct hash_ops exec_set_credential_hash_ops; extern const struct hash_ops exec_load_credential_hash_ops; diff --git a/src/core/unit.c b/src/core/unit.c index 3bceba13170..92e06badc8b 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4102,6 +4102,9 @@ int unit_patch_contexts(Unit *u) { ec->no_new_privileges = true; ec->restrict_suid_sgid = true; } + + for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) + exec_directory_sort(ec->directories + dt); } cc = unit_get_cgroup_context(u); From 5a9738b46e29ff1a6ad968cd868205478a49911b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 22 Sep 2022 13:08:32 +0900 Subject: [PATCH 564/703] test: add more tests for StateDirectory= with DynamicUser= This also moves the check for writable paths from test-execute to TEST-34. Closes #10337. (cherry picked from commit f01f70a9a3f3609c0c8bdbaa4b0b4abbb2b43993) (cherry picked from commit 40053e60f5bfd51c0effb5869172cebe8cbe9228) --- .../exec-dynamicuser-statedir.service | 75 ++++++++++++-- test/units/testsuite-34.sh | 99 ++++++++++++++++--- 2 files changed, 149 insertions(+), 25 deletions(-) diff --git a/test/test-execute/exec-dynamicuser-statedir.service b/test/test-execute/exec-dynamicuser-statedir.service index 07692e1c124..b33b4da74af 100644 --- a/test/test-execute/exec-dynamicuser-statedir.service +++ b/test/test-execute/exec-dynamicuser-statedir.service @@ -5,17 +5,72 @@ Description=Test DynamicUser= with StateDirectory= [Service] ExecStart=test -w /var/lib/waldo ExecStart=test -w /var/lib/quux/pief -ExecStart=touch /var/lib/waldo/yay -ExecStart=touch /var/lib/quux/pief/yayyay -ExecStart=test -f /var/lib/waldo/yay -ExecStart=test -f /var/lib/quux/pief/yayyay -ExecStart=test -f /var/lib/private/waldo/yay -ExecStart=test -f /var/lib/private/quux/pief/yayyay -ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/waldo:%S/quux/pief"' +ExecStart=test -w /var/lib/aaa +ExecStart=test -w /var/lib/aaa/bbb +ExecStart=test -w /var/lib/aaa/ccc +ExecStart=test -w /var/lib/xxx +ExecStart=test -w /var/lib/xxx/yyy +ExecStart=test -w /var/lib/xxx/zzz +ExecStart=test -w /var/lib/aaa/111 +ExecStart=test -w /var/lib/aaa/222 +ExecStart=test -w /var/lib/aaa/333 -# Make sure that /var/lib/private/waldo is really the only writable directory besides the obvious candidates -ExecStart=sh -x -c 'test $$(find / \\( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc -o -path /sys/devices/system/cpu \\) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d "\\\\n") = /var/lib/private/quux/pief/var/lib/private/waldo' +ExecStart=test -d /var/lib/waldo +ExecStart=test -d /var/lib/quux/pief +ExecStart=test -d /var/lib/aaa +ExecStart=test -d /var/lib/aaa/bbb +ExecStart=test -d /var/lib/aaa/ccc +ExecStart=test -d /var/lib/xxx +ExecStart=test -d /var/lib/xxx/yyy +ExecStart=test -d /var/lib/xxx/zzz +ExecStart=test -L /var/lib/aaa/111 +ExecStart=test -L /var/lib/aaa/222 +ExecStart=test -L /var/lib/aaa/333 + +ExecStart=touch /var/lib/waldo/hoge +ExecStart=touch /var/lib/quux/pief/hoge +ExecStart=touch /var/lib/aaa/hoge +ExecStart=touch /var/lib/aaa/bbb/hoge +ExecStart=touch /var/lib/aaa/ccc/hoge +ExecStart=touch /var/lib/xxx/hoge +ExecStart=touch /var/lib/xxx/yyy/hoge +ExecStart=touch /var/lib/xxx/zzz/hoge +ExecStart=touch /var/lib/aaa/111/foo +ExecStart=touch /var/lib/aaa/222/foo +ExecStart=touch /var/lib/aaa/333/foo + +ExecStart=test -f /var/lib/waldo/hoge +ExecStart=test -f /var/lib/quux/pief/hoge +ExecStart=test -f /var/lib/aaa/hoge +ExecStart=test -f /var/lib/aaa/bbb/hoge +ExecStart=test -f /var/lib/aaa/ccc/hoge +ExecStart=test -f /var/lib/xxx/hoge +ExecStart=test -f /var/lib/xxx/yyy/hoge +ExecStart=test -f /var/lib/xxx/zzz/hoge +ExecStart=test -f /var/lib/aaa/111/foo +ExecStart=test -f /var/lib/aaa/222/foo +ExecStart=test -f /var/lib/aaa/333/foo +ExecStart=test -f /var/lib/xxx/foo +ExecStart=test -f /var/lib/xxx/yyy/foo +ExecStart=test -f /var/lib/xxx/zzz/foo + +ExecStart=test -f /var/lib/private/waldo/hoge +ExecStart=test -f /var/lib/private/quux/pief/hoge +ExecStart=test -f /var/lib/private/aaa/hoge +ExecStart=test -f /var/lib/private/aaa/bbb/hoge +ExecStart=test -f /var/lib/private/aaa/ccc/hoge +ExecStart=test -f /var/lib/private/xxx/hoge +ExecStart=test -f /var/lib/private/xxx/yyy/hoge +ExecStart=test -f /var/lib/private/xxx/zzz/hoge +ExecStart=test -f /var/lib/private/aaa/111/foo +ExecStart=test -f /var/lib/private/aaa/222/foo +ExecStart=test -f /var/lib/private/aaa/333/foo +ExecStart=test -f /var/lib/private/xxx/foo +ExecStart=test -f /var/lib/private/xxx/yyy/foo +ExecStart=test -f /var/lib/private/xxx/zzz/foo + +ExecStart=sh -x -c 'test "$$STATE_DIRECTORY" = "%S/aaa:%S/aaa/bbb:%S/aaa/ccc:%S/quux/pief:%S/waldo:%S/xxx:%S/xxx/yyy:%S/xxx/zzz"' Type=oneshot DynamicUser=yes -StateDirectory=waldo quux/pief +StateDirectory=waldo quux/pief aaa/bbb aaa aaa/ccc xxx/yyy:aaa/111 xxx:aaa/222 xxx/zzz:aaa/333 diff --git a/test/units/testsuite-34.sh b/test/units/testsuite-34.sh index 57a7b950a01..ad4c0e8fa5a 100755 --- a/test/units/testsuite-34.sh +++ b/test/units/testsuite-34.sh @@ -6,17 +6,22 @@ set -o pipefail systemd-analyze log-level debug systemd-analyze log-target console -function test_directory() { +test_directory() { local directory="$1" local path="$2" + # cleanup for previous invocation + for i in xxx xxx2 yyy zzz x:yz x:yz2; do + rm -rf "${path:?}/${i}" "${path:?}/private/${i}" + done + # Set everything up without DynamicUser=1 systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz touch "${path}"/zzz/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz -p TemporaryFileSystem="${path}" test -f "${path}"/zzz/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:yyy test -f "${path}"/yyy/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}" test -f "${path}"/xxx/test + systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ && { echo 'unexpected success'; exit 1; } @@ -24,27 +29,40 @@ function test_directory() { test -d "${path}"/zzz test ! -L "${path}"/zzz test ! -e "${path}"/private/zzz + + test ! -e "${path}"/xxx + test ! -e "${path}"/private/xxx + test ! -e "${path}"/xxx2 + test ! -e "${path}"/private/xxx2 + test -L "${path}"/yyy + test ! -e "${path}"/private/yyy + test -f "${path}"/zzz/test - test ! -f "${path}"/zzz/test-missing + test ! -e "${path}"/zzz/test-missing # Convert to DynamicUser=1 systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz -p TemporaryFileSystem="${path}" test -f "${path}"/zzz/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz:yyy test -f "${path}"/yyy/test - systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}" test -f "${path}"/xxx/test + systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}=zzz:xxx zzz:xxx2" \ + -p TemporaryFileSystem="${path}" -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test" systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ && { echo 'unexpected success'; exit 1; } test -L "${path}"/zzz - test -L "${path}"/yyy test -d "${path}"/private/zzz - test ! -L "${path}"/private/xxx - test ! -L "${path}"/xxx + + test ! -e "${path}"/xxx + test ! -e "${path}"/private/xxx + test ! -e "${path}"/xxx2 + test ! -e "${path}"/private/xxx2 + test -L "${path}"/yyy # previous symlink is not removed + test ! -e "${path}"/private/yyy test -f "${path}"/zzz/test - test ! -f "${path}"/zzz/test-missing + test ! -e "${path}"/zzz/test-missing # Convert back @@ -57,6 +75,20 @@ function test_directory() { systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \ && { echo 'unexpected success'; exit 1; } + test -d "${path}"/zzz + test ! -L "${path}"/zzz + test ! -e "${path}"/private/zzz + + test ! -e "${path}"/xxx + test ! -e "${path}"/private/xxx + test ! -e "${path}"/xxx2 + test ! -e "${path}"/private/xxx2 + test -L "${path}"/yyy + test ! -e "${path}"/private/yyy + + test -f "${path}"/zzz/test + test ! -e "${path}"/zzz/test-missing + # Exercise the unit parsing paths too cat >/run/systemd/system/testservice-34.service </run/systemd/system/testservice-34-check-writable.service </dev/null | sort -u); \ + [[ "\$\${#writable_dirs[@]}" == "8" ]]; \ + [[ "\$\${writable_dirs[0]}" == "/var/lib/private/aaa" ]]; \ + [[ "\$\${writable_dirs[1]}" == "/var/lib/private/aaa/bbb" ]]; \ + [[ "\$\${writable_dirs[2]}" == "/var/lib/private/aaa/ccc" ]]; \ + [[ "\$\${writable_dirs[3]}" == "/var/lib/private/quux/pief" ]]; \ + [[ "\$\${writable_dirs[4]}" == "/var/lib/private/waldo" ]]; \ + [[ "\$\${writable_dirs[5]}" == "/var/lib/private/xxx" ]]; \ + [[ "\$\${writable_dirs[6]}" == "/var/lib/private/xxx/yyy" ]]; \ + [[ "\$\${writable_dirs[7]}" == "/var/lib/private/xxx/zzz" ]]; \ +' +EOF + systemctl daemon-reload + systemctl start testservice-34-check-writable.service +} + test_directory "StateDirectory" "/var/lib" test_directory "RuntimeDirectory" "/run" test_directory "CacheDirectory" "/var/cache" test_directory "LogsDirectory" "/var/log" +test_check_writable + systemd-analyze log-level info echo OK >/testok From 4ddeea92faf69291449af95dc9ba6440ad06ec1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 7 Oct 2022 17:34:53 +0200 Subject: [PATCH 565/703] shared/condition: avoid nss lookup in PID1 PID 1 is not allowed to do nss lookups because this may take a long time or even deadlock. While at it, the comparisons are reordered to do the "easy" comparisons which only require a string comparison first. Delay parsing of the UID until it is really necessary. The result is the same, because we know that "root" and "nobody" parse as valid. (cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1) (cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5) --- src/shared/condition.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/shared/condition.c b/src/shared/condition.c index 1a8225ae520..11505b9b003 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -376,31 +376,36 @@ static int condition_test_cpus(Condition *c, char **env) { static int condition_test_user(Condition *c, char **env) { uid_t id; int r; - _cleanup_free_ char *username = NULL; - const char *u; assert(c); assert(c->parameter); assert(c->type == CONDITION_USER); + /* Do the quick&easy comparisons first, and only parse the UID later. */ + if (streq(c->parameter, "root")) + return getuid() == 0 || geteuid() == 0; + if (streq(c->parameter, NOBODY_USER_NAME)) + return getuid() == UID_NOBODY || geteuid() == UID_NOBODY; + if (streq(c->parameter, "@system")) + return uid_is_system(getuid()) || uid_is_system(geteuid()); + r = parse_uid(c->parameter, &id); if (r >= 0) return id == getuid() || id == geteuid(); - if (streq("@system", c->parameter)) - return uid_is_system(getuid()) || uid_is_system(geteuid()); + if (getpid_cached() == 1) /* We already checked for "root" above, and we know that + * PID 1 is running as root, hence we know it cannot match. */ + return false; - username = getusername_malloc(); + /* getusername_malloc() may do an nss lookup, which is not allowed in PID 1. */ + _cleanup_free_ char *username = getusername_malloc(); if (!username) return -ENOMEM; if (streq(username, c->parameter)) return 1; - if (getpid_cached() == 1) - return streq(c->parameter, "root"); - - u = c->parameter; + const char *u = c->parameter; r = get_user_creds(&u, &id, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING); if (r < 0) return 0; From c622de4c9d474c2b666881ccbf60c7e2bf1fb484 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 12 Oct 2022 11:07:57 +0200 Subject: [PATCH 566/703] logind: fix getting property OnExternalPower via D-Bus The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third argument, so we need to call manager_is_on_external_power(). Otherwise the function pointer is interpreted as a boolean and always returns true: ``` $ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower b true $ /lib/systemd/systemd-ac-power --verbose no ``` Thanks: Helmut Grohne Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644 (cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150) (cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9) --- src/login/logind-dbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index faae5464040..fa1c5e3bdf8 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -353,7 +353,7 @@ static int property_get_scheduled_shutdown( static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction); static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays); static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed); -static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power); +static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power()); static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX); static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size); From b81d1613ad88ec90eb308020aeb3078cffc9d89d Mon Sep 17 00:00:00 2001 From: Celeste Liu Date: Sun, 16 Oct 2022 10:47:17 +0800 Subject: [PATCH 567/703] seccomp: add riscv_flush_icache to allow list This system call is harmless because it only enforces ordering between stores and instruction cache fetch. fixed #24991 Related: https://github.com/felixonmars/archriscv-packages/issues/1840 Signed-off-by: Celeste Liu (cherry picked from commit 09925036cf2b5a5c4cf680422a38c427ca692cd6) (cherry picked from commit 8be601f7ef4d650adfa78356dbe83f8c6aee2f62) --- src/shared/seccomp-util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 6cf47d2e586..f342f4ec5b9 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -334,6 +334,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "pause\0" "prlimit64\0" "restart_syscall\0" + "riscv_flush_icache\0" "rseq\0" "rt_sigreturn\0" "sched_getaffinity\0" From bad202a76c740242464a13dae416ada7b9cca83e Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 14 Oct 2022 14:21:43 +0200 Subject: [PATCH 568/703] qrcode-util: Add support for libqrencode 3.0 They didn't actually change API between major versions, so let's support the previous version as well so we can add CentOS 8 Stream back to CI. (cherry picked from commit 3f5225d7f301f70c9418122cf1e1989ccb33ea76) (cherry picked from commit e2a07cdac6c2750c4d2d771da8c708cb1626b314) --- meson.build | 2 +- src/shared/qrcode-util.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build index 42115ec0a88..305c81f16a3 100644 --- a/meson.build +++ b/meson.build @@ -1292,7 +1292,7 @@ conf.set10('HAVE_LIBIPTC', have) want_qrencode = get_option('qrencode') if want_qrencode != 'false' and not skip_deps libqrencode = dependency('libqrencode', - version : '>= 4', + version : '>= 3', required : want_qrencode == 'true') have = libqrencode.found() else diff --git a/src/shared/qrcode-util.c b/src/shared/qrcode-util.c index db48c736105..702d8bb3e3c 100644 --- a/src/shared/qrcode-util.c +++ b/src/shared/qrcode-util.c @@ -8,6 +8,7 @@ #include "dlfcn-util.h" #include "locale-util.h" #include "log.h" +#include "strv.h" #include "terminal-util.h" #define ANSI_WHITE_ON_BLACK "\033[40;37;1m" @@ -18,10 +19,19 @@ static QRcode* (*sym_QRcode_encodeString)(const char *string, int version, QRecL static void (*sym_QRcode_free)(QRcode *qrcode) = NULL; int dlopen_qrencode(void) { - return dlopen_many_sym_or_warn( - &qrcode_dl, "libqrencode.so.4", LOG_DEBUG, + const char *s; + int r; + + FOREACH_STRING(s, "libqrencode.so.4", "libqrencode.so.3") { + r = dlopen_many_sym_or_warn( + &qrcode_dl, s, LOG_DEBUG, DLSYM_ARG(QRcode_encodeString), DLSYM_ARG(QRcode_free)); + if (r >= 0) + break; + } + + return r; } static void print_border(FILE *output, unsigned width) { From e797ec736dca2e4f538c0d9fb148fcbc77319fb3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 19 Oct 2022 11:38:11 +0200 Subject: [PATCH 569/703] man: document restrictions on naming interfaces Let's document that "." is a bad choice of character when naming interfaces. Let's also document the hard restrictions we make when naming interfaces. Result of the mess that is #25052. (cherry picked from commit 8f598a463571608cbeb1b562afcadf2db335a530) (cherry picked from commit d1066f33b53ec6a51166008c3116d722ed9c75c0) --- man/systemd.link.xml | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 933fe8df420..4729581e177 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -438,15 +438,22 @@ must either be unset, empty, disabled, or all policies configured there must fail. Also see the example below with Name=dmz0. - Note that specifying a name that the kernel might use for another - interface (for example eth0) is dangerous because the - name assignment done by udev will race with the assignment done by the - kernel, and only one interface may use the name. Depending on the order of - operations, either udev or the kernel will win, making the naming - unpredictable. It is best to use some different prefix, for example - internal0/external0 or - lan0/lan1/lan3. - + Note that specifying a name that the kernel might use for another interface (for example + eth0) is dangerous because the name assignment done by udev will race with the + assignment done by the kernel, and only one interface may use the name. Depending on the order of + operations, either udev or the kernel will win, making the naming unpredictable. It is best to use + some different prefix, for example internal0/external0 or + lan0/lan1/lan3. + + Interface names must have a minimum length of 1 character and a maximum length of 15 + characters, and may contain any 7bit ASCII character, with the exception of control characters, + :, / and %. While . is + an allowed character, it's recommended to avoid it when naming interfaces as various tools (such as + resolvconf1) use + it as separator character. Also, fully numeric interface names are not allowed (in order to avoid + ambiguity with interface specification by numeric indexes), as are the special strings + ., .., all and + default. @@ -467,6 +474,12 @@ If the empty string is assigned to this option, the list is reset, and all prior assignments have no effect. If the kernel does not support the alternative names, then this setting will be ignored. + + Alternative interface names may be used to identify interfaces in various tools. In contrast + to the primary name (as configured with Name= above) there may be multiple + alternative names referring to the same interface. Alternative names may have a maximum length of + 127 characters, in contrast to the 15 allowed for the primary interface name, but otherwise are + subject to the same naming constraints. From 1c40f074fad612b42e51b1c1e601c32fc11cccd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Oct 2022 18:09:06 +0200 Subject: [PATCH 570/703] shared/json: allow json_variant_dump() to return an error (cherry picked from commit 7922ead507e0d83e4ec72a8cbd2b67194766e58c) (cherry picked from commit 219272f7b2afcd7f86abbd04360a07b0d5e1c849) --- src/shared/json.c | 7 ++++--- src/shared/json.h | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/shared/json.c b/src/shared/json.c index 0aa5d5f5dd0..4fc5c93a92e 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -1771,9 +1771,9 @@ int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret) { return (int) sz - 1; } -void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) { +int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) { if (!v) - return; + return 0; if (!f) f = stdout; @@ -1799,7 +1799,8 @@ void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const cha fputc('\n', f); /* In case of SSE add a second newline */ if (flags & JSON_FORMAT_FLUSH) - fflush(f); + return fflush_and_check(f); + return 0; } int json_variant_filter(JsonVariant **v, char **to_remove) { diff --git a/src/shared/json.h b/src/shared/json.h index dd73c1e4975..e4bfeae8f5b 100644 --- a/src/shared/json.h +++ b/src/shared/json.h @@ -195,7 +195,7 @@ typedef enum JsonFormatFlags { } JsonFormatFlags; int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret); -void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix); +int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix); int json_variant_filter(JsonVariant **v, char **to_remove); From aab707b22d668fabf678c6b33a8205ecada044a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 19 Oct 2022 08:41:13 +0200 Subject: [PATCH 571/703] shared/json: use different return code for empty input It is useful to distinguish if json_parse_file() got no input or invalid input. Use different return codes for the two cases. (cherry picked from commit 87a16eb8b54002a49f12944fc09ce45d0cbadf45) (cherry picked from commit ab587aaf8e104202e2f5d215950e8f494ce08629) --- src/shared/elf-util.c | 2 +- src/shared/json.c | 6 ++++-- src/test/test-json.c | 18 ++++++++++++++++++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c index 6d9fcfbbf2a..392ed9f31bb 100644 --- a/src/shared/elf-util.c +++ b/src/shared/elf-util.c @@ -800,7 +800,7 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha return -errno; r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL); - if (r < 0 && r != -EINVAL) /* EINVAL: json was empty, so we got nothing, but that's ok */ + if (r < 0 && r != -ENODATA) /* ENODATA: json was empty, so we got nothing, but that's ok */ return r; } diff --git a/src/shared/json.c b/src/shared/json.c index 4fc5c93a92e..be48fb1d755 100644 --- a/src/shared/json.c +++ b/src/shared/json.c @@ -3172,7 +3172,6 @@ int json_parse_continue(const char **p, JsonParseFlags flags, JsonVariant **ret, int json_parse_file_at(FILE *f, int dir_fd, const char *path, JsonParseFlags flags, JsonVariant **ret, unsigned *ret_line, unsigned *ret_column) { _cleanup_(json_source_unrefp) JsonSource *source = NULL; _cleanup_free_ char *text = NULL; - const char *p; int r; if (f) @@ -3184,13 +3183,16 @@ int json_parse_file_at(FILE *f, int dir_fd, const char *path, JsonParseFlags fla if (r < 0) return r; + if (isempty(text)) + return -ENODATA; + if (path) { source = json_source_new(path); if (!source) return -ENOMEM; } - p = text; + const char *p = text; return json_parse_internal(&p, source, flags, ret, ret_line, ret_column, false); } diff --git a/src/test/test-json.c b/src/test/test-json.c index 1178843f685..2aecbe3557e 100644 --- a/src/test/test-json.c +++ b/src/test/test-json.c @@ -346,6 +346,24 @@ TEST(build) { assert_se(json_variant_equal(a, b)); } +TEST(json_parse_file_empty) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + + assert_se(fopen_unlocked("/dev/null", "re", &f) >= 0); + assert_se(json_parse_file(f, "waldo", 0, &v, NULL, NULL) == -ENODATA); + assert_se(v == NULL); +} + +TEST(json_parse_file_invalid) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + + assert_se(f = fmemopen_unlocked((void*) "kookoo", 6, "r")); + assert_se(json_parse_file(f, "waldo", 0, &v, NULL, NULL) == -EINVAL); + assert_se(v == NULL); +} + TEST(source) { static const char data[] = "\n" From 6cd8cc6fab216ca78becb4323d09fedea8824671 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Oct 2022 18:23:53 +0200 Subject: [PATCH 572/703] coredump: avoid deadlock when passing processed backtrace data We would deadlock when passing the data back from the forked-off process that was doing backtrace generation back to the coredump parent. This is because we fork the child and wait for it to exit. The child tries to write too much data to the output pipe, and and after the first 64k blocks on the parent because the pipe is full. The bug surfaced in Fedora because of a combination of four factors: - 87707784c70dc9894ec613df0a6e75e732a362a3 was backported to v251.5, which allowed coredump processing to be successful. - 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a was NOT backported, so the output was very verbose. - Fedora has the ELF package metadata available, so a lot of output can be generated. Most other distros just don't have the information. - gnome-calendar crashes and has a bazillion modules and 69596 bytes of output are generated for it. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778. The code is changed to try to write data opportunistically. If we get partial information, that is still logged. In is generally better to log partial backtrace information than nothing at all. (cherry picked from commit 076b807be472630692c5348c60d0c2b7b28ad437) (cherry picked from commit 087cbfd9362d15eaa389060baa64bc40d1d7fbd0) --- src/shared/elf-util.c | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c index 392ed9f31bb..644fbae9cea 100644 --- a/src/shared/elf-util.c +++ b/src/shared/elf-util.c @@ -30,6 +30,9 @@ #define THREADS_MAX 64 #define ELF_PACKAGE_METADATA_ID 0xcafe1a7e +/* The amount of data we're willing to write to each of the output pipes. */ +#define COREDUMP_PIPE_MAX (1024*1024U) + static void *dw_dl = NULL; static void *elf_dl = NULL; @@ -700,13 +703,13 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha return r; if (ret) { - r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC)); + r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC|O_NONBLOCK)); if (r < 0) return r; } if (ret_package_metadata) { - r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC)); + r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC|O_NONBLOCK)); if (r < 0) return r; } @@ -750,8 +753,24 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha goto child_fail; if (buf) { - r = loop_write(return_pipe[1], buf, strlen(buf), false); - if (r < 0) + size_t len = strlen(buf); + + if (len > COREDUMP_PIPE_MAX) { + /* This is iffy. A backtrace can be a few hundred kilobytes, but too much is + * too much. Let's log a warning and ignore the rest. */ + log_warning("Generated backtrace is %zu bytes (more than the limit of %u bytes), backtrace will be truncated.", + len, COREDUMP_PIPE_MAX); + len = COREDUMP_PIPE_MAX; + } + + /* Bump the space for the returned string. + * Failure is ignored, because partial output is still useful. */ + (void) fcntl(return_pipe[1], F_SETPIPE_SZ, len); + + r = loop_write(return_pipe[1], buf, len, false); + if (r == -EAGAIN) + log_warning("Write failed, backtrace will be truncated."); + else if (r < 0) goto child_fail; return_pipe[1] = safe_close(return_pipe[1]); @@ -760,13 +779,19 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha if (package_metadata) { _cleanup_fclose_ FILE *json_out = NULL; + /* Bump the space for the returned string. We don't know how much space we'll need in + * advance, so we'll just try to write as much as possible and maybe fail later. */ + (void) fcntl(json_pipe[1], F_SETPIPE_SZ, COREDUMP_PIPE_MAX); + json_out = take_fdopen(&json_pipe[1], "w"); if (!json_out) { r = -errno; goto child_fail; } - json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL); + r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL); + if (r < 0) + log_warning_errno(r, "Failed to write JSON package metadata, ignoring: %m"); } _exit(EXIT_SUCCESS); @@ -801,7 +826,7 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL); if (r < 0 && r != -ENODATA) /* ENODATA: json was empty, so we got nothing, but that's ok */ - return r; + log_warning_errno(r, "Failed to read or parse json metadata, ignoring: %m"); } if (ret) From ddceb9ddd118312925876ce835b6082c02aa0383 Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Wed, 19 Oct 2022 14:42:42 +0200 Subject: [PATCH 573/703] dissect: add missing --umount to the help output (cherry picked from commit 1b967529d225077f063d10fbc647f55d6c3aae0e) (cherry picked from commit d89e9993d2e58c9f9680005c5a66df33723c42af) --- src/dissect/dissect.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index 501ba90b242..8cb161326f1 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -71,6 +71,7 @@ static int help(void) { printf("%1$s [OPTIONS...] IMAGE\n" "%1$s [OPTIONS...] --mount IMAGE PATH\n" + "%1$s [OPTIONS...] --umount PATH\n" "%1$s [OPTIONS...] --copy-from IMAGE PATH [TARGET]\n" "%1$s [OPTIONS...] --copy-to IMAGE [SOURCE] PATH\n\n" "%5$sDissect a file system OS image.%6$s\n\n" From c7861e39a6b817af7facdcf5ba209663ec60b6ba Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Wed, 19 Oct 2022 14:43:50 +0200 Subject: [PATCH 574/703] bash-completion: add systemd-dissect support (cherry picked from commit 808ec9df3882b4df7cce9e9d937ddacc21a22f64) (cherry picked from commit 73d1dc665ba87f00d9742ca1428a3cb3ff983169) --- shell-completion/bash/systemd-dissect | 104 ++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 shell-completion/bash/systemd-dissect diff --git a/shell-completion/bash/systemd-dissect b/shell-completion/bash/systemd-dissect new file mode 100644 index 00000000000..5e1ce05e72c --- /dev/null +++ b/shell-completion/bash/systemd-dissect @@ -0,0 +1,104 @@ +# systemd-dissect(1) completion -*- shell-script -*- +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see . + +__contains_word() { + local w word=$1; shift + for w in "$@"; do + [[ $w = "$word" ]] && return + done +} + +_systemd_dissect() { + local comps + local cur=${COMP_WORDS[COMP_CWORD]} prev_1=${COMP_WORDS[COMP_CWORD-1]} prev_2=${COMP_WORDS[COMP_CWORD-2]} words cword + local -A OPTS=( + [STANDALONE]='-h --help --version + --no-pager + --no-legend + -r --read-only + --mkdir + --rmdir' + [ARG]='-m --mount -M + -u --umount -U + -x --copy-from + -a --copy-to + --fsck + --growfs + --discard + --root-hash + --root-hash-sig + --verity-data + --json' + ) + + _init_completion || return + + if __contains_word "$prev_1" ${OPTS[ARG]}; then + case $prev_1 in + -m|--mount|-M|-x|--copy-from|-a|--copy-to|--verity-data) + comps=$(compgen -A file -- "$cur") + compopt -o filenames + ;; + -u|--umount|-U) + comps=$(compgen -A directory -- "$cur" ) + compopt -o dirnames + ;; + --fsck|--growfs) + comps='yes no' + ;; + --discard) + comps='disabled loop all crypto' + ;; + --root-hash-sig) + comps="base64: $(compgen -A file -- "$cur")" + compopt -o filenames + ;; + --json) + comps='pretty short off' + ;; + esac + COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) + return 0 + fi + + if __contains_word "$prev_2" ${OPTS[ARG]}; then + case $prev_2 in + -m|--mount|-M) + comps=$(compgen -A directory -- "$cur" ) + compopt -o dirnames + ;; + *) + comps=$(compgen -A file -- "$cur" ) + compopt -o filenames + ;; + esac + COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) + return 0 + fi + + if [[ "$cur" = -* ]]; then + COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) + return 0 + fi + + COMPREPLY=( $(compgen -A file -- "$cur") ) + compopt -o filenames + return 0 +} + +complete -F _systemd_dissect systemd-dissect From 2220f8d28aff4eefa160e25980680ff70eb4990a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 19 Oct 2022 16:23:41 +0200 Subject: [PATCH 575/703] meson: always use libatomic if found Semi-quoting https://github.com/systemd/systemd/issues/25057: clang-16 has made the choice to turn on -Werror=implicit-function-declaration,implicit-int. (See Gentoo's tracker bug https://bugs.gentoo.org/870412). Added in commit 132c73b57ad1d363e97e1f4720f0e920826f34e1, systemd now does a check to see if libatomic is needed with some compile/link tests with e.g. __atomic_exchange_1, but the tests don't provide a prototype for __atomic_exchange_1 so with clang-16 the test fails, breaking the build. Let's simplify things by linking to libatomic unconditionally if it is found and seems to work. If actually unneeded, it might be dropped via --as-needed. This seems to work with gcc and clang. declare_dependency() is used instead of cc.find_library(), because the latter picks up a symlink in gcc private directory (e.g. /usr/lib/gcc/x86_64-redhat-linux/12/libatomic.so), and we don't want that. Fixes #25057. (cherry picked from commit 96f8c63601a33a7e9e47397be2de811e00477ad8) (cherry picked from commit d61ccd0252c532596c72bb1161d67b5b47ffb1a3) --- meson.build | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/meson.build b/meson.build index 305c81f16a3..01c4b4dc707 100644 --- a/meson.build +++ b/meson.build @@ -981,22 +981,23 @@ endif ##################################################################### -libatomic = [] -if not cc.links('''#include - int main() { - char i; - __atomic_exchange_1(&i, 1, 0); - return 1; - }''', - name : 'Atomic builtin requires -latomic') - libatomic = cc.find_library('atomic') -endif threads = dependency('threads') librt = cc.find_library('rt') libm = cc.find_library('m') libdl = cc.find_library('dl') libcrypt = cc.find_library('crypt') +# On some architectures, libatomic is required. But on some installations, +# it is found, but actual linking fails. So let's try to use it opportunistically. +# If it is installed, but not needed, it will be dropped because of --as-needed. +if cc.links('''int main(int argc, char **argv) { return 0; }''', + args : '-latomic', + name : 'libatomic') + libatomic = declare_dependency(link_args : '-latomic') +else + libatomic = [] +endif + crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? '''#include ''' : '''#include ''' foreach ident : [ ['crypt_ra', crypt_header], From a8675fa1b5f88ec6e79564106cc0419e36598388 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 24 Oct 2022 12:22:46 +0200 Subject: [PATCH 576/703] homed: properly initialize all return params (cherry picked from commit 3b1494ad700ca1ac4b5917b0bb97e7dc9fabc2be) (cherry picked from commit b0972e4df06967c8d83deb39c976765fc0e7c320) --- src/home/homework-luks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 2cfe8e414cd..1122e32575e 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -2669,6 +2669,7 @@ static int prepare_resize_partition( log_debug("Not rewriting partition table, operating on naked device."); *ret_disk_uuid = SD_ID128_NULL; *ret_table = NULL; + *ret_partition = NULL; return 0; } From 33fb3a9d0dd0b6a65399d52100a42648a91252a3 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 13 Aug 2022 05:08:38 +0900 Subject: [PATCH 577/703] network/bridge: fix UseBPDU= and AllowPortToBeRoot= Fixes bugs caused by 7f9915f0de67f3a10a4b22810d119da65af8c84a. Fixes #24268. (cherry picked from commit 3f504b892b92f54087feeb3fb35e3938567d7fa0) (cherry picked from commit 06dc900efa69bbebe1cff59112b4cfd40ed6b3b5) --- src/network/networkd-setlink.c | 4 ++-- test/networkd-test.py | 4 ++-- test/test-network/systemd-networkd-tests.py | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c index e00cc1e5892..1ab58a5bd21 100644 --- a/src/network/networkd-setlink.c +++ b/src/network/networkd-setlink.c @@ -317,7 +317,7 @@ static int link_configure( return log_link_debug_errno(link, r, "Could not open IFLA_PROTINFO container: %m"); if (link->network->use_bpdu >= 0) { - r = sd_netlink_message_append_u8(req, IFLA_BRPORT_GUARD, link->network->use_bpdu); + r = sd_netlink_message_append_u8(req, IFLA_BRPORT_GUARD, !link->network->use_bpdu); if (r < 0) return log_link_debug_errno(link, r, "Could not append IFLA_BRPORT_GUARD attribute: %m"); } @@ -335,7 +335,7 @@ static int link_configure( } if (link->network->allow_port_to_be_root >= 0) { - r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROTECT, link->network->allow_port_to_be_root); + r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROTECT, !link->network->allow_port_to_be_root); if (r < 0) return log_link_debug_errno(link, r, "Could not append IFLA_BRPORT_PROTECT attribute: %m"); } diff --git a/test/networkd-test.py b/test/networkd-test.py index f4598c7b7cf..280fb747379 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -289,8 +289,8 @@ def test_bridge_port_property(self): self.assertEqual(self.read_attr('port2', 'brport/path_cost'), '555') self.assertEqual(self.read_attr('port2', 'brport/multicast_fast_leave'), '1') self.assertEqual(self.read_attr('port2', 'brport/unicast_flood'), '1') - self.assertEqual(self.read_attr('port2', 'brport/bpdu_guard'), '1') - self.assertEqual(self.read_attr('port2', 'brport/root_block'), '1') + self.assertEqual(self.read_attr('port2', 'brport/bpdu_guard'), '0') + self.assertEqual(self.read_attr('port2', 'brport/root_block'), '0') class ClientTestBase(NetworkdTestingUtilities): """Provide common methods for testing networkd against servers.""" diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index ac2c1ba034f..d3b4a426efc 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -3806,8 +3806,8 @@ def test_bridge_keep_master(self): self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'neigh_suppress'), '1') self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'learning'), '0') self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'priority'), '23') - self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'bpdu_guard'), '1') - self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'root_block'), '1') + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'bpdu_guard'), '0') + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'root_block'), '0') def test_bridge_property(self): copy_unit_to_networkd_unit_path('11-dummy.netdev', '12-dummy.netdev', '26-bridge.netdev', @@ -3844,8 +3844,8 @@ def test_bridge_property(self): self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'neigh_suppress'), '1') self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'learning'), '0') self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'priority'), '23') - self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'bpdu_guard'), '1') - self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'root_block'), '1') + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'bpdu_guard'), '0') + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'root_block'), '0') output = check_output('bridge -d link show test1') print(output) From 5ede3388c530842a0b6c38a34a6256ede22ee226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Oct 2022 14:40:24 +0200 Subject: [PATCH 578/703] manager: reformat boolean expression in unit_is_pristine() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Not not IN_SET(…) is just too much for my poor brain. Let's invert the expression to make it easier to undertand. (cherry picked from commit b146a7345b69de16e88347acadb3783ffeeaad9d) (cherry picked from commit 228cd82d2cc9c24d42b2f025c24bfd29e1ce10c3) --- src/core/unit.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c index 92e06badc8b..a7b32084325 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4812,12 +4812,12 @@ bool unit_is_pristine(Unit *u) { * are marked UNIT_LOADED even though nothing was actually * loaded, as those unit types don't require a file on disk. */ - return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) || - u->fragment_path || - u->source_path || - !strv_isempty(u->dropin_paths) || - u->job || - u->merged_into); + return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && + !u->fragment_path && + !u->source_path && + strv_isempty(u->dropin_paths) && + !u->job && + !u->merged_into; } pid_t unit_control_pid(Unit *u) { From 1a09fb995e0e84c2a5f40945248644b174863c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 14 Oct 2022 15:02:20 +0200 Subject: [PATCH 579/703] manager: allow transient units to have drop-ins In https://github.com/containers/podman/issues/16107, starting of a transient slice unit fails because there's a "global" drop-in /usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by systemd-oomd-defaults package to install some default oomd policy). This means that the unit_is_pristine() check fails and starting of the unit is forbidden. It seems pretty clear to me that dropins at any other level then the unit should be ignored in this check: we now have multiple layers of drop-ins (for each level of the cgroup path, and also "global" ones for a specific unit type). If we install a "global" drop-in, we wouldn't be able to start any transient units of that type, which seems undesired. In principle we could reject dropins at the unit level, but I don't think that is useful. The whole reason for drop-ins is that they are "add ons", and there isn't any particular reason to disallow them for transient units. It would also make things harder to implement and describe: one place for drop-ins is good, but another is bad. (And as a corner case: for instanciated units, a drop-in in the template would be acceptable, but a instance-specific drop-in bad?) Thus, $subject. While at it, adjust the message. All the conditions in unit_is_pristine() essentially mean that it wasn't loaded (e.g. it might be in an error state), and that it doesn't have a fragment path (now that drop-ins are acceptable). If there's a job for it, it necessarilly must have been loaded. If it is merged into another unit, it also was loaded and found to be an alias. Based on the discussion in the bugs, it seems that the current message is far from obvious ;) Fixes https://github.com/containers/podman/issues/16107, https://bugzilla.redhat.com/show_bug.cgi?id=2133792. (cherry picked from commit 1f83244641f13a9cb28fdac7e3c17c5446242dfb) (cherry picked from commit 98a45608c4bf5aa1ba9b603ac2e5730f13659d88) --- src/core/dbus-manager.c | 2 +- src/core/unit.c | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 1a3098ceb14..9a2a5531c69 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -901,7 +901,7 @@ static int transient_unit_from_message( if (!unit_is_pristine(u)) return sd_bus_error_setf(error, BUS_ERROR_UNIT_EXISTS, - "Unit %s already exists.", name); + "Unit %s was already loaded or has a fragment file.", name); /* OK, the unit failed to load and is unreferenced, now let's * fill in the transient data instead */ diff --git a/src/core/unit.c b/src/core/unit.c index a7b32084325..60e4e42d2ff 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4806,16 +4806,18 @@ int unit_fail_if_noncanonical(Unit *u, const char* where) { bool unit_is_pristine(Unit *u) { assert(u); - /* Check if the unit already exists or is already around, - * in a number of different ways. Note that to cater for unit - * types such as slice, we are generally fine with units that - * are marked UNIT_LOADED even though nothing was actually - * loaded, as those unit types don't require a file on disk. */ + /* Check if the unit already exists or is already around, in a number of different ways. Note that to + * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED + * even though nothing was actually loaded, as those unit types don't require a file on disk. + * + * Note that we don't check for drop-ins here, because we allow drop-ins for transient units + * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service: + * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf. + */ return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && !u->fragment_path && !u->source_path && - strv_isempty(u->dropin_paths) && !u->job && !u->merged_into; } From ec35091c8a358aacbf787afb2bfab6a0996031ed Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Sun, 9 Oct 2022 17:16:12 +0200 Subject: [PATCH 580/703] meson: Fix build with --optimization=plain Note that -O0 is deliberately filtered out as we have to compile with at least -O1 due to #24202. Fixes: #24323 (cherry picked from commit 7aa4762ce274a1c9a59902b972fa4fdee1b22715) (cherry picked from commit 23d66a03dec8640e8f8603686c6d0a739084a823) --- src/boot/efi/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 22432e2cba6..ae3f53a044c 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -203,7 +203,7 @@ endif if get_option('debug') and get_option('mode') == 'developer' efi_cflags += ['-ggdb', '-DEFI_DEBUG'] endif -if get_option('optimization') != '0' +if get_option('optimization') in ['1', '2', '3', 's', 'g'] efi_cflags += ['-O' + get_option('optimization')] endif if get_option('b_ndebug') == 'true' or ( From 80bbb1ce70fb054612e6489f071197cd3eeeb514 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 25 Oct 2022 15:39:14 +0200 Subject: [PATCH 581/703] analyze: add --image= + --root= to --help text (cherry picked from commit 9f5b68d6b7b4ea2645f094bfc7a9e7c80ec3bcb0) (cherry picked from commit bdd84e82e5086282d259ca7ce6d4b4a0f3e30968) --- src/analyze/analyze.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index 3ecbdb10ce1..0fadd4204be 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -2515,6 +2515,8 @@ static int help(int argc, char *argv[], void *userdata) { " -h --help Show this help\n" " --version Show package version\n" " -q --quiet Do not emit hints\n" + " --root=PATH Operate on an alternate filesystem root\n" + " --image=PATH Operate on disk image as filesystem root\n" "\nSee the %s for details.\n", program_invocation_short_name, ansi_highlight(), From bd3a197ad19fc3211e7cae9a9f3a816ad0125b1c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Oct 2022 11:03:52 +0900 Subject: [PATCH 582/703] network: Table= also accepts table name (cherry picked from commit 29de4f7304bd02bd52bf484b08e704baf9e23948) (cherry picked from commit 3f94f033899049d22b7e6cc205e62f7b16d70393) --- src/network/networkd-route.c | 2 +- src/network/networkd-routing-policy-rule.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c index ee7a5350754..c348f4c7aac 100644 --- a/src/network/networkd-route.c +++ b/src/network/networkd-route.c @@ -2317,7 +2317,7 @@ int config_parse_route_table( r = manager_get_route_table_from_string(network->manager, rvalue, &n->table); if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, - "Could not parse route table number \"%s\", ignoring assignment: %m", rvalue); + "Could not parse route table \"%s\", ignoring assignment: %m", rvalue); return 0; } diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c index 90086f35a75..ba97d3210f8 100644 --- a/src/network/networkd-routing-policy-rule.c +++ b/src/network/networkd-routing-policy-rule.c @@ -1273,7 +1273,7 @@ int config_parse_routing_policy_rule_table( r = manager_get_route_table_from_string(network->manager, rvalue, &n->table); if (r < 0) { log_syntax(unit, LOG_WARNING, filename, line, r, - "Could not parse RPDB rule route table number \"%s\", ignoring assignment: %m", rvalue); + "Could not parse RPDB rule route table \"%s\", ignoring assignment: %m", rvalue); return 0; } From 1ac92e294fb9c4d9b26a2b1968f5c367490e38d7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Oct 2022 11:33:19 +0900 Subject: [PATCH 583/703] network: allow 0 for table number Fixes #25089. (cherry picked from commit 513bed294ef73566b170bd6943da702571278b1c) (cherry picked from commit 91b8491e976bb0967ab61f0ac5613f726dd2ed2b) --- src/network/networkd-route-util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/network/networkd-route-util.c b/src/network/networkd-route-util.c index c202078f07d..9deae88a820 100644 --- a/src/network/networkd-route-util.c +++ b/src/network/networkd-route-util.c @@ -289,8 +289,8 @@ int manager_get_route_table_to_string(const Manager *m, uint32_t table, char **r assert(m); assert(ret); - if (table == 0) - return -EINVAL; + /* Unlike manager_get_route_table_from_string(), this accepts 0, as the kernel may create routes with + * table 0. See issue #25089. */ s = route_table_to_string(table); if (!s) From fd95ed0f3b0ba6c611598018bfc4116dcb876956 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Fri, 28 Oct 2022 11:01:15 -0400 Subject: [PATCH 584/703] man: document reboot --poweroff exception When reboot is invoked, the -p/--poweroff option is intentionally ignored. Update the man page to reflect this exception. (cherry picked from commit 6dfaeac3704c68a1e297cef0c08e5b6ee1dbf3b7) (cherry picked from commit c339e8d71b4702a443339077b39b061848460c8d) --- man/halt.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/man/halt.xml b/man/halt.xml index 4b3beb80b79..3a3ca49425f 100644 --- a/man/halt.xml +++ b/man/halt.xml @@ -69,8 +69,9 @@ - Power-off the machine, regardless of which one - of the three commands is invoked. + Power-off the machine, when either halt + or poweroff is invoked. This option is ignored when + reboot is invoked. From 7bc34e7f55fd1332b8efe8b07cda40e3580940ed Mon Sep 17 00:00:00 2001 From: Steve Ramage Date: Sat, 29 Oct 2022 14:07:21 -0700 Subject: [PATCH 585/703] man: Add documentation for AssertCredential= (#25178) Fixes #25177. Co-authored-by: Steve Ramage (cherry picked from commit 1d87f03a6e62476b996bccaba62af329aa40ba1c) (cherry picked from commit 6fc2f387af6ad276a117b49c8e6fb6c8f5039df1) --- man/systemd.unit.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 6e553e1b3c2..70ac38fdfe3 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -1686,6 +1686,7 @@ AssertHost= AssertKernelCommandLine= AssertKernelVersion= + AssertCredential= AssertEnvironment= AssertSecurity= AssertCapability= From 49d7fee24fcbd43291e16847d7b7b09c5c3c8635 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 30 Oct 2022 09:43:05 +0900 Subject: [PATCH 586/703] udev: always create device symlinks for USB disks Previously, ata_id might not be able to retrieve attributes correctly, and properties from usb_id were used as a fallback. See issue #24921 and PR #24923. To keep backward compatibility, still we need to create symlinks based on USB serial. Fixes #25179. (cherry picked from commit 479da1107a0d4e2f7ef5cd938512b87a0e45f180) (cherry picked from commit b61fcaca1b4243f3adac7eb6b6dc39585f1c03a4) --- rules.d/60-persistent-storage.rules | 10 ++++-- src/udev/udev-builtin-usb_id.c | 55 ++++++++++++++++++++++------- 2 files changed, 51 insertions(+), 14 deletions(-) diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules index bfab0c0a7c0..7a5ff6b4294 100644 --- a/rules.d/60-persistent-storage.rules +++ b/rules.d/60-persistent-storage.rules @@ -59,14 +59,20 @@ KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{type}== # Run ata_id on non-removable USB Mass Storage (SATA/PATA disks in enclosures) KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", ATTR{removable}=="0", SUBSYSTEMS=="usb", IMPORT{program}="ata_id --export $devnode" -# Fall back usb_id for USB devices -KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" +# Also import properties from usb_id for USB devices +KERNEL=="sd*[!0-9]|sr*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" # SCSI devices KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="scsi" KERNEL=="cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="cciss" KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n" +# Previously, ata_id in the above might not be able to retrieve attributes correctly, +# and properties from usb_id were used as a fallback. See issue #24921 and PR #24923. +# To keep backward compatibility, still we need to create symlinks based on USB serial. +# See issue #25179. +KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_USB_SERIAL}=="?*", SYMLINK+="disk/by-id/usb-$env{ID_USB_SERIAL}" +KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_USB_SERIAL}=="?*", SYMLINK+="disk/by-id/usb-$env{ID_USB_SERIAL}-part%n" # PMEM devices KERNEL=="pmem*", ENV{DEVTYPE}=="disk", ATTRS{uuid}=="?*", SYMLINK+="disk/by-id/pmem-$attr{uuid}" diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c index d37469c62b1..5814de136c1 100644 --- a/src/udev/udev-builtin-usb_id.c +++ b/src/udev/udev-builtin-usb_id.c @@ -427,21 +427,52 @@ static int builtin_usb_id(sd_device *dev, sd_netlink **rtnl, int argc, char *arg if (!isempty(instance_str)) strpcpyl(&s, l, "-", instance_str, NULL); - udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str); - udev_builtin_add_property(dev, test, "ID_VENDOR_ENC", vendor_str_enc); - udev_builtin_add_property(dev, test, "ID_VENDOR_ID", vendor_id); - udev_builtin_add_property(dev, test, "ID_MODEL", model_str); - udev_builtin_add_property(dev, test, "ID_MODEL_ENC", model_str_enc); - udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id); - udev_builtin_add_property(dev, test, "ID_REVISION", revision_str); - udev_builtin_add_property(dev, test, "ID_SERIAL", serial); + if (sd_device_get_property_value(dev, "ID_BUS", NULL) >= 0) + log_device_debug(dev, "ID_BUS property is already set, setting only properties prefixed with \"ID_USB_\"."); + else { + udev_builtin_add_property(dev, test, "ID_BUS", "usb"); + + udev_builtin_add_property(dev, test, "ID_MODEL", model_str); + udev_builtin_add_property(dev, test, "ID_MODEL_ENC", model_str_enc); + udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id); + + udev_builtin_add_property(dev, test, "ID_SERIAL", serial); + if (!isempty(serial_str)) + udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str); + + udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str); + udev_builtin_add_property(dev, test, "ID_VENDOR_ENC", vendor_str_enc); + udev_builtin_add_property(dev, test, "ID_VENDOR_ID", vendor_id); + + udev_builtin_add_property(dev, test, "ID_REVISION", revision_str); + + if (!isempty(type_str)) + udev_builtin_add_property(dev, test, "ID_TYPE", type_str); + + if (!isempty(instance_str)) + udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str); + } + + /* Also export the same values in the above by prefixing ID_USB_. */ + udev_builtin_add_property(dev, test, "ID_USB_MODEL", model_str); + udev_builtin_add_property(dev, test, "ID_USB_MODEL_ENC", model_str_enc); + udev_builtin_add_property(dev, test, "ID_USB_MODEL_ID", product_id); + udev_builtin_add_property(dev, test, "ID_USB_SERIAL", serial); if (!isempty(serial_str)) - udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str); + udev_builtin_add_property(dev, test, "ID_USB_SERIAL_SHORT", serial_str); + + udev_builtin_add_property(dev, test, "ID_USB_VENDOR", vendor_str); + udev_builtin_add_property(dev, test, "ID_USB_VENDOR_ENC", vendor_str_enc); + udev_builtin_add_property(dev, test, "ID_USB_VENDOR_ID", vendor_id); + + udev_builtin_add_property(dev, test, "ID_USB_REVISION", revision_str); + if (!isempty(type_str)) - udev_builtin_add_property(dev, test, "ID_TYPE", type_str); + udev_builtin_add_property(dev, test, "ID_USB_TYPE", type_str); + if (!isempty(instance_str)) - udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str); - udev_builtin_add_property(dev, test, "ID_BUS", "usb"); + udev_builtin_add_property(dev, test, "ID_USB_INSTANCE", instance_str); + if (!isempty(packed_if_str)) udev_builtin_add_property(dev, test, "ID_USB_INTERFACES", packed_if_str); if (ifnum) From bc3e925508f843ddd01354786c82ec279392d5dc Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 31 Oct 2022 12:22:37 +0100 Subject: [PATCH 587/703] resolved: fix copypasta in resolved varlink API As reported by @holtmann (cherry picked from commit 6032283b2fcc4ff6713eb84433a170a71ff84641) (cherry picked from commit d94f19781816a03178e67b24f4d8d879e7ebcb6d) --- src/resolve/resolved-varlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c index 59ebd8c3127..ec48244347f 100644 --- a/src/resolve/resolved-varlink.c +++ b/src/resolve/resolved-varlink.c @@ -488,7 +488,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family")); if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size) - return varlink_error(link, "io.systemd.UserDatabase.BadAddressSize", NULL); + return varlink_error(link, "io.systemd.Resolve.BadAddressSize", NULL); if (!validate_and_mangle_flags(NULL, &p.flags, 0)) return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("flags")); From d14ba5808e1f090d5ded0cb18e086a732dbea415 Mon Sep 17 00:00:00 2001 From: Youfu Zhang <1315097+zhangyoufu@users.noreply.github.com> Date: Tue, 1 Nov 2022 13:18:25 +0800 Subject: [PATCH 588/703] resolved: fix typo in feature level table (cherry picked from commit 2ab0042854934827e61076c6e42c7381fdf78fdf) (cherry picked from commit 66fa6110ba73f17dc44d044ffdbb2554b19ca9fe) --- src/resolve/resolved-dns-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c index cd755b13d4c..6435a2209a0 100644 --- a/src/resolve/resolved-dns-server.c +++ b/src/resolve/resolved-dns-server.c @@ -1090,6 +1090,6 @@ static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVE [DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0", [DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN] = "TLS+EDNS0", [DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO", - [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+D0", + [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+DO", }; DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel); From a256d9f790a67e68202ac58e4574bb0e57a4e41a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 1 Nov 2022 13:36:52 +0900 Subject: [PATCH 589/703] network: forcibly reconfigure all interfaces after sleep Previously, interfaces are partially reconfigured in a spurious way. Let's use the same way as `networkctl reconfigure`. Hopefully fixes #14987 and #24997. (cherry picked from commit a39a9ac8065c29330207838b70fe388bde2bc254) (cherry picked from commit 7eefd2fbb718fde3a03456d7468f72bb86043816) --- src/network/networkd-link.c | 48 ++-------------------------------- src/network/networkd-manager.c | 28 +++++++------------- 2 files changed, 11 insertions(+), 65 deletions(-) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index b62a154828a..3955ab9ad8e 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1377,46 +1377,10 @@ static int link_force_reconfigure_handler(sd_netlink *rtnl, sd_netlink_message * return link_reconfigure_handler_internal(rtnl, m, link, /* force = */ true); } -static int link_reconfigure_after_sleep_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - - assert(link); - - r = link_reconfigure_handler_internal(rtnl, m, link, /* force = */ false); - if (r != 0) - return r; - - /* r == 0 means an error occurs, the link is unmanaged, or the matching network file is unchanged. */ - if (!IN_SET(link->state, LINK_STATE_CONFIGURING, LINK_STATE_CONFIGURED)) - return 0; - - /* re-request static configs, and restart engines. */ - r = link_stop_engines(link, false); - if (r < 0) { - link_enter_failed(link); - return 0; - } - - r = link_acquire_dynamic_conf(link); - if (r < 0) { - link_enter_failed(link); - return 0; - } - - r = link_request_static_configs(link); - if (r < 0) { - link_enter_failed(link); - return 0; - } - - return 0; -} - -static int link_reconfigure_internal(Link *link, link_netlink_message_handler_t callback) { +int link_reconfigure(Link *link, bool force) { int r; assert(link); - assert(callback); /* When link in pending or initialized state, then link_configure() will be called. To prevent * the function from being called multiple times simultaneously, refuse to reconfigure the @@ -1424,21 +1388,13 @@ static int link_reconfigure_internal(Link *link, link_netlink_message_handler_t if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_INITIALIZED, LINK_STATE_LINGER)) return 0; /* 0 means no-op. */ - r = link_call_getlink(link, callback); + r = link_call_getlink(link, force ? link_force_reconfigure_handler : link_reconfigure_handler); if (r < 0) return r; return 1; /* 1 means the interface will be reconfigured. */ } -int link_reconfigure(Link *link, bool force) { - return link_reconfigure_internal(link, force ? link_force_reconfigure_handler : link_reconfigure_handler); -} - -int link_reconfigure_after_sleep(Link *link) { - return link_reconfigure_internal(link, link_reconfigure_after_sleep_handler); -} - static int link_initialized_and_synced(Link *link) { Network *network; int r; diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c index e1696d6d422..ff2770f59f7 100644 --- a/src/network/networkd-manager.c +++ b/src/network/networkd-manager.c @@ -57,25 +57,9 @@ /* use 128 MB for receive socket kernel queue. */ #define RCVBUF_SIZE (128*1024*1024) -static int manager_reset_all(Manager *m) { - Link *link; - int r; - - assert(m); - - HASHMAP_FOREACH(link, m->links_by_index) { - r = link_reconfigure_after_sleep(link); - if (r < 0) { - log_link_warning_errno(link, r, "Failed to reconfigure interface: %m"); - link_enter_failed(link); - } - } - - return 0; -} - static int match_prepare_for_sleep(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) { Manager *m = userdata; + Link *link; int b, r; assert(message); @@ -90,9 +74,15 @@ static int match_prepare_for_sleep(sd_bus_message *message, void *userdata, sd_b if (b) return 0; - log_debug("Coming back from suspend, resetting all connections..."); + log_debug("Coming back from suspend, reconfiguring all connections..."); - (void) manager_reset_all(m); + HASHMAP_FOREACH(link, m->links_by_index) { + r = link_reconfigure(link, /* force = */ true); + if (r < 0) { + log_link_warning_errno(link, r, "Failed to reconfigure interface: %m"); + link_enter_failed(link); + } + } return 0; } From de218255b6c5d6e21f0f8e42f2b31c3eea73b29f Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 2 Nov 2022 11:48:23 +0100 Subject: [PATCH 590/703] man: use the correct 'Markers' property name for marking units Follow-up to c9615f7352 and 70666e28a1. (cherry picked from commit 1ca1bb03dec9ae3e8d734bd40eeb60210ffd7a0a) (cherry picked from commit ee42e84968e9a69e8dfc9d25839477227d697cbb) --- man/org.freedesktop.systemd1.xml | 2 +- man/systemctl.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 9515d117ae4..c605979fcca 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1205,7 +1205,7 @@ node /org/freedesktop/systemd1 { "ReloadOrRestart" flavors attempt a reload if the unit supports it and use a restart otherwise. EnqueueMarkedJobs() creates reload/restart jobs for units which have been - appropriately marked, see Marks property above. This is equivalent to calling + appropriately marked, see Markers property above. This is equivalent to calling TryRestartUnit() or ReloadOrTryRestartUnit() for the marked units. diff --git a/man/systemctl.xml b/man/systemctl.xml index bf83b8e4837..23712465140 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -2346,7 +2346,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err Only allowed with reload-or-restart. Enqueues restart jobs for all units that have the needs-restart mark, and reload jobs for units that have the needs-reload mark. When a unit marked for reload does not support reload, restart - will be queued. Those properties can be set using set-property Marks. + will be queued. Those properties can be set using set-property Markers=…. Unless is used, systemctl will wait for the queued jobs to finish. From be8d4dfc2e05dd7702ab10f333e330e45c3e63cf Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 14 Oct 2022 01:18:47 +0900 Subject: [PATCH 591/703] sd-device-monitor: dynamically allocate receive buffer If udevd broadcasts a processed device with huge amount of properties, then clients cannot receive the device. Fixes #24987. (cherry picked from commit efbd4b3ca84c0426b6ff98d6352f82f3b7c090b2) (cherry picked from commit cf21555d6df5d9eed0bf5699262deb6e9388b63b) --- src/libsystemd/sd-device/device-monitor.c | 74 +++++++++++++++-------- 1 file changed, 50 insertions(+), 24 deletions(-) diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c index f126d88dbd5..5cc49361188 100644 --- a/src/libsystemd/sd-device/device-monitor.c +++ b/src/libsystemd/sd-device/device-monitor.c @@ -416,14 +416,13 @@ static int passes_filter(sd_device_monitor *m, sd_device *device) { int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) { _cleanup_(sd_device_unrefp) sd_device *device = NULL; + _cleanup_free_ uint8_t *buf_alloc = NULL; union { - monitor_netlink_header nlh; - char raw[8192]; - } buf; - struct iovec iov = { - .iov_base = &buf, - .iov_len = sizeof(buf) - }; + monitor_netlink_header *nlh; + char *nulstr; + uint8_t *buf; + } message; + struct iovec iov; CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control; union sockaddr_union snl; struct msghdr smsg = { @@ -436,21 +435,45 @@ int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) { }; struct cmsghdr *cmsg; struct ucred *cred; - ssize_t buflen, bufpos; + size_t offset; + ssize_t n; bool is_initialized = false; int r; assert(m); assert(ret); - buflen = recvmsg(m->sock, &smsg, 0); - if (buflen < 0) { + n = next_datagram_size_fd(m->sock); + if (n < 0) { + if (!ERRNO_IS_TRANSIENT(n)) + log_debug_errno(n, "Failed to get the received message size: %m"); + return n; + } + + if ((size_t) n < ALLOCA_MAX / sizeof(uint8_t) / 2) + message.buf = newa(uint8_t, n); + else { + buf_alloc = new(uint8_t, n); + if (!buf_alloc) + return log_oom_debug(); + + message.buf = buf_alloc; + } + + iov = IOVEC_MAKE(message.buf, n); + + n = recvmsg(m->sock, &smsg, 0); + if (n < 0) { if (!ERRNO_IS_TRANSIENT(errno)) log_debug_errno(errno, "sd-device-monitor: Failed to receive message: %m"); return -errno; } - if (buflen < 32 || (smsg.msg_flags & MSG_TRUNC)) + if (smsg.msg_flags & MSG_TRUNC) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), + "Received truncated message, ignoring message."); + + if (n < 32) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "sd-device-monitor: Invalid message length."); @@ -477,37 +500,40 @@ int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) { return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "sd-device-monitor: Sender uid="UID_FMT", message ignored.", cred->uid); - if (streq(buf.raw, "libudev")) { + if (!memchr(message.buf, 0, n)) + return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), + "Received message without NUL, ignoring message."); + + if (streq(message.nulstr, "libudev")) { /* udev message needs proper version magic */ - if (buf.nlh.magic != htobe32(UDEV_MONITOR_MAGIC)) + if (message.nlh->magic != htobe32(UDEV_MONITOR_MAGIC)) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "sd-device-monitor: Invalid message signature (%x != %x)", - buf.nlh.magic, htobe32(UDEV_MONITOR_MAGIC)); + message.nlh->magic, htobe32(UDEV_MONITOR_MAGIC)); - if (buf.nlh.properties_off+32 > (size_t) buflen) + if (message.nlh->properties_off + 32 > (size_t) n) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), - "sd-device-monitor: Invalid message length (%u > %zd)", - buf.nlh.properties_off+32, buflen); + "Invalid offset for properties (%u > %zi).", + message.nlh->properties_off + 32, n); - bufpos = buf.nlh.properties_off; + offset = message.nlh->properties_off; /* devices received from udev are always initialized */ is_initialized = true; } else { - /* kernel message with header */ - bufpos = strlen(buf.raw) + 1; - if ((size_t) bufpos < sizeof("a@/d") || bufpos >= buflen) + /* check kernel message header */ + if (!strstr(message.nulstr, "@/")) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "sd-device-monitor: Invalid message length"); - /* check message header */ - if (!strstr(buf.raw, "@/")) + offset = strlen(message.nulstr) + 1; + if (offset >= (size_t) n) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "sd-device-monitor: Invalid message header"); } - r = device_new_from_nulstr(&device, &buf.raw[bufpos], buflen - bufpos); + r = device_new_from_nulstr(&device, message.nulstr + offset, n - offset); if (r < 0) return log_debug_errno(r, "sd-device-monitor: Failed to create device from received message: %m"); From 45d323fc889a55fae400a5b08a56273d5724ef4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 29 Nov 2022 09:00:16 +0100 Subject: [PATCH 592/703] coredump: adjust whitespace (cherry picked from commit 510a146634f3e095b34e2a26023b1b1f99dcb8c0) (cherry picked from commit cc2eb7a9b5fd6d9dd8ea35fb045ce6e5e16e1187) (cherry picked from commit cb044d734c44cd3c05a6e438b5b995b2a9cfa73c) --- src/coredump/coredump.c | 56 ++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index eaea63f6824..8295b03ac78 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -103,16 +103,16 @@ enum { }; static const char * const meta_field_names[_META_MAX] = { - [META_ARGV_PID] = "COREDUMP_PID=", - [META_ARGV_UID] = "COREDUMP_UID=", - [META_ARGV_GID] = "COREDUMP_GID=", - [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=", - [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=", - [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=", - [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=", - [META_COMM] = "COREDUMP_COMM=", - [META_EXE] = "COREDUMP_EXE=", - [META_UNIT] = "COREDUMP_UNIT=", + [META_ARGV_PID] = "COREDUMP_PID=", + [META_ARGV_UID] = "COREDUMP_UID=", + [META_ARGV_GID] = "COREDUMP_GID=", + [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=", + [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=", + [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=", + [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=", + [META_COMM] = "COREDUMP_COMM=", + [META_EXE] = "COREDUMP_EXE=", + [META_UNIT] = "COREDUMP_UNIT=", }; typedef struct Context { @@ -131,9 +131,9 @@ typedef enum CoredumpStorage { } CoredumpStorage; static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = { - [COREDUMP_STORAGE_NONE] = "none", + [COREDUMP_STORAGE_NONE] = "none", [COREDUMP_STORAGE_EXTERNAL] = "external", - [COREDUMP_STORAGE_JOURNAL] = "journal", + [COREDUMP_STORAGE_JOURNAL] = "journal", }; DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage); @@ -149,13 +149,13 @@ static uint64_t arg_max_use = UINT64_MAX; static int parse_config(void) { static const ConfigTableItem items[] = { - { "Coredump", "Storage", config_parse_coredump_storage, 0, &arg_storage }, - { "Coredump", "Compress", config_parse_bool, 0, &arg_compress }, - { "Coredump", "ProcessSizeMax", config_parse_iec_uint64, 0, &arg_process_size_max }, - { "Coredump", "ExternalSizeMax", config_parse_iec_uint64_infinity, 0, &arg_external_size_max }, - { "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max }, - { "Coredump", "KeepFree", config_parse_iec_uint64, 0, &arg_keep_free }, - { "Coredump", "MaxUse", config_parse_iec_uint64, 0, &arg_max_use }, + { "Coredump", "Storage", config_parse_coredump_storage, 0, &arg_storage }, + { "Coredump", "Compress", config_parse_bool, 0, &arg_compress }, + { "Coredump", "ProcessSizeMax", config_parse_iec_uint64, 0, &arg_process_size_max }, + { "Coredump", "ExternalSizeMax", config_parse_iec_uint64_infinity, 0, &arg_external_size_max }, + { "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max }, + { "Coredump", "KeepFree", config_parse_iec_uint64, 0, &arg_keep_free }, + { "Coredump", "MaxUse", config_parse_iec_uint64, 0, &arg_max_use }, {} }; @@ -201,15 +201,15 @@ static int fix_acl(int fd, uid_t uid) { static int fix_xattr(int fd, const Context *context) { static const char * const xattrs[_META_MAX] = { - [META_ARGV_PID] = "user.coredump.pid", - [META_ARGV_UID] = "user.coredump.uid", - [META_ARGV_GID] = "user.coredump.gid", - [META_ARGV_SIGNAL] = "user.coredump.signal", - [META_ARGV_TIMESTAMP] = "user.coredump.timestamp", - [META_ARGV_RLIMIT] = "user.coredump.rlimit", - [META_ARGV_HOSTNAME] = "user.coredump.hostname", - [META_COMM] = "user.coredump.comm", - [META_EXE] = "user.coredump.exe", + [META_ARGV_PID] = "user.coredump.pid", + [META_ARGV_UID] = "user.coredump.uid", + [META_ARGV_GID] = "user.coredump.gid", + [META_ARGV_SIGNAL] = "user.coredump.signal", + [META_ARGV_TIMESTAMP] = "user.coredump.timestamp", + [META_ARGV_RLIMIT] = "user.coredump.rlimit", + [META_ARGV_HOSTNAME] = "user.coredump.hostname", + [META_COMM] = "user.coredump.comm", + [META_EXE] = "user.coredump.exe", }; int r = 0; From 1d5e0e9910500f3c3584485f77bfc35e601036e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 28 Nov 2022 12:12:55 +0100 Subject: [PATCH 593/703] coredump: do not allow user to access coredumps with changed uid/gid/capabilities When the user starts a program which elevates its permissions via setuid, setgid, or capabilities set on the file, it may access additional information which would then be visible in the coredump. We shouldn't make the the coredump visible to the user in such cases. Reported-by: Matthias Gerstner This reads the /proc//auxv file and attaches it to the process metadata as PROC_AUXV. Before the coredump is submitted, it is parsed and if either at_secure was set (which the kernel will do for processes that are setuid, setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file is not made accessible to the user. If we can't access this data, we assume the file should not be made accessible either. In principle we could also access the auxv data from a note in the core file, but that is much more complex and it seems better to use the stand-alone file that is provided by the kernel. Attaching auxv is both convient for this patch (because this way it's passed between the stages along with other fields), but I think it makes sense to save it in general. We use the information early in the core file to figure out if the program was 32-bit or 64-bit and its endianness. This way we don't need heuristics to guess whether the format of the auxv structure. This test might reject some cases on fringe architecutes. But the impact would be limited: we just won't grant the user permissions to view the coredump file. If people report that we're missing some cases, we can always enhance this to support more architectures. I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and ppc64el, but not the whole coredump handling. (cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03) (cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c) (cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57) --- src/basic/io-util.h | 9 ++ src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++--- 2 files changed, 192 insertions(+), 13 deletions(-) diff --git a/src/basic/io-util.h b/src/basic/io-util.h index 39728e06bcf..3afb134266a 100644 --- a/src/basic/io-util.h +++ b/src/basic/io-util.h @@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void); struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw); struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw); void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors); + int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len); +static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) { + /* Move data into iovw or free on error */ + int r = iovw_put(iovw, data, len); + if (r < 0) + free(data); + return r; +} + int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value); int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value); void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new); diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index 8295b03ac78..79280ab986e 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include @@ -99,6 +100,7 @@ enum { META_EXE = _META_MANDATORY_MAX, META_UNIT, + META_PROC_AUXV, _META_MAX }; @@ -113,10 +115,12 @@ static const char * const meta_field_names[_META_MAX] = { [META_COMM] = "COREDUMP_COMM=", [META_EXE] = "COREDUMP_EXE=", [META_UNIT] = "COREDUMP_UNIT=", + [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=", }; typedef struct Context { const char *meta[_META_MAX]; + size_t meta_size[_META_MAX]; pid_t pid; bool is_pid1; bool is_journald; @@ -178,13 +182,16 @@ static uint64_t storage_size_max(void) { return 0; } -static int fix_acl(int fd, uid_t uid) { +static int fix_acl(int fd, uid_t uid, bool allow_user) { + assert(fd >= 0); + assert(uid_is_valid(uid)); #if HAVE_ACL int r; - assert(fd >= 0); - assert(uid_is_valid(uid)); + /* We don't allow users to read coredumps if the uid or capabilities were changed. */ + if (!allow_user) + return 0; if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) return 0; @@ -244,7 +251,8 @@ static int fix_permissions( const char *filename, const char *target, const Context *context, - uid_t uid) { + uid_t uid, + bool allow_user) { int r; @@ -254,7 +262,7 @@ static int fix_permissions( /* Ignore errors on these */ (void) fchmod(fd, 0640); - (void) fix_acl(fd, uid); + (void) fix_acl(fd, uid, allow_user); (void) fix_xattr(fd, context); r = fsync_full(fd); @@ -324,6 +332,153 @@ static int make_filename(const Context *context, char **ret) { return 0; } +static int parse_auxv64( + const uint64_t *auxv, + size_t size_bytes, + int *at_secure, + uid_t *uid, + uid_t *euid, + gid_t *gid, + gid_t *egid) { + + assert(auxv || size_bytes == 0); + + if (size_bytes % (2 * sizeof(uint64_t)) != 0) + return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); + + size_t words = size_bytes / sizeof(uint64_t); + + /* Note that we set output variables even on error. */ + + for (size_t i = 0; i + 1 < words; i += 2) + switch (auxv[i]) { + case AT_SECURE: + *at_secure = auxv[i + 1] != 0; + break; + case AT_UID: + *uid = auxv[i + 1]; + break; + case AT_EUID: + *euid = auxv[i + 1]; + break; + case AT_GID: + *gid = auxv[i + 1]; + break; + case AT_EGID: + *egid = auxv[i + 1]; + break; + case AT_NULL: + if (auxv[i + 1] != 0) + goto error; + return 0; + } + error: + return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), + "AT_NULL terminator not found, cannot parse auxv structure."); +} + +static int parse_auxv32( + const uint32_t *auxv, + size_t size_bytes, + int *at_secure, + uid_t *uid, + uid_t *euid, + gid_t *gid, + gid_t *egid) { + + assert(auxv || size_bytes == 0); + + size_t words = size_bytes / sizeof(uint32_t); + + if (size_bytes % (2 * sizeof(uint32_t)) != 0) + return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); + + /* Note that we set output variables even on error. */ + + for (size_t i = 0; i + 1 < words; i += 2) + switch (auxv[i]) { + case AT_SECURE: + *at_secure = auxv[i + 1] != 0; + break; + case AT_UID: + *uid = auxv[i + 1]; + break; + case AT_EUID: + *euid = auxv[i + 1]; + break; + case AT_GID: + *gid = auxv[i + 1]; + break; + case AT_EGID: + *egid = auxv[i + 1]; + break; + case AT_NULL: + if (auxv[i + 1] != 0) + goto error; + return 0; + } + error: + return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), + "AT_NULL terminator not found, cannot parse auxv structure."); +} + +static int grant_user_access(int core_fd, const Context *context) { + int at_secure = -1; + uid_t uid = UID_INVALID, euid = UID_INVALID; + uid_t gid = GID_INVALID, egid = GID_INVALID; + int r; + + assert(core_fd >= 0); + assert(context); + + if (!context->meta[META_PROC_AUXV]) + return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions."); + + uint8_t elf[EI_NIDENT]; + errno = 0; + if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf)) + return log_warning_errno(errno_or_else(EIO), + "Failed to pread from coredump fd: %s", errno != 0 ? strerror_safe(errno) : "Unexpected EOF"); + + if (elf[EI_MAG0] != ELFMAG0 || + elf[EI_MAG1] != ELFMAG1 || + elf[EI_MAG2] != ELFMAG2 || + elf[EI_MAG3] != ELFMAG3 || + elf[EI_VERSION] != EV_CURRENT) + return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), + "Core file does not have ELF header, not adjusting permissions."); + if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) || + !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB)) + return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), + "Core file has strange ELF class, not adjusting permissions."); + + if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN)) + return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), + "Core file has non-native endianness, not adjusting permissions."); + + if (elf[EI_CLASS] == ELFCLASS64) + r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV], + context->meta_size[META_PROC_AUXV], + &at_secure, &uid, &euid, &gid, &egid); + else + r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV], + context->meta_size[META_PROC_AUXV], + &at_secure, &uid, &euid, &gid, &egid); + if (r < 0) + return r; + + /* We allow access if we got all the data and at_secure is not set and + * the uid/gid matches euid/egid. */ + bool ret = + at_secure == 0 && + uid != UID_INVALID && euid != UID_INVALID && uid == euid && + gid != GID_INVALID && egid != GID_INVALID && gid == egid; + log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)", + ret ? "permit" : "restrict", + uid, euid, gid, egid, yes_no(at_secure)); + return ret; +} + static int save_external_coredump( const Context *context, int input_fd, @@ -446,6 +601,8 @@ static int save_external_coredump( context->meta[META_ARGV_PID], context->meta[META_COMM]); truncated = r == 1; + bool allow_user = grant_user_access(fd, context) > 0; + #if HAVE_COMPRESSION if (arg_compress) { _cleanup_(unlink_and_freep) char *tmp_compressed = NULL; @@ -483,7 +640,7 @@ static int save_external_coredump( uncompressed_size += partial_uncompressed_size; } - r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); + r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user); if (r < 0) return r; @@ -510,7 +667,7 @@ static int save_external_coredump( "SIZE_LIMIT=%"PRIu64, max_size, "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); - r = fix_permissions(fd, tmp, fn, context, uid); + r = fix_permissions(fd, tmp, fn, context, uid, allow_user); if (r < 0) return log_error_errno(r, "Failed to fix permissions and finalize coredump %s into %s: %m", coredump_tmpfile_name(tmp), fn); @@ -758,7 +915,7 @@ static int change_uid_gid(const Context *context) { } static int submit_coredump( - Context *context, + const Context *context, struct iovec_wrapper *iovw, int input_fd) { @@ -919,16 +1076,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { struct iovec *iovec = iovw->iovec + n; for (size_t i = 0; i < ELEMENTSOF(meta_field_names); i++) { - char *p; - /* Note that these strings are NUL terminated, because we made sure that a * trailing NUL byte is in the buffer, though not included in the iov_len * count (see process_socket() and gather_pid_metadata_*()) */ assert(((char*) iovec->iov_base)[iovec->iov_len] == 0); - p = startswith(iovec->iov_base, meta_field_names[i]); + const char *p = startswith(iovec->iov_base, meta_field_names[i]); if (p) { context->meta[i] = p; + context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]); count++; break; } @@ -1170,6 +1326,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { uid_t owner_uid; pid_t pid; char *t; + size_t size; const char *p; int r; @@ -1234,13 +1391,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t); p = procfs_file_alloca(pid, "cgroup"); - if (read_full_virtual_file(p, &t, NULL) >=0) + if (read_full_virtual_file(p, &t, NULL) >= 0) (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t); p = procfs_file_alloca(pid, "mountinfo"); - if (read_full_virtual_file(p, &t, NULL) >=0) + if (read_full_virtual_file(p, &t, NULL) >= 0) (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t); + /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */ + p = procfs_file_alloca(pid, "auxv"); + if (read_full_virtual_file(p, &t, &size) >= 0) { + char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1); + if (buf) { + /* Add a dummy terminator to make save_context() happy. */ + *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0'; + (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV=")); + } + + free(t); + } + if (get_process_cwd(pid, &t) >= 0) (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t); From c5d344ea8b2e8dc6951360a29c5e920199c81c65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 13 Dec 2022 11:15:17 +0100 Subject: [PATCH 594/703] coredump: cescape invalid json data before logging In both cases, the json string is short, so we can print it, which is useful for diagnosing invalid data in packages. But we need escape non-printable characters. https://bugzilla.redhat.com/show_bug.cgi?id=2152685 I went over the rest of the codebase, and it seems that other calls to json_parse() don't have this problem. (cherry picked from commit c5966ab5bf43b4fb45998760beaffa6c7f9e8a9e) (cherry picked from commit 57ab4e2d47dd7c03113b66b78175242a597bd0dc) (cherry picked from commit 6208326afb592e901d5fc8cf1b09fb764e1fdb6b) --- src/coredump/coredumpctl.c | 8 +++++--- src/shared/elf-util.c | 7 +++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c index 2904de3728c..efdca36f43f 100644 --- a/src/coredump/coredumpctl.c +++ b/src/coredump/coredumpctl.c @@ -15,6 +15,7 @@ #include "bus-util.h" #include "compress.h" #include "def.h" +#include "escape.h" #include "fd-util.h" #include "format-table.h" #include "fs-util.h" @@ -733,9 +734,10 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) { _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; r = json_parse(pkgmeta_json, 0, &v, NULL, NULL); - if (r < 0) - log_warning_errno(r, "json_parse on %s failed, ignoring: %m", pkgmeta_json); - else { + if (r < 0) { + _cleanup_free_ char *esc = cescape(pkgmeta_json); + log_warning_errno(r, "json_parse on \"%s\" failed, ignoring: %m", strnull(esc)); + } else { const char *module_name; JsonVariant *module_json; diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c index 644fbae9cea..f9d0e5bc60c 100644 --- a/src/shared/elf-util.c +++ b/src/shared/elf-util.c @@ -15,6 +15,7 @@ #include "dlfcn-util.h" #include "elf-util.h" #include "errno-util.h" +#include "escape.h" #include "fileio.h" #include "fd-util.h" #include "format-util.h" @@ -328,8 +329,10 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL; r = json_parse(payload, 0, &v, NULL, NULL); - if (r < 0) - return log_error_errno(r, "json_parse on %s failed: %m", payload); + if (r < 0) { + _cleanup_free_ char *esc = cescape(payload); + return log_error_errno(r, "json_parse on \"%s\" failed: %m", strnull(esc)); + } /* First pretty-print to the buffer, so that the metadata goes as * plaintext in the journal. */ From 96a958bc61e13399a55b9c9c19541693888ebae2 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 18 Feb 2022 19:38:09 +0100 Subject: [PATCH 595/703] generator: Rename password arg This function does not expect a password, but a key file path. The cryptsetup helper binary even calls it that. No Code changes. Follow up on: 6e41f4dd916293f35d7d35cea7eed1807d7ea771 Fixes: https://github.com/systemd/systemd/security/code-scanning/81 (cherry picked from commit b7de9651db7bdbb42befa653791980daa50448bb) --- src/cryptsetup/cryptsetup-generator.c | 20 ++++++++++---------- src/cryptsetup/cryptsetup.c | 4 ++-- src/shared/generator.c | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 98c8408da54..8f5ad67f48e 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -277,7 +277,7 @@ static int print_dependencies(FILE *f, const char* device_path) { static int create_disk( const char *name, const char *device, - const char *password, + const char *key_file, const char *keydev, const char *headerdev, const char *options, @@ -285,7 +285,7 @@ static int create_disk( _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL, *keydev_mount = NULL, *keyfile_timeout_value = NULL, - *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL, + *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *key_file_buffer = NULL, *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL; _cleanup_fclose_ FILE *f = NULL; const char *dmname; @@ -350,9 +350,9 @@ static int create_disk( if (r < 0) return log_error_errno(r, "Failed to generate unit name: %m"); - if (keydev && !password) + if (keydev && !key_file) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Key device is specified, but path to the password file is missing."); + "Key device is specified, but path to the key file is missing."); r = generator_open_unit_file(arg_dest, NULL, n, &f); if (r < 0) @@ -388,11 +388,11 @@ static int create_disk( if (r < 0) return log_error_errno(r, "Failed to generate keydev umount unit: %m"); - password_buffer = path_join(keydev_mount, password); - if (!password_buffer) + key_file_buffer = path_join(keydev_mount, key_file); + if (!key_file_buffer) return log_oom(); - password = password_buffer; + key_file = key_file_buffer; fprintf(f, "After=%s\n", unit); if (keyfile_can_timeout > 0) @@ -462,8 +462,8 @@ static int create_disk( "Before=%s\n", netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); - if (password && !keydev) { - r = print_dependencies(f, password); + if (key_file && !keydev) { + r = print_dependencies(f, key_file); if (r < 0) return r; } @@ -495,7 +495,7 @@ static int create_disk( if (r < 0) log_warning_errno(r, "Failed to write device timeout drop-in: %m"); - r = generator_write_cryptsetup_service_section(f, name, u, password, filtered); + r = generator_write_cryptsetup_service_section(f, name, u, key_file, filtered); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 250a8314f65..746d428a9bd 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1639,7 +1639,7 @@ static int help(void) { if (r < 0) return log_oom(); - printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n" + printf("%s attach VOLUME SOURCEDEVICE [KEY-FILE] [OPTIONS]\n" "%s detach VOLUME\n\n" "Attaches or detaches an encrypted block device.\n" "\nSee the %s for details.\n", @@ -1721,7 +1721,7 @@ static int run(int argc, char *argv[]) { unsigned tries; usec_t until; - /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */ + /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [KEY-FILE] [OPTIONS] */ if (argc < 4) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments."); diff --git a/src/shared/generator.c b/src/shared/generator.c index e31b8419521..125f22a1023 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -625,10 +625,10 @@ int generator_write_cryptsetup_service_section( FILE *f, const char *name, const char *what, - const char *password, + const char *key_file, const char *options) { - _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *password_escaped = NULL, *options_escaped = NULL; + _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *key_file_escaped = NULL, *options_escaped = NULL; assert(f); assert(name); @@ -642,9 +642,9 @@ int generator_write_cryptsetup_service_section( if (!what_escaped) return log_oom(); - if (password) { - password_escaped = specifier_escape(password); - if (!password_escaped) + if (key_file) { + key_file_escaped = specifier_escape(key_file); + if (!key_file_escaped) return log_oom(); } @@ -664,7 +664,7 @@ int generator_write_cryptsetup_service_section( "OOMScoreAdjust=500\n" /* Unlocking can allocate a lot of memory if Argon2 is used */ "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n" "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", - name_escaped, what_escaped, strempty(password_escaped), strempty(options_escaped), + name_escaped, what_escaped, strempty(key_file_escaped), strempty(options_escaped), name_escaped); return 0; From 95088adc66f7a99575cf4ed8cf3a08f4b8aca773 Mon Sep 17 00:00:00 2001 From: Chih-Hsuan Yen Date: Fri, 5 Aug 2022 00:45:33 +0800 Subject: [PATCH 596/703] cryptsetup: support keyfile-timeout for using a device as the key file Closes https://github.com/systemd/systemd/issues/21993 (cherry picked from commit 7aa0b0121e2eef5d4caa676e746faed99d9ab097) --- man/crypttab.xml | 4 ++-- src/cryptsetup/cryptsetup-generator.c | 25 +++++++++++++++++++------ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/man/crypttab.xml b/man/crypttab.xml index ac5c6ef6664..b833c750e62 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -232,8 +232,8 @@ Specifies the timeout for the device on - which the key file resides and falls back to a password if - it could not be mounted. See + which the key file resides or the device used as the key file, + and falls back to a password if it could not be accessed. See systemd-cryptsetup-generator8 for key files on external devices. diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 8f5ad67f48e..07903f1044e 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -227,9 +227,11 @@ static int generate_device_umount(const char *name, return 0; } -static int print_dependencies(FILE *f, const char* device_path) { +static int print_dependencies(FILE *f, const char* device_path, const char* timeout_value, bool canfail) { int r; + assert(!canfail || timeout_value); + if (STR_IN_SET(device_path, "-", "none")) /* None, nothing to do */ return 0; @@ -259,9 +261,16 @@ static int print_dependencies(FILE *f, const char* device_path) { if (r < 0) return log_error_errno(r, "Failed to generate unit name: %m"); - fprintf(f, - "After=%1$s\n" - "Requires=%1$s\n", unit); + fprintf(f, "After=%1$s\n", unit); + if (canfail) { + fprintf(f, "Wants=%1$s\n", unit); + r = write_drop_in_format(arg_dest, unit, 90, "device-timeout", + "# Automatically generated by systemd-cryptsetup-generator \n\n" + "[Unit]\nJobRunningTimeoutSec=%s", timeout_value); + if (r < 0) + return log_error_errno(r, "Failed to write device drop-in: %m"); + } else + fprintf(f, "Requires=%1$s\n", unit); } else { /* Regular file, add mount dependency */ _cleanup_free_ char *escaped_path = specifier_escape(device_path); @@ -463,14 +472,18 @@ static int create_disk( netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); if (key_file && !keydev) { - r = print_dependencies(f, key_file); + r = print_dependencies(f, key_file, + keyfile_timeout_value, + /* canfail= */ keyfile_can_timeout > 0); if (r < 0) return r; } /* Check if a header option was specified */ if (detached_header > 0 && !headerdev) { - r = print_dependencies(f, header_path); + r = print_dependencies(f, header_path, + NULL, + /* canfail= */ false); /* header is always necessary */ if (r < 0) return r; } From f6d9f2ddbe56fc3ed9ab50063f2b3299314dd16d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Dec 2022 17:30:53 +0100 Subject: [PATCH 597/703] Revert "cryptsetup: support keyfile-timeout for using a device as the key file" This reverts commit 64f0e5385139a86f2df7f78fa67ade2075726db5. On Wed, Dec 21, 2022 at 06:19:08PM +0100, Marius Schwarz wrote: > That patch made things worse and is disfunctional for both, usb drive and > password. > > No idea if more patches are needed, but this build does not unlock a drive > at all, if usb is configured. (cherry picked from commit 253cc95c6439f348bbc39c1fa663880387054d6b) --- man/crypttab.xml | 4 ++-- src/cryptsetup/cryptsetup-generator.c | 25 ++++++------------------- 2 files changed, 8 insertions(+), 21 deletions(-) diff --git a/man/crypttab.xml b/man/crypttab.xml index b833c750e62..ac5c6ef6664 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -232,8 +232,8 @@ Specifies the timeout for the device on - which the key file resides or the device used as the key file, - and falls back to a password if it could not be accessed. See + which the key file resides and falls back to a password if + it could not be mounted. See systemd-cryptsetup-generator8 for key files on external devices. diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 07903f1044e..8f5ad67f48e 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -227,11 +227,9 @@ static int generate_device_umount(const char *name, return 0; } -static int print_dependencies(FILE *f, const char* device_path, const char* timeout_value, bool canfail) { +static int print_dependencies(FILE *f, const char* device_path) { int r; - assert(!canfail || timeout_value); - if (STR_IN_SET(device_path, "-", "none")) /* None, nothing to do */ return 0; @@ -261,16 +259,9 @@ static int print_dependencies(FILE *f, const char* device_path, const char* time if (r < 0) return log_error_errno(r, "Failed to generate unit name: %m"); - fprintf(f, "After=%1$s\n", unit); - if (canfail) { - fprintf(f, "Wants=%1$s\n", unit); - r = write_drop_in_format(arg_dest, unit, 90, "device-timeout", - "# Automatically generated by systemd-cryptsetup-generator \n\n" - "[Unit]\nJobRunningTimeoutSec=%s", timeout_value); - if (r < 0) - return log_error_errno(r, "Failed to write device drop-in: %m"); - } else - fprintf(f, "Requires=%1$s\n", unit); + fprintf(f, + "After=%1$s\n" + "Requires=%1$s\n", unit); } else { /* Regular file, add mount dependency */ _cleanup_free_ char *escaped_path = specifier_escape(device_path); @@ -472,18 +463,14 @@ static int create_disk( netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); if (key_file && !keydev) { - r = print_dependencies(f, key_file, - keyfile_timeout_value, - /* canfail= */ keyfile_can_timeout > 0); + r = print_dependencies(f, key_file); if (r < 0) return r; } /* Check if a header option was specified */ if (detached_header > 0 && !headerdev) { - r = print_dependencies(f, header_path, - NULL, - /* canfail= */ false); /* header is always necessary */ + r = print_dependencies(f, header_path); if (r < 0) return r; } From 3a51b2a7f1d5924f6a5e7e5d24c7685de4723d7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 22 Dec 2022 17:32:05 +0100 Subject: [PATCH 598/703] Revert "generator: Rename password arg" This reverts commit 96a958bc61e13399a55b9c9c19541693888ebae2. This patch was pulled in only to support the now-reverted child. --- src/cryptsetup/cryptsetup-generator.c | 20 ++++++++++---------- src/cryptsetup/cryptsetup.c | 4 ++-- src/shared/generator.c | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 8f5ad67f48e..98c8408da54 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -277,7 +277,7 @@ static int print_dependencies(FILE *f, const char* device_path) { static int create_disk( const char *name, const char *device, - const char *key_file, + const char *password, const char *keydev, const char *headerdev, const char *options, @@ -285,7 +285,7 @@ static int create_disk( _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL, *keydev_mount = NULL, *keyfile_timeout_value = NULL, - *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *key_file_buffer = NULL, + *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL, *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL; _cleanup_fclose_ FILE *f = NULL; const char *dmname; @@ -350,9 +350,9 @@ static int create_disk( if (r < 0) return log_error_errno(r, "Failed to generate unit name: %m"); - if (keydev && !key_file) + if (keydev && !password) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Key device is specified, but path to the key file is missing."); + "Key device is specified, but path to the password file is missing."); r = generator_open_unit_file(arg_dest, NULL, n, &f); if (r < 0) @@ -388,11 +388,11 @@ static int create_disk( if (r < 0) return log_error_errno(r, "Failed to generate keydev umount unit: %m"); - key_file_buffer = path_join(keydev_mount, key_file); - if (!key_file_buffer) + password_buffer = path_join(keydev_mount, password); + if (!password_buffer) return log_oom(); - key_file = key_file_buffer; + password = password_buffer; fprintf(f, "After=%s\n", unit); if (keyfile_can_timeout > 0) @@ -462,8 +462,8 @@ static int create_disk( "Before=%s\n", netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); - if (key_file && !keydev) { - r = print_dependencies(f, key_file); + if (password && !keydev) { + r = print_dependencies(f, password); if (r < 0) return r; } @@ -495,7 +495,7 @@ static int create_disk( if (r < 0) log_warning_errno(r, "Failed to write device timeout drop-in: %m"); - r = generator_write_cryptsetup_service_section(f, name, u, key_file, filtered); + r = generator_write_cryptsetup_service_section(f, name, u, password, filtered); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 746d428a9bd..250a8314f65 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1639,7 +1639,7 @@ static int help(void) { if (r < 0) return log_oom(); - printf("%s attach VOLUME SOURCEDEVICE [KEY-FILE] [OPTIONS]\n" + printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n" "%s detach VOLUME\n\n" "Attaches or detaches an encrypted block device.\n" "\nSee the %s for details.\n", @@ -1721,7 +1721,7 @@ static int run(int argc, char *argv[]) { unsigned tries; usec_t until; - /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [KEY-FILE] [OPTIONS] */ + /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */ if (argc < 4) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments."); diff --git a/src/shared/generator.c b/src/shared/generator.c index 125f22a1023..e31b8419521 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -625,10 +625,10 @@ int generator_write_cryptsetup_service_section( FILE *f, const char *name, const char *what, - const char *key_file, + const char *password, const char *options) { - _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *key_file_escaped = NULL, *options_escaped = NULL; + _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *password_escaped = NULL, *options_escaped = NULL; assert(f); assert(name); @@ -642,9 +642,9 @@ int generator_write_cryptsetup_service_section( if (!what_escaped) return log_oom(); - if (key_file) { - key_file_escaped = specifier_escape(key_file); - if (!key_file_escaped) + if (password) { + password_escaped = specifier_escape(password); + if (!password_escaped) return log_oom(); } @@ -664,7 +664,7 @@ int generator_write_cryptsetup_service_section( "OOMScoreAdjust=500\n" /* Unlocking can allocate a lot of memory if Argon2 is used */ "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n" "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", - name_escaped, what_escaped, strempty(key_file_escaped), strempty(options_escaped), + name_escaped, what_escaped, strempty(password_escaped), strempty(options_escaped), name_escaped); return 0; From e7e63274fb5f58f6ae422f5c9f38311449630f3c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 31 Mar 2022 03:23:33 +0900 Subject: [PATCH 599/703] basic/missing: move BLKGETDISKSEQ to missing_fs.h As it is defined at linux/fs.h. (cherry picked from commit 2076612f843a2276207df34d2f6b6efbadfc4d21) --- src/basic/missing_fs.h | 4 ++++ src/basic/missing_loop.h | 5 ----- src/shared/loop-util.c | 1 + 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/basic/missing_fs.h b/src/basic/missing_fs.h index 7e390ba909b..6638d769622 100644 --- a/src/basic/missing_fs.h +++ b/src/basic/missing_fs.h @@ -6,6 +6,10 @@ #define RENAME_NOREPLACE (1 << 0) #endif +#ifndef BLKGETDISKSEQ +#define BLKGETDISKSEQ _IOR(0x12,128,__u64) +#endif + /* linux/fs.h or sys/mount.h */ #ifndef MS_MOVE #define MS_MOVE 8192 diff --git a/src/basic/missing_loop.h b/src/basic/missing_loop.h index 5fe63ad1ca6..449858d3a78 100644 --- a/src/basic/missing_loop.h +++ b/src/basic/missing_loop.h @@ -1,7 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include #include #ifndef LOOP_CONFIGURE @@ -15,10 +14,6 @@ struct loop_config { #define LOOP_CONFIGURE 0x4C0A #endif -#ifndef BLKGETDISKSEQ -#define BLKGETDISKSEQ _IOR(0x12,128,__u64) -#endif - #ifndef LOOP_SET_STATUS_SETTABLE_FLAGS #define LOOP_SET_STATUS_SETTABLE_FLAGS (LO_FLAGS_AUTOCLEAR | LO_FLAGS_PARTSCAN) #endif diff --git a/src/shared/loop-util.c b/src/shared/loop-util.c index b55d4e44bad..8736c930ad8 100644 --- a/src/shared/loop-util.c +++ b/src/shared/loop-util.c @@ -23,6 +23,7 @@ #include "fd-util.h" #include "fileio.h" #include "loop-util.h" +#include "missing_fs.h" #include "missing_loop.h" #include "parse-util.h" #include "random-util.h" From 2ced9167eb54580fa751e6b44b9c0fb9b8d04563 Mon Sep 17 00:00:00 2001 From: "Guillaume W. Bres" Date: Thu, 8 Sep 2022 15:54:57 +0200 Subject: [PATCH 600/703] basic/missing_loop.h: fix missing lo_flags LO_FLAGS_DIRECT_IO (cherry picked from commit b3fe33ff52ece458a5b990a4a68d59aef7cae10b) --- src/basic/missing_loop.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/basic/missing_loop.h b/src/basic/missing_loop.h index 449858d3a78..7141544b64f 100644 --- a/src/basic/missing_loop.h +++ b/src/basic/missing_loop.h @@ -14,6 +14,11 @@ struct loop_config { #define LOOP_CONFIGURE 0x4C0A #endif +#ifndef LO_FLAGS_DIRECT_IO +#define LO_FLAGS_DIRECT_IO 16 +#define LOOP_SET_DIRECT_IO 0x4C08 +#endif + #ifndef LOOP_SET_STATUS_SETTABLE_FLAGS -#define LOOP_SET_STATUS_SETTABLE_FLAGS (LO_FLAGS_AUTOCLEAR | LO_FLAGS_PARTSCAN) +#define LOOP_SET_STATUS_SETTABLE_FLAGS (LO_FLAGS_AUTOCLEAR | LO_FLAGS_PARTSCAN | LO_FLAGS_DIRECT_IO) #endif From 1d9065d15e84b3845047103903d1b9044eec30c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Fri, 11 Nov 2022 15:28:51 +0000 Subject: [PATCH 601/703] journal-remote: code is of type enum MHD_RequestTerminationCode Fixes gcc 13 -Wenum-int-mismatch which are enabled by default. (cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc) (cherry picked from commit b1b7667a44c4e8635b6d8dc070fb2446187fcdc5) (cherry picked from commit ecb0b018d25fa7489c2535f32660a882fc44d3b7) --- src/journal-remote/microhttpd-util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h index 7e7d1b56b1b..df183354694 100644 --- a/src/journal-remote/microhttpd-util.h +++ b/src/journal-remote/microhttpd-util.h @@ -64,11 +64,11 @@ void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0); int mhd_respondf(struct MHD_Connection *connection, int error, - unsigned code, + enum MHD_RequestTerminationCode code, const char *format, ...) _printf_(4,5); int mhd_respond(struct MHD_Connection *connection, - unsigned code, + enum MHD_RequestTerminationCode code, const char *message); int mhd_respond_oom(struct MHD_Connection *connection); From 7b9fb27c675c1de9ae96f6d656b20706e5a7257a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Fri, 11 Nov 2022 15:31:18 +0000 Subject: [PATCH 602/703] resolve: dns_server_feature_level_*_string type is DnsServerFeatureLevel gcc 13 -Wenum-int-mismatch reminds us that enum != int (cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43) (cherry picked from commit ba5f7915d25a400f0651bc9e8546a3ec6a738eaa) (cherry picked from commit 85ad47e172dcba386234a93103cb6b9f3a77fefc) --- src/resolve/resolved-dns-server.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h index be9efb0a79a..f939b534c3f 100644 --- a/src/resolve/resolved-dns-server.h +++ b/src/resolve/resolved-dns-server.h @@ -44,8 +44,8 @@ typedef enum DnsServerFeatureLevel { #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) #define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO) -const char* dns_server_feature_level_to_string(int i) _const_; -int dns_server_feature_level_from_string(const char *s) _pure_; +const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_; +DnsServerFeatureLevel dns_server_feature_level_from_string(const char *s) _pure_; struct DnsServer { Manager *manager; From 08cf315a0439e9a238deddb287fb45e7bcaa02dc Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 13 Dec 2022 16:54:36 -0500 Subject: [PATCH 603/703] Use dummy allocator to make accesses defined as per standard systemd uses malloc_usable_size() everywhere to use memory blocks obtained through malloc, but that is abuse since the malloc_usable_size() interface isn't meant for this kind of use, it is for diagnostics only. This is also why systemd behaviour is flaky when built with _FORTIFY_SOURCE. One way to make this more standard (and hence safer) is to, at every malloc_usable_size() call, also 'reallocate' the block so that the compiler can see the larger size. This is done through a dummy reallocator whose only purpose is to tell the compiler about the larger usable size, it doesn't do any actual reallocation. Florian Weimer pointed out that this doesn't solve the problem of an allocator potentially growing usable size at will, which will break the implicit assumption in systemd use that the value returned remains constant as long as the object is valid. The safest way to fix that is for systemd to step away from using malloc_usable_size() like this. Resolves #22801. (cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758) (cherry picked from commit 34b9eddfc12936917fab000b780a451d6277c2b4) (cherry picked from commit 70653ebeb6aa09ca6e3bad5aacf8ff950bf6d001) --- src/basic/alloc-util.c | 4 +++ src/basic/alloc-util.h | 38 +++++++++++++++++++++-------- src/fundamental/macro-fundamental.h | 1 + 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/src/basic/alloc-util.c b/src/basic/alloc-util.c index b030f454b2f..6063943c88a 100644 --- a/src/basic/alloc-util.c +++ b/src/basic/alloc-util.c @@ -102,3 +102,7 @@ void* greedy_realloc0( return q; } + +void *expand_to_usable(void *ptr, size_t newsize _unused_) { + return ptr; +} diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h index 65d51756193..eb748484f5e 100644 --- a/src/basic/alloc-util.h +++ b/src/basic/alloc-util.h @@ -2,6 +2,7 @@ #pragma once #include +#include #include #include #include @@ -169,17 +170,34 @@ void* greedy_realloc0(void **p, size_t need, size_t size); # define msan_unpoison(r, s) #endif -/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), in a way that - * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the - * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of - * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by - * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the - * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory, - * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and - * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner - * case. */ +/* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the + * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be + * a static inline because gcc then loses the attributes on the function. + * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */ +void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_; + +static inline size_t malloc_sizeof_safe(void **xp) { + if (_unlikely_(!xp || !*xp)) + return 0; + + size_t sz = malloc_usable_size(*xp); + *xp = expand_to_usable(*xp, sz); + /* GCC doesn't see the _returns_nonnull_ when built with ubsan, so yet another hint to make it doubly + * clear that expand_to_usable won't return NULL. + * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79265 */ + if (!*xp) + assert_not_reached(); + return sz; +} + +/* This returns the number of usable bytes in a malloc()ed region as per malloc_usable_size(), which may + * return a value larger than the size that was actually allocated. Access to that additional memory is + * discouraged because it violates the C standard; a compiler cannot see that this as valid. To help the + * compiler out, the MALLOC_SIZEOF_SAFE macro 'allocates' the usable size using a dummy allocator function + * expand_to_usable. There is a possibility of malloc_usable_size() returning different values during the + * lifetime of an object, which may cause problems, but the glibc allocator does not do that at the moment. */ #define MALLOC_SIZEOF_SAFE(x) \ - MIN(malloc_usable_size(x), __builtin_object_size(x, 0)) + malloc_sizeof_safe((void**) &__builtin_choose_expr(__builtin_constant_p(x), (void*) { NULL }, (x))) /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items * that fit into the specified memory block */ diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h index d597c743bbb..356b7d8749b 100644 --- a/src/fundamental/macro-fundamental.h +++ b/src/fundamental/macro-fundamental.h @@ -13,6 +13,7 @@ #define _pure_ __attribute__((__pure__)) #define _section_(x) __attribute__((__section__(x))) #define _packed_ __attribute__((__packed__)) +#define _returns_nonnull_ __attribute__((__returns_nonnull__)) #define _retain_ __attribute__((__retain__)) #define _used_ __attribute__((__used__)) #define _unused_ __attribute__((__unused__)) From 050a356d041d199e6ec4ec6e68aa9d52b1f6b017 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Sat, 7 Jan 2023 19:30:32 -0500 Subject: [PATCH 604/703] alloc-util: Disallow inlining of expand_to_usable Explicitly set __attribute__ ((noinline)) so that the compiler does not attempt to inline expand_to_usable, even with LTO. (cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4) (cherry picked from commit e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4) (cherry picked from commit 40146884585707fb5e84055d4882f735caac469b) --- src/basic/alloc-util.h | 7 ++++--- src/fundamental/macro-fundamental.h | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h index eb748484f5e..a82aeea1dec 100644 --- a/src/basic/alloc-util.h +++ b/src/basic/alloc-util.h @@ -171,10 +171,11 @@ void* greedy_realloc0(void **p, size_t need, size_t size); #endif /* Dummy allocator to tell the compiler that the new size of p is newsize. The implementation returns the - * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This cannot be - * a static inline because gcc then loses the attributes on the function. + * pointer as is; the only reason for its existence is as a conduit for the _alloc_ attribute. This must not + * be inlined (hence a non-static function with _noinline_ because LTO otherwise tries to inline it) because + * gcc then loses the attributes on the function. * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96503 */ -void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_; +void *expand_to_usable(void *p, size_t newsize) _alloc_(2) _returns_nonnull_ _noinline_; static inline size_t malloc_sizeof_safe(void **xp) { if (_unlikely_(!xp || !*xp)) diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h index 356b7d8749b..ee1f9cf0725 100644 --- a/src/fundamental/macro-fundamental.h +++ b/src/fundamental/macro-fundamental.h @@ -10,6 +10,7 @@ #define _align_(x) __attribute__((__aligned__(x))) #define _const_ __attribute__((__const__)) +#define _noinline_ __attribute__((noinline)) #define _pure_ __attribute__((__pure__)) #define _section_(x) __attribute__((__section__(x))) #define _packed_ __attribute__((__packed__)) From a62fc7d66c042339033b93853537c8efcebf5527 Mon Sep 17 00:00:00 2001 From: msizanoen1 Date: Wed, 7 Dec 2022 16:38:05 +0700 Subject: [PATCH 605/703] core/slice: skip member units without realized cgroup during freeze or thaw This ensures that services with `RemainAfterExit` but without any process running won't cause failure during freeze. (cherry picked from commit fcb0878f7563df9701a4d066378995c0b7ec32be) (cherry picked from commit 2eb040f36f65c316c0d015d024faf9d27db10821) (cherry picked from commit 9a0bd2ff7004fbc3c801430ec48054a48ae77b59) --- src/core/slice.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/slice.c b/src/core/slice.c index c453aa033e7..4824a300d07 100644 --- a/src/core/slice.c +++ b/src/core/slice.c @@ -381,6 +381,9 @@ static int slice_freezer_action(Unit *s, FreezerAction action) { } UNIT_FOREACH_DEPENDENCY(member, s, UNIT_ATOM_SLICE_OF) { + if (!member->cgroup_realized) + continue; + if (action == FREEZER_FREEZE) r = UNIT_VTABLE(member)->freeze(member); else From 0e96d07e8c03e543816702b13db891924b485951 Mon Sep 17 00:00:00 2001 From: jcg Date: Fri, 9 Dec 2022 20:45:39 +0800 Subject: [PATCH 606/703] mount-setup: don't need to mount /sys/fs/pstore if there is no ENABLE_PSTORE (cherry picked from commit 5e5fce3e918ebba5d0cbf0b64bb97f0eaeae70a3) (cherry picked from commit 613994c10b19f02c0764aa1d5865730f3af99267) (cherry picked from commit 46a7e30cb9f274763657d40193c2a03a02c687ab) --- src/shared/mount-setup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c index 79179684975..7ba579ef636 100644 --- a/src/shared/mount-setup.c +++ b/src/shared/mount-setup.c @@ -102,8 +102,10 @@ static const MountPoint mount_table[] = { cg_is_legacy_wanted, MNT_IN_CONTAINER }, { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER }, +#if ENABLE_PSTORE { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_NONE }, +#endif #if ENABLE_EFI { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, is_efi_boot, MNT_NONE }, From f8201271fdaef4e3a68efac8a21e9f195e4e4a6b Mon Sep 17 00:00:00 2001 From: David Tardon Date: Mon, 12 Dec 2022 16:21:30 +0100 Subject: [PATCH 607/703] swap: tell swapon to reinitialize swap if needed If the page size of a swap space doesn't match the page size of the currently running kernel, swapon will fail. Let's instruct it to reinitialize the swap space instead. (cherry picked from commit cc137d53e36da5e57b060be5e621864f572b2cac) (cherry picked from commit a0ac79bce9255cf33b0f208b18d888f0f700133c) (cherry picked from commit 8be5a12c7170ed7e7b4303c16573e463ef997e23) --- src/core/swap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/swap.c b/src/core/swap.c index 9c0d4fb2277..e17d6551039 100644 --- a/src/core/swap.c +++ b/src/core/swap.c @@ -834,7 +834,7 @@ static void swap_enter_activating(Swap *s) { } } - r = exec_command_set(s->control_command, "/sbin/swapon", NULL); + r = exec_command_set(s->control_command, "/sbin/swapon", "--fixpgsz", NULL); if (r < 0) goto fail; From 0accce1b1c5d67e4183cb67f0bbbaaf7fc50c9f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 19 Dec 2022 14:36:08 +0100 Subject: [PATCH 608/703] sd-event: never pass negative errnos as signalfd to signalfd We treat any negative value as "invalid fd", but signalfd only accepts -1. (cherry picked from commit cbff793ffb280d9d11e5d7b1dc3964276491bee8) (cherry picked from commit 54c840ea58c578060e941f754a4fed2931483820) (cherry picked from commit 4178457f0ec07452f856894988e5490bbc91cc36) --- src/libsystemd/sd-event/sd-event.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 9fe67d3d434..ec9aae07c49 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -649,7 +649,9 @@ static int event_make_signal_data( ss_copy = d->sigset; assert_se(sigaddset(&ss_copy, sig) >= 0); - r = signalfd(d->fd, &ss_copy, SFD_NONBLOCK|SFD_CLOEXEC); + r = signalfd(d->fd >= 0 ? d->fd : -1, /* the first arg must be -1 or a valid signalfd */ + &ss_copy, + SFD_NONBLOCK|SFD_CLOEXEC); if (r < 0) { r = -errno; goto fail; From d9960ebfdfb0d2e818bc417f8430d066ad60aa41 Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Mon, 19 Dec 2022 17:58:49 +0100 Subject: [PATCH 609/703] units: allow systemd-userdbd to change process name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rename_process() requires CAP_SYS_RESOURCE so let's make sure it is in our permitted set after execve() by adding in to the bounding set. Previously, systemd-userdbd.service - User Database Manager Loaded: loaded (/usr/lib/systemd/system/systemd-userdbd.service; indirect; preset: disabled) Active: active (running) since Mon 2022-12-19 17:07:21 CET; 17min ago TriggeredBy: ● systemd-userdbd.socket Docs: man:systemd-userdbd.service(8) Main PID: 1880 (systemd-userdbd) Status: "Processing requests..." Tasks: 4 (limit: 2272) Memory: 5.2M CPU: 244ms CGroup: /system.slice/systemd-userdbd.service ├─1880 /usr/lib/systemd/systemd-userdbd ├─2270 systemd-userwork ├─2271 systemd-userwork └─2272 systemd-userwork Now, Loaded: loaded (/usr/lib/systemd/system/systemd-userdbd.service; indirect; preset: disabled) Active: active (running) since Mon 2022-12-19 17:27:02 CET; 15s ago TriggeredBy: ● systemd-userdbd.socket Docs: man:systemd-userdbd.service(8) Main PID: 2404 (systemd-userdbd) Status: "Processing requests..." Tasks: 4 (limit: 2272) Memory: 5.5M CPU: 89ms CGroup: /system.slice/systemd-userdbd.service ├─2404 /usr/lib/systemd/systemd-userdbd ├─2407 "systemd-userwork: waiting..." ├─2408 "systemd-userwork: waiting..." └─2409 "systemd-userwork: waiting..." (cherry picked from commit d5e5bc2fe9eaa4697c22b84007f18bda29756573) (cherry picked from commit 9357d2342981a8b4fcfa2d170b7749c27d364fdd) (cherry picked from commit 34f78e7e1426be8bcebf48e95d923459db55af99) --- units/systemd-userdbd.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-userdbd.service.in b/units/systemd-userdbd.service.in index 84dea04f55a..b57661100cd 100644 --- a/units/systemd-userdbd.service.in +++ b/units/systemd-userdbd.service.in @@ -16,7 +16,7 @@ Before=sysinit.target DefaultDependencies=no [Service] -CapabilityBoundingSet=CAP_DAC_READ_SEARCH +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd IPAddressDeny=any LimitNOFILE={{HIGH_RLIMIT_NOFILE}} From f5edfc783b9d39df3e841a0c50e274aceb990eb0 Mon Sep 17 00:00:00 2001 From: Jacek Migacz Date: Tue, 20 Dec 2022 15:26:12 +0100 Subject: [PATCH 610/703] resolve: fix enumerator name for DNS search domain (cherry picked from commit 8b23242989b7048b2a4439068c4804e457bbd7a8) (cherry picked from commit ec82fdc645b0c9689167764f6627189cf0cf2495) (cherry picked from commit 688bc823e2ba9b928d2a02a89e6941fee38f70b4) --- src/resolve/resolved-dns-search-domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-search-domain.c b/src/resolve/resolved-dns-search-domain.c index c9f148a2b99..3b9c1eee912 100644 --- a/src/resolve/resolved-dns-search-domain.c +++ b/src/resolve/resolved-dns-search-domain.c @@ -52,7 +52,7 @@ int dns_search_domain_new( l->n_search_domains++; break; - case DNS_SERVER_SYSTEM: + case DNS_SEARCH_DOMAIN_SYSTEM: LIST_APPEND(domains, m->search_domains, d); m->n_search_domains++; break; From 4dc2810d54d224d3ad9b9df7f338e9890d2a7ef0 Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Sat, 17 Dec 2022 15:06:21 -0500 Subject: [PATCH 611/703] sysroot: Order systemd-fsck-root after systemd-makefs (cherry picked from commit 0941ccae3cf28d84db87fb9d50cc10750bc1c962) (cherry picked from commit addeb4699353636a5f48442dedb624602c370d69) (cherry picked from commit 3fe7a6534c11706390a096cb6e7a1c00e7f80028) --- src/shared/generator.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/shared/generator.c b/src/shared/generator.c index e31b8419521..5d6efe51b62 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -457,6 +457,14 @@ int generator_hook_up_mkfs( unit_file = prefix_roota(dir, unit); log_debug("Creating %s", unit_file); + const char *fsck_unit; + if (in_initrd() && path_equal(where, "/sysroot")) + fsck_unit = SPECIAL_FSCK_ROOT_SERVICE; + else if (in_initrd() && path_equal(where, "/sysusr/usr")) + fsck_unit = SPECIAL_FSCK_USR_SERVICE; + else + fsck_unit = "systemd-fsck@%i.service"; + escaped = cescape(node); if (!escaped) return log_oom(); @@ -482,7 +490,7 @@ int generator_hook_up_mkfs( "After=%%i.device\n" /* fsck might or might not be used, so let's be safe and order * ourselves before both systemd-fsck@.service and the mount unit. */ - "Before=shutdown.target systemd-fsck@%%i.service %s\n" + "Before=shutdown.target %s %s\n" "\n" "[Service]\n" "Type=oneshot\n" @@ -490,6 +498,7 @@ int generator_hook_up_mkfs( "ExecStart="SYSTEMD_MAKEFS_PATH " %s %s\n" "TimeoutSec=0\n", program_invocation_short_name, + fsck_unit, where_unit, type, escaped); From 560f05d95ccfc1801f6bb0eb267d4a2543e95b10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Sun, 1 Jan 2023 22:40:26 +0000 Subject: [PATCH 612/703] basic: fix hosed return value in skip_session() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ../src/basic/cgroup-util.c: In function ‘skip_session’: ../src/basic/cgroup-util.c:1241:32: error: incompatible types when returning type ‘_Bool’ but ‘const char *’ was expected 1241 | return false; (cherry picked from commit db8e720984269a050a7a78aeb503a7402ef567f7) (cherry picked from commit ad647734c7cffeab0f44b12411f0e123083e9db1) (cherry picked from commit 9ca9f95122c8bf31e95095afa2d9468d3f4bd5b1) --- src/basic/cgroup-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c index b33acf8df1c..e65ad678aba 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -1245,7 +1245,7 @@ static const char *skip_session(const char *p) { * here. */ if (!session_id_valid(buf)) - return false; + return NULL; p += n; p += strspn(p, "/"); From 1825219d59cd454780bfa0947435c16f27ca7588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Mon, 2 Jan 2023 00:06:57 +0000 Subject: [PATCH 613/703] basic: Fix incompatible type for arguments errors in C2X MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GCC-13 -std=gnu2x FTBS with: error: incompatible type for argument 3 of ‘_hashmap_free’ (cherry picked from commit a4a1569ff1e9ab62996f8b42dcc14a09f91b5715) (cherry picked from commit 921bff2f856762c4c98912394f1b6b54ed063bbd) (cherry picked from commit db147b6d2b6ab3b2983ddd8cd0c7b2fa3513f8ab) --- src/basic/hashmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c index dee50299142..77c9e8ad031 100644 --- a/src/basic/hashmap.c +++ b/src/basic/hashmap.c @@ -1751,7 +1751,7 @@ HashmapBase* _hashmap_copy(HashmapBase *h HASHMAP_DEBUG_PARAMS) { } if (r < 0) - return _hashmap_free(copy, false, false); + return _hashmap_free(copy, NULL, NULL); return copy; } From e4ebc607745182597018707b413d2bdee9f70517 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Mon, 2 Jan 2023 00:08:52 +0000 Subject: [PATCH 614/703] libsystemd-network: FTBS in c2x mode cannot pass false as argument because function wants a pointer to bool instead, use NULL instead (cherry picked from commit 2cc697d7400446a7ea823bc38061501cd85b046a) (cherry picked from commit e78a1489a8c2b398ad30a8d868754601876ba3d2) (cherry picked from commit d857665a54cb8a959d19786c198acf2426563381) --- src/libsystemd-network/sd-dhcp-lease.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index 2359df32bf9..f36a0f81aed 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -999,7 +999,7 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { r = sd_dhcp_lease_get_router(lease, &addresses); if (r > 0) { fputs("ROUTER=", f); - serialize_in_addrs(f, addresses, r, false, NULL); + serialize_in_addrs(f, addresses, r, NULL, NULL); fputc('\n', f); } @@ -1034,21 +1034,21 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { r = sd_dhcp_lease_get_dns(lease, &addresses); if (r > 0) { fputs("DNS=", f); - serialize_in_addrs(f, addresses, r, false, NULL); + serialize_in_addrs(f, addresses, r, NULL, NULL); fputc('\n', f); } r = sd_dhcp_lease_get_ntp(lease, &addresses); if (r > 0) { fputs("NTP=", f); - serialize_in_addrs(f, addresses, r, false, NULL); + serialize_in_addrs(f, addresses, r, NULL, NULL); fputc('\n', f); } r = sd_dhcp_lease_get_sip(lease, &addresses); if (r > 0) { fputs("SIP=", f); - serialize_in_addrs(f, addresses, r, false, NULL); + serialize_in_addrs(f, addresses, r, NULL, NULL); fputc('\n', f); } From 582e5b764a86849e453f1bc00b34ce3a20dc48cb Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 3 Jan 2023 16:26:55 +0100 Subject: [PATCH 615/703] resolved: downgrade inability to send varlink reply error message Previously, if a client disconnected after sending a lookup request but before waiting for the reply we'd log at LOG_ERR level. That's confusing, since it's entirely OK for the client to lose interest. Hence, let's downgrade to debug level. Fixes: #25892 (cherry picked from commit 40557509be084f27d48bc5fc51286a664b96942e) (cherry picked from commit a3ceaf0f1d844b27c2b11704b43e9da59a0ef39d) (cherry picked from commit 51d6ffb854dc14de463c291ceffe093221972707) --- src/resolve/resolved-varlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c index ec48244347f..f2bf9d8a73c 100644 --- a/src/resolve/resolved-varlink.c +++ b/src/resolve/resolved-varlink.c @@ -229,7 +229,7 @@ static void vl_method_resolve_hostname_complete(DnsQuery *query) { JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(dns_query_reply_flags_make(q))))); finish: if (r < 0) { - log_error_errno(r, "Failed to send hostname reply: %m"); + log_full_errno(ERRNO_IS_DISCONNECT(r) ? LOG_DEBUG : LOG_ERR, r, "Failed to send hostname reply: %m"); r = varlink_error_errno(q->varlink_request, r); } } @@ -447,7 +447,7 @@ static void vl_method_resolve_address_complete(DnsQuery *query) { JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(dns_query_reply_flags_make(q))))); finish: if (r < 0) { - log_error_errno(r, "Failed to send address reply: %m"); + log_full_errno(ERRNO_IS_DISCONNECT(r) ? LOG_DEBUG : LOG_ERR, r, "Failed to send address reply: %m"); r = varlink_error_errno(q->varlink_request, r); } } From 486f3f52f4f77ad0b7b790d616f9e7fa0a5b9581 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 5 Jan 2023 17:34:18 +0100 Subject: [PATCH 616/703] resolvectl: remove duplicate ':' from output The second argument to dump_list() actually ends up in a TABLE_FIELD cell now, where we implicitly append a ":". Hence drop it from the strings. Follow-up for: 37a50123fac050c7ccde4afcf3f37ee77aad012c (cherry picked from commit ef503f1cec53f654780591adee6e3e223b575f56) (cherry picked from commit c01cdcfb8a38e8e0eadf6feab71fe6547b1acc1d) (cherry picked from commit 2ac8824885ebbcea89a0e90e2bd9ae00e3580b28) --- src/resolve/resolvectl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index 2d04d98569a..7dd05f7cd74 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -1926,15 +1926,15 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) { return table_log_add_error(r); } - r = dump_list(table, "DNS Servers:", global_info.dns_ex ?: global_info.dns); + r = dump_list(table, "DNS Servers", global_info.dns_ex ?: global_info.dns); if (r < 0) return r; - r = dump_list(table, "Fallback DNS Servers:", global_info.fallback_dns_ex ?: global_info.fallback_dns); + r = dump_list(table, "Fallback DNS Servers", global_info.fallback_dns_ex ?: global_info.fallback_dns); if (r < 0) return r; - r = dump_list(table, "DNS Domain:", global_info.domains); + r = dump_list(table, "DNS Domain", global_info.domains); if (r < 0) return r; From 652c6054f157f051c877b98a4021d8c0c307a47a Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 21 Dec 2022 13:57:47 +0100 Subject: [PATCH 617/703] kernel-install: run depmod only if writeable (cherry picked from commit dd003f1621967f114a6a808bb1f729386dc3a154) (cherry picked from commit 8ec0142c1345d86e2b169ebb80ae49f40610a778) (cherry picked from commit 04d29e1c903cba5bfbf9b326e7927e44e8b2d782) --- src/kernel-install/50-depmod.install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install index fd00c436322..73b7890785d 100644 --- a/src/kernel-install/50-depmod.install +++ b/src/kernel-install/50-depmod.install @@ -26,6 +26,8 @@ INITRD_OPTIONS_START="5" [[ $KERNEL_VERSION ]] || exit 1 +[ -w "/lib/modules" ] || exit 0 + case "$COMMAND" in add) [[ -d "/lib/modules/${KERNEL_VERSION}/kernel" ]] || exit 0 From 079bfa7d764e2fc22d5dccb42a98a1467cc2e3ce Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 5 Jan 2023 22:10:46 +0100 Subject: [PATCH 618/703] resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses Fixes: #23010 (cherry picked from commit 5f9041afec65ce88c8b2a2ca3f6d14802ac01a56) (cherry picked from commit a0532ffd2f6e3f792bc77b7f74a0babb23d87ef6) (cherry picked from commit 640acfb45907c8cea7a5b010e52b6aa23e284a2e) --- src/resolve/resolved-dns-scope.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 30c1b7ab4a2..7be0d2d36cb 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -474,7 +474,8 @@ static int dns_scope_socket( * host result in EHOSTUNREACH, since Linux won't send the packets out of the specified * interface, but delivers them directly to the local socket. */ if (s->link && - !manager_find_link_address(s->manager, sa.sa.sa_family, sockaddr_in_addr(&sa.sa))) { + !manager_find_link_address(s->manager, sa.sa.sa_family, sockaddr_in_addr(&sa.sa)) && + in_addr_is_localhost(sa.sa.sa_family, sockaddr_in_addr(&sa.sa)) == 0) { r = socket_bind_to_ifindex(fd, ifindex); if (r < 0) return r; From 33036c403225ad0c88c9e5a9058aea69ff6ed9bc Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 6 Jan 2023 11:27:17 +0100 Subject: [PATCH 619/703] sd-event: don't mistake USEC_INFINITY passed in for overflow Let's pass USEC_INFINITY from sd_event_source_set_time_relative() to sd_event_source_set_time() instead of raising EOVERFLOW. We should raise EOVERFLOW only if your addition fails, but not if the input already is USEC_INFINITY, since it's an entirely valid operation to have an infinite time-out, and we should support that. (cherry picked from commit ef8591951aefccb668201f24aa481aa6cda834da) (cherry picked from commit 9769d84fe51573b4f2d5cb8f76664e886c7daf88) (cherry picked from commit 5fe49d0fb88b779d5096713627ce54757bff70b2) --- src/libsystemd/sd-event/sd-event.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index ec9aae07c49..89accdce004 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -2656,6 +2656,9 @@ _public_ int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec assert_return(s, -EINVAL); assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM); + if (usec == USEC_INFINITY) + return sd_event_source_set_time(s, USEC_INFINITY); + r = sd_event_now(s->event, event_source_type_to_clock(s->type), &t); if (r < 0) return r; From 0e711b7c06fc8b1290adcd38b4bb8faaa49ab764 Mon Sep 17 00:00:00 2001 From: Sam James Date: Fri, 6 Jan 2023 10:58:32 +0000 Subject: [PATCH 620/703] tmpfiles: avoid null free() for acl attributes When built with ACL support, we might be processing a tmpfiles entry where there's no cause for us to call parse_acls_from_arg, then we get to the end of parse_line without having ever populated i.{acl_access, acl_default}. Then we pass a null pointer into acl_free(). From UBSAN w/ GCC 13.0.0_pre20230101: ``` $ systemd-tmpfiles --clean /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 #7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) ``` (cherry picked from commit 9f804ab04d566ff745849e1c4ced680a0447cf76) (cherry picked from commit a11a949c43def70ec5d3f57f561884c3f652603e) (cherry picked from commit 455193605d22a171c0f9b599a105be9ac18f433f) --- src/tmpfiles/tmpfiles.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 41ac11e29c0..07ef3af0a0b 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -2652,8 +2652,11 @@ static void item_free_contents(Item *i) { strv_free(i->xattrs); #if HAVE_ACL - acl_free(i->acl_access); - acl_free(i->acl_default); + if (i->acl_access) + acl_free(i->acl_access); + + if (i->acl_default) + acl_free(i->acl_default); #endif } From 3a9fe8e7687ed3b2b563c6b2237d2b62a79f79e6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 6 Jan 2023 12:30:36 +0100 Subject: [PATCH 621/703] nspawn: guard acl_free() with a NULL check Inspired by #25957 there's one other place where we don't guard acl_free() calls with a NULL check. Fix that. (cherry picked from commit 34680637e838415204850f77c93ca6ca219abaf1) (cherry picked from commit 4dabf90526d4573144a51bdd87c1203b25265b33) (cherry picked from commit d8b4ac7a1783a29435cb3dfee3dfdee37c1b1ac8) --- src/nspawn/nspawn-patch-uid.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/nspawn/nspawn-patch-uid.c b/src/nspawn/nspawn-patch-uid.c index 1535d19bbb6..75fa9312998 100644 --- a/src/nspawn/nspawn-patch-uid.c +++ b/src/nspawn/nspawn-patch-uid.c @@ -181,7 +181,9 @@ static int patch_acls(int fd, const char *name, const struct stat *st, uid_t shi if (S_ISDIR(st->st_mode)) { acl_free(acl); - acl_free(shifted); + + if (shifted) + acl_free(shifted); acl = shifted = NULL; From f38e2295fac737fc517e1320d8201e3297be1a7d Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 9 Jan 2023 10:09:52 +0100 Subject: [PATCH 622/703] import: use CURLINFO_SCHEME instead of CURLINFO_PROTOCOL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CURLINFO_PROTOCOL has been deprecated in curl 7.85.0 causing compilation warnings/errors: ../build/src/import/pull-job.c: In function ‘pull_job_curl_on_finished’: ../build/src/import/pull-job.c:142:9: error: ‘CURLINFO_PROTOCOL’ is deprecated: since 7.85.0. Use CURLINFO_SCHEME [-Werror=deprecated-declarations] 142 | code = curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol); | ^~~~ In file included from ../build/src/import/curl-util.h:4, from ../build/src/import/pull-job.h:6, from ../build/src/import/pull-common.h:7, from ../build/src/import/pull-job.c:16: /usr/include/curl/curl.h:2896:3: note: declared here 2896 | CURLINFO_PROTOCOL CURL_DEPRECATED(7.85.0, "Use CURLINFO_SCHEME") | ^~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Since both CURLINFO_SCHEME and CURLINFO_PROTOCOL were introduced in the same curl version (7.52.0 [0][1]) we don't have to worry about backwards compatibility. [0] https://curl.se/libcurl/c/CURLINFO_SCHEME.html [1] https://curl.se/libcurl/c/CURLINFO_PROTOCOL.html (cherry picked from commit 2285c462ebb0b5d9a7043719a4f0d684a5dc37c2) (cherry picked from commit 4ab37502b35c76441b7be656b67ef53024af8a9f) (cherry picked from commit c2be553868972c3bfe4033f2e0c90592608c7033) --- src/import/pull-job.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/import/pull-job.c b/src/import/pull-job.c index f5eb82131e4..1ead3b105b0 100644 --- a/src/import/pull-job.c +++ b/src/import/pull-job.c @@ -124,8 +124,8 @@ static int pull_job_restart(PullJob *j, const char *new_url) { void pull_job_curl_on_finished(CurlGlue *g, CURL *curl, CURLcode result) { PullJob *j = NULL; + char *scheme = NULL; CURLcode code; - long protocol; int r; if (curl_easy_getinfo(curl, CURLINFO_PRIVATE, (char **)&j) != CURLE_OK) @@ -139,13 +139,13 @@ void pull_job_curl_on_finished(CurlGlue *g, CURL *curl, CURLcode result) { goto finish; } - code = curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol); - if (code != CURLE_OK) { - r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve response code: %s", curl_easy_strerror(code)); + code = curl_easy_getinfo(curl, CURLINFO_SCHEME, &scheme); + if (code != CURLE_OK || !scheme) { + r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve URL scheme."); goto finish; } - if (IN_SET(protocol, CURLPROTO_HTTP, CURLPROTO_HTTPS)) { + if (STRCASE_IN_SET(scheme, "HTTP", "HTTPS")) { long status; code = curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &status); From 46d158142601c9f4d5881121fdc14066d4f8c1c7 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 9 Jan 2023 12:44:28 +0100 Subject: [PATCH 623/703] import: use CURLOPT_PROTOCOLS_STR with libcurl >= 7.85.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CURLOPT_PROTOCOLS [0] was deprecated in libcurl 7.85.0 with CURLOPT_PROTOCOLS_STR [1] as a replacement, causing build warnings/errors: ../build/src/import/curl-util.c: In function ‘curl_glue_make’: ../build/src/import/curl-util.c:255:9: error: ‘CURLOPT_PROTOCOLS’ is deprecated: since 7.85.0. Use CURLOPT_PROTOCOLS_STR [-Werror=deprecated-declarations] 255 | if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK) | ^~ In file included from ../build/src/import/curl-util.h:4, from ../build/src/import/curl-util.c:6: /usr/include/curl/curl.h:1749:3: note: declared here 1749 | CURLOPTDEPRECATED(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181, | ^~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Since there's no grace period between the two symbols, let's resort to a light if-def-ery to resolve this. [0] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS.html [1] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS_STR.html (cherry picked from commit e61a4c0b7c79eabbe4eb50ff2e663734fde769f0) (cherry picked from commit 14f573175aa6a026c03fd09dea5952f3755b799a) (cherry picked from commit 4768110a2e051edeb9432283d009d12da81b13fd) --- src/import/curl-util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/import/curl-util.c b/src/import/curl-util.c index d6a16b4f57c..24a4fb6893a 100644 --- a/src/import/curl-util.c +++ b/src/import/curl-util.c @@ -256,7 +256,11 @@ int curl_glue_make(CURL **ret, const char *url, void *userdata) { if (curl_easy_setopt(c, CURLOPT_LOW_SPEED_LIMIT, 30L) != CURLE_OK) return -EIO; +#if LIBCURL_VERSION_NUM >= 0x075500 /* libcurl 7.85.0 */ + if (curl_easy_setopt(c, CURLOPT_PROTOCOLS_STR, "HTTP,HTTPS,FILE") != CURLE_OK) +#else if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK) +#endif return -EIO; *ret = TAKE_PTR(c); From 4a0aec68da00349e5f8313c06a15d0cf561fbaf0 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 13 Jan 2023 14:12:31 +0900 Subject: [PATCH 624/703] busctl: fix introspecting DBus properties Follow-up for f2f7785d7a47ffa48ac929648794e1288509ddd8. Fixes #26033. (cherry picked from commit 2cbb171d20a07ec0a25296f167b0385de102d74e) (cherry picked from commit 89e86ad8df4b87092264e49bcfba8053eb74822d) (cherry picked from commit abcd25b66e9f929572552f53337c65ddc16c24af) --- src/busctl/busctl.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c index 1640c977d9d..6baf3571a8a 100644 --- a/src/busctl/busctl.c +++ b/src/busctl/busctl.c @@ -1019,10 +1019,11 @@ static int introspect(int argc, char **argv, void *userdata) { for (;;) { Member *z; - _cleanup_free_ char *buf = NULL; + _cleanup_free_ char *buf = NULL, *signature = NULL; _cleanup_fclose_ FILE *mf = NULL; size_t sz = 0; - const char *name; + const char *name, *contents; + char type; r = sd_bus_message_enter_container(reply, 'e', "sv"); if (r < 0) @@ -1039,6 +1040,21 @@ static int introspect(int argc, char **argv, void *userdata) { if (r < 0) return bus_log_parse_error(r); + r = sd_bus_message_peek_type(reply, &type, &contents); + if (r <= 0) + return bus_log_parse_error(r == 0 ? EINVAL : r); + + if (type == SD_BUS_TYPE_STRUCT_BEGIN) + signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END)); + else if (type == SD_BUS_TYPE_DICT_ENTRY_BEGIN) + signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_END)); + else if (contents) + signature = strjoin(CHAR_TO_STR(type), contents); + else + signature = strdup(CHAR_TO_STR(type)); + if (!signature) + return log_oom(); + mf = open_memstream_unlocked(&buf, &sz); if (!mf) return log_oom(); @@ -1052,6 +1068,7 @@ static int introspect(int argc, char **argv, void *userdata) { z = set_get(members, &((Member) { .type = "property", .interface = m->interface, + .signature = signature, .name = (char*) name })); if (z) free_and_replace(z->value, buf); From af18fc2767f3daaba02ed820fe024a00a1530b33 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Mon, 16 Jan 2023 14:57:24 +0800 Subject: [PATCH 625/703] gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev" When these partitions are probed by gpt-auto, they will always be hardened with such options. See also: https://github.com/systemd/systemd/issues/25776#issuecomment-1364115711 Closes #25776 (cherry picked from commit d708293d436516823e0e4bfb02c54365820fd8c6) (cherry picked from commit 49804cfb71d3a79f433096e4cfb5616980171336) (cherry picked from commit ebe67b6e885f2f8d0b9a9b72da9d7ce9b6f18b92) --- src/gpt-auto-generator/gpt-auto-generator.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index 64ca9bb2f90..83ee3d419a2 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -467,14 +467,14 @@ static int add_automount( static const char *esp_or_xbootldr_options(const DissectedPartition *p) { assert(p); - /* if we probed vfat or have no idea about the file system then assume these file systems are vfat - * and thus understand "umask=0077". If we detected something else then don't specify any options and - * use kernel defaults. */ + /* Discoveried ESP and XBOOTLDR partition are always hardened with "noexec,nosuid,nodev". + * If we probed vfat or have no idea about the file system then assume these file systems are vfat + * and thus understand "umask=0077". */ if (!p->fstype || streq(p->fstype, "vfat")) - return "umask=0077"; + return "umask=0077,noexec,nosuid,nodev"; - return NULL; + return "noexec,nosuid,nodev"; } static int add_xbootldr(DissectedPartition *p) { From f960fa45c1f18b7561f860df154cd18d18ce722a Mon Sep 17 00:00:00 2001 From: Alberto Planas Date: Fri, 13 Jan 2023 15:31:39 +0100 Subject: [PATCH 626/703] creds-util: check for CAP_DAC_READ_SEARCH In make_credential_host_secret, the credential.secret file is generated first as a temporary anonymous file that is later instantiated with linkat(2). This system call requires CAP_DAC_READ_SEARCH capability when the flag AT_EMPTY_PATH is used. This patch check if the capability is effective, and if not uses the alternative codepath for creating named temporary files. Non-root users can now create per-user credentials with: export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret systemd-creds setup Signed-off-by: Alberto Planas (cherry picked from commit 1615578f2792fdeecaf65606861bd3db9eb949c3) (cherry picked from commit 432ec5a654d5b8b123472ab64b29d9b5baf3cbf2) (cherry picked from commit d7c8b1b7095b3e80b4e0dc354e1d69cb987c075e) --- src/shared/creds-util.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index 4d0681bc103..e0739e65908 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -9,6 +9,7 @@ #include "sd-id128.h" #include "blockdev-util.h" +#include "capability-util.h" #include "chattr-util.h" #include "creds-util.h" #include "env-util.h" @@ -108,10 +109,15 @@ static int make_credential_host_secret( assert(dfd >= 0); assert(fn); - fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400); + /* For non-root users creating a temporary file using the openat(2) over "." will fail later, in the + * linkat(2) step at the end. The reason is that linkat(2) requires the CAP_DAC_READ_SEARCH + * capability when it uses the AT_EMPTY_PATH flag. */ + if (have_effective_cap(CAP_DAC_READ_SEARCH) > 0) { + fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400); + if (fd < 0) + log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m"); + } if (fd < 0) { - log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m"); - if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0) return -ENOMEM; From a6aa2a282a3fe610e00203ed5b688f824b5a7ab3 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Fri, 13 Jan 2023 15:58:39 +0100 Subject: [PATCH 627/703] mount: handle bind mount of file with non-existing target When the target (Where=) of a mount does not exist, systemd tries to create it. But previously, it'd always been created as a directory. That doesn't work if one wants to bind-mount a file to a target that doesn't exist. Fixes: #17184 (cherry picked from commit 218cfe23354397ded28ac898f82b52724f48dae7) (cherry picked from commit 25e30725d7d31d747a40a5c0ab387dc9f48f09e3) (cherry picked from commit 48251e428fc7fb2cd718c5864138df59f0b692a7) --- man/systemd.mount.xml | 4 +++- src/core/mount.c | 22 +++++++++++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index 0b247c1f32a..8d0678bfc49 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -476,7 +476,9 @@ Where= Takes an absolute path of a file or directory for the mount point; in particular, the destination cannot be a symbolic link. If the mount point does not exist at the time of mounting, it - is created as directory. This string must be reflected in the unit filename. (See above.) This option + is created as either a directory or a file. The former is the usual case; the latter is done only if this mount + is a bind mount and the source (What=) is not a directory. + This string must be reflected in the unit filename. (See above.) This option is mandatory. diff --git a/src/core/mount.c b/src/core/mount.c index b5e2c58e2e9..3633bedb875 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -13,6 +13,7 @@ #include "device.h" #include "exit-status.h" #include "format-util.h" +#include "fs-util.h" #include "fstab-util.h" #include "libmount-util.h" #include "log.h" @@ -26,11 +27,13 @@ #include "process-util.h" #include "serialize.h" #include "special.h" +#include "stat-util.h" #include "string-table.h" #include "string-util.h" #include "strv.h" #include "unit-name.h" #include "unit.h" +#include "user-util.h" #define RETRY_UMOUNT_MAX 32 @@ -1040,6 +1043,7 @@ static void mount_enter_unmounting(Mount *m) { static void mount_enter_mounting(Mount *m) { int r; MountParameters *p; + bool source_is_dir = true; assert(m); @@ -1047,16 +1051,28 @@ static void mount_enter_mounting(Mount *m) { if (r < 0) goto fail; - (void) mkdir_p_label(m->where, m->directory_mode); + p = get_mount_parameters_fragment(m); + if (p && mount_is_bind(p)) { + r = is_dir(p->what, /* follow = */ true); + if (r < 0 && r != -ENOENT) + log_unit_info_errno(UNIT(m), r, "Failed to determine type of bind mount source '%s', ignoring: %m", p->what); + else if (r == 0) + source_is_dir = false; + } - unit_warn_if_dir_nonempty(UNIT(m), m->where); + if (source_is_dir) + (void) mkdir_p_label(m->where, m->directory_mode); + else + (void) touch_file(m->where, /* parents = */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, MODE_INVALID); + + if (source_is_dir) + unit_warn_if_dir_nonempty(UNIT(m), m->where); unit_warn_leftover_processes(UNIT(m), unit_log_leftover_process_start); m->control_command_id = MOUNT_EXEC_MOUNT; m->control_command = m->exec_command + MOUNT_EXEC_MOUNT; /* Create the source directory for bind-mounts if needed */ - p = get_mount_parameters_fragment(m); if (p && mount_is_bind(p)) { r = mkdir_p_label(p->what, m->directory_mode); /* mkdir_p_label() can return -EEXIST if the target path exists and is not a directory - which is From fb16404da3d2a9c74a164d56b13c43a4fb68da08 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 Jan 2023 13:08:55 +0900 Subject: [PATCH 628/703] sd-dhcp-client: gracefully handle invalid ether type client ID Currently, sd-dhcp-server accepts spurious client IDs, then the leases exposed by networkd may be invalid. Let's make networkctl gracefully show such leases. Fixes #25984. (cherry picked from commit 841dfd3dc0dd370a21f190a5b7b870db1c95f7e6) (cherry picked from commit a674a398e707a821e4148ace80cfdf68d2fd496f) (cherry picked from commit 088d6c8521a6aaf16b774a2a6e02eca2cb876534) --- src/libsystemd-network/sd-dhcp-client.c | 38 ++++++++++++------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index 6e0c8952000..64db8b42078 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -189,35 +189,33 @@ int sd_dhcp_client_id_to_string(const void *data, size_t len, char **ret) { r = asprintf(&t, "DATA"); break; case 1: - if (len != sizeof_field(sd_dhcp_client_id, eth)) - return -EINVAL; - - r = asprintf(&t, "%02x:%02x:%02x:%02x:%02x:%02x", - client_id->eth.haddr[0], - client_id->eth.haddr[1], - client_id->eth.haddr[2], - client_id->eth.haddr[3], - client_id->eth.haddr[4], - client_id->eth.haddr[5]); + if (len == sizeof_field(sd_dhcp_client_id, eth)) + r = asprintf(&t, "%02x:%02x:%02x:%02x:%02x:%02x", + client_id->eth.haddr[0], + client_id->eth.haddr[1], + client_id->eth.haddr[2], + client_id->eth.haddr[3], + client_id->eth.haddr[4], + client_id->eth.haddr[5]); + else + r = asprintf(&t, "ETHER"); break; case 2 ... 254: r = asprintf(&t, "ARP/LL"); break; case 255: - if (len < 6) - return -EINVAL; - - uint32_t iaid = be32toh(client_id->ns.iaid); - uint16_t duid_type = be16toh(client_id->ns.duid.type); - if (dhcp_validate_duid_len(duid_type, len - 6, true) < 0) - return -EINVAL; - - r = asprintf(&t, "IAID:0x%x/DUID", iaid); + if (len < sizeof(uint32_t)) + r = asprintf(&t, "IAID/DUID"); + else { + uint32_t iaid = be32toh(client_id->ns.iaid); + /* TODO: check and stringify DUID */ + r = asprintf(&t, "IAID:0x%x/DUID", iaid); + } break; } - if (r < 0) return -ENOMEM; + *ret = TAKE_PTR(t); return 0; } From f7ed5eefdba2e731745e9bddf2e018b2b461ed40 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Tue, 17 Jan 2023 18:04:30 +0100 Subject: [PATCH 629/703] test: bump D-Bus service start timeout if we run without accel The default (25s) doesn't seem to be enough in some cases (especially in VMs without acceleration), causing spurious timeouts: [ 174.297658] dbus-daemon[647]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.0' (uid=0 pid=645 comm="hostnamectl " label="kernel") [ 184.202313] systemd[1]: systemd-update-utmp-runlevel.service: Consumed 1.253s CPU time. [ 197.335422] systemd[1]: Started dbus.service. [ 199.211468] testsuite-71.sh[639]: + assert_in 'Static hostname: H' '' [ 199.347192] dbus-daemon[647]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out (service_start_timeout=25000ms) [ 199.394879] testsuite-71.sh[657]: + set +ex [ 199.438918] testsuite-71.sh[657]: FAIL: 'Static hostname: H' not found in: [ 200.966006] systemd-logind[631]: Watching system buttons on /dev/input/event0 (Power Button) [ 201.008178] systemd-logind[631]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard) [ 201.034106] systemd-logind[631]: New seat seat0. [ 201.238267] sh[658]: + systemctl poweroff --no-block [ 201.329890] systemd[1]: Starting systemd-hostnamed.service... [ 202.156622] systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully. [ 204.818913] hostnamectl[645]: Failed to query system properties: Connection timed out [ 205.195583] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE [ 205.227237] systemd[1]: testsuite-71.service: Failed with result 'exit-code'. [ 205.712780] systemd[1]: Failed to start testsuite-71.service. (cherry picked from commit c78d18215b3e5b0f0896ddb1d0d72c666b5e830b) (cherry picked from commit 17109481202856616f23ca477fe5999b376c495b) (cherry picked from commit 539358c2c728d30f73e35d2c5d651135643a43fc) --- test/test-functions | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/test-functions b/test/test-functions index f781c3337c6..f8411207b19 100644 --- a/test/test-functions +++ b/test/test-functions @@ -1764,6 +1764,18 @@ install_dbus() { EOF + + # If we run without KVM, bump the service start timeout + if ! get_bool "$QEMU_KVM"; then + cat >"$initdir/etc/dbus-1/system.d/service.timeout.conf" < + + + 60000 + +EOF + fi } install_user_dbus() { From ff542dcd1a8c2c7cdc96b9f4b9889774b9474c26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Koutn=C3=BD?= Date: Wed, 18 Jan 2023 23:20:31 +0100 Subject: [PATCH 630/703] core: mount namespaces: Remove auxiliary bind mounts directory after unit termination Unit that requires its own mount namespace creates a temporary directory to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit). However, this directory is never removed and they will accumulate for each unique unit (e.g. templated units of systemd-coredump@). Attach the auxiliary runtime directory existence to lifetime of other "runtime" only per-unit directories. (cherry picked from commit b9f976fb45635e09cd709dbedd0afb03d4b73c05) (cherry picked from commit 80e8340ec49d0da3744cdf81f82202e13b0fad3b) (cherry picked from commit fd260cb37e3441b851c7fee4825d5b6af17f66ca) --- src/core/execute.c | 17 +++++++++++++++++ src/core/execute.h | 1 + src/core/unit.c | 1 + 3 files changed, 19 insertions(+) diff --git a/src/core/execute.c b/src/core/execute.c index 147381f9de9..da0cd2dcbe7 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -5245,6 +5245,23 @@ int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_p return 0; } +int exec_context_destroy_mount_ns_dir(Unit *u) { + _cleanup_free_ char *p = NULL; + + if (!u || !MANAGER_IS_SYSTEM(u->manager)) + return 0; + + p = path_join("/run/systemd/propagate/", u->id); + if (!p) + return -ENOMEM; + + /* This is only filled transiently (see mount_in_namespace()), should be empty or even non-existent*/ + if (rmdir(p) < 0 && errno != ENOENT) + log_unit_debug_errno(u, errno, "Unable to remove propagation dir '%s', ignoring: %m", p); + + return 0; +} + static void exec_command_done(ExecCommand *c) { assert(c); diff --git a/src/core/execute.h b/src/core/execute.h index 65b249ee27b..bca8352a049 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -450,6 +450,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix); int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_root); int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit); +int exec_context_destroy_mount_ns_dir(Unit *u); const char* exec_context_fdname(const ExecContext *c, int fd_index); diff --git a/src/core/unit.c b/src/core/unit.c index 60e4e42d2ff..2d9b1baff92 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -5733,6 +5733,7 @@ void unit_destroy_runtime_data(Unit *u, const ExecContext *context) { exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]); exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id); + exec_context_destroy_mount_ns_dir(u); } int unit_clean(Unit *u, ExecCleanMask mask) { From e014c02f57c4198108566a89e79f6e7351cdd2ff Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 23 Jan 2023 18:40:38 +0100 Subject: [PATCH 631/703] test: bump the client-side timeout in sd-bus as well Since c78d18215b D-Bus services now have 60s to start, but the client side (sd-bus) still waits only for 25s before giving up: ``` [ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' '' [ 226.332965] testsuite-71.sh[576]: + set +ex [ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in: [ 228.910782] sh[577]: + systemctl poweroff --no-block [ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out [ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time. [ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1' [ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time. [ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE [ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'. [ 237.931415] systemd[1]: Failed to start testsuite-71.service. [ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time. [ 238.181030] systemd[1]: Reached target testsuite.target. ``` Let's override the timeout in sd-bus as well to mitigate this. Follow-up to c78d18215b3e5b0f0896ddb1d0d72c666b5e830b. (cherry picked from commit e0cbb739113b9e2fbb67b27099430c351f03315c) (cherry picked from commit e4ed752f2313c74b9d5ae3aeb947c150babe061a) (cherry picked from commit f69dc64d38810ab8dbc5d0932dd5145be5a5fd14) --- test/test-functions | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/test-functions b/test/test-functions index f8411207b19..1dbeb640432 100644 --- a/test/test-functions +++ b/test/test-functions @@ -1775,6 +1775,9 @@ EOF 60000 EOF + # Bump the client-side timeout in sd-bus as well + mkdir -p "$initdir/etc/systemd/system.conf.d" + echo -e '[Manager]\nDefaultEnvironment=SYSTEMD_BUS_TIMEOUT=60' >"$initdir/etc/systemd/system.conf.d/bus-timeout.conf" fi } From 02332752b33289cc33f7db0222fc26feb47326cc Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 20 Jan 2023 23:00:38 +0000 Subject: [PATCH 632/703] core: ensure init.scope is realized after drop-ins have been loaded If we add a drop-in for init.scope (e.g.: to set some memory limit), it will be loaded long after the cgroup has already been realized. Do it again when creating the special unit. (cherry picked from commit 020b2e41ea776cff73392da8084a0725b590d245) (cherry picked from commit 786b7a7208cfb585b70659a8e3ac5180e85d0647) (cherry picked from commit ffa329c45c945256f1ee397c1a5f56ce8dded412) --- src/core/cgroup.c | 2 +- src/core/cgroup.h | 1 + src/core/scope.c | 4 ++++ test/TEST-55-OOMD/test.sh | 6 ++++++ test/units/testsuite-55.sh | 3 +++ 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index f58de95a491..79681c65bed 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -2433,7 +2433,7 @@ static bool unit_has_mask_enables_realized( ((u->cgroup_enabled_mask | enable_mask) & CGROUP_MASK_V2) == (u->cgroup_enabled_mask & CGROUP_MASK_V2); } -static void unit_add_to_cgroup_realize_queue(Unit *u) { +void unit_add_to_cgroup_realize_queue(Unit *u) { assert(u); if (u->in_cgroup_realize_queue) diff --git a/src/core/cgroup.h b/src/core/cgroup.h index 4413eeaaa0a..49fbd4f50f9 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -262,6 +262,7 @@ int unit_realize_cgroup(Unit *u); void unit_prune_cgroup(Unit *u); int unit_watch_cgroup(Unit *u); int unit_watch_cgroup_memory(Unit *u); +void unit_add_to_cgroup_realize_queue(Unit *u); void unit_release_cgroup(Unit *u); /* Releases the cgroup only if it is recursively empty. diff --git a/src/core/scope.c b/src/core/scope.c index 080bb713560..1289bb8cb40 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -653,6 +653,10 @@ static void scope_enumerate_perpetual(Manager *m) { unit_add_to_load_queue(u); unit_add_to_dbus_queue(u); + /* Enqueue an explicit cgroup realization here. Unlike other cgroups this one already exists and is + * populated (by us, after all!) already, even when we are not in a reload cycle. Hence we cannot + * apply the settings at creation time anymore, but let's at least apply them asynchronously. */ + unit_add_to_cgroup_realize_queue(u); } static const char* const scope_result_table[_SCOPE_RESULT_MAX] = { diff --git a/test/TEST-55-OOMD/test.sh b/test/TEST-55-OOMD/test.sh index 4dc414294c9..4032896061d 100755 --- a/test/TEST-55-OOMD/test.sh +++ b/test/TEST-55-OOMD/test.sh @@ -16,6 +16,12 @@ test_append_files() { cat >>"${initdir:?}/etc/fstab" <>"${initdir:?}/etc/systemd/system/init.scope.d/test-55-oomd.conf" <>/skipped cgroup_type="$(stat -fc %T /sys/fs/cgroup/)" From 24a8928a261701c940509fec4e8a2d39c8a57323 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Tue, 22 Nov 2022 12:43:51 -0500 Subject: [PATCH 633/703] test: make sure mount point exists in testsuite-64.sh (cherry picked from commit 84e5b9225d12f8a1a7d414ef01f97fcd6881c14f) (cherry picked from commit 07e4787106fb0a551f73d0a0ec4c6c8e7c958c7d) (cherry picked from commit bd32bbebd5ea7bb5ae5fefe9d9a26e7f0bf5c635) --- test/units/testsuite-64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh index dc8b263b100..ff0873a3a8f 100755 --- a/test/units/testsuite-64.sh +++ b/test/units/testsuite-64.sh @@ -204,6 +204,7 @@ EOF echo "${FUNCNAME[0]}: test failover" local device expected link mpoint part local -a devices + mkdir -p /mnt mpoint="$(mktemp -d /mnt/mpathXXX)" wwid="deaddeadbeef0000" path="/dev/disk/by-id/wwn-0x$wwid" From 442ee8c50d6ed0231348cbff3fcc4477f3588a81 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 25 Jan 2023 12:37:49 +0100 Subject: [PATCH 634/703] basic/linux: update linux uapi headers IPPROTO_L2TP was moved from linux/l2tp.h to linux/in.h [0], so let's reflect that change to fix build with newer kernels: ``` In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:10: ../src/basic/linux/l2tp.h:16: error: "IPPROTO_L2TP" redefined [-Werror] 16 | #define IPPROTO_L2TP 115 | In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:3: /usr/include/netinet/in.h:85: note: this is the location of the previous definition 85 | #define IPPROTO_L2TP IPPROTO_L2TP | cc1: all warnings being treated as errors ``` When at it, update the rest of the headers we ship as well. [0] https://github.com/torvalds/linux/commit/65b32f801bfbc54dc98144a6ec26082b59d131ee (cherry picked from commit a95ff98ec40edad2825c824a186f44454120cf1f) (cherry picked from commit 240513cecaeca035706a618161d0141a9f1267be) (cherry picked from commit 4bc291c1d4a97de93eb4015115516d6e7c07da00) --- src/basic/linux/README | 1 + src/basic/linux/btrfs.h | 205 ++++++++++++- src/basic/linux/btrfs_tree.h | 296 +++++++++++++++++- src/basic/linux/can/netlink.h | 44 ++- src/basic/linux/genetlink.h | 5 +- src/basic/linux/if_addr.h | 9 +- src/basic/linux/if_bridge.h | 85 ++++++ src/basic/linux/if_ether.h | 10 +- src/basic/linux/if_link.h | 129 ++++++++ src/basic/linux/if_macsec.h | 2 + src/basic/linux/if_tun.h | 6 +- src/basic/linux/if_tunnel.h | 4 +- src/basic/linux/in.h | 29 +- src/basic/linux/in6.h | 1 + src/basic/linux/l2tp.h | 2 - src/basic/linux/netfilter/nf_tables.h | 35 ++- src/basic/linux/netlink.h | 32 +- src/basic/linux/nl80211.h | 412 ++++++++++++++++++++++++-- src/basic/linux/pkt_sched.h | 15 + src/basic/linux/rtnetlink.h | 18 +- src/basic/linux/stddef.h | 46 +++ src/basic/linux/update.sh | 2 +- 22 files changed, 1315 insertions(+), 73 deletions(-) create mode 100644 src/basic/linux/stddef.h diff --git a/src/basic/linux/README b/src/basic/linux/README index 2bb70fdaadb..1abc9450a6b 100644 --- a/src/basic/linux/README +++ b/src/basic/linux/README @@ -4,3 +4,4 @@ The files in this directory are copied from current kernel master modifications are applied: - btrfs.h: drop '__user' attributes - if.h: drop '#include ' and '__user' attributes +- stddef.h: drop '#include ' diff --git a/src/basic/linux/btrfs.h b/src/basic/linux/btrfs.h index 0f8306fdea6..0a53bdc38a8 100644 --- a/src/basic/linux/btrfs.h +++ b/src/basic/linux/btrfs.h @@ -19,8 +19,14 @@ #ifndef _UAPI_LINUX_BTRFS_H #define _UAPI_LINUX_BTRFS_H + +#ifdef __cplusplus +extern "C" { +#endif + #include #include +#include #define BTRFS_IOCTL_MAGIC 0x94 #define BTRFS_VOL_NAME_MAX 255 @@ -93,7 +99,7 @@ struct btrfs_qgroup_inherit { __u64 num_ref_copies; __u64 num_excl_copies; struct btrfs_qgroup_limit lim; - __u64 qgroups[0]; + __u64 qgroups[]; }; struct btrfs_ioctl_qgroup_limit_args { @@ -288,6 +294,13 @@ struct btrfs_ioctl_fs_info_args { * first mount when booting older kernel versions. */ #define BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE_VALID (1ULL << 1) +#define BTRFS_FEATURE_COMPAT_RO_VERITY (1ULL << 2) + +/* + * Put all block group items into a dedicated block group tree, greatly + * reducing mount time for large filesystem due to better locality. + */ +#define BTRFS_FEATURE_COMPAT_RO_BLOCK_GROUP_TREE (1ULL << 3) #define BTRFS_FEATURE_INCOMPAT_MIXED_BACKREF (1ULL << 0) #define BTRFS_FEATURE_INCOMPAT_DEFAULT_SUBVOL (1ULL << 1) @@ -308,6 +321,7 @@ struct btrfs_ioctl_fs_info_args { #define BTRFS_FEATURE_INCOMPAT_METADATA_UUID (1ULL << 10) #define BTRFS_FEATURE_INCOMPAT_RAID1C34 (1ULL << 11) #define BTRFS_FEATURE_INCOMPAT_ZONED (1ULL << 12) +#define BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2 (1ULL << 13) struct btrfs_ioctl_feature_flags { __u64 compat_flags; @@ -325,6 +339,12 @@ struct btrfs_ioctl_feature_flags { */ struct btrfs_balance_args { __u64 profiles; + + /* + * usage filter + * BTRFS_BALANCE_ARGS_USAGE with a single value means '0..N' + * BTRFS_BALANCE_ARGS_USAGE_RANGE - range syntax, min..max + */ union { __u64 usage; struct { @@ -541,7 +561,7 @@ struct btrfs_ioctl_search_header { __u64 offset; __u32 type; __u32 len; -}; +} __attribute__ ((__may_alias__)); #define BTRFS_SEARCH_ARGS_BUFSIZE (4096 - sizeof(struct btrfs_ioctl_search_key)) /* @@ -554,18 +574,23 @@ struct btrfs_ioctl_search_args { char buf[BTRFS_SEARCH_ARGS_BUFSIZE]; }; +/* + * Extended version of TREE_SEARCH ioctl that can return more than 4k of bytes. + * The allocated size of the buffer is set in buf_size. + */ struct btrfs_ioctl_search_args_v2 { struct btrfs_ioctl_search_key key; /* in/out - search parameters */ __u64 buf_size; /* in - size of buffer * out - on EOVERFLOW: needed size * to store item */ - __u64 buf[0]; /* out - found items */ + __u64 buf[]; /* out - found items */ }; +/* With a @src_length of zero, the range from @src_offset->EOF is cloned! */ struct btrfs_ioctl_clone_range_args { - __s64 src_fd; - __u64 src_offset, src_length; - __u64 dest_offset; + __s64 src_fd; + __u64 src_offset, src_length; + __u64 dest_offset; }; /* @@ -630,7 +655,7 @@ struct btrfs_ioctl_same_args { __u16 dest_count; /* in - total elements in info array */ __u16 reserved1; __u32 reserved2; - struct btrfs_ioctl_same_extent_info info[0]; + struct btrfs_ioctl_same_extent_info info[]; }; struct btrfs_ioctl_space_info { @@ -642,7 +667,7 @@ struct btrfs_ioctl_space_info { struct btrfs_ioctl_space_args { __u64 space_slots; __u64 total_spaces; - struct btrfs_ioctl_space_info spaces[0]; + struct btrfs_ioctl_space_info spaces[]; }; struct btrfs_data_container { @@ -650,7 +675,7 @@ struct btrfs_data_container { __u32 bytes_missing; /* out -- additional bytes needed for result */ __u32 elem_cnt; /* out */ __u32 elem_missed; /* out */ - __u64 val[0]; /* out */ + __u64 val[]; /* out */ }; struct btrfs_ioctl_ino_path_args { @@ -669,8 +694,11 @@ struct btrfs_ioctl_logical_ino_args { /* struct btrfs_data_container *inodes; out */ __u64 inodes; }; -/* Return every ref to the extent, not just those containing logical block. - * Requires logical == extent bytenr. */ + +/* + * Return every ref to the extent, not just those containing logical block. + * Requires logical == extent bytenr. + */ #define BTRFS_LOGICAL_INO_ARGS_IGNORE_OFFSET (1ULL << 0) enum btrfs_dev_stat_values { @@ -770,10 +798,24 @@ struct btrfs_ioctl_received_subvol_args { */ #define BTRFS_SEND_FLAG_OMIT_END_CMD 0x4 +/* + * Read the protocol version in the structure + */ +#define BTRFS_SEND_FLAG_VERSION 0x8 + +/* + * Send compressed data using the ENCODED_WRITE command instead of decompressing + * the data and sending it with the WRITE command. This requires protocol + * version >= 2. + */ +#define BTRFS_SEND_FLAG_COMPRESSED 0x10 + #define BTRFS_SEND_FLAG_MASK \ (BTRFS_SEND_FLAG_NO_FILE_DATA | \ BTRFS_SEND_FLAG_OMIT_STREAM_HEADER | \ - BTRFS_SEND_FLAG_OMIT_END_CMD) + BTRFS_SEND_FLAG_OMIT_END_CMD | \ + BTRFS_SEND_FLAG_VERSION | \ + BTRFS_SEND_FLAG_COMPRESSED) struct btrfs_ioctl_send_args { __s64 send_fd; /* in */ @@ -781,7 +823,8 @@ struct btrfs_ioctl_send_args { __u64 *clone_sources; /* in */ __u64 parent_root; /* in */ __u64 flags; /* in */ - __u64 reserved[4]; /* in */ + __u32 version; /* in */ + __u8 reserved[28]; /* in */ }; /* @@ -860,6 +903,134 @@ struct btrfs_ioctl_get_subvol_rootref_args { __u8 align[7]; }; +/* + * Data and metadata for an encoded read or write. + * + * Encoded I/O bypasses any encoding automatically done by the filesystem (e.g., + * compression). This can be used to read the compressed contents of a file or + * write pre-compressed data directly to a file. + * + * BTRFS_IOC_ENCODED_READ and BTRFS_IOC_ENCODED_WRITE are essentially + * preadv/pwritev with additional metadata about how the data is encoded and the + * size of the unencoded data. + * + * BTRFS_IOC_ENCODED_READ fills the given iovecs with the encoded data, fills + * the metadata fields, and returns the size of the encoded data. It reads one + * extent per call. It can also read data which is not encoded. + * + * BTRFS_IOC_ENCODED_WRITE uses the metadata fields, writes the encoded data + * from the iovecs, and returns the size of the encoded data. Note that the + * encoded data is not validated when it is written; if it is not valid (e.g., + * it cannot be decompressed), then a subsequent read may return an error. + * + * Since the filesystem page cache contains decoded data, encoded I/O bypasses + * the page cache. Encoded I/O requires CAP_SYS_ADMIN. + */ +struct btrfs_ioctl_encoded_io_args { + /* Input parameters for both reads and writes. */ + + /* + * iovecs containing encoded data. + * + * For reads, if the size of the encoded data is larger than the sum of + * iov[n].iov_len for 0 <= n < iovcnt, then the ioctl fails with + * ENOBUFS. + * + * For writes, the size of the encoded data is the sum of iov[n].iov_len + * for 0 <= n < iovcnt. This must be less than 128 KiB (this limit may + * increase in the future). This must also be less than or equal to + * unencoded_len. + */ + const struct iovec *iov; + /* Number of iovecs. */ + unsigned long iovcnt; + /* + * Offset in file. + * + * For writes, must be aligned to the sector size of the filesystem. + */ + __s64 offset; + /* Currently must be zero. */ + __u64 flags; + + /* + * For reads, the following members are output parameters that will + * contain the returned metadata for the encoded data. + * For writes, the following members must be set to the metadata for the + * encoded data. + */ + + /* + * Length of the data in the file. + * + * Must be less than or equal to unencoded_len - unencoded_offset. For + * writes, must be aligned to the sector size of the filesystem unless + * the data ends at or beyond the current end of the file. + */ + __u64 len; + /* + * Length of the unencoded (i.e., decrypted and decompressed) data. + * + * For writes, must be no more than 128 KiB (this limit may increase in + * the future). If the unencoded data is actually longer than + * unencoded_len, then it is truncated; if it is shorter, then it is + * extended with zeroes. + */ + __u64 unencoded_len; + /* + * Offset from the first byte of the unencoded data to the first byte of + * logical data in the file. + * + * Must be less than unencoded_len. + */ + __u64 unencoded_offset; + /* + * BTRFS_ENCODED_IO_COMPRESSION_* type. + * + * For writes, must not be BTRFS_ENCODED_IO_COMPRESSION_NONE. + */ + __u32 compression; + /* Currently always BTRFS_ENCODED_IO_ENCRYPTION_NONE. */ + __u32 encryption; + /* + * Reserved for future expansion. + * + * For reads, always returned as zero. Users should check for non-zero + * bytes. If there are any, then the kernel has a newer version of this + * structure with additional information that the user definition is + * missing. + * + * For writes, must be zeroed. + */ + __u8 reserved[64]; +}; + +/* Data is not compressed. */ +#define BTRFS_ENCODED_IO_COMPRESSION_NONE 0 +/* Data is compressed as a single zlib stream. */ +#define BTRFS_ENCODED_IO_COMPRESSION_ZLIB 1 +/* + * Data is compressed as a single zstd frame with the windowLog compression + * parameter set to no more than 17. + */ +#define BTRFS_ENCODED_IO_COMPRESSION_ZSTD 2 +/* + * Data is compressed sector by sector (using the sector size indicated by the + * name of the constant) with LZO1X and wrapped in the format documented in + * fs/btrfs/lzo.c. For writes, the compression sector size must match the + * filesystem sector size. + */ +#define BTRFS_ENCODED_IO_COMPRESSION_LZO_4K 3 +#define BTRFS_ENCODED_IO_COMPRESSION_LZO_8K 4 +#define BTRFS_ENCODED_IO_COMPRESSION_LZO_16K 5 +#define BTRFS_ENCODED_IO_COMPRESSION_LZO_32K 6 +#define BTRFS_ENCODED_IO_COMPRESSION_LZO_64K 7 +#define BTRFS_ENCODED_IO_COMPRESSION_TYPES 8 + +/* Data is not encrypted. */ +#define BTRFS_ENCODED_IO_ENCRYPTION_NONE 0 +#define BTRFS_ENCODED_IO_ENCRYPTION_TYPES 1 + /* Error codes as returned by the kernel */ enum btrfs_err_code { BTRFS_ERROR_DEV_RAID1_MIN_NOT_MET = 1, @@ -988,5 +1159,13 @@ enum btrfs_err_code { struct btrfs_ioctl_ino_lookup_user_args) #define BTRFS_IOC_SNAP_DESTROY_V2 _IOW(BTRFS_IOCTL_MAGIC, 63, \ struct btrfs_ioctl_vol_args_v2) +#define BTRFS_IOC_ENCODED_READ _IOR(BTRFS_IOCTL_MAGIC, 64, \ + struct btrfs_ioctl_encoded_io_args) +#define BTRFS_IOC_ENCODED_WRITE _IOW(BTRFS_IOCTL_MAGIC, 64, \ + struct btrfs_ioctl_encoded_io_args) + +#ifdef __cplusplus +} +#endif #endif /* _UAPI_LINUX_BTRFS_H */ diff --git a/src/basic/linux/btrfs_tree.h b/src/basic/linux/btrfs_tree.h index ccdb40fe40d..ab38d0f411f 100644 --- a/src/basic/linux/btrfs_tree.h +++ b/src/basic/linux/btrfs_tree.h @@ -10,6 +10,23 @@ #include #endif +/* ASCII for _BHRfS_M, no terminating nul */ +#define BTRFS_MAGIC 0x4D5F53665248425FULL + +#define BTRFS_MAX_LEVEL 8 + +/* + * We can actually store much bigger names, but lets not confuse the rest of + * linux. + */ +#define BTRFS_NAME_LEN 255 + +/* + * Theoretical limit is larger, but we keep this down to a sane value. That + * should limit greatly the possibility of collisions on inode ref items. + */ +#define BTRFS_LINK_MAX 65535U + /* * This header contains the structure definitions and constants used * by file system objects that can be retrieved using @@ -53,6 +70,9 @@ /* tracks free space in block groups. */ #define BTRFS_FREE_SPACE_TREE_OBJECTID 10ULL +/* Holds the block group items for extent tree v2. */ +#define BTRFS_BLOCK_GROUP_TREE_OBJECTID 11ULL + /* device stats in the device tree */ #define BTRFS_DEV_STATS_OBJECTID 0ULL @@ -118,12 +138,37 @@ #define BTRFS_INODE_REF_KEY 12 #define BTRFS_INODE_EXTREF_KEY 13 #define BTRFS_XATTR_ITEM_KEY 24 + +/* + * fs verity items are stored under two different key types on disk. + * The descriptor items: + * [ inode objectid, BTRFS_VERITY_DESC_ITEM_KEY, offset ] + * + * At offset 0, we store a btrfs_verity_descriptor_item which tracks the size + * of the descriptor item and some extra data for encryption. + * Starting at offset 1, these hold the generic fs verity descriptor. The + * latter are opaque to btrfs, we just read and write them as a blob for the + * higher level verity code. The most common descriptor size is 256 bytes. + * + * The merkle tree items: + * [ inode objectid, BTRFS_VERITY_MERKLE_ITEM_KEY, offset ] + * + * These also start at offset 0, and correspond to the merkle tree bytes. When + * fsverity asks for page 0 of the merkle tree, we pull up one page starting at + * offset 0 for this key type. These are also opaque to btrfs, we're blindly + * storing whatever fsverity sends down. + */ +#define BTRFS_VERITY_DESC_ITEM_KEY 36 +#define BTRFS_VERITY_MERKLE_ITEM_KEY 37 + #define BTRFS_ORPHAN_ITEM_KEY 48 /* reserve 2-15 close to the inode for later flexibility */ /* * dir items are the name -> inode pointers in a directory. There is one - * for every name in a directory. + * for every name in a directory. BTRFS_DIR_LOG_ITEM_KEY is no longer used + * but it's still defined here for documentation purposes and to help avoid + * having its numerical value reused in the future. */ #define BTRFS_DIR_LOG_ITEM_KEY 60 #define BTRFS_DIR_LOG_INDEX_KEY 72 @@ -331,6 +376,50 @@ enum btrfs_csum_type { #define BTRFS_FT_SYMLINK 7 #define BTRFS_FT_XATTR 8 #define BTRFS_FT_MAX 9 +/* Directory contains encrypted data */ +#define BTRFS_FT_ENCRYPTED 0x80 + +static inline __u8 btrfs_dir_flags_to_ftype(__u8 flags) +{ + return flags & ~BTRFS_FT_ENCRYPTED; +} + +/* + * Inode flags + */ +#define BTRFS_INODE_NODATASUM (1U << 0) +#define BTRFS_INODE_NODATACOW (1U << 1) +#define BTRFS_INODE_READONLY (1U << 2) +#define BTRFS_INODE_NOCOMPRESS (1U << 3) +#define BTRFS_INODE_PREALLOC (1U << 4) +#define BTRFS_INODE_SYNC (1U << 5) +#define BTRFS_INODE_IMMUTABLE (1U << 6) +#define BTRFS_INODE_APPEND (1U << 7) +#define BTRFS_INODE_NODUMP (1U << 8) +#define BTRFS_INODE_NOATIME (1U << 9) +#define BTRFS_INODE_DIRSYNC (1U << 10) +#define BTRFS_INODE_COMPRESS (1U << 11) + +#define BTRFS_INODE_ROOT_ITEM_INIT (1U << 31) + +#define BTRFS_INODE_FLAG_MASK \ + (BTRFS_INODE_NODATASUM | \ + BTRFS_INODE_NODATACOW | \ + BTRFS_INODE_READONLY | \ + BTRFS_INODE_NOCOMPRESS | \ + BTRFS_INODE_PREALLOC | \ + BTRFS_INODE_SYNC | \ + BTRFS_INODE_IMMUTABLE | \ + BTRFS_INODE_APPEND | \ + BTRFS_INODE_NODUMP | \ + BTRFS_INODE_NOATIME | \ + BTRFS_INODE_DIRSYNC | \ + BTRFS_INODE_COMPRESS | \ + BTRFS_INODE_ROOT_ITEM_INIT) + +#define BTRFS_INODE_RO_VERITY (1U << 0) + +#define BTRFS_INODE_RO_FLAG_MASK (BTRFS_INODE_RO_VERITY) /* * The key defines the order in the tree, and so it also defines (optimal) @@ -361,6 +450,109 @@ struct btrfs_key { __u64 offset; } __attribute__ ((__packed__)); +/* + * Every tree block (leaf or node) starts with this header. + */ +struct btrfs_header { + /* These first four must match the super block */ + __u8 csum[BTRFS_CSUM_SIZE]; + /* FS specific uuid */ + __u8 fsid[BTRFS_FSID_SIZE]; + /* Which block this node is supposed to live in */ + __le64 bytenr; + __le64 flags; + + /* Allowed to be different from the super from here on down */ + __u8 chunk_tree_uuid[BTRFS_UUID_SIZE]; + __le64 generation; + __le64 owner; + __le32 nritems; + __u8 level; +} __attribute__ ((__packed__)); + +/* + * This is a very generous portion of the super block, giving us room to + * translate 14 chunks with 3 stripes each. + */ +#define BTRFS_SYSTEM_CHUNK_ARRAY_SIZE 2048 + +/* + * Just in case we somehow lose the roots and are not able to mount, we store + * an array of the roots from previous transactions in the super. + */ +#define BTRFS_NUM_BACKUP_ROOTS 4 +struct btrfs_root_backup { + __le64 tree_root; + __le64 tree_root_gen; + + __le64 chunk_root; + __le64 chunk_root_gen; + + __le64 extent_root; + __le64 extent_root_gen; + + __le64 fs_root; + __le64 fs_root_gen; + + __le64 dev_root; + __le64 dev_root_gen; + + __le64 csum_root; + __le64 csum_root_gen; + + __le64 total_bytes; + __le64 bytes_used; + __le64 num_devices; + /* future */ + __le64 unused_64[4]; + + __u8 tree_root_level; + __u8 chunk_root_level; + __u8 extent_root_level; + __u8 fs_root_level; + __u8 dev_root_level; + __u8 csum_root_level; + /* future and to align */ + __u8 unused_8[10]; +} __attribute__ ((__packed__)); + +/* + * A leaf is full of items. offset and size tell us where to find the item in + * the leaf (relative to the start of the data area) + */ +struct btrfs_item { + struct btrfs_disk_key key; + __le32 offset; + __le32 size; +} __attribute__ ((__packed__)); + +/* + * Leaves have an item area and a data area: + * [item0, item1....itemN] [free space] [dataN...data1, data0] + * + * The data is separate from the items to get the keys closer together during + * searches. + */ +struct btrfs_leaf { + struct btrfs_header header; + struct btrfs_item items[]; +} __attribute__ ((__packed__)); + +/* + * All non-leaf blocks are nodes, they hold only keys and pointers to other + * blocks. + */ +struct btrfs_key_ptr { + struct btrfs_disk_key key; + __le64 blockptr; + __le64 generation; +} __attribute__ ((__packed__)); + +struct btrfs_node { + struct btrfs_header header; + struct btrfs_key_ptr ptrs[]; +} __attribute__ ((__packed__)); + struct btrfs_dev_item { /* the internal btrfs device id */ __le64 devid; @@ -444,6 +636,69 @@ struct btrfs_chunk { /* additional stripes go here */ } __attribute__ ((__packed__)); +/* + * The super block basically lists the main trees of the FS. + */ +struct btrfs_super_block { + /* The first 4 fields must match struct btrfs_header */ + __u8 csum[BTRFS_CSUM_SIZE]; + /* FS specific UUID, visible to user */ + __u8 fsid[BTRFS_FSID_SIZE]; + /* This block number */ + __le64 bytenr; + __le64 flags; + + /* Allowed to be different from the btrfs_header from here own down */ + __le64 magic; + __le64 generation; + __le64 root; + __le64 chunk_root; + __le64 log_root; + + /* + * This member has never been utilized since the very beginning, thus + * it's always 0 regardless of kernel version. We always use + * generation + 1 to read log tree root. So here we mark it deprecated. + */ + __le64 __unused_log_root_transid; + __le64 total_bytes; + __le64 bytes_used; + __le64 root_dir_objectid; + __le64 num_devices; + __le32 sectorsize; + __le32 nodesize; + __le32 __unused_leafsize; + __le32 stripesize; + __le32 sys_chunk_array_size; + __le64 chunk_root_generation; + __le64 compat_flags; + __le64 compat_ro_flags; + __le64 incompat_flags; + __le16 csum_type; + __u8 root_level; + __u8 chunk_root_level; + __u8 log_root_level; + struct btrfs_dev_item dev_item; + + char label[BTRFS_LABEL_SIZE]; + + __le64 cache_generation; + __le64 uuid_tree_generation; + + /* The UUID written into btree blocks */ + __u8 metadata_uuid[BTRFS_FSID_SIZE]; + + __u64 nr_global_roots; + + /* Future expansion */ + __le64 reserved[27]; + __u8 sys_chunk_array[BTRFS_SYSTEM_CHUNK_ARRAY_SIZE]; + struct btrfs_root_backup super_roots[BTRFS_NUM_BACKUP_ROOTS]; + + /* Padded to 4096 bytes */ + __u8 padding[565]; +} __attribute__ ((__packed__)); + #define BTRFS_FREE_SPACE_EXTENT 1 #define BTRFS_FREE_SPACE_BITMAP 2 @@ -498,6 +753,14 @@ struct btrfs_extent_item_v0 { /* use full backrefs for extent pointers in the block */ #define BTRFS_BLOCK_FLAG_FULL_BACKREF (1ULL << 8) +#define BTRFS_BACKREF_REV_MAX 256 +#define BTRFS_BACKREF_REV_SHIFT 56 +#define BTRFS_BACKREF_REV_MASK (((u64)BTRFS_BACKREF_REV_MAX - 1) << \ + BTRFS_BACKREF_REV_SHIFT) + +#define BTRFS_OLD_BACKREF_REV 0 +#define BTRFS_MIXED_BACKREF_REV 1 + /* * this flag is only used internally by scrub and may be changed at any time * it is only declared here to avoid collisions @@ -547,7 +810,7 @@ struct btrfs_inode_extref { __le64 parent_objectid; __le64 index; __le16 name_len; - __u8 name[0]; + __u8 name[]; /* name goes here */ } __attribute__ ((__packed__)); @@ -852,19 +1115,6 @@ struct btrfs_dev_replace_item { #define BTRFS_BLOCK_GROUP_RESERVED (BTRFS_AVAIL_ALLOC_BIT_SINGLE | \ BTRFS_SPACE_INFO_GLOBAL_RSV) -enum btrfs_raid_types { - BTRFS_RAID_RAID10, - BTRFS_RAID_RAID1, - BTRFS_RAID_DUP, - BTRFS_RAID_RAID0, - BTRFS_RAID_SINGLE, - BTRFS_RAID_RAID5, - BTRFS_RAID_RAID6, - BTRFS_RAID_RAID1C3, - BTRFS_RAID_RAID1C4, - BTRFS_NR_RAID_TYPES -}; - #define BTRFS_BLOCK_GROUP_TYPE_MASK (BTRFS_BLOCK_GROUP_DATA | \ BTRFS_BLOCK_GROUP_SYSTEM | \ BTRFS_BLOCK_GROUP_METADATA) @@ -950,6 +1200,10 @@ static inline __u16 btrfs_qgroup_level(__u64 qgroupid) */ #define BTRFS_QGROUP_STATUS_FLAG_INCONSISTENT (1ULL << 2) +#define BTRFS_QGROUP_STATUS_FLAGS_MASK (BTRFS_QGROUP_STATUS_FLAG_ON | \ + BTRFS_QGROUP_STATUS_FLAG_RESCAN | \ + BTRFS_QGROUP_STATUS_FLAG_INCONSISTENT) + #define BTRFS_QGROUP_STATUS_VERSION 1 struct btrfs_qgroup_status_item { @@ -991,4 +1245,16 @@ struct btrfs_qgroup_limit_item { __le64 rsv_excl; } __attribute__ ((__packed__)); +struct btrfs_verity_descriptor_item { + /* Size of the verity descriptor in bytes */ + __le64 size; + /* + * When we implement support for fscrypt, we will need to encrypt the + * Merkle tree for encrypted verity files. These 128 bits are for the + * eventual storage of an fscrypt initialization vector. + */ + __le64 reserved[2]; + __u8 encryption; +} __attribute__ ((__packed__)); + #endif /* _BTRFS_CTREE_H_ */ diff --git a/src/basic/linux/can/netlink.h b/src/basic/linux/can/netlink.h index f730d443b91..02ec32d6947 100644 --- a/src/basic/linux/can/netlink.h +++ b/src/basic/linux/can/netlink.h @@ -101,6 +101,8 @@ struct can_ctrlmode { #define CAN_CTRLMODE_PRESUME_ACK 0x40 /* Ignore missing CAN ACKs */ #define CAN_CTRLMODE_FD_NON_ISO 0x80 /* CAN FD in non-ISO mode */ #define CAN_CTRLMODE_CC_LEN8_DLC 0x100 /* Classic CAN DLC option */ +#define CAN_CTRLMODE_TDC_AUTO 0x200 /* CAN transiver automatically calculates TDCV */ +#define CAN_CTRLMODE_TDC_MANUAL 0x400 /* TDCV is manually set up by user */ /* * CAN device statistics @@ -134,10 +136,48 @@ enum { IFLA_CAN_BITRATE_CONST, IFLA_CAN_DATA_BITRATE_CONST, IFLA_CAN_BITRATE_MAX, - __IFLA_CAN_MAX + IFLA_CAN_TDC, + IFLA_CAN_CTRLMODE_EXT, + + /* add new constants above here */ + __IFLA_CAN_MAX, + IFLA_CAN_MAX = __IFLA_CAN_MAX - 1 }; -#define IFLA_CAN_MAX (__IFLA_CAN_MAX - 1) +/* + * CAN FD Transmitter Delay Compensation (TDC) + * + * Please refer to struct can_tdc_const and can_tdc in + * include/linux/can/bittiming.h for further details. + */ +enum { + IFLA_CAN_TDC_UNSPEC, + IFLA_CAN_TDC_TDCV_MIN, /* u32 */ + IFLA_CAN_TDC_TDCV_MAX, /* u32 */ + IFLA_CAN_TDC_TDCO_MIN, /* u32 */ + IFLA_CAN_TDC_TDCO_MAX, /* u32 */ + IFLA_CAN_TDC_TDCF_MIN, /* u32 */ + IFLA_CAN_TDC_TDCF_MAX, /* u32 */ + IFLA_CAN_TDC_TDCV, /* u32 */ + IFLA_CAN_TDC_TDCO, /* u32 */ + IFLA_CAN_TDC_TDCF, /* u32 */ + + /* add new constants above here */ + __IFLA_CAN_TDC, + IFLA_CAN_TDC_MAX = __IFLA_CAN_TDC - 1 +}; + +/* + * IFLA_CAN_CTRLMODE_EXT nest: controller mode extended parameters + */ +enum { + IFLA_CAN_CTRLMODE_UNSPEC, + IFLA_CAN_CTRLMODE_SUPPORTED, /* u32 */ + + /* add new constants above here */ + __IFLA_CAN_CTRLMODE, + IFLA_CAN_CTRLMODE_MAX = __IFLA_CAN_CTRLMODE - 1 +}; /* u16 termination range: 1..65535 Ohms */ #define CAN_TERMINATION_DISABLED 0 diff --git a/src/basic/linux/genetlink.h b/src/basic/linux/genetlink.h index d83f214b413..ddba3ca01e3 100644 --- a/src/basic/linux/genetlink.h +++ b/src/basic/linux/genetlink.h @@ -87,6 +87,8 @@ enum { __CTRL_ATTR_MCAST_GRP_MAX, }; +#define CTRL_ATTR_MCAST_GRP_MAX (__CTRL_ATTR_MCAST_GRP_MAX - 1) + enum { CTRL_ATTR_POLICY_UNSPEC, CTRL_ATTR_POLICY_DO, @@ -96,7 +98,6 @@ enum { CTRL_ATTR_POLICY_DUMP_MAX = __CTRL_ATTR_POLICY_DUMP_MAX - 1 }; -#define CTRL_ATTR_MCAST_GRP_MAX (__CTRL_ATTR_MCAST_GRP_MAX - 1) - +#define CTRL_ATTR_POLICY_MAX (__CTRL_ATTR_POLICY_DUMP_MAX - 1) #endif /* _UAPI__LINUX_GENERIC_NETLINK_H */ diff --git a/src/basic/linux/if_addr.h b/src/basic/linux/if_addr.h index dfcf3ce0097..1c392dd95a5 100644 --- a/src/basic/linux/if_addr.h +++ b/src/basic/linux/if_addr.h @@ -33,8 +33,9 @@ enum { IFA_CACHEINFO, IFA_MULTICAST, IFA_FLAGS, - IFA_RT_PRIORITY, /* u32, priority/metric for prefix route */ + IFA_RT_PRIORITY, /* u32, priority/metric for prefix route */ IFA_TARGET_NETNSID, + IFA_PROTO, /* u8, address protocol */ __IFA_MAX, }; @@ -69,4 +70,10 @@ struct ifa_cacheinfo { #define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg)) #endif +/* ifa_proto */ +#define IFAPROT_UNSPEC 0 +#define IFAPROT_KERNEL_LO 1 /* loopback */ +#define IFAPROT_KERNEL_RA 2 /* set by kernel from router announcement */ +#define IFAPROT_KERNEL_LL 3 /* link-local set by kernel */ + #endif diff --git a/src/basic/linux/if_bridge.h b/src/basic/linux/if_bridge.h index 6b56a754953..d9de241d90f 100644 --- a/src/basic/linux/if_bridge.h +++ b/src/basic/linux/if_bridge.h @@ -122,6 +122,7 @@ enum { IFLA_BRIDGE_VLAN_TUNNEL_INFO, IFLA_BRIDGE_MRP, IFLA_BRIDGE_CFM, + IFLA_BRIDGE_MST, __IFLA_BRIDGE_MAX, }; #define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1) @@ -453,6 +454,21 @@ enum { #define IFLA_BRIDGE_CFM_CC_PEER_STATUS_MAX (__IFLA_BRIDGE_CFM_CC_PEER_STATUS_MAX - 1) +enum { + IFLA_BRIDGE_MST_UNSPEC, + IFLA_BRIDGE_MST_ENTRY, + __IFLA_BRIDGE_MST_MAX, +}; +#define IFLA_BRIDGE_MST_MAX (__IFLA_BRIDGE_MST_MAX - 1) + +enum { + IFLA_BRIDGE_MST_ENTRY_UNSPEC, + IFLA_BRIDGE_MST_ENTRY_MSTI, + IFLA_BRIDGE_MST_ENTRY_STATE, + __IFLA_BRIDGE_MST_ENTRY_MAX, +}; +#define IFLA_BRIDGE_MST_ENTRY_MAX (__IFLA_BRIDGE_MST_ENTRY_MAX - 1) + struct bridge_stp_xstats { __u64 transition_blk; __u64 transition_fwd; @@ -479,16 +495,22 @@ enum { /* flags used in BRIDGE_VLANDB_DUMP_FLAGS attribute to affect dumps */ #define BRIDGE_VLANDB_DUMPF_STATS (1 << 0) /* Include stats in the dump */ +#define BRIDGE_VLANDB_DUMPF_GLOBAL (1 << 1) /* Dump global vlan options only */ /* Bridge vlan RTM attributes * [BRIDGE_VLANDB_ENTRY] = { * [BRIDGE_VLANDB_ENTRY_INFO] * ... * } + * [BRIDGE_VLANDB_GLOBAL_OPTIONS] = { + * [BRIDGE_VLANDB_GOPTS_ID] + * ... + * } */ enum { BRIDGE_VLANDB_UNSPEC, BRIDGE_VLANDB_ENTRY, + BRIDGE_VLANDB_GLOBAL_OPTIONS, __BRIDGE_VLANDB_MAX, }; #define BRIDGE_VLANDB_MAX (__BRIDGE_VLANDB_MAX - 1) @@ -500,6 +522,7 @@ enum { BRIDGE_VLANDB_ENTRY_STATE, BRIDGE_VLANDB_ENTRY_TUNNEL_INFO, BRIDGE_VLANDB_ENTRY_STATS, + BRIDGE_VLANDB_ENTRY_MCAST_ROUTER, __BRIDGE_VLANDB_ENTRY_MAX, }; #define BRIDGE_VLANDB_ENTRY_MAX (__BRIDGE_VLANDB_ENTRY_MAX - 1) @@ -538,6 +561,30 @@ enum { }; #define BRIDGE_VLANDB_STATS_MAX (__BRIDGE_VLANDB_STATS_MAX - 1) +enum { + BRIDGE_VLANDB_GOPTS_UNSPEC, + BRIDGE_VLANDB_GOPTS_ID, + BRIDGE_VLANDB_GOPTS_RANGE, + BRIDGE_VLANDB_GOPTS_MCAST_SNOOPING, + BRIDGE_VLANDB_GOPTS_MCAST_IGMP_VERSION, + BRIDGE_VLANDB_GOPTS_MCAST_MLD_VERSION, + BRIDGE_VLANDB_GOPTS_MCAST_LAST_MEMBER_CNT, + BRIDGE_VLANDB_GOPTS_MCAST_STARTUP_QUERY_CNT, + BRIDGE_VLANDB_GOPTS_MCAST_LAST_MEMBER_INTVL, + BRIDGE_VLANDB_GOPTS_PAD, + BRIDGE_VLANDB_GOPTS_MCAST_MEMBERSHIP_INTVL, + BRIDGE_VLANDB_GOPTS_MCAST_QUERIER_INTVL, + BRIDGE_VLANDB_GOPTS_MCAST_QUERY_INTVL, + BRIDGE_VLANDB_GOPTS_MCAST_QUERY_RESPONSE_INTVL, + BRIDGE_VLANDB_GOPTS_MCAST_STARTUP_QUERY_INTVL, + BRIDGE_VLANDB_GOPTS_MCAST_QUERIER, + BRIDGE_VLANDB_GOPTS_MCAST_ROUTER_PORTS, + BRIDGE_VLANDB_GOPTS_MCAST_QUERIER_STATE, + BRIDGE_VLANDB_GOPTS_MSTI, + __BRIDGE_VLANDB_GOPTS_MAX +}; +#define BRIDGE_VLANDB_GOPTS_MAX (__BRIDGE_VLANDB_GOPTS_MAX - 1) + /* Bridge multicast database attributes * [MDBA_MDB] = { * [MDBA_MDB_ENTRY] = { @@ -629,6 +676,7 @@ enum { MDBA_ROUTER_PATTR_TYPE, MDBA_ROUTER_PATTR_INET_TIMER, MDBA_ROUTER_PATTR_INET6_TIMER, + MDBA_ROUTER_PATTR_VID, __MDBA_ROUTER_PATTR_MAX }; #define MDBA_ROUTER_PATTR_MAX (__MDBA_ROUTER_PATTR_MAX - 1) @@ -675,10 +723,31 @@ enum { enum { MDBE_ATTR_UNSPEC, MDBE_ATTR_SOURCE, + MDBE_ATTR_SRC_LIST, + MDBE_ATTR_GROUP_MODE, + MDBE_ATTR_RTPROT, __MDBE_ATTR_MAX, }; #define MDBE_ATTR_MAX (__MDBE_ATTR_MAX - 1) +/* per mdb entry source */ +enum { + MDBE_SRC_LIST_UNSPEC, + MDBE_SRC_LIST_ENTRY, + __MDBE_SRC_LIST_MAX, +}; +#define MDBE_SRC_LIST_MAX (__MDBE_SRC_LIST_MAX - 1) + +/* per mdb entry per source attributes + * these are embedded in MDBE_SRC_LIST_ENTRY + */ +enum { + MDBE_SRCATTR_UNSPEC, + MDBE_SRCATTR_ADDRESS, + __MDBE_SRCATTR_MAX, +}; +#define MDBE_SRCATTR_MAX (__MDBE_SRCATTR_MAX - 1) + /* Embedded inside LINK_XSTATS_TYPE_BRIDGE */ enum { BRIDGE_XSTATS_UNSPEC, @@ -720,12 +789,15 @@ struct br_mcast_stats { /* bridge boolean options * BR_BOOLOPT_NO_LL_LEARN - disable learning from link-local packets + * BR_BOOLOPT_MCAST_VLAN_SNOOPING - control vlan multicast snooping * * IMPORTANT: if adding a new option do not forget to handle * it in br_boolopt_toggle/get and bridge sysfs */ enum br_boolopt_id { BR_BOOLOPT_NO_LL_LEARN, + BR_BOOLOPT_MCAST_VLAN_SNOOPING, + BR_BOOLOPT_MST_ENABLE, BR_BOOLOPT_MAX }; @@ -738,4 +810,17 @@ struct br_boolopt_multi { __u32 optval; __u32 optmask; }; + +enum { + BRIDGE_QUERIER_UNSPEC, + BRIDGE_QUERIER_IP_ADDRESS, + BRIDGE_QUERIER_IP_PORT, + BRIDGE_QUERIER_IP_OTHER_TIMER, + BRIDGE_QUERIER_PAD, + BRIDGE_QUERIER_IPV6_ADDRESS, + BRIDGE_QUERIER_IPV6_PORT, + BRIDGE_QUERIER_IPV6_OTHER_TIMER, + __BRIDGE_QUERIER_MAX +}; +#define BRIDGE_QUERIER_MAX (__BRIDGE_QUERIER_MAX - 1) #endif /* _UAPI_LINUX_IF_BRIDGE_H */ diff --git a/src/basic/linux/if_ether.h b/src/basic/linux/if_ether.h index a0b637911d3..69e0457eb20 100644 --- a/src/basic/linux/if_ether.h +++ b/src/basic/linux/if_ether.h @@ -86,7 +86,10 @@ * over Ethernet */ #define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */ +#define ETH_P_PROFINET 0x8892 /* PROFINET */ +#define ETH_P_REALTEK 0x8899 /* Multiple proprietary protocols */ #define ETH_P_AOE 0x88A2 /* ATA over Ethernet */ +#define ETH_P_ETHERCAT 0x88A4 /* EtherCAT */ #define ETH_P_8021AD 0x88A8 /* 802.1ad Service VLAN */ #define ETH_P_802_EX1 0x88B5 /* 802.1 Local Experimental 1. */ #define ETH_P_PREAUTH 0x88C7 /* 802.11 Preauthentication */ @@ -113,10 +116,11 @@ #define ETH_P_QINQ3 0x9300 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */ #define ETH_P_EDSA 0xDADA /* Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] */ #define ETH_P_DSA_8021Q 0xDADB /* Fake VLAN Header for DSA [ NOT AN OFFICIALLY REGISTERED ID ] */ +#define ETH_P_DSA_A5PSW 0xE001 /* A5PSW Tag Value [ NOT AN OFFICIALLY REGISTERED ID ] */ #define ETH_P_IFE 0xED3E /* ForCES inter-FE LFB type */ #define ETH_P_AF_IUCV 0xFBFB /* IBM af_iucv [ NOT AN OFFICIALLY REGISTERED ID ] */ -#define ETH_P_802_3_MIN 0x0600 /* If the value in the ethernet type is less than this value +#define ETH_P_802_3_MIN 0x0600 /* If the value in the ethernet type is more than this value * then the frame is Ethernet II. Else it is 802.3 */ /* @@ -134,6 +138,7 @@ #define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */ #define ETH_P_CAN 0x000C /* CAN: Controller Area Network */ #define ETH_P_CANFD 0x000D /* CANFD: CAN flexible data rate*/ +#define ETH_P_CANXL 0x000E /* CANXL: eXtended frame Length */ #define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/ #define ETH_P_TR_802_2 0x0011 /* 802.2 frames */ #define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */ @@ -151,6 +156,9 @@ #define ETH_P_MAP 0x00F9 /* Qualcomm multiplexing and * aggregation protocol */ +#define ETH_P_MCTP 0x00FA /* Management component transport + * protocol packets + */ /* * This is an Ethernet frame header. diff --git a/src/basic/linux/if_link.h b/src/basic/linux/if_link.h index 4882e81514b..1021a7e47a8 100644 --- a/src/basic/linux/if_link.h +++ b/src/basic/linux/if_link.h @@ -211,6 +211,9 @@ struct rtnl_link_stats { * @rx_nohandler: Number of packets received on the interface * but dropped by the networking stack because the device is * not designated to receive packets (e.g. backup link in a bond). + * + * @rx_otherhost_dropped: Number of packets dropped due to mismatch + * in destination MAC address. */ struct rtnl_link_stats64 { __u64 rx_packets; @@ -243,6 +246,23 @@ struct rtnl_link_stats64 { __u64 rx_compressed; __u64 tx_compressed; __u64 rx_nohandler; + + __u64 rx_otherhost_dropped; +}; + +/* Subset of link stats useful for in-HW collection. Meaning of the fields is as + * for struct rtnl_link_stats64. + */ +struct rtnl_hw_stats64 { + __u64 rx_packets; + __u64 tx_packets; + __u64 rx_bytes; + __u64 tx_bytes; + __u64 rx_errors; + __u64 tx_errors; + __u64 rx_dropped; + __u64 tx_dropped; + __u64 multicast; }; /* The struct should be in sync with struct ifmap */ @@ -347,6 +367,12 @@ enum { */ IFLA_PARENT_DEV_NAME, IFLA_PARENT_DEV_BUS_NAME, + IFLA_GRO_MAX_SIZE, + IFLA_TSO_MAX_SIZE, + IFLA_TSO_MAX_SEGS, + IFLA_ALLMULTI, /* Allmulti count: > 0 means acts ALLMULTI */ + + IFLA_DEVLINK_PORT, __IFLA_MAX }; @@ -417,6 +443,7 @@ enum { IFLA_INET6_ICMP6STATS, /* statistics (icmpv6) */ IFLA_INET6_TOKEN, /* device token */ IFLA_INET6_ADDR_GEN_MODE, /* implicit address generator mode */ + IFLA_INET6_RA_MTU, /* mtu carried in the RA message */ __IFLA_INET6_MAX }; @@ -479,6 +506,7 @@ enum { IFLA_BR_MCAST_MLD_VERSION, IFLA_BR_VLAN_STATS_PER_PORT, IFLA_BR_MULTI_BOOLOPT, + IFLA_BR_MCAST_QUERIER_STATE, __IFLA_BR_MAX, }; @@ -534,6 +562,8 @@ enum { IFLA_BRPORT_MRP_IN_OPEN, IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, + IFLA_BRPORT_LOCKED, + IFLA_BRPORT_MAB, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) @@ -668,6 +698,7 @@ enum { IFLA_XFRM_UNSPEC, IFLA_XFRM_LINK, IFLA_XFRM_IF_ID, + IFLA_XFRM_COLLECT_METADATA, __IFLA_XFRM_MAX }; @@ -709,7 +740,55 @@ enum ipvlan_mode { #define IPVLAN_F_PRIVATE 0x01 #define IPVLAN_F_VEPA 0x02 +/* Tunnel RTM header */ +struct tunnel_msg { + __u8 family; + __u8 flags; + __u16 reserved2; + __u32 ifindex; +}; + /* VXLAN section */ + +/* include statistics in the dump */ +#define TUNNEL_MSG_FLAG_STATS 0x01 + +#define TUNNEL_MSG_VALID_USER_FLAGS TUNNEL_MSG_FLAG_STATS + +/* Embedded inside VXLAN_VNIFILTER_ENTRY_STATS */ +enum { + VNIFILTER_ENTRY_STATS_UNSPEC, + VNIFILTER_ENTRY_STATS_RX_BYTES, + VNIFILTER_ENTRY_STATS_RX_PKTS, + VNIFILTER_ENTRY_STATS_RX_DROPS, + VNIFILTER_ENTRY_STATS_RX_ERRORS, + VNIFILTER_ENTRY_STATS_TX_BYTES, + VNIFILTER_ENTRY_STATS_TX_PKTS, + VNIFILTER_ENTRY_STATS_TX_DROPS, + VNIFILTER_ENTRY_STATS_TX_ERRORS, + VNIFILTER_ENTRY_STATS_PAD, + __VNIFILTER_ENTRY_STATS_MAX +}; +#define VNIFILTER_ENTRY_STATS_MAX (__VNIFILTER_ENTRY_STATS_MAX - 1) + +enum { + VXLAN_VNIFILTER_ENTRY_UNSPEC, + VXLAN_VNIFILTER_ENTRY_START, + VXLAN_VNIFILTER_ENTRY_END, + VXLAN_VNIFILTER_ENTRY_GROUP, + VXLAN_VNIFILTER_ENTRY_GROUP6, + VXLAN_VNIFILTER_ENTRY_STATS, + __VXLAN_VNIFILTER_ENTRY_MAX +}; +#define VXLAN_VNIFILTER_ENTRY_MAX (__VXLAN_VNIFILTER_ENTRY_MAX - 1) + +enum { + VXLAN_VNIFILTER_UNSPEC, + VXLAN_VNIFILTER_ENTRY, + __VXLAN_VNIFILTER_MAX +}; +#define VXLAN_VNIFILTER_MAX (__VXLAN_VNIFILTER_MAX - 1) + enum { IFLA_VXLAN_UNSPEC, IFLA_VXLAN_ID, @@ -741,6 +820,7 @@ enum { IFLA_VXLAN_GPE, IFLA_VXLAN_TTL_INHERIT, IFLA_VXLAN_DF, + IFLA_VXLAN_VNIFILTER, /* only applicable with COLLECT_METADATA mode */ __IFLA_VXLAN_MAX }; #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) @@ -774,6 +854,7 @@ enum { IFLA_GENEVE_LABEL, IFLA_GENEVE_TTL_INHERIT, IFLA_GENEVE_DF, + IFLA_GENEVE_INNER_PROTO_INHERIT, __IFLA_GENEVE_MAX }; #define IFLA_GENEVE_MAX (__IFLA_GENEVE_MAX - 1) @@ -819,6 +900,8 @@ enum { IFLA_GTP_FD1, IFLA_GTP_PDP_HASHSIZE, IFLA_GTP_ROLE, + IFLA_GTP_CREATE_SOCKETS, + IFLA_GTP_RESTART_COUNT, __IFLA_GTP_MAX, }; #define IFLA_GTP_MAX (__IFLA_GTP_MAX - 1) @@ -855,6 +938,9 @@ enum { IFLA_BOND_AD_ACTOR_SYSTEM, IFLA_BOND_TLB_DYNAMIC_LB, IFLA_BOND_PEER_NOTIF_DELAY, + IFLA_BOND_AD_LACP_ACTIVE, + IFLA_BOND_MISSED_MAX, + IFLA_BOND_NS_IP6_TARGET, __IFLA_BOND_MAX, }; @@ -882,6 +968,7 @@ enum { IFLA_BOND_SLAVE_AD_AGGREGATOR_ID, IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE, IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE, + IFLA_BOND_SLAVE_PRIO, __IFLA_BOND_SLAVE_MAX, }; @@ -1151,6 +1238,17 @@ enum { #define IFLA_STATS_FILTER_BIT(ATTR) (1 << (ATTR - 1)) +enum { + IFLA_STATS_GETSET_UNSPEC, + IFLA_STATS_GET_FILTERS, /* Nest of IFLA_STATS_LINK_xxx, each a u32 with + * a filter mask for the corresponding group. + */ + IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS, /* 0 or 1 as u8 */ + __IFLA_STATS_GETSET_MAX, +}; + +#define IFLA_STATS_GETSET_MAX (__IFLA_STATS_GETSET_MAX - 1) + /* These are embedded into IFLA_STATS_LINK_XSTATS: * [IFLA_STATS_LINK_XSTATS] * -> [LINK_XSTATS_TYPE_xxx] @@ -1168,10 +1266,21 @@ enum { enum { IFLA_OFFLOAD_XSTATS_UNSPEC, IFLA_OFFLOAD_XSTATS_CPU_HIT, /* struct rtnl_link_stats64 */ + IFLA_OFFLOAD_XSTATS_HW_S_INFO, /* HW stats info. A nest */ + IFLA_OFFLOAD_XSTATS_L3_STATS, /* struct rtnl_hw_stats64 */ __IFLA_OFFLOAD_XSTATS_MAX }; #define IFLA_OFFLOAD_XSTATS_MAX (__IFLA_OFFLOAD_XSTATS_MAX - 1) +enum { + IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC, + IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST, /* u8 */ + IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED, /* u8 */ + __IFLA_OFFLOAD_XSTATS_HW_S_INFO_MAX, +}; +#define IFLA_OFFLOAD_XSTATS_HW_S_INFO_MAX \ + (__IFLA_OFFLOAD_XSTATS_HW_S_INFO_MAX - 1) + /* XDP section */ #define XDP_FLAGS_UPDATE_IF_NOEXIST (1U << 0) @@ -1260,4 +1369,24 @@ struct ifla_rmnet_flags { __u32 mask; }; +/* MCTP section */ + +enum { + IFLA_MCTP_UNSPEC, + IFLA_MCTP_NET, + __IFLA_MCTP_MAX, +}; + +#define IFLA_MCTP_MAX (__IFLA_MCTP_MAX - 1) + +/* DSA section */ + +enum { + IFLA_DSA_UNSPEC, + IFLA_DSA_MASTER, + __IFLA_DSA_MAX, +}; + +#define IFLA_DSA_MAX (__IFLA_DSA_MAX - 1) + #endif /* _UAPI_LINUX_IF_LINK_H */ diff --git a/src/basic/linux/if_macsec.h b/src/basic/linux/if_macsec.h index 3af2aa069a3..d5b6d1f3735 100644 --- a/src/basic/linux/if_macsec.h +++ b/src/basic/linux/if_macsec.h @@ -22,6 +22,8 @@ #define MACSEC_KEYID_LEN 16 +#define MACSEC_SALT_LEN 12 + /* cipher IDs as per IEEE802.1AE-2018 (Table 14-1) */ #define MACSEC_CIPHER_ID_GCM_AES_128 0x0080C20001000001ULL #define MACSEC_CIPHER_ID_GCM_AES_256 0x0080C20001000002ULL diff --git a/src/basic/linux/if_tun.h b/src/basic/linux/if_tun.h index 454ae31b93c..287cdc81c93 100644 --- a/src/basic/linux/if_tun.h +++ b/src/basic/linux/if_tun.h @@ -67,6 +67,8 @@ #define IFF_TAP 0x0002 #define IFF_NAPI 0x0010 #define IFF_NAPI_FRAGS 0x0020 +/* Used in TUNSETIFF to bring up tun/tap without carrier */ +#define IFF_NO_CARRIER 0x0040 #define IFF_NO_PI 0x1000 /* This flag has no real effect */ #define IFF_ONE_QUEUE 0x2000 @@ -88,6 +90,8 @@ #define TUN_F_TSO6 0x04 /* I can handle TSO for IPv6 packets */ #define TUN_F_TSO_ECN 0x08 /* I can handle TSO with ECN bits. */ #define TUN_F_UFO 0x10 /* I can handle UFO packets */ +#define TUN_F_USO4 0x20 /* I can handle USO for IPv4 packets */ +#define TUN_F_USO6 0x40 /* I can handle USO for IPv6 packets */ /* Protocol info prepended to the packets (when IFF_NO_PI is not set) */ #define TUN_PKT_STRIP 0x0001 @@ -108,7 +112,7 @@ struct tun_pi { struct tun_filter { __u16 flags; /* TUN_FLT_ flags see above */ __u16 count; /* Number of addresses */ - __u8 addr[0][ETH_ALEN]; + __u8 addr[][ETH_ALEN]; }; #endif /* _UAPI__IF_TUN_H */ diff --git a/src/basic/linux/if_tunnel.h b/src/basic/linux/if_tunnel.h index 7d9105533c7..102119628ff 100644 --- a/src/basic/linux/if_tunnel.h +++ b/src/basic/linux/if_tunnel.h @@ -176,8 +176,10 @@ enum { #define TUNNEL_VXLAN_OPT __cpu_to_be16(0x1000) #define TUNNEL_NOCACHE __cpu_to_be16(0x2000) #define TUNNEL_ERSPAN_OPT __cpu_to_be16(0x4000) +#define TUNNEL_GTP_OPT __cpu_to_be16(0x8000) #define TUNNEL_OPTIONS_PRESENT \ - (TUNNEL_GENEVE_OPT | TUNNEL_VXLAN_OPT | TUNNEL_ERSPAN_OPT) + (TUNNEL_GENEVE_OPT | TUNNEL_VXLAN_OPT | TUNNEL_ERSPAN_OPT | \ + TUNNEL_GTP_OPT) #endif /* _UAPI_IF_TUNNEL_H_ */ diff --git a/src/basic/linux/in.h b/src/basic/linux/in.h index d1b327036ae..07a4cb14930 100644 --- a/src/basic/linux/in.h +++ b/src/basic/linux/in.h @@ -20,6 +20,7 @@ #define _UAPI_LINUX_IN_H #include +#include #include #include @@ -68,6 +69,8 @@ enum { #define IPPROTO_PIM IPPROTO_PIM IPPROTO_COMP = 108, /* Compression Header Protocol */ #define IPPROTO_COMP IPPROTO_COMP + IPPROTO_L2TP = 115, /* Layer 2 Tunnelling Protocol */ +#define IPPROTO_L2TP IPPROTO_L2TP IPPROTO_SCTP = 132, /* Stream Control Transport Protocol */ #define IPPROTO_SCTP IPPROTO_SCTP IPPROTO_UDPLITE = 136, /* UDP-Lite (RFC 3828) */ @@ -192,7 +195,10 @@ struct ip_msfilter { __be32 imsf_interface; __u32 imsf_fmode; __u32 imsf_numsrc; - __be32 imsf_slist[1]; + union { + __be32 imsf_slist[1]; + __DECLARE_FLEX_ARRAY(__be32, imsf_slist_flex); + }; }; #define IP_MSFILTER_SIZE(numsrc) \ @@ -211,11 +217,22 @@ struct group_source_req { }; struct group_filter { - __u32 gf_interface; /* interface index */ - struct __kernel_sockaddr_storage gf_group; /* multicast address */ - __u32 gf_fmode; /* filter mode */ - __u32 gf_numsrc; /* number of sources */ - struct __kernel_sockaddr_storage gf_slist[1]; /* interface index */ + union { + struct { + __u32 gf_interface_aux; /* interface index */ + struct __kernel_sockaddr_storage gf_group_aux; /* multicast address */ + __u32 gf_fmode_aux; /* filter mode */ + __u32 gf_numsrc_aux; /* number of sources */ + struct __kernel_sockaddr_storage gf_slist[1]; /* interface index */ + }; + struct { + __u32 gf_interface; /* interface index */ + struct __kernel_sockaddr_storage gf_group; /* multicast address */ + __u32 gf_fmode; /* filter mode */ + __u32 gf_numsrc; /* number of sources */ + struct __kernel_sockaddr_storage gf_slist_flex[]; /* interface index */ + }; + }; }; #define GROUP_FILTER_SIZE(numsrc) \ diff --git a/src/basic/linux/in6.h b/src/basic/linux/in6.h index 5ad396a57eb..c4c53a9ab95 100644 --- a/src/basic/linux/in6.h +++ b/src/basic/linux/in6.h @@ -145,6 +145,7 @@ struct in6_flowlabel_req { #define IPV6_TLV_PADN 1 #define IPV6_TLV_ROUTERALERT 5 #define IPV6_TLV_CALIPSO 7 /* RFC 5570 */ +#define IPV6_TLV_IOAM 49 /* TEMPORARY IANA allocation for IOAM */ #define IPV6_TLV_JUMBO 194 #define IPV6_TLV_HAO 201 /* home address option */ diff --git a/src/basic/linux/l2tp.h b/src/basic/linux/l2tp.h index bab8c970861..7d81c3e1ec2 100644 --- a/src/basic/linux/l2tp.h +++ b/src/basic/linux/l2tp.h @@ -13,8 +13,6 @@ #include #include -#define IPPROTO_L2TP 115 - /** * struct sockaddr_l2tpip - the sockaddr structure for L2TP-over-IP sockets * @l2tp_family: address family number AF_L2TPIP. diff --git a/src/basic/linux/netfilter/nf_tables.h b/src/basic/linux/netfilter/nf_tables.h index e94d1fa554c..cfa844da1ce 100644 --- a/src/basic/linux/netfilter/nf_tables.h +++ b/src/basic/linux/netfilter/nf_tables.h @@ -97,6 +97,7 @@ enum nft_verdicts { * @NFT_MSG_NEWFLOWTABLE: add new flow table (enum nft_flowtable_attributes) * @NFT_MSG_GETFLOWTABLE: get flow table (enum nft_flowtable_attributes) * @NFT_MSG_DELFLOWTABLE: delete flow table (enum nft_flowtable_attributes) + * @NFT_MSG_GETRULE_RESET: get rules and reset stateful expressions (enum nft_obj_attributes) */ enum nf_tables_msg_types { NFT_MSG_NEWTABLE, @@ -124,6 +125,7 @@ enum nf_tables_msg_types { NFT_MSG_NEWFLOWTABLE, NFT_MSG_GETFLOWTABLE, NFT_MSG_DELFLOWTABLE, + NFT_MSG_GETRULE_RESET, NFT_MSG_MAX, }; @@ -753,11 +755,14 @@ enum nft_dynset_attributes { * @NFT_PAYLOAD_LL_HEADER: link layer header * @NFT_PAYLOAD_NETWORK_HEADER: network header * @NFT_PAYLOAD_TRANSPORT_HEADER: transport header + * @NFT_PAYLOAD_INNER_HEADER: inner header / payload */ enum nft_payload_bases { NFT_PAYLOAD_LL_HEADER, NFT_PAYLOAD_NETWORK_HEADER, NFT_PAYLOAD_TRANSPORT_HEADER, + NFT_PAYLOAD_INNER_HEADER, + NFT_PAYLOAD_TUN_HEADER, }; /** @@ -777,6 +782,32 @@ enum nft_payload_csum_flags { NFT_PAYLOAD_L4CSUM_PSEUDOHDR = (1 << 0), }; +enum nft_inner_type { + NFT_INNER_UNSPEC = 0, + NFT_INNER_VXLAN, + NFT_INNER_GENEVE, +}; + +enum nft_inner_flags { + NFT_INNER_HDRSIZE = (1 << 0), + NFT_INNER_LL = (1 << 1), + NFT_INNER_NH = (1 << 2), + NFT_INNER_TH = (1 << 3), +}; +#define NFT_INNER_MASK (NFT_INNER_HDRSIZE | NFT_INNER_LL | \ + NFT_INNER_NH | NFT_INNER_TH) + +enum nft_inner_attributes { + NFTA_INNER_UNSPEC, + NFTA_INNER_NUM, + NFTA_INNER_TYPE, + NFTA_INNER_FLAGS, + NFTA_INNER_HDRSIZE, + NFTA_INNER_EXPR, + __NFTA_INNER_MAX +}; +#define NFTA_INNER_MAX (__NFTA_INNER_MAX - 1) + /** * enum nft_payload_attributes - nf_tables payload expression netlink attributes * @@ -896,7 +927,8 @@ enum nft_meta_keys { NFT_META_OIF, NFT_META_IIFNAME, NFT_META_OIFNAME, - NFT_META_IIFTYPE, + NFT_META_IFTYPE, +#define NFT_META_IIFTYPE NFT_META_IFTYPE NFT_META_OIFTYPE, NFT_META_SKUID, NFT_META_SKGID, @@ -923,6 +955,7 @@ enum nft_meta_keys { NFT_META_TIME_HOUR, NFT_META_SDIF, NFT_META_SDIFNAME, + __NFT_META_IIFTYPE, }; /** diff --git a/src/basic/linux/netlink.h b/src/basic/linux/netlink.h index 4c0cde075c2..e2ae82e3f9f 100644 --- a/src/basic/linux/netlink.h +++ b/src/basic/linux/netlink.h @@ -20,7 +20,7 @@ #define NETLINK_CONNECTOR 11 #define NETLINK_NETFILTER 12 /* netfilter subsystem */ #define NETLINK_IP6_FW 13 -#define NETLINK_DNRTMSG 14 /* DECnet routing messages */ +#define NETLINK_DNRTMSG 14 /* DECnet routing messages (obsolete) */ #define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */ #define NETLINK_GENERIC 16 /* leave room for NETLINK_DM (DM Events) */ @@ -41,12 +41,20 @@ struct sockaddr_nl { __u32 nl_groups; /* multicast groups mask */ }; +/** + * struct nlmsghdr - fixed format metadata header of Netlink messages + * @nlmsg_len: Length of message including header + * @nlmsg_type: Message content type + * @nlmsg_flags: Additional flags + * @nlmsg_seq: Sequence number + * @nlmsg_pid: Sending process port ID + */ struct nlmsghdr { - __u32 nlmsg_len; /* Length of message including header */ - __u16 nlmsg_type; /* Message content */ - __u16 nlmsg_flags; /* Additional flags */ - __u32 nlmsg_seq; /* Sequence number */ - __u32 nlmsg_pid; /* Sending process port ID */ + __u32 nlmsg_len; + __u16 nlmsg_type; + __u16 nlmsg_flags; + __u32 nlmsg_seq; + __u32 nlmsg_pid; }; /* Flags values */ @@ -54,7 +62,7 @@ struct nlmsghdr { #define NLM_F_REQUEST 0x01 /* It is request message. */ #define NLM_F_MULTI 0x02 /* Multipart message, terminated by NLMSG_DONE */ #define NLM_F_ACK 0x04 /* Reply with ack, with zero or error code */ -#define NLM_F_ECHO 0x08 /* Echo this request */ +#define NLM_F_ECHO 0x08 /* Receive resulting notifications */ #define NLM_F_DUMP_INTR 0x10 /* Dump was inconsistent due to sequence change */ #define NLM_F_DUMP_FILTERED 0x20 /* Dump was filtered as requested */ @@ -72,6 +80,7 @@ struct nlmsghdr { /* Modifiers to DELETE request */ #define NLM_F_NONREC 0x100 /* Do not delete recursively */ +#define NLM_F_BULK 0x200 /* Delete multiple objects */ /* Flags for ACK message */ #define NLM_F_CAPPED 0x100 /* request was capped */ @@ -131,6 +140,10 @@ struct nlmsgerr { * be used - in the success case - to identify a created * object or operation or similar (binary) * @NLMSGERR_ATTR_POLICY: policy for a rejected attribute + * @NLMSGERR_ATTR_MISS_TYPE: type of a missing required attribute, + * %NLMSGERR_ATTR_MISS_NEST will not be present if the attribute was + * missing at the message level + * @NLMSGERR_ATTR_MISS_NEST: offset of the nest where attribute was missing * @__NLMSGERR_ATTR_MAX: number of attributes * @NLMSGERR_ATTR_MAX: highest attribute number */ @@ -140,6 +153,8 @@ enum nlmsgerr_attrs { NLMSGERR_ATTR_OFFS, NLMSGERR_ATTR_COOKIE, NLMSGERR_ATTR_POLICY, + NLMSGERR_ATTR_MISS_TYPE, + NLMSGERR_ATTR_MISS_NEST, __NLMSGERR_ATTR_MAX, NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1 @@ -336,6 +351,9 @@ enum netlink_attribute_type { * bitfield32 type (U32) * @NL_POLICY_TYPE_ATTR_MASK: mask of valid bits for unsigned integers (U64) * @NL_POLICY_TYPE_ATTR_PAD: pad attribute for 64-bit alignment + * + * @__NL_POLICY_TYPE_ATTR_MAX: number of attributes + * @NL_POLICY_TYPE_ATTR_MAX: highest attribute number */ enum netlink_policy_type_attr { NL_POLICY_TYPE_ATTR_UNSPEC, diff --git a/src/basic/linux/nl80211.h b/src/basic/linux/nl80211.h index c2efea98e06..c14a91bbca7 100644 --- a/src/basic/linux/nl80211.h +++ b/src/basic/linux/nl80211.h @@ -11,7 +11,7 @@ * Copyright 2008 Jouni Malinen * Copyright 2008 Colin McCabe * Copyright 2015-2017 Intel Deutschland GmbH - * Copyright (C) 2018-2021 Intel Corporation + * Copyright (C) 2018-2022 Intel Corporation * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -300,6 +300,40 @@ * the interface goes down. */ +/** + * DOC: FILS shared key crypto offload + * + * This feature is applicable to drivers running in AP mode. + * + * FILS shared key crypto offload can be advertised by drivers by setting + * @NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD flag. The drivers that support + * FILS shared key crypto offload should be able to encrypt and decrypt + * association frames for FILS shared key authentication as per IEEE 802.11ai. + * With this capability, for FILS key derivation, drivers depend on userspace. + * + * After FILS key derivation, userspace shares the FILS AAD details with the + * driver and the driver stores the same to use in decryption of association + * request and in encryption of association response. The below parameters + * should be given to the driver in %NL80211_CMD_SET_FILS_AAD. + * %NL80211_ATTR_MAC - STA MAC address, used for storing FILS AAD per STA + * %NL80211_ATTR_FILS_KEK - Used for encryption or decryption + * %NL80211_ATTR_FILS_NONCES - Used for encryption or decryption + * (STA Nonce 16 bytes followed by AP Nonce 16 bytes) + * + * Once the association is done, the driver cleans the FILS AAD data. + */ + +/** + * DOC: Multi-Link Operation + * + * In Multi-Link Operation, a connection between to MLDs utilizes multiple + * links. To use this in nl80211, various commands and responses now need + * to or will include the new %NL80211_ATTR_MLO_LINKS attribute. + * Additionally, various commands that need to operate on a specific link + * now need to be given the %NL80211_ATTR_MLO_LINK_ID attribute, e.g. to + * use %NL80211_CMD_START_AP or similar functions. + */ + /** * enum nl80211_commands - supported nl80211 commands * @@ -337,17 +371,28 @@ * @NL80211_CMD_DEL_INTERFACE: Virtual interface was deleted, has attributes * %NL80211_ATTR_IFINDEX and %NL80211_ATTR_WIPHY. Can also be sent from * userspace to request deletion of a virtual interface, then requires - * attribute %NL80211_ATTR_IFINDEX. + * attribute %NL80211_ATTR_IFINDEX. If multiple BSSID advertisements are + * enabled using %NL80211_ATTR_MBSSID_CONFIG, %NL80211_ATTR_MBSSID_ELEMS, + * and if this command is used for the transmitting interface, then all + * the non-transmitting interfaces are deleted as well. * * @NL80211_CMD_GET_KEY: Get sequence counter information for a key specified - * by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC. + * by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC. %NL80211_ATTR_MAC + * represents peer's MLD address for MLO pairwise key. For MLO group key, + * the link is identified by %NL80211_ATTR_MLO_LINK_ID. * @NL80211_CMD_SET_KEY: Set key attributes %NL80211_ATTR_KEY_DEFAULT, * %NL80211_ATTR_KEY_DEFAULT_MGMT, or %NL80211_ATTR_KEY_THRESHOLD. + * For MLO connection, the link to set default key is identified by + * %NL80211_ATTR_MLO_LINK_ID. * @NL80211_CMD_NEW_KEY: add a key with given %NL80211_ATTR_KEY_DATA, * %NL80211_ATTR_KEY_IDX, %NL80211_ATTR_MAC, %NL80211_ATTR_KEY_CIPHER, - * and %NL80211_ATTR_KEY_SEQ attributes. + * and %NL80211_ATTR_KEY_SEQ attributes. %NL80211_ATTR_MAC represents + * peer's MLD address for MLO pairwise key. The link to add MLO + * group key is identified by %NL80211_ATTR_MLO_LINK_ID. * @NL80211_CMD_DEL_KEY: delete a key identified by %NL80211_ATTR_KEY_IDX - * or %NL80211_ATTR_MAC. + * or %NL80211_ATTR_MAC. %NL80211_ATTR_MAC represents peer's MLD address + * for MLO pairwise key. The link to delete group key is identified by + * %NL80211_ATTR_MLO_LINK_ID. * * @NL80211_CMD_GET_BEACON: (not used) * @NL80211_CMD_SET_BEACON: change the beacon on an access point interface @@ -727,6 +772,13 @@ * %NL80211_ATTR_CSA_C_OFFSETS_TX is an array of offsets to CSA * counters which will be updated to the current value. This attribute * is used during CSA period. + * For TX on an MLD, the frequency can be omitted and the link ID be + * specified, or if transmitting to a known peer MLD (with MLD addresses + * in the frame) both can be omitted and the link will be selected by + * lower layers. + * For RX notification, %NL80211_ATTR_RX_HW_TIMESTAMP may be included to + * indicate the frame RX timestamp and %NL80211_ATTR_TX_HW_TIMESTAMP may + * be included to indicate the ack TX timestamp. * @NL80211_CMD_FRAME_WAIT_CANCEL: When an off-channel TX was requested, this * command may be used with the corresponding cookie to cancel the wait * time if it is known that it is no longer necessary. This command is @@ -737,7 +789,9 @@ * transmitted with %NL80211_CMD_FRAME. %NL80211_ATTR_COOKIE identifies * the TX command and %NL80211_ATTR_FRAME includes the contents of the * frame. %NL80211_ATTR_ACK flag is included if the recipient acknowledged - * the frame. + * the frame. %NL80211_ATTR_TX_HW_TIMESTAMP may be included to indicate the + * tx timestamp and %NL80211_ATTR_RX_HW_TIMESTAMP may be included to + * indicate the ack RX timestamp. * @NL80211_CMD_ACTION_TX_STATUS: Alias for @NL80211_CMD_FRAME_TX_STATUS for * backward compatibility. * @@ -1082,6 +1136,12 @@ * has been received. %NL80211_ATTR_FRAME is used to specify the * frame contents. The frame is the raw EAPoL data, without ethernet or * 802.11 headers. + * For an MLD transmitter, the %NL80211_ATTR_MLO_LINK_ID may be given and + * its effect will depend on the destination: If the destination is known + * to be an MLD, this will be used as a hint to select the link to transmit + * the frame on. If the destination is not an MLD, this will select both + * the link to transmit on and the source address will be set to the link + * address of that link. * When used as an event indication %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT and %NL80211_ATTR_MAC are added * indicating the protocol type of the received frame; whether the frame @@ -1200,6 +1260,27 @@ * @NL80211_CMD_COLOR_CHANGE_COMPLETED: Notify userland that the color change * has completed * + * @NL80211_CMD_SET_FILS_AAD: Set FILS AAD data to the driver using - + * &NL80211_ATTR_MAC - for STA MAC address + * &NL80211_ATTR_FILS_KEK - for KEK + * &NL80211_ATTR_FILS_NONCES - for FILS Nonces + * (STA Nonce 16 bytes followed by AP Nonce 16 bytes) + * + * @NL80211_CMD_ASSOC_COMEBACK: notification about an association + * temporal rejection with comeback. The event includes %NL80211_ATTR_MAC + * to describe the BSSID address of the AP and %NL80211_ATTR_TIMEOUT to + * specify the timeout value. + * + * @NL80211_CMD_ADD_LINK: Add a new link to an interface. The + * %NL80211_ATTR_MLO_LINK_ID attribute is used for the new link. + * @NL80211_CMD_REMOVE_LINK: Remove a link from an interface. This may come + * without %NL80211_ATTR_MLO_LINK_ID as an easy way to remove all links + * in preparation for e.g. roaming to a regular (non-MLO) AP. + * + * @NL80211_CMD_ADD_LINK_STA: Add a link to an MLD station + * @NL80211_CMD_MODIFY_LINK_STA: Modify a link of an MLD station + * @NL80211_CMD_REMOVE_LINK_STA: Remove a link of an MLD station + * * @NL80211_CMD_MAX: highest used command number * @__NL80211_CMD_AFTER_LAST: internal use */ @@ -1440,6 +1521,17 @@ enum nl80211_commands { NL80211_CMD_COLOR_CHANGE_ABORTED, NL80211_CMD_COLOR_CHANGE_COMPLETED, + NL80211_CMD_SET_FILS_AAD, + + NL80211_CMD_ASSOC_COMEBACK, + + NL80211_CMD_ADD_LINK, + NL80211_CMD_REMOVE_LINK, + + NL80211_CMD_ADD_LINK_STA, + NL80211_CMD_MODIFY_LINK_STA, + NL80211_CMD_REMOVE_LINK_STA, + /* add new commands above here */ /* used to define NL80211_CMD_MAX below */ @@ -2299,8 +2391,10 @@ enum nl80211_commands { * * @NL80211_ATTR_IFTYPE_EXT_CAPA: Nested attribute of the following attributes: * %NL80211_ATTR_IFTYPE, %NL80211_ATTR_EXT_CAPA, - * %NL80211_ATTR_EXT_CAPA_MASK, to specify the extended capabilities per - * interface type. + * %NL80211_ATTR_EXT_CAPA_MASK, to specify the extended capabilities and + * other interface-type specific capabilities per interface type. For MLO, + * %NL80211_ATTR_EML_CAPABILITY and %NL80211_ATTR_MLD_CAPA_AND_OPS are + * present. * * @NL80211_ATTR_MU_MIMO_GROUP_DATA: array of 24 bytes that defines a MU-MIMO * groupID for monitor mode. @@ -2436,7 +2530,9 @@ enum nl80211_commands { * space supports external authentication. This attribute shall be used * with %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP request. The driver * may offload authentication processing to user space if this capability - * is indicated in the respective requests from the user space. + * is indicated in the respective requests from the user space. (This flag + * attribute deprecated for %NL80211_CMD_START_AP, use + * %NL80211_ATTR_AP_SETTINGS_FLAGS) * * @NL80211_ATTR_NSS: Station's New/updated RX_NSS value notified using this * u8 attribute. This is used with %NL80211_CMD_STA_OPMODE_CHANGED. @@ -2593,6 +2689,68 @@ enum nl80211_commands { * @NL80211_ATTR_COLOR_CHANGE_ELEMS: Nested set of attributes containing the IE * information for the time while performing a color switch. * + * @NL80211_ATTR_MBSSID_CONFIG: Nested attribute for multiple BSSID + * advertisements (MBSSID) parameters in AP mode. + * Kernel uses this attribute to indicate the driver's support for MBSSID + * and enhanced multi-BSSID advertisements (EMA AP) to the userspace. + * Userspace should use this attribute to configure per interface MBSSID + * parameters. + * See &enum nl80211_mbssid_config_attributes for details. + * + * @NL80211_ATTR_MBSSID_ELEMS: Nested parameter to pass multiple BSSID elements. + * Mandatory parameter for the transmitting interface to enable MBSSID. + * Optional for the non-transmitting interfaces. + * + * @NL80211_ATTR_RADAR_BACKGROUND: Configure dedicated offchannel chain + * available for radar/CAC detection on some hw. This chain can't be used + * to transmit or receive frames and it is bounded to a running wdev. + * Background radar/CAC detection allows to avoid the CAC downtime + * switching on a different channel during CAC detection on the selected + * radar channel. + * + * @NL80211_ATTR_AP_SETTINGS_FLAGS: u32 attribute contains ap settings flags, + * enumerated in &enum nl80211_ap_settings_flags. This attribute shall be + * used with %NL80211_CMD_START_AP request. + * + * @NL80211_ATTR_EHT_CAPABILITY: EHT Capability information element (from + * association request when used with NL80211_CMD_NEW_STATION). Can be set + * only if %NL80211_STA_FLAG_WME is set. + * + * @NL80211_ATTR_MLO_LINK_ID: A (u8) link ID for use with MLO, to be used with + * various commands that need a link ID to operate. + * @NL80211_ATTR_MLO_LINKS: A nested array of links, each containing some + * per-link information and a link ID. + * @NL80211_ATTR_MLD_ADDR: An MLD address, used with various commands such as + * authenticate/associate. + * + * @NL80211_ATTR_MLO_SUPPORT: Flag attribute to indicate user space supports MLO + * connection. Used with %NL80211_CMD_CONNECT. If this attribute is not + * included in NL80211_CMD_CONNECT drivers must not perform MLO connection. + * + * @NL80211_ATTR_MAX_NUM_AKM_SUITES: U16 attribute. Indicates maximum number of + * AKM suites allowed for %NL80211_CMD_CONNECT, %NL80211_CMD_ASSOCIATE and + * %NL80211_CMD_START_AP in %NL80211_CMD_GET_WIPHY response. If this + * attribute is not present userspace shall consider maximum number of AKM + * suites allowed as %NL80211_MAX_NR_AKM_SUITES which is the legacy maximum + * number prior to the introduction of this attribute. + * + * @NL80211_ATTR_EML_CAPABILITY: EML Capability information (u16) + * @NL80211_ATTR_MLD_CAPA_AND_OPS: MLD Capabilities and Operations (u16) + * + * @NL80211_ATTR_TX_HW_TIMESTAMP: Hardware timestamp for TX operation in + * nanoseconds (u64). This is the device clock timestamp so it will + * probably reset when the device is stopped or the firmware is reset. + * When used with %NL80211_CMD_FRAME_TX_STATUS, indicates the frame TX + * timestamp. When used with %NL80211_CMD_FRAME RX notification, indicates + * the ack TX timestamp. + * @NL80211_ATTR_RX_HW_TIMESTAMP: Hardware timestamp for RX operation in + * nanoseconds (u64). This is the device clock timestamp so it will + * probably reset when the device is stopped or the firmware is reset. + * When used with %NL80211_CMD_FRAME_TX_STATUS, indicates the ack RX + * timestamp. When used with %NL80211_CMD_FRAME RX notification, indicates + * the incoming frame RX timestamp. + * @NL80211_ATTR_TD_BITMAP: Transition Disable bitmap, for subsequent + * (re)associations. * @NUM_NL80211_ATTR: total number of nl80211_attrs available * @NL80211_ATTR_MAX: highest attribute number currently defined * @__NL80211_ATTR_AFTER_LAST: internal use @@ -3096,6 +3254,32 @@ enum nl80211_attrs { NL80211_ATTR_COLOR_CHANGE_COLOR, NL80211_ATTR_COLOR_CHANGE_ELEMS, + NL80211_ATTR_MBSSID_CONFIG, + NL80211_ATTR_MBSSID_ELEMS, + + NL80211_ATTR_RADAR_BACKGROUND, + + NL80211_ATTR_AP_SETTINGS_FLAGS, + + NL80211_ATTR_EHT_CAPABILITY, + + NL80211_ATTR_DISABLE_EHT, + + NL80211_ATTR_MLO_LINKS, + NL80211_ATTR_MLO_LINK_ID, + NL80211_ATTR_MLD_ADDR, + + NL80211_ATTR_MLO_SUPPORT, + + NL80211_ATTR_MAX_NUM_AKM_SUITES, + + NL80211_ATTR_EML_CAPABILITY, + NL80211_ATTR_MLD_CAPA_AND_OPS, + + NL80211_ATTR_TX_HW_TIMESTAMP, + NL80211_ATTR_RX_HW_TIMESTAMP, + NL80211_ATTR_TD_BITMAP, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, @@ -3150,7 +3334,14 @@ enum nl80211_attrs { #define NL80211_HE_MIN_CAPABILITY_LEN 16 #define NL80211_HE_MAX_CAPABILITY_LEN 54 #define NL80211_MAX_NR_CIPHER_SUITES 5 + +/* + * NL80211_MAX_NR_AKM_SUITES is obsolete when %NL80211_ATTR_MAX_NUM_AKM_SUITES + * present in %NL80211_CMD_GET_WIPHY response. + */ #define NL80211_MAX_NR_AKM_SUITES 2 +#define NL80211_EHT_MIN_CAPABILITY_LEN 13 +#define NL80211_EHT_MAX_CAPABILITY_LEN 51 #define NL80211_MIN_REMAIN_ON_CHANNEL_TIME 10 @@ -3178,7 +3369,7 @@ enum nl80211_attrs { * and therefore can't be created in the normal ways, use the * %NL80211_CMD_START_P2P_DEVICE and %NL80211_CMD_STOP_P2P_DEVICE * commands to create and destroy one - * @NL80211_IF_TYPE_OCB: Outside Context of a BSS + * @NL80211_IFTYPE_OCB: Outside Context of a BSS * This mode corresponds to the MIB variable dot11OCBActivated=true * @NL80211_IFTYPE_NAN: NAN device interface type (not a netdev) * @NL80211_IFTYPE_MAX: highest interface type number currently defined @@ -3319,6 +3510,56 @@ enum nl80211_he_ru_alloc { NL80211_RATE_INFO_HE_RU_ALLOC_2x996, }; +/** + * enum nl80211_eht_gi - EHT guard interval + * @NL80211_RATE_INFO_EHT_GI_0_8: 0.8 usec + * @NL80211_RATE_INFO_EHT_GI_1_6: 1.6 usec + * @NL80211_RATE_INFO_EHT_GI_3_2: 3.2 usec + */ +enum nl80211_eht_gi { + NL80211_RATE_INFO_EHT_GI_0_8, + NL80211_RATE_INFO_EHT_GI_1_6, + NL80211_RATE_INFO_EHT_GI_3_2, +}; + +/** + * enum nl80211_eht_ru_alloc - EHT RU allocation values + * @NL80211_RATE_INFO_EHT_RU_ALLOC_26: 26-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_52: 52-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_52P26: 52+26-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_106: 106-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_106P26: 106+26 tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_242: 242-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_484: 484-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_484P242: 484+242 tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_996: 996-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_996P484: 996+484 tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_996P484P242: 996+484+242 tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_2x996: 2x996-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_2x996P484: 2x996+484 tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_3x996: 3x996-tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_3x996P484: 3x996+484 tone RU allocation + * @NL80211_RATE_INFO_EHT_RU_ALLOC_4x996: 4x996-tone RU allocation + */ +enum nl80211_eht_ru_alloc { + NL80211_RATE_INFO_EHT_RU_ALLOC_26, + NL80211_RATE_INFO_EHT_RU_ALLOC_52, + NL80211_RATE_INFO_EHT_RU_ALLOC_52P26, + NL80211_RATE_INFO_EHT_RU_ALLOC_106, + NL80211_RATE_INFO_EHT_RU_ALLOC_106P26, + NL80211_RATE_INFO_EHT_RU_ALLOC_242, + NL80211_RATE_INFO_EHT_RU_ALLOC_484, + NL80211_RATE_INFO_EHT_RU_ALLOC_484P242, + NL80211_RATE_INFO_EHT_RU_ALLOC_996, + NL80211_RATE_INFO_EHT_RU_ALLOC_996P484, + NL80211_RATE_INFO_EHT_RU_ALLOC_996P484P242, + NL80211_RATE_INFO_EHT_RU_ALLOC_2x996, + NL80211_RATE_INFO_EHT_RU_ALLOC_2x996P484, + NL80211_RATE_INFO_EHT_RU_ALLOC_3x996, + NL80211_RATE_INFO_EHT_RU_ALLOC_3x996P484, + NL80211_RATE_INFO_EHT_RU_ALLOC_4x996, +}; + /** * enum nl80211_rate_info - bitrate information * @@ -3358,6 +3599,13 @@ enum nl80211_he_ru_alloc { * @NL80211_RATE_INFO_HE_DCM: HE DCM value (u8, 0/1) * @NL80211_RATE_INFO_RU_ALLOC: HE RU allocation, if not present then * non-OFDMA was used (u8, see &enum nl80211_he_ru_alloc) + * @NL80211_RATE_INFO_320_MHZ_WIDTH: 320 MHz bitrate + * @NL80211_RATE_INFO_EHT_MCS: EHT MCS index (u8, 0-15) + * @NL80211_RATE_INFO_EHT_NSS: EHT NSS value (u8, 1-8) + * @NL80211_RATE_INFO_EHT_GI: EHT guard interval identifier + * (u8, see &enum nl80211_eht_gi) + * @NL80211_RATE_INFO_EHT_RU_ALLOC: EHT RU allocation, if not present then + * non-OFDMA was used (u8, see &enum nl80211_eht_ru_alloc) * @__NL80211_RATE_INFO_AFTER_LAST: internal use */ enum nl80211_rate_info { @@ -3379,6 +3627,11 @@ enum nl80211_rate_info { NL80211_RATE_INFO_HE_GI, NL80211_RATE_INFO_HE_DCM, NL80211_RATE_INFO_HE_RU_ALLOC, + NL80211_RATE_INFO_320_MHZ_WIDTH, + NL80211_RATE_INFO_EHT_MCS, + NL80211_RATE_INFO_EHT_NSS, + NL80211_RATE_INFO_EHT_GI, + NL80211_RATE_INFO_EHT_RU_ALLOC, /* keep last */ __NL80211_RATE_INFO_AFTER_LAST, @@ -3689,13 +3942,20 @@ enum nl80211_mpath_info { * capabilities IE * @NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE: HE PPE thresholds information as * defined in HE capabilities IE - * @NL80211_BAND_IFTYPE_ATTR_MAX: highest band HE capability attribute currently - * defined * @NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA: HE 6GHz band capabilities (__le16), * given for all 6 GHz band channels * @NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS: vendor element capabilities that are * advertised on this band/for this iftype (binary) + * @NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC: EHT MAC capabilities as in EHT + * capabilities element + * @NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY: EHT PHY capabilities as in EHT + * capabilities element + * @NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET: EHT supported NSS/MCS as in EHT + * capabilities element + * @NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE: EHT PPE thresholds information as + * defined in EHT capabilities element * @__NL80211_BAND_IFTYPE_ATTR_AFTER_LAST: internal use + * @NL80211_BAND_IFTYPE_ATTR_MAX: highest band attribute currently defined */ enum nl80211_band_iftype_attr { __NL80211_BAND_IFTYPE_ATTR_INVALID, @@ -3707,6 +3967,10 @@ enum nl80211_band_iftype_attr { NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS, + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC, + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY, + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET, + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE, /* keep last */ __NL80211_BAND_IFTYPE_ATTR_AFTER_LAST, @@ -3851,6 +4115,10 @@ enum nl80211_wmm_rule { * on this channel in current regulatory domain. * @NL80211_FREQUENCY_ATTR_16MHZ: 16 MHz operation is allowed * on this channel in current regulatory domain. + * @NL80211_FREQUENCY_ATTR_NO_320MHZ: any 320 MHz channel using this channel + * as the primary or any of the secondary channels isn't possible + * @NL80211_FREQUENCY_ATTR_NO_EHT: EHT operation is not allowed on this channel + * in current regulatory domain. * @NL80211_FREQUENCY_ATTR_MAX: highest frequency attribute number * currently defined * @__NL80211_FREQUENCY_ATTR_AFTER_LAST: internal use @@ -3887,6 +4155,8 @@ enum nl80211_frequency_attr { NL80211_FREQUENCY_ATTR_4MHZ, NL80211_FREQUENCY_ATTR_8MHZ, NL80211_FREQUENCY_ATTR_16MHZ, + NL80211_FREQUENCY_ATTR_NO_320MHZ, + NL80211_FREQUENCY_ATTR_NO_EHT, /* keep last */ __NL80211_FREQUENCY_ATTR_AFTER_LAST, @@ -4085,6 +4355,7 @@ enum nl80211_sched_scan_match_attr { * @NL80211_RRF_NO_80MHZ: 80MHz operation not allowed * @NL80211_RRF_NO_160MHZ: 160MHz operation not allowed * @NL80211_RRF_NO_HE: HE operation not allowed + * @NL80211_RRF_NO_320MHZ: 320MHz operation not allowed */ enum nl80211_reg_rule_flags { NL80211_RRF_NO_OFDM = 1<<0, @@ -4103,6 +4374,7 @@ enum nl80211_reg_rule_flags { NL80211_RRF_NO_80MHZ = 1<<15, NL80211_RRF_NO_160MHZ = 1<<16, NL80211_RRF_NO_HE = 1<<17, + NL80211_RRF_NO_320MHZ = 1<<18, }; #define NL80211_RRF_PASSIVE_SCAN NL80211_RRF_NO_IR @@ -4600,6 +4872,8 @@ enum nl80211_key_mode { * @NL80211_CHAN_WIDTH_4: 4 MHz OFDM channel * @NL80211_CHAN_WIDTH_8: 8 MHz OFDM channel * @NL80211_CHAN_WIDTH_16: 16 MHz OFDM channel + * @NL80211_CHAN_WIDTH_320: 320 MHz channel, the %NL80211_ATTR_CENTER_FREQ1 + * attribute must be provided as well */ enum nl80211_chan_width { NL80211_CHAN_WIDTH_20_NOHT, @@ -4615,6 +4889,7 @@ enum nl80211_chan_width { NL80211_CHAN_WIDTH_4, NL80211_CHAN_WIDTH_8, NL80211_CHAN_WIDTH_16, + NL80211_CHAN_WIDTH_320, }; /** @@ -4686,6 +4961,8 @@ enum nl80211_bss_scan_width { * Contains a nested array of signal strength attributes (u8, dBm), * using the nesting index as the antenna number. * @NL80211_BSS_FREQUENCY_OFFSET: frequency offset in KHz + * @NL80211_BSS_MLO_LINK_ID: MLO link ID of the BSS (u8). + * @NL80211_BSS_MLD_ADDR: MLD address of this BSS if connected to it. * @__NL80211_BSS_AFTER_LAST: internal * @NL80211_BSS_MAX: highest BSS attribute */ @@ -4711,6 +4988,8 @@ enum nl80211_bss { NL80211_BSS_PARENT_BSSID, NL80211_BSS_CHAIN_SIGNAL, NL80211_BSS_FREQUENCY_OFFSET, + NL80211_BSS_MLO_LINK_ID, + NL80211_BSS_MLD_ADDR, /* keep last */ __NL80211_BSS_AFTER_LAST, @@ -4929,6 +5208,7 @@ enum nl80211_txrate_gi { * @NL80211_BAND_60GHZ: around 60 GHz band (58.32 - 69.12 GHz) * @NL80211_BAND_6GHZ: around 6 GHz band (5.9 - 7.2 GHz) * @NL80211_BAND_S1GHZ: around 900MHz, supported by S1G PHYs + * @NL80211_BAND_LC: light communication band (placeholder) * @NUM_NL80211_BANDS: number of bands, avoid using this in userspace * since newer kernel versions may support more bands */ @@ -4938,6 +5218,7 @@ enum nl80211_band { NL80211_BAND_60GHZ, NL80211_BAND_6GHZ, NL80211_BAND_S1GHZ, + NL80211_BAND_LC, NUM_NL80211_BANDS, }; @@ -5504,7 +5785,7 @@ enum nl80211_iface_limit_attrs { * => allows 8 of AP/GO that can have BI gcd >= min gcd * * numbers = [ #{STA} <= 2 ], channels = 2, max = 2 - * => allows two STAs on different channels + * => allows two STAs on the same or on different channels * * numbers = [ #{STA} <= 1, #{P2P-client,P2P-GO} <= 3 ], max = 4 * => allows a STA plus three P2P interfaces @@ -5549,7 +5830,7 @@ enum nl80211_if_combination_attrs { * @NL80211_PLINK_ESTAB: mesh peer link is established * @NL80211_PLINK_HOLDING: mesh peer link is being closed or cancelled * @NL80211_PLINK_BLOCKED: all frames transmitted from this mesh - * plink are discarded + * plink are discarded, except for authentication frames * @NUM_NL80211_PLINK_STATES: number of peer link states * @MAX_NL80211_PLINK_STATES: highest numerical value of plink states */ @@ -5686,13 +5967,15 @@ enum nl80211_tdls_operation { NL80211_TDLS_DISABLE_LINK, }; -/* +/** * enum nl80211_ap_sme_features - device-integrated AP features - * Reserved for future use, no bits are defined in - * NL80211_ATTR_DEVICE_AP_SME yet. + * @NL80211_AP_SME_SA_QUERY_OFFLOAD: SA Query procedures offloaded to driver + * when user space indicates support for SA Query procedures offload during + * "start ap" with %NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT. + */ enum nl80211_ap_sme_features { + NL80211_AP_SME_SA_QUERY_OFFLOAD = 1 << 0, }; - */ /** * enum nl80211_feature_flags - device/driver features @@ -5703,7 +5986,7 @@ enum nl80211_ap_sme_features { * @NL80211_FEATURE_INACTIVITY_TIMER: This driver takes care of freeing up * the connected inactive stations in AP mode. * @NL80211_FEATURE_CELL_BASE_REG_HINTS: This driver has been tested - * to work properly to suppport receiving regulatory hints from + * to work properly to support receiving regulatory hints from * cellular base stations. * @NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL: (no longer available, only * here to reserve the value for API/ABI compatibility) @@ -5995,6 +6278,22 @@ enum nl80211_feature_flags { * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision * detection and change announcemnts. * + * @NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD: Driver running in AP mode supports + * FILS encryption and decryption for (Re)Association Request and Response + * frames. Userspace has to share FILS AAD details to the driver by using + * @NL80211_CMD_SET_FILS_AAD. + * + * @NL80211_EXT_FEATURE_RADAR_BACKGROUND: Device supports background radar/CAC + * detection. + * + * @NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE: Device can perform a MAC address + * change without having to bring the underlying network device down + * first. For example, in station mode this can be used to vary the + * origin MAC address prior to a connection to a new AP for privacy + * or other reasons. Note that certain driver specific restrictions + * might apply, e.g. no scans in progress, no offchannel operations + * in progress, and no active connections. + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -6060,6 +6359,9 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_SECURE_RTT, NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE, NL80211_EXT_FEATURE_BSS_COLOR, + NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD, + NL80211_EXT_FEATURE_RADAR_BACKGROUND, + NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, @@ -7349,4 +7651,76 @@ enum nl80211_sar_specs_attrs { NL80211_SAR_ATTR_SPECS_MAX = __NL80211_SAR_ATTR_SPECS_LAST - 1, }; +/** + * enum nl80211_mbssid_config_attributes - multiple BSSID (MBSSID) and enhanced + * multi-BSSID advertisements (EMA) in AP mode. + * Kernel uses some of these attributes to advertise driver's support for + * MBSSID and EMA. + * Remaining attributes should be used by the userspace to configure the + * features. + * + * @__NL80211_MBSSID_CONFIG_ATTR_INVALID: Invalid + * + * @NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES: Used by the kernel to advertise + * the maximum number of MBSSID interfaces supported by the driver. + * Driver should indicate MBSSID support by setting + * wiphy->mbssid_max_interfaces to a value more than or equal to 2. + * + * @NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY: Used by the kernel + * to advertise the maximum profile periodicity supported by the driver + * if EMA is enabled. Driver should indicate EMA support to the userspace + * by setting wiphy->ema_max_profile_periodicity to + * a non-zero value. + * + * @NL80211_MBSSID_CONFIG_ATTR_INDEX: Mandatory parameter to pass the index of + * this BSS (u8) in the multiple BSSID set. + * Value must be set to 0 for the transmitting interface and non-zero for + * all non-transmitting interfaces. The userspace will be responsible + * for using unique indices for the interfaces. + * Range: 0 to wiphy->mbssid_max_interfaces-1. + * + * @NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX: Mandatory parameter for + * a non-transmitted profile which provides the interface index (u32) of + * the transmitted profile. The value must match one of the interface + * indices advertised by the kernel. Optional if the interface being set up + * is the transmitting one, however, if provided then the value must match + * the interface index of the same. + * + * @NL80211_MBSSID_CONFIG_ATTR_EMA: Flag used to enable EMA AP feature. + * Setting this flag is permitted only if the driver advertises EMA support + * by setting wiphy->ema_max_profile_periodicity to non-zero. + * + * @__NL80211_MBSSID_CONFIG_ATTR_LAST: Internal + * @NL80211_MBSSID_CONFIG_ATTR_MAX: highest attribute + */ +enum nl80211_mbssid_config_attributes { + __NL80211_MBSSID_CONFIG_ATTR_INVALID, + + NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES, + NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY, + NL80211_MBSSID_CONFIG_ATTR_INDEX, + NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX, + NL80211_MBSSID_CONFIG_ATTR_EMA, + + /* keep last */ + __NL80211_MBSSID_CONFIG_ATTR_LAST, + NL80211_MBSSID_CONFIG_ATTR_MAX = __NL80211_MBSSID_CONFIG_ATTR_LAST - 1, +}; + +/** + * enum nl80211_ap_settings_flags - AP settings flags + * + * @NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT: AP supports external + * authentication. + * @NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT: Userspace supports SA Query + * procedures offload to driver. If driver advertises + * %NL80211_AP_SME_SA_QUERY_OFFLOAD in AP SME features, userspace shall + * ignore SA Query procedures and validations when this flag is set by + * userspace. + */ +enum nl80211_ap_settings_flags { + NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT = 1 << 0, + NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT = 1 << 1, +}; + #endif /* __LINUX_NL80211_H */ diff --git a/src/basic/linux/pkt_sched.h b/src/basic/linux/pkt_sched.h index 79a699f106b..000eec10685 100644 --- a/src/basic/linux/pkt_sched.h +++ b/src/basic/linux/pkt_sched.h @@ -827,6 +827,8 @@ struct tc_codel_xstats { /* FQ_CODEL */ +#define FQ_CODEL_QUANTUM_MAX (1 << 20) + enum { TCA_FQ_CODEL_UNSPEC, TCA_FQ_CODEL_TARGET, @@ -838,6 +840,8 @@ enum { TCA_FQ_CODEL_CE_THRESHOLD, TCA_FQ_CODEL_DROP_BATCH_SIZE, TCA_FQ_CODEL_MEMORY_LIMIT, + TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR, + TCA_FQ_CODEL_CE_THRESHOLD_MASK, __TCA_FQ_CODEL_MAX }; @@ -1228,6 +1232,16 @@ enum { #define TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST _BITUL(0) #define TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD _BITUL(1) +enum { + TCA_TAPRIO_TC_ENTRY_UNSPEC, + TCA_TAPRIO_TC_ENTRY_INDEX, /* u32 */ + TCA_TAPRIO_TC_ENTRY_MAX_SDU, /* u32 */ + + /* add new constants above here */ + __TCA_TAPRIO_TC_ENTRY_CNT, + TCA_TAPRIO_TC_ENTRY_MAX = (__TCA_TAPRIO_TC_ENTRY_CNT - 1) +}; + enum { TCA_TAPRIO_ATTR_UNSPEC, TCA_TAPRIO_ATTR_PRIOMAP, /* struct tc_mqprio_qopt */ @@ -1241,6 +1255,7 @@ enum { TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION, /* s64 */ TCA_TAPRIO_ATTR_FLAGS, /* u32 */ TCA_TAPRIO_ATTR_TXTIME_DELAY, /* u32 */ + TCA_TAPRIO_ATTR_TC_ENTRY, /* nest */ __TCA_TAPRIO_ATTR_MAX, }; diff --git a/src/basic/linux/rtnetlink.h b/src/basic/linux/rtnetlink.h index 5888492a525..eb2747d58a8 100644 --- a/src/basic/linux/rtnetlink.h +++ b/src/basic/linux/rtnetlink.h @@ -146,6 +146,8 @@ enum { #define RTM_NEWSTATS RTM_NEWSTATS RTM_GETSTATS = 94, #define RTM_GETSTATS RTM_GETSTATS + RTM_SETSTATS, +#define RTM_SETSTATS RTM_SETSTATS RTM_NEWCACHEREPORT = 96, #define RTM_NEWCACHEREPORT RTM_NEWCACHEREPORT @@ -185,6 +187,13 @@ enum { RTM_GETNEXTHOPBUCKET, #define RTM_GETNEXTHOPBUCKET RTM_GETNEXTHOPBUCKET + RTM_NEWTUNNEL = 120, +#define RTM_NEWTUNNEL RTM_NEWTUNNEL + RTM_DELTUNNEL, +#define RTM_DELTUNNEL RTM_DELTUNNEL + RTM_GETTUNNEL, +#define RTM_GETTUNNEL RTM_GETTUNNEL + __RTM_MAX, #define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1) }; @@ -431,7 +440,7 @@ struct rtnexthop { /* RTA_VIA */ struct rtvia { __kernel_sa_family_t rtvia_family; - __u8 rtvia_addr[0]; + __u8 rtvia_addr[]; }; /* RTM_CACHEINFO */ @@ -754,6 +763,12 @@ enum rtnetlink_groups { #define RTNLGRP_NEXTHOP RTNLGRP_NEXTHOP RTNLGRP_BRVLAN, #define RTNLGRP_BRVLAN RTNLGRP_BRVLAN + RTNLGRP_MCTP_IFADDR, +#define RTNLGRP_MCTP_IFADDR RTNLGRP_MCTP_IFADDR + RTNLGRP_TUNNEL, +#define RTNLGRP_TUNNEL RTNLGRP_TUNNEL + RTNLGRP_STATS, +#define RTNLGRP_STATS RTNLGRP_STATS __RTNLGRP_MAX }; #define RTNLGRP_MAX (__RTNLGRP_MAX - 1) @@ -802,6 +817,7 @@ enum { #define RTEXT_FILTER_MRP (1 << 4) #define RTEXT_FILTER_CFM_CONFIG (1 << 5) #define RTEXT_FILTER_CFM_STATUS (1 << 6) +#define RTEXT_FILTER_MST (1 << 7) /* End of information exported to user level */ diff --git a/src/basic/linux/stddef.h b/src/basic/linux/stddef.h new file mode 100644 index 00000000000..1a739631b91 --- /dev/null +++ b/src/basic/linux/stddef.h @@ -0,0 +1,46 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI_LINUX_STDDEF_H +#define _UAPI_LINUX_STDDEF_H + + +#ifndef __always_inline +#define __always_inline inline +#endif + +/** + * __struct_group() - Create a mirrored named and anonyomous struct + * + * @TAG: The tag name for the named sub-struct (usually empty) + * @NAME: The identifier name of the mirrored sub-struct + * @ATTRS: Any struct attributes (usually empty) + * @MEMBERS: The member declarations for the mirrored structs + * + * Used to create an anonymous union of two structs with identical layout + * and size: one anonymous and one named. The former's members can be used + * normally without sub-struct naming, and the latter can be used to + * reason about the start, end, and size of the group of struct members. + * The named struct can also be explicitly tagged for layer reuse, as well + * as both having struct attributes appended. + */ +#define __struct_group(TAG, NAME, ATTRS, MEMBERS...) \ + union { \ + struct { MEMBERS } ATTRS; \ + struct TAG { MEMBERS } ATTRS NAME; \ + } + +/** + * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union + * + * @TYPE: The type of each flexible array element + * @NAME: The name of the flexible array member + * + * In order to have a flexible array member in a union or alone in a + * struct, it needs to be wrapped in an anonymous struct with at least 1 + * named member, but that member can be empty. + */ +#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ + struct { \ + struct { } __empty_ ## NAME; \ + TYPE NAME[]; \ + } +#endif diff --git a/src/basic/linux/update.sh b/src/basic/linux/update.sh index 72e133d0bcd..6aff039d3ef 100755 --- a/src/basic/linux/update.sh +++ b/src/basic/linux/update.sh @@ -6,5 +6,5 @@ set -o pipefail for i in *.h */*.h; do curl --fail "https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/$i" -o "$i" - sed -i -e 's/__user //g' -e '/^#include / d' "$i" + sed -r -i -e 's/__user //g' -e '/^#include / d' "$i" done From 077aeaf270aceb1841ea1e80809f097d72a036d2 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 25 Jan 2023 13:21:09 +0100 Subject: [PATCH 635/703] partition: fix build with newer linux/btrfs.h uapi header linux/btrfs.h needs to be included after sys/mount.h, as since [0] linux/btrfs.h includes linux/fs.h causing build errors: ``` In file included from /usr/include/linux/fs.h:19, from ../src/basic/linux/btrfs.h:29, from ../src/partition/growfs.c:6: /usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant 35 | MS_RDONLY = 1, /* Mount read-only. */ | ^~~~~~~~~ [1222/2169] Compiling C object systemd-creds.p/src_creds_creds.c.o ninja: build stopped: subcommand failed. ``` See: https://github.com/systemd/systemd/issues/8507 [0] https://github.com/torvalds/linux/commit/a28135303a669917002f569aecebd5758263e4aa (cherry picked from commit ed614f17fc9f3876b2178db949df42a2605f6895) (cherry picked from commit 8f84df0da357128f1275933cd8aab4c5efad5767) (cherry picked from commit 1fc632e15162e0cd02cadc2b8f7fcf1d3b718cbb) --- src/partition/growfs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/partition/growfs.c b/src/partition/growfs.c index ced54f14134..c08c26d9293 100644 --- a/src/partition/growfs.c +++ b/src/partition/growfs.c @@ -3,12 +3,17 @@ #include #include #include -#include #include #include #include #include #include +/* This needs to be included after sys/mount.h, as since [0] linux/btrfs.h + * includes linux/fs.h causing build errors + * See: https://github.com/systemd/systemd/issues/8507 + * [0] https://github.com/torvalds/linux/commit/a28135303a669917002f569aecebd5758263e4aa + */ +#include #include "blockdev-util.h" #include "btrfs-util.h" From 18b7b6a38a3a2aa21d6db609463bf9666eacb3b6 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 25 Jan 2023 09:39:13 +0100 Subject: [PATCH 636/703] test-execute: Skip when /sys is read-only The test depends on /sys being writable, so let's skip it when /sys is read-only. (cherry picked from commit 34b5977015a557840988e825ac116a7f09d0be75) (cherry picked from commit 4dc37994e283d2e8af612519fd3fac195fc47e56) (cherry picked from commit 0acf4d71e02d99b64c1644c2df3775c07a82aba1) --- src/test/test-execute.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 49629c6bc25..f37034eb918 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -1227,6 +1227,9 @@ int main(int argc, char *argv[]) { if (r == -ENOMEDIUM) return log_tests_skipped("cgroupfs not available"); + if (path_is_read_only_fs("/sys") > 0) + return log_tests_skipped("/sys is mounted read-only"); + _cleanup_free_ char *unit_dir = NULL, *unit_paths = NULL; assert_se(get_testdata_dir("test-execute/", &unit_dir) >= 0); assert_se(runtime_dir = setup_fake_runtime_dir()); From 96be2340d6988b95c8a8ad6f30198d5dbd5292be Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Mon, 7 Nov 2022 16:39:12 +0100 Subject: [PATCH 637/703] semaphore: remove the Semaphore repositories recursively The list of disabled repositories was recently converted from a single file into a directory with separate repository files, so let's adjust the setup script accordingly. ``` $ ls -lR /etc/apt/sources.list.d/ /etc/apt/sources.list.d/: total 36 -rw-r--r-- 1 root root 76 Nov 3 10:28 azure-cli.list -rw-r--r-- 1 root root 72 Nov 3 10:22 bazel.list drwxr-xr-x 2 root root 4096 Nov 3 10:31 disabled -rw-r--r-- 1 root root 113 Nov 3 10:13 docker-source.list -rw-r--r-- 1 root root 367 Nov 3 10:28 github_git-lfs.list -rw-r--r-- 1 root root 111 Nov 3 10:25 google-chrome-source.list -rw-r--r-- 1 root root 64 Nov 3 10:14 google-cloud-sdk.list -rw-r--r-- 1 root root 54 Nov 3 10:23 helm-stable-debian.list -rw-r--r-- 1 root root 89 Nov 3 10:29 yarn-source.list /etc/apt/sources.list.d/disabled: total 20 -rw-r--r-- 1 root root 100 Nov 3 10:23 devel_kubic_libcontainers_stable.list -rw-r--r-- 1 root root 103 Nov 3 10:27 git.list -rw-r--r-- 1 root root 105 Nov 3 10:22 gradle.list -rw-r--r-- 1 root root 118 Nov 3 10:13 pypy.list -rw-r--r-- 1 root root 104 Nov 3 10:13 python.list ``` (cherry picked from commit 610eb3f8260ecbb161db5186a5e27417f3110a68) (cherry picked from commit 31cfa1cc96650eb4b4112e6e62e6990846bde810) (cherry picked from commit 4fbf69fd1bc6a11f1d559b6f915e70dd083b3e6c) --- .semaphore/semaphore-runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index f9004fa14e6..c0fac5cdd1e 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -62,7 +62,7 @@ for phase in "${PHASES[@]}"; do case "$phase" in SETUP) # remove semaphore repos, some of them don't work and cause error messages - sudo rm -f /etc/apt/sources.list.d/* + sudo rm -rf /etc/apt/sources.list.d/* # enable backports for latest LXC echo "deb http://archive.ubuntu.com/ubuntu $UBUNTU_RELEASE-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list.d/backports.list From e4fccaf370ed3659275ba3ed5e492acb556fc477 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 18 Nov 2022 15:13:55 +0100 Subject: [PATCH 638/703] mkosi: pull in libbpf1 instead of legacy libbpf0 on debian (cherry picked from commit 0d9e6d76be9afb32a694cb3b00e2028048910d96) (cherry picked from commit 31bb2ef7ea6a9cb3759ef09f7ee668434036a507) (cherry picked from commit 1ee30b0ea98ec3e69faec54a107af8a06c61dca6) --- mkosi.default.d/debian/10-mkosi.debian | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index d35b1d72a64..d61c24e5704 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -63,7 +63,7 @@ BuildPackages= Packages= gdb - libbpf0 + libbpf1 libfdisk1 libfido2-1 libidn2-0 From 54743fff8d771520b151fb08f167156942aa4512 Mon Sep 17 00:00:00 2001 From: Nishal Kulkarni Date: Fri, 18 Mar 2022 14:41:42 +0530 Subject: [PATCH 639/703] shell-completion: Add completion for oomctl Added bash and zsh completions for oomctl arguments and commands. Related To: #22118 (cherry picked from commit de0988f9d2b23580d31e857991337927a5735fe1) --- shell-completion/bash/meson.build | 1 + shell-completion/bash/oomctl | 57 +++++++++++++++++++++++++++++++ shell-completion/zsh/_oomctl | 28 +++++++++++++++ shell-completion/zsh/meson.build | 1 + 4 files changed, 87 insertions(+) create mode 100644 shell-completion/bash/oomctl create mode 100644 shell-completion/zsh/_oomctl diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build index c6668e5ea33..963a11b6cee 100644 --- a/shell-completion/bash/meson.build +++ b/shell-completion/bash/meson.build @@ -40,6 +40,7 @@ items = [['busctl', ''], ['loginctl', 'ENABLE_LOGIND'], ['machinectl', 'ENABLE_MACHINED'], ['networkctl', 'ENABLE_NETWORKD'], + ['oomctl', 'ENABLE_OOMD'], ['portablectl', 'ENABLE_PORTABLED'], ['resolvectl', 'ENABLE_RESOLVE'], ['systemd-resolve', 'ENABLE_RESOLVE'], diff --git a/shell-completion/bash/oomctl b/shell-completion/bash/oomctl new file mode 100644 index 00000000000..cc778199c9a --- /dev/null +++ b/shell-completion/bash/oomctl @@ -0,0 +1,57 @@ +# oomctl(1) completion -*- shell-script -*- +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see . + +__contains_word () { + local w word=$1; shift + for w in "$@"; do + [[ $w = "$word" ]] && return + done +} + +_oomctl() { + local i verb comps + local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} + local OPTS='-h --help --version --no-pager' + + if [[ "$cur" = -* ]]; then + COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) + return 0 + fi + + local -A VERBS=( + [STANDALONE]='help dump' + ) + + for ((i=0; i < COMP_CWORD; i++)); do + if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]}; then + verb=${COMP_WORDS[i]} + break + fi + done + + if [[ -z ${verb-} ]]; then + comps=${VERBS[*]} + elif __contains_word "$verb" ${VERBS[STANDALONE]}; then + comps='' + fi + + COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) + return 0 +} + +complete -F _oomctl oomctl diff --git a/shell-completion/zsh/_oomctl b/shell-completion/zsh/_oomctl new file mode 100644 index 00000000000..f956340b7ed --- /dev/null +++ b/shell-completion/zsh/_oomctl @@ -0,0 +1,28 @@ +#compdef oomctl +# SPDX-License-Identifier: LGPL-2.1-or-later + +(( $+functions[_oomctl_commands] )) || _oomctl_commands() +{ + local -a _oomctl_cmds + _oomctl_cmds=( + "dump:Show the current state of the cgroup(s) and system context(s)" + "help:Prints a short help text and exits." + ) + if (( CURRENT == 1 )); then + _describe -t commands 'oomctl command' _oomctl_cmds + else + local curcontext="$curcontext" + cmd="${${_oomctl_cmds[(r)$words[1]:*]%%:*}}" + if (( $+functions[_oomctl_$cmd] )); then + _oomctl_$cmd + else + _message "no more options" + fi + fi +} + +_arguments \ + {-h,--help}'[Prints a short help text and exits.]' \ + '--version[Prints a short version string and exits.]' \ + '--no-pager[Do not pipe output into a pager]' \ + '*::oomctl command:_oomctl_commands' diff --git a/shell-completion/zsh/meson.build b/shell-completion/zsh/meson.build index a0615c4df97..6dca9dd5958 100644 --- a/shell-completion/zsh/meson.build +++ b/shell-completion/zsh/meson.build @@ -34,6 +34,7 @@ items = [['_busctl', ''], ['_loginctl', 'ENABLE_LOGIND'], ['_machinectl', 'ENABLE_MACHINED'], ['_networkctl', 'ENABLE_NETWORKD'], + ['_oomctl', 'ENABLE_OOMD'], ['_systemd-inhibit', 'ENABLE_LOGIND'], ['_resolvectl', 'ENABLE_RESOLVE'], ['_systemd-tmpfiles', 'ENABLE_TMPFILES'], From 9a2d8e4620d6bf0154d9ddb3e74b11c3892d9410 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 Dec 2022 17:23:00 +0100 Subject: [PATCH 640/703] =?UTF-8?q?units:=20change=20modprobe@dm-mod.servi?= =?UTF-8?q?ce=20=E2=86=92=20modprobe@dm=5Fmod.service?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follow-up for 8f1359bf854e9683e4e0b89fd3a537e0d82d4b95 (cherry picked from commit 143a1f1039d992001d2f2f35b2e6ba07f8a52af7) (cherry picked from commit 67467efd58b0b9814e92dfaa1edc21ebf2c830e7) (cherry picked from commit 923264e0345fdf2a949ef1eb1b4ccef50457fb20) --- units/systemd-nspawn@.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index d7bae83ac2e..42ef31d7888 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -10,7 +10,7 @@ [Unit] Description=Container %i Documentation=man:systemd-nspawn(1) -Wants=modprobe@tun.service modprobe@loop.service modprobe@dm-mod.service +Wants=modprobe@tun.service modprobe@loop.service modprobe@dm_mod.service PartOf=machines.target Before=machines.target After=network.target systemd-resolved.service modprobe@tun.service modprobe@loop.service modprobe@dm-mod.service From 230ade8bffaf01495e569e8fef2a481a57269a3e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 Dec 2022 17:23:14 +0100 Subject: [PATCH 641/703] units: pull in loop.ko and dm-mod.ko before repart We want to make use of that when formatting file systems, hence let's pull in these modules explicitly. (This is necessary because we are an early boot service that might run before systemd-tmpfiles-dev.service, which creates /dev/loop-control and /dev/mapper/control.) Alternatively we could just order ourselves after systemd-tmpfiles-dev.service, but I think there's value in adding an explicit minimal ordering here, since we know what we'll need. Fixes: #25775 (cherry picked from commit ce7dcfd6b00b8099d1793d04bcfa9968ca4a0d96) (cherry picked from commit 3856b97f8bcbde01b1e2ceb3b008513a2327d64d) (cherry picked from commit 208153c32bb6b355436fc6a8679cba1cd4d4078d) --- units/systemd-repart.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in index 92e0a9b3cd1..105be680cd6 100644 --- a/units/systemd-repart.service.in +++ b/units/systemd-repart.service.in @@ -12,7 +12,8 @@ Description=Repartition Root Disk Documentation=man:systemd-repart.service(8) DefaultDependencies=no Conflicts=shutdown.target -After=initrd-usr-fs.target +Wants=modprobe@loop.service modprobe@dm_mod.service +After=initrd-usr-fs.target modprobe@loop.service modprobe@dm_mod.service Before=initrd-root-fs.target shutdown.target ConditionVirtualization=!container ConditionDirectoryNotEmpty=|/usr/lib/repart.d From 0d315ca6e7e66b4cd9e43736d41a3cc307db3e7a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 Dec 2022 18:39:54 +0100 Subject: [PATCH 642/703] docs: remove /dev/tty* confusion The text said /dev/tty* as a whole was the VT subsystem and that VT is not supported in containers. But that's not accurate as /dev/tty* will match /dev/tty too and that one device node is special and is not related to VT: it always points to the current process own controlling tty, regardless what that is. hence, rewrite /dev/tty* as /dev/tty[0-9]*. (cherry picked from commit 6ae5c39af1da5b0b6e49278e7a33158d49ec04a5) (cherry picked from commit f3d620f5d2c26c546d9a5c410c3aa68329b74330) (cherry picked from commit b4e56b13a98567a113a495f754258529996806b1) --- docs/CONTAINER_INTERFACE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md index 1332ed3e470..f61a95de1ea 100644 --- a/docs/CONTAINER_INTERFACE.md +++ b/docs/CONTAINER_INTERFACE.md @@ -298,9 +298,9 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular you cannot link them to each other. 4. Do not pretend that the real VTs are available in the container. The VT - subsystem consists of all the devices `/dev/tty*`, `/dev/vcs*`, `/dev/vcsa*` - plus their `sysfs` counterparts. They speak specific `ioctl()`s and - understand specific escape sequences, that other ptys don't understand. + subsystem consists of all the devices `/dev/tty[0-9]*`, `/dev/vcs*`, + `/dev/vcsa*` plus their `sysfs` counterparts. They speak specific `ioctl()`s + and understand specific escape sequences, that other ptys don't understand. Hence, it is explicitly not OK to mount a pty to `/dev/tty1`, `/dev/tty2`, `/dev/tty3`. This is explicitly not supported. From 1c36c0b5a106c2aeca21b50f761c355b9d2e3e3c Mon Sep 17 00:00:00 2001 From: msizanoen1 Date: Tue, 27 Dec 2022 11:57:12 +0700 Subject: [PATCH 643/703] udev: match device tags in rules using current device tags This ensures that udev scripts using `TAG-="..."` and expecting later udev rules to honor it will work properly. An use case is removing the `uaccess` tag from a device without overriding the original file and ensuring that `73-seat-uaccess.rules` won't run the uaccess builtin later. (cherry picked from commit 310249903986957997b76bc52441cabb5843aad8) (cherry picked from commit 7d4ea095d5e3e5aa87761c6c0f5f30287596dd75) (cherry picked from commit ca948c9601714c8de53a87a548dfad05fef37c40) --- src/udev/udev-rules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c index dd7a7eba47e..cf461e1e68e 100644 --- a/src/udev/udev-rules.c +++ b/src/udev/udev-rules.c @@ -1614,7 +1614,7 @@ static int udev_rule_apply_token_to_event( case TK_M_PARENTS_TAG: { const char *val; - FOREACH_DEVICE_TAG(dev, val) + FOREACH_DEVICE_CURRENT_TAG(dev, val) if (token_match_string(token, val)) return token->op == OP_MATCH; return token->op == OP_NOMATCH; From 2e6d400fd82a44d9c827d57506c8fe24784076d7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 4 Jan 2023 16:29:34 +0100 Subject: [PATCH 644/703] resolvectl: fix type of ifindex D-Bus field, and make sure to initialize to zero in all code paths (cherry picked from commit a5e6c8498ca375bafa865d5e46fa95e9313871ad) (cherry picked from commit ed26f98f2f0559aee242836e71832a77a7000dbb) (cherry picked from commit 87307bfdd107fc40440456cfcbf550f4bd679751) --- src/resolve/resolvectl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index 7dd05f7cd74..a04a1da3c0d 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -1191,9 +1191,10 @@ static int reset_server_features(int argc, char **argv, void *userdata) { static int read_dns_server_one(sd_bus_message *m, bool with_ifindex, bool extended, char **ret) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_free_ char *pretty = NULL; - int ifindex, family, r, k; union in_addr_union a; const char *name = NULL; + int32_t ifindex = 0; + int family, r, k; uint16_t port = 0; assert(m); From 18440f9b919f2c4d03513915a9dc1c4a4038b752 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 4 Jan 2023 16:36:15 +0100 Subject: [PATCH 645/703] resolvectl: don't filter loopback DNS server from global DNS server list "resolvectl status" shows per-link DNS servers separately from global ones. When querying the global list, it will contain both per-link and global servers however. Thus, to not show duplicate info we filter all entries that actually have a non-zero ifindex set (under the assumption that that's a per-link server). This doesn't work if people configured 127.0.0.1 as global server though, as we'll add ifindex 1 to it since 6e32414a66ff8dbcef233981a7066684d903ee9f unconditionally even for global servers. Let's address that by excluding entries with ifindex 1 from suppression. This is safe as resolved ignores loopback ifaces, hence never will have per-link servers on ifindex 1. Note that this splits up the "with_ifindex" parameter into a second parameter "only_global", since they semantically do two different things. One controls whether we shall expect/parse an ifindex dbus field. The other controls whether we shall filter all ifindex values set != 0. These are effectively always used in conjunction hence making them the same actually worked. However this is utterly confusing I think, which as I guess is resulting in the confusion around #25796 (which removes the whole check) Replaces: #25796 (cherry picked from commit 889a1b9f4e799b31f1be06db74708aa8beb70829) (cherry picked from commit b71ade8779002d7feb61a43bc8c2d8325b3d6750) (cherry picked from commit fa04709a3daacb6e201460be2dd610f6b85778f3) --- src/resolve/resolvectl.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index a04a1da3c0d..5ec4b63568e 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -1188,7 +1188,13 @@ static int reset_server_features(int argc, char **argv, void *userdata) { return 0; } -static int read_dns_server_one(sd_bus_message *m, bool with_ifindex, bool extended, char **ret) { +static int read_dns_server_one( + sd_bus_message *m, + bool with_ifindex, /* read "ifindex" reply that also carries an interface index */ + bool extended, /* read "extended" reply, i.e. with port number and server name */ + bool only_global, /* suppress entries with an (non-loopback) ifindex set (i.e. which are specific to some interface) */ + char **ret) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_free_ char *pretty = NULL; union in_addr_union a; @@ -1234,8 +1240,8 @@ static int read_dns_server_one(sd_bus_message *m, bool with_ifindex, bool extend return 1; } - if (with_ifindex && ifindex != 0) { - /* only show the global ones here */ + if (only_global && ifindex > 0 && ifindex != LOOPBACK_IFINDEX) { + /* This one has an (non-loopback) ifindex set, and we were told to suppress those. Hence do so. */ *ret = NULL; return 1; } @@ -1265,7 +1271,7 @@ static int map_link_dns_servers_internal(sd_bus *bus, const char *member, sd_bus for (;;) { _cleanup_free_ char *pretty = NULL; - r = read_dns_server_one(m, false, extended, &pretty); + r = read_dns_server_one(m, /* with_ifindex= */ false, extended, /* only_global= */ false, &pretty); if (r < 0) return r; if (r == 0) @@ -1298,14 +1304,14 @@ static int map_link_current_dns_server(sd_bus *bus, const char *member, sd_bus_m assert(m); assert(userdata); - return read_dns_server_one(m, false, false, userdata); + return read_dns_server_one(m, /* with_ifindex= */ false, /* extended= */ false, /* only_global= */ false, userdata); } static int map_link_current_dns_server_ex(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) { assert(m); assert(userdata); - return read_dns_server_one(m, false, true, userdata); + return read_dns_server_one(m, /* with_ifindex= */ false, /* extended= */ true, /* only_global= */ false, userdata); } static int read_domain_one(sd_bus_message *m, bool with_ifindex, char **ret) { @@ -1733,7 +1739,7 @@ static int map_global_dns_servers_internal(sd_bus *bus, const char *member, sd_b for (;;) { _cleanup_free_ char *pretty = NULL; - r = read_dns_server_one(m, true, extended, &pretty); + r = read_dns_server_one(m, /* with_ifindex= */ true, extended, /* only_global= */ true, &pretty); if (r < 0) return r; if (r == 0) @@ -1763,17 +1769,11 @@ static int map_global_dns_servers_ex(sd_bus *bus, const char *member, sd_bus_mes } static int map_global_current_dns_server(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) { - assert(m); - assert(userdata); - - return read_dns_server_one(m, true, false, userdata); + return read_dns_server_one(m, /* with_ifindex= */ true, /* extended= */ false, /* only_global= */ true, userdata); } static int map_global_current_dns_server_ex(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) { - assert(m); - assert(userdata); - - return read_dns_server_one(m, true, true, userdata); + return read_dns_server_one(m, /* with_ifindex= */ true, /* extended= */ true, /* only_global= */ true, userdata); } static int map_global_domains(sd_bus *bus, const char *member, sd_bus_message *m, sd_bus_error *error, void *userdata) { From 15687161934c594693a19ae927cffeb7a224d0e1 Mon Sep 17 00:00:00 2001 From: Tuetuopay Date: Fri, 27 Jan 2023 15:10:49 +0100 Subject: [PATCH 646/703] network/dhcp4: accept local subnet routes from DHCP RFC3442 specifies option 121 (Classless Static Routes) that allow a DHCP server to push arbitrary routes to a client. It has a Local Subnet Routes section expliciting the behavior of routes with a null (0.0.0.0) gateway. Such routes are to be installed on the interface with a Link scope, to mark them as directly available on the link without any gateway. Networkd currently drops those routes, which is against the RFC, as Linux has proper support for such routes. Fixes: 7f20627 ("network: dhcp4: ignore gateway in static routes if destination is link-local or in the same network") (cherry picked from commit 1d84a3c7792a8910b05904937c703307ca19740f) (cherry picked from commit b0f514ba567a1f6321f6b7f1ded038f8090c70f0) (cherry picked from commit ee6475d31815fe3e012d48ef7302a5d73e3a8a5d) --- src/network/networkd-dhcp4.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c index cb9c428ae9b..f97e8033b80 100644 --- a/src/network/networkd-dhcp4.c +++ b/src/network/networkd-dhcp4.c @@ -381,15 +381,18 @@ static int dhcp4_request_route_auto( route->gw = IN_ADDR_NULL; route->prefsrc.in = address; - } else { - if (in4_addr_is_null(gw)) { - log_link_debug(link, "DHCP: requested route destination "IPV4_ADDRESS_FMT_STR"/%u is not in the assigned network " - IPV4_ADDRESS_FMT_STR"/%u, but no gateway is specified, ignoring.", - IPV4_ADDRESS_FMT_VAL(route->dst.in), route->dst_prefixlen, - IPV4_ADDRESS_FMT_VAL(prefix), prefixlen); - return 0; - } + } else if (in4_addr_is_null(gw)) { + log_link_debug(link, "DHCP: requested route destination "IPV4_ADDRESS_FMT_STR"/%u is not in the assigned network " + IPV4_ADDRESS_FMT_STR"/%u, but no gateway is specified, using 'link' scope.", + IPV4_ADDRESS_FMT_VAL(route->dst.in), route->dst_prefixlen, + IPV4_ADDRESS_FMT_VAL(prefix), prefixlen); + + route->scope = RT_SCOPE_LINK; + route->gw_family = AF_UNSPEC; + route->gw = IN_ADDR_NULL; + route->prefsrc.in = address; + } else { r = dhcp4_request_route_to_gateway(link, gw); if (r < 0) return r; From 3dd120c2ea1873ed89a52b75536de8202cf51df4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 30 Jan 2023 18:55:10 +0900 Subject: [PATCH 647/703] network: dhcp-server: do not create DHCPServer object when the DHCP server is running in relaying mode Follow-up for c95df5879eeb2cec8bc8eec2cfa7e741e1d9469f. Fixes #26196. (cherry picked from commit 2cb1cabb412850e88eaf26feec663674e2c4f664) (cherry picked from commit 318b6f60b8f91846331c2a4c65347c75b1203104) (cherry picked from commit 0f967fba156e74fd5071fee65e318d6332c81dcc) --- src/network/networkd-link-bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/network/networkd-link-bus.c b/src/network/networkd-link-bus.c index 765733b38c4..0b6f5672252 100644 --- a/src/network/networkd-link-bus.c +++ b/src/network/networkd-link-bus.c @@ -880,7 +880,8 @@ int link_object_find(sd_bus *bus, const char *path, const char *interface, void if (r < 0) return 0; - if (streq(interface, "org.freedesktop.network1.DHCPServer") && !link->dhcp_server) + if (streq(interface, "org.freedesktop.network1.DHCPServer") && + (!link->dhcp_server || sd_dhcp_server_is_in_relay_mode(link->dhcp_server))) return 0; *found = link; From d8d3106ea8c06c4be760467ff0520860d304a763 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 30 Jan 2023 21:21:48 +0100 Subject: [PATCH 648/703] bpf: fix restrict_fs on s390x Linux kernel's bpf-next contains BPF LSM support for s390x. systemd's test-bpf-lsm currently fails with this kernel. This is an endianness issue: in the restrict_fs bpf program, magic_number has type unsigned long (64 bits on s390x), but magic_map keys are uint32_t (32 bits). Accessing magic_map using 64-bit keys may work by accident on little-endian systems, but fails hard on big-endian ones. Fix by casting magic_number to uint32_t. (cherry picked from commit 907046282c27ee2ced5e22abb80ed8df2e157baf) (cherry picked from commit f62e7b470441643d07b23706ac943216a5cdfc97) (cherry picked from commit 25cb55890ec9a1bd7367e7a84a4df3a3287c7622) --- src/core/bpf/restrict_fs/restrict-fs.bpf.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/core/bpf/restrict_fs/restrict-fs.bpf.c b/src/core/bpf/restrict_fs/restrict-fs.bpf.c index cdc0613a019..1636ec3ca2c 100644 --- a/src/core/bpf/restrict_fs/restrict-fs.bpf.c +++ b/src/core/bpf/restrict_fs/restrict-fs.bpf.c @@ -39,16 +39,20 @@ struct { SEC("lsm/file_open") int BPF_PROG(restrict_filesystems, struct file *file, int ret) { - unsigned long magic_number; + unsigned long raw_magic_number; uint64_t cgroup_id; - uint32_t *value, *magic_map, zero = 0, *is_allow; + uint32_t *value, *magic_map, magic_number, zero = 0, *is_allow; /* ret is the return value from the previous BPF program or 0 if it's * the first hook */ if (ret != 0) return ret; - BPF_CORE_READ_INTO(&magic_number, file, f_inode, i_sb, s_magic); + BPF_CORE_READ_INTO(&raw_magic_number, file, f_inode, i_sb, s_magic); + /* super_block.s_magic is unsigned long, but magic_map keys are + * uint32_t. Using s_magic as-is would fail on big-endian systems, + * which have 64-bit unsigned long. So cast it. */ + magic_number = (uint32_t)raw_magic_number; cgroup_id = bpf_get_current_cgroup_id(); From 71f9e1fab88cffe20096ddaa520266ced66dbfcc Mon Sep 17 00:00:00 2001 From: msizanoen1 Date: Tue, 7 Feb 2023 20:17:21 +0700 Subject: [PATCH 649/703] unit: always return 1 in log_kill This ensures that cg_kill_items returns the correct value to let the manager know that a process was killed. (cherry picked from commit 500cd2e83b8246fbf20d99db898039cfba746223) (cherry picked from commit 86686e4292fed7ce150156439fbda690bac2ad68) (cherry picked from commit 64d728921401ac30476d9b0874e621520fb7f5ea) --- src/core/unit.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/unit.c b/src/core/unit.c index 2d9b1baff92..afeab41c2f0 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4464,7 +4464,9 @@ static int log_kill(pid_t pid, int sig, void *userdata) { /* Don't log about processes marked with brackets, under the assumption that these are temporary processes only, like for example systemd's own PAM stub process. */ if (comm && comm[0] == '(') - return 0; + /* Although we didn't log anything, as this callback is used in unit_kill_context we must return 1 + * here to let the manager know that a process was killed. */ + return 1; log_unit_notice(userdata, "Killing process " PID_FMT " (%s) with signal SIG%s.", From d57acef8ce3f3535bad0b4c696327a42a7a1ae6e Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Wed, 2 Nov 2022 11:05:01 -0400 Subject: [PATCH 650/703] udev/net: allow new link name as an altname before renaming happens When configuring a link's alternative names, the link's new name to-be is not allowed to be included because interface renaming will fail if the new name is already present as an alternative name. However, rtnl_set_link_name will delete the conflicting alternative name before renaming the device, if necessary. Allow the new link name to be set as an alternative name before the device is renamed. This means that if the rename is later skipped (i.e. because the link is already up), then the name can at least still be present as an alternative name. (cherry picked from commit d0b31efc1ab7f6826ad834cf6b9e371bf73776aa) (cherry picked from commit 7918496dcf2d6c06a8cd8626c23d2a463343a9df) (cherry picked from commit ba896a6de0335fca9a5b2ee4ad087c8b640b66c1) --- src/udev/net/link-config.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c index 58abcdb72b9..05171100654 100644 --- a/src/udev/net/link-config.c +++ b/src/udev/net/link-config.c @@ -808,8 +808,6 @@ static int link_apply_alternative_names(Link *link, sd_netlink **rtnl) { } } - if (link->new_name) - strv_remove(altnames, link->new_name); strv_remove(altnames, link->ifname); r = rtnl_get_link_alternative_names(rtnl, link->ifindex, ¤t_altnames); From be8b55dfcf2c6138bf20feb306d8b8f54941e0cd Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Fri, 2 Dec 2022 15:26:18 -0500 Subject: [PATCH 651/703] sd-netlink: do not swap old name and alternative name Commit 434a348380 ("netlink: do not fail when new interface name is already used as an alternative name") added logic to set the old interface name as an alternative name, but only when the new name is currently an alternative name. This is not the desired outcome in most cases, and the important part of this commit was to delete the new name from the list of alternative names if necessary. (cherry picked from commit 080afbb57c4b2d592c5cf77ab10c6e0be74f0732) (cherry picked from commit 3dc5b19f10916e15adb9071057fe877a958daea8) (cherry picked from commit facb873e6ffe1fd3e2f89cee2ed80756a849460a) --- src/libsystemd/sd-netlink/netlink-util.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c index 8b4ed44790a..dc10f3b5dd9 100644 --- a/src/libsystemd/sd-netlink/netlink-util.c +++ b/src/libsystemd/sd-netlink/netlink-util.c @@ -12,7 +12,6 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; _cleanup_strv_free_ char **alternative_names = NULL; - char old_name[IF_NAMESIZE] = {}; int r; assert(rtnl); @@ -32,10 +31,6 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { if (r < 0) return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m", name, ifindex); - - r = format_ifname(ifindex, old_name); - if (r < 0) - return log_debug_errno(r, "Failed to get current name of network interface %i: %m", ifindex); } r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex); @@ -50,13 +45,6 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { if (r < 0) return r; - if (!isempty(old_name)) { - r = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(old_name)); - if (r < 0) - log_debug_errno(r, "Failed to set '%s' as an alternative name on network interface %i, ignoring: %m", - old_name, ifindex); - } - return 0; } From 00cdc7b30004d9618421a3eeb4b54437a66fa4ed Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Wed, 2 Nov 2022 05:36:14 -0400 Subject: [PATCH 652/703] sd-netlink: restore altname on error in rtnl_set_link_name If a current alternative name is to be used to rename a network interface, the alternative name must be removed first. If interface renaming fails, restore the alternative name that was deleted if necessary. (cherry picked from commit 4d600667f8af2985850b03a46357e068d3fb8570) (cherry picked from commit 42d8817bd652731a25facebb4d6db7ee822774c2) (cherry picked from commit a536073a62bdc37d6190603bc9f41d364f41387b) --- src/libsystemd/sd-netlink/netlink-util.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c index dc10f3b5dd9..df7f824b852 100644 --- a/src/libsystemd/sd-netlink/netlink-util.c +++ b/src/libsystemd/sd-netlink/netlink-util.c @@ -12,6 +12,7 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; _cleanup_strv_free_ char **alternative_names = NULL; + bool altname_deleted = false; int r; assert(rtnl); @@ -31,21 +32,33 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { if (r < 0) return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m", name, ifindex); + + altname_deleted = true; } r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex); if (r < 0) - return r; + goto fail; r = sd_netlink_message_append_string(message, IFLA_IFNAME, name); if (r < 0) - return r; + goto fail; r = sd_netlink_call(*rtnl, message, 0, NULL); if (r < 0) - return r; + goto fail; return 0; + +fail: + if (altname_deleted) { + int q = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(name)); + if (q < 0) + log_debug_errno(q, "Failed to restore '%s' as an alternative name on network interface %i, ignoring: %m", + name, ifindex); + } + + return r; } int rtnl_set_link_properties( From 70dcc16bc2dda102820bfcfe774634cad1176c05 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Tue, 22 Nov 2022 17:01:47 -0500 Subject: [PATCH 653/703] sd-netlink: add a test for rtnl_set_link_name() Add a test that verifies a deleted alternative name is restored on error in rtnl_set_link_name(). (cherry picked from commit b338a8bb402a3ab241a617e096b21ae6a7b7badf) (cherry picked from commit 7299341bd1e114d2ef29539f4b0b5b5da9900120) (cherry picked from commit 37df773b230cebc65fae045abc6b17f4c1489cab) --- src/libsystemd/sd-netlink/test-netlink.c | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c index fbc3ef06094..c06287c6de9 100644 --- a/src/libsystemd/sd-netlink/test-netlink.c +++ b/src/libsystemd/sd-netlink/test-netlink.c @@ -8,6 +8,7 @@ #include #include #include +#include #include "sd-netlink.h" @@ -666,6 +667,30 @@ static void test_genl(void) { } } +static void test_rtnl_set_link_name(sd_netlink *rtnl, int ifindex) { + _cleanup_strv_free_ char **alternative_names = NULL; + int r; + + log_debug("/* %s */", __func__); + + if (geteuid() != 0) + return (void) log_tests_skipped("not root"); + + /* Test that the new name (which is currently an alternative name) is + * restored as an alternative name on error. Create an error by using + * an invalid device name, namely one that exceeds IFNAMSIZ + * (alternative names can exceed IFNAMSIZ, but not regular names). */ + r = rtnl_set_link_alternative_names(&rtnl, ifindex, STRV_MAKE("testlongalternativename")); + if (r == -EPERM) + return (void) log_tests_skipped("missing required capabilities"); + + assert_se(r >= 0); + assert_se(rtnl_set_link_name(&rtnl, ifindex, "testlongalternativename") == -EINVAL); + assert_se(rtnl_get_link_alternative_names(&rtnl, ifindex, &alternative_names) >= 0); + assert_se(strv_contains(alternative_names, "testlongalternativename")); + assert_se(rtnl_delete_link_alternative_names(&rtnl, ifindex, STRV_MAKE("testlongalternativename")) >= 0); +} + int main(void) { sd_netlink *rtnl; sd_netlink_message *m; @@ -697,6 +722,7 @@ int main(void) { test_pipe(if_loopback); test_event_loop(if_loopback); test_link_configure(rtnl, if_loopback); + test_rtnl_set_link_name(rtnl, if_loopback); test_get_addresses(rtnl); test_message_link_bridge(rtnl); From 92bed29fdd567613f357a61a39ca8d82e91fd7a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 26 Jan 2023 22:18:47 +0100 Subject: [PATCH 654/703] nspawn: Drop CAP_NET_BIND_SERVICE when in userns but not in netns If we're in a user namespace but not unsharing the network namespace, we won't be able to bind any privileged ports even with CAP_NET_BIND_SERVICE, so let's drop it from the retained capabilities so services can condition themselves on that. (cherry picked from commit 2642d22adc66771bd8bbb4187dc3de5472d04ad6) (cherry picked from commit 3a49291f4b82e746294df1772e9ab7eb957a9771) (cherry picked from commit 5037e0d27bc40594f9f7e7298ee38a3540ac4aa8) --- src/nspawn/nspawn.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 1d2bdcde196..57f89ebd869 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1712,7 +1712,16 @@ static int parse_argv(int argc, char *argv[]) { * --directory=". */ arg_directory = TAKE_PTR(arg_template); - arg_caps_retain = (arg_caps_retain | plus | (arg_private_network ? UINT64_C(1) << CAP_NET_ADMIN : 0)) & ~minus; + arg_caps_retain |= plus; + arg_caps_retain |= arg_private_network ? UINT64_C(1) << CAP_NET_ADMIN : 0; + + /* If we're not unsharing the network namespace and are unsharing the user namespace, we won't have + * permissions to bind ports in the container, so let's drop the CAP_NET_BIND_SERVICE capability to + * indicate that. */ + if (!arg_private_network && arg_userns_mode != USER_NAMESPACE_NO && arg_uid_shift > 0) + arg_caps_retain &= ~(UINT64_C(1) << CAP_NET_BIND_SERVICE); + + arg_caps_retain &= ~minus; /* Make sure to parse environment before we reset the settings mask below */ r = parse_environment(); From b5ab57bd6f0edeeee980f666da8100cdb025644d Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 26 Jan 2023 22:20:01 +0100 Subject: [PATCH 655/703] resolve: Skip creating stubs if missing CAP_NET_BIND_SERVICE If we don't have CAP_NET_BIND_SERVICE, we won't be able to bind the stub listener socket, so let's skip creating it and log a warning. We do the same for the extra stubs if they're configured on privileged ports. (cherry picked from commit 0398c084efba664e44625d82f2be72e18c952678) (cherry picked from commit ab877f7072728420e49d179bca310a698cf9994c) (cherry picked from commit 2a36784277756c3a5e424efdd671a7a33bc8e128) --- src/resolve/resolved-dns-stub.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 89d1f1cdfc2..7d3155cec0d 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -3,6 +3,7 @@ #include #include +#include "capability-util.h" #include "errno-util.h" #include "fd-util.h" #include "missing_network.h" @@ -1240,6 +1241,12 @@ static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int ty if (*event_source) return sd_event_source_get_io_fd(*event_source); + if (!have_effective_cap(CAP_NET_BIND_SERVICE) && dns_stub_listener_extra_port(l) < 1024) { + log_warning("Missing CAP_NET_BIND_SERVICE capability, not creating extra stub listener on port %hu.", + dns_stub_listener_extra_port(l)); + return 0; + } + if (l->family == AF_INET) sa = (union sockaddr_union) { .in.sin_family = l->family, @@ -1335,6 +1342,8 @@ int manager_dns_stub_start(Manager *m) { if (m->dns_stub_listener_mode == DNS_STUB_LISTENER_NO) log_debug("Not creating stub listener."); + else if (!have_effective_cap(CAP_NET_BIND_SERVICE)) + log_warning("Missing CAP_NET_BIND_SERVICE capability, not creating stub listener on port 53."); else { static const struct { uint32_t addr; From 37d4bf1cd29fe91dbb85b586c6a2a8b21bcffffe Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 28 Jan 2023 14:01:37 +0900 Subject: [PATCH 656/703] sd-dhcp-server: allow to send header only message If we receive a header only message, and the server is running in relay mode, then the assertion was triggered. Fixes #26151. (cherry picked from commit b52031dbbcabe4b1e3016ba64d4a2822740188bc) (cherry picked from commit 7aeb2a8d4ea660ad863e7b2c5432f64f903f1cd5) (cherry picked from commit 41fdc8ed32408d598ddafc7feb3beece7f654262) --- src/libsystemd-network/sd-dhcp-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index 9088c09fc09..e258ffdef7c 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -337,7 +337,7 @@ static int dhcp_server_send_udp(sd_dhcp_server *server, be32_t destination, assert(server); assert(server->fd >= 0); assert(message); - assert(len > sizeof(DHCPMessage)); + assert(len >= sizeof(DHCPMessage)); if (server->bind_to_interface) { msg.msg_control = &control; From 5d8283f77d198a6888d90bc7b432a221750f6ab0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= Date: Sat, 28 Jan 2023 22:32:41 +0100 Subject: [PATCH 657/703] importd: Always specify file unpacked by tar Despite popular belief, the default file extracted by GNU tar is not stdin. It is the value of the TAPE environment variable, falling back on a compile-time constant. On my system, the default value is /dev/full, which causes tar to just spin forever due to --ignore-zeros. Always specifying this flag is the safe thing to do. ~$ tar --show-defaults --format=gnu -f/dev/full -b20 --quoting-style=escape --rmt-command=/usr/sbin/grmt See also: ``(tar)defaults'', available via Info viewers, and in HTML form at: https://www.gnu.org/s/tar/manual/html_node/defaults.html (cherry picked from commit 181eea677dd364d2b22dc691647792142b271074) (cherry picked from commit 817b8441c481cec71689a8ccac727d85e3ba549b) (cherry picked from commit 48f3e2d5c5cfba01405a609a5bd4d54071243c13) --- src/import/import-common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/import/import-common.c b/src/import/import-common.c index 4eda9087c5a..9e64e539a18 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -46,7 +46,8 @@ int import_fork_tar_x(const char *path, pid_t *ret) { "--ignore-zeros", "--numeric-owner", "-C", path, - "-px", + "-pxf", + "-", "--xattrs", "--xattrs-include=*", use_selinux ? "--selinux" : "--no-selinux", From 1adad5d27940284578a740993444c15720e83126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 31 Jan 2023 17:04:10 +0100 Subject: [PATCH 658/703] sysusers: insist that root group is 0 In https://bugzilla.redhat.com/show_bug.cgi?id=2156900 sysusers was reporting a conflict between the following lines: u root 0:0 "Super User" /root /bin/bash u root 0 "Super User" /root The problem is that those configurations are indeed not equivalent. If group 0 exists with a different name, the first line would just create the user, but the second line would create a 'root' group with a different GID. The second behaviour seems definitely wrong. (Or at least more confusing in practice than the first one. The system is in a strange shape, but the second approach takes an additional step than is worse than doing nothing.) When this line was initially added, we didn't have the uid:gid functionality for 'u', so we didn't think about this too much. But now we do, so we should use it. $ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'g foobar 0' Creating group 'foobar' with GID 0. $ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'u root 0 "Zuper zuper"' src/sysusers/sysusers.c:1365: Creating group 'root' with GID 999. src/sysusers/sysusers.c:1115: Suggested user ID 0 for root already used. src/sysusers/sysusers.c:1183: Creating user 'root' (Zuper zuper) with UID 999 and GID 999. vs. $ build/systemd-sysusers --root=/var/tmp/inst7 --inline 'u root 0:0 "Zuper zuper"' src/sysusers/sysusers.c:1183: Creating user 'root' (Zuper zuper) with UID 0 and GID 0. (cherry picked from commit 49bb7fe5f88fc35b8529d7d8dfcd4c151a9aaf1a) (cherry picked from commit 8ad3d68acd7202afb35660eea49fe8c9f92609b8) (cherry picked from commit c8b6bc7530030568bb980a66aa8e1b6517998c58) --- sysusers.d/basic.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in index 7f1d052deb7..0b859a4e5dc 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -6,7 +6,7 @@ # (at your option) any later version. # The superuser -u root 0 "Super User" /root +u root 0:0 "Super User" /root # The nobody user/group for NFS file systems g {{NOBODY_GROUP_NAME}} 65534 - - From 078ce6450af730500e381566ba092678aecf90a3 Mon Sep 17 00:00:00 2001 From: Rudi Heitbaum Date: Tue, 31 Jan 2023 12:06:56 +0000 Subject: [PATCH 659/703] glibc: Conditionally #include to resolve fsconfig_command/mount_attr conflict with glibc 2.36 Co-authored-by: Frantisek Sumsal (cherry picked from commit 1bb6ba08b128d62acdbbc566d60a054ff5bb9565) (cherry picked from commit a8b9c4766d957809402546ca645180c09f948763) (cherry picked from commit f048fba73fd1148c684bfc928eebf3f1be993ff8) --- src/basic/linux/README | 1 + src/basic/linux/btrfs.h | 2 ++ src/basic/linux/update.sh | 1 + 3 files changed, 4 insertions(+) diff --git a/src/basic/linux/README b/src/basic/linux/README index 1abc9450a6b..790b4feb0ae 100644 --- a/src/basic/linux/README +++ b/src/basic/linux/README @@ -5,3 +5,4 @@ modifications are applied: - btrfs.h: drop '__user' attributes - if.h: drop '#include ' and '__user' attributes - stddef.h: drop '#include ' +- guard linux/fs.h include to avoid conflict with glibc 2.36 diff --git a/src/basic/linux/btrfs.h b/src/basic/linux/btrfs.h index 0a53bdc38a8..74ed9088bd2 100644 --- a/src/basic/linux/btrfs.h +++ b/src/basic/linux/btrfs.h @@ -26,7 +26,9 @@ extern "C" { #include #include +#if WANT_LINUX_FS_H #include +#endif #define BTRFS_IOCTL_MAGIC 0x94 #define BTRFS_VOL_NAME_MAX 255 diff --git a/src/basic/linux/update.sh b/src/basic/linux/update.sh index 6aff039d3ef..6155766aaf8 100755 --- a/src/basic/linux/update.sh +++ b/src/basic/linux/update.sh @@ -7,4 +7,5 @@ for i in *.h */*.h; do curl --fail "https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/$i" -o "$i" sed -r -i -e 's/__user //g' -e '/^#include / d' "$i" + sed -r -i 's/^(#include )/#if WANT_LINUX_FS_H\n\1\n#endif/' "$i" done From 9c232539c7ddd797ed277be6bcb21e7ff6c65389 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 27 Jan 2023 14:37:45 +0100 Subject: [PATCH 660/703] meson: Install all catalogs (cherry picked from commit 3774ff06f25335c2a049585f0ecb486a3da58e5e) (cherry picked from commit 5bad071f73bab88ee2b7c0891e40e76f8d579755) (cherry picked from commit 4aa6be359f509eeaf3ded290489136513c24ce2a) --- catalog/meson.build | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/catalog/meson.build b/catalog/meson.build index 83c22d7d368..0ac3551dff7 100644 --- a/catalog/meson.build +++ b/catalog/meson.build @@ -1,18 +1,24 @@ # SPDX-License-Identifier: LGPL-2.1-or-later in_files = [ - 'systemd.bg.catalog', 'systemd.be.catalog', 'systemd.be@latin.catalog', + 'systemd.bg.catalog', + 'systemd.catalog', + 'systemd.da.catalog', 'systemd.de.catalog', 'systemd.fr.catalog', + 'systemd.hr.catalog', + 'systemd.hu.catalog', 'systemd.it.catalog', + 'systemd.ko.catalog', 'systemd.pl.catalog', 'systemd.pt_BR.catalog', 'systemd.ru.catalog', + 'systemd.sr.catalog', 'systemd.zh_CN.catalog', 'systemd.zh_TW.catalog', - 'systemd.catalog'] +] support_url = get_option('support-url') support_sed = 's~%SUPPORT_URL%~@0@~'.format(support_url) From 0691c16e34ae9d18c89c8a2451019e7b32911bd9 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 27 Jan 2023 17:50:27 +0100 Subject: [PATCH 661/703] meson: Install missing network file (cherry picked from commit 17be6f270907eff274df80e91e1d323cb04f266f) (cherry picked from commit aa79d157af49bc8e5664b881b27057d6bc589633) (cherry picked from commit 8a91017dad2d741020a8e8c584374ec7a95d7eec) --- network/meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/network/meson.build b/network/meson.build index f4ae2194d05..6098690ea2d 100644 --- a/network/meson.build +++ b/network/meson.build @@ -3,6 +3,7 @@ if conf.get('ENABLE_NETWORKD') == 1 install_data('80-6rd-tunnel.network', '80-container-host0.network', + '80-container-vb.network', '80-container-ve.network', '80-container-vz.network', '80-vm-vt.network', From 8523187071dcc9411e5769a9a35a4784ceb85c1b Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 27 Jan 2023 17:56:12 +0100 Subject: [PATCH 662/703] meson: Install missing bash-completions (cherry picked from commit 7b2f84e3f2c5cf84ca39a054493979a8960a9d47) (cherry picked from commit 6d8885af572bfa662bc3b74ebc4831c6e8a155ce) (cherry picked from commit 3ae34059895a12b99e3f312316f0a0f57d1c5abd) --- shell-completion/bash/meson.build | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/shell-completion/bash/meson.build b/shell-completion/bash/meson.build index 963a11b6cee..227788be4e9 100644 --- a/shell-completion/bash/meson.build +++ b/shell-completion/bash/meson.build @@ -31,11 +31,11 @@ items = [['busctl', ''], ['systemd-path', ''], ['systemd-run', ''], ['udevadm', ''], - ['kernel-install', ''], ['bootctl', 'HAVE_GNU_EFI'], ['coredumpctl', 'ENABLE_COREDUMP'], ['homectl', 'ENABLE_HOMED'], ['hostnamectl', 'ENABLE_HOSTNAMED'], + ['kernel-install', ''], ['localectl', 'ENABLE_LOCALED'], ['loginctl', 'ENABLE_LOGIND'], ['machinectl', 'ENABLE_MACHINED'], @@ -43,7 +43,9 @@ items = [['busctl', ''], ['oomctl', 'ENABLE_OOMD'], ['portablectl', 'ENABLE_PORTABLED'], ['resolvectl', 'ENABLE_RESOLVE'], + ['systemd-dissect', 'HAVE_BLKID'], ['systemd-resolve', 'ENABLE_RESOLVE'], + ['systemd-sysext', 'ENABLE_SYSEXT'], ['timedatectl', 'ENABLE_TIMEDATED']] foreach item : items From a2dc9e3be9a8895edcba10f4c0d8d703b435c18b Mon Sep 17 00:00:00 2001 From: Robin Humble Date: Wed, 1 Feb 2023 23:36:48 +1100 Subject: [PATCH 663/703] pid1: fix segv triggered by status query (#26279) If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL. If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL) which segfaults pid 1. This is triggered by eg. "systemctl status crond" in RHEL9 if /etc/systemd/system/crond.service -> /ram/etc/systemd/system/crond.service -> /usr/lib/systemd/system/.crond.service.blah.blah -> /usr/lib/systemd/system/crond.service (cherry picked from commit 19cfda9fc3c60de21a362ebb56bcb9f4a9855e85) (cherry picked from commit 015b0ca9286471c05fe88cfa277dd82e20537ba8) (cherry picked from commit 9a906fae890904284fe91e29b6bdcb64429fecba) --- src/shared/install.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/install.c b/src/shared/install.c index 8f1af755fa9..a6b80d5ffbe 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -1607,7 +1607,7 @@ static int install_info_traverse( } r = install_info_follow(c, i, paths->root_dir, flags, false); - if (r == -EXDEV) { + if (r == -EXDEV && i->symlink_target) { _cleanup_free_ char *buffer = NULL; const char *bn; From 53be27c44b0e5f6a763ac60108325e5a41864857 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 6 Feb 2023 10:00:50 +0100 Subject: [PATCH 664/703] repart: fix invalid errno in log (cherry picked from commit 375ffdba43f6dac5f4b1222d4e345f7cdf868f8c) (cherry picked from commit 31b7785814fa9e82a1d48e4b5a6b1f6df1110b03) (cherry picked from commit 828e73a7bb17cf8ec4a0f90004a878fcc839add5) --- src/partition/repart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/partition/repart.c b/src/partition/repart.c index 37b74e007a2..e8ac33b3186 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -3876,7 +3876,7 @@ static int resolve_copy_blocks_auto( continue; } if (major(sl) == 0) { - log_debug_errno(r, "Device backing %s is special, ignoring: %m", q); + log_debug("Device backing %s is special, ignoring.", q); continue; } From 9fbbd7bf28e5362b786e152a9ce4e8bd40621759 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 3 Feb 2023 18:29:36 +0900 Subject: [PATCH 665/703] argv-util: also update program_invocation_short_name Our logging uses program_invocation_short_name. Without this patch, logs from forked client may become broken; spuriously truncated or the short invocation name is not completely shown in the log. (cherry picked from commit dd15e4cb57129b915e01495e113696bfe0b70214) (cherry picked from commit ce4726468dc02bd7383cd7d90c8769576c6973e3) (cherry picked from commit 7a862d9d1a7196a5576720959849f45fc68b041c) --- src/basic/process-util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/basic/process-util.c b/src/basic/process-util.c index c9718521584..a5ad24cc5c4 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -368,6 +368,10 @@ int rename_process(const char name[]) { strncpy(program_invocation_name, name, k); if (l > k) truncated = true; + + /* Also update the short name. */ + char *p = strrchr(program_invocation_name, '/'); + program_invocation_short_name = p ? p + 1 : program_invocation_name; } /* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but From 125655d13dd0c429e2dbe00448cf97580f2e04f6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 7 Feb 2023 15:03:45 +0100 Subject: [PATCH 666/703] journal: print a useful error message if we hit the journal file open limit See: #20921 (cherry picked from commit 763c46defa1c9b632a0788622d05c71a7de18424) (cherry picked from commit 1187340c9d46987f408dbc6d2936d4275a97d0bf) (cherry picked from commit 2c984010bc46b4cfe2da41d0053fbdafde225332) --- src/libsystemd/sd-journal/journal-internal.h | 2 ++ src/libsystemd/sd-journal/sd-journal.c | 2 -- src/shared/journal-util.c | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libsystemd/sd-journal/journal-internal.h b/src/libsystemd/sd-journal/journal-internal.h index 7fc6896522e..388c5b0ccde 100644 --- a/src/libsystemd/sd-journal/journal-internal.h +++ b/src/libsystemd/sd-journal/journal-internal.h @@ -14,6 +14,8 @@ #include "list.h" #include "set.h" +#define JOURNAL_FILES_MAX 7168u + typedef struct Match Match; typedef struct Location Location; typedef struct Directory Directory; diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c index fa022cffcc2..de9deb2e6da 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c @@ -42,8 +42,6 @@ #include "strv.h" #include "syslog-util.h" -#define JOURNAL_FILES_MAX 7168 - #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC) /* The maximum size of variable values we'll expand in catalog entries. We bind this to PATH_MAX for now, as diff --git a/src/shared/journal-util.c b/src/shared/journal-util.c index 9e1870e176c..3e11bec90f2 100644 --- a/src/shared/journal-util.c +++ b/src/shared/journal-util.c @@ -129,6 +129,10 @@ int journal_access_check_and_warn(sd_journal *j, bool quiet, bool want_other_use log_warning_errno(err, "Journal file %s corrupted, ignoring file.", path); break; + case ETOOMANYREFS: + log_warning_errno(err, "Too many journal files (limit is at %u) in scope, ignoring file '%s'.", JOURNAL_FILES_MAX, path); + break; + default: log_warning_errno(err, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path); break; From 4d447fb9105ac9ce8c2aadb4a47e81609ab57804 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 7 Feb 2023 14:16:11 +0900 Subject: [PATCH 667/703] udevd: configure a child process name for worker processes This effectively reverts commit ff86c92e3043f71fc801cf687600a480ee8f6778, and re-apply 49f3ee7e74c714f55aab395c080b1099fc17f7fd. The change was dropped due to the process name was not correctly logged, but the issue was fixed by dd15e4cb57129b915e01495e113696bfe0b70214. Let's set the child process name again. (cherry picked from commit e955a7f460adadf54da7bfb62f04cbff16ca5941) (cherry picked from commit 62055cfd4bf2355abb3c0ccb52a5802b41d0ec92) (cherry picked from commit a87c01d20246429a53ebfac48e9bdba4eed019f7) --- src/udev/udevd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 6a3a7f69542..9320284be6d 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -698,7 +698,7 @@ static int worker_spawn(Manager *manager, Event *event) { if (r < 0) return log_error_errno(r, "Worker: Failed to enable receiving of device: %m"); - r = safe_fork(NULL, FORK_DEATHSIG, &pid); + r = safe_fork("(udev-worker)", FORK_DEATHSIG, &pid); if (r < 0) { event->state = EVENT_QUEUED; return log_error_errno(r, "Failed to fork() worker: %m"); From 0a3a54c0693974340b173d663173d5be8dbf7483 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 8 Feb 2023 00:25:00 +0000 Subject: [PATCH 668/703] core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted If the device access policy is restricted, add implicitly access to the TPM if at least one encrypted credential needs to be loaded. Fixes https://github.com/systemd/systemd/issues/26042 (cherry picked from commit 398dc7d39b9a877e71529f0e0b139329e4c6992e) (cherry picked from commit f0126ad7f90a37c6c81e735726a3bbea1aa6d4d7) (cherry picked from commit 158760941f6f59f6307a49455ce1af5db97b67c9) --- man/systemd.exec.xml | 8 +++++++- src/core/unit.c | 10 ++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index c7ea48a4809..5ee59397640 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -3041,7 +3041,13 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy /var/lib/systemd/credentials.secret, or with both. Using encrypted credentials improves security as credentials are not stored in plaintext and only decrypted into plaintext the moment a service requiring them is started. Moreover, credentials may be bound to the local hardware - and installations, so that they cannot easily be analyzed offline. + and installations, so that they cannot easily be analyzed offline. When DevicePolicy= + is set to closed or strict, or set to auto + and DeviceAllow= is set, or PrivateDevices= is set, then this + setting adds /dev/tpmrm0 with rw mode to + DeviceAllow=. See + systemd.resource-control5 + for the details about DevicePolicy= or DeviceAllow=. The credential files/IPC sockets must be accessible to the service manager, but don't have to be directly accessible to the unit's processes: the credential data is read and copied into separate, diff --git a/src/core/unit.c b/src/core/unit.c index afeab41c2f0..162ac1d5e2e 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4144,6 +4144,16 @@ int unit_patch_contexts(Unit *u) { if (r < 0) return r; } + + /* If there are encrypted credentials we might need to access the TPM. */ + ExecLoadCredential *cred; + HASHMAP_FOREACH(cred, ec->load_credentials) + if (cred->encrypted) { + r = cgroup_add_device_allow(cc, "/dev/tpmrm0", "rw"); + if (r < 0) + return r; + break; + } } return 0; From c20388003eb3f245979a8384818b7906708cda84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Feb 2023 09:40:24 +0100 Subject: [PATCH 669/703] core/service: constify ExecCommand* in two functions (cherry picked from commit 502096b56593919fc947415f6e32bcb680728dac) (cherry picked from commit e811aead84ec71926c4b53756a69f75f5b30aaa8) (cherry picked from commit b4df64597b48a78028f695e50db9d9e74a3767e6) --- src/core/service.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/core/service.c b/src/core/service.c index a425e0702ac..cc2879f7b02 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -2566,25 +2566,24 @@ _pure_ static bool service_can_reload(Unit *u) { return !!s->exec_command[SERVICE_EXEC_RELOAD]; } -static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, ExecCommand *current) { +static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, const ExecCommand *current) { Service *s = SERVICE(u); unsigned idx = 0; - ExecCommand *first, *c; assert(s); assert(id >= 0); assert(id < _SERVICE_EXEC_COMMAND_MAX); - first = s->exec_command[id]; + const ExecCommand *first = s->exec_command[id]; /* Figure out where we are in the list by walking back to the beginning */ - for (c = current; c != first; c = c->command_prev) + for (const ExecCommand *c = current; c != first; c = c->command_prev) idx++; return idx; } -static int service_serialize_exec_command(Unit *u, FILE *f, ExecCommand *command) { +static int service_serialize_exec_command(Unit *u, FILE *f, const ExecCommand *command) { _cleanup_free_ char *args = NULL, *p = NULL; Service *s = SERVICE(u); const char *type, *key; From eeb9299eee18eed2f03bc4bd2683fe22574501a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Feb 2023 10:54:49 +0100 Subject: [PATCH 670/703] test-parse-util: add tests with explicit plus character I expected this to work, but our tests did not cover this explicitly. (cherry picked from commit 8eb491f4993c6080e9724c0359a87c64c460605e) (cherry picked from commit 7c0ac515c8094fd62c100477fa293aa31f97e2c4) (cherry picked from commit 36c35e765db478d5f72cdd70cd663baa865ad43a) --- src/test/test-parse-util.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/test/test-parse-util.c b/src/test/test-parse-util.c index daa547c793b..a3875747a07 100644 --- a/src/test/test-parse-util.c +++ b/src/test/test-parse-util.c @@ -480,6 +480,14 @@ TEST(safe_atou16) { assert_se(r == 0); assert_se(l == 12345); + r = safe_atou16("+12345", &l); + assert_se(r == 0); + assert_se(l == 12345); + + r = safe_atou16(" +12345", &l); + assert_se(r == 0); + assert_se(l == 12345); + r = safe_atou16("123456", &l); assert_se(r == -ERANGE); @@ -514,6 +522,14 @@ TEST(safe_atoi16) { assert_se(r == 0); assert_se(l == -12345); + r = safe_atoi16("+12345", &l); + assert_se(r == 0); + assert_se(l == 12345); + + r = safe_atoi16(" +12345", &l); + assert_se(r == 0); + assert_se(l == 12345); + r = safe_atoi16("32767", &l); assert_se(r == 0); assert_se(l == 32767); @@ -703,6 +719,22 @@ TEST(safe_atoux64) { assert_se(r == 0); assert_se(l == 11603985); + r = safe_atoux64("+12345", &l); + assert_se(r == 0); + assert_se(l == 0x12345); + + r = safe_atoux64(" +12345", &l); + assert_se(r == 0); + assert_se(l == 0x12345); + + r = safe_atoux64("+0x12345", &l); + assert_se(r == 0); + assert_se(l == 0x12345); + + r = safe_atoux64("+0b11011", &l); + assert_se(r == 0); + assert_se(l == 11603985); + r = safe_atoux64("0o11011", &l); assert_se(r == -EINVAL); From 4502e7928cb20f174a00605cb78eeed78f0ce448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Feb 2023 11:30:13 +0100 Subject: [PATCH 671/703] manager: "downgrade" message about command vanishing from the unit file We would print "Current command vanished from the unit file, execution of the command list won't be resumed." as a warning, but most of the time there is nothing to resume, because a unit has just one command. So let's detect the case where the command that was active is the last command in the sequence and skip the warning. I was considering how to store the information that the command is last. An important consideration is not to use a format that would confuse older versions of systemd. (It wouldn't be a big problem if older systemd just refused the new serialization, since we require systemd to be newer, but we should avoid the case where the deserialization is "successful", but actually incorrect.) Similarly, the deserialization from the old systemd must not confuse new systemd. For this command, we have a list of arguments at the end, so just adding a new field either in the middle or at the end is problematic because it's hard to ensure that we don't mix up the positional and variable arguments. We actually need to store just one bit of information, so '+' is prefixed on the index of the last command and used by new systemd to skip the warning. When deserializing from older systemd, '+' is not present, so we detect all commands as "not last", and still emit the warning, so we err on the side of caution. If the user were to deserialize from newer to older systemd, nothing untoward would happen, because the '+' is ignored. (Users shouldn't do this, but we know that this occasionally happens with initrds or exitrds and package downgrades.) (cherry picked from commit a99bd455b59b7922a1b1af480b209263a4d3c659) (cherry picked from commit 9bb72a4e9694ec301d89861e349eb31fbf1aba16) (cherry picked from commit a71be850b58bdba2ac11566ee1a268a9b00e36d6) --- src/core/service.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/core/service.c b/src/core/service.c index cc2879f7b02..e02c2e38adb 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -2639,7 +2639,16 @@ static int service_serialize_exec_command(Unit *u, FILE *f, const ExecCommand *c return log_oom(); key = strjoina(type, "-command"); - (void) serialize_item_format(f, key, "%s %u %s %s", service_exec_command_to_string(id), idx, p, args); + + /* We use '+1234' instead of '1234' to mark the last command in a sequence. + * This is used in service_deserialize_exec_command(). */ + (void) serialize_item_format( + f, key, + "%s %s%u %s %s", + service_exec_command_to_string(id), + command->command_next ? "" : "+", + idx, + p, args); return 0; } @@ -2751,7 +2760,7 @@ int service_deserialize_exec_command( Service *s = SERVICE(u); int r; unsigned idx = 0, i; - bool control, found = false; + bool control, found = false, last = false; ServiceExecCommand id = _SERVICE_EXEC_COMMAND_INVALID; ExecCommand *command = NULL; _cleanup_free_ char *path = NULL; @@ -2792,9 +2801,15 @@ int service_deserialize_exec_command( state = STATE_EXEC_COMMAND_INDEX; break; case STATE_EXEC_COMMAND_INDEX: + /* PID 1234 is serialized as either '1234' or '+1234'. The second form is used to + * mark the last command in a sequence. We warn if the deserialized command doesn't + * match what we have loaded from the unit, but we don't need to warn if that is the + * last command. */ + r = safe_atou(arg, &idx); if (r < 0) return r; + last = arg[0] == '+'; state = STATE_EXEC_COMMAND_PATH; break; @@ -2839,6 +2854,8 @@ int service_deserialize_exec_command( s->control_command_id = id; } else if (command) s->main_command = command; + else if (last) + log_unit_debug(u, "Current command vanished from the unit file."); else log_unit_warning(u, "Current command vanished from the unit file, execution of the command list won't be resumed."); From 1734d9629d157d5e2de3fdf509af759062b1cb04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 9 Feb 2023 14:04:26 +0100 Subject: [PATCH 672/703] man: fix section number Fixes #26376. (cherry picked from commit 359c14368e64ea4714b84d7f5311fd8c3f9c91c1) (cherry picked from commit ebada36b7bd499355d0f486ce2f5bf39ffd1069c) (cherry picked from commit a05470812a3fdf5eff97c4bdb7f7ee2821563e09) --- man/tmpfiles.d.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 3267454f3b2..568015c9670 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -90,7 +90,7 @@ A+ /path-or-glob/to/append/acls/recursively - - - - POSIX systemd-tmpfiles uses this configuration to create volatile files and directories during boot and to do periodic cleanup afterwards. See - systemd-tmpfiles5 for + systemd-tmpfiles8 for the description of systemd-tmpfiles-setup.service, systemd-tmpfiles-clean.service, and associated units. From 3271bc9bec20345edc09c7209852c90bafde874a Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 10 Feb 2023 11:58:20 +0000 Subject: [PATCH 673/703] README: explicitly note that util-linux's mount/swap are required These are the most visible and hard requirements, as we use options that busybox does not provide, so list them explicitly to avoid surprises (cherry picked from commit 164070e497f36b6d8055e4338e07188dd975f6f2) (cherry picked from commit 0dc9f7335d37be2a90f34e20f04573331bf3e4d3) (cherry picked from commit facb134183d72c31636f09bcae080cf9337a6877) --- README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README b/README index 48d9994de83..33c46a707ac 100644 --- a/README +++ b/README @@ -209,7 +209,9 @@ REQUIREMENTS: During runtime, you need the following additional dependencies: - util-linux >= v2.27.1 required + util-linux >= v2.27.1 required (including but not limited to: mount, + umount, swapon, swapoff, sulogin, + agetty, fsck) dbus >= 1.4.0 (strictly speaking optional, but recommended) NOTE: If using dbus < 1.9.18, you should override the default policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). From dde473ed450a60953e8c6111e1b4bdb38ac95e06 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Fri, 10 Feb 2023 14:04:27 +0100 Subject: [PATCH 674/703] userdb: Use json_dispatch_user_group_name() to parse GetMembership fields It allows to relax the checks and allow characters like '\', used by windows to split the domain name and user name. For reference, discussion in the systemd-devel mailing list: https://lists.freedesktop.org/archives/systemd-devel/2023-February/048804.html Signed-off-by: Samuel Cabrero (cherry picked from commit edd5ec23738ef9ae7b1416bacede97e70ddf9402) (cherry picked from commit 68d11465e437d1916a5fbe0cd223283050d40ab1) (cherry picked from commit 132e153b9045c9c88f70cf36115ffefb84adb971) --- src/shared/userdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/shared/userdb.c b/src/shared/userdb.c index 0eddd382e69..ec0c835cadd 100644 --- a/src/shared/userdb.c +++ b/src/shared/userdb.c @@ -296,8 +296,8 @@ static int userdb_on_query_reply( } membership_data = {}; static const JsonDispatch dispatch_table[] = { - { "userName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(struct membership_data, user_name), JSON_SAFE }, - { "groupName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(struct membership_data, group_name), JSON_SAFE }, + { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(struct membership_data, user_name), JSON_RELAX }, + { "groupName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(struct membership_data, group_name), JSON_RELAX }, {} }; From 54b580e1a78318924e0cc256b3632eb08014d535 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 10 Feb 2023 13:38:08 +0100 Subject: [PATCH 675/703] core: when isolating to a unit, also keep units running that are triggered by units we keep running Inspired by: #26364 (this might even "fix" #26364, but without debug logs it's hard to make such claims) Fixes: #23055 (cherry picked from commit 32d6707dd1692d41e12f5469dfdcbc10f14d6619) (cherry picked from commit c973e2295cdc0fcf63569044ae81e6b93d4f2b4b) (cherry picked from commit bfe6d1d1979e98ffae0e56e2d2f0a2dda1fe209d) --- src/core/transaction.c | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/src/core/transaction.c b/src/core/transaction.c index ebe5f1910dd..cf9244c898b 100644 --- a/src/core/transaction.c +++ b/src/core/transaction.c @@ -1097,6 +1097,20 @@ int transaction_add_job_and_dependencies( return r; } +static bool shall_stop_on_isolate(Transaction *tr, Unit *u) { + assert(tr); + assert(u); + + if (u->ignore_on_isolate) + return false; + + /* Is there already something listed for this? */ + if (hashmap_get(tr->jobs, u)) + return false; + + return true; +} + int transaction_add_isolate_jobs(Transaction *tr, Manager *m) { Unit *u; char *k; @@ -1106,20 +1120,27 @@ int transaction_add_isolate_jobs(Transaction *tr, Manager *m) { assert(m); HASHMAP_FOREACH_KEY(u, k, m->units) { + Unit *o; - /* ignore aliases */ + /* Ignore aliases */ if (u->id != k) continue; - if (u->ignore_on_isolate) + /* No need to stop inactive units */ + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(u)) && !u->job) continue; - /* No need to stop inactive jobs */ - if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(u)) && !u->job) + if (!shall_stop_on_isolate(tr, u)) continue; - /* Is there already something listed for this? */ - if (hashmap_get(tr->jobs, u)) + /* Keep units that are triggered by units we want to keep around. */ + bool keep = false; + UNIT_FOREACH_DEPENDENCY(o, u, UNIT_ATOM_TRIGGERED_BY) + if (!shall_stop_on_isolate(tr, o)) { + keep = true; + break; + } + if (keep) continue; r = transaction_add_job_and_dependencies(tr, JOB_STOP, u, tr->anchor_job, true, false, false, false, NULL); From b98d71f53cdc0fa72c7ec98b6dde386001e73a08 Mon Sep 17 00:00:00 2001 From: ml <6209465+ml-@users.noreply.github.com> Date: Sun, 12 Feb 2023 00:22:52 +0100 Subject: [PATCH 676/703] nspawn: fix directory in logged error (cherry picked from commit 7b03b44ed9f5f748670aa26193274dae94468149) (cherry picked from commit cad1e9c53d7ce0b8e461c094d6244a6409c80ab6) (cherry picked from commit 3a44be9ad0d9e718c2a79d42d43f2f453b3e6e58) --- src/nspawn/nspawn-bind-user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nspawn/nspawn-bind-user.c b/src/nspawn/nspawn-bind-user.c index d3113c303e6..da9491ce070 100644 --- a/src/nspawn/nspawn-bind-user.c +++ b/src/nspawn/nspawn-bind-user.c @@ -398,7 +398,7 @@ int bind_user_setup( r = userns_mkdir(root, "/run/host/home", 0755, 0, 0); if (r < 0) - return log_error_errno(r, "Failed to create /run/host/userdb: %m"); + return log_error_errno(r, "Failed to create /run/host/home: %m"); r = userns_mkdir(root, "/run/host/userdb", 0755, 0, 0); if (r < 0) From 1b7b67d22a8bd000096a0f00f97d68fc90e5eaa3 Mon Sep 17 00:00:00 2001 From: ml <6209465+ml-@users.noreply.github.com> Date: Sun, 12 Feb 2023 00:30:28 +0100 Subject: [PATCH 677/703] man: fix directory for user home bind mounts (cherry picked from commit f39d7d00a31c1867d5fa41b3dd4e6d20665a8f3a) (cherry picked from commit bfaf02348e1086c9ce2e4503ef03dc75ed4f1afb) (cherry picked from commit 067b5b7e892ffa420628fef026ea4d1e16b2110d) --- man/systemd-nspawn.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 8a527269d3f..7a11a67f2d8 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -1383,7 +1383,7 @@ After=sys-subsystem-net-devices-ens1.device The user's home directory is bind mounted from the host into - /run/hosts/home/. + /run/host/home/. An additional UID/GID mapping is added that maps the host user's UID/GID to a container UID/GID, allocated from the 60514…60577 range. From 2b068e24ba6a7b60de46ecf53cf5d94c50c66ff5 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 13 Feb 2023 14:27:24 +0100 Subject: [PATCH 678/703] test-boot-timestamp: Handle ERANGE error Timestampfs from sysfs files can be zero in which case ERANGE will be returned so let's make sure we catch that. (cherry picked from commit 0da4cc97b446b43802692f2415e5a774771b0ca9) (cherry picked from commit ef96e60f18c6fd267dc0e942120a95fe25a94960) (cherry picked from commit 18a2aaf2f6c2c55f825632c25b07b121f6a1bb78) --- src/test/test-boot-timestamps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test-boot-timestamps.c b/src/test/test-boot-timestamps.c index 2bee2d5c1d6..c842266d035 100644 --- a/src/test/test-boot-timestamps.c +++ b/src/test/test-boot-timestamps.c @@ -16,7 +16,7 @@ static int test_acpi_fpdt(void) { r = acpi_get_boot_usec(&loader_start, &loader_exit); if (r < 0) { - bool ok = r == -ENOENT || r == -EACCES || r == -ENODATA; + bool ok = r == -ENOENT || r == -EACCES || r == -ENODATA || r == -ERANGE; log_full_errno(ok ? LOG_DEBUG : LOG_ERR, r, "Failed to read ACPI FPDT: %m"); return ok ? 0 : r; From 85771e8df5a282dc0f937b48f03655a0027b5631 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 15 Feb 2023 10:29:07 +0900 Subject: [PATCH 679/703] sysusers: also add root group Follow-up for 49bb7fe5f88fc35b8529d7d8dfcd4c151a9aaf1a. Fixes an issue reported at https://github.com/systemd/systemd/pull/26270#issuecomment-1428945403. (cherry picked from commit 9361a712f85860ead532dba1468dbd3deef00e34) (cherry picked from commit e91a3042747398475b83ba00915f768e578bb9ff) (cherry picked from commit f32581ac800467d05325098b9202b2e3cd018c34) --- sysusers.d/basic.conf.in | 1 + 1 file changed, 1 insertion(+) diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in index 0b859a4e5dc..a1af8be0987 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -6,6 +6,7 @@ # (at your option) any later version. # The superuser +g root 0 - - u root 0:0 "Super User" /root # The nobody user/group for NFS file systems From 74d5f34b0a2e9eff1ccbde36f27120def460ccc1 Mon Sep 17 00:00:00 2001 From: Joan Bruguera Date: Sun, 12 Feb 2023 20:06:08 +0000 Subject: [PATCH 680/703] resolved: Fall back to TCP if UDP is blocked If UDP is blocked on the system (e.g. by iptables or BPF), the kernel will return EPERM on some or all of the system calls (connect, sendmsg, etc.). In this case, try to fall back to TCP, which hopefully will not be blocked. (cherry picked from commit 3dd6336ad0cb40e928745404ed72c41e4ac9c39e) (cherry picked from commit a88e35bf953f5a0047d5170d0d0e2d372b2280ae) (cherry picked from commit 58cbb7a89b1b66be8b593eec29a6413d5ecdb780) (cherry picked from commit 5f6a369a6a680051872a94e97a3420187901301c) --- src/resolve/resolved-dns-transaction.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 30105488723..9438eb44c2c 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -2029,7 +2029,9 @@ int dns_transaction_go(DnsTransaction *t) { log_debug("Sending query via TCP since it is too large."); else if (r == -EAGAIN) log_debug("Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected."); - if (IN_SET(r, -EMSGSIZE, -EAGAIN)) + else if (r == -EPERM) + log_debug("Sending query via TCP since UDP is blocked."); + if (IN_SET(r, -EMSGSIZE, -EAGAIN, -EPERM)) r = dns_transaction_emit_tcp(t); } if (r == -ELOOP) { From 4cba8e33f889cb829c50cc3f864fbb25fc4f926e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 15 Feb 2023 14:23:34 +0900 Subject: [PATCH 681/703] core/mount: fix default target for /sysusr/usr and its child Follow-up for 29a24ab28e9790680348b1ffab653a321fa49a67. (cherry picked from commit dbfc096095cb741f5345be0dc6508628008c46d7) (cherry picked from commit a3177cbe546537c873d477138014d054b1cc6376) (cherry picked from commit 6e8d76f776b02eadfa6e4575f516866786fd3817) (cherry picked from commit 4647e869227bec6c495194ed4e49061c141d4a6c) --- src/core/mount.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/mount.c b/src/core/mount.c index 3633bedb875..b4721b0c2ea 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -473,6 +473,10 @@ static int mount_add_default_ordering_dependencies( after = NULL; before = isempty(e) ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_INITRD_FS_TARGET; + } else if (in_initrd() && path_startswith(m->where, "/sysusr/usr")) { + after = NULL; + before = SPECIAL_INITRD_USR_FS_TARGET; + } else if (mount_is_network(p)) { after = SPECIAL_REMOTE_FS_PRE_TARGET; before = SPECIAL_REMOTE_FS_TARGET; From 8e8c7d51140b77ce230b5b5fb52d717c43f5b339 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 16 Feb 2023 10:10:19 +0100 Subject: [PATCH 682/703] pid1: generate compat warning for SystemCallArchitectures= if seccomp is off (cherry picked from commit 6aa2c55522d7cac62ecfd5d5687a86a84f158d18) (cherry picked from commit 01b90e1588e29888c7583bd320b898b59257d737) (cherry picked from commit 7c9b9c8d93b57f06ad1974adfa1fc0e94ac7b405) (cherry picked from commit 292debc981bbf59ccacaa2bdd391f880af806023) --- src/core/main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core/main.c b/src/core/main.c index 8a83b96fcfc..19686fa4758 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -717,6 +717,8 @@ static int parse_config_file(void) { { "Manager", "NoNewPrivileges", config_parse_bool, 0, &arg_no_new_privs }, #if HAVE_SECCOMP { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs }, +#else + { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &DISABLED_CONFIGURATION }, #endif { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec }, { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec }, From 8a9b918e17f5758318c32e625bd42e81a5b03507 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Thu, 16 Feb 2023 15:24:44 +0100 Subject: [PATCH 683/703] boot: Fix assertion failure The TPM code expects a description unless the PCR index indicates that no measurements have to take place. The assert was preempting this check from happening. Fixes: #26428 (cherry picked from commit f92428eae53685f372775e8cb0f0f4c249f02724) (cherry picked from commit cd5de2811ae72e209377f714cdbd8e5a0d6361bc) (cherry picked from commit ac3d8922df1a08de934fc9d8c81cd0215bcb1633) (cherry picked from commit 2cf90e13f5020f41e0919d4a2d7f181ecce3613d) --- src/boot/efi/measure.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c index 4384c9dbf0f..07be5a0e8b5 100644 --- a/src/boot/efi/measure.c +++ b/src/boot/efi/measure.c @@ -139,7 +139,7 @@ EFI_STATUS tpm_log_event(UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer, UIN EFI_TCG *tpm1; EFI_TCG2 *tpm2; - assert(description); + assert(description || pcrindex == UINT32_MAX); tpm2 = tcg2_interface_check(); if (tpm2) From 37b20aa49acb75813c54270ee1fcc707f09a6516 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Sat, 18 Feb 2023 21:49:21 +0800 Subject: [PATCH 684/703] journalctl: fix output when --lines is used with --grep Previously, we skip the entries before arg_lines unconditionally, which doesn't behave correctly when used with --grep. After this commit, when a pattern is specified, we don't skip the entries early, but rely on the count of the lines shown to tell us when to stop. To achieve that we would have to search backwards instead. Fixes #25147 (cherry picked from commit db4691961ca52759fe6645d0fddb659ee4299ac2) (cherry picked from commit c4cdbb978f681e7356c6c6367c1730d156a6a4e0) (cherry picked from commit e9889190bea734566e778a60a1dc337e9c7ad18d) (cherry picked from commit a90a4560ff4ed69d254b20b7418ab31f69c617e6) --- src/journal/journalctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 24b6ba72b53..d4a751c5755 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -1132,6 +1132,11 @@ static int parse_argv(int argc, char *argv[]) { r = pattern_compile(arg_pattern, flags, &arg_compiled_pattern); if (r < 0) return r; + + /* When --grep is used along with --lines, we don't know how many lines we can print. + * So we search backwards and count until enough lines have been printed or we hit the head. */ + if (arg_lines >= 0) + arg_reverse = true; } #endif From 958715692051c81a5998b7e0f1da314bf3aa8b11 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 19 Feb 2023 01:26:39 +0900 Subject: [PATCH 685/703] process-util: show requested process name in the log This is useful for debugging issues like #26474. (cherry picked from commit b9fadf2e2cb83d342342341b0edba4f519890634) (cherry picked from commit ba1cb4156bb7df9d5ce1b35a25425e544f6989de) (cherry picked from commit 892fe5d2049b1cb25a523c51518fd66a14642974) (cherry picked from commit bfbd75cf87441149e4b9add57fbeccfc836dd5de) --- src/basic/process-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/process-util.c b/src/basic/process-util.c index a5ad24cc5c4..5e27097cbb6 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -1285,7 +1285,7 @@ int safe_fork_full( else pid = fork(); if (pid < 0) - return log_full_errno(prio, errno, "Failed to fork: %m"); + return log_full_errno(prio, errno, "Failed to fork off '%s': %m", strna(name)); if (pid > 0) { /* We are in the parent process */ From f74a15ecfc628c2addd89eb52581cb9314d1dda1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 20 Feb 2023 15:21:54 +0100 Subject: [PATCH 686/703] man/tmpfiles.d: adjust the table in synopsis, improve spelling r and R take globs, so let's name the argument appropriately in the tl;dr listing. Also, use 'clean-up' in the file name where it represents the verb "clean up", and other minor spelling adjustments. (cherry picked from commit 164297cd9a410fdd9ca3c068da4d80d74916cf18) (cherry picked from commit aac692160ef2a88f4a725f7ade900c6bd6b36641) (cherry picked from commit e72f1676afe4ceae96583e848d023f1b6ec3d6c4) (cherry picked from commit 88302d7f84a82e544f3b0953fbcd7dc5f8221f5a) --- man/tmpfiles.d.xml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 568015c9670..cf295b8ddb0 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -43,9 +43,9 @@ f /file/to/create mode user group - conte f+ /file/to/create-or-truncate mode user group - content w /file/to/write-to - - - - content w+ /file/to/append-to - - - - content -d /directory/to/create-and-cleanup mode user group cleanup-age - +d /directory/to/create-and-clean-up mode user group cleanup-age - D /directory/to/create-and-remove mode user group cleanup-age - -e /directory/to/cleanup mode user group cleanup-age - +e /directory/to/clean-up mode user group cleanup-age - v /subvolume-or-directory/to/create mode user group cleanup-age - q /subvolume-or-directory/to/create mode user group cleanup-age - Q /subvolume-or-directory/to/create mode user group cleanup-age - @@ -60,8 +60,8 @@ b+ /dev/block-device-to-[re]create mode user group - major C /target/to/create - - - cleanup-age /source/to/copy x /path-or-glob/to/ignore/recursively - - - cleanup-age - X /path-or-glob/to/ignore - - - cleanup-age - -r /empty/dir/to/remove - - - - - -R /dir/to/remove/recursively - - - - - +r /path-or-glob/to/remove - - - - - +R /path-or-glob/to/remove/recursively - - - - - z /path-or-glob/to/adjust/mode mode user group - - Z /path-or-glob/to/adjust/mode/recursively mode user group - - t /path-or-glob/to/set/xattrs - - - - xattrs @@ -189,7 +189,7 @@ L /tmp/foobar - - - - /dev/null d Create a directory. The mode and ownership will be adjusted if specified. Contents - of this directory are subject to time based cleanup if the age argument is specified. + of this directory are subject to time-based cleanup if the age argument is specified. @@ -204,7 +204,7 @@ L /tmp/foobar - - - - /dev/null Adjust the mode and ownership of existing directories and remove their contents based on age. Lines of this type accept shell-style globs in place of normal path names. Contents of the - directories are subject to time based cleanup if the age argument is specified. If the age argument + directories are subject to time-based cleanup if the age argument is specified. If the age argument is 0, contents will be unconditionally deleted every time systemd-tmpfiles --clean is run. @@ -331,7 +331,7 @@ L /tmp/foobar - - - - /dev/null skipped. If the argument is omitted, files from the source directory /usr/share/factory/ with the same name are copied. Does not follow symlinks. Contents of the directories - are subject to time based cleanup if the age argument is specified. + are subject to time-based cleanup if the age argument is specified. @@ -756,7 +756,7 @@ t /run/cups - - - - security.SMACK64=printing user.attr-with-spaces="foo bar" The directory will be owned by root and have default mode. Its contents are - not subject to time based cleanup, but will be obliterated when + not subject to time-based cleanup, but will be obliterated when systemd-tmpfiles --remove runs. From f61016afa7e71f13f2c96a33f0cbfb6dfd2e6fa4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 17 Feb 2023 22:24:10 +0100 Subject: [PATCH 687/703] homectl: add missing break (cherry picked from commit 464ec1dec741e31d7bf08a4b7bb5a64a6adbb81d) (cherry picked from commit eae11e3f064372ec30efe460381ce807238daa82) (cherry picked from commit 8af5e945c7d489e7cf4c1dd29612e5452122b754) (cherry picked from commit 73fd23631111ea8daefceeef61fb02bfd4e49b96) --- src/home/homectl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/home/homectl.c b/src/home/homectl.c index 1e3c96f5add..bfe2203339f 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -3613,6 +3613,7 @@ static int parse_argv(int argc, char *argv[]) { r = drop_from_identity("rebalanceWeight"); if (r < 0) return r; + break; } if (streq(optarg, "off")) @@ -3695,6 +3696,7 @@ static int parse_argv(int argc, char *argv[]) { r = drop_from_identity("dropCaches"); if (r < 0) return r; + break; } r = parse_boolean_argument("--drop-caches=", optarg, &drop_caches); From 81bcca471aaee7472729ddf5cbab3c684a3e93ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 21 Feb 2023 09:16:29 +0100 Subject: [PATCH 688/703] efi: drop executable-stack bit from .elf file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An rpminspect test in Fedora/RHEL is flagging our stub files as having an executable stack. The check is correct: $ readelf --wide --program-headers build/src/boot/efi/linuxx64.elf.stub | rg -i stack GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x10 It seems to be just an omission in the linker script… None of the objects that are linked into the stub are marked as requiring an executable stack: $ readelf --wide --sections build/src/boot/efi/*.c.o \ /usr/lib/gnuefi/x64/libgnuefi.a \ /usr/lib/gnuefi/x64/libefi.a \ /usr/lib/gcc/x86_64-redhat-linux/12/libgcc.a \ | rg '.note.GNU-stack.*X' (nothing) On aarch64 we end up with a nonexecutable stack, but on ia32 and x64 we get one, so this might be just a matter of defaults in the linker. It doesn't matter greatly, but let's mark the stack as non-executable to avoid the warning. Note: '-Wl,-z' is not needed, things work with just '-z'. (cherry picked from commit 1eca770933e49a1be16e40bfbaefc0f75af81781) (cherry picked from commit 44c2ff5b1ebbc0a18c0f3676b7ea3242250315f0) (cherry picked from commit 4f4344e3a5578b76e83633673cbb3ce368ebd2de) (cherry picked from commit c68ae31edbcba1e6cb263fdb23efe5130e56ed7b) --- src/boot/efi/meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index ae3f53a044c..eb90efe68da 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -244,6 +244,7 @@ efi_ldflags = [ '-Wl,--warn-common', '-Wl,-Bsymbolic', '-z', 'nocombreloc', + '-z', 'noexecstack', efi_crt0, ] From 7cafc74085ee9e5b005316009b784eb31231c59b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 20 Feb 2023 19:57:30 +0100 Subject: [PATCH 689/703] tmpfiles.d: drop misleading comment I'm not sure what "suffix" was meant by this comment, but the file has the usual suffix. The file was added with the current name back in c4708f132381e4bbc864d5241381b5cde4f54878. Maybe an earlier version of the patch did something different. (cherry picked from commit 9c7188547cd53dddd635c86c8ef5655290541966) (cherry picked from commit d9abd8babe01ab4e2e6d913d148369ade78441a4) (cherry picked from commit 2ca2390b113dd45305ff131b74ed39b919931417) (cherry picked from commit 3339b23f4cde85690fe9f8e0486793b93af12b2f) --- tmpfiles.d/systemd-nologin.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf index 39cfd06e8b0..69a212a8db1 100644 --- a/tmpfiles.d/systemd-nologin.conf +++ b/tmpfiles.d/systemd-nologin.conf @@ -6,6 +6,5 @@ # (at your option) any later version. # See tmpfiles.d(5), systemd-user-sessions.service(8) and pam_nologin(8). -# This file has special suffix so it is not run by mistake. F! /run/nologin 0644 - - - "System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8)." From 92f8a86f2bb93b9d13d3114b6348549b92e499e6 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 22 Feb 2023 13:26:28 +0900 Subject: [PATCH 690/703] systemctl: show "Until:" field only for service and scope units Only service and scope units have RuntimeMaxUSec bus property. To suppress the "Until:" field for other unit types, the entry must be initialized with USEC_INFINITY. Fixes #26473. (cherry picked from commit b59052be261523721a86caf4ef820e63f03e26a4) (cherry picked from commit 2bfb07b22ff1cce4f663740bff202bd65f041916) (cherry picked from commit 028cee00dd5e37ef94ce11c06d7fdc61dd2a6f47) (cherry picked from commit e385eb57dc755716012ec55e8aa2d34252886f69) --- src/systemctl/systemctl-show.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c index a23d6677b51..f960a872758 100644 --- a/src/systemctl/systemctl-show.c +++ b/src/systemctl/systemctl-show.c @@ -1944,6 +1944,7 @@ static int show_one( _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_set_free_ Set *found_properties = NULL; _cleanup_(unit_status_info_free) UnitStatusInfo info = { + .runtime_max_sec = USEC_INFINITY, .memory_current = UINT64_MAX, .memory_high = CGROUP_LIMIT_MAX, .memory_max = CGROUP_LIMIT_MAX, From f1a8b69808777aff37c036fd94a0275873d12407 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 23 Feb 2023 07:31:01 +0900 Subject: [PATCH 691/703] sd-event: always initialize sd_event.perturb If the boot ID cannot be obtained, let's first fallback to the machine ID, and if still cannot, then let's use 0. Otherwise, no timer event source cannot be triggered. Fixes #26549. (cherry picked from commit 6d2326e036ceed30f9ccdb0266713c10a44dcf6c) (cherry picked from commit 58c821af607b61738b7b72ad1452e70f648689a6) (cherry picked from commit 78976199b2e016600c3f7cf8f39747c9ef6c853b) (cherry picked from commit ac04d804c30f519918866fb4eeb3bc4a9cbadd43) --- src/libsystemd/sd-event/sd-event.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 89accdce004..37565b17be3 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1126,22 +1126,21 @@ _public_ int sd_event_add_io( } static void initialize_perturb(sd_event *e) { - sd_id128_t bootid = {}; + sd_id128_t id = {}; - /* When we sleep for longer, we try to realign the wakeup to - the same time within each minute/second/250ms, so that - events all across the system can be coalesced into a single - CPU wakeup. However, let's take some system-specific - randomness for this value, so that in a network of systems - with synced clocks timer events are distributed a - bit. Here, we calculate a perturbation usec offset from the - boot ID. */ + /* When we sleep for longer, we try to realign the wakeup to the same time within each + * minute/second/250ms, so that events all across the system can be coalesced into a single CPU + * wakeup. However, let's take some system-specific randomness for this value, so that in a network + * of systems with synced clocks timer events are distributed a bit. Here, we calculate a + * perturbation usec offset from the boot ID (or machine ID if failed, e.g. /proc is not mounted). */ if (_likely_(e->perturb != USEC_INFINITY)) return; - if (sd_id128_get_boot(&bootid) >= 0) - e->perturb = (bootid.qwords[0] ^ bootid.qwords[1]) % USEC_PER_MINUTE; + if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0) + e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE; + else + e->perturb = 0; /* This is a super early process without /proc and /etc ?? */ } static int event_setup_timer_fd( From 056fbe84ef67168adcaf41baa37de1b712f6fb74 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 23 Feb 2023 07:31:01 +0900 Subject: [PATCH 692/703] sd-event: fix error handling Follow-up for 6d2326e036ceed30f9ccdb0266713c10a44dcf6c. (cherry picked from commit 1912f790fee9e0182acd77b77496f500094a140d) (cherry picked from commit a719c2ec2f410f8b979cec04dcdac9af470ee52b) (cherry picked from commit dd6561ff3e12314d41954b7ea8e3627101931a18) (cherry picked from commit 8be4af42044969bc268b32ffe9570cee733fecf6) --- src/libsystemd/sd-event/sd-event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 37565b17be3..df4d9037acc 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1137,7 +1137,7 @@ static void initialize_perturb(sd_event *e) { if (_likely_(e->perturb != USEC_INFINITY)) return; - if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0) + if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) >= 0) e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE; else e->perturb = 0; /* This is a super early process without /proc and /etc ?? */ From 0d386bb7d62487a92146926e3bb9183b8cd79403 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 23 Feb 2023 18:03:50 +0900 Subject: [PATCH 693/703] core/dbus-socket: check the socket path is absolute In config_parse_socket_listen(), we have checked the path is absolute, however we have not in the dbus method. (cherry picked from commit 4de2b47bdec8bbb7df78678a152f18281b20e7b5) (cherry picked from commit e093acd062f36de4471948c6d932b931333af4da) (cherry picked from commit 22d1f01b052e5f938201340a0279f2013bcf8986) (cherry picked from commit 1a4634b6f4560b4eb309936f4dcad0580ffaaf0e) --- src/core/dbus-socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c index a3b1e0442f4..49b107c7bba 100644 --- a/src/core/dbus-socket.c +++ b/src/core/dbus-socket.c @@ -383,7 +383,7 @@ static int bus_socket_set_transient_property( return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown Socket type: %s", t); if (p->type != SOCKET_SOCKET) { - if (!path_is_valid(a)) + if (!path_is_absolute(a) || !path_is_valid(a)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid socket path: %s", a); p->path = strdup(a); From 6d5014e85f4724d20ca488ba79eb6a97abdf92d0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 24 Feb 2023 14:24:18 +0100 Subject: [PATCH 694/703] man: add two missing commands to synopsys (cherry picked from commit aff131775b002ddac74b1c65d849dcd52a02c06d) (cherry picked from commit dc98d58dd8864d537d38cc78617c0a1bf7385ee8) (cherry picked from commit 7d3af1ff11d17e4cac02668537e6e59e78fe5fc4) (cherry picked from commit 09174303d113086344d03b12913fd8a4ac1def2d) --- man/systemd-analyze.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 97290d479b4..c7e752c0fcd 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -59,6 +59,11 @@ >file.dot + + systemd-analyze + OPTIONS + unit-files + systemd-analyze OPTIONS @@ -130,6 +135,12 @@ security UNIT + + systemd-analyze + OPTIONS + inspect-elf + FILE + From 5d0fb9483ac77d6d49041427722e614056e6e4e0 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Wed, 2 Mar 2022 21:02:21 +0100 Subject: [PATCH 695/703] systemctl: print better message if default target is masked If the default target is masked, `systemctl get-default` prints Failed to get default target: Operation not possible due to RF-kill That's a bit too cryptic, so let's make it clear what's actually happening. Fixes #26589. (cherry picked from commit 7c78a19322962bb386f87bcaf37bf650cca1c400) (cherry picked from commit 144ac494ec8f13e4da2420720c96808046947762) (cherry picked from commit 30eae23c4a061f1a5cf25dcbd9187560c491b92b) (cherry picked from commit 407726df0737639ae8a62e07e6f2ef55685a3ec5) --- src/core/dbus-manager.c | 2 ++ src/systemctl/systemctl-set-default.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 9a2a5531c69..f75b89e89d5 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -2052,6 +2052,8 @@ static int method_get_default_target(sd_bus_message *message, void *userdata, sd return r; r = unit_file_get_default(m->unit_file_scope, NULL, &default_target); + if (r == -ERFKILL) + sd_bus_error_setf(error, BUS_ERROR_UNIT_MASKED, "Unit file is masked."); if (r < 0) return r; diff --git a/src/systemctl/systemctl-set-default.c b/src/systemctl/systemctl-set-default.c index 05c1894b1d0..3199fb7f59a 100644 --- a/src/systemctl/systemctl-set-default.c +++ b/src/systemctl/systemctl-set-default.c @@ -50,6 +50,8 @@ static int determine_default(char **ret_name) { if (install_client_side()) { r = unit_file_get_default(arg_scope, arg_root, ret_name); + if (r == -ERFKILL) + return log_error_errno(r, "Failed to get default target: Unit file is masked."); if (r < 0) return log_error_errno(r, "Failed to get default target: %m"); return 0; From fadf3c4099f77caa1a3d2a7672ab64b6b674f2a7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 27 Feb 2023 19:02:41 +0100 Subject: [PATCH 696/703] psi-util: fix error handling We checked ERRNO_IS_NOT_SUPPORTED on a possible positive non-error code, which isn't right. Fix that. Also add caching, since we are about to call this more often. (cherry picked from commit 90ec8ebe33ec72ed6d9f451de9443d67dd351d72) (cherry picked from commit 5ee19fdfa054f68e82cedbbff26d60c893ca5ef4) (cherry picked from commit 8e6234064d3339f3043d2bc42dd8d493d656f08e) (cherry picked from commit cb4f512f47c3ed10703c5abd8cd650c2eea81211) --- src/shared/psi-util.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/shared/psi-util.c b/src/shared/psi-util.c index 009095e8c3b..9045ae2d5fb 100644 --- a/src/shared/psi-util.c +++ b/src/shared/psi-util.c @@ -106,20 +106,25 @@ int read_resource_pressure(const char *path, PressureType type, ResourcePressure } int is_pressure_supported(void) { + static thread_local int cached = -1; const char *p; + int r; - /* The pressure files, both under /proc and in cgroups, will exist - * even if the kernel has PSI support disabled; we have to read - * the file to make sure it doesn't return -EOPNOTSUPP */ - FOREACH_STRING(p, "/proc/pressure/cpu", "/proc/pressure/io", "/proc/pressure/memory") { - int r; + /* The pressure files, both under /proc/ and in cgroups, will exist even if the kernel has PSI + * support disabled; we have to read the file to make sure it doesn't return -EOPNOTSUPP */ + if (cached >= 0) + return cached; + + FOREACH_STRING(p, "/proc/pressure/cpu", "/proc/pressure/io", "/proc/pressure/memory") { r = read_virtual_file(p, 0, NULL, NULL); - if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r)) - return 0; - if (r < 0) + if (r < 0) { + if (r == -ENOENT || ERRNO_IS_NOT_SUPPORTED(r)) + return (cached = false); + return r; + } } - return 1; + return (cached = true); } From 654e8054964086744954bfd654ec7f0049ff0f34 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 1 Mar 2023 13:57:03 +0100 Subject: [PATCH 697/703] virt: correctly detect QEMU emulated pSeries guests Resolves: #26629 (cherry picked from commit 8c7a6c742afef9284d5c06fc285cf66306cbce31) (cherry picked from commit 1a220065740b128476c572541fa6e90bdd5b548f) (cherry picked from commit 48911dc5ece96de84efe54ff5208e703f86bf30f) (cherry picked from commit 085795656ab35bed16ea4287afd25fe13291b3eb) --- src/basic/virt.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/basic/virt.c b/src/basic/virt.c index 71cbc9756c9..a6c5574a75b 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -98,6 +98,7 @@ static int detect_vm_device_tree(void) { r = read_one_line_file("/proc/device-tree/hypervisor/compatible", &hvtype); if (r == -ENOENT) { _cleanup_closedir_ DIR *dir = NULL; + _cleanup_free_ char *compat = NULL; if (access("/proc/device-tree/ibm,partition-name", F_OK) == 0 && access("/proc/device-tree/hmc-managed?", F_OK) == 0 && @@ -119,6 +120,14 @@ static int detect_vm_device_tree(void) { return VIRTUALIZATION_QEMU; } + r = read_one_line_file("/proc/device-tree/compatible", &compat); + if (r < 0 && r != -ENOENT) + return r; + if (r >= 0 && streq(compat, "qemu,pseries")) { + log_debug("Virtualization %s found in /proc/device-tree/compatible", compat); + return VIRTUALIZATION_QEMU; + } + log_debug("No virtualization found in /proc/device-tree/*"); return VIRTUALIZATION_NONE; } else if (r < 0) From fb016a1339e0b31b39c6b61229eff74addb453f8 Mon Sep 17 00:00:00 2001 From: msizanoen1 Date: Wed, 1 Mar 2023 17:35:17 +0700 Subject: [PATCH 698/703] escape: Ensure that output is always valid UTF-8 This ensures that shell string escape operations will not produce output with invalid UTF-8 from the input by escaping invalid UTF-8 data as if they were single byte characters. (cherry picked from commit 00f57157f32f6ed5a68d68986b013c203cd78c37) (cherry picked from commit e906fd24214f53f1160918a5bb55a1d14368bfd8) (cherry picked from commit e0a674f7f8ed934eb3b600f09b0ca75a9579293c) (cherry picked from commit dfa043ae1f6a57f23137af8c03717fe19231b3f9) --- src/basic/escape.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/src/basic/escape.c b/src/basic/escape.c index ce57fcc7622..d36cb039151 100644 --- a/src/basic/escape.c +++ b/src/basic/escape.c @@ -475,14 +475,20 @@ char* octescape(const char *s, size_t len) { static char* strcpy_backslash_escaped(char *t, const char *s, const char *bad) { assert(bad); - for (; *s; s++) - if (char_is_cc(*s)) - t += cescape_char(*s, t); - else { + while (*s) { + int l = utf8_encoded_valid_unichar(s, SIZE_MAX); + + if (char_is_cc(*s) || l < 0) + t += cescape_char(*(s++), t); + else if (l == 1) { if (*s == '\\' || strchr(bad, *s)) *(t++) = '\\'; - *(t++) = *s; + *(t++) = *(s++); + } else { + t = mempcpy(t, s, l); + s += l; } + } return t; } @@ -511,11 +517,16 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) { if (FLAGS_SET(flags, SHELL_ESCAPE_EMPTY) && isempty(s)) return strdup("\"\""); /* We don't use $'' here in the POSIX mode. "" is fine too. */ - for (p = s; *p; p++) - if (char_is_cc(*p) || + for (p = s; *p; ) { + int l = utf8_encoded_valid_unichar(p, SIZE_MAX); + + if (char_is_cc(*p) || l < 0 || strchr(WHITESPACE SHELL_NEED_QUOTES, *p)) break; + p += l; + } + if (!*p) return strdup(s); From 53353de5b0d97432345cc3f94ad3322a9f02ee99 Mon Sep 17 00:00:00 2001 From: msizanoen1 Date: Wed, 1 Mar 2023 21:48:08 +0700 Subject: [PATCH 699/703] test-escape: Add tests for escaping bogus UTF-8 sequences (cherry picked from commit 582843ee37fb2de62321085dd3c2f4bfbdbad12e) (cherry picked from commit c4e7cf2bd734b480c38b16c227a2b4f1928df270) (cherry picked from commit dec5e2e7b5ae829b8542810c5d44daed3442cb28) (cherry picked from commit 11ecf666465c74fc27ca2e5213753ac1cd53b915) --- src/test/test-escape.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/test/test-escape.c b/src/test/test-escape.c index 214190e134a..3c7512ef12c 100644 --- a/src/test/test-escape.c +++ b/src/test/test-escape.c @@ -196,6 +196,10 @@ TEST(shell_maybe_quote) { test_shell_maybe_quote_one("głąb\002\003rząd", 0, "\"głąb\\002\\003rząd\""); test_shell_maybe_quote_one("głąb\002\003rząd", SHELL_ESCAPE_POSIX, "$'głąb\\002\\003rząd'"); + + /* Bogus UTF-8 strings */ + test_shell_maybe_quote_one("\250\350", 0, "\"\\250\\350\""); + test_shell_maybe_quote_one("\250\350", SHELL_ESCAPE_POSIX, "$'\\250\\350'"); } static void test_quote_command_line_one(char **argv, const char *expected) { From 65fe9f3080be7cd26177c4b231f9e5d0d9ff1dc8 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 17 Sep 2023 00:23:37 +0100 Subject: [PATCH 700/703] boot: skip loading DTBs in type 1 when secure boot is enabled The kernel loads the DTB from EFI before ExitBootServices(): https://github.com/torvalds/linux/blob/v6.5/drivers/firmware/efi/libstub/fdt.c#L245 DTBs can map and assign arbitrary memory ranges. The kernel refuses to load one from the dtb= kernel command line parameter when secure boot is enabled, as it's not safe. Let's do the same for type 1 entries, as they are unverified. This only affects arm64 and riscv64, firmwares do not support DTB on x86. (cherry picked from commit 4b4d612d860a4acbbc22bc64a32637c0eb792cee) (cherry picked from commit c1404fff32d439a726e972daa34470c863465577) (cherry picked from commit 7844c655bec7264f009267bd63ccbc712b64806e) (cherry picked from commit f3813207608174c0b1cbb08e176e4d5bec283ceb) (cherry picked from commit 3c97ff590762a84c34fe7191d9743a00d0770317) --- src/boot/efi/boot.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index e3dc336f30a..a021f82a94a 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -2185,7 +2185,9 @@ static EFI_STATUS image_start( if (EFI_ERROR(err)) return log_error_status_stall(err, L"Error loading %s: %r", entry->loader, err); - if (entry->devicetree) { + /* DTBs are loaded by the kernel before ExitBootServices, and they can be used to map and assign + * arbitrary memory ranges, so skip it when secure boot is enabled as the DTB here is unverified. */ + if (entry->devicetree && !secure_boot_enabled()) { err = devicetree_install(&dtstate, root_dir, entry->devicetree); if (EFI_ERROR(err)) return log_error_status_stall(err, L"Error loading %s: %r", entry->devicetree, err); From 4ada1290584745ab6643eece9e1756a8c0e079ca Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Wed, 20 Dec 2023 16:44:14 +0100 Subject: [PATCH 701/703] resolved: actually check authenticated flag of SOA transaction Fixes #25676 (cherry picked from commit 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1) (cherry picked from commit 6da5ca9dd69c0e3340d4439413718ad4963252de) (cherry picked from commit 029272750fe451aeaac87a8c783cfb067f001e16) (cherry picked from commit 5c149c77cbf7b3743fa65ce7dc9d2b5a58351968) (cherry picked from commit bb78da7f955c0102047319c55fff9d853ab7c87a) (cherry picked from commit f58fc88678b893162f2d6d4b2db094e7b1646386) --- src/resolve/resolved-dns-transaction.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 9438eb44c2c..9a7a26f3900 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -2762,7 +2762,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * if (r == 0) continue; - return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); } return true; @@ -2789,7 +2789,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * /* We found the transaction that was supposed to find the SOA RR for us. It was * successful, but found no RR for us. This means we are not at a zone cut. In this * case, we require authentication if the SOA lookup was authenticated too. */ - return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); } return true; From b19b7c67e9cb74c44c43a0daf6172f9d32f134ec Mon Sep 17 00:00:00 2001 From: Jonas Gorski Date: Thu, 12 Sep 2024 15:46:29 +0200 Subject: [PATCH 702/703] core: fix build when seccomp is off Something went wrong when 6aa2c55522d7cac62ecfd5d5687a86a84f158d18 was cherry-picked for v250-stable, causing it to fail to build when seccomp is disabled. Fix this by changing the code to how it looks like in other versions of the backported commit, slightly adapted to the file's style in v250. Fixes the following build error: | ../git/src/core/main.c: In function 'parse_config_file': | ../git/src/core/main.c:721:101: error: lvalue required as unary '&' operand | 721 | { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &DISABLED_CONFIGURATION }, | | ^ Fixes: 8e8c7d51140b ("pid1: generate compat warning for SystemCallArchitectures= if seccomp is off") --- src/core/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/main.c b/src/core/main.c index 19686fa4758..5914be6a83c 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -718,7 +718,7 @@ static int parse_config_file(void) { #if HAVE_SECCOMP { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs }, #else - { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &DISABLED_CONFIGURATION }, + { "Manager", "SystemCallArchitectures", config_parse_warn_compat, DISABLED_CONFIGURATION, NULL }, #endif { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec }, { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec }, From 2c4c434af9c6fdc67fb68a224b761c528466064d Mon Sep 17 00:00:00 2001 From: Devender Dua Date: Thu, 21 Aug 2025 16:37:52 +0100 Subject: [PATCH 703/703] Remove symbolic links for un-used partitions --- rules.d/60-persistent-storage.rules | 65 +++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 4 deletions(-) diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules index 7a5ff6b4294..ddfe548423e 100644 --- a/rules.d/60-persistent-storage.rules +++ b/rules.d/60-persistent-storage.rules @@ -85,7 +85,13 @@ KERNEL=="sd*[0-9]", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$att KERNEL=="mmcblk[0-9]", SUBSYSTEMS=="mmc", ATTRS{serial}=="?*", ENV{ID_SERIAL}="$attr{serial}" KERNEL=="mmcblk[0-9]", SUBSYSTEMS=="mmc", ATTRS{name}=="?*", ENV{ID_NAME}="$attr{name}" KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}" -KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part%n" + +# KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part%n" +KERNEL=="mmcblk0p29", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part29" +KERNEL=="mmcblk0p33", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part33" +KERNEL=="mmcblk0p38", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part38" +KERNEL=="mmcblk0p49", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part49" +KERNEL=="mmcblk0p93", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part93" # Memstick KERNEL=="msblk[0-9]|mspblk[0-9]", SUBSYSTEMS=="memstick", ATTRS{name}=="?*", ATTRS{serial}=="?*", \ @@ -97,7 +103,14 @@ ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" ENV{DEVTYPE}=="disk", SUBSYSTEMS=="nvme-subsystem", IMPORT{builtin}="path_id" KERNEL=="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-boot%n" KERNEL!="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" -ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" + +KERNEL!="mmcblk[0-9]p[0-9]*", ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" +KERNEL=="mmcblk0p29", ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" +KERNEL=="mmcblk0p33", ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" +KERNEL=="mmcblk0p38", ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" +KERNEL=="mmcblk0p49", ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" +KERNEL=="mmcblk0p93", ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" + # compatible links for ATA devices KERNEL!="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH_ATA_COMPAT}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH_ATA_COMPAT}" ENV{DEVTYPE}=="partition", ENV{ID_PATH_ATA_COMPAT}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH_ATA_COMPAT}-part%n" @@ -125,7 +138,51 @@ ENV{DEVTYPE}=="disk", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-id/wwn ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-id/wwn-$env{ID_WWN_WITH_EXTENSION}-part%n" # by-partlabel/by-partuuid links (partition metadata) -ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" -ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" + +KERNEL!="mmcblk[0-9]p[0-9]*", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" + +KERNEL=="mmcblk0p29", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" +KERNEL=="mmcblk0p33", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" +KERNEL=="mmcblk0p38", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" +KERNEL=="mmcblk0p49", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" +KERNEL=="mmcblk0p93", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" + +KERNEL!="mmcblk[0-9]p[0-9]*", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" + +KERNEL=="mmcblk0p17", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p18", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p19", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p20", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p21", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p22", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p23", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p24", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p25", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p26", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p27", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p28", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p29", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p30", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p31", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p32", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p33", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p34", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p35", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p36", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p37", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +#KERNEL=="mmcblk0p38", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +#KERNEL=="mmcblk0p39", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p40", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +#KERNEL=="mmcblk0p41", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +#KERNEL=="mmcblk0p42", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p43", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p44", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p45", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p46", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p47", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p48", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p49", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p75", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" +KERNEL=="mmcblk0p93", ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" LABEL="persistent_storage_end"