When the kernel does not provide a modalias, we generate our own for usb devices.
For some reason, we generated the expected usb:vXXXXpYYYY string, suffixed by "*".
It was added that way already in 796b06c21b, but I
think that was a mistake, and Kay was thinking about the match pattern instead
of the matched string.
For example, for a qemu device:
old: "usb:v0627p0001*"
new: "usb:v0627p0001:QEMU USB Tablet"
On the match side, all hwdb files in the wild seem to be using match patterns
with "*" at the end. So we can add more stuff to our generated modalias with
impunity.
This will allow more obvious and more certain matches on USB devices. In
principle the vendor+product id should be unique, but it's only 8 digits, and
there's a high chance of people getting this wrong. And matching the wrong
device would be quite problematic. By including the name in the match string we
make a mismatch much less likely.
E.g. udevadm test prints "Invalid inotify descriptor." which is
meaningless without any context. I think it should be OK to call udev_watch_end()
from a cleanup path without any warning (even at debug level).
There is no reason to consider this wrong. In fact one could argue that +=
is more appropriate, because we always add to options, and not replace previous
assignments. If we output a debug message, we implicitly ask people to "fix" this,
and we shouldn't.
Also, all our rules use += right now.
Let's add a catalog entry explaining further details.
Most importantly though: talk to PID 1 directly, via the private D-Bus
socket, so that this actually works correctly during early boot, where
D-Bus is not around.
All devices behind a SPI controller have the same udev ID_PATH property.
This is a problem for predicable network names for CAN controllers.
CAN controllers, in contrast to Ethernet controllers, don't have a MAC
Address, so there's no way to tell two CAN controllers on the same SPI
host controller apart:
$ udevadm info /sys/class/net/can0
P: /devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.1/net/can0
L: 0
E: DEVPATH=/devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.1/net/can0
E: INTERFACE=can0
E: IFINDEX=3
E: SUBSYSTEM=net
E: USEC_INITIALIZED=11187199
E: ID_PATH=platform-fe204000.spi
E: ID_PATH_TAG=platform-fe204000_spi
E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/can0
E: TAGS=:systemd:
$ udevadm info /sys/class/net/can1
P: /devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.0/net/can1
L: 0
E: DEVPATH=/devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.0/net/can1
E: INTERFACE=can1
E: IFINDEX=4
E: SUBSYSTEM=net
E: USEC_INITIALIZED=11192211
E: ID_PATH=platform-fe204000.spi
E: ID_PATH_TAG=platform-fe204000_spi
E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/can1
E: TAGS=:systemd:
With this the chip select number is added to the ID_PATH, to make
predictable network names possible.
$ sudo udevadm info /sys/class/net/can0
P: /devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.1/net/can0
L: 0
E: DEVPATH=/devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.1/net/can0
E: INTERFACE=can0
E: IFINDEX=3
E: SUBSYSTEM=net
E: USEC_INITIALIZED=11187199
E: ID_PATH=platform-fe204000.spi-cs-1
E: ID_PATH_TAG=platform-fe204000_spi-cs-1
E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/can0
E: TAGS=:systemd:
$ sudo udevadm info /sys/class/net/can1
P: /devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.0/net/can1
L: 0
E: DEVPATH=/devices/platform/soc/fe204000.spi/spi_master/spi0/spi0.0/net/can1
E: INTERFACE=can1
E: IFINDEX=4
E: SUBSYSTEM=net
E: USEC_INITIALIZED=11192211
E: ID_PATH=platform-fe204000.spi-cs-0
E: ID_PATH_TAG=platform-fe204000_spi-cs-0
E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/can1
E: TAGS=:systemd:
Prompted by the discussion on #16110, let's migrate more code to
fd_wait_for_event().
This only leaves 7 places where we call into poll()/poll() directly in
our entire codebase. (one of which is fd_wait_for_event() itself)
poll() sets POLLNVAL inside of the poll structures if an invalid fd is
passed. So far we generally didn't check for that, thus not taking
notice of the error. Given that this specific kind of error is generally
indication of a programming error, and given that our code is embedded
into our projects via NSS or because people link against our library,
let's explicitly check for this and convert it to EBADF.
(I ran into a busy loop because of this missing check when some of my
test code accidentally closed an fd it shouldn't close, so this is a
real thing)
On systemd systems we generally don't need to chdir() to root, we don't
need to setup /dev/ ourselves (as PID 1 does that during earliest boot),
and we don't need to set the OOM adjustment values, as that's done via
unit files.
Hence, drop this. if people want to use udev from other init systems
they should do this on their own, I am very sure it's a good thing to do
it from outside of udevd, so that fewer privileges are required by udevd. In
particular the dev_setup() stuff is something that people who build
their own non-systemd distros want to set up themselves anyway, in
particular as they already have to mount devtmpfs themselves anyway.
Note that this only drops stuff that isn't really necessary for testing
stuff, i.e. process properties and settings that don't matter if you
quickly want to invoke udev from a terminal session to test something.
To make Driver= in [Match] section work in containers.
Note that ID_NET_DRIVER= property in udev database is set with the
result of the ethtool. So, this should not change anything for
non-container cases.
Closes#15678.
This is a follow-up for 9f83091e3c.
Instead of reading the mtime off the configuration files after reading,
let's do so before reading, but with the fd we read the data from. This
is not only cleaner (as it allows us to save one stat()), but also has
the benefit that we'll detect changes that happen while we read the
files.
This also reworks unit file drop-ins to use the common code for
determining drop-in mtime, instead of reading system clock for that.
Since the separate binaries contain mostly the same code,
this almost halves the size of the installation.
before:
398K /bin/udevadm
391K /lib/systemd/systemd-udevd
after:
431K /bin/udevadm
0 /lib/systemd/systemd-udevd -> ../../bin/udevadm
Fixes: #14200
if someone implements https://systemd.io/BLOCK_DEVICE_LOCKING/ then we
shouldn't loudly complain about that.
This reverts back to the original behaviour from
3ebdb81ef088afd3b4c72b516beb5610f8c93a0d: when the lock is taken we
silently skip processing the device and sending out the messages for it.
ATA devices should use the ATA ids like port number and (possibly)
master/slave or multiplier id, not the generic SCSI ID.
Currently only port number is included in the link. With this patch
the link would be able to support more cases, which are a) when the
device is behind a port multiplexer b) the distinction between master
and slave (distinguished by target id).
I tried to verify scenario a) with this patch, but I failed to find a
machine with PMP SATA devices attached. But the link below
https://github.com/systemd/systemd/issues/3943
could show what's the difference. Here is my test for scenario b)
Current version:
linux-ql21:~ # ll /sys/class/block/sd[ab]
lrwxrwxrwx 1 root root 0 May 8 20:46 /sys/class/block/sda ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:0/3:0:0:0/block/sda
lrwxrwxrwx 1 root root 0 May 8 20:46 /sys/class/block/sdb ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:1/3:0:1:0/block/sdb
linux-ql21:~ # ll /dev/disk/by-path/pci-0000\:00\:01.1-ata-1
lrwxrwxrwx 1 root root 9 May 8 20:44
/dev/disk/by-path/pci-0000:00:01.1-ata-1 -> ../../sdb
linux-ql21:~ # udevadm info /sys/class/block/sda |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1
E: DEVLINKS=/dev/disk/by-id/ata-VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-path/pci-0000:00:01.1-ata-1
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
linux-ql21:~ # udevadm info /sys/class/block/sdb |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1
E: DEVLINKS=/dev/disk/by-id/ata-VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-path/pci-0000:00:01.1-ata-1
After patch applied:
linux-ql21:~ # ll /sys/class/block/sd[ab]
lrwxrwxrwx 1 root root 0 May 8 21:07 /sys/class/block/sda ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:0/3:0:0:0/block/sda
lrwxrwxrwx 1 root root 0 May 8 21:07 /sys/class/block/sdb ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:1/3:0:1:0/block/sdb
linux-ql21:~ # ll /dev/disk/by-path/pci-0000\:00\:01.1-ata-*
lrwxrwxrwx 1 root root 9 May 8 21:07
/dev/disk/by-path/pci-0000:00:01.1-ata-1.0 -> ../../sda
lrwxrwxrwx 1 root root 9 May 8 21:07
/dev/disk/by-path/pci-0000:00:01.1-ata-1.1 -> ../../sdb
linux-ql21:~ # udevadm info /sys/class/block/sda |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1.0
E: DEVLINKS=/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/ata-VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-path/pci-0000:00:01.1-ata-1.0
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
linux-ql21:~ # udevadm info /sys/class/block/sdb |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1.1
E: DEVLINKS=/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/ata-VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-path/pci-0000:00:01.1-ata-1.1
Changelog:
v5: add another parameter compat_link in handle_scsi()
v4: comment for ID_PATH_ATA_COMPAT
get string length with pointer difference
(suggested by Franck Bui<fbui@suse.com>)
v3: creating compatible link from env
variables type change
v2: remove udev rules modification for compatible link
setup a test scenario of master/slave ATA devices
v1: initial patch
And do not use it in the IMPORT{cmdline} udev code. Wherever we expose
direct interfaces to check the kernel cmdline, let's not consult our
systemd-specific EFI variable, but strictly use the actual kernel
variable, because that's what we claim we do. i.e. it's fine to use the
EFI variable for our own settings, but for the generic APIs to the
kernel cmdline we should not use it.
Specifically, this applies to IMPORT{cmdline} and
ConditionKernelCommandLine=. In the latter case we weren#t checking the
EFI variable anyway, hence let's do the same for the udev case, too.
Fixes: #15739
This is a security feature, and we thus shouldn't derive the random MACs
from a potentially guessable source. MAC addresses are after all facing
to the outside, and can be interacted with from untrusted environments.
Hence, let's generate them the same way as we generate UUIDs: from
getrandom() or /dev/urandom, and optionally with RDRAND if that's
supported.
RDRAND should be fine, since this is not cryptographic key material, but
ultimately public information. We just want to make sure conflicts are
not likely.
Previously we'd generate the MACs via rand(), which means given the
short seed they are a little bit too guessable, making collisions too
likely. See #14355 in particular.
Fixes: #14355
(Note that #14355 was already fixed by
a0f11d1d11, but I think we should do
better even, and not rely on rand() and uninitialized random pools)
When setting flow control attributes of an interface we first acquire
the current settings and then add in the new settings before applying
them again. This only works on interfaces that implement the ethtool
ioctls. on others we'll see an ugly "Could not set flow control of"
message, simply because we issue the SIOCETHTOOL ioctl once, for getting
the data. In particular we'll get it for the "lo" interface all the
time, which sucks hard. Let's get rid of it.
Prompted by the discussions in #15180.
This is a bit more complex than I hoped, since for PID 1 we need to pass
in the synethetic environment block in we generate on demand.
We always need to make them unions with a "struct cmsghdr" in them, so
that things properly aligned. Otherwise we might end up at an unaligned
address and the counting goes all wrong, possibly making the kernel
refuse our buffers.
Also, let's make sure we initialize the control buffers to zero when
sending, but leave them uninitialized when reading.
Both the alignment and the initialization thing is mentioned in the
cmsg(3) man page.
If we're using a set with _put_strdup(), most of the time we want to use
string hash ops on the set, and free the strings when done. This defines
the appropriate a new string_hash_ops_free structure to automatically free
the keys when removing the set, and makes set_put_strdup() and set_put_strdupv()
instantiate the set with those hash ops.
hashmap_put_strdup() was already doing something similar.
(It is OK to instantiate the set earlier, possibly with a different hash ops
structure. set_put_strdup() will then use the existing set. It is also OK
to call set_free_free() instead of set_free() on a set with
string_hash_ops_free, the effect is the same, we're just overriding the
override of the cleanup function.)
No functional change intended.
Let's be extra careful whenever we return from recvmsg() and see
MSG_CTRUNC set. This generally means we ran into a programming error, as
we didn't size the control buffer large enough. It's an error condition
we should at least log about, or propagate up. Hence do that.
This is particularly important when receiving fds, since for those the
control data can be of any size. In particular on stream sockets that's
nasty, because if we miss an fd because of control data truncation we
cannot recover, we might not even realize that we are one off.
(Also, when failing early, if there's any chance the socket might be
AF_UNIX let's close all received fds, all the time. We got this right
most of the time, but there were a few cases missing. God, UNIX is hard
to use)
The function sd_device_get_property_value has some paths where it exits without
touching the n pointer. In those cases, n remained uninitialized until it was
eventually read inside isempty where it caused the segmentation fault.
Fixes#15078
The names with multiple lowercase words run together are hard to read. We
started that way with very short names like rootprefix, but then same pattern
was applied to longer and longer names. Looking at the body of .pc files
available on my machine, many packages use underscores; let's do the same. Old
names are kept for compatiblity, so this is backwards compatible.
Up to now each uevent logs the following things at debug level:
- Device is queued
- Processing device
- Device processed
However when the device is queued it might still have to wait for
earlier devices to be processed before being able to start being
processed itself. When analysing logs this dependency information is
quite cruicial, so add respective debug log calls.
Add SECLABEL{selinux}="some value" cause udevadm crash
systemd-udevd[x]: Worker [x] terminated by signal 11 (SEGV)
It happens since 25de7aa7b9 (Yu Watanabe 2019-04-25 01:21:11 +0200)
when udev rules processing changed to token model. Yu forgot store
attr to SECLABEL token so fix it.
Where we have a device that looks like a mouse and is connected over i2c, tag
it as pointing stick. There is no such thing as a i2c mouse.
Even touchpads that aren't recognized by the kernel will not show up as i2c
mouse - either the touchpad follows the Win8.1 specs in which case the kernel
switches it to multitouch mode and it shows up like a touchpad. The built-in
trackpoint, if any, is then the i2c mouse device.
Where the touchpad doesn't follow the spec, the kernel will not handle it and
the touchpad remains on the PS/2 legacy bus - not i2c. Hence we can assume
that any i2c mouse device is really a pointing stick.
If the peripheral device type is that of a host managed zone block device (0x14),
the device supports the same identification mechanisms as conventional disks (0x00).
Two releases ago we started warning about this, and I think it is now to turn
this into a hard error. People get bitten by this every once in a while, and
there doesn't see to be any legitimate use case where the same .link or
.network files should be applied to _all_ interfaces, since in particular that
configuration would apply both to lo and any other interfaces. And if for
whatever reason that is actually desired, OriginalName=* or Name=* can be
easily added to silence the warning and achieve the effect.
(The case described in #12098 is particularly nasty: 'echo -n >foo.network'
creates a mask file, 'echo >foo.network' creates a "match all" file.)
Fixes#717, #12098 for realz now.
When running the program with udev_event_spawn it is possible to miss
output in stdout when the program exits causing the result to be empty
which can cause rules using the result to not function correctly.
This is due to the on_spawn_sigchld callback being processed while IO is
still pending and causing the event loop to exit.
To correct this the sigchld event source is made a lower priority than
the other event sources to ensure it is processed after IO. This
requires changing the IO event source to oneshot and re-enabling it when
valid data is read but not for EOF, this prevents the empty pipes
constantly generating IO events.
If udevd receives an exit signal, it releases its reference on the udev
monitor in manager_exit(). If at this time a worker is hanging, and if
the event timeout for this worker expires before udevd exits, udevd
crashes in on_sigchld()->udev_monitor_send_device(), because the monitor
has already been freed.
Fix this by testing the validity of manager->monitor in on_sigchld().
If udevd receives an exit signal, it releases its reference on the udev
monitor in manager_exit(). If at this time a worker is hanging, and if
the event timeout for this worker expires before udevd exits, udevd
crashes in on_sigchld()->udev_monitor_send_device(), because the monitor
has already been freed.
Fix this by releasing the main process's monitor ref later, in
manager_free().
On some systems with lots of devices, device probing for certain drivers can
take a very long time. If systemd-udevd detects a timeout and kills the worker
running modprobe using SIGKILL, some devices will not be probed, or end up in
unusable state. The --event-timeout option can be used to modify the maximum
time spent in an uevent handler. But if systemd-udevd exits, it uses a
different timeout, hard-coded to 30s, and exits when this timeout expires,
causing all workers to be KILLed by systemd afterwards. In practice, this may
lead to workers being killed after significantly less time than specified with
the event-timeout. This is particularly significant during initrd processing:
systemd-udevd will be stopped by systemd when initrd-switch-root.target is
about to be isolated, which usually happens quickly after finding and mounting
the root FS.
If systemd-udevd is started by PID 1 (i.e. basically always), systemd will
kill both udevd and the workers after expiry of TimeoutStopSec. This is
actually better than the built-in udevd timeout, because it's more transparent
and configurable for users. This way users can avoid the mentioned boot problem
by simply increasing StopTimeoutSec= in systemd-udevd.service.
If udevd is not started by systemd (standalone), this is still an
improvement. udevd will kill hanging workers when the event timeout is
reached, which is configurable via the udev.event_timeout= kernel
command line parameter. Before this patch, udevd would simply exit with
workers still running, which would then become zombie processes.
With the timeout removed, the sd_event_now() assertion in manager_exit() can be
dropped.
When autoclose is set (kernel default but many distributions reverse the
setting) opening a CD-rom device causes the tray to close.
The function of blkid is to report the current state of the device and
not to change it. Hence it should use O_NONBLOCK when opening the
device to avoid closing a CD-rom tray.
blkid is used liberally in scripts so it can potentially interfere with
the user operating the CD-rom hardware.
[kzak@redhat.com: add O_NONBLOCK also to:
- wipefs
- blkid_new_probe_from_filename()
- blkid_evaluate_tag()]
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
(cherry picked from commit 39f5af25982d8b0244000e92a9d0e0e6557d0e17)
chase_symlinks() would return negative on error, and either a non-negative status
or a non-negative fd when CHASE_OPEN was given. This made the interface quite
complicated, because dependning on the flags used, we would get two different
"types" of return object. Coverity was always confused by this, and flagged
every use of chase_symlinks() without CHASE_OPEN as a resource leak (because it
would this that an fd is returned). This patch uses a saparate output parameter,
so there is no confusion.
(I think it is OK to have functions which return either an error or an fd. It's
only returning *either* an fd or a non-fd that is confusing.)
When you have a CD automunt solution that talks directly to the kernel
independently of udev it races with cdrom_id for exclusive access to the
device failing unpredictably.
The whole is_mounted function in cdrom_id is broken: there is no saying
what happens between calling is_mounted and opening the device.
Hence assume that the device can be mounted asynchronously at any time,
do not use exclusive access, and do away with is_mouted.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Currently, there is no way to match against system-wide constants, such
as architecture or virtualization type, without forking helper binaries.
That potentially results in a huge number of spawned processes which
output always the same answer.
This patch introduces a special CONST keyword which takes a hard-coded
string as its key and returns a value assigned to that key. Currently
implemented are CONST{arch} and CONST{virt}, which can be used to match
against the system's architecture and virtualization type.
Original revisions of the SAT (SCSI-ATA Translation) specification
required that all sense data be reported in Descriptor Format (72h).
Later revisions specifcally allow and account for sense data being
reported in Fixed Format (70h).
The current code checks for a Descriptor Format sense structure (0x72),
then looks specifically at the first byte of the first descriptor for the
ATA specific code 0x9, cross referencing it with the first byte which is
just a length field 0x0c (as a sanity check).
In the Fixed Format case(0x70), we can fall back to using the top-level
SCSI Sense data for the Additional Sense code (0x0) and then the
Additional Sense Code Qualifier (0x1d),
That identifies that the sense data is of the format associated with:
`ATA PASS THROUGH INFORMATION AVAILABLE`.
This fallback mechanism retains support for SATLs compliant with ANSI
INCITS 431-2007, and enables support for Fixed Format Sense data
enabled by SATLs with later revisions.
Glad to do so. This patch allows ata_id to export attributes correctly. I believe that any drive can potentially return information in this format on any SATL using the libata-scsi (the Linux builtin SATL), but in this particular case, it appears it is the SATL itself. Attaching the disk to the AHCI controller changes the behavior impacted here. (Not entirely surprisingly, SATLs are are pretty inconsistent).
Test:
This case specifically is an LSI SATL. I'll illustrate that without the patch, ata_id does not return
any output for a valid SATA drive but after the patch does.
1. Verify the device is ATA, by looking at the vpd page specific to ATA drives
```
root@machine:~# sg_vpd -p ai /dev/sdn
ATA information VPD page:
SAT Vendor identification: LSI
SAT Product identification: LSI SATL
SAT Product revision level: 0008
Device signature indicates SATA transport
ATA command IDENTIFY DEVICE response summary:
model: HGST HUH728080ALE604
serial number: ZZZZH3VX
firmware revision: A4GNW7J0
```
2. Look at what udev thinks of the disk, it says ID_BUS=scsi
ATA information says ID_MODEL should be HGST_HUH728080ALE604
udev says it is HGST_HUH728080AL (Missing E604, 4 bytes), and no ATA attributes are
populated.
```
root@machine:~# udevadm info -q all /dev/sdn
P: /devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
N: sdn
S: disk/by-id/scsi-35000cca23be1dc3c
S: disk/by-id/wwn-0x5000cca23be1dc3c
S: disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: DEVLINKS=/dev/disk/by-id/wwn-0x5000cca23be1dc3c /dev/disk/by-id/scsi-35000cca23be1dc3c /dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: DEVNAME=/dev/sdn
E: DEVPATH=/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
E: DEVTYPE=disk
E: ID_BUS=scsi
E: ID_MODEL=HGST_HUH728080AL
E: ID_MODEL_ENC=HGST\x20HUH728080AL
E: ID_PATH=pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_PATH_TAG=pci-0000_05_00_0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_REVISION=W7J0
E: ID_SCSI=1
E: ID_SCSI_SERIAL=ZZZZH3VX
E: ID_SERIAL=35000cca23be1dc3c
E: ID_SERIAL_SHORT=5000cca23be1dc3c
E: ID_TYPE=disk
E: ID_VENDOR=ATA
E: ID_VENDOR_ENC=ATA\x20\x20\x20\x20\x20
E: ID_WWN=0x5000cca23be1dc3c
E: ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
E: MAJOR=8
E: MINOR=208
E: SUBSYSTEM=block
E: TAGS=:systemd:
```
3. Run ata_id (unpatched) (Outputs nothing, RC=2)
```
root@machine:~# strace -e ioctl /lib/udev/ata_id /dev/sdn -x
ioctl(3, SG_IO, {'Q', BSG_PROTOCOL_SCSI, BSG_SUB_PROTOCOL_SCSI_CMD, request[6]=[12, 00, 00, 00, 24, 00], request_tag=0, request_attr=0, request_priority=0, request_extra=0, max_response_len=32, dout_iovec_count=0, dout_xfer_len=0, din_iovec_count=0, din_xfer_len=36, timeout=30000, flags=0, usr_ptr=0, spare_in=0, dout[0]=NULL}) = -1 EINVAL (Invalid argument)
ioctl(3, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[6]=[12, 00, 00, 00, 24, 00], mx_sb_len=32, iovec_count=0, dxfer_len=36, timeout=30000, flags=0, data[36]=[00, 00, 06, 12, 45, 00, 00, 02, 41, 54, 41, 20, 20, 20, 20, 20, 48, 47, 53, 54, 20, 48, 55, 48, 37, 32, 38, 30, 38, 30, 41, 4c, ...], status=00, masked_status=00, sb[0]=[], host_status=0, driver_status=0, resid=0, duration=1, info=0}) = 0
ioctl(3, SG_IO, {'Q', BSG_PROTOCOL_SCSI, BSG_SUB_PROTOCOL_SCSI_CMD, request[12]=[a1, 08, 2e, 00, 01, 00, 00, 00, 00, ec, 00, 00], request_tag=0, request_attr=0, request_priority=0, request_extra=0, max_response_len=32, dout_iovec_count=0, dout_xfer_len=0, din_iovec_count=0, din_xfer_len=512, timeout=30000, flags=0, usr_ptr=0, spare_in=0, dout[0]=NULL}) = -1 EINVAL (Invalid argument)
ioctl(3, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[12]=[a1, 08, 2e, 00, 01, 00, 00, 00, 00, ec, 00, 00], mx_sb_len=32, iovec_count=0, dxfer_len=512, timeout=30000, flags=0, data[0]=[], status=02, masked_status=01, sb[18]=[70, 00, 01, 00, 00, 00, 00, 0a, 00, 00, 00, 00, 00, 1d, 00, 00, 00, 00], host_status=0, driver_status=0x8, resid=512, duration=0, info=0x1}) = 0
ioctl(3, HDIO_GET_IDENTITY, 0x7ffe408f7590) = -1 EINVAL (Invalid argument)
+++ exited with 2 +++
```
Sense buffers visible with the strace:
`sb[18]=[70, 00, 01, 00, 00, 00, 00, 0a, 00, 00, 00, 00, 00, 1d, 00, 00, 00, 00]` is the important bit, see 70, 0a and 1d bytes
4. Run patched version: model is HGST_HUH728080ALE604 as expected, ATA attributes are
correctly populated.
```
root@machine:~# ./ata_id /dev/sdn -x
ID_ATA=1
ID_TYPE=disk
ID_BUS=ata
ID_MODEL=HGST_HUH728080ALE604
ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_REVISION=A4GNW7J0
ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX
ID_SERIAL_SHORT=ZZZZH3VX
ID_ATA_WRITE_CACHE=1
ID_ATA_WRITE_CACHE_ENABLED=1
ID_ATA_FEATURE_SET_HPA=1
ID_ATA_FEATURE_SET_HPA_ENABLED=1
ID_ATA_FEATURE_SET_PM=1
ID_ATA_FEATURE_SET_PM_ENABLED=1
ID_ATA_FEATURE_SET_SECURITY=1
ID_ATA_FEATURE_SET_SECURITY_ENABLED=0
ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522
ID_ATA_FEATURE_SET_SMART=1
ID_ATA_FEATURE_SET_SMART_ENABLED=1
ID_ATA_FEATURE_SET_PUIS=1
ID_ATA_FEATURE_SET_PUIS_ENABLED=0
ID_ATA_FEATURE_SET_APM=1
ID_ATA_FEATURE_SET_APM_ENABLED=1
ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254
ID_ATA_DOWNLOAD_MICROCODE=1
ID_ATA_SATA=1
ID_ATA_SATA_SIGNAL_RATE_GEN2=1
ID_ATA_SATA_SIGNAL_RATE_GEN1=1
ID_ATA_ROTATION_RATE_RPM=7200
ID_WWN=0x5000cca23be1dc3c
ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
```
5. Drop it in place and verify: we see that ata_id does work.
```
root@hw1-b01left-2212a:~# udevadm test /block/sdn
<truncated>
GROUP 6 /lib/udev/rules.d/50-udev-default.rules:55
IMPORT 'ata_id --export /dev/sdn' /lib/udev/rules.d/60-persistent-storage.rules:33
starting 'ata_id --export /dev/sdn'
'ata_id --export /dev/sdn'(out) 'ID_ATA=1'
'ata_id --export /dev/sdn'(out) 'ID_TYPE=disk'
'ata_id --export /dev/sdn'(out) 'ID_BUS=ata'
'ata_id --export /dev/sdn'(out) 'ID_MODEL=HGST_HUH728080ALE604'
'ata_id --export /dev/sdn'(out) 'ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
'ata_id --export /dev/sdn'(out) 'ID_REVISION=A4GNW7J0'
'ata_id --export /dev/sdn'(out) 'ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX'
'ata_id --export /dev/sdn'(out) 'ID_SERIAL_SHORT=ZZZZH3VX'
'ata_id --export /dev/sdn'(out) 'ID_ATA_WRITE_CACHE=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_WRITE_CACHE_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_HPA=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_HPA_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PM=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PM_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SECURITY=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SECURITY_ENABLED=0'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SMART=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SMART_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PUIS=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PUIS_ENABLED=0'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_APM=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_APM_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254'
'ata_id --export /dev/sdn'(out) 'ID_ATA_DOWNLOAD_MICROCODE=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_SATA=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_SATA_SIGNAL_RATE_GEN2=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_SATA_SIGNAL_RATE_GEN1=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_ROTATION_RATE_RPM=7200'
'ata_id --export /dev/sdn'(out) 'ID_WWN=0x5000cca23be1dc3c'
'ata_id --export /dev/sdn'(out) 'ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c'
Process 'ata_id --export /dev/sdn' succeeded.
LINK 'disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX' /lib/udev/rules.d/60-persistent-storage.rules:47
IMPORT builtin 'path_id' /lib/udev/rules.d/60-persistent-storage.rules:65
LINK 'disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0' /lib/udev/rules.d/60-persistent-storage.rules:66
IMPORT builtin 'blkid' /lib/udev/rules.d/60-persistent-storage.rules:81
probe /dev/sdn raid offset=0
LINK 'disk/by-id/wwn-0x5000cca23be1dc3c' /lib/udev/rules.d/60-persistent-storage.rules:88
RUN '/usr/lib/python-dsnet-appliance/hotplug disk udev-disk-add' /etc/udev/rules.d/99-appliance-hotplug.rules:1
update old name, '/dev/disk/by-id/scsi-35000cca23be1dc3c' no longer belonging to '/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn'
no reference left, remove '/dev/disk/by-id/scsi-35000cca23be1dc3c'
handling device node '/dev/sdn', devnum=b8:208, mode=0660, uid=0, gid=6
preserve permissions /dev/sdn, 060660, uid=0, gid=6
preserve already existing symlink '/dev/block/8:208' to '../sdn'
creating link '/dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX' to '/dev/sdn'
creating symlink '/dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX' to '../../sdn'
found 'b8:208' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fwwn-0x5000cca23be1dc3c'
creating link '/dev/disk/by-id/wwn-0x5000cca23be1dc3c' to '/dev/sdn'
preserve already existing symlink '/dev/disk/by-id/wwn-0x5000cca23be1dc3c' to '../../sdn'
found 'b8:208' claiming '/run/udev/links/\x2fdisk\x2fby-path\x2fpci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0'
creating link '/dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0' to '/dev/sdn'
preserve already existing symlink '/dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0' to '../../sdn'
created db file '/run/udev/data/b8:208' for '/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn'
ACTION=add
DEVLINKS=/dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0 /dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX /dev/disk/by-id/wwn-0x5000cca23be1dc3c
DEVNAME=/dev/sdn
DEVPATH=/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
DEVTYPE=disk
ID_ATA=1
ID_ATA_DOWNLOAD_MICROCODE=1
ID_ATA_FEATURE_SET_APM=1
ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254
ID_ATA_FEATURE_SET_APM_ENABLED=1
ID_ATA_FEATURE_SET_HPA=1
ID_ATA_FEATURE_SET_HPA_ENABLED=1
ID_ATA_FEATURE_SET_PM=1
ID_ATA_FEATURE_SET_PM_ENABLED=1
ID_ATA_FEATURE_SET_PUIS=1
ID_ATA_FEATURE_SET_PUIS_ENABLED=0
ID_ATA_FEATURE_SET_SECURITY=1
ID_ATA_FEATURE_SET_SECURITY_ENABLED=0
ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522
ID_ATA_FEATURE_SET_SMART=1
ID_ATA_FEATURE_SET_SMART_ENABLED=1
ID_ATA_ROTATION_RATE_RPM=7200
ID_ATA_SATA=1
ID_ATA_SATA_SIGNAL_RATE_GEN1=1
ID_ATA_SATA_SIGNAL_RATE_GEN2=1
ID_ATA_WRITE_CACHE=1
ID_ATA_WRITE_CACHE_ENABLED=1
ID_BUS=ata
ID_MODEL=HGST_HUH728080ALE604
ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_PATH=pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
ID_PATH_TAG=pci-0000_05_00_0-sas-exp0x500605b0000272bf-phy11-lun-0
ID_REVISION=A4GNW7J0
ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX
ID_SERIAL_SHORT=ZZZZH3VX
ID_TYPE=disk
ID_WWN=0x5000cca23be1dc3c
ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
MAJOR=8
MINOR=208
SUBSYSTEM=block
TAGS=:systemd:
USEC_INITIALIZED=6055690
run: '/usr/lib/python-dsnet-appliance/hotplug disk udev-disk-add'
Unload module index
Unloaded link configuration context.
```
6. Query just to double check: (ID_BUS=ata, model correct, etc).
```
root@machine:~# udevadm info /dev/sdn
P: /devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
N: sdn
S: disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX
S: disk/by-id/wwn-0x5000cca23be1dc3c
S: disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: DEVLINKS=/dev/disk/by-id/wwn-0x5000cca23be1dc3c /dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0 /dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX
E: DEVNAME=/dev/sdn
E: DEVPATH=/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
E: DEVTYPE=disk
E: ID_ATA=1
E: ID_ATA_DOWNLOAD_MICROCODE=1
E: ID_ATA_FEATURE_SET_APM=1
E: ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254
E: ID_ATA_FEATURE_SET_APM_ENABLED=1
E: ID_ATA_FEATURE_SET_HPA=1
E: ID_ATA_FEATURE_SET_HPA_ENABLED=1
E: ID_ATA_FEATURE_SET_PM=1
E: ID_ATA_FEATURE_SET_PM_ENABLED=1
E: ID_ATA_FEATURE_SET_PUIS=1
E: ID_ATA_FEATURE_SET_PUIS_ENABLED=0
E: ID_ATA_FEATURE_SET_SECURITY=1
E: ID_ATA_FEATURE_SET_SECURITY_ENABLED=0
E: ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522
E: ID_ATA_FEATURE_SET_SMART=1
E: ID_ATA_FEATURE_SET_SMART_ENABLED=1
E: ID_ATA_ROTATION_RATE_RPM=7200
E: ID_ATA_SATA=1
E: ID_ATA_SATA_SIGNAL_RATE_GEN1=1
E: ID_ATA_SATA_SIGNAL_RATE_GEN2=1
E: ID_ATA_WRITE_CACHE=1
E: ID_ATA_WRITE_CACHE_ENABLED=1
E: ID_BUS=ata
E: ID_MODEL=HGST_HUH728080ALE604
E: ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
E: ID_PATH=pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_PATH_TAG=pci-0000_05_00_0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_REVISION=A4GNW7J0
E: ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX
E: ID_SERIAL_SHORT=ZZZZH3VX
E: ID_TYPE=disk
E: ID_WWN=0x5000cca23be1dc3c
E: ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
E: MAJOR=8
E: MINOR=208
E: SUBSYSTEM=block
E: TAGS=:systemd:
E: USEC_INITIALIZED=6055690
```
If I install the same disk into a machine using an ATA driver, this behavior changes:
```
root@machine2:~# sg_vpd -p ai /dev/sdb
ATA information VPD page:
SAT Vendor identification: linux
SAT Product identification: libata
SAT Product revision level: 3.00
Device signature indicates SATA transport
ATA command IDENTIFY DEVICE response summary:
model: HGST HUH728080ALE604
serial number: ZZZZH3VX
firmware revision: A4GNW7J0
root@machine-2:~# /lib/udev/ata_id -x /dev/sdb
ID_ATA=1
ID_TYPE=disk
ID_BUS=ata
ID_MODEL=HGST_HUH728080ALE604
ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_REVISION=A4GNW7J0
<truncated>
```
Inside container, writing file returns EACCESS. Moreover, some devices
return ENODEV rather than EACCES. So, let's also ignore these two
error causes.
Closes#13652.
I want to use efivars.[ch] in proc-cmdline.c, but most of the efivars stuff is
not needed in basic/. Move the file from shared/ to basic/, but then move back
most of the higher-level functions to the new shared/efi-loader.c file.
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.
This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.
Fixes: #11996.
let's add [static] where it was missing so far
Drop [static] on parameters that can be NULL.
Add an assert() around parameters that have [static] and can't be NULL
hence.
Add some "const" where it was forgotten.
We'd log to the "console", losing structured logs during configuration file parsing.
Let's be nice to journalctl users, and log to the journal immediately.