From 01effbba7657e8253865a422a6a2cf44b3544c1d Mon Sep 17 00:00:00 2001 From: hongjinghao Date: Mon, 6 Mar 2023 14:36:20 +0800 Subject: [PATCH] backport patches from upstream and add patches (cherry picked from commit 7408966ed3f90de3a489251c9a5db9c0e6a884c9) --- ...espaces-Remove-auxiliary-bind-mounts.patch | 79 +++++++++++++++++++ ...t-need-to-mount-sys-fs-pstore-if-the.patch | 32 ++++++++ ...awn-guard-acl_free-with-a-NULL-check.patch | 36 +++++++++ ...-mistake-USEC_INFINITY-passed-in-for.patch | 37 +++++++++ ...-pass-negative-errnos-as-signalfd-to.patch | 34 ++++++++ ...wapon-to-reinitialize-swap-if-needed.patch | 33 ++++++++ ...s-avoid-null-free-for-acl-attributes.patch | 57 +++++++++++++ systemd.spec | 12 ++- 8 files changed, 319 insertions(+), 1 deletion(-) create mode 100644 backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch create mode 100644 backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch create mode 100644 backport-nspawn-guard-acl_free-with-a-NULL-check.patch create mode 100644 backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch create mode 100644 backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch create mode 100644 backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch create mode 100644 backport-tmpfiles-avoid-null-free-for-acl-attributes.patch diff --git a/backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch b/backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch new file mode 100644 index 0000000..c02fa07 --- /dev/null +++ b/backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch @@ -0,0 +1,79 @@ +From b7e5e6e85048c1a71632bc2d5efe57fb1bfe7472 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Wed, 18 Jan 2023 23:20:31 +0100 +Subject: [PATCH] core: mount namespaces: Remove auxiliary bind mounts + directory after unit termination + +Unit that requires its own mount namespace creates a temporary directory +to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit). +However, this directory is never removed and they will accumulate for +each unique unit (e.g. templated units of systemd-coredump@). + +Attach the auxiliary runtime directory existence to lifetime of other +"runtime" only per-unit directories. + +(cherry picked from commit b9f976fb45635e09cd709dbedd0afb03d4b73c05) +(cherry picked from commit 80e8340ec49d0da3744cdf81f82202e13b0fad3b) +(cherry picked from commit fd260cb37e3441b851c7fee4825d5b6af17f66ca) +(cherry picked from commit ff542dcd1a8c2c7cdc96b9f4b9889774b9474c26) +--- + src/core/execute.c | 17 +++++++++++++++++ + src/core/execute.h | 1 + + src/core/unit.c | 1 + + 3 files changed, 19 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 37f63a9378..6844b1d28f 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -4978,6 +4978,23 @@ int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_p + return 0; + } + ++int exec_context_destroy_mount_ns_dir(Unit *u) { ++ _cleanup_free_ char *p = NULL; ++ ++ if (!u || !MANAGER_IS_SYSTEM(u->manager)) ++ return 0; ++ ++ p = path_join("/run/systemd/propagate/", u->id); ++ if (!p) ++ return -ENOMEM; ++ ++ /* This is only filled transiently (see mount_in_namespace()), should be empty or even non-existent*/ ++ if (rmdir(p) < 0 && errno != ENOENT) ++ log_unit_debug_errno(u, errno, "Unable to remove propagation dir '%s', ignoring: %m", p); ++ ++ return 0; ++} ++ + static void exec_command_done(ExecCommand *c) { + assert(c); + +diff --git a/src/core/execute.h b/src/core/execute.h +index 47349a69a2..f1f0ee4186 100644 +--- a/src/core/execute.h ++++ b/src/core/execute.h +@@ -422,6 +422,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix); + + int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_root); + int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit); ++int exec_context_destroy_mount_ns_dir(Unit *u); + + const char* exec_context_fdname(const ExecContext *c, int fd_index); + +diff --git a/src/core/unit.c b/src/core/unit.c +index 0e8a01966a..0f44ea8bcd 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -5700,6 +5700,7 @@ void unit_destroy_runtime_data(Unit *u, const ExecContext *context) { + exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]); + + exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id); ++ exec_context_destroy_mount_ns_dir(u); + } + + int unit_clean(Unit *u, ExecCleanMask mask) { +-- +2.27.0 + diff --git a/backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch b/backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch new file mode 100644 index 0000000..38ceedf --- /dev/null +++ b/backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch @@ -0,0 +1,32 @@ +From ccbb0b48c48f80a3121ff9d99f395b642a0090b5 Mon Sep 17 00:00:00 2001 +From: jcg +Date: Fri, 9 Dec 2022 20:45:39 +0800 +Subject: [PATCH] mount-setup: don't need to mount /sys/fs/pstore if there is + no ENABLE_PSTORE + +(cherry picked from commit 5e5fce3e918ebba5d0cbf0b64bb97f0eaeae70a3) +(cherry picked from commit 613994c10b19f02c0764aa1d5865730f3af99267) +(cherry picked from commit 46a7e30cb9f274763657d40193c2a03a02c687ab) +(cherry picked from commit 0e96d07e8c03e543816702b13db891924b485951) +--- + src/shared/mount-setup.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c +index ef3527e9a7..8c7c390854 100644 +--- a/src/shared/mount-setup.c ++++ b/src/shared/mount-setup.c +@@ -102,8 +102,10 @@ static const MountPoint mount_table[] = { + cg_is_legacy_wanted, MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, + cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER }, ++#if ENABLE_PSTORE + { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_NONE }, ++#endif + #if ENABLE_EFI + { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + is_efi_boot, MNT_NONE }, +-- +2.27.0 + diff --git a/backport-nspawn-guard-acl_free-with-a-NULL-check.patch b/backport-nspawn-guard-acl_free-with-a-NULL-check.patch new file mode 100644 index 0000000..585e12e --- /dev/null +++ b/backport-nspawn-guard-acl_free-with-a-NULL-check.patch @@ -0,0 +1,36 @@ +From 1d0921354ab975910c44ac0d646661323bca8717 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 6 Jan 2023 12:30:36 +0100 +Subject: [PATCH] nspawn: guard acl_free() with a NULL check + +Inspired by #25957 there's one other place where we don't guard +acl_free() calls with a NULL check. + +Fix that. + +(cherry picked from commit 34680637e838415204850f77c93ca6ca219abaf1) +(cherry picked from commit 4dabf90526d4573144a51bdd87c1203b25265b33) +(cherry picked from commit d8b4ac7a1783a29435cb3dfee3dfdee37c1b1ac8) +(cherry picked from commit 3a9fe8e7687ed3b2b563c6b2237d2b62a79f79e6) +--- + src/nspawn/nspawn-patch-uid.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-patch-uid.c b/src/nspawn/nspawn-patch-uid.c +index 785332e091..321caf066b 100644 +--- a/src/nspawn/nspawn-patch-uid.c ++++ b/src/nspawn/nspawn-patch-uid.c +@@ -189,7 +189,9 @@ static int patch_acls(int fd, const char *name, const struct stat *st, uid_t shi + + if (S_ISDIR(st->st_mode)) { + acl_free(acl); +- acl_free(shifted); ++ ++ if (shifted) ++ acl_free(shifted); + + acl = shifted = NULL; + +-- +2.27.0 + diff --git a/backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch b/backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch new file mode 100644 index 0000000..aef1bce --- /dev/null +++ b/backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch @@ -0,0 +1,37 @@ +From 3aa1cf93ad9eff91e8d26fb4628ac33b620b6b28 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 6 Jan 2023 11:27:17 +0100 +Subject: [PATCH] sd-event: don't mistake USEC_INFINITY passed in for overflow + +Let's pass USEC_INFINITY from sd_event_source_set_time_relative() to +sd_event_source_set_time() instead of raising EOVERFLOW. + +We should raise EOVERFLOW only if your addition fails, but not if the +input already is USEC_INFINITY, since it's an entirely valid operation +to have an infinite time-out, and we should support that. + +(cherry picked from commit ef8591951aefccb668201f24aa481aa6cda834da) +(cherry picked from commit 9769d84fe51573b4f2d5cb8f76664e886c7daf88) +(cherry picked from commit 5fe49d0fb88b779d5096713627ce54757bff70b2) +(cherry picked from commit 33036c403225ad0c88c9e5a9058aea69ff6ed9bc) +--- + src/libsystemd/sd-event/sd-event.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 4ba7151050..19e7680687 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -2611,6 +2611,9 @@ _public_ int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec + assert_return(s, -EINVAL); + assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM); + ++ if (usec == USEC_INFINITY) ++ return sd_event_source_set_time(s, USEC_INFINITY); ++ + r = sd_event_now(s->event, event_source_type_to_clock(s->type), &t); + if (r < 0) + return r; +-- +2.27.0 + diff --git a/backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch b/backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch new file mode 100644 index 0000000..fb953ee --- /dev/null +++ b/backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch @@ -0,0 +1,34 @@ +From b369b5884d52e5fd5fde0de78323d16a969df9d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 19 Dec 2022 14:36:08 +0100 +Subject: [PATCH] sd-event: never pass negative errnos as signalfd to signalfd + +We treat any negative value as "invalid fd", but signalfd only +accepts -1. + +(cherry picked from commit cbff793ffb280d9d11e5d7b1dc3964276491bee8) +(cherry picked from commit 54c840ea58c578060e941f754a4fed2931483820) +(cherry picked from commit 4178457f0ec07452f856894988e5490bbc91cc36) +(cherry picked from commit 0accce1b1c5d67e4183cb67f0bbbaaf7fc50c9f6) +--- + src/libsystemd/sd-event/sd-event.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 20ffd38eff..4ba7151050 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -649,7 +649,9 @@ static int event_make_signal_data( + ss_copy = d->sigset; + assert_se(sigaddset(&ss_copy, sig) >= 0); + +- r = signalfd(d->fd, &ss_copy, SFD_NONBLOCK|SFD_CLOEXEC); ++ r = signalfd(d->fd >= 0 ? d->fd : -1, /* the first arg must be -1 or a valid signalfd */ ++ &ss_copy, ++ SFD_NONBLOCK|SFD_CLOEXEC); + if (r < 0) { + r = -errno; + goto fail; +-- +2.27.0 + diff --git a/backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch b/backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch new file mode 100644 index 0000000..6f491d5 --- /dev/null +++ b/backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch @@ -0,0 +1,33 @@ +From 316382fb90c7018b5309bacf66c5f18488c2a3c4 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Mon, 12 Dec 2022 16:21:30 +0100 +Subject: [PATCH] swap: tell swapon to reinitialize swap if needed + +If the page size of a swap space doesn't match the page size of the +currently running kernel, swapon will fail. Let's instruct it to +reinitialize the swap space instead. + +(cherry picked from commit cc137d53e36da5e57b060be5e621864f572b2cac) +(cherry picked from commit a0ac79bce9255cf33b0f208b18d888f0f700133c) +(cherry picked from commit 8be5a12c7170ed7e7b4303c16573e463ef997e23) +(cherry picked from commit f8201271fdaef4e3a68efac8a21e9f195e4e4a6b) +--- + src/core/swap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/swap.c b/src/core/swap.c +index 3843b19500..83e77d24ae 100644 +--- a/src/core/swap.c ++++ b/src/core/swap.c +@@ -836,7 +836,7 @@ static void swap_enter_activating(Swap *s) { + } + } + +- r = exec_command_set(s->control_command, "/sbin/swapon", NULL); ++ r = exec_command_set(s->control_command, "/sbin/swapon", "--fixpgsz", NULL); + if (r < 0) + goto fail; + +-- +2.27.0 + diff --git a/backport-tmpfiles-avoid-null-free-for-acl-attributes.patch b/backport-tmpfiles-avoid-null-free-for-acl-attributes.patch new file mode 100644 index 0000000..c7cddb3 --- /dev/null +++ b/backport-tmpfiles-avoid-null-free-for-acl-attributes.patch @@ -0,0 +1,57 @@ +From 85e06ba8753e767d9f28550bf9f6b0d2e971b296 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Fri, 6 Jan 2023 10:58:32 +0000 +Subject: [PATCH] tmpfiles: avoid null free() for acl attributes + +When built with ACL support, we might be processing a tmpfiles +entry where there's no cause for us to call parse_acls_from_arg, +then we get to the end of parse_line without having ever populated +i.{acl_access, acl_default}. + +Then we pass a null pointer into acl_free(). + +From UBSAN w/ GCC 13.0.0_pre20230101: +``` +$ systemd-tmpfiles --clean +/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer + #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 + #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 + #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 + #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 + #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 + #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 + #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 + #7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) + #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) + #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) +``` + +(cherry picked from commit 9f804ab04d566ff745849e1c4ced680a0447cf76) +(cherry picked from commit a11a949c43def70ec5d3f57f561884c3f652603e) +(cherry picked from commit 455193605d22a171c0f9b599a105be9ac18f433f) +(cherry picked from commit 0e711b7c06fc8b1290adcd38b4bb8faaa49ab764) +--- + src/tmpfiles/tmpfiles.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 1bfb1cbe16..461dfe5a5f 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -2683,8 +2683,11 @@ static void item_free_contents(Item *i) { + strv_free(i->xattrs); + + #if HAVE_ACL +- acl_free(i->acl_access); +- acl_free(i->acl_default); ++ if (i->acl_access) ++ acl_free(i->acl_access); ++ ++ if (i->acl_default) ++ acl_free(i->acl_default); + #endif + } + +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index 530fe9c..0f1624d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 249 -Release: 46 +Release: 47 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -440,6 +440,13 @@ Patch6392: backport-mount-util-fix-error-code.patch Patch6393: backport-analyze-add-forgotten-return-statement.patch Patch6394: backport-shared-condition-avoid-nss-lookup-in-PID1.patch Patch6395: backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch +Patch6396: backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch +Patch6397: backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch +Patch6398: backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch +Patch6399: backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch +Patch6400: backport-tmpfiles-avoid-null-free-for-acl-attributes.patch +Patch6401: backport-nspawn-guard-acl_free-with-a-NULL-check.patch +Patch6402: backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch Patch9001: update-rtc-with-system-clock-when-shutdown.patch Patch9002: udev-add-actions-while-rename-netif-failed.patch @@ -1910,6 +1917,9 @@ fi %{_libdir}/security/pam_systemd.so %changelog +* Mon Mar 6 2023 hongjinghao -249-47 +- backport patches from upstream and add patches + * Thu Jan 19 2023 yangmingtai -249-46 - delete unused patch files