Merge pull request #9504 from poettering/nss-deadlock

some nss deadlock love

1 files changed, 44 insertions, 0 deletions

diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c
index 9b81cd9ad1..3d1fc28353 100644
--- a/src/nss-mymachines/nss-mymachines.c
+++ b/src/nss-mymachines/nss-mymachines.c
@@ -63,6 +63,20 @@ static int count_addresses(sd_bus_message *m, int af, unsigned *ret) {
         return 0;
 }
 
+static bool avoid_deadlock(void) {
+
+        /* Check whether this lookup might have a chance of deadlocking because we are called from the service manager
+         * code activating systemd-machined.service. After all, we shouldn't synchronously do lookups to
+         * systemd-machined if we are required to finish before it can be started. This of course won't detect all
+         * possible dead locks of this kind, but it should work for the most obvious cases. */
+
+        if (geteuid() != 0) /* Ignore the env vars unless we are privileged. */
+                return false;
+
+        return streq_ptr(getenv("SYSTEMD_ACTIVATION_UNIT"), "systemd-machined.service") &&
+               streq_ptr(getenv("SYSTEMD_ACTIVATION_SCOPE"), "system");
+}
+
 enum nss_status _nss_mymachines_gethostbyname4_r(
                 const char *name,
                 struct gaih_addrtuple **pat,
@@ -103,6 +117,11 @@ enum nss_status _nss_mymachines_gethostbyname4_r(
                 goto fail;
         }
 
+        if (avoid_deadlock()) {
+                r = -EDEADLK;
+                goto fail;
+        }
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -255,6 +274,11 @@ enum nss_status _nss_mymachines_gethostbyname3_r(
                 goto fail;
         }
 
+        if (avoid_deadlock()) {
+                r = -EDEADLK;
+                goto fail;
+        }
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -425,6 +449,11 @@ enum nss_status _nss_mymachines_getpwnam_r(
                  * running on the host. */
                 return NSS_STATUS_NOTFOUND;
 
+        if (avoid_deadlock()) {
+                r = -EDEADLK;
+                goto fail;
+        }
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -502,6 +531,11 @@ enum nss_status _nss_mymachines_getpwuid_r(
         if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 return NSS_STATUS_NOTFOUND;
 
+        if (avoid_deadlock()) {
+                r = -EDEADLK;
+                goto fail;
+        }
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -594,6 +628,11 @@ enum nss_status _nss_mymachines_getgrnam_r(
         if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 return NSS_STATUS_NOTFOUND;
 
+        if (avoid_deadlock()) {
+                r = -EDEADLK;
+                goto fail;
+        }
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -668,6 +707,11 @@ enum nss_status _nss_mymachines_getgrgid_r(
         if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
                 return NSS_STATUS_NOTFOUND;
 
+        if (avoid_deadlock()) {
+                r = -EDEADLK;
+                goto fail;
+        }
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;