summaryrefslogtreecommitdiff
path: root/src/fundamental
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #27113 from keszybz/variable-expansion-reworkZbigniew Jędrzejewski-Szmek2023-04-241-0/+59
|\ | | | | Rework serialization of command lines in pid1 and make run not expand variables
| * basic/logarithm: add popcount() wrapperZbigniew Jędrzejewski-Szmek2023-04-241-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | __builtin_popcount() is a bit of a mouthful, so let's provide a helper. Using _Generic has the advantage that if a type other then the ones on the list is given, compilation will fail. This is nice, because if by any change we pass a wider type, it is rejected immediately instead of being truncated. log.h is also needed. It is included transitively, but let's include it directly. macro.h is *not* needed.
* | tree-wide: replace __alignof__() with alignof()Yu Watanabe2023-04-141-5/+6
|/ | | | Addresses https://github.com/systemd/systemd/pull/27254#discussion_r1165267046.
* tree-wide: simplify x ? x : y to x ?: y where applicableFrantisek Sumsal2023-03-181-1/+1
|
* boot: Bring back bootloader buildsJan Janssen2023-03-101-0/+2
| | | | | | | | | | | | This adds back sd-boot builds by using meson compile targets directly. We can do this now, because userspace binaries use the special dependency that allows us to easily separate flags, so that we don't pass anything to EFI builds that shouldn't be passed. Additionally, we pass a bunch of flags to hopefully disable/override any distro provided flags that should not be used for EFI binaries. Fixes: #12275
* tree-wide: Drop gnu-efiJan Janssen2023-03-101-16/+2
| | | | | | | This drops all mentions of gnu-efi and its manual build machinery. A future commit will bring bootloader builds back. A new bootloader meson option is now used to control whether to build sd-boot and its userspace tooling.
* boot: Do not use errno.h/inttypes.hJan Janssen2023-02-211-1/+5
| | | | | | | | These are provided by libc instead of the compiler and are not supposed to be used in freestanding environments. When cross-compiling with clang and the corresponding gcc cross-toolchain is not around, clang may pick up the wrong header from the host system.
* fundamental: Drop some unnecessary ifdefsJan Janssen2023-02-213-7/+0
| | | | With gnu-efi headers gone, we don't need these guards anymore.
* boot: Provide our own EFI API headersJan Janssen2023-02-211-2/+1
| | | | | | | | | | | | | | | | | | We want to get away from gnu-efi and the only really usable source of EFI headers would be EDK2, which is somewhat impractical to use and quite large to require to be around just for some headers. As a bonus point, the new headers are safe to be included in userspace code. This should not have any behavior changes as it is mostly changing header includes. There are some renames to conform to standard names and a few minor device path fixups as the struct is defined slightly different. Of note is that this removes usage of uchar.h and wchar.h as they are not guaranteed to be available in a freestanding environment. Instead efi.h will provide the needed types.
* sd-journal: avoid use of fake flex arraysZbigniew Jędrzejewski-Szmek2023-02-061-0/+12
| | | | | | I tried to use DECLARE_FLEX_ARRAY like the kernel does, but it does not work for anonymous structs (they cannot be declared inline), so an open-coded version is used.
* sha256: header needs stddefWilliam Roberts2023-01-251-0/+1
| | | | | | The sha256 header uses size_t which is within stddef, so add it. Signed-off-by: William Roberts <william.c.roberts@intel.com>
* Consolidate various TAKE_* into TAKE_GENERIC(), add TAKE_STRUCT()Dan Streetman2023-01-241-6/+11
|
* tree-wide: Use __func__ in assertsJan Janssen2023-01-181-3/+3
| | | | | | clang puts the whole function signature in __PRETTY_FUNCTION__, which is a bit excessive for something that can already be figured out by using the line number.
* cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab optionsLennart Poettering2023-01-171-0/+3
| | | | | | | | | These options allow measuring the volume key used for unlocking the volume to a TPM2 PCR. This is ideally used for the volume key of the root file system and can then be used to bind other resources to the root file system volume in a secure way. See: #24503
* memory-util: add CLEANUP_ERASE_PTR() macro and use itLennart Poettering2023-01-161-2/+26
|
* meson: use 0|1 for SD_BOOTZbigniew Jędrzejewski-Szmek2023-01-105-11/+11
| | | | | | | We converted to not using #ifdef for most of our defines because the syntax is nicer and we are protected against typos and can set -Werror=undef. Let's do the same for SD_BOOT. The define is nicely hidden in build.h for normal builds, and for EFI builds we were already setting SD_BOOT on the commandline.
* fundamental: fix compile check for explicit_bzeroZbigniew Jędrzejewski-Szmek2023-01-101-1/+1
| | | | | | | | | | | | | Our HAVE_* variables are defined to 0 or 1, so '#if defined(HAVE_*)' is always true. The variable is not defined when compiling for EFI though, so we need the additional guard. Fixup for 3f92dc2fd4070b213e6bc85263a9bef06ec9a486. (I don't want to do something like add -DHAVE_EXPLICIT_BZERO=0 to the commandline in src/efi/boot/meson.build, because this quite verbose. Our compilation commandlines are very long already. Let's instead keep this localized in this one spot in the source file.)x
* boot: Simplify object erasureJan Janssen2023-01-092-0/+43
| | | | | | | | This erase_obj() machinery looks like voodoo and creates an awful lot of noise as soon as we get back to building with -O0. We can do this in a more simple way by introducing a struct that holds the information we need on cleanup. When building with optimization enabled, all this gets inlined and the eraser vanishes.
* boot: Remove option TPM PCR compat optionJan Janssen2023-01-091-8/+0
| | | | It says remove in 2023; happy to oblige.
* alloc-util: Disallow inlining of expand_to_usableSiddhesh Poyarekar2023-01-081-0/+1
| | | | | Explicitly set __attribute__ ((noinline)) so that the compiler does not attempt to inline expand_to_usable, even with LTO.
* sha256: add helper than hashes a buffer *and* its sizeLennart Poettering2023-01-041-0/+5
| | | | | We use this pattern all the time in order to thward extension attacks, add a helper to make it shorter.
* fundamental: rework IN_SET() to require at least three argumentsLennart Poettering2023-01-021-3/+3
| | | | | | | If less than three parameters are passed a simple comparison is the better choice. Lo and behold this found two pretty bad typos.
* string-util: introduce ascii_ishex()Yu Watanabe2022-12-121-0/+4
|
* fundamental: add CAST_ALIGN_PTR() macroThomas Haller2022-12-081-0/+10
|
* sha256: port to new generic IS_ALIGNED32() macroLennart Poettering2022-12-081-14/+5
| | | | | | | | | This drops the special casing for s390 and other archs, which was cargo-culted from glibc. Given it's not obvious why it exists, and is at best an optimization let's simply avoid it, in particular as the archs are relatively non-mainstream. Inspired by: #25636
* macro: add generic IS_ALIGNED32() anf friendsLennart Poettering2022-12-081-0/+9
| | | | | Let's generalize (and invert) the UNALIGNED32_P() macro from the sha256 code, and let's add a test for it.
* sha256: move to unaligned_write_ne32()Lennart Poettering2022-12-081-5/+2
|
* fundamental: split out unaligned_{read|write}_ne{16,32,64}() helpers into ↵Lennart Poettering2022-12-081-0/+40
| | | | | | | | | unaligned-fundamental.h Let's allow using this in code shared between userspace and EFI mode. Also, don't implement these functions via endianness conversions given we don't actually want to convert endianess here.
* sha256: external headers should be included with <>Lennart Poettering2022-12-081-1/+1
|
* stub: handle random seed like sd-boot doesJason A. Donenfeld2022-11-231-0/+1
| | | | | | | | | sd-stub has an opportunity to handle the seed the same way sd-boot does, which would have benefits for UKIs when sd-boot is not in use. This commit wires that up. It refactors the XBOOTLDR partition discovery to also find the ESP partition, so that it access the random seed there.
* macro: fix indentationYu Watanabe2022-10-261-1/+1
|
* macro: Simply case macros for IN_SETJan Janssen2022-10-261-22/+21
| | | | | | | | | The CASE param would normally provide the operation for the compiler to do in this macro magic. But in this case CASE_F_1 was hardcoding the operation, making the parameter moot. This just removes the somewhat pointless parameter instead of fixing the one case. These macros are used for IN_SET case labels only and not named generically anyways.
* macro: Use more correct type in IN_SETJan Janssen2022-10-261-5/+3
| | | | | | | | | | | | This will now catch mistakes like this: struct s { int i:2; } s = { 1 }; assert_se(IN_SET(s.i, ULLONG_MAX)); > warning: implicit conversion from 'unsigned long long' to > 'typeof (+s.i)' (aka 'int') changes value from 18446744073709551615 > to -1 [-Wconstant-conversion]
* macro-fundamental: allow to nest ASSERT_PTRDavid Tardon2022-09-141-12/+7
| | | | | | | | | E.g., int job_frobnicate(Job *j) { Unit *u = ASSERT_PTR(ASSERT_PTR(j)->unit); ... }
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-2/+1
|
* stub: add new special PE sections ".pcrsig" and ".pcrpkey" in unified kernelsLennart Poettering2022-09-092-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These aren't wired up yet to do anything useful. For now we just define them. This sections are supposed to carry a signature for expected measurements on PCR 11 if this kernel is booted, in the JSON format "systemd-measure sign" generates, and the public key used for the signature. The idea is to embedd the signature and the public key in unified kernels and making them available to userspace, so that userspace can easily access them and enroll (for which the public key is needed) or unlock (for which the PCR signature is needed) LUKS2 volumes and credentials that are bound to the currently used kernel version stream. Why put these files in PE sections rather than just into simple files in the initrd or into the host fs? The signature cannot be in the initrd, since it is after all covering the initrd, and thus the initrd as input for the calculation cannot carry the result of the calculation. Putting the signature onto the root fs sucks too, since we typically want to unlock the root fs with it, hence it would be inaccessible for it's primary purpose then. The public key could be in the initrd or in the root fs, there's no technical restriction for that. However, I still think it's a good idea to put it in a PE section as well, because this means the piece of code that attaches the signature can also attach the public key easily in one step, which is nice since it allows separating the roles of the kernel/initrd/root fs builder, and the role of the signer, and the former doesn't have to have knowledge about what the latter is going to add to the image. Note that the signature section is excluded from the TPM measurements sd-stub does about its resource sections, since – as mentioned – it's the expected output of the signing operation whose input are the measurements, hence it cannot also be input to them. The public key section is included in the measurements however.
* sha256: add sha256_direct()/SHA256_DIRECT() helpersLennart Poettering2022-08-192-0/+11
|
* sha256: change digest buffer type to uint8_t[]Lennart Poettering2022-08-192-3/+3
| | | | | This way we can specify a size with "static". All users use uint8_t already, hence this comes at no price.
* macro: use ISPOWEROF2() at various placesLennart Poettering2022-08-051-11/+2
|
* macro: add macro for checking if integer is power of 2Lennart Poettering2022-08-051-0/+13
|
* boot: add three new boot loader feature flagsLennart Poettering2022-08-021-0/+3
| | | | | | | | | | | | | | | | | Report whether the devicetree + sort-key boot loader spec type #1 fields are supported, and whether the "@saved" pseudo-entry is supported. Strictly speaking, thes features have been added in versions that are already released (250+), so by adding this those version even though they support the features will be considered not supporting them, but that should be OK (the opposite would be a problem though, i.e. if we'd assume a boot loader had a feature it actually does not). These three features are features relevant to userspace, as it allows userspace to tweak/genereate BLS entries or set EFI vars correctly. Other features (i.e. that have no impliciations to userspace) are not reported.
* stub: introduce StubFeatures, similar to LoaderFeaturesLennart Poettering2022-08-021-0/+7
| | | | | | | | | | | | | | systemd-boot reports its features via the LoaderFeatures EFI variable. Let's add something similar for stub features, given they have been growing. For starters only define four feature flags. One is a baseline feature we pretty much always supported (see comment in code), two are features added in one of the most recently released systemd version, and the final one, is a feature we added a few commits ago. This is useful for userspace to figure out what is supported and what not.
* boot: move unified kernel PE section definitions into 'fundamental' codeLennart Poettering2022-08-023-0/+30
| | | | | Le's share this code between userspace and uefispace. This is useful later when pre-measuring expected PCRs from userspace.
* boot: split out TPM PCR defines into header file we can share between ↵Lennart Poettering2022-08-022-0/+25
| | | | userspace and kernel space
* test-bus-objects: Test GetManagedObjects interfaces are correctigo958622022-07-251-0/+14
| | | | | | | | | Objects without ObjectManager should not have `org.freedesktop.DBus.ObjectManager` interface. Object with ObjectManager should do. Also added ASSERT_SE_NONNEG and ASSERT_NONNEG macros.
* fundamental: replace __sync with __atomic in ONCE macromatoro2022-07-141-4/+4
| | | | | For this one, we can actually just use __atomic_exchange_n since we don't need the "compare" part of __atomic_compare_exchange_n.
* fundamental: adjust #if conditional for _fallthrough_ for clangThomas Haller2022-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | NetworkManager takes systemd sources. It gets compiler warnings related to _fallthrough_. They probably can also affect systemd itself. A) on RHEL-7, gcc 4.8.5-44.el7 we get: ../src/libnm-systemd-shared/src/fundamental/macro-fundamental.h:45:22: error: "__clang__" is not defined [-Werror=undef] #if __GNUC__ >= 7 || __clang__ ^ Presumably gcc older than 7 is supported, so fix this. B) on Ubuntu 18.04, clang 1:6.0-41~exp5~ubuntu1 we get: ../src/libnm-systemd-core/src/libsystemd-network/sd-dhcp6-client.c:746:17: error: declaration does not declare anything [-Werror,-Wmissing-declarations] _fallthrough_; ^ ../src/libnm-systemd-shared/src/fundamental/macro-fundamental.h:46:25: note: expanded from macro '_fallthrough_' # define _fallthrough_ __attribute__((__fallthrough__)) ^ Granted, README comments that clang >= 10 is required. However, parts of systemd build just fine with older clang. It seems unnecessary to break this and the fix helps NetworkManager. Fixes: c0f5d58c9ab7 ('meson: Document why -Wimplicit-fallthrough is not used with clang')
* tree-wide: add global ascii_isdigit() + ascii_isalpha()Lennart Poettering2022-07-052-16/+16
| | | | | | | | We now have a local implementation in string-util-fundamental.c, but it's useful at a lot of other places, hence let's give it a more expressive name and share it across the tree. Follow-up for: 8d9156660d6958c8d63b1d44692968f1b5d33920
* fundamental: Remove types-fundamental.hJan Janssen2022-06-279-83/+30
| | | | | | | | | | | | | This removes the fundamental typedefs in favor of just using standard C types. These are all used internally anyway and also do not do anything special to warrant any redefinition to EFI types. Even for BOOLEAN we can safely use stdbool. The defition from the EFI specification is fully compatible, including making any other values than 0/1 as undefined. The exception is sd_char as those need to be char16_t. The typedef is moved to string-util-fundamental.h instead.
* sha256: Use stdbool and uintptr_tJan Janssen2022-06-242-19/+6
| | | | | | This also syncs the copyright blurb with current glibc sources. The written by line does not appear in upstream, so it should be okay to remove.
View Lorry Controller Status