diff options
96 files changed, 1055 insertions, 820 deletions
@@ -219,9 +219,10 @@ REQUIREMENTS: Note that the build prefix for systemd must be /usr. (Moreover, packages systemd relies on — such as D-Bus — really should use the same prefix, otherwise you are on your own.) -Dsplit-usr=false (which is the - default and does not need to be specified) is the recommended setting, - and -Dsplit-usr=true should be used on systems which have /usr on a - separate partition. + default and does not need to be specified) is the recommended setting. + -Dsplit-usr=true can be used to give a semblance of support for systems + with programs installed split between / and /usr. Moving everything + under /usr is strongly encouraged. Additional packages are necessary to run some tests: - busybox (used by test/TEST-13-NSPAWN-SMOKE) diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md index 50b9a42fa1..5037060254 100644 --- a/docs/TRANSIENT-SETTINGS.md +++ b/docs/TRANSIENT-SETTINGS.md @@ -272,7 +272,7 @@ All cgroup/resource control settings are available for transient units ✓ IPAddressDeny= ✓ ManagedOOMSwap= ✓ ManagedOOMMemoryPressure= -✓ ManagedOOMMemoryPressureLimitPercent= +✓ ManagedOOMMemoryPressureLimit= ``` ## Process Killing Settings diff --git a/man/oomd.conf.xml b/man/oomd.conf.xml index bb5da87c54..2a12be8cad 100644 --- a/man/oomd.conf.xml +++ b/man/oomd.conf.xml @@ -59,10 +59,10 @@ </varlistentry> <varlistentry> - <term><varname>DefaultMemoryPressureLimitPercent=</varname></term> + <term><varname>DefaultMemoryPressureLimit=</varname></term> <listitem><para>Sets the limit for memory pressure on the unit's cgroup before <command>systemd-oomd</command> - will take action. A unit can override this value with <varname>ManagedOOMMemoryPressureLimitPercent=</varname>. + will take action. A unit can override this value with <varname>ManagedOOMMemoryPressureLimit=</varname>. The memory pressure for this property represents the fraction of time in a 10 second window in which all tasks in the cgroup were delayed. For each monitored cgroup, if the memory pressure on that cgroup exceeds the limit set for longer than the duration set by <varname>DefaultMemoryPressureDurationSec=</varname>, @@ -78,7 +78,7 @@ <listitem><para>Sets the amount of time a unit's cgroup needs to have exceeded memory pressure limits before <command>systemd-oomd</command> will take action. Memory pressure limits are defined by - <varname>DefaultMemoryPressureLimitPercent=</varname> and <varname>ManagedOOMMemoryPressureLimitPercent=</varname>. + <varname>DefaultMemoryPressureLimit=</varname> and <varname>ManagedOOMMemoryPressureLimit=</varname>. Defaults to 30 seconds when this property is unset or set to 0.</para></listitem> </varlistentry> diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 6783d19b21..7543a617b7 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -2449,7 +2449,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ManagedOOMMemoryPressure = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s ManagedOOMMemoryPressureLimitPercent = '...'; + readonly u ManagedOOMMemoryPressureLimitPermyriad = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as Environment = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") @@ -2972,7 +2972,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { <!--property ManagedOOMMemoryPressure is not documented!--> - <!--property ManagedOOMMemoryPressureLimitPercent is not documented!--> + <!--property ManagedOOMMemoryPressureLimitPermyriad is not documented!--> <!--property EnvironmentFiles is not documented!--> @@ -3536,7 +3536,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/> - <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPercent"/> + <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPermyriad"/> <variablelist class="dbus-property" generated="True" extra-ref="Environment"/> @@ -4203,7 +4203,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ManagedOOMMemoryPressure = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s ManagedOOMMemoryPressureLimitPercent = '...'; + readonly u ManagedOOMMemoryPressureLimitPermyriad = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as Environment = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") @@ -4754,7 +4754,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { <!--property ManagedOOMMemoryPressure is not documented!--> - <!--property ManagedOOMMemoryPressureLimitPercent is not documented!--> + <!--property ManagedOOMMemoryPressureLimitPermyriad is not documented!--> <!--property EnvironmentFiles is not documented!--> @@ -5316,7 +5316,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/> - <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPercent"/> + <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPermyriad"/> <variablelist class="dbus-property" generated="True" extra-ref="Environment"/> @@ -5896,7 +5896,7 @@ node /org/freedesktop/systemd1/unit/home_2emount { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ManagedOOMMemoryPressure = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s ManagedOOMMemoryPressureLimitPercent = '...'; + readonly u ManagedOOMMemoryPressureLimitPermyriad = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as Environment = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") @@ -6375,7 +6375,7 @@ node /org/freedesktop/systemd1/unit/home_2emount { <!--property ManagedOOMMemoryPressure is not documented!--> - <!--property ManagedOOMMemoryPressureLimitPercent is not documented!--> + <!--property ManagedOOMMemoryPressureLimitPermyriad is not documented!--> <!--property EnvironmentFiles is not documented!--> @@ -6855,7 +6855,7 @@ node /org/freedesktop/systemd1/unit/home_2emount { <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/> - <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPercent"/> + <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPermyriad"/> <variablelist class="dbus-property" generated="True" extra-ref="Environment"/> @@ -7556,7 +7556,7 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ManagedOOMMemoryPressure = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s ManagedOOMMemoryPressureLimitPercent = '...'; + readonly u ManagedOOMMemoryPressureLimitPermyriad = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly as Environment = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") @@ -8021,7 +8021,7 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { <!--property ManagedOOMMemoryPressure is not documented!--> - <!--property ManagedOOMMemoryPressureLimitPercent is not documented!--> + <!--property ManagedOOMMemoryPressureLimitPermyriad is not documented!--> <!--property EnvironmentFiles is not documented!--> @@ -8487,7 +8487,7 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/> - <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPercent"/> + <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPermyriad"/> <variablelist class="dbus-property" generated="True" extra-ref="Environment"/> @@ -9041,7 +9041,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ManagedOOMMemoryPressure = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s ManagedOOMMemoryPressureLimitPercent = '...'; + readonly u ManagedOOMMemoryPressureLimitPermyriad = ...; }; interface org.freedesktop.DBus.Peer { ... }; interface org.freedesktop.DBus.Introspectable { ... }; @@ -9176,7 +9176,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice { <!--property ManagedOOMMemoryPressure is not documented!--> - <!--property ManagedOOMMemoryPressureLimitPercent is not documented!--> + <!--property ManagedOOMMemoryPressureLimitPermyriad is not documented!--> <!--Autogenerated cross-references for systemd.directives, do not edit--> @@ -9316,7 +9316,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice { <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/> - <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPercent"/> + <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPermyriad"/> <!--End of Autogenerated section--> @@ -9476,7 +9476,7 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ManagedOOMMemoryPressure = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") - readonly s ManagedOOMMemoryPressureLimitPercent = '...'; + readonly u ManagedOOMMemoryPressureLimitPermyriad = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly s KillMode = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") @@ -9627,7 +9627,7 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { <!--property ManagedOOMMemoryPressure is not documented!--> - <!--property ManagedOOMMemoryPressureLimitPercent is not documented!--> + <!--property ManagedOOMMemoryPressureLimitPermyriad is not documented!--> <!--property KillMode is not documented!--> @@ -9793,7 +9793,7 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressure"/> - <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPercent"/> + <variablelist class="dbus-property" generated="True" extra-ref="ManagedOOMMemoryPressureLimitPermyriad"/> <variablelist class="dbus-property" generated="True" extra-ref="KillMode"/> diff --git a/man/standard-conf.xml b/man/standard-conf.xml index 69cd7b0c0f..edb7887b4f 100644 --- a/man/standard-conf.xml +++ b/man/standard-conf.xml @@ -41,33 +41,30 @@ <refsection id='main-conf'> <title>Configuration Directories and Precedence</title> - <para>The default configuration is defined during compilation, so a - configuration file is only needed when it is necessary to deviate - from those defaults. By default, the configuration file in - <filename>/etc/systemd/</filename> contains commented out entries - showing the defaults as a guide to the administrator. This file - can be edited to create local overrides. + <para>The default configuration is set during compilation, so configuration is only needed when it is + necessary to deviate from those defaults. Initially, the main configuration file in + <filename>/etc/systemd/</filename> contains commented out entries showing the defaults as a guide to the + administrator. Local overrides can be created by editing this file or by creating drop-ins, see below. </para> - <para>When packages need to customize the configuration, they can install configuration snippets in - <filename>/usr/lib/systemd/*.conf.d/</filename> or <filename>/usr/local/lib/systemd/*.conf.d/</filename>. - The main configuration file is read before any of the configuration directories, and has the lowest - precedence; entries in a file in any configuration directory override entries in the single configuration - file. Files in the <filename>*.conf.d/</filename> configuration subdirectories are sorted by their - filename in lexicographic order, regardless of in which of the subdirectories they reside. When multiple - files specify the same option, for options which accept just a single value, the entry in the file with - the lexicographically latest name takes precedence. For options which accept a list of values, entries - are collected as they occur in files sorted lexicographically.</para> + <para>In addition to the "main" configuration file, drop-in configuration snippets are read from + <filename>/usr/lib/systemd/*.conf.d/</filename>, <filename>/usr/local/lib/systemd/*.conf.d/</filename>, + and <filename>/etc/systemd/*.conf.d/</filename>. Those drop-ins have higher precedence and override the + main configuration file. Files in the <filename>*.conf.d/</filename> configuration subdirectories are + sorted by their filename in lexicographic order, regardless of in which of the subdirectories they + reside. When multiple files specify the same option, for options which accept just a single value, the + entry in the file sorted last takes precedence, and for options which accept a list of values, entries + are collected as they occur in the sorted files.</para> - <para>Files in <filename>/etc/</filename> are reserved for the local administrator, who may use this - logic to override the configuration files installed by vendor packages. It is recommended to prefix all - filenames in those subdirectories with a two-digit number and a dash, to simplify the ordering of the - files.</para> + <para>When packages need to customize the configuration, they can install drop-ins under + <filename>/usr/</filename>. Files in <filename>/etc/</filename> are reserved for the local administrator, + who may use this logic to override the configuration files installed by vendor packages. Drop-ins have to + be used to override package drop-ins, since the main configuration file has lower precedence. It is + recommended to prefix all filenames in those subdirectories with a two-digit number and a dash, to + simplify the ordering of the files.</para> - <para>To disable a configuration file supplied by the vendor, the - recommended way is to place a symlink to - <filename>/dev/null</filename> in the configuration directory in - <filename>/etc/</filename>, with the same filename as the vendor - configuration file.</para> + <para>To disable a configuration file supplied by the vendor, the recommended way is to place a symlink + to <filename>/dev/null</filename> in the configuration directory in <filename>/etc/</filename>, with the + same filename as the vendor configuration file.</para> </refsection> </refsection> diff --git a/man/systemd.link.xml b/man/systemd.link.xml index 0b7055bf59..93f7191b33 100644 --- a/man/systemd.link.xml +++ b/man/systemd.link.xml @@ -410,7 +410,21 @@ </listitem> </varlistentry> <varlistentry> - <term><varname>TxQueueLength=</varname></term> + <term><varname>TransmitQueues=</varname></term> + <listitem> + <para>Specifies the device's number of transmit queues. An integer in the range 1…4096. + When unset, the kernel's default will be used.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><varname>ReceiveQueues=</varname></term> + <listitem> + <para>Specifies the device's number of receive queues. An integer in the range 1…4096. + When unset, the kernel's default will be used.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><varname>TransmitQueueLength=</varname></term> <listitem> <para>Specifies the transmit queue length of the device in number of packets. An unsigned integer in the range 0…4294967294. When unset, the kernel's default will be used.</para> diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 8e7b190638..606a2dd5db 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -216,20 +216,6 @@ </listitem> </varlistentry> <varlistentry> - <term><varname>TransmitQueues=</varname></term> - <listitem> - <para>Specifies the devices's number of transmit queues. An integer in the range 1…4096. - When unset, the kernel's default will be used.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><varname>ReceiveQueues=</varname></term> - <listitem> - <para>Specifies the devices's number of receive queues. An integer in the range 1…4096. - When unset, the kernel's default will be used.</para> - </listitem> - </varlistentry> - <varlistentry> <term><varname>RequiredForOnline=</varname></term> <listitem> <para>Takes a boolean or a minimum operational state and an optional maximum operational state. diff --git a/man/systemd.preset.xml b/man/systemd.preset.xml index cbd89daf16..64333a3216 100644 --- a/man/systemd.preset.xml +++ b/man/systemd.preset.xml @@ -168,7 +168,7 @@ disable *</programlisting> </refsect1> <refsect1> - <title>Motiviation for the preset logic</title> + <title>Motivation for the preset logic</title> <para>Different distributions have different policies on which services shall be enabled by default when the package they are shipped in is installed. On Fedora all services stay off by default, so that diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 2e547d8b82..be9c35057d 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -901,7 +901,7 @@ DeviceAllow=/dev/loop-control </varlistentry> <varlistentry> - <term><varname>ManagedOOMMemoryPressureLimitPercent=</varname></term> + <term><varname>ManagedOOMMemoryPressureLimit=</varname></term> <listitem> <para>Overrides the default memory pressure limit set by diff --git a/meson.build b/meson.build index 01eeeb750e..62b11aba2d 100644 --- a/meson.build +++ b/meson.build @@ -68,6 +68,11 @@ if get_option('split-usr') == 'auto' else split_usr = get_option('split-usr') == 'true' endif +if split_usr + warning('\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n\n\n' + + ' split-usr mode is going to be removed\n' + + '\n\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') +endif conf.set10('HAVE_SPLIT_USR', split_usr, description : '/usr/bin and /bin directories are separate') @@ -4,15 +4,15 @@ # Sebastian Rasmussen <sebras@gmail.com>, 2015. # Andreas Henriksson <andreas@fatal.se>, 2016. # Josef Andersson <l10nl18nsweja@gmail.com>, 2015, 2017. -# Göran Uddeborg <goeran@uddeborg.se>, 2020. +# Göran Uddeborg <goeran@uddeborg.se>, 2020, 2021. # Luna Jernberg <bittin@reimu.nl>, 2020. msgid "" msgstr "" "Project-Id-Version: systemd master\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-01-08 17:48+0100\n" -"PO-Revision-Date: 2020-12-16 12:36+0000\n" -"Last-Translator: Luna Jernberg <bittin@reimu.nl>\n" +"PO-Revision-Date: 2021-02-03 18:40+0000\n" +"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/systemd/" "master/sv/>\n" "Language: sv\n" @@ -20,7 +20,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.3.2\n" +"X-Generator: Weblate 4.4.2\n" #: src/core/org.freedesktop.systemd1.policy.in:22 msgid "Send passphrase back to system" @@ -72,69 +72,54 @@ msgstr "Autentisering krävs för att läsa om tillståndet för systemd." #: src/home/org.freedesktop.home1.policy:13 msgid "Create a home area" -msgstr "" +msgstr "Skapa en hemarea" #: src/home/org.freedesktop.home1.policy:14 -#, fuzzy -#| msgid "Authentication is required to reload the systemd state." msgid "Authentication is required to create a user's home area." -msgstr "Autentisering krävs för att läsa om tillståndet för systemd." +msgstr "Autentisering krävs för att skapa en användares hemarea." #: src/home/org.freedesktop.home1.policy:23 msgid "Remove a home area" -msgstr "" +msgstr "Ta bort en hemarea" #: src/home/org.freedesktop.home1.policy:24 -#, fuzzy -#| msgid "Authentication is required to reload the systemd state." msgid "Authentication is required to remove a user's home area." -msgstr "Autentisering krävs för att läsa om tillståndet för systemd." +msgstr "Autentisering krävs för att ta bort en användares hemarea." #: src/home/org.freedesktop.home1.policy:33 msgid "Check credentials of a home area" -msgstr "" +msgstr "Kontrollera kreditiven för en hemarea" #: src/home/org.freedesktop.home1.policy:34 -#, fuzzy -#| msgid "" -#| "Authentication is required to manage active sessions, users and seats." msgid "" "Authentication is required to check credentials against a user's home area." msgstr "" -"Autentisering krävs för att hantera aktiva sessioner, användare och platser." +"Autentisering krävs för att kontrollera kreditiven mot en användares hemarea." #: src/home/org.freedesktop.home1.policy:43 msgid "Update a home area" -msgstr "" +msgstr "Uppdatera en hemarea" #: src/home/org.freedesktop.home1.policy:44 -#, fuzzy -#| msgid "Authentication is required to attach a device to a seat." msgid "Authentication is required to update a user's home area." -msgstr "Autentisering krävs för att binda en enhet till en plats." +msgstr "Autentisering krävs för att uppdatera en användares hemarea." #: src/home/org.freedesktop.home1.policy:53 msgid "Resize a home area" -msgstr "" +msgstr "Ändra storlek på en hemarea" #: src/home/org.freedesktop.home1.policy:54 -#, fuzzy -#| msgid "Authentication is required to set a wall message" msgid "Authentication is required to resize a user's home area." -msgstr "Autentisering krävs för att ställa in ett väggmeddelande" +msgstr "Autentisering krävs för att ändra storlek på en hemarea." #: src/home/org.freedesktop.home1.policy:63 msgid "Change password of a home area" -msgstr "" +msgstr "Ändra lösenord för en hemarea" #: src/home/org.freedesktop.home1.policy:64 -#, fuzzy -#| msgid "" -#| "Authentication is required to manage active sessions, users and seats." msgid "" "Authentication is required to change the password of a user's home area." -msgstr "" -"Autentisering krävs för att hantera aktiva sessioner, användare och platser." +msgstr "Autentisering krävs för att ändra lösenorded för en användares hemarea." #: src/hostname/org.freedesktop.hostname1.policy:20 msgid "Set hostname" @@ -166,13 +151,11 @@ msgstr "Autentisering krävs för att ställa in lokal datorinformation." #: src/hostname/org.freedesktop.hostname1.policy:51 msgid "Get product UUID" -msgstr "" +msgstr "Hämta produkt-UUID" #: src/hostname/org.freedesktop.hostname1.policy:52 -#, fuzzy -#| msgid "Authentication is required to reload '$(unit)'." msgid "Authentication is required to get product UUID." -msgstr "Autentisering krävs för att läsa om tillståndet för \"$(unit)\"." +msgstr "Autentisering krävs för att hämta produkt-UUID." #: src/import/org.freedesktop.import1.policy:22 msgid "Import a VM or container image" @@ -316,22 +299,16 @@ msgstr "" "av brytaren för datorhöljet." #: src/login/org.freedesktop.login1.policy:117 -#, fuzzy -#| msgid "Allow applications to inhibit system handling of the power key" msgid "Allow applications to inhibit system handling of the reboot key" -msgstr "Tillåt program att hindra systemhantering av strömknappen" +msgstr "Tillåt program att hindra systemhantering av omstartsknappen" #: src/login/org.freedesktop.login1.policy:118 -#, fuzzy -#| msgid "" -#| "Authentication is required for an application to inhibit system handling " -#| "of the power key." msgid "" "Authentication is required for an application to inhibit system handling of " "the reboot key." msgstr "" "Autentisering krävs för att tillåta ett program att hindra systemhantering " -"av strömknappen." +"av omstartsknappen." #: src/login/org.freedesktop.login1.policy:128 msgid "Allow non-logged-in user to run programs" @@ -457,16 +434,11 @@ msgid "Halt the system while an application is inhibiting this" msgstr "Stoppa systemet även då ett program hindrar det" #: src/login/org.freedesktop.login1.policy:258 -#, fuzzy -#| msgid "" -#| "Authentication is required to hibernate the system while an application " -#| "is inhibiting this." msgid "" "Authentication is required to halt the system while an application is " "inhibiting this." msgstr "" -"Autentisering krävs för att försätta ett program i viloläge även då ett " -"program hindrar det." +"Autentisering krävs för att stoppa systemet även då ett program hindrar det." #: src/login/org.freedesktop.login1.policy:268 msgid "Suspend the system" @@ -497,8 +469,8 @@ msgid "" "Authentication is required to suspend the system while an application is " "inhibiting this." msgstr "" -"Autentisering krävs för att försätta ett program i vänteläge även då ett " -"program hindrar det." +"Autentisering krävs för att försätta systemet i sovläge även då ett program " +"hindrar det." #: src/login/org.freedesktop.login1.policy:300 msgid "Hibernate the system" @@ -529,8 +501,8 @@ msgid "" "Authentication is required to hibernate the system while an application is " "inhibiting this." msgstr "" -"Autentisering krävs för att försätta ett program i viloläge även då ett " -"program hindrar det." +"Autentisering krävs för att försätta systemet i viloläge även då ett program " +"hindrar det." #: src/login/org.freedesktop.login1.policy:332 msgid "Manage active sessions, users and seats" @@ -551,20 +523,17 @@ msgstr "Autentisering krävs för att låsa eller låsa upp aktiva sessioner." #: src/login/org.freedesktop.login1.policy:352 msgid "Set the reboot \"reason\" in the kernel" -msgstr "" +msgstr "Sätt ”orsaken” för omstart i kärnan" #: src/login/org.freedesktop.login1.policy:353 -#, fuzzy -#| msgid "Authentication is required to set the system timezone." msgid "Authentication is required to set the reboot \"reason\" in the kernel." -msgstr "Autentisering krävs för att ställa in systemets tidszon." +msgstr "Autentisering krävs för att ställa in ”orsaken” för omstart i kärnan." #: src/login/org.freedesktop.login1.policy:363 -#, fuzzy -#| msgid "Allow indication to the firmware to boot to setup interface" msgid "Indicate to the firmware to boot to setup interface" msgstr "" -"Tillåt indikering till firmware att starta upp i inställningsgränssnitt" +"Indikera till den fasta programvaran att starta upp i " +"inställningsgränssnittet" #: src/login/org.freedesktop.login1.policy:364 msgid "" @@ -576,35 +545,27 @@ msgstr "" #: src/login/org.freedesktop.login1.policy:374 msgid "Indicate to the boot loader to boot to the boot loader menu" -msgstr "" +msgstr "Indikera till den startprogrammet att starta upp i uppstartsladdmenyn" #: src/login/org.freedesktop.login1.policy:375 -#, fuzzy -#| msgid "" -#| "Authentication is required to indicate to the firmware to boot to setup " -#| "interface." msgid "" "Authentication is required to indicate to the boot loader to boot to the " "boot loader menu." msgstr "" -"Autentisering krävs för att indikera till firmware att starta upp till " -"inställningsgränssnitt." +"Autentisering krävs för att indikera till uppstartsladdaren att starta upp " +"uppstartsladdmenyn." #: src/login/org.freedesktop.login1.policy:385 msgid "Indicate to the boot loader to boot a specific entry" -msgstr "" +msgstr "Indikera till uppstartsladdaren att starta en specifik post" #: src/login/org.freedesktop.login1.policy:386 -#, fuzzy -#| msgid "" -#| "Authentication is required to indicate to the firmware to boot to setup " -#| "interface." msgid "" "Authentication is required to indicate to the boot loader to boot into a " "specific boot loader entry." msgstr "" -"Autentisering krävs för att indikera till firmware att starta upp till " -"inställningsgränssnitt." +"Autentisering krävs för att indikera till uppstartsladdaren att starta upp " +"till en specifik uppstartsladdspost." #: src/login/org.freedesktop.login1.policy:396 msgid "Set a wall message" @@ -616,13 +577,11 @@ msgstr "Autentisering krävs för att ställa in ett väggmeddelande" #: src/login/org.freedesktop.login1.policy:406 msgid "Change Session" -msgstr "" +msgstr "Ändra session" #: src/login/org.freedesktop.login1.policy:407 -#, fuzzy -#| msgid "Authentication is required to halt the system." msgid "Authentication is required to change the virtual terminal." -msgstr "Autentisering krävs för att stoppa systemet." +msgstr "Autentisering krävs för att ändra den virtuella terminalen." #: src/machine/org.freedesktop.machine1.policy:22 msgid "Log into a local container" @@ -701,7 +660,7 @@ msgstr "" #: src/network/org.freedesktop.network1.policy:22 msgid "Set NTP servers" -msgstr "" +msgstr "Ange NTP-servrar" #: src/network/org.freedesktop.network1.policy:23 msgid "Authentication is required to set NTP servers." @@ -710,7 +669,7 @@ msgstr "Autentisering krävs för ställa in NTP-servrar." #: src/network/org.freedesktop.network1.policy:33 #: src/resolve/org.freedesktop.resolve1.policy:44 msgid "Set DNS servers" -msgstr "" +msgstr "Ange DNS-servrar" #: src/network/org.freedesktop.network1.policy:34 #: src/resolve/org.freedesktop.resolve1.policy:45 @@ -720,26 +679,22 @@ msgstr "Autentisering krävs för ställa in DNS-servrar." #: src/network/org.freedesktop.network1.policy:44 #: src/resolve/org.freedesktop.resolve1.policy:55 msgid "Set domains" -msgstr "" +msgstr "Ange domäner" #: src/network/org.freedesktop.network1.policy:45 #: src/resolve/org.freedesktop.resolve1.policy:56 -#, fuzzy -#| msgid "Authentication is required to stop '$(unit)'." msgid "Authentication is required to set domains." -msgstr "Autentisering krävs för att stoppa \"$(unit)\"." +msgstr "Autentisering krävs för att ange domäner." #: src/network/org.freedesktop.network1.policy:55 #: src/resolve/org.freedesktop.resolve1.policy:66 msgid "Set default route" -msgstr "" +msgstr "Ange standardrutt" #: src/network/org.freedesktop.network1.policy:56 #: src/resolve/org.freedesktop.resolve1.policy:67 -#, fuzzy -#| msgid "Authentication is required to set the local hostname." msgid "Authentication is required to set default route." -msgstr "Autentisering krävs för att ställa in lokalt värdnamn." +msgstr "Autentisering krävs för att ange standardrutten." #: src/network/org.freedesktop.network1.policy:66 #: src/resolve/org.freedesktop.resolve1.policy:77 @@ -748,10 +703,8 @@ msgstr "Aktivera/inaktivera LLMNR" #: src/network/org.freedesktop.network1.policy:67 #: src/resolve/org.freedesktop.resolve1.policy:78 -#, fuzzy -#| msgid "Authentication is required to hibernate the system." msgid "Authentication is required to enable or disable LLMNR." -msgstr "Autentisering krävs för att försätta systemet i viloläge." +msgstr "Autentisering krävs för att aktivera eller avaktivera LLMNR." #: src/network/org.freedesktop.network1.policy:77 #: src/resolve/org.freedesktop.resolve1.policy:88 @@ -760,10 +713,8 @@ msgstr "Aktivera/inaktivera multicast-DNS" #: src/network/org.freedesktop.network1.policy:78 #: src/resolve/org.freedesktop.resolve1.policy:89 -#, fuzzy -#| msgid "Authentication is required to log into the local host." msgid "Authentication is required to enable or disable multicast DNS." -msgstr "Autentisering krävs för att logga in på den lokala värden" +msgstr "Autentisering krävs för att aktivera eller avaktivera multicast-DNS." #: src/network/org.freedesktop.network1.policy:88 #: src/resolve/org.freedesktop.resolve1.policy:99 @@ -772,10 +723,8 @@ msgstr "Aktivera/inaktivera DNS över TLS" #: src/network/org.freedesktop.network1.policy:89 #: src/resolve/org.freedesktop.resolve1.policy:100 -#, fuzzy -#| msgid "Authentication is required to set the local hostname." msgid "Authentication is required to enable or disable DNS over TLS." -msgstr "Autentisering krävs för att ställa in lokalt värdnamn." +msgstr "Autentisering krävs för att aktivera eller avaktivera DNS över TLS." #: src/network/org.freedesktop.network1.policy:99 #: src/resolve/org.freedesktop.resolve1.policy:110 @@ -784,92 +733,74 @@ msgstr "Aktivera/inaktivera DNSSEC" #: src/network/org.freedesktop.network1.policy:100 #: src/resolve/org.freedesktop.resolve1.policy:111 -#, fuzzy -#| msgid "Authentication is required to hibernate the system." msgid "Authentication is required to enable or disable DNSSEC." -msgstr "Autentisering krävs för att försätta systemet i viloläge." +msgstr "Autentisering krävs för att aktivera eller avaktivera DNSSEC." #: src/network/org.freedesktop.network1.policy:110 #: src/resolve/org.freedesktop.resolve1.policy:121 msgid "Set DNSSEC Negative Trust Anchors" -msgstr "" +msgstr "Ange DNSSEC negativa förtroendeankare" #: src/network/org.freedesktop.network1.policy:111 #: src/resolve/org.freedesktop.resolve1.policy:122 -#, fuzzy -#| msgid "Authentication is required to set the system locale." msgid "Authentication is required to set DNSSEC Negative Trust Anchors." -msgstr "Autentisering krävs för att ställa in systemlokal." +msgstr "Autentisering krävs för att ange DNSSEC negativa förtroendeankare." #: src/network/org.freedesktop.network1.policy:121 msgid "Revert NTP settings" -msgstr "" +msgstr "Återställ NTP-inställningar" #: src/network/org.freedesktop.network1.policy:122 -#, fuzzy -#| msgid "Authentication is required to set the system time." msgid "Authentication is required to reset NTP settings." -msgstr "Autentisering krävs för ställa in systemtiden." +msgstr "Autentisering krävs för återställa NTP-inställningar." #: src/network/org.freedesktop.network1.policy:132 msgid "Revert DNS settings" -msgstr "" +msgstr "Återställ DNS-inställningar" #: src/network/org.freedesktop.network1.policy:133 -#, fuzzy -#| msgid "Authentication is required to set the system time." msgid "Authentication is required to reset DNS settings." -msgstr "Autentisering krävs för ställa in systemtiden." +msgstr "Autentisering krävs för att återställa DNS-inställningar." #: src/network/org.freedesktop.network1.policy:143 msgid "DHCP server sends force renew message" -msgstr "" +msgstr "DHCP-servern skickar tvingande förnyelsemeddelande" #: src/network/org.freedesktop.network1.policy:144 -#, fuzzy -#| msgid "Authentication is required to set a wall message" msgid "Authentication is required to send force renew message." -msgstr "Autentisering krävs för att ställa in ett väggmeddelande" +msgstr "Autentisering krävs för att skicka tvingande förnyelsemeddelande." #: src/network/org.freedesktop.network1.policy:154 msgid "Renew dynamic addresses" -msgstr "" +msgstr "Förnya dynamiska adresser" #: src/network/org.freedesktop.network1.policy:155 -#, fuzzy -#| msgid "Authentication is required to set a wall message" msgid "Authentication is required to renew dynamic addresses." -msgstr "Autentisering krävs för att ställa in ett väggmeddelande" +msgstr "Autentisering krävs för att förnya dynamiska adresser." #: src/network/org.freedesktop.network1.policy:165 msgid "Reload network settings" -msgstr "" +msgstr "Läs om nätverksinställningarna" #: src/network/org.freedesktop.network1.policy:166 -#, fuzzy -#| msgid "Authentication is required to reload the systemd state." msgid "Authentication is required to reload network settings." -msgstr "Autentisering krävs för att läsa om tillståndet för systemd." +msgstr "Autentisering krävs för läsa om nätverksinställningarna." #: src/network/org.freedesktop.network1.policy:176 msgid "Reconfigure network interface" -msgstr "" +msgstr "Konfigurera om nätverksgränssnitt" #: src/network/org.freedesktop.network1.policy:177 -#, fuzzy -#| msgid "Authentication is required to reboot the system." msgid "Authentication is required to reconfigure network interface." -msgstr "Autentisering krävs för att starta om systemet." +msgstr "Autentisering krävs för att konfigurera om nätverksgränssnitt." #: src/portable/org.freedesktop.portable1.policy:13 msgid "Inspect a portable service image" -msgstr "" +msgstr "Inspektera en portabel tjänsteavbild" #: src/portable/org.freedesktop.portable1.policy:14 -#, fuzzy -#| msgid "Authentication is required to import a VM or container image" msgid "Authentication is required to inspect a portable service image." -msgstr "Autentisering krävs för att importera en VM eller behållaravbildning" +msgstr "Autentisering krävs för att inspektera en portabel tjänsteavbild." #: src/portable/org.freedesktop.portable1.policy:23 msgid "Attach or detach a portable service image" diff --git a/src/basic/copy.c b/src/basic/copy.c index aa805bb8e2..aede5be991 100644 --- a/src/basic/copy.c +++ b/src/basic/copy.c @@ -391,9 +391,10 @@ static int fd_copy_symlink( uid_is_valid(override_uid) ? override_uid : st->st_uid, gid_is_valid(override_gid) ? override_gid : st->st_gid, AT_SYMLINK_NOFOLLOW) < 0) - return -errno; + r = -errno; - return 0; + (void) utimensat(dt, to, (struct timespec[]) { st->st_atim, st->st_mtim }, AT_SYMLINK_NOFOLLOW); + return r; } /* Encapsulates the database we store potential hardlink targets in */ @@ -592,7 +593,6 @@ static int fd_copy_regular( void *userdata) { _cleanup_close_ int fdf = -1, fdt = -1; - struct timespec ts[2]; int r, q; assert(from); @@ -634,9 +634,7 @@ static int fd_copy_regular( if (fchmod(fdt, st->st_mode & 07777) < 0) r = -errno; - ts[0] = st->st_atim; - ts[1] = st->st_mtim; - (void) futimens(fdt, ts); + (void) futimens(fdt, (struct timespec[]) { st->st_atim, st->st_mtim }); (void) copy_xattr(fdf, fdt); q = close(fdt); @@ -693,6 +691,8 @@ static int fd_copy_fifo( if (fchmodat(dt, to, st->st_mode & 07777, 0) < 0) r = -errno; + (void) utimensat(dt, to, (struct timespec[]) { st->st_atim, st->st_mtim }, AT_SYMLINK_NOFOLLOW); + (void) memorize_hardlink(hardlink_context, st, dt, to); return r; } @@ -739,6 +739,8 @@ static int fd_copy_node( if (fchmodat(dt, to, st->st_mode & 07777, 0) < 0) r = -errno; + (void) utimensat(dt, to, (struct timespec[]) { st->st_atim, st->st_mtim }, AT_SYMLINK_NOFOLLOW); + (void) memorize_hardlink(hardlink_context, st, dt, to); return r; } @@ -913,11 +915,6 @@ static int fd_copy_directory( } if (created) { - struct timespec ut[2] = { - st->st_atim, - st->st_mtim - }; - if (fchown(fdt, uid_is_valid(override_uid) ? override_uid : st->st_uid, gid_is_valid(override_gid) ? override_gid : st->st_gid) < 0) @@ -927,7 +924,7 @@ static int fd_copy_directory( r = -errno; (void) copy_xattr(dirfd(d), fdt); - (void) futimens(fdt, ut); + (void) futimens(fdt, (struct timespec[]) { st->st_atim, st->st_mtim }); } return r; @@ -1182,7 +1179,6 @@ int copy_file_atomic_full( } int copy_times(int fdf, int fdt, CopyFlags flags) { - struct timespec ut[2]; struct stat st; assert(fdf >= 0); @@ -1191,10 +1187,7 @@ int copy_times(int fdf, int fdt, CopyFlags flags) { if (fstat(fdf, &st) < 0) return -errno; - ut[0] = st.st_atim; - ut[1] = st.st_mtim; - - if (futimens(fdt, ut) < 0) + if (futimens(fdt, (struct timespec[2]) { st.st_atim, st.st_mtim }) < 0) return -errno; if (FLAGS_SET(flags, COPY_CRTIME)) { diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c index 9290fd8784..f46287d272 100644 --- a/src/basic/fs-util.c +++ b/src/basic/fs-util.c @@ -1656,23 +1656,37 @@ int conservative_renameat( goto do_rename; for (;;) { - char buf1[16*1024]; - char buf2[sizeof(buf1) + 1]; + uint8_t buf1[16*1024]; + uint8_t buf2[sizeof(buf1)]; ssize_t l1, l2; l1 = read(old_fd, buf1, sizeof(buf1)); if (l1 < 0) goto do_rename; - l2 = read(new_fd, buf2, l1 + 1); - if (l1 != l2) - goto do_rename; + if (l1 == sizeof(buf1)) + /* Read the full block, hence read a full block in the other file too */ - if (l1 == 0) /* EOF on both! And everything's the same so far, yay! */ - break; + l2 = read(new_fd, buf2, l1); + else { + assert((size_t) l1 < sizeof(buf1)); + + /* Short read. This hence was the last block in the first file, and then came + * EOF. Read one byte more in the second file, so that we can verify we hit EOF there + * too. */ + + assert((size_t) (l1 + 1) <= sizeof(buf2)); + l2 = read(new_fd, buf2, l1 + 1); + } + if (l2 != l1) + goto do_rename; if (memcmp(buf1, buf2, l1) != 0) goto do_rename; + + if ((size_t) l1 < sizeof(buf1)) /* We hit EOF on the first file, and the second file too, hence exit + * now. */ + break; } is_same: diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c index 2a7280fc38..97d224f165 100644 --- a/src/basic/parse-util.c +++ b/src/basic/parse-util.c @@ -627,11 +627,11 @@ int parse_fractional_part_u(const char **p, size_t digits, unsigned *res) { return 0; } -int parse_percent_unbounded(const char *p) { +static int parse_parts_value_whole(const char *p, const char *symbol) { const char *pc, *n; int r, v; - pc = endswith(p, "%"); + pc = endswith(p, symbol); if (!pc) return -EINVAL; @@ -645,6 +645,74 @@ int parse_percent_unbounded(const char *p) { return v; } +static int parse_parts_value_with_tenths_place(const char *p, const char *symbol) { + const char *pc, *dot, *n; + int r, q, v; + + pc = endswith(p, symbol); + if (!pc) + return -EINVAL; + + dot = memchr(p, '.', pc - p); + if (dot) { + if (dot + 2 != pc) + return -EINVAL; + if (dot[1] < '0' || dot[1] > '9') + return -EINVAL; + q = dot[1] - '0'; + n = strndupa(p, dot - p); + } else { + q = 0; + n = strndupa(p, pc - p); + } + r = safe_atoi(n, &v); + if (r < 0) + return r; + if (v < 0) + return -ERANGE; + if (v > (INT_MAX - q) / 10) + return -ERANGE; + + v = v * 10 + q; + return v; +} + +static int parse_parts_value_with_hundredths_place(const char *p, const char *symbol) { + const char *pc, *dot, *n; + int r, q, v; + + pc = endswith(p, symbol); + if (!pc) + return -EINVAL; + + dot = memchr(p, '.', pc - p); + if (dot) { + if (dot + 3 != pc) + return -EINVAL; + if (dot[1] < '0' || dot[1] > '9' || dot[2] < '0' || dot[2] > '9') + return -EINVAL; + q = (dot[1] - '0') * 10 + (dot[2] - '0'); + n = strndupa(p, dot - p); + } else { + q = 0; + n = strndupa(p, pc - p); + } + r = safe_atoi(n, &v); + if (r < 0) + return r; + if (v < 0) + return -ERANGE; + if (v > (INT_MAX - q) / 100) + return -ERANGE; + + v = v * 100 + q; + return v; +} + +int parse_percent_unbounded(const char *p) { + return parse_parts_value_whole(p, "%"); +} + int parse_percent(const char *p) { int v; @@ -656,46 +724,13 @@ int parse_percent(const char *p) { } int parse_permille_unbounded(const char *p) { - const char *pc, *pm, *dot, *n; - int r, q, v; + const char *pm; pm = endswith(p, "‰"); - if (pm) { - n = strndupa(p, pm - p); - r = safe_atoi(n, &v); - if (r < 0) - return r; - if (v < 0) - return -ERANGE; - } else { - pc = endswith(p, "%"); - if (!pc) - return -EINVAL; - - dot = memchr(p, '.', pc - p); - if (dot) { - if (dot + 2 != pc) - return -EINVAL; - if (dot[1] < '0' || dot[1] > '9') - return -EINVAL; - q = dot[1] - '0'; - n = strndupa(p, dot - p); - } else { - q = 0; - n = strndupa(p, pc - p); - } - r = safe_atoi(n, &v); - if (r < 0) - return r; - if (v < 0) - return -ERANGE; - if (v > (INT_MAX - q) / 10) - return -ERANGE; + if (pm) + return parse_parts_value_whole(p, "‰"); - v = v * 10 + q; - } - - return v; + return parse_parts_value_with_tenths_place(p, "%"); } int parse_permille(const char *p) { @@ -708,6 +743,30 @@ int parse_permille(const char *p) { return v; } +int parse_permyriad_unbounded(const char *p) { + const char *pm; + + pm = endswith(p, "‱"); + if (pm) + return parse_parts_value_whole(p, "‱"); + + pm = endswith(p, "‰"); + if (pm) + return parse_parts_value_with_tenths_place(p, "‰"); + + return parse_parts_value_with_hundredths_place(p, "%"); +} + +int parse_permyriad(const char *p) { + int v; + + v = parse_permyriad_unbounded(p); + if (v > 10000) + return -ERANGE; + + return v; +} + int parse_nice(const char *p, int *ret) { int n, r; diff --git a/src/basic/parse-util.h b/src/basic/parse-util.h index 1ff76ded44..29e04cf562 100644 --- a/src/basic/parse-util.h +++ b/src/basic/parse-util.h @@ -133,6 +133,9 @@ int parse_percent(const char *p); int parse_permille_unbounded(const char *p); int parse_permille(const char *p); +int parse_permyriad_unbounded(const char *p); +int parse_permyriad(const char *p); + int parse_nice(const char *p, int *ret); int parse_ip_port(const char *s, uint16_t *ret); diff --git a/src/basic/path-util.c b/src/basic/path-util.c index 3dff09b151..f7498d0125 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -891,7 +891,7 @@ bool filename_is_valid(const char *p) { if (*e != 0) return false; - if (e - p > FILENAME_MAX) /* FILENAME_MAX is counted *without* the trailing NUL byte */ + if (e - p > NAME_MAX) /* NAME_MAX is counted *without* the trailing NUL byte */ return false; return true; @@ -902,10 +902,25 @@ bool path_is_valid(const char *p) { if (isempty(p)) return false; - if (strlen(p) >= PATH_MAX) /* PATH_MAX is counted *with* the trailing NUL byte */ - return false; + for (const char *e = p;;) { + size_t n; - return true; + /* Skip over slashes */ + e += strspn(e, "/"); + if (e - p >= PATH_MAX) /* Already reached the maximum length for a path? (PATH_MAX is counted + * *with* the trailing NUL byte) */ + return false; + if (*e == 0) /* End of string? Yay! */ + return true; + + /* Skip over one component */ + n = strcspn(e, "/"); + if (n > NAME_MAX) /* One component larger than NAME_MAX? (NAME_MAX is counted *without* the + * trailing NUL byte) */ + return false; + + e += n; + } } bool path_is_normalized(const char *p) { diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index e1a7dd1f32..3ba326586b 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -13,6 +13,7 @@ #include "measure.h" #include "pe.h" #include "random-seed.h" +#include "secure-boot.h" #include "shim.h" #include "util.h" @@ -23,8 +24,6 @@ /* magic string to find in the binary image */ static const char __attribute__((used)) magic[] = "#### LoaderInfo: systemd-boot " GIT_VERSION " ####"; -static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE; - enum loader_type { LOADER_UNDEFINED, LOADER_EFI, @@ -119,17 +118,17 @@ static BOOLEAN line_edit( while (!exit) { EFI_STATUS err; UINT64 key; - UINTN i; + UINTN j; - i = len - first; - if (i >= x_max-1) - i = x_max-1; - CopyMem(print, line + first, i * sizeof(CHAR16)); - while (clear > 0 && i < x_max-1) { + j = len - first; + if (j >= x_max-1) + j = x_max-1; + CopyMem(print, line + first, j * sizeof(CHAR16)); + while (clear > 0 && j < x_max-1) { clear--; - print[i++] = ' '; + print[j++] = ' '; } - print[i] = '\0'; + print[j] = '\0'; uefi_call_wrapper(ST->ConOut->SetCursorPosition, 3, ST->ConOut, 0, y_pos); uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, print); @@ -213,12 +212,14 @@ static BOOLEAN line_edit( case KEYPRESS(EFI_ALT_PRESSED, 0, 'd'): /* kill-word */ clear = 0; - for (i = first + cursor; i < len && line[i] == ' '; i++) + + UINTN k; + for (k = first + cursor; k < len && line[k] == ' '; k++) clear++; - for (; i < len && line[i] != ' '; i++) + for (; k < len && line[k] != ' '; k++) clear++; - for (i = first + cursor; i + clear < len; i++) + for (UINTN i = first + cursor; i + clear < len; i++) line[i] = line[i + clear]; len -= clear; line[len] = '\0'; @@ -243,7 +244,7 @@ static BOOLEAN line_edit( } uefi_call_wrapper(ST->ConOut->SetCursorPosition, 3, ST->ConOut, cursor, y_pos); - for (i = first + cursor; i + clear < len; i++) + for (UINTN i = first + cursor; i + clear < len; i++) line[i] = line[i + clear]; len -= clear; line[len] = '\0'; @@ -256,7 +257,7 @@ static BOOLEAN line_edit( continue; if (first + cursor == len) continue; - for (i = first + cursor; i < len; i++) + for (UINTN i = first + cursor; i < len; i++) line[i] = line[i+1]; clear = 1; len--; @@ -285,7 +286,7 @@ static BOOLEAN line_edit( continue; if (first == 0 && cursor == 0) continue; - for (i = first + cursor-1; i < len; i++) + for (UINTN i = first + cursor-1; i < len; i++) line[i] = line[i+1]; clear = 1; len--; @@ -313,7 +314,7 @@ static BOOLEAN line_edit( case KEYPRESS(0, 0, 0x80) ... KEYPRESS(0, 0, 0xffff): if (len+1 == size) continue; - for (i = len; i > first + cursor; i--) + for (UINTN i = len; i > first + cursor; i--) line[i] = line[i-1]; line[first + cursor] = KEYCHAR(key); len++; @@ -331,25 +332,23 @@ static BOOLEAN line_edit( } static UINTN entry_lookup_key(Config *config, UINTN start, CHAR16 key) { - UINTN i; - if (key == 0) return -1; /* select entry by number key */ if (key >= '1' && key <= '9') { - i = key - '0'; + UINTN i = key - '0'; if (i > config->entry_count) i = config->entry_count; return i-1; } /* find matching key in config entries */ - for (i = start; i < config->entry_count; i++) + for (UINTN i = start; i < config->entry_count; i++) if (config->entries[i]->key == key) return i; - for (i = 0; i < start; i++) + for (UINTN i = 0; i < start; i++) if (config->entries[i]->key == key) return i; @@ -357,11 +356,11 @@ static UINTN entry_lookup_key(Config *config, UINTN start, CHAR16 key) { } static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - UINT64 key; - UINTN i; - _cleanup_freepool_ CHAR8 *bootvar = NULL, *modevar = NULL, *indvar = NULL; + UINT64 key, indvar; + UINTN timeout; + BOOLEAN modevar; _cleanup_freepool_ CHAR16 *partstr = NULL, *defaultstr = NULL; - UINTN x, y, size; + UINTN x, y; uefi_call_wrapper(ST->ConOut->SetAttribute, 2, ST->ConOut, EFI_LIGHTGRAY|EFI_BACKGROUND_BLACK); uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); @@ -376,17 +375,16 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { if (uefi_call_wrapper(ST->ConOut->QueryMode, 4, ST->ConOut, ST->ConOut->Mode->Mode, &x, &y) == EFI_SUCCESS) Print(L"console size: %d x %d\n", x, y); - if (efivar_get_raw(&global_guid, L"SecureBoot", &bootvar, &size) == EFI_SUCCESS) - Print(L"SecureBoot: %s\n", yes_no(*bootvar > 0)); + Print(L"SecureBoot: %s\n", yes_no(secure_boot_enabled())); - if (efivar_get_raw(&global_guid, L"SetupMode", &modevar, &size) == EFI_SUCCESS) - Print(L"SetupMode: %s\n", *modevar > 0 ? L"setup" : L"user"); + if (efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SetupMode", &modevar) == EFI_SUCCESS) + Print(L"SetupMode: %s\n", modevar ? L"setup" : L"user"); if (shim_loaded()) Print(L"Shim: present\n"); - if (efivar_get_raw(&global_guid, L"OsIndicationsSupported", &indvar, &size) == EFI_SUCCESS) - Print(L"OsIndicationsSupported: %d\n", (UINT64)*indvar); + if (efivar_get_uint64_le(EFI_GLOBAL_GUID, L"OsIndicationsSupported", &indvar) == EFI_SUCCESS) + Print(L"OsIndicationsSupported: %d\n", indvar); Print(L"\n--- press key ---\n\n"); console_key_read(&key, TRUE); @@ -423,20 +421,20 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { Print(L"entry EFI var idx: %d\n", config->idx_default_efivar); Print(L"\n"); - if (efivar_get_int(L"LoaderConfigTimeout", &i) == EFI_SUCCESS) - Print(L"LoaderConfigTimeout: %u\n", i); + if (efivar_get_uint_string(LOADER_GUID, L"LoaderConfigTimeout", &timeout) == EFI_SUCCESS) + Print(L"LoaderConfigTimeout: %u\n", timeout); if (config->entry_oneshot) Print(L"LoaderEntryOneShot: %s\n", config->entry_oneshot); - if (efivar_get(L"LoaderDevicePartUUID", &partstr) == EFI_SUCCESS) + if (efivar_get(LOADER_GUID, L"LoaderDevicePartUUID", &partstr) == EFI_SUCCESS) Print(L"LoaderDevicePartUUID: %s\n", partstr); - if (efivar_get(L"LoaderEntryDefault", &defaultstr) == EFI_SUCCESS) + if (efivar_get(LOADER_GUID, L"LoaderEntryDefault", &defaultstr) == EFI_SUCCESS) Print(L"LoaderEntryDefault: %s\n", defaultstr); Print(L"\n--- press key ---\n\n"); console_key_read(&key, TRUE); - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { ConfigEntry *entry; if (key == KEYPRESS(0, SCAN_ESC, 0) || key == KEYPRESS(0, 0, 'q')) @@ -503,7 +501,6 @@ static BOOLEAN menu_run( UINTN idx_last; BOOLEAN refresh; BOOLEAN highlight; - UINTN i; UINTN line_width; CHAR16 **lines; UINTN x_start; @@ -564,7 +561,7 @@ static BOOLEAN menu_run( /* length of the longest entry */ line_width = 5; - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { UINTN entry_len; entry_len = StrLen(config->entries[i]->title_show); @@ -583,14 +580,14 @@ static BOOLEAN menu_run( /* menu entries title lines */ lines = AllocatePool(sizeof(CHAR16 *) * config->entry_count); - for (i = 0; i < config->entry_count; i++) { - UINTN j, k; + for (UINTN i = 0; i < config->entry_count; i++) { + UINTN j; lines[i] = AllocatePool(((x_max+1) * sizeof(CHAR16))); for (j = 0; j < x_start; j++) lines[i][j] = ' '; - for (k = 0; config->entries[i]->title_show[k] != '\0' && j < x_max; j++, k++) + for (UINTN k = 0; config->entries[i]->title_show[k] != '\0' && j < x_max; j++, k++) lines[i][j] = config->entries[i]->title_show[k]; for (; j < x_max; j++) @@ -600,15 +597,15 @@ static BOOLEAN menu_run( status = NULL; clearline = AllocatePool((x_max+1) * sizeof(CHAR16)); - for (i = 0; i < x_max; i++) + for (UINTN i = 0; i < x_max; i++) clearline[i] = ' '; - clearline[i] = 0; + clearline[x_max] = 0; while (!exit) { UINT64 key; if (refresh) { - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { if (i < idx_first || i > idx_last) continue; uefi_call_wrapper(ST->ConOut->SetCursorPosition, 3, ST->ConOut, 0, y_start + i - idx_first); @@ -764,12 +761,16 @@ static BOOLEAN menu_run( case KEYPRESS(0, 0, 'd'): if (config->idx_default_efivar != (INTN)idx_highlight) { /* store the selected entry in a persistent EFI variable */ - efivar_set(L"LoaderEntryDefault", config->entries[idx_highlight]->id, TRUE); + efivar_set( + LOADER_GUID, + L"LoaderEntryDefault", + config->entries[idx_highlight]->id, + EFI_VARIABLE_NON_VOLATILE); config->idx_default_efivar = idx_highlight; status = StrDuplicate(L"Default boot entry selected."); } else { /* clear the default entry EFI variable */ - efivar_set(L"LoaderEntryDefault", NULL, TRUE); + efivar_set(LOADER_GUID, L"LoaderEntryDefault", NULL, EFI_VARIABLE_NON_VOLATILE); config->idx_default_efivar = -1; status = StrDuplicate(L"Default boot entry cleared."); } @@ -780,14 +781,19 @@ static BOOLEAN menu_run( case KEYPRESS(0, 0, 'T'): if (config->timeout_sec_efivar > 0) { config->timeout_sec_efivar--; - efivar_set_int(L"LoaderConfigTimeout", config->timeout_sec_efivar, TRUE); + efivar_set_uint_string( + LOADER_GUID, + L"LoaderConfigTimeout", + config->timeout_sec_efivar, + EFI_VARIABLE_NON_VOLATILE); if (config->timeout_sec_efivar > 0) status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); else status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); } else if (config->timeout_sec_efivar <= 0){ config->timeout_sec_efivar = -1; - efivar_set(L"LoaderConfigTimeout", NULL, TRUE); + efivar_set( + LOADER_GUID, L"LoaderConfigTimeout", NULL, EFI_VARIABLE_NON_VOLATILE); if (config->timeout_sec_config > 0) status = PoolPrint(L"Menu timeout of %d sec is defined by configuration file.", config->timeout_sec_config); @@ -801,7 +807,11 @@ static BOOLEAN menu_run( if (config->timeout_sec_efivar == -1 && config->timeout_sec_config == 0) config->timeout_sec_efivar++; config->timeout_sec_efivar++; - efivar_set_int(L"LoaderConfigTimeout", config->timeout_sec_efivar, TRUE); + efivar_set_uint_string( + LOADER_GUID, + L"LoaderConfigTimeout", + config->timeout_sec_efivar, + EFI_VARIABLE_NON_VOLATILE); if (config->timeout_sec_efivar > 0) status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); @@ -863,7 +873,7 @@ static BOOLEAN menu_run( *chosen_entry = config->entries[idx_highlight]; - for (i = 0; i < config->entry_count; i++) + for (UINTN i = 0; i < config->entry_count; i++) FreePool(lines[i]); FreePool(lines); FreePool(clearline); @@ -1293,7 +1303,7 @@ static VOID config_entry_bump_counters( /* Let's tell the OS that we renamed this file, so that it knows what to rename to the counter-less name on * success */ new_path = PoolPrint(L"%s\\%s", entry->path, entry->next_name); - efivar_set(L"LoaderBootCountPath", new_path, FALSE); + efivar_set(LOADER_GUID, L"LoaderBootCountPath", new_path, 0); /* If the file we just renamed is the loader path, then let's update that. */ if (StrCmp(entry->loader, old_path) == 0) { @@ -1458,17 +1468,17 @@ static VOID config_load_defaults(Config *config, EFI_FILE *root_dir) { if (!EFI_ERROR(err)) config_defaults_load_from_file(config, content); - err = efivar_get_int(L"LoaderConfigTimeout", &sec); + err = efivar_get_uint_string(LOADER_GUID, L"LoaderConfigTimeout", &sec); if (!EFI_ERROR(err)) { config->timeout_sec_efivar = sec > INTN_MAX ? INTN_MAX : sec; config->timeout_sec = sec; } else config->timeout_sec_efivar = -1; - err = efivar_get_int(L"LoaderConfigTimeoutOneShot", &sec); + err = efivar_get_uint_string(LOADER_GUID, L"LoaderConfigTimeoutOneShot", &sec); if (!EFI_ERROR(err)) { /* Unset variable now, after all it's "one shot". */ - (void) efivar_set(L"LoaderConfigTimeoutOneShot", NULL, TRUE); + (void) efivar_set(LOADER_GUID, L"LoaderConfigTimeoutOneShot", NULL, EFI_VARIABLE_NON_VOLATILE); config->timeout_sec = sec; config->force_menu = TRUE; /* force the menu when this is set */ @@ -1491,7 +1501,6 @@ static VOID config_load_entries( UINTN bufsize; EFI_FILE_INFO *f; _cleanup_freepool_ CHAR8 *content = NULL; - UINTN len; bufsize = sizeof(buf); err = uefi_call_wrapper(entries_dir->Read, 3, entries_dir, &bufsize, buf); @@ -1504,12 +1513,9 @@ static VOID config_load_entries( if (f->Attribute & EFI_FILE_DIRECTORY) continue; - len = StrLen(f->FileName); - if (len < 6) + if (!endswith_no_case(f->FileName, L".conf")) continue; - if (StriCmp(f->FileName + len - 5, L".conf") != 0) - continue; - if (StrnCmp(f->FileName, L"auto-", 5) == 0) + if (startswith(f->FileName, L"auto-")) continue; err = file_read(entries_dir, f->FileName, 0, 0, &content, NULL); @@ -1553,14 +1559,11 @@ static INTN config_entry_compare(ConfigEntry *a, ConfigEntry *b) { } static VOID config_sort_entries(Config *config) { - UINTN i; - - for (i = 1; i < config->entry_count; i++) { + for (UINTN i = 1; i < config->entry_count; i++) { BOOLEAN more; - UINTN k; more = FALSE; - for (k = 0; k < config->entry_count - i; k++) { + for (UINTN k = 0; k < config->entry_count - i; k++) { ConfigEntry *entry; if (config_entry_compare(config->entries[k], config->entries[k+1]) <= 0) @@ -1577,9 +1580,7 @@ static VOID config_sort_entries(Config *config) { } static INTN config_entry_find(Config *config, CHAR16 *id) { - UINTN i; - - for (i = 0; i < config->entry_count; i++) + for (UINTN i = 0; i < config->entry_count; i++) if (StrCmp(config->entries[i]->id, id) == 0) return (INTN) i; @@ -1595,11 +1596,11 @@ static VOID config_default_entry_select(Config *config) { * The EFI variable to specify a boot entry for the next, and only the * next reboot. The variable is always cleared directly after it is read. */ - err = efivar_get(L"LoaderEntryOneShot", &entry_oneshot); + err = efivar_get(LOADER_GUID, L"LoaderEntryOneShot", &entry_oneshot); if (!EFI_ERROR(err)) { config->entry_oneshot = StrDuplicate(entry_oneshot); - efivar_set(L"LoaderEntryOneShot", NULL, TRUE); + efivar_set(LOADER_GUID, L"LoaderEntryOneShot", NULL, EFI_VARIABLE_NON_VOLATILE); i = config_entry_find(config, entry_oneshot); if (i >= 0) { @@ -1614,7 +1615,7 @@ static VOID config_default_entry_select(Config *config) { * the 'd' key in the loader selection menu, the entry is marked with * an '*'. */ - err = efivar_get(L"LoaderEntryDefault", &entry_default); + err = efivar_get(LOADER_GUID, L"LoaderEntryDefault", &entry_default); if (!EFI_ERROR(err)) { i = config_entry_find(config, entry_default); @@ -1660,13 +1661,12 @@ static VOID config_default_entry_select(Config *config) { static BOOLEAN find_nonunique(ConfigEntry **entries, UINTN entry_count) { BOOLEAN non_unique = FALSE; - UINTN i, k; - for (i = 0; i < entry_count; i++) + for (UINTN i = 0; i < entry_count; i++) entries[i]->non_unique = FALSE; - for (i = 0; i < entry_count; i++) - for (k = 0; k < entry_count; k++) { + for (UINTN i = 0; i < entry_count; i++) + for (UINTN k = 0; k < entry_count; k++) { if (i == k) continue; if (StrCmp(entries[i]->title_show, entries[k]->title_show) != 0) @@ -1680,10 +1680,8 @@ static BOOLEAN find_nonunique(ConfigEntry **entries, UINTN entry_count) { /* generate a unique title, avoiding non-distinguishable menu entries */ static VOID config_title_generate(Config *config) { - UINTN i; - /* set title */ - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { CHAR16 *title; FreePool(config->entries[i]->title_show); @@ -1697,7 +1695,7 @@ static VOID config_title_generate(Config *config) { return; /* add version to non-unique titles */ - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { CHAR16 *s; if (!config->entries[i]->non_unique) @@ -1714,7 +1712,7 @@ static VOID config_title_generate(Config *config) { return; /* add machine-id to non-unique titles */ - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { CHAR16 *s; _cleanup_freepool_ CHAR16 *m = NULL; @@ -1734,7 +1732,7 @@ static VOID config_title_generate(Config *config) { return; /* add file name to non-unique titles */ - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { CHAR16 *s; if (!config->entries[i]->non_unique) @@ -1826,14 +1824,10 @@ static BOOLEAN config_entry_add_loader_auto( /* look for systemd-boot magic string */ err = file_read(root_dir, loader, 0, 100*1024, &content, &len); - if (!EFI_ERROR(err)) { - CHAR8 *start = content; - CHAR8 *last = content + len - sizeof(magic) - 1; - - for (; start <= last; start++) + if (!EFI_ERROR(err)) + for (CHAR8 *start = content; start <= content + len - sizeof(magic) - 1; start++) if (start[0] == magic[0] && CompareMem(start, magic, sizeof(magic) - 1) == 0) return FALSE; - } } /* check existence */ @@ -1862,9 +1856,7 @@ static VOID config_entry_add_osx(Config *config) { err = LibLocateHandle(ByProtocol, &FileSystemProtocol, NULL, &handle_count, &handles); if (!EFI_ERROR(err)) { - UINTN i; - - for (i = 0; i < handle_count; i++) { + for (UINTN i = 0; i < handle_count; i++) { EFI_FILE *root; BOOLEAN found; @@ -1906,7 +1898,6 @@ static VOID config_entry_add_linux( UINTN szs[ELEMENTSOF(sections)-1] = {}; UINTN addrs[ELEMENTSOF(sections)-1] = {}; CHAR8 *content = NULL; - UINTN len; CHAR8 *line; UINTN pos = 0; CHAR8 *key, *value; @@ -1926,12 +1917,9 @@ static VOID config_entry_add_linux( continue; if (f->Attribute & EFI_FILE_DIRECTORY) continue; - len = StrLen(f->FileName); - if (len < 5) + if (!endswith_no_case(f->FileName, L".efi")) continue; - if (StriCmp(f->FileName + len - 4, L".efi") != 0) - continue; - if (StrnCmp(f->FileName, L"auto-", 5) == 0) + if (startswith(f->FileName, L"auto-")) continue; /* look for .osrel and .cmdline sections in the .efi binary */ @@ -2020,10 +2008,8 @@ static VOID config_entry_add_linux( uefi_call_wrapper(linux_dir->Close, 1, linux_dir); } -/* Note that this is in GUID format, i.e. the first 32bit, and the following pair of 16bit are byteswapped. */ -static const UINT8 xbootldr_guid[16] = { - 0xff, 0xc2, 0x13, 0xbc, 0xe6, 0x59, 0x62, 0x42, 0xa3, 0x52, 0xb2, 0x75, 0xfd, 0x6f, 0x71, 0x72 -}; +#define XBOOTLDR_GUID \ + &(const EFI_GUID) { 0xbc13c2ff, 0x59e6, 0x4262, { 0xa3, 0x52, 0xb2, 0x75, 0xfd, 0x6f, 0x71, 0x72 } } static EFI_DEVICE_PATH *path_parent(EFI_DEVICE_PATH *path, EFI_DEVICE_PATH *node) { EFI_DEVICE_PATH *parent; @@ -2041,7 +2027,7 @@ static VOID config_load_xbootldr( Config *config, EFI_HANDLE *device) { - EFI_DEVICE_PATH *partition_path, *node, *disk_path, *copy; + EFI_DEVICE_PATH *partition_path, *disk_path, *copy; UINT32 found_partition_number = (UINT32) -1; UINT64 found_partition_start = (UINT64) -1; UINT64 found_partition_size = (UINT64) -1; @@ -2054,11 +2040,10 @@ static VOID config_load_xbootldr( if (!partition_path) return; - for (node = partition_path; !IsDevicePathEnd(node); node = NextDevicePathNode(node)) { + for (EFI_DEVICE_PATH *node = partition_path; !IsDevicePathEnd(node); node = NextDevicePathNode(node)) { EFI_HANDLE disk_handle; EFI_BLOCK_IO *block_io; EFI_DEVICE_PATH *p; - UINTN nr; /* First, Let's look for the SCSI/SATA/USB/… device path node, i.e. one above the media * devices */ @@ -2085,7 +2070,7 @@ static VOID config_load_xbootldr( continue; /* Try both copies of the GPT header, in case one is corrupted */ - for (nr = 0; nr < 2; nr++) { + for (UINTN nr = 0; nr < 2; nr++) { _cleanup_freepool_ EFI_PARTITION_ENTRY* entries = NULL; union { EFI_PARTITION_TABLE_HEADER gpt_header; @@ -2093,7 +2078,7 @@ static VOID config_load_xbootldr( } gpt_header_buffer; const EFI_PARTITION_TABLE_HEADER *h = &gpt_header_buffer.gpt_header; UINT64 where; - UINTN i, sz; + UINTN sz; UINT32 c; if (nr == 0) @@ -2163,12 +2148,12 @@ static VOID config_load_xbootldr( if (c != h->PartitionEntryArrayCRC32) continue; - for (i = 0; i < h->NumberOfPartitionEntries; i++) { + for (UINTN i = 0; i < h->NumberOfPartitionEntries; i++) { EFI_PARTITION_ENTRY *entry; entry = (EFI_PARTITION_ENTRY*) ((UINT8*) entries + h->SizeOfPartitionEntry * i); - if (CompareMem(&entry->PartitionTypeGUID, xbootldr_guid, 16) == 0) { + if (CompareMem(&entry->PartitionTypeGUID, XBOOTLDR_GUID, 16) == 0) { UINT64 end; /* Let's use memcpy(), in case the structs are not aligned (they really should be though) */ @@ -2197,7 +2182,7 @@ found: copy = DuplicateDevicePath(partition_path); /* Patch in the data we found */ - for (node = copy; !IsDevicePathEnd(node); node = NextDevicePathNode(node)) { + for (EFI_DEVICE_PATH *node = copy; !IsDevicePathEnd(node); node = NextDevicePathNode(node)) { HARDDRIVE_DEVICE_PATH *hd; if (DevicePathType(node) != MEDIA_DEVICE_PATH) @@ -2282,7 +2267,7 @@ static EFI_STATUS image_start( #endif } - efivar_set_time_usec(L"LoaderTimeExecUSec", 0); + efivar_set_time_usec(LOADER_GUID, L"LoaderTimeExecUSec", 0); err = uefi_call_wrapper(BS->StartImage, 3, image, NULL, NULL); out_unload: uefi_call_wrapper(BS->UnloadImage, 1, image); @@ -2290,18 +2275,16 @@ out_unload: } static EFI_STATUS reboot_into_firmware(VOID) { - _cleanup_freepool_ CHAR8 *b = NULL; - UINTN size; - UINT64 osind; + UINT64 old, new; EFI_STATUS err; - osind = EFI_OS_INDICATIONS_BOOT_TO_FW_UI; + new = EFI_OS_INDICATIONS_BOOT_TO_FW_UI; - err = efivar_get_raw(&global_guid, L"OsIndications", &b, &size); + err = efivar_get_uint64_le(EFI_GLOBAL_GUID, L"OsIndications", &old); if (!EFI_ERROR(err)) - osind |= (UINT64)*b; + new |= old; - err = efivar_set_raw(&global_guid, L"OsIndications", &osind, sizeof(UINT64), TRUE); + err = efivar_set_uint64_le(EFI_GLOBAL_GUID, L"OsIndications", new, EFI_VARIABLE_NON_VOLATILE); if (EFI_ERROR(err)) return err; @@ -2312,9 +2295,7 @@ static EFI_STATUS reboot_into_firmware(VOID) { } static VOID config_free(Config *config) { - UINTN i; - - for (i = 0; i < config->entry_count; i++) + for (UINTN i = 0; i < config->entry_count; i++) config_entry_free(config->entries[i]); FreePool(config->entries); FreePool(config->entry_default_pattern); @@ -2324,15 +2305,15 @@ static VOID config_free(Config *config) { static VOID config_write_entries_to_variable(Config *config) { _cleanup_freepool_ CHAR16 *buffer = NULL; - UINTN i, sz = 0; + UINTN sz = 0; CHAR16 *p; - for (i = 0; i < config->entry_count; i++) + for (UINTN i = 0; i < config->entry_count; i++) sz += StrLen(config->entries[i]->id) + 1; p = buffer = AllocatePool(sz * sizeof(CHAR16)); - for (i = 0; i < config->entry_count; i++) { + for (UINTN i = 0; i < config->entry_count; i++) { UINTN l; l = StrLen(config->entries[i]->id) + 1; @@ -2342,7 +2323,7 @@ static VOID config_write_entries_to_variable(Config *config) { } /* Store the full list of discovered entries. */ - (void) efivar_set_raw(&loader_guid, L"LoaderEntries", buffer, (UINT8*) p - (UINT8*) buffer, FALSE); + (void) efivar_set_raw(LOADER_GUID, L"LoaderEntries", buffer, (UINT8 *) p - (UINT8 *) buffer, 0); } EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { @@ -2357,8 +2338,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { 0; _cleanup_freepool_ CHAR16 *infostr = NULL, *typestr = NULL; - CHAR8 *b; - UINTN size; + UINT64 osind = 0; EFI_LOADED_IMAGE *loaded_image; EFI_FILE *root_dir; CHAR16 *loaded_image_path; @@ -2370,16 +2350,16 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { InitializeLib(image, sys_table); init_usec = time_usec(); - efivar_set_time_usec(L"LoaderTimeInitUSec", init_usec); - efivar_set(L"LoaderInfo", L"systemd-boot " GIT_VERSION, FALSE); + efivar_set_time_usec(LOADER_GUID, L"LoaderTimeInitUSec", init_usec); + efivar_set(LOADER_GUID, L"LoaderInfo", L"systemd-boot " GIT_VERSION, 0); infostr = PoolPrint(L"%s %d.%02d", ST->FirmwareVendor, ST->FirmwareRevision >> 16, ST->FirmwareRevision & 0xffff); - efivar_set(L"LoaderFirmwareInfo", infostr, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareInfo", infostr, 0); typestr = PoolPrint(L"UEFI %d.%02d", ST->Hdr.Revision >> 16, ST->Hdr.Revision & 0xffff); - efivar_set(L"LoaderFirmwareType", typestr, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareType", typestr, 0); - (void) efivar_set_raw(&loader_guid, L"LoaderFeatures", &loader_features, sizeof(loader_features), FALSE); + (void) efivar_set_uint64_le(LOADER_GUID, L"LoaderFeatures", loader_features, 0); err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); @@ -2391,7 +2371,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { /* export the device path this image is started from */ if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) - efivar_set(L"LoaderDevicePartUUID", uuid, FALSE); + efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); root_dir = LibOpenRoot(loaded_image->DeviceHandle); if (!root_dir) { @@ -2411,7 +2391,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { /* the filesystem path to this image, to prevent adding ourselves to the menu */ loaded_image_path = DevicePathToStr(loaded_image->FilePath); - efivar_set(L"LoaderImageIdentifier", loaded_image_path, FALSE); + efivar_set(LOADER_GUID, L"LoaderImageIdentifier", loaded_image_path, 0); config_load_defaults(&config, root_dir); @@ -2436,15 +2416,12 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { L"auto-efi-default", '\0', L"EFI Default Loader", L"\\EFI\\Boot\\boot" EFI_MACHINE_TYPE_NAME ".efi"); config_entry_add_osx(&config); - if (config.auto_firmware && efivar_get_raw(&global_guid, L"OsIndicationsSupported", &b, &size) == EFI_SUCCESS) { - UINT64 osind = (UINT64)*b; - + if (config.auto_firmware && efivar_get_uint64_le(EFI_GLOBAL_GUID, L"OsIndicationsSupported", &osind) == EFI_SUCCESS) { if (osind & EFI_OS_INDICATIONS_BOOT_TO_FW_UI) config_entry_add_call(&config, L"auto-reboot-to-firmware-setup", L"Reboot Into Firmware Interface", reboot_into_firmware); - FreePool(b); } if (config.entry_count == 0) { @@ -2497,7 +2474,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { entry = config.entries[config.idx_default]; if (menu) { - efivar_set_time_usec(L"LoaderTimeMenuUSec", 0); + efivar_set_time_usec(LOADER_GUID, L"LoaderTimeMenuUSec", 0); uefi_call_wrapper(BS->SetWatchdogTimer, 4, 0, 0x10000, 0, NULL); if (!menu_run(&config, &entry, loaded_image_path)) break; @@ -2512,7 +2489,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { config_entry_bump_counters(entry, root_dir); /* Export the selected boot entry to the system */ - (VOID) efivar_set(L"LoaderEntrySelected", entry->id, FALSE); + (VOID) efivar_set(LOADER_GUID, L"LoaderEntrySelected", entry->id, 0); /* Optionally, read a random seed off the ESP and pass it to the OS */ (VOID) process_random_seed(root_dir, config.random_seed_mode); diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c index 2dd4543d51..e3de27fee5 100644 --- a/src/boot/efi/console.c +++ b/src/boot/efi/console.c @@ -9,8 +9,8 @@ #define SYSTEM_FONT_WIDTH 8 #define SYSTEM_FONT_HEIGHT 19 -#define EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID \ - { 0xdd9e7534, 0x7762, 0x4698, { 0x8c, 0x14, 0xf5, 0x85, 0x17, 0xa6, 0x25, 0xaa } } +#define EFI_SIMPLE_TEXT_INPUT_EX_GUID \ + &(EFI_GUID) { 0xdd9e7534, 0x7762, 0x4698, { 0x8c, 0x14, 0xf5, 0x85, 0x17, 0xa6, 0x25, 0xaa } } struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL; @@ -67,7 +67,6 @@ typedef struct _EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL { } EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL; EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait) { - EFI_GUID EfiSimpleTextInputExProtocolGuid = EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID; static EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *TextInputEx; static BOOLEAN checked; UINTN index; @@ -75,7 +74,7 @@ EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait) { EFI_STATUS err; if (!checked) { - err = LibLocateProtocol(&EfiSimpleTextInputExProtocolGuid, (VOID **)&TextInputEx); + err = LibLocateProtocol(EFI_SIMPLE_TEXT_INPUT_EX_GUID, (VOID **)&TextInputEx); if (EFI_ERROR(err)) TextInputEx = NULL; diff --git a/src/boot/efi/crc32.c b/src/boot/efi/crc32.c index 5dfd3db265..c9e5501ffa 100644 --- a/src/boot/efi/crc32.c +++ b/src/boot/efi/crc32.c @@ -128,9 +128,8 @@ UINT32 crc32_exclude_offset( const UINT8 *p = buf; UINT32 crc = seed; - UINTN i; - for (i = 0; i < len; i++) { + for (UINTN i = 0; i < len; i++) { UINT8 x = *p++; if (i >= exclude_off && i < exclude_off + exclude_len) diff --git a/src/boot/efi/disk.c b/src/boot/efi/disk.c index cc752956c3..122f08dd5c 100644 --- a/src/boot/efi/disk.c +++ b/src/boot/efi/disk.c @@ -13,10 +13,9 @@ EFI_STATUS disk_get_part_uuid(EFI_HANDLE *handle, CHAR16 uuid[static 37]) { device_path = DevicePathFromHandle(handle); if (device_path) { _cleanup_freepool_ EFI_DEVICE_PATH *paths = NULL; - EFI_DEVICE_PATH *path; paths = UnpackDevicePath(device_path); - for (path = paths; !IsDevicePathEnd(path); path = NextDevicePathNode(path)) { + for (EFI_DEVICE_PATH *path = paths; !IsDevicePathEnd(path); path = NextDevicePathNode(path)) { HARDDRIVE_DEVICE_PATH *drive; if (DevicePathType(path) != MEDIA_DEVICE_PATH) diff --git a/src/boot/efi/graphics.c b/src/boot/efi/graphics.c index f36ecb35b5..ddfe68cc77 100644 --- a/src/boot/efi/graphics.c +++ b/src/boot/efi/graphics.c @@ -10,9 +10,10 @@ #include "graphics.h" #include "util.h" +#define EFI_CONSOLE_CONTROL_GUID \ + &(EFI_GUID) { 0xf42f7782, 0x12e, 0x4c12, { 0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21 } } + EFI_STATUS graphics_mode(BOOLEAN on) { - #define EFI_CONSOLE_CONTROL_PROTOCOL_GUID \ - { 0xf42f7782, 0x12e, 0x4c12, { 0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21 } }; struct _EFI_CONSOLE_CONTROL_PROTOCOL; @@ -45,7 +46,6 @@ EFI_STATUS graphics_mode(BOOLEAN on) { EFI_CONSOLE_CONTROL_PROTOCOL_LOCK_STD_IN LockStdIn; } EFI_CONSOLE_CONTROL_PROTOCOL; - EFI_GUID ConsoleControlProtocolGuid = EFI_CONSOLE_CONTROL_PROTOCOL_GUID; EFI_CONSOLE_CONTROL_PROTOCOL *ConsoleControl = NULL; EFI_CONSOLE_CONTROL_SCREEN_MODE new; EFI_CONSOLE_CONTROL_SCREEN_MODE current; @@ -53,7 +53,7 @@ EFI_STATUS graphics_mode(BOOLEAN on) { BOOLEAN stdin_locked; EFI_STATUS err; - err = LibLocateProtocol(&ConsoleControlProtocolGuid, (VOID **)&ConsoleControl); + err = LibLocateProtocol(EFI_CONSOLE_CONTROL_GUID, (VOID **)&ConsoleControl); if (EFI_ERROR(err)) /* console control protocol is nonstandard and might not exist. */ return err == EFI_NOT_FOUND ? EFI_SUCCESS : err; diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c index ff876a6c5b..c272d08553 100644 --- a/src/boot/efi/measure.c +++ b/src/boot/efi/measure.c @@ -4,9 +4,11 @@ #include <efi.h> #include <efilib.h> + #include "measure.h" -#define EFI_TCG_PROTOCOL_GUID { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd} } +#define EFI_TCG_GUID \ + &(EFI_GUID) { 0xf541796d, 0xa62e, 0x4954, { 0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } } typedef struct _TCG_VERSION { UINT8 Major; @@ -100,7 +102,8 @@ typedef struct _EFI_TCG { EFI_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; } EFI_TCG; -#define EFI_TCG2_PROTOCOL_GUID {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }} +#define EFI_TCG2_GUID \ + &(EFI_GUID) { 0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } } typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL; @@ -238,7 +241,6 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log(const EFI_TCG2 *tcg, UINT32 } static EFI_TCG * tcg1_interface_check(void) { - EFI_GUID tpm_guid = EFI_TCG_PROTOCOL_GUID; EFI_STATUS status; EFI_TCG *tcg; TCG_BOOT_SERVICE_CAPABILITY capability; @@ -246,7 +248,7 @@ static EFI_TCG * tcg1_interface_check(void) { EFI_PHYSICAL_ADDRESS event_log_location; EFI_PHYSICAL_ADDRESS event_log_last_entry; - status = LibLocateProtocol(&tpm_guid, (void **) &tcg); + status = LibLocateProtocol(EFI_TCG_GUID, (void **) &tcg); if (EFI_ERROR(status)) return NULL; @@ -267,12 +269,11 @@ static EFI_TCG * tcg1_interface_check(void) { } static EFI_TCG2 * tcg2_interface_check(void) { - EFI_GUID tpm2_guid = EFI_TCG2_PROTOCOL_GUID; EFI_STATUS status; EFI_TCG2 *tcg; EFI_TCG2_BOOT_SERVICE_CAPABILITY capability; - status = LibLocateProtocol(&tpm2_guid, (void **) &tcg); + status = LibLocateProtocol(EFI_TCG2_GUID, (void **) &tcg); if (EFI_ERROR(status)) return NULL; diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 24177f9384..177957e76a 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -21,6 +21,7 @@ common_sources = ''' graphics.c measure.c pe.c + secure-boot.c util.c '''.split() @@ -133,8 +134,8 @@ endif if have_gnu_efi compile_args = ['-Wall', '-Wextra', - '-std=gnu90', - '-nostdinc', + '-std=gnu99', + '-nostdlib', '-fpic', '-fshort-wchar', '-ffreestanding', diff --git a/src/boot/efi/pe.c b/src/boot/efi/pe.c index f99ecd0eda..cb35838072 100644 --- a/src/boot/efi/pe.c +++ b/src/boot/efi/pe.c @@ -62,7 +62,6 @@ struct PeSectionHeader { EFI_STATUS pe_memory_locate_sections(CHAR8 *base, CHAR8 **sections, UINTN *addrs, UINTN *offsets, UINTN *sizes) { struct DosFileHeader *dos; struct PeHeader *pe; - UINTN i; UINTN offset; dos = (struct DosFileHeader *)base; @@ -85,12 +84,11 @@ EFI_STATUS pe_memory_locate_sections(CHAR8 *base, CHAR8 **sections, UINTN *addrs offset = dos->ExeHeader + sizeof(*pe) + pe->FileHeader.SizeOfOptionalHeader; - for (i = 0; i < pe->FileHeader.NumberOfSections; i++) { + for (UINTN i = 0; i < pe->FileHeader.NumberOfSections; i++) { struct PeSectionHeader *sect; - UINTN j; sect = (struct PeSectionHeader *)&base[offset]; - for (j = 0; sections[j]; j++) { + for (UINTN j = 0; sections[j]; j++) { if (CompareMem(sect->Name, sections[j], strlena(sections[j])) != 0) continue; diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c index 895c85445e..6de520c0c3 100644 --- a/src/boot/efi/random-seed.c +++ b/src/boot/efi/random-seed.c @@ -5,14 +5,14 @@ #include "missing_efi.h" #include "random-seed.h" +#include "secure-boot.h" #include "sha256.h" #include "util.h" -#include "shim.h" #define RANDOM_MAX_SIZE_MIN (32U) #define RANDOM_MAX_SIZE_MAX (32U*1024U) -static const EFI_GUID rng_protocol_guid = EFI_RNG_PROTOCOL_GUID; +#define EFI_RNG_GUID &(EFI_GUID) EFI_RNG_PROTOCOL_GUID /* SHA256 gives us 256/8=32 bytes */ #define HASH_VALUE_SIZE 32 @@ -24,7 +24,7 @@ static EFI_STATUS acquire_rng(UINTN size, VOID **ret) { /* Try to acquire the specified number of bytes from the UEFI RNG */ - err = LibLocateProtocol((EFI_GUID*) &rng_protocol_guid, (VOID**) &rng); + err = LibLocateProtocol(EFI_RNG_GUID, (VOID**) &rng); if (EFI_ERROR(err)) return err; if (!rng) @@ -86,7 +86,6 @@ static EFI_STATUS hash_many( VOID **ret) { _cleanup_freepool_ VOID *output = NULL; - UINTN i; /* Hashes the specified parameters in counter mode, generating n hash values, with the counter in the * range counter_start…counter_start+n-1. */ @@ -95,7 +94,7 @@ static EFI_STATUS hash_many( if (!output) return log_oom(); - for (i = 0; i < n; i++) + for (UINTN i = 0; i < n; i++) hash_once(old_seed, rng, size, system_token, system_token_size, counter_start + i, @@ -147,7 +146,7 @@ static EFI_STATUS acquire_system_token(VOID **ret, UINTN *ret_size) { EFI_STATUS err; UINTN size; - err = efivar_get_raw(&loader_guid, L"LoaderSystemToken", &data, &size); + err = efivar_get_raw(LOADER_GUID, L"LoaderSystemToken", &data, &size); if (EFI_ERROR(err)) { if (err != EFI_NOT_FOUND) Print(L"Failed to read LoaderSystemToken EFI variable: %r", err); @@ -201,9 +200,7 @@ static VOID validate_sha256(void) { 0xaf, 0xac, 0x45, 0x03, 0x7a, 0xfe, 0xe9, 0xd1 }}, }; - UINTN i; - - for (i = 0; i < ELEMENTSOF(array); i++) { + for (UINTN i = 0; i < ELEMENTSOF(array); i++) { struct sha256_ctx hash; uint8_t result[HASH_VALUE_SIZE]; @@ -318,7 +315,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { } /* We are good to go */ - err = efivar_set_raw(&loader_guid, L"LoaderRandomSeed", for_kernel, size, FALSE); + err = efivar_set_raw(LOADER_GUID, L"LoaderRandomSeed", for_kernel, size, 0); if (EFI_ERROR(err)) { Print(L"Failed to write random seed to EFI variable: %r\n", err); return err; diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c new file mode 100644 index 0000000000..cacf3b6a7b --- /dev/null +++ b/src/boot/efi/secure-boot.c @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "secure-boot.h" +#include "util.h" + +BOOLEAN secure_boot_enabled(void) { + BOOLEAN secure; + EFI_STATUS err; + + err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure); + + return !EFI_ERROR(err) && secure; +} diff --git a/src/boot/efi/secure-boot.h b/src/boot/efi/secure-boot.h new file mode 100644 index 0000000000..d06a7deaaa --- /dev/null +++ b/src/boot/efi/secure-boot.h @@ -0,0 +1,6 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include <efi.h> + +BOOLEAN secure_boot_enabled(void); diff --git a/src/boot/efi/sha256.c b/src/boot/efi/sha256.c index f23066d0ac..774f0eeb6c 100644 --- a/src/boot/efi/sha256.c +++ b/src/boot/efi/sha256.c @@ -94,7 +94,7 @@ void sha256_init_ctx(struct sha256_ctx *ctx) { void *sha256_finish_ctx(struct sha256_ctx *ctx, void *resbuf) { /* Take yet unprocessed bytes into account. */ UINT32 bytes = ctx->buflen; - UINTN pad, i; + UINTN pad; /* Now count remaining bytes. */ ctx->total64 += bytes; @@ -111,7 +111,7 @@ void *sha256_finish_ctx(struct sha256_ctx *ctx, void *resbuf) { sha256_process_block (ctx->buffer, bytes + pad + 8, ctx); /* Put result from CTX in first 32 bytes following RESBUF. */ - for (i = 0; i < 8; ++i) + for (UINTN i = 0; i < 8; ++i) ((UINT32 *) resbuf)[i] = SWAP (ctx->H[i]); return resbuf; @@ -214,7 +214,6 @@ static void sha256_process_block(const void *buffer, UINTN len, struct sha256_ct UINT32 f_save = f; UINT32 g_save = g; UINT32 h_save = h; - UINTN t; /* Operators defined in FIPS 180-2:4.1.2. */ #define Ch(x, y, z) ((x & y) ^ (~x & z)) @@ -229,15 +228,15 @@ static void sha256_process_block(const void *buffer, UINTN len, struct sha256_ct #define CYCLIC(w, s) ((w >> s) | (w << (32 - s))) /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ - for (t = 0; t < 16; ++t) { + for (UINTN t = 0; t < 16; ++t) { W[t] = SWAP (*words); ++words; } - for (t = 16; t < 64; ++t) + for (UINTN t = 16; t < 64; ++t) W[t] = R1 (W[t - 2]) + W[t - 7] + R0 (W[t - 15]) + W[t - 16]; /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ - for (t = 0; t < 64; ++t) { + for (UINTN t = 0; t < 64; ++t) { UINT32 T1 = h + S1 (e) + Ch (e, f, g) + K[t] + W[t]; UINT32 T2 = S0 (a) + Maj (a, b, c); h = g; diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c index 3dc10089c6..48602627bb 100644 --- a/src/boot/efi/shim.c +++ b/src/boot/efi/shim.c @@ -30,17 +30,18 @@ struct ShimLock { EFI_STATUS __sysv_abi__ (*read_header) (VOID *data, UINT32 datasize, VOID *context); }; -static const EFI_GUID simple_fs_guid = SIMPLE_FILE_SYSTEM_PROTOCOL; -static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE; - -static const EFI_GUID security_protocol_guid = { 0xa46423e3, 0x4617, 0x49f1, {0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } }; -static const EFI_GUID security2_protocol_guid = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }; -static const EFI_GUID shim_lock_guid = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; +#define SIMPLE_FS_GUID &(EFI_GUID) SIMPLE_FILE_SYSTEM_PROTOCOL +#define SECURITY_PROTOCOL_GUID \ + &(EFI_GUID) { 0xa46423e3, 0x4617, 0x49f1, { 0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } } +#define SECURITY_PROTOCOL2_GUID \ + &(EFI_GUID) { 0x94ab2f58, 0x1438, 0x4ef1, { 0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } } +#define SHIM_LOCK_GUID \ + &(EFI_GUID) { 0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } } BOOLEAN shim_loaded(void) { struct ShimLock *shim_lock; - return uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &shim_lock_guid, NULL, (VOID**) &shim_lock) == EFI_SUCCESS; + return uefi_call_wrapper(BS->LocateProtocol, 3, SHIM_LOCK_GUID, NULL, (VOID**) &shim_lock) == EFI_SUCCESS; } static BOOLEAN shim_validate(VOID *data, UINT32 size) { @@ -49,7 +50,7 @@ static BOOLEAN shim_validate(VOID *data, UINT32 size) { if (!data) return FALSE; - if (uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &shim_lock_guid, NULL, (VOID**) &shim_lock) != EFI_SUCCESS) + if (uefi_call_wrapper(BS->LocateProtocol, 3, SHIM_LOCK_GUID, NULL, (VOID**) &shim_lock) != EFI_SUCCESS) return FALSE; if (!shim_lock) @@ -58,16 +59,6 @@ static BOOLEAN shim_validate(VOID *data, UINT32 size) { return shim_lock->shim_verify(data, size) == EFI_SUCCESS; } -BOOLEAN secure_boot_enabled(void) { - _cleanup_freepool_ CHAR8 *b = NULL; - UINTN size; - - if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS) - return *b > 0; - - return FALSE; -} - /* * See the UEFI Platform Initialization manual (Vol2: DXE) for this */ @@ -157,7 +148,7 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT dev_path = DuplicateDevicePath((EFI_DEVICE_PATH*) device_path_const); - status = uefi_call_wrapper(BS->LocateDevicePath, 3, (EFI_GUID*) &simple_fs_guid, &dev_path, &h); + status = uefi_call_wrapper(BS->LocateDevicePath, 3, SIMPLE_FS_GUID, &dev_path, &h); if (status != EFI_SUCCESS) return status; @@ -191,9 +182,9 @@ EFI_STATUS security_policy_install(void) { * to fail, since SECURITY2 was introduced in PI 1.2.1. * Use security2_protocol == NULL as indicator. */ - uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security2_protocol_guid, NULL, (VOID**) &security2_protocol); + uefi_call_wrapper(BS->LocateProtocol, 3, SECURITY_PROTOCOL2_GUID, NULL, (VOID**) &security2_protocol); - status = uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security_protocol_guid, NULL, (VOID**) &security_protocol); + status = uefi_call_wrapper(BS->LocateProtocol, 3, SECURITY_PROTOCOL_GUID, NULL, (VOID**) &security_protocol); /* This one is mandatory, so there's a serious problem */ if (status != EFI_SUCCESS) return status; diff --git a/src/boot/efi/shim.h b/src/boot/efi/shim.h index e24fcdac54..d682994b9e 100644 --- a/src/boot/efi/shim.h +++ b/src/boot/efi/shim.h @@ -13,6 +13,4 @@ BOOLEAN shim_loaded(void); -BOOLEAN secure_boot_enabled(void); - EFI_STATUS security_policy_install(void); diff --git a/src/boot/efi/splash.c b/src/boot/efi/splash.c index 552c45cff4..5e085ec45c 100644 --- a/src/boot/efi/splash.c +++ b/src/boot/efi/splash.c @@ -151,22 +151,18 @@ static EFI_STATUS bmp_to_blt(EFI_GRAPHICS_OUTPUT_BLT_PIXEL *buf, struct bmp_dib *dib, struct bmp_map *map, UINT8 *pixmap) { UINT8 *in; - UINTN y; /* transform and copy pixels */ in = pixmap; - for (y = 0; y < dib->y; y++) { + for (UINTN y = 0; y < dib->y; y++) { EFI_GRAPHICS_OUTPUT_BLT_PIXEL *out; UINTN row_size; - UINTN x; out = &buf[(dib->y - y - 1) * dib->x]; - for (x = 0; x < dib->x; x++, in++, out++) { + for (UINTN x = 0; x < dib->x; x++, in++, out++) { switch (dib->depth) { case 1: { - UINTN i; - - for (i = 0; i < 8 && x < dib->x; i++) { + for (UINTN i = 0; i < 8 && x < dib->x; i++) { out->Red = map[((*in) >> (7 - i)) & 1].red; out->Green = map[((*in) >> (7 - i)) & 1].green; out->Blue = map[((*in) >> (7 - i)) & 1].blue; diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c index a09f47c711..f0f302ce8c 100644 --- a/src/boot/efi/stub.c +++ b/src/boot/efi/stub.c @@ -8,19 +8,15 @@ #include "linux.h" #include "measure.h" #include "pe.h" +#include "secure-boot.h" #include "splash.h" #include "util.h" /* magic string to find in the binary image */ static const char __attribute__((used)) magic[] = "#### LoaderInfo: systemd-stub " GIT_VERSION " ####"; -static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE; - EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { EFI_LOADED_IMAGE *loaded_image; - _cleanup_freepool_ CHAR8 *b = NULL; - UINTN size; - BOOLEAN secure = FALSE; CHAR8 *sections[] = { (CHAR8 *)".cmdline", (CHAR8 *)".linux", @@ -46,10 +42,6 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { return err; } - if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS) - if (*b > 0) - secure = TRUE; - err = pe_memory_locate_sections(loaded_image->ImageBase, sections, addrs, offs, szs); if (EFI_ERROR(err)) { Print(L"Unable to locate embedded .linux section: %r ", err); @@ -58,20 +50,20 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { } if (szs[0] > 0) - cmdline = (CHAR8 *)(loaded_image->ImageBase + addrs[0]); + cmdline = (CHAR8 *)(loaded_image->ImageBase) + addrs[0]; cmdline_len = szs[0]; /* if we are not in secure boot mode, or none was provided, accept a custom command line and replace the built-in one */ - if ((!secure || cmdline_len == 0) && loaded_image->LoadOptionsSize > 0 && *(CHAR16 *)loaded_image->LoadOptions > 0x1F) { + if ((!secure_boot_enabled() || cmdline_len == 0) && loaded_image->LoadOptionsSize > 0 && + *(CHAR16 *) loaded_image->LoadOptions > 0x1F) { CHAR16 *options; CHAR8 *line; - UINTN i; options = (CHAR16 *)loaded_image->LoadOptions; cmdline_len = (loaded_image->LoadOptionsSize / sizeof(CHAR16)) * sizeof(CHAR8); line = AllocatePool(cmdline_len); - for (i = 0; i < cmdline_len; i++) + for (UINTN i = 0; i < cmdline_len; i++) line[i] = options[i]; cmdline = line; @@ -88,37 +80,37 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { } /* Export the device path this image is started from, if it's not set yet */ - if (efivar_get_raw(&loader_guid, L"LoaderDevicePartUUID", NULL, NULL) != EFI_SUCCESS) + if (efivar_get_raw(LOADER_GUID, L"LoaderDevicePartUUID", NULL, NULL) != EFI_SUCCESS) if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) - efivar_set(L"LoaderDevicePartUUID", uuid, FALSE); + efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); /* if LoaderImageIdentifier is not set, assume the image with this stub was loaded directly from UEFI */ - if (efivar_get_raw(&loader_guid, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS) { + if (efivar_get_raw(LOADER_GUID, L"LoaderImageIdentifier", NULL, NULL) != EFI_SUCCESS) { _cleanup_freepool_ CHAR16 *s; s = DevicePathToStr(loaded_image->FilePath); - efivar_set(L"LoaderImageIdentifier", s, FALSE); + efivar_set(LOADER_GUID, L"LoaderImageIdentifier", s, 0); } /* if LoaderFirmwareInfo is not set, let's set it */ - if (efivar_get_raw(&loader_guid, L"LoaderFirmwareInfo", NULL, NULL) != EFI_SUCCESS) { + if (efivar_get_raw(LOADER_GUID, L"LoaderFirmwareInfo", NULL, NULL) != EFI_SUCCESS) { _cleanup_freepool_ CHAR16 *s; s = PoolPrint(L"%s %d.%02d", ST->FirmwareVendor, ST->FirmwareRevision >> 16, ST->FirmwareRevision & 0xffff); - efivar_set(L"LoaderFirmwareInfo", s, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareInfo", s, 0); } /* ditto for LoaderFirmwareType */ - if (efivar_get_raw(&loader_guid, L"LoaderFirmwareType", NULL, NULL) != EFI_SUCCESS) { + if (efivar_get_raw(LOADER_GUID, L"LoaderFirmwareType", NULL, NULL) != EFI_SUCCESS) { _cleanup_freepool_ CHAR16 *s; s = PoolPrint(L"UEFI %d.%02d", ST->Hdr.Revision >> 16, ST->Hdr.Revision & 0xffff); - efivar_set(L"LoaderFirmwareType", s, FALSE); + efivar_set(LOADER_GUID, L"LoaderFirmwareType", s, 0); } /* add StubInfo */ - if (efivar_get_raw(&loader_guid, L"StubInfo", NULL, NULL) != EFI_SUCCESS) - efivar_set(L"StubInfo", L"systemd-stub " GIT_VERSION, FALSE); + if (efivar_get_raw(LOADER_GUID, L"StubInfo", NULL, NULL) != EFI_SUCCESS) + efivar_set(LOADER_GUID, L"StubInfo", L"systemd-stub " GIT_VERSION, 0); if (szs[3] > 0) graphics_splash((UINT8 *)((UINTN)loaded_image->ImageBase + addrs[3]), szs[3], NULL); diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 2712c2d3f0..74dc8de9c8 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -5,13 +5,6 @@ #include "util.h" -/* - * Allocated random UUID, intended to be shared across tools that implement - * the (ESP)\loader\entries\<vendor>-<revision>.conf convention and the - * associated EFI variables. - */ -const EFI_GUID loader_guid = { 0x4a67b082, 0x0a4c, 0x41cf, {0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f} }; - #ifdef __x86_64__ UINT64 ticks_read(VOID) { UINT64 a, d; @@ -82,34 +75,55 @@ EFI_STATUS parse_boolean(const CHAR8 *v, BOOLEAN *b) { return EFI_INVALID_PARAMETER; } -EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, BOOLEAN persistent) { - UINT32 flags; - - flags = EFI_VARIABLE_BOOTSERVICE_ACCESS|EFI_VARIABLE_RUNTIME_ACCESS; - if (persistent) - flags |= EFI_VARIABLE_NON_VOLATILE; - +EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, UINT32 flags) { + flags |= EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS; return uefi_call_wrapper(RT->SetVariable, 5, (CHAR16*) name, (EFI_GUID *)vendor, flags, size, (VOID*) buf); } -EFI_STATUS efivar_set(const CHAR16 *name, const CHAR16 *value, BOOLEAN persistent) { - return efivar_set_raw(&loader_guid, name, value, value ? (StrLen(value)+1) * sizeof(CHAR16) : 0, persistent); +EFI_STATUS efivar_set(const EFI_GUID *vendor, const CHAR16 *name, const CHAR16 *value, UINT32 flags) { + return efivar_set_raw(vendor, name, value, value ? (StrLen(value) + 1) * sizeof(CHAR16) : 0, flags); } -EFI_STATUS efivar_set_int(CHAR16 *name, UINTN i, BOOLEAN persistent) { +EFI_STATUS efivar_set_uint_string(const EFI_GUID *vendor, CHAR16 *name, UINTN i, UINT32 flags) { CHAR16 str[32]; SPrint(str, 32, L"%u", i); - return efivar_set(name, str, persistent); + return efivar_set(vendor, name, str, flags); } -EFI_STATUS efivar_get(const CHAR16 *name, CHAR16 **value) { +EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *name, UINT32 value, UINT32 flags) { + UINT8 buf[4]; + + buf[0] = (UINT8)(value >> 0U & 0xFF); + buf[1] = (UINT8)(value >> 8U & 0xFF); + buf[2] = (UINT8)(value >> 16U & 0xFF); + buf[3] = (UINT8)(value >> 24U & 0xFF); + + return efivar_set_raw(vendor, name, buf, sizeof(buf), flags); +} + +EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 value, UINT32 flags) { + UINT8 buf[8]; + + buf[0] = (UINT8)(value >> 0U & 0xFF); + buf[1] = (UINT8)(value >> 8U & 0xFF); + buf[2] = (UINT8)(value >> 16U & 0xFF); + buf[3] = (UINT8)(value >> 24U & 0xFF); + buf[4] = (UINT8)(value >> 32U & 0xFF); + buf[5] = (UINT8)(value >> 40U & 0xFF); + buf[6] = (UINT8)(value >> 48U & 0xFF); + buf[7] = (UINT8)(value >> 56U & 0xFF); + + return efivar_set_raw(vendor, name, buf, sizeof(buf), flags); +} + +EFI_STATUS efivar_get(const EFI_GUID *vendor, const CHAR16 *name, CHAR16 **value) { _cleanup_freepool_ CHAR8 *buf = NULL; EFI_STATUS err; CHAR16 *val; UINTN size; - err = efivar_get_raw(&loader_guid, name, &buf, &size); + err = efivar_get_raw(vendor, name, &buf, &size); if (EFI_ERROR(err)) return err; @@ -138,17 +152,52 @@ EFI_STATUS efivar_get(const CHAR16 *name, CHAR16 **value) { return EFI_SUCCESS; } -EFI_STATUS efivar_get_int(const CHAR16 *name, UINTN *i) { +EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const CHAR16 *name, UINTN *i) { _cleanup_freepool_ CHAR16 *val = NULL; EFI_STATUS err; - err = efivar_get(name, &val); + err = efivar_get(vendor, name, &val); if (!EFI_ERROR(err) && i) *i = Atoi(val); return err; } +EFI_STATUS efivar_get_uint32_le(const EFI_GUID *vendor, const CHAR16 *name, UINT32 *ret) { + _cleanup_freepool_ CHAR8 *buf = NULL; + UINTN size; + EFI_STATUS err; + + err = efivar_get_raw(vendor, name, &buf, &size); + if (!EFI_ERROR(err) && ret) { + if (size != sizeof(UINT32)) + return EFI_BUFFER_TOO_SMALL; + + *ret = (UINT32) buf[0] << 0U | (UINT32) buf[1] << 8U | (UINT32) buf[2] << 16U | + (UINT32) buf[3] << 24U; + } + + return err; +} + +EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const CHAR16 *name, UINT64 *ret) { + _cleanup_freepool_ CHAR8 *buf = NULL; + UINTN size; + EFI_STATUS err; + + err = efivar_get_raw(vendor, name, &buf, &size); + if (!EFI_ERROR(err) && ret) { + if (size != sizeof(UINT64)) + return EFI_BUFFER_TOO_SMALL; + + *ret = (UINT64) buf[0] << 0U | (UINT64) buf[1] << 8U | (UINT64) buf[2] << 16U | + (UINT64) buf[3] << 24U | (UINT64) buf[4] << 32U | (UINT64) buf[5] << 40U | + (UINT64) buf[6] << 48U | (UINT64) buf[7] << 56U; + } + + return err; +} + EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const CHAR16 *name, CHAR8 **buffer, UINTN *size) { _cleanup_freepool_ CHAR8 *buf = NULL; UINTN l; @@ -172,7 +221,19 @@ EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const CHAR16 *name, CHAR8 **bu return err; } -VOID efivar_set_time_usec(CHAR16 *name, UINT64 usec) { +EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const CHAR16 *name, BOOLEAN *ret) { + _cleanup_freepool_ CHAR8 *b = NULL; + UINTN size; + EFI_STATUS err; + + err = efivar_get_raw(vendor, name, &b, &size); + if (!EFI_ERROR(err)) + *ret = *b > 0; + + return err; +} + +VOID efivar_set_time_usec(const EFI_GUID *vendor, CHAR16 *name, UINT64 usec) { CHAR16 str[32]; if (usec == 0) @@ -181,13 +242,12 @@ VOID efivar_set_time_usec(CHAR16 *name, UINT64 usec) { return; SPrint(str, 32, L"%ld", usec); - efivar_set(name, str, FALSE); + efivar_set(vendor, name, str, 0); } static INTN utf8_to_16(CHAR8 *stra, CHAR16 *c) { CHAR16 unichar; UINTN len; - UINTN i; if (!(stra[0] & 0x80)) len = 1; @@ -225,7 +285,7 @@ static INTN utf8_to_16(CHAR8 *stra, CHAR16 *c) { break; } - for (i = 1; i < len; i++) { + for (UINTN i = 1; i < len; i++) { if ((stra[i] & 0xc0) != 0x80) return -1; unichar <<= 6; @@ -309,6 +369,62 @@ CHAR8 *strchra(CHAR8 *s, CHAR8 c) { return NULL; } +const CHAR16 *startswith(const CHAR16 *s, const CHAR16 *prefix) { + UINTN l; + + l = StrLen(prefix); + if (StrnCmp(s, prefix, l) == 0) + return s + l; + + return NULL; +} + +const CHAR16 *endswith(const CHAR16 *s, const CHAR16 *postfix) { + UINTN sl, pl; + + sl = StrLen(s); + pl = StrLen(postfix); + + if (pl == 0) + return s + sl; + + if (sl < pl) + return NULL; + + if (StrnCmp(s + sl - pl, postfix, pl) != 0) + return NULL; + + return s + sl - pl; +} + +const CHAR16 *startswith_no_case(const CHAR16 *s, const CHAR16 *prefix) { + UINTN l; + + l = StrLen(prefix); + if (StriCmp(s, prefix) == 0) + return s + l; + + return NULL; +} + +const CHAR16 *endswith_no_case(const CHAR16 *s, const CHAR16 *postfix) { + UINTN sl, pl; + + sl = StrLen(s); + pl = StrLen(postfix); + + if (pl == 0) + return s + sl; + + if (sl < pl) + return NULL; + + if (StriCmp(s + sl - pl, postfix) != 0) + return NULL; + + return s + sl - pl; +} + EFI_STATUS file_read(EFI_FILE_HANDLE dir, const CHAR16 *name, UINTN off, UINTN size, CHAR8 **ret, UINTN *ret_size) { _cleanup_(FileHandleClosep) EFI_FILE_HANDLE handle = NULL; _cleanup_freepool_ CHAR8 *buf = NULL; diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index 916519cdf8..a21e84ecdc 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -21,19 +21,30 @@ UINT64 ticks_read(void); UINT64 ticks_freq(void); UINT64 time_usec(void); -EFI_STATUS efivar_set(const CHAR16 *name, const CHAR16 *value, BOOLEAN persistent); -EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, BOOLEAN persistent); -EFI_STATUS efivar_set_int(CHAR16 *name, UINTN i, BOOLEAN persistent); -VOID efivar_set_time_usec(CHAR16 *name, UINT64 usec); - -EFI_STATUS efivar_get(const CHAR16 *name, CHAR16 **value); +EFI_STATUS efivar_set(const EFI_GUID *vendor, const CHAR16 *name, const CHAR16 *value, UINT32 flags); +EFI_STATUS efivar_set_raw(const EFI_GUID *vendor, const CHAR16 *name, const VOID *buf, UINTN size, UINT32 flags); +EFI_STATUS efivar_set_uint_string(const EFI_GUID *vendor, CHAR16 *name, UINTN i, UINT32 flags); +EFI_STATUS efivar_set_uint32_le(const EFI_GUID *vendor, CHAR16 *NAME, UINT32 value, UINT32 flags); +EFI_STATUS efivar_set_uint64_le(const EFI_GUID *vendor, CHAR16 *name, UINT64 value, UINT32 flags); +VOID efivar_set_time_usec(const EFI_GUID *vendor, CHAR16 *name, UINT64 usec); + +EFI_STATUS efivar_get(const EFI_GUID *vendor, const CHAR16 *name, CHAR16 **value); EFI_STATUS efivar_get_raw(const EFI_GUID *vendor, const CHAR16 *name, CHAR8 **buffer, UINTN *size); -EFI_STATUS efivar_get_int(const CHAR16 *name, UINTN *i); +EFI_STATUS efivar_get_uint_string(const EFI_GUID *vendor, const CHAR16 *name, UINTN *i); +EFI_STATUS efivar_get_uint32_le(const EFI_GUID *vendor, const CHAR16 *name, UINT32 *ret); +EFI_STATUS efivar_get_uint64_le(const EFI_GUID *vendor, const CHAR16 *name, UINT64 *ret); +EFI_STATUS efivar_get_boolean_u8(const EFI_GUID *vendor, const CHAR16 *name, BOOLEAN *ret); CHAR8 *strchra(CHAR8 *s, CHAR8 c); CHAR16 *stra_to_path(CHAR8 *stra); CHAR16 *stra_to_str(CHAR8 *stra); +const CHAR16 *startswith(const CHAR16 *s, const CHAR16 *prefix); +const CHAR16 *endswith(const CHAR16 *s, const CHAR16 *postfix); + +const CHAR16 *startswith_no_case(const CHAR16 *s, const CHAR16 *prefix); +const CHAR16 *endswith_no_case(const CHAR16 *s, const CHAR16 *postfix); + EFI_STATUS file_read(EFI_FILE_HANDLE dir, const CHAR16 *name, UINTN off, UINTN size, CHAR8 **content, UINTN *content_size); static inline void FreePoolp(void *p) { @@ -55,7 +66,14 @@ static inline void FileHandleClosep(EFI_FILE_HANDLE *handle) { uefi_call_wrapper((*handle)->Close, 1, *handle); } -extern const EFI_GUID loader_guid; +/* + * Allocated random UUID, intended to be shared across tools that implement + * the (ESP)\loader\entries\<vendor>-<revision>.conf convention and the + * associated EFI variables. + */ +#define LOADER_GUID \ + &(const EFI_GUID) { 0x4a67b082, 0x0a4c, 0x41cf, { 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f } } +#define EFI_GLOBAL_GUID &(const EFI_GUID) EFI_GLOBAL_VARIABLE #define UINTN_MAX (~(UINTN)0) #define INTN_MAX ((INTN)(UINTN_MAX>>1)) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index cebead5eb5..c9cf7fb16c 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -417,7 +417,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { "%sDelegate: %s\n" "%sManagedOOMSwap: %s\n" "%sManagedOOMMemoryPressure: %s\n" - "%sManagedOOMMemoryPressureLimitPercent: %d%%\n", + "%sManagedOOMMemoryPressureLimit: %" PRIu32 ".%02" PRIu32 "%%\n", prefix, yes_no(c->cpu_accounting), prefix, yes_no(c->io_accounting), prefix, yes_no(c->blockio_accounting), @@ -450,7 +450,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, yes_no(c->delegate), prefix, managed_oom_mode_to_string(c->moom_swap), prefix, managed_oom_mode_to_string(c->moom_mem_pressure), - prefix, c->moom_mem_pressure_limit); + prefix, c->moom_mem_pressure_limit_permyriad / 100, c->moom_mem_pressure_limit_permyriad % 100); if (c->delegate) { _cleanup_free_ char *t = NULL; @@ -1057,6 +1057,23 @@ static int cgroup_apply_devices(Unit *u) { return r; } +static void set_io_weight(Unit *u, const char *controller, uint64_t weight) { + char buf[8+DECIMAL_STR_MAX(uint64_t)+1]; + const char *p; + + p = strjoina(controller, ".weight"); + xsprintf(buf, "default %" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, controller, p, buf); + + /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" + * See also: https://github.com/systemd/systemd/pull/13335 and + * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. + * The range is 1..1000 apparently. */ + p = strjoina(controller, ".bfq.weight"); + xsprintf(buf, "%" PRIu64 "\n", (weight + 9) / 10); + (void) set_attribute_and_warn(u, controller, p, buf); +} + static void cgroup_context_apply( Unit *u, CGroupMask apply_mask, @@ -1143,7 +1160,6 @@ static void cgroup_context_apply( * controller), and in case of containers we want to leave control of these attributes to the container manager * (and we couldn't access that stuff anyway, even if we tried if proper delegation is used). */ if ((apply_mask & CGROUP_MASK_IO) && !is_local_root) { - char buf[8+DECIMAL_STR_MAX(uint64_t)+1]; bool has_io, has_blockio; uint64_t weight; @@ -1163,13 +1179,7 @@ static void cgroup_context_apply( } else weight = CGROUP_WEIGHT_DEFAULT; - xsprintf(buf, "default %" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "io", "io.weight", buf); - - /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" - * See also: https://github.com/systemd/systemd/pull/13335 */ - xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); + set_io_weight(u, "io", weight); if (has_io) { CGroupIODeviceLatency *latency; @@ -1225,7 +1235,6 @@ static void cgroup_context_apply( /* Applying a 'weight' never makes sense for the host root cgroup, and for containers this should be * left to our container manager, too. */ if (!is_local_root) { - char buf[DECIMAL_STR_MAX(uint64_t)+1]; uint64_t weight; if (has_io) { @@ -1241,13 +1250,7 @@ static void cgroup_context_apply( else weight = CGROUP_BLKIO_WEIGHT_DEFAULT; - xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); - - /* FIXME: drop this when distro kernels properly support BFQ through "blkio.weight" - * See also: https://github.com/systemd/systemd/pull/13335 */ - xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); + set_io_weight(u, "blkio", weight); if (has_io) { CGroupIODeviceWeight *w; diff --git a/src/core/cgroup.h b/src/core/cgroup.h index 66f3a63b82..9fbfabbb7e 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -163,7 +163,7 @@ struct CGroupContext { /* Settings for systemd-oomd */ ManagedOOMMode moom_swap; ManagedOOMMode moom_mem_pressure; - int moom_mem_pressure_limit; + uint32_t moom_mem_pressure_limit_permyriad; }; /* Used when querying IP accounting data */ diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c index d695106658..df542e82d1 100644 --- a/src/core/core-varlink.c +++ b/src/core/core-varlink.c @@ -83,7 +83,7 @@ static int build_managed_oom_json_array_element(Unit *u, const char *property, J JSON_BUILD_PAIR("mode", JSON_BUILD_STRING(mode)), JSON_BUILD_PAIR("path", JSON_BUILD_STRING(u->cgroup_path)), JSON_BUILD_PAIR("property", JSON_BUILD_STRING(property)), - JSON_BUILD_PAIR_CONDITION(use_limit, "limit", JSON_BUILD_UNSIGNED(c->moom_mem_pressure_limit)))); + JSON_BUILD_PAIR_CONDITION(use_limit, "limit", JSON_BUILD_UNSIGNED(c->moom_mem_pressure_limit_permyriad)))); } int manager_varlink_send_managed_oom_update(Unit *u) { diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index a7d9312d97..6f309feb23 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -394,7 +394,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { SD_BUS_PROPERTY("DisableControllers", "as", property_get_cgroup_mask, offsetof(CGroupContext, disable_controllers), 0), SD_BUS_PROPERTY("ManagedOOMSwap", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_swap), 0), SD_BUS_PROPERTY("ManagedOOMMemoryPressure", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_mem_pressure), 0), - SD_BUS_PROPERTY("ManagedOOMMemoryPressureLimitPercent", "s", bus_property_get_percent, offsetof(CGroupContext, moom_mem_pressure_limit), 0), + SD_BUS_PROPERTY("ManagedOOMMemoryPressureLimitPermyriad", "u", NULL, offsetof(CGroupContext, moom_mem_pressure_limit_permyriad), 0), SD_BUS_VTABLE_END }; @@ -1696,14 +1696,24 @@ int bus_cgroup_set_property( return 1; } - if (streq(name, "ManagedOOMMemoryPressureLimitPercent")) { + if (streq(name, "ManagedOOMMemoryPressureLimitPermyriad")) { + uint32_t v; + if (!UNIT_VTABLE(u)->can_set_managed_oom) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); - r = bus_set_transient_percent(u, name, &c->moom_mem_pressure_limit, message, flags, error); + r = sd_bus_message_read(message, "u", &v); if (r < 0) return r; + if (v > 10000) + return -ERANGE; + + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { + c->moom_mem_pressure_limit_permyriad = v; + unit_write_settingf(u, flags, name, "ManagedOOMMemoryPressureLimit=%" PRIu32 ".%02" PRIu32 "%%", v / 100, v % 100); + } + if (c->moom_mem_pressure == MANAGED_OOM_KILL) (void) manager_varlink_send_managed_oom_update(u); diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c index 6a6dd1ff41..44a2ccfca0 100644 --- a/src/core/dbus-util.c +++ b/src/core/dbus-util.c @@ -93,35 +93,6 @@ int bus_set_transient_bool( return 1; } -int bus_set_transient_percent( - Unit *u, - const char *name, - int *p, - sd_bus_message *message, - UnitWriteFlags flags, - sd_bus_error *error) { - - const char *v; - int r; - - assert(p); - - r = sd_bus_message_read(message, "s", &v); - if (r < 0) - return r; - - r = parse_percent(v); - if (r < 0) - return r; - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - *p = r; - unit_write_settingf(u, flags, name, "%s=%d%%", name, r); - } - - return 1; -} - int bus_set_transient_usec_internal( Unit *u, const char *name, diff --git a/src/core/dbus-util.h b/src/core/dbus-util.h index bd4fd081c5..799136737b 100644 --- a/src/core/dbus-util.h +++ b/src/core/dbus-util.h @@ -241,7 +241,6 @@ int bus_set_transient_user_relaxed(Unit *u, const char *name, char **p, sd_bus_m int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); -int bus_set_transient_percent(Unit *u, const char *name, int *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_usec_internal(Unit *u, const char *name, usec_t *p, bool fix_0, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); static inline int bus_set_transient_usec(Unit *u, const char *name, usec_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error) { return bus_set_transient_usec_internal(u, name, p, false, message, flags, error); diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 6bf22c336a..81f4561a57 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -229,7 +229,7 @@ $1.IPIngressFilterPath, config_parse_ip_filter_bpf_progs, $1.IPEgressFilterPath, config_parse_ip_filter_bpf_progs, 0, offsetof($1, cgroup_context.ip_filters_egress) $1.ManagedOOMSwap, config_parse_managed_oom_mode, 0, offsetof($1, cgroup_context.moom_swap) $1.ManagedOOMMemoryPressure, config_parse_managed_oom_mode, 0, offsetof($1, cgroup_context.moom_mem_pressure) -$1.ManagedOOMMemoryPressureLimitPercent, config_parse_managed_oom_mem_pressure_limit, 0, offsetof($1, cgroup_context.moom_mem_pressure_limit) +$1.ManagedOOMMemoryPressureLimit, config_parse_managed_oom_mem_pressure_limit, 0, offsetof($1, cgroup_context.moom_mem_pressure_limit_permyriad) $1.NetClass, config_parse_warn_compat, DISABLED_LEGACY, 0' )m4_dnl Unit.Description, config_parse_unit_string_printf, 0, offsetof(Unit, description) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index f3c2958b05..06b71aaf15 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -3875,7 +3875,7 @@ int config_parse_managed_oom_mem_pressure_limit( const char *rvalue, void *data, void *userdata) { - int *limit = data; + uint32_t *limit = data; UnitType t; int r; @@ -3890,9 +3890,9 @@ int config_parse_managed_oom_mem_pressure_limit( return 0; } - r = parse_percent(rvalue); + r = parse_permyriad(rvalue); if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse limit percent value, ignoring: %s", rvalue); + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse memory pressure limit value, ignoring: %s", rvalue); return 0; } diff --git a/src/core/manager.c b/src/core/manager.c index a1d6f7cc10..6858950107 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -3842,6 +3842,9 @@ int manager_reload(Manager *m) { /* Clean up runtime objects no longer referenced */ manager_vacuum(m); + /* Clean up deserialized tracked clients */ + m->deserialized_subscribed = strv_free(m->deserialized_subscribed); + /* Consider the reload process complete now. */ assert(m->n_reloading > 0); m->n_reloading--; diff --git a/src/import/export.c b/src/import/export.c index 9c44fcf35c..5faf4ccc06 100644 --- a/src/import/export.c +++ b/src/import/export.c @@ -7,13 +7,13 @@ #include "sd-id128.h" #include "alloc-util.h" +#include "discover-image.h" #include "export-raw.h" #include "export-tar.h" #include "fd-util.h" #include "fs-util.h" #include "hostname-util.h" #include "import-util.h" -#include "machine-image.h" #include "main-func.h" #include "signal-util.h" #include "string-util.h" diff --git a/src/import/import-common.c b/src/import/import-common.c index bbe0ba719c..f77564c41d 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -8,6 +8,7 @@ #include "alloc-util.h" #include "btrfs-util.h" #include "capability-util.h" +#include "chattr-util.h" #include "dirent-util.h" #include "fd-util.h" #include "fileio.h" @@ -22,6 +23,7 @@ #include "util.h" int import_make_read_only_fd(int fd) { + struct stat st; int r; assert(fd >= 0); @@ -29,25 +31,34 @@ int import_make_read_only_fd(int fd) { /* First, let's make this a read-only subvolume if it refers * to a subvolume */ r = btrfs_subvol_set_read_only_fd(fd, true); - if (IN_SET(r, -ENOTTY, -ENOTDIR, -EINVAL)) { - struct stat st; + if (r >= 0) + return 0; - /* This doesn't refer to a subvolume, or the file - * system isn't even btrfs. In that, case fall back to - * chmod()ing */ + if (!ERRNO_IS_NOT_SUPPORTED(r) && !IN_SET(r, -ENOTDIR, -EINVAL)) + return log_error_errno(r, "Failed to make subvolume read-only: %m"); - r = fstat(fd, &st); - if (r < 0) - return log_error_errno(errno, "Failed to stat temporary image: %m"); + /* This doesn't refer to a subvolume, or the file system isn't even btrfs. In that, case fall back to + * chmod()ing */ + + r = fstat(fd, &st); + if (r < 0) + return log_error_errno(errno, "Failed to stat image: %m"); - /* Drop "w" flag */ - if (fchmod(fd, st.st_mode & 07555) < 0) - return log_error_errno(errno, "Failed to chmod() final image: %m"); + if (S_ISDIR(st.st_mode)) { + /* For directories set the immutable flag on the dir itself */ - return 0; + r = chattr_fd(fd, FS_IMMUTABLE_FL, FS_IMMUTABLE_FL, NULL); + if (r < 0) + return log_error_errno(r, "Failed to set +i attribute on directory image: %m"); - } else if (r < 0) - return log_error_errno(r, "Failed to make subvolume read-only: %m"); + } else if (S_ISREG(st.st_mode)) { + /* For regular files drop "w" flags */ + + if ((st.st_mode & 0222) != 0) + if (fchmod(fd, st.st_mode & 07555) < 0) + return log_error_errno(errno, "Failed to chmod() image: %m"); + } else + return log_error_errno(SYNTHETIC_ERRNO(EBADFD), "Image of unexpected type"); return 0; } diff --git a/src/import/import-fs.c b/src/import/import-fs.c index 1fe5a257db..a12ee77ef9 100644 --- a/src/import/import-fs.c +++ b/src/import/import-fs.c @@ -5,13 +5,13 @@ #include "alloc-util.h" #include "btrfs-util.h" +#include "discover-image.h" #include "fd-util.h" #include "format-util.h" #include "fs-util.h" #include "hostname-util.h" #include "import-common.h" #include "import-util.h" -#include "machine-image.h" #include "mkdir.h" #include "ratelimit.h" #include "rm-rf.h" diff --git a/src/import/import.c b/src/import/import.c index 934074a7b0..661fa2888c 100644 --- a/src/import/import.c +++ b/src/import/import.c @@ -7,13 +7,13 @@ #include "sd-id128.h" #include "alloc-util.h" +#include "discover-image.h" #include "fd-util.h" #include "fs-util.h" #include "hostname-util.h" #include "import-raw.h" #include "import-tar.h" #include "import-util.h" -#include "machine-image.h" #include "main-func.h" #include "signal-util.h" #include "string-util.h" diff --git a/src/import/pull-job.c b/src/import/pull-job.c index d1e61ba601..908546b968 100644 --- a/src/import/pull-job.c +++ b/src/import/pull-job.c @@ -433,6 +433,16 @@ fail: return 0; } +static int http_status_ok(CURLcode status) { + /* Consider all HTTP status code in the 2xx range as OK */ + return status >= 200 && status <= 299; +} + +static int http_status_etag_exists(CURLcode status) { + /* This one is special, it's triggered by our etag mgmt logic */ + return status == 304; +} + static size_t pull_job_header_callback(void *contents, size_t size, size_t nmemb, void *userdata) { _cleanup_free_ char *length = NULL, *last_modified = NULL, *etag = NULL; size_t sz = size * nmemb; @@ -458,28 +468,31 @@ static size_t pull_job_header_callback(void *contents, size_t size, size_t nmemb goto fail; } - if (status < 200 || status >= 300) - /* If this is not HTTP 2xx, let's skip these headers, they are probably for - * some redirect or so, and we are not interested in the headers of those. */ - return sz; + if (http_status_ok(status) || http_status_etag_exists(status)) { + /* Check Etag on OK and etag exists responses. */ - r = curl_header_strdup(contents, sz, "ETag:", &etag); - if (r < 0) { - log_oom(); - goto fail; - } - if (r > 0) { - free_and_replace(j->etag, etag); + r = curl_header_strdup(contents, sz, "ETag:", &etag); + if (r < 0) { + log_oom(); + goto fail; + } + if (r > 0) { + free_and_replace(j->etag, etag); + + if (strv_contains(j->old_etags, j->etag)) { + log_info("Image already downloaded. Skipping download. (%s)", j->etag); + j->etag_exists = true; + pull_job_finish(j, 0); + return sz; + } - if (strv_contains(j->old_etags, j->etag)) { - log_info("Image already downloaded. Skipping download."); - j->etag_exists = true; - pull_job_finish(j, 0); return sz; } + } + if (!http_status_ok(status)) /* Let's ignore the rest here, these requests are probably redirects and + * stuff where the headers aren't interesting to us */ return sz; - } r = curl_header_strdup(contents, sz, "Content-Length:", &length); if (r < 0) { diff --git a/src/import/pull.c b/src/import/pull.c index a54f968cd7..dc0bf20201 100644 --- a/src/import/pull.c +++ b/src/import/pull.c @@ -7,9 +7,9 @@ #include "sd-id128.h" #include "alloc-util.h" +#include "discover-image.h" #include "hostname-util.h" #include "import-util.h" -#include "machine-image.h" #include "main-func.h" #include "parse-util.h" #include "pull-raw.h" diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c index a0bc44e7fb..448c50d4ab 100644 --- a/src/libsystemd/sd-netlink/netlink-util.c +++ b/src/libsystemd/sd-netlink/netlink-util.c @@ -57,15 +57,25 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) { return 0; } -int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, - uint32_t txqueuelen, uint32_t mtu, uint32_t gso_max_size, size_t gso_max_segments) { +int rtnl_set_link_properties( + sd_netlink **rtnl, + int ifindex, + const char *alias, + const struct ether_addr *mac, + uint32_t txqueues, + uint32_t rxqueues, + uint32_t txqueuelen, + uint32_t mtu, + uint32_t gso_max_size, + size_t gso_max_segments) { _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL; int r; assert(rtnl); assert(ifindex > 0); - if (!alias && !mac && txqueuelen == UINT32_MAX && mtu == 0 && gso_max_size == 0 && gso_max_segments == 0) + if (!alias && !mac && txqueues == 0 && rxqueues == 0 && txqueuelen == UINT32_MAX && mtu == 0 && + gso_max_size == 0 && gso_max_segments == 0) return 0; if (!*rtnl) { @@ -90,6 +100,18 @@ int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, return r; } + if (txqueues > 0) { + r = sd_netlink_message_append_u32(message, IFLA_NUM_TX_QUEUES, txqueues); + if (r < 0) + return r; + } + + if (rxqueues > 0) { + r = sd_netlink_message_append_u32(message, IFLA_NUM_RX_QUEUES, rxqueues); + if (r < 0) + return r; + } + if (txqueuelen < UINT32_MAX) { r = sd_netlink_message_append_u32(message, IFLA_TXQLEN, txqueuelen); if (r < 0) diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h index acf5b668a2..a3a3951ff7 100644 --- a/src/libsystemd/sd-netlink/netlink-util.h +++ b/src/libsystemd/sd-netlink/netlink-util.h @@ -70,8 +70,17 @@ static inline bool rtnl_message_type_is_mdb(uint16_t type) { } int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name); -int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, - uint32_t txqueuelen, uint32_t mtu, uint32_t gso_max_size, size_t gso_max_segments); +int rtnl_set_link_properties( + sd_netlink **rtnl, + int ifindex, + const char *alias, + const struct ether_addr *mac, + uint32_t txqueues, + uint32_t rxqueues, + uint32_t txqueuelen, + uint32_t mtu, + uint32_t gso_max_size, + size_t gso_max_segments); int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret); int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names); int rtnl_set_link_alternative_names_by_ifname(sd_netlink **rtnl, const char *ifname, char * const *alternative_names); diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 8f27fe7ee9..7e55173e27 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1871,8 +1871,8 @@ static int method_do_shutdown_or_sleep( bool with_flags, sd_bus_error *error) { - int interactive = false, r; - uint64_t flags = 0; + uint64_t flags; + int r; assert(m); assert(message); @@ -1880,19 +1880,25 @@ static int method_do_shutdown_or_sleep( assert(w >= 0); assert(w <= _INHIBIT_WHAT_MAX); - if (with_flags) + if (with_flags) { + /* New style method: with flags parameter (and interactive bool in the bus message header) */ r = sd_bus_message_read(message, "t", &flags); - else - r = sd_bus_message_read(message, "b", &interactive); - - if (r < 0) - return r; + if (r < 0) + return r; + if ((flags & ~SD_LOGIND_SHUTDOWN_AND_SLEEP_FLAGS_PUBLIC) != 0) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid flags parameter"); + } else { + /* Old style method: no flags parameter, but interactive bool passed as boolean in + * payload. Let's convert this argument to the new-style flags parameter for our internal + * use. */ + int interactive; - if (with_flags && (flags & ~SD_LOGIND_SHUTDOWN_AND_SLEEP_FLAGS_PUBLIC)) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, - "Invalid flags parameter"); + r = sd_bus_message_read(message, "b", &interactive); + if (r < 0) + return r; - SET_FLAG(flags, SD_LOGIND_INTERACTIVE, interactive); + flags = interactive ? SD_LOGIND_INTERACTIVE : 0; + } /* Don't allow multiple jobs being executed at the same time */ if (m->action_what > 0) diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c index f74cabd7fb..539b4c802a 100644 --- a/src/machine/image-dbus.c +++ b/src/machine/image-dbus.c @@ -8,6 +8,7 @@ #include "bus-label.h" #include "bus-polkit.h" #include "copy.h" +#include "discover-image.h" #include "dissect-image.h" #include "fd-util.h" #include "fileio.h" @@ -15,7 +16,6 @@ #include "image-dbus.h" #include "io-util.h" #include "loop-util.h" -#include "machine-image.h" #include "missing_capability.h" #include "mount-util.h" #include "process-util.h" diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index a65f9b6a8e..08179eb400 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -12,6 +12,7 @@ #include "bus-locator.h" #include "bus-polkit.h" #include "cgroup-util.h" +#include "discover-image.h" #include "errno-util.h" #include "fd-util.h" #include "fileio.h" @@ -20,7 +21,6 @@ #include "image-dbus.h" #include "io-util.h" #include "machine-dbus.h" -#include "machine-image.h" #include "machine-pool.h" #include "machined.h" #include "missing_capability.h" diff --git a/src/machine/machined.c b/src/machine/machined.c index 6a5bf391e6..1d82059985 100644 --- a/src/machine/machined.c +++ b/src/machine/machined.c @@ -15,11 +15,11 @@ #include "bus-polkit.h" #include "cgroup-util.h" #include "dirent-util.h" +#include "discover-image.h" #include "fd-util.h" #include "format-util.h" #include "hostname-util.h" #include "label.h" -#include "machine-image.h" #include "machined-varlink.h" #include "machined.h" #include "main-func.h" diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index fe6d3bd927..ccefb46cbc 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1479,61 +1479,6 @@ static int link_set_group(Link *link) { return 0; } -static int link_tx_rx_queues_hadler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - - assert(link); - - if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) - return 1; - - r = sd_netlink_message_get_errno(m); - if (r < 0) - log_link_message_warning_errno(link, m, r, "Could not set transmit / receive queues for the interface"); - - return 1; -} - -static int link_set_tx_rx_queues(Link *link) { - _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL; - int r; - - assert(link); - assert(link->network); - assert(link->manager); - assert(link->manager->rtnl); - - if (link->network->txqueues == 0 && link->network->rxqueues == 0) - return 0; - - log_link_debug(link, "Setting transmit / receive queues"); - - r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); - if (r < 0) - return log_link_error_errno(link, r, "Could not allocate RTM_SETLINK message: %m"); - - if (link->network->txqueues > 0) { - r = sd_netlink_message_append_u32(req, IFLA_NUM_TX_QUEUES, link->network->txqueues); - if (r < 0) - return log_link_error_errno(link, r, "Could not set link transmit queues: %m"); - } - - if (link->network->rxqueues > 0) { - r = sd_netlink_message_append_u32(req, IFLA_NUM_RX_QUEUES, link->network->rxqueues); - if (r < 0) - return log_link_error_errno(link, r, "Could not set link receive queues: %m"); - } - - r = netlink_call_async(link->manager->rtnl, NULL, req, link_tx_rx_queues_hadler, - link_netlink_destroy_callback, link); - if (r < 0) - return log_link_error_errno(link, r, "Could not send rtnetlink message: %m"); - - link_ref(link); - - return 0; -} - static int link_handle_bound_to_list(Link *link) { Link *l; int r; @@ -2111,10 +2056,6 @@ int link_configure(Link *link) { if (r < 0) return r; - r = link_set_tx_rx_queues(link); - if (r < 0) - return r; - r = ipv4ll_configure(link); if (r < 0) return r; diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index f1344c0fcc..7f0de7660c 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -60,8 +60,6 @@ Match.Architecture, config_parse_net_condition, Link.MACAddress, config_parse_hwaddr, 0, offsetof(Network, mac) Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(Network, mtu) Link.Group, config_parse_uint32, 0, offsetof(Network, group) -Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(Network, txqueues) -Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(Network, rxqueues) Link.ARP, config_parse_tristate, 0, offsetof(Network, arp) Link.Multicast, config_parse_tristate, 0, offsetof(Network, multicast) Link.AllMulticast, config_parse_tristate, 0, offsetof(Network, allmulticast) diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 62e3ff0cc6..84ab1d5e18 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -1198,40 +1198,6 @@ int config_parse_required_for_online( return 0; } -int config_parse_rx_tx_queues( - const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - uint32_t k, *v = data; - int r; - - if (isempty(rvalue)) { - *v = 0; - return 0; - } - - r = safe_atou32(rvalue, &k); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring assignment: %s.", lvalue, rvalue); - return 0; - } - if (k == 0 || k > 4096) { - log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid %s=, ignoring assignment: %s.", lvalue, rvalue); - return 0; - } - - *v = k; - return 0; -} - DEFINE_CONFIG_PARSE_ENUM(config_parse_keep_configuration, keep_configuration, KeepConfiguration, "Failed to parse KeepConfiguration= setting"); diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h index b1db17f7b7..baa806fca6 100644 --- a/src/network/networkd-network.h +++ b/src/network/networkd-network.h @@ -95,8 +95,6 @@ struct Network { struct ether_addr *mac; uint32_t mtu; uint32_t group; - uint32_t txqueues; - uint32_t rxqueues; int arp; int multicast; int allmulticast; @@ -344,7 +342,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ntp); CONFIG_PARSER_PROTOTYPE(config_parse_required_for_online); CONFIG_PARSER_PROTOTYPE(config_parse_keep_configuration); CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_link_local_address_gen_mode); -CONFIG_PARSER_PROTOTYPE(config_parse_rx_tx_queues); CONFIG_PARSER_PROTOTYPE(config_parse_activation_policy); const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, GPERF_LEN_TYPE length); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index aa3bcdb7a2..a702af8e3b 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -36,6 +36,7 @@ #include "copy.h" #include "cpu-set-util.h" #include "dev-setup.h" +#include "discover-image.h" #include "dissect-image.h" #include "env-util.h" #include "escape.h" @@ -53,7 +54,6 @@ #include "log.h" #include "loop-util.h" #include "loopback-setup.h" -#include "machine-image.h" #include "macro.h" #include "main-func.h" #include "missing_sched.h" diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c index 3efa629002..338935b3ec 100644 --- a/src/oom/oomd-manager.c +++ b/src/oom/oomd-manager.c @@ -100,10 +100,10 @@ static int process_managed_oom_reply( limit = m->default_mem_pressure_limit; if (streq(reply.property, "ManagedOOMMemoryPressure")) { - if (reply.limit > 100) + if (reply.limit > 10000) continue; else if (reply.limit != 0) { - ret = store_loadavg_fixed_point((unsigned long) reply.limit, 0, &limit); + ret = store_loadavg_fixed_point((unsigned long) reply.limit / 100, (unsigned long) reply.limit % 100, &limit); if (ret < 0) continue; } @@ -478,8 +478,8 @@ static int manager_connect_bus(Manager *m) { return 0; } -int manager_start(Manager *m, bool dry_run, int swap_used_limit, int mem_pressure_limit, usec_t mem_pressure_usec) { - unsigned long l; +int manager_start(Manager *m, bool dry_run, int swap_used_limit, int mem_pressure_limit_permyriad, usec_t mem_pressure_usec) { + unsigned long l, f; int r; assert(m); @@ -489,8 +489,16 @@ int manager_start(Manager *m, bool dry_run, int swap_used_limit, int mem_pressur m->swap_used_limit = swap_used_limit != -1 ? swap_used_limit : DEFAULT_SWAP_USED_LIMIT; assert(m->swap_used_limit <= 100); - l = mem_pressure_limit != -1 ? mem_pressure_limit : DEFAULT_MEM_PRESSURE_LIMIT; - r = store_loadavg_fixed_point(l, 0, &m->default_mem_pressure_limit); + if (mem_pressure_limit_permyriad != -1) { + assert(mem_pressure_limit_permyriad <= 10000); + + l = mem_pressure_limit_permyriad / 100; + f = mem_pressure_limit_permyriad % 100; + } else { + l = DEFAULT_MEM_PRESSURE_LIMIT_PERCENT; + f = 0; + } + r = store_loadavg_fixed_point(l, f, &m->default_mem_pressure_limit); if (r < 0) return r; @@ -530,12 +538,12 @@ int manager_get_dump_string(Manager *m, char **ret) { fprintf(f, "Dry Run: %s\n" "Swap Used Limit: %u%%\n" - "Default Memory Pressure Limit: %lu%%\n" + "Default Memory Pressure Limit: %lu.%02lu%%\n" "Default Memory Pressure Duration: %s\n" "System Context:\n", yes_no(m->dry_run), m->swap_used_limit, - LOAD_INT(m->default_mem_pressure_limit), + LOAD_INT(m->default_mem_pressure_limit), LOAD_FRAC(m->default_mem_pressure_limit), format_timespan(buf, sizeof(buf), m->default_mem_pressure_duration_usec, USEC_PER_SEC)); oomd_dump_system_context(&m->system_context, f, "\t"); diff --git a/src/oom/oomd-manager.h b/src/oom/oomd-manager.h index ee17abced2..521665e0a8 100644 --- a/src/oom/oomd-manager.h +++ b/src/oom/oomd-manager.h @@ -17,7 +17,7 @@ * Generally 60 or higher might be acceptable for something like system.slice with no memory.high set; processes in * system.slice are assumed to be less latency sensitive. */ #define DEFAULT_MEM_PRESSURE_DURATION_USEC (30 * USEC_PER_SEC) -#define DEFAULT_MEM_PRESSURE_LIMIT 60 +#define DEFAULT_MEM_PRESSURE_LIMIT_PERCENT 60 #define DEFAULT_SWAP_USED_LIMIT 90 #define RECLAIM_DURATION_USEC (30 * USEC_PER_SEC) @@ -56,7 +56,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); int manager_new(Manager **ret); -int manager_start(Manager *m, bool dry_run, int swap_used_limit, int mem_pressure_limit, usec_t mem_pressure_usec); +int manager_start(Manager *m, bool dry_run, int swap_used_limit, int mem_pressure_limit_permyriad, usec_t mem_pressure_usec); int manager_get_dump_string(Manager *m, char **ret); diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c index cec656f6fa..fcccddb92e 100644 --- a/src/oom/oomd-util.c +++ b/src/oom/oomd-util.c @@ -415,11 +415,11 @@ void oomd_dump_memory_pressure_cgroup_context(const OomdCGroupContext *ctx, FILE fprintf(f, "%sPath: %s\n" - "%s\tMemory Pressure Limit: %lu%%\n" + "%s\tMemory Pressure Limit: %lu.%02lu%%\n" "%s\tPressure: Avg10: %lu.%02lu Avg60: %lu.%02lu Avg300: %lu.%02lu Total: %s\n" "%s\tCurrent Memory Usage: %s\n", strempty(prefix), ctx->path, - strempty(prefix), LOAD_INT(ctx->mem_pressure_limit), + strempty(prefix), LOAD_INT(ctx->mem_pressure_limit), LOAD_FRAC(ctx->mem_pressure_limit), strempty(prefix), LOAD_INT(ctx->memory_pressure.avg10), LOAD_FRAC(ctx->memory_pressure.avg10), LOAD_INT(ctx->memory_pressure.avg60), LOAD_FRAC(ctx->memory_pressure.avg60), diff --git a/src/oom/oomd.c b/src/oom/oomd.c index 3f3ef944ee..a5b4451913 100644 --- a/src/oom/oomd.c +++ b/src/oom/oomd.c @@ -18,14 +18,14 @@ static bool arg_dry_run = false; static int arg_swap_used_limit = -1; -static int arg_mem_pressure_limit = -1; +static int arg_mem_pressure_limit_permyriad = -1; static usec_t arg_mem_pressure_usec = 0; static int parse_config(void) { static const ConfigTableItem items[] = { - { "OOM", "SwapUsedLimitPercent", config_parse_percent, 0, &arg_swap_used_limit }, - { "OOM", "DefaultMemoryPressureLimitPercent", config_parse_percent, 0, &arg_mem_pressure_limit }, - { "OOM", "DefaultMemoryPressureDurationSec", config_parse_sec, 0, &arg_mem_pressure_usec }, + { "OOM", "SwapUsedLimitPercent", config_parse_percent, 0, &arg_swap_used_limit }, + { "OOM", "DefaultMemoryPressureLimit", config_parse_permyriad, 0, &arg_mem_pressure_limit_permyriad }, + { "OOM", "DefaultMemoryPressureDurationSec", config_parse_sec, 0, &arg_mem_pressure_usec }, {} }; @@ -159,7 +159,7 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_error_errno(r, "Failed to create manager: %m"); - r = manager_start(m, arg_dry_run, arg_swap_used_limit, arg_mem_pressure_limit, arg_mem_pressure_usec); + r = manager_start(m, arg_dry_run, arg_swap_used_limit, arg_mem_pressure_limit_permyriad, arg_mem_pressure_usec); if (r < 0) return log_error_errno(r, "Failed to start up daemon: %m"); diff --git a/src/oom/oomd.conf b/src/oom/oomd.conf index 766cb1717f..bd6a9391c6 100644 --- a/src/oom/oomd.conf +++ b/src/oom/oomd.conf @@ -13,5 +13,5 @@ [OOM] #SwapUsedLimitPercent=90% -#DefaultMemoryPressureLimitPercent=60% +#DefaultMemoryPressureLimit=60% #DefaultMemoryPressureDurationSec=30s diff --git a/src/portable/portable.c b/src/portable/portable.c index d74e498d59..d18e03afd4 100644 --- a/src/portable/portable.c +++ b/src/portable/portable.c @@ -8,6 +8,7 @@ #include "copy.h" #include "def.h" #include "dirent-util.h" +#include "discover-image.h" #include "dissect-image.h" #include "fd-util.h" #include "fileio.h" @@ -16,7 +17,6 @@ #include "io-util.h" #include "locale-util.h" #include "loop-util.h" -#include "machine-image.h" #include "mkdir.h" #include "nulstr-util.h" #include "os-util.h" diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c index 0b329134de..ee1c7b6965 100644 --- a/src/portable/portablectl.c +++ b/src/portable/portablectl.c @@ -12,13 +12,13 @@ #include "bus-wait-for-jobs.h" #include "def.h" #include "dirent-util.h" +#include "discover-image.h" #include "env-file.h" #include "fd-util.h" #include "fileio.h" #include "format-table.h" #include "fs-util.h" #include "locale-util.h" -#include "machine-image.h" #include "main-func.h" #include "pager.h" #include "parse-util.h" diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c index cf50d58c71..20a33dc671 100644 --- a/src/portable/portabled-bus.c +++ b/src/portable/portabled-bus.c @@ -4,9 +4,9 @@ #include "btrfs-util.h" #include "bus-common-errors.h" #include "bus-polkit.h" +#include "discover-image.h" #include "fd-util.h" #include "io-util.h" -#include "machine-image.h" #include "missing_capability.h" #include "portable.h" #include "portabled-bus.h" diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index 76b6ddebde..babdf4197f 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -11,10 +11,10 @@ #include "bus-label.h" #include "bus-polkit.h" #include "bus-util.h" +#include "discover-image.h" #include "fd-util.h" #include "fileio.h" #include "io-util.h" -#include "machine-image.h" #include "missing_capability.h" #include "portable.h" #include "portabled-bus.h" diff --git a/src/portable/portabled-image-bus.h b/src/portable/portabled-image-bus.h index aa2a3ade77..8442baf232 100644 --- a/src/portable/portabled-image-bus.h +++ b/src/portable/portabled-image-bus.h @@ -3,7 +3,7 @@ #include "sd-bus.h" -#include "machine-image.h" +#include "discover-image.h" #include "portabled.h" int bus_image_common_get_os_release(Manager *m, sd_bus_message *message, const char *name_or_path, Image *image, sd_bus_error *error); diff --git a/src/portable/portabled-image.h b/src/portable/portabled-image.h index eeefffee64..753f389f80 100644 --- a/src/portable/portabled-image.h +++ b/src/portable/portabled-image.h @@ -1,8 +1,8 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once +#include "discover-image.h" #include "hashmap.h" -#include "machine-image.h" #include "portabled.h" Image *manager_image_cache_get(Manager *m, const char *name_or_path); diff --git a/src/shared/bus-get-properties.c b/src/shared/bus-get-properties.c index 32f68d5e6a..a5ce7ef17f 100644 --- a/src/shared/bus-get-properties.c +++ b/src/shared/bus-get-properties.c @@ -55,23 +55,6 @@ int bus_property_get_id128( return sd_bus_message_append_array(reply, 'y', id->bytes, 16); } -int bus_property_get_percent( - sd_bus *bus, - const char *path, - const char *interface, - const char *property, - sd_bus_message *reply, - void *userdata, - sd_bus_error *error) { - - char pstr[DECIMAL_STR_MAX(int) + 2]; - int p = *(int*) userdata; - - xsprintf(pstr, "%d%%", p); - - return sd_bus_message_append_basic(reply, 's', pstr); -} - #if __SIZEOF_SIZE_T__ != 8 int bus_property_get_size( sd_bus *bus, diff --git a/src/shared/bus-get-properties.h b/src/shared/bus-get-properties.h index 9832c0d067..26f3e8588c 100644 --- a/src/shared/bus-get-properties.h +++ b/src/shared/bus-get-properties.h @@ -8,7 +8,6 @@ int bus_property_get_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error); int bus_property_set_bool(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *value, void *userdata, sd_bus_error *error); int bus_property_get_id128(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error); -int bus_property_get_percent(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error); #define bus_property_get_usec ((sd_bus_property_get_t) NULL) #define bus_property_set_usec ((sd_bus_property_set_t) NULL) diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index 8fd2f89adc..84f57d94d2 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -435,10 +435,25 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons if (STR_IN_SET(field, "DevicePolicy", "Slice", "ManagedOOMSwap", - "ManagedOOMMemoryPressure", - "ManagedOOMMemoryPressureLimitPercent")) + "ManagedOOMMemoryPressure")) return bus_append_string(m, field, eq); + if (STR_IN_SET(field, "ManagedOOMMemoryPressureLimit")) { + char *n; + + r = parse_permyriad(eq); + if (r < 0) + return log_error_errno(r, "Failed to parse %s value: %s", field, eq); + + n = strjoina(field, "Permyriad"); + + r = sd_bus_message_append(m, "(sv)", n, "u", (uint32_t) r); + if (r < 0) + return bus_log_create_error(r); + + return 1; + } + if (STR_IN_SET(field, "CPUAccounting", "MemoryAccounting", "IOAccounting", diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c index 0a1f2d67d4..f838d4513d 100644 --- a/src/shared/conf-parser.c +++ b/src/shared/conf-parser.c @@ -1356,3 +1356,4 @@ int config_parse_hwaddrs( } DEFINE_CONFIG_PARSE(config_parse_percent, parse_percent, "Failed to parse percent value"); +DEFINE_CONFIG_PARSE(config_parse_permyriad, parse_permyriad, "Failed to parse permyriad value"); diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h index b194821937..283d60a473 100644 --- a/src/shared/conf-parser.h +++ b/src/shared/conf-parser.h @@ -150,6 +150,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_vlanprotocol); CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr); CONFIG_PARSER_PROTOTYPE(config_parse_hwaddrs); CONFIG_PARSER_PROTOTYPE(config_parse_percent); +CONFIG_PARSER_PROTOTYPE(config_parse_permyriad); typedef enum Disabled { DISABLED_CONFIGURATION, diff --git a/src/shared/machine-image.c b/src/shared/discover-image.c index d2b726efc4..1f5e4c6f86 100644 --- a/src/shared/machine-image.c +++ b/src/shared/discover-image.c @@ -16,6 +16,7 @@ #include "chattr-util.h" #include "copy.h" #include "dirent-util.h" +#include "discover-image.h" #include "dissect-image.h" #include "env-file.h" #include "env-util.h" @@ -27,7 +28,6 @@ #include "lockfile-util.h" #include "log.h" #include "loop-util.h" -#include "machine-image.h" #include "macro.h" #include "mkdir.h" #include "nulstr-util.h" @@ -1065,7 +1065,6 @@ int image_path_lock(const char *path, int operation, LockFile *global, LockFile r = asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino); else return -ENOTTY; - if (r < 0) return -ENOMEM; } @@ -1220,11 +1219,16 @@ int image_read_metadata(Image *i) { } int image_name_lock(const char *name, int operation, LockFile *ret) { + const char *p; + assert(name); assert(ret); /* Locks an image name, regardless of the precise path used. */ + if (streq(name, ".host")) + return -EBUSY; + if (!image_name_is_valid(name)) return -EINVAL; @@ -1233,11 +1237,9 @@ int image_name_lock(const char *name, int operation, LockFile *ret) { return 0; } - if (streq(name, ".host")) - return -EBUSY; - - const char *p = strjoina("/run/systemd/nspawn/locks/name-", name); (void) mkdir_p("/run/systemd/nspawn/locks", 0700); + + p = strjoina("/run/systemd/nspawn/locks/name-", name); return make_lock_file(p, operation, ret); } diff --git a/src/shared/machine-image.h b/src/shared/discover-image.h index c568fff751..c568fff751 100644 --- a/src/shared/machine-image.h +++ b/src/shared/discover-image.h diff --git a/src/shared/meson.build b/src/shared/meson.build index f301a9f610..b1a8ea9ac6 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -79,6 +79,8 @@ shared_sources = files(''' dev-setup.c dev-setup.h devnode-acl.h + discover-image.c + discover-image.h dissect-image.c dissect-image.h dm-util.c @@ -172,8 +174,6 @@ shared_sources = files(''' loopback-setup.h machine-id-setup.c machine-id-setup.h - machine-image.c - machine-image.h machine-pool.c machine-pool.h macvlan-util.c diff --git a/src/shared/os-util.c b/src/shared/os-util.c index d1cf41283b..45c10ca9c5 100644 --- a/src/shared/os-util.c +++ b/src/shared/os-util.c @@ -1,12 +1,12 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #include "alloc-util.h" +#include "discover-image.h" #include "env-file.h" #include "fd-util.h" #include "fileio.h" #include "fs-util.h" #include "macro.h" -#include "machine-image.h" #include "os-util.h" #include "string-util.h" #include "strv.h" diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 601fd63a14..ee38e49ec9 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -6,6 +6,7 @@ #include <unistd.h> #include "capability-util.h" +#include "discover-image.h" #include "dissect-image.h" #include "escape.h" #include "fd-util.h" @@ -14,7 +15,6 @@ #include "fs-util.h" #include "hashmap.h" #include "log.h" -#include "machine-image.h" #include "main-func.h" #include "missing_magic.h" #include "mkdir.h" diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h index b28d5d7c16..13b00d6a5b 100644 --- a/src/systemd/sd-netlink.h +++ b/src/systemd/sd-netlink.h @@ -189,7 +189,7 @@ int sd_rtnl_message_nexthop_get_family(const sd_netlink_message *m, uint8_t *fam int sd_rtnl_message_neigh_set_flags(sd_netlink_message *m, uint8_t flags); int sd_rtnl_message_neigh_set_state(sd_netlink_message *m, uint16_t state); int sd_rtnl_message_neigh_get_family(const sd_netlink_message *m, int *family); -int sd_rtnl_message_neigh_get_ifindex(const sd_netlink_message *m, int *family); +int sd_rtnl_message_neigh_get_ifindex(const sd_netlink_message *m, int *index); int sd_rtnl_message_neigh_get_state(const sd_netlink_message *m, uint16_t *state); int sd_rtnl_message_neigh_get_flags(const sd_netlink_message *m, uint8_t *flags); diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c index f01b08b2eb..8d6984d04c 100644 --- a/src/test/test-fs-util.c +++ b/src/test/test-fs-util.c @@ -11,6 +11,7 @@ #include "macro.h" #include "mkdir.h" #include "path-util.h" +#include "random-util.h" #include "rm-rf.h" #include "stdio-util.h" #include "string-util.h" @@ -836,12 +837,24 @@ static void test_path_is_encrypted(void) { test_path_is_encrypted_one("/dev", booted > 0 ? false : -1); } +static void create_binary_file(const char *p, const void *data, size_t l) { + _cleanup_close_ int fd = -1; + + fd = open(p, O_CREAT|O_WRONLY|O_EXCL|O_CLOEXEC, 0600); + assert_se(fd >= 0); + assert_se(write(fd, data, l) == (ssize_t) l); +} + static void test_conservative_rename(void) { _cleanup_(unlink_and_freep) char *p = NULL; _cleanup_free_ char *q = NULL; + size_t l = 16*1024 + random_u64() % (32 * 1024); /* some randomly sized buffer 16k…48k */ + uint8_t buffer[l+1]; + + random_bytes(buffer, l); assert_se(tempfn_random_child(NULL, NULL, &p) >= 0); - assert_se(write_string_file(p, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); + create_binary_file(p, buffer, l); assert_se(tempfn_random_child(NULL, NULL, &q) >= 0); @@ -856,27 +869,30 @@ static void test_conservative_rename(void) { assert_se(access(q, F_OK) < 0 && errno == ENOENT); /* Check that a manual new writeout is also detected */ - assert_se(write_string_file(q, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); + create_binary_file(q, buffer, l); assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) == 0); assert_se(access(q, F_OK) < 0 && errno == ENOENT); /* Check that a minimally changed version is detected */ - assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); + buffer[47] = ~buffer[47]; + create_binary_file(q, buffer, l); assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) > 0); assert_se(access(q, F_OK) < 0 && errno == ENOENT); /* Check that this really is new updated version */ - assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); + create_binary_file(q, buffer, l); assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) == 0); assert_se(access(q, F_OK) < 0 && errno == ENOENT); /* Make sure we detect extended files */ - assert_se(write_string_file(q, "this is a_testx", WRITE_STRING_FILE_CREATE) >= 0); + buffer[l++] = 47; + create_binary_file(q, buffer, l); assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) > 0); assert_se(access(q, F_OK) < 0 && errno == ENOENT); /* Make sure we detect truncated files */ - assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); + l--; + create_binary_file(q, buffer, l); assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) > 0); assert_se(access(q, F_OK) < 0 && errno == ENOENT); } diff --git a/src/test/test-parse-util.c b/src/test/test-parse-util.c index 1c969091ef..6e23efe134 100644 --- a/src/test/test-parse-util.c +++ b/src/test/test-parse-util.c @@ -790,6 +790,72 @@ static void test_parse_permille_unbounded(void) { assert_se(parse_permille_unbounded("429496729.6%") == -ERANGE); } +static void test_parse_permyriad(void) { + assert_se(parse_permyriad("") == -EINVAL); + assert_se(parse_permyriad("foo") == -EINVAL); + assert_se(parse_permyriad("0") == -EINVAL); + assert_se(parse_permyriad("50") == -EINVAL); + assert_se(parse_permyriad("100") == -EINVAL); + assert_se(parse_permyriad("-1") == -EINVAL); + + assert_se(parse_permyriad("0‱") == 0); + assert_se(parse_permyriad("555‱") == 555); + assert_se(parse_permyriad("1000‱") == 1000); + assert_se(parse_permyriad("-7‱") == -ERANGE); + assert_se(parse_permyriad("10007‱") == -ERANGE); + assert_se(parse_permyriad("‱") == -EINVAL); + assert_se(parse_permyriad("‱‱") == -EINVAL); + assert_se(parse_permyriad("‱1") == -EINVAL); + assert_se(parse_permyriad("1‱‱") == -EINVAL); + assert_se(parse_permyriad("3.2‱") == -EINVAL); + + assert_se(parse_permyriad("0‰") == 0); + assert_se(parse_permyriad("555.5‰") == 5555); + assert_se(parse_permyriad("1000.0‰") == 10000); + assert_se(parse_permyriad("-7‰") == -ERANGE); + assert_se(parse_permyriad("1007‰") == -ERANGE); + assert_se(parse_permyriad("‰") == -EINVAL); + assert_se(parse_permyriad("‰‰") == -EINVAL); + assert_se(parse_permyriad("‰1") == -EINVAL); + assert_se(parse_permyriad("1‰‰") == -EINVAL); + assert_se(parse_permyriad("3.22‰") == -EINVAL); + + assert_se(parse_permyriad("0%") == 0); + assert_se(parse_permyriad("55%") == 5500); + assert_se(parse_permyriad("55.53%") == 5553); + assert_se(parse_permyriad("100%") == 10000); + assert_se(parse_permyriad("-7%") == -ERANGE); + assert_se(parse_permyriad("107%") == -ERANGE); + assert_se(parse_permyriad("%") == -EINVAL); + assert_se(parse_permyriad("%%") == -EINVAL); + assert_se(parse_permyriad("%1") == -EINVAL); + assert_se(parse_permyriad("1%%") == -EINVAL); + assert_se(parse_permyriad("3.212%") == -EINVAL); +} + +static void test_parse_permyriad_unbounded(void) { + assert_se(parse_permyriad_unbounded("1001‱") == 1001); + assert_se(parse_permyriad_unbounded("4000‱") == 4000); + assert_se(parse_permyriad_unbounded("2147483647‱") == 2147483647); + assert_se(parse_permyriad_unbounded("2147483648‱") == -ERANGE); + assert_se(parse_permyriad_unbounded("4294967295‱") == -ERANGE); + assert_se(parse_permyriad_unbounded("4294967296‱") == -ERANGE); + + assert_se(parse_permyriad_unbounded("101‰") == 1010); + assert_se(parse_permyriad_unbounded("400‰") == 4000); + assert_se(parse_permyriad_unbounded("214748364.7‰") == 2147483647); + assert_se(parse_permyriad_unbounded("214748364.8‰") == -ERANGE); + assert_se(parse_permyriad_unbounded("429496729.5‰") == -ERANGE); + assert_se(parse_permyriad_unbounded("429496729.6‰") == -ERANGE); + + assert_se(parse_permyriad_unbounded("99%") == 9900); + assert_se(parse_permyriad_unbounded("40%") == 4000); + assert_se(parse_permyriad_unbounded("21474836.47%") == 2147483647); + assert_se(parse_permyriad_unbounded("21474836.48%") == -ERANGE); + assert_se(parse_permyriad_unbounded("42949672.95%") == -ERANGE); + assert_se(parse_permyriad_unbounded("42949672.96%") == -ERANGE); +} + static void test_parse_nice(void) { int n; @@ -987,6 +1053,8 @@ int main(int argc, char *argv[]) { test_parse_percent_unbounded(); test_parse_permille(); test_parse_permille_unbounded(); + test_parse_permyriad(); + test_parse_permyriad_unbounded(); test_parse_nice(); test_parse_dev(); test_parse_errno(); diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c index 206f5fd436..58b185494d 100644 --- a/src/test/test-path-util.c +++ b/src/test/test-path-util.c @@ -604,8 +604,7 @@ static void test_path_extract_filename(void) { } static void test_filename_is_valid(void) { - char foo[FILENAME_MAX+2]; - int i; + char foo[NAME_MAX+2]; log_info("/* %s */", __func__); @@ -618,9 +617,8 @@ static void test_filename_is_valid(void) { assert_se(!filename_is_valid("bar/foo/")); assert_se(!filename_is_valid("bar//")); - for (i=0; i<FILENAME_MAX+1; i++) - foo[i] = 'a'; - foo[FILENAME_MAX+1] = '\0'; + memset(foo, 'a', sizeof(foo) - 1); + char_array_0(foo); assert_se(!filename_is_valid(foo)); @@ -628,6 +626,38 @@ static void test_filename_is_valid(void) { assert_se(filename_is_valid("o.o")); } +static void test_path_is_valid(void) { + char foo[PATH_MAX+2]; + const char *c; + + log_info("/* %s */", __func__); + + assert_se(!path_is_valid("")); + assert_se(path_is_valid("/bar/foo")); + assert_se(path_is_valid("/bar/foo/")); + assert_se(path_is_valid("/bar/foo/")); + assert_se(path_is_valid("//bar//foo//")); + assert_se(path_is_valid("/")); + assert_se(path_is_valid("/////")); + assert_se(path_is_valid("/////.///.////...///..//.")); + assert_se(path_is_valid(".")); + assert_se(path_is_valid("..")); + assert_se(path_is_valid("bar/foo")); + assert_se(path_is_valid("bar/foo/")); + assert_se(path_is_valid("bar//")); + + memset(foo, 'a', sizeof(foo) -1); + char_array_0(foo); + + assert_se(!path_is_valid(foo)); + + c = strjoina("/xxx/", foo, "/yyy"); + assert_se(!path_is_valid(c)); + + assert_se(path_is_valid("foo_bar-333")); + assert_se(path_is_valid("o.o")); +} + static void test_hidden_or_backup_file(void) { log_info("/* %s */", __func__); @@ -761,6 +791,7 @@ int main(int argc, char **argv) { test_last_path_component(); test_path_extract_filename(); test_filename_is_valid(); + test_path_is_valid(); test_hidden_or_backup_file(); test_skip_dev_prefix(); test_empty_or_root(); diff --git a/src/test/test-tables.c b/src/test/test-tables.c index e25cf9e5d9..641cadec85 100644 --- a/src/test/test-tables.c +++ b/src/test/test-tables.c @@ -8,6 +8,7 @@ #include "condition.h" #include "device-private.h" #include "device.h" +#include "discover-image.h" #include "execute.h" #include "import-util.h" #include "install.h" @@ -18,7 +19,6 @@ #include "locale-util.h" #include "log.h" #include "logs-show.h" -#include "machine-image.h" #include "mount.h" #include "path.h" #include "process-util.h" diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf index 1dff9ac8b3..70c5525b57 100644 --- a/src/udev/net/link-config-gperf.gperf +++ b/src/udev/net/link-config-gperf.gperf @@ -41,7 +41,9 @@ Link.Name, config_parse_ifname, 0, Link.AlternativeName, config_parse_ifnames, IFNAME_VALID_ALTERNATIVE, offsetof(link_config, alternative_names) Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(link_config, alternative_names_policy) Link.Alias, config_parse_ifalias, 0, offsetof(link_config, alias) -Link.TxQueueLength, config_parse_txqueuelen, 0, offsetof(link_config, txqueuelen) +Link.TransmitQueues, config_parse_rx_tx_queues, 0, offsetof(link_config, txqueues) +Link.ReceiveQueues, config_parse_rx_tx_queues, 0, offsetof(link_config, rxqueues) +Link.TransmitQueueLength, config_parse_txqueuelen, 0, offsetof(link_config, txqueuelen) Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(link_config, mtu) Link.BitsPerSecond, config_parse_si_uint64, 0, offsetof(link_config, speed) Link.Duplex, config_parse_duplex, 0, offsetof(link_config, duplex) diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c index dbd804ce76..0653ae7a9c 100644 --- a/src/udev/net/link-config.c +++ b/src/udev/net/link-config.c @@ -427,11 +427,15 @@ static int link_config_apply_rtnl_settings(sd_netlink **rtnl, const link_config } else mac = config->mac; - r = rtnl_set_link_properties(rtnl, ifindex, config->alias, mac, config->txqueuelen, config->mtu, - config->gso_max_size, config->gso_max_segments); + r = rtnl_set_link_properties(rtnl, ifindex, config->alias, mac, + config->txqueues, config->rxqueues, config->txqueuelen, + config->mtu, config->gso_max_size, config->gso_max_segments); if (r < 0) - log_device_warning_errno(device, r, "Could not set Alias=, MACAddress=, TxQueueLength=, MTU=, " - "GenericSegmentOffloadMaxBytes= or GenericSegmentOffloadMaxSegments=, ignoring: %m"); + log_device_warning_errno(device, r, + "Could not set Alias=, MACAddress=, " + "TransmitQueues=, ReceiveQueues=, TransmitQueueLength=, MTU=, " + "GenericSegmentOffloadMaxBytes= or GenericSegmentOffloadMaxSegments=, " + "ignoring: %m"); return 0; } @@ -704,6 +708,40 @@ int config_parse_ifalias( return 0; } +int config_parse_rx_tx_queues( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + uint32_t k, *v = data; + int r; + + if (isempty(rvalue)) { + *v = 0; + return 0; + } + + r = safe_atou32(rvalue, &k); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring assignment: %s.", lvalue, rvalue); + return 0; + } + if (k == 0 || k > 4096) { + log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid %s=, ignoring assignment: %s.", lvalue, rvalue); + return 0; + } + + *v = k; + return 0; +} + int config_parse_txqueuelen( const char *unit, const char *filename, diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h index 059c48c8af..721f822f85 100644 --- a/src/udev/net/link-config.h +++ b/src/udev/net/link-config.h @@ -46,6 +46,8 @@ struct link_config { char *name; char **alternative_names; char *alias; + uint32_t txqueues; + uint32_t rxqueues; uint32_t txqueuelen; uint32_t mtu; uint32_t gso_max_segments; @@ -91,6 +93,7 @@ MACAddressPolicy mac_address_policy_from_string(const char *p) _pure_; const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, GPERF_LEN_TYPE length); CONFIG_PARSER_PROTOTYPE(config_parse_ifalias); +CONFIG_PARSER_PROTOTYPE(config_parse_rx_tx_queues); CONFIG_PARSER_PROTOTYPE(config_parse_txqueuelen); CONFIG_PARSER_PROTOTYPE(config_parse_mac_address_policy); CONFIG_PARSER_PROTOTYPE(config_parse_name_policy); diff --git a/src/xdg-autostart-generator/test-xdg-autostart.c b/src/xdg-autostart-generator/test-xdg-autostart.c index a437e2cfed..5108beeaa9 100644 --- a/src/xdg-autostart-generator/test-xdg-autostart.c +++ b/src/xdg-autostart-generator/test-xdg-autostart.c @@ -13,7 +13,7 @@ static void test_translate_name(void) { _cleanup_free_ char *t; assert_se(t = xdg_autostart_service_translate_name("a-b.blub.desktop")); - assert_se(streq(t, "app-a\\x2db.blub-autostart.service")); + assert_se(streq(t, "app-a\\x2db.blub@autostart.service")); } static void test_xdg_format_exec_start_one(const char *exec, const char *expected) { diff --git a/src/xdg-autostart-generator/xdg-autostart-service.c b/src/xdg-autostart-generator/xdg-autostart-service.c index 671d16d2d9..ed9301d809 100644 --- a/src/xdg-autostart-generator/xdg-autostart-service.c +++ b/src/xdg-autostart-generator/xdg-autostart-service.c @@ -58,7 +58,7 @@ char *xdg_autostart_service_translate_name(const char *name) { if (!escaped) return NULL; - return strjoin("app-", escaped, "-autostart.service"); + return strjoin("app-", escaped, "@autostart.service"); } static int xdg_config_parse_bool( diff --git a/test/fuzz/fuzz-link-parser/directives.link b/test/fuzz/fuzz-link-parser/directives.link index a94573bdd6..112a81930f 100644 --- a/test/fuzz/fuzz-link-parser/directives.link +++ b/test/fuzz/fuzz-link-parser/directives.link @@ -20,7 +20,9 @@ Name= AlternativeNamesPolicy= AlternativeName= Alias= -TxQueueLength= +TransmitQueues= +ReceiveQueues= +TransmitQueueLength= MTUBytes= BitsPerSecond= Duplex= diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network index e6fb9f6a80..1c4f338ad0 100644 --- a/test/fuzz/fuzz-network-parser/directives.network +++ b/test/fuzz/fuzz-network-parser/directives.network @@ -40,8 +40,6 @@ Multicast= MACAddress= Group= Promiscuous= -TransmitQueues= -ReceiveQueues= [SR-IOV] VirtualFunction= MACSpoofCheck= diff --git a/test/test-network/conf/ipv6-prefix.network b/test/test-network/conf/ipv6-prefix.network index 7813c2c1ba..a06f100c34 100644 --- a/test/test-network/conf/ipv6-prefix.network +++ b/test/test-network/conf/ipv6-prefix.network @@ -2,6 +2,7 @@ Name=veth-peer [Network] +IPv6AcceptRA=no IPv6SendRA=yes [IPv6SendRA] diff --git a/test/units/testsuite-56-workload.slice b/test/units/testsuite-56-workload.slice index 45b04914c6..8c32b28094 100644 --- a/test/units/testsuite-56-workload.slice +++ b/test/units/testsuite-56-workload.slice @@ -7,4 +7,4 @@ MemoryAccounting=true IOAccounting=true TasksAccounting=true ManagedOOMMemoryPressure=kill -ManagedOOMMemoryPressureLimitPercent=1% +ManagedOOMMemoryPressureLimit=1% diff --git a/test/units/testsuite-56.sh b/test/units/testsuite-56.sh index 4dc9d8c7a8..8b01fe37ed 100755 --- a/test/units/testsuite-56.sh +++ b/test/units/testsuite-56.sh @@ -20,7 +20,7 @@ systemctl start testsuite-56-testbloat.service # Verify systemd-oomd is monitoring the expected units oomctl | grep "/testsuite-56-workload.slice" -oomctl | grep "1%" +oomctl | grep "1.00%" oomctl | grep "Default Memory Pressure Duration: 5s" # systemd-oomd watches for elevated pressure for 30 seconds before acting. |