diff --git a/SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch b/SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch new file mode 100644 index 0000000..5d58940 --- /dev/null +++ b/SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch @@ -0,0 +1,31 @@ +From 3ee0d3abc55571bdc13f1897688443a1538db367 Mon Sep 17 00:00:00 2001 +From: Jorge Niedbalski +Date: Wed, 28 Sep 2016 18:25:50 -0300 +Subject: [PATCH] If the notification message length is 0, ignore the message + (#4237) + +Fixes #4234. + +Signed-off-by: Jorge Niedbalski + +Cherry-picked from: 531ac2b2349da02acc9c382849758e07eb92b020 +Resolves: #1381573 +--- + src/core/manager.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 71dd70c..689b266 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1678,6 +1678,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t + + return -errno; + } ++ if (n == 0) { ++ log_debug("Got zero-length notification message. Ignoring."); ++ return 0; ++ } + + CMSG_FOREACH(cmsg, &msghdr) { + if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { diff --git a/SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch b/SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch new file mode 100644 index 0000000..2cc6250 --- /dev/null +++ b/SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch @@ -0,0 +1,61 @@ +From aa23eb11cab247e713a19957eaaa80f7b5454ddc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 24 Sep 2016 20:58:04 -0400 +Subject: [PATCH] systemctl: suppress errors with "show" for nonexistent units + and properties + +Show is documented to be program-parseable, and printing the warning about +about a non-existent unit, while useful for humans, broke a lot of scripts. +Restore previous behaviour of returning success and printing empty or useless +stuff for units which do not exist, and printing empty values for properties +which do not exists. + +With SYSTEMD_LOG_LEVEL=debug, hints are printed, but the return value is +still 0. + +This undoes parts of e33a06a and 3dced37b7 and fixes #3856. + +We might consider adding an explicit switch to fail on missing units/properties +(e.g. --ensure-exists or similar), and make -P foobar equivalent to +--ensure-exists --property=foobar. + +Cherry-picked from: bd5b9f0a12dd9c1947b11534e99c395ddf44caa9 +Resolves: #1380686 +--- + src/systemctl/systemctl.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 0644784..a578897 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -4272,12 +4272,14 @@ static int show_one( + return log_error_errno(r, "Failed to map properties: %s", bus_error_message(&error, r)); + + if (streq_ptr(info.load_state, "not-found") && streq_ptr(info.active_state, "inactive")) { +- log_error("Unit %s could not be found.", unit); ++ log_full(streq(verb, "status") ? LOG_ERR : LOG_DEBUG, ++ "Unit %s could not be found.", unit); + + if (streq(verb, "status")) + return EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN; + +- return -ENOENT; ++ if (!streq(verb, "show")) ++ return -ENOENT; + } + + r = sd_bus_message_rewind(reply, true); +@@ -4343,10 +4345,11 @@ static int show_one( + + if (show_properties) { + char **pp; ++ int not_found_level = streq(verb, "show") ? LOG_DEBUG : LOG_WARNING; + + STRV_FOREACH(pp, arg_properties) { + if (!set_contains(found_properties, *pp)) { +- log_warning("Property %s does not exist.", *pp); ++ log_full(not_found_level, "Property %s does not exist.", *pp); + r = -ENXIO; + } + } diff --git a/SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch b/SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch new file mode 100644 index 0000000..54f4ad7 --- /dev/null +++ b/SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch @@ -0,0 +1,24 @@ +From 48e2af5667e67a7a7f58eb17aaf5349379b2484a Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Fri, 16 Sep 2016 14:45:01 +0200 +Subject: [PATCH] 40-redhat.rules: disable auto-online of hot-plugged memory on + IBM z Systems + +Resolves: #1381123 +--- + rules/40-redhat.rules | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules +index 4c56950..0164dc9 100644 +--- a/rules/40-redhat.rules ++++ b/rules/40-redhat.rules +@@ -4,7 +4,7 @@ + SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" + + # Memory hotadd request +-SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/usr/bin/systemd-detect-virt", RESULT!="zvm", ATTR{state}=="offline", ATTR{state}="online" ++SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/bin/uname -p", RESULT!="s390*", ATTR{state}=="offline", ATTR{state}="online" + + # reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded + ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" diff --git a/SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch b/SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch new file mode 100644 index 0000000..4508403 --- /dev/null +++ b/SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch @@ -0,0 +1,49 @@ +From 7b00eff77b5606ff5563e374020d554a40bca833 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Thu, 29 Sep 2016 19:44:34 +0200 +Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd() + (#4240) + +If manager_dispatch_notify_fd() fails and returns an error then the handling of +service notifications will be disabled entirely leading to a compromised system. + +For example pid1 won't be able to receive the WATCHDOG messages anymore and +will kill all services supposed to send such messages. +Cherry-picked from: 9987750e7a4c62e0eb8473603150596ba7c3a015 +Resolves: #1381573 +--- + src/core/manager.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 689b266..ed81059 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1673,10 +1673,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t + + n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); + if (n < 0) { +- if (errno == EAGAIN || errno == EINTR) +- return 0; ++ if (!IN_SET(errno, EAGAIN, EINTR)) ++ log_error("Failed to receive notification message: %m"); + +- return -errno; ++ /* It's not an option to return an error here since it ++ * would disable the notification handler entirely. Services ++ * wouldn't be able to send the WATCHDOG message for ++ * example... */ ++ return 0; + } + if (n == 0) { + log_debug("Got zero-length notification message. Ignoring."); +@@ -1703,7 +1707,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t + r = fdset_new_array(&fds, fd_array, n_fds); + if (r < 0) { + close_many(fd_array, n_fds); +- return log_oom(); ++ log_oom(); ++ return 0; + } + } + diff --git a/SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch b/SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch new file mode 100644 index 0000000..663ca63 --- /dev/null +++ b/SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch @@ -0,0 +1,78 @@ +From 79e0852a6a3f20cba92ac18aa6ac61d24d04d3c7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 29 Sep 2016 16:06:02 +0200 +Subject: [PATCH] pid1: process zero-length notification messages again + +This undoes 531ac2b234. I acked that patch without looking at the code +carefully enough. There are two problems: +- we want to process the fds anyway +- in principle empty notification messages are valid, and we should + process them as usual, including logging using log_unit_debug(). + +Cherry-picked from: a86b767 +Resolves: #1381573 +--- + src/core/manager.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index ed81059..0376c4d 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1614,13 +1614,12 @@ static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, ui + return 0; + } + +-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, char *buf, size_t n, FDSet *fds) { ++static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) { + _cleanup_strv_free_ char **tags = NULL; + + assert(m); + assert(u); + assert(buf); +- assert(n > 0); + + tags = strv_split(buf, "\n\r"); + if (!tags) { +@@ -1682,10 +1681,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t + * example... */ + return 0; + } +- if (n == 0) { +- log_debug("Got zero-length notification message. Ignoring."); +- return 0; +- } + + CMSG_FOREACH(cmsg, &msghdr) { + if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { +@@ -1722,25 +1717,27 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t + return 0; + } + ++ /* The message should be a string. Here we make sure it's NUL-terminated, ++ * but only the part until first NUL will be used anyway. */ + buf[n] = 0; + + /* Notify every unit that might be interested, but try + * to avoid notifying the same one multiple times. */ + u1 = manager_get_unit_by_pid(m, ucred->pid); + if (u1) { +- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds); ++ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds); + found = true; + } + + u2 = hashmap_get(m->watch_pids1, LONG_TO_PTR(ucred->pid)); + if (u2 && u2 != u1) { +- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds); ++ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds); + found = true; + } + + u3 = hashmap_get(m->watch_pids2, LONG_TO_PTR(ucred->pid)); + if (u3 && u3 != u2 && u3 != u1) { +- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds); ++ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds); + found = true; + } + diff --git a/SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch b/SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch new file mode 100644 index 0000000..f273805 --- /dev/null +++ b/SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch @@ -0,0 +1,37 @@ +From 339ce6209591d0c6b240f6d94c1d2997405352a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 29 Sep 2016 16:07:41 +0200 +Subject: [PATCH] pid1: more informative error message for ignored + notifications + +It's probably easier to diagnose a bad notification message if the +contents are printed. But still, do anything only if debugging is on. + + Conflicts: + src/core/manager.c + +Cherry-picked from: a86b76753d7868c2d05f046f601bc7dc89fc2203 +Resolves: #1381573 +--- + src/core/manager.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 0376c4d..27f032b 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1631,6 +1631,14 @@ static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const + + if (UNIT_VTABLE(u)->notify_message) + UNIT_VTABLE(u)->notify_message(u, pid, tags, fds); ++ else if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) { ++ _cleanup_free_ char *x = NULL, *y = NULL; ++ ++ x = cescape(buf); ++ if (x) ++ y = ellipsize(x, 20, 90); ++ log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y)); ++ } + } + + static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) { diff --git a/SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch b/SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch new file mode 100644 index 0000000..21c7e48 --- /dev/null +++ b/SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch @@ -0,0 +1,24 @@ +From f5bf6f4c0d1857ce3c8a68e862e29ab7fb6684ee Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Fri, 7 Oct 2016 14:05:40 +0200 +Subject: [PATCH] manager: 219 needs u->id in log_unit_debug + +RHEL-only +Related: #1381573 +--- + src/core/manager.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 27f032b..6d045fd 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1637,7 +1637,7 @@ static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const + x = cescape(buf); + if (x) + y = ellipsize(x, 20, 90); +- log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y)); ++ log_unit_debug(u->id, "Got notification message \"%s\", ignoring.", strnull(y)); + } + } + diff --git a/SOURCES/0415-mtd_probe-add-include-for-stdint.patch b/SOURCES/0415-mtd_probe-add-include-for-stdint.patch new file mode 100644 index 0000000..e9e2d0b --- /dev/null +++ b/SOURCES/0415-mtd_probe-add-include-for-stdint.patch @@ -0,0 +1,25 @@ +From 7d78e4a96b47b16330b2d28ff0cc5a51936e9fe9 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Fri, 7 Oct 2016 15:17:12 +0200 +Subject: [PATCH] mtd_probe: add include for stdint + +The missing include is causing troubles on arm + +RHEL-only +Related: #1381573 +--- + src/udev/mtd_probe/mtd_probe.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/udev/mtd_probe/mtd_probe.h b/src/udev/mtd_probe/mtd_probe.h +index d99be9a..cead374 100644 +--- a/src/udev/mtd_probe/mtd_probe.h ++++ b/src/udev/mtd_probe/mtd_probe.h +@@ -20,6 +20,7 @@ + #pragma once + + #include ++#include + + /* Full oob structure as written on the flash */ + struct sm_oob { diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 95d164a..22e000b 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -7,7 +7,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 219 -Release: 30%{?dist} +Release: 30%{?dist}.3 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager @@ -442,6 +442,14 @@ Patch0404: 0404-systemctl-core-ignore-masked-units-in-preset-all.patch Patch0405: 0405-shared-install-handle-dangling-aliases-as-an-explici.patch Patch0406: 0406-shared-install-ignore-unit-symlinks-when-doing-prese.patch Patch0407: 0407-40-redhat.rules-don-t-hoplug-memory-on-s390x.patch +Patch0408: 0408-If-the-notification-message-length-is-0-ignore-the-m.patch +Patch0409: 0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch +Patch0410: 0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch +Patch0411: 0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch +Patch0412: 0412-pid1-process-zero-length-notification-messages-again.patch +Patch0413: 0413-pid1-more-informative-error-message-for-ignored-noti.patch +Patch0414: 0414-manager-219-needs-u-id-in-log_unit_debug.patch +Patch0415: 0415-mtd_probe-add-include-for-stdint.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} @@ -700,6 +708,9 @@ CONFIGURE_OPTS=( RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" %configure "${CONFIGURE_OPTS[@]}" make %{?_smp_mflags} GCC_COLORS="" V=1 @@ -1420,6 +1431,20 @@ getent passwd systemd-resolve >/dev/null 2>&1 || useradd -r -u 193 -l -g systemd %{_mandir}/man8/systemd-resolved.* %changelog +* Fri Oct 07 2016 Lukas Nykryn - 219-30.3 +- mtd_probe: add include for stdint (#1381573) + +* Fri Oct 07 2016 Lukas Nykryn - 219-30.2 +- manager: 219 needs u->id in log_unit_debug (#1381573) + +* Wed Oct 05 2016 Lukas Nykryn - 219-30.1 +- If the notification message length is 0, ignore the message (#4237) (#1381573) +- systemctl: suppress errors with "show" for nonexistent units and properties (#1380686) +- 40-redhat.rules: disable auto-online of hot-plugged memory on IBM z Systems (#1381123) +- pid1: don't return any error in manager_dispatch_notify_fd() (#4240) (#1381573) +- pid1: process zero-length notification messages again (#1381573) +- pid1: more informative error message for ignored notifications (#1381573) + * Tue Sep 13 2016 Lukas Nykryn - 219-30 - systemctl,pid1: do not warn about missing install info with "preset" (#1373950) - systemctl/core: ignore masked units in preset-all (#1375097)