This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.
This takes inspiration from Rust:
https://doc.rust-lang.org/std/option/enum.Option.html#method.take
and was suggested by Alan Jenkins (@sourcejedi).
It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
When /sys is a symlink to the sysfs mountpoint, e.g. /path/to/sysfs.
Then, device->syspath was set to like /path/to/sysfs/devices/foo/baz.
This converts the path to /sys/devices/foo/baz.
Fixes#7676.
Newer kernels will emit uevents with "bind" and "unbind" actions. These
uevents will be issued when driver is bound to or unbound from a device.
"Bind" events are helpful when device requires a firmware to operate
properly, and driver is unable to create a child device before firmware
is properly loaded.
For some reason systemd validates actions and drops the ones it does not
know, instead of passing them on through as old udev did, so we need to
explicitly teach it about them.
This prevents udev from reading the data after freeing it.
See https://github.com/systemd/systemd/issues/6040#issuecomment-306589836
==264== Invalid read of size 1
==264== at 0x4C2E112: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x5943EBD: strdup (in /usr/lib/libc-2.25.so)
==264== by 0x13E263: device_add_property_aux (sd-device.c:122)
==264== by 0x14788C: device_add_property_internal (sd-device.c:150)
==264== by 0x14788C: device_rename (device-private.c:786)
==264== by 0x120DB6: udev_device_rename (libudev-device-private.c:213)
==264== by 0x120DB6: udev_event_execute_rules (udev-event.c:895)
==264== by 0x120DB6: worker_spawn (udevd.c:456)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264== Address 0x7b251a0 is 0 bytes inside a block of size 5 free'd
==264== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x13E2A2: freep (alloc-util.h:57)
==264== by 0x13E2A2: device_add_property_aux (sd-device.c:111)
==264== by 0x147873: device_add_property_internal (sd-device.c:150)
==264== by 0x147873: device_rename (device-private.c:781)
==264== by 0x120DB6: udev_device_rename (libudev-device-private.c:213)
==264== by 0x120DB6: udev_event_execute_rules (udev-event.c:895)
==264== by 0x120DB6: worker_spawn (udevd.c:456)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264== Block was alloc'd at
==264== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==264== by 0x5943EC9: strdup (in /usr/lib/libc-2.25.so)
==264== by 0x13E263: device_add_property_aux (sd-device.c:122)
==264== by 0x143B45: device_add_property_internal (sd-device.c:150)
==264== by 0x143B45: device_amend.lto_priv.235 (device-private.c:454)
==264== by 0x1387B7: device_append (device-private.c:516)
==264== by 0x1387B7: device_new_from_nulstr (device-private.c:620)
==264== by 0x1387B7: udev_device_new_from_nulstr (libudev-device-private.c:268)
==264== by 0x1387B7: udev_monitor_receive_device (libudev-monitor.c:682)
==264== by 0x11FC69: worker_spawn (udevd.c:509)
==264== by 0x1216E5: event_run (udevd.c:584)
==264== by 0x1216E5: event_queue_start (udevd.c:823)
==264== by 0x122213: on_uevent (udevd.c:927)
==264== by 0x141F2F: source_dispatch (sd-event.c:2272)
==264== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==264== by 0x142D52: sd_event_run (sd-event.c:2690)
==264== by 0x142D52: sd_event_loop (sd-event.c:2710)
==264== by 0x1159CB: run (udevd.c:1643)
==264== by 0x1159CB: main (udevd.c:1772)
==264==
This prevents udev from double-freeing and crashing.
See https://github.com/systemd/systemd/issues/6040#issuecomment-306589836
==351== Invalid free() / delete / delete[] / realloc()
==351== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x13CBE8: hashmap_clear_free_free (hashmap.c:900)
==351== by 0x13CBE8: hashmap_free_free_free (hashmap.c:852)
==351== by 0x147F4F: sd_device_unref (sd-device.c:88)
==351== by 0x130CCC: udev_device_unref (libudev-device.c:552)
==351== by 0x130CD5: udev_device_unref (libudev-device.c:553)
==351== by 0x11FBBB: worker_spawn (udevd.c:488)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
==351== Address 0x81745b0 is 0 bytes inside a block of size 1 free'd
==351== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x1447F0: freep (alloc-util.h:57)
==351== by 0x1447F0: sd_device_set_sysattr_value (sd-device.c:1859)
==351== by 0x132081: udev_device_set_sysattr_value (libudev-device.c:849)
==351== by 0x12E777: set_trackpoint_sensitivity (udev-builtin-keyboard.c:180)
==351== by 0x12E777: builtin_keyboard.lto_priv.170 (udev-builtin-keyboard.c:263)
==351== by 0x14D03F: udev_builtin_run.constprop.75 (udev-builtin.c:133)
==351== by 0x11FAEB: udev_event_execute_run (udev-event.c:957)
==351== by 0x11FAEB: worker_spawn (udevd.c:461)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
==351== Block was alloc'd at
==351== at 0x4C2CF35: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==351== by 0x144853: sd_device_set_sysattr_value (sd-device.c:1888)
==351== by 0x132081: udev_device_set_sysattr_value (libudev-device.c:849)
==351== by 0x12E777: set_trackpoint_sensitivity (udev-builtin-keyboard.c:180)
==351== by 0x12E777: builtin_keyboard.lto_priv.170 (udev-builtin-keyboard.c:263)
==351== by 0x14D03F: udev_builtin_run.constprop.75 (udev-builtin.c:133)
==351== by 0x11FAEB: udev_event_execute_run (udev-event.c:957)
==351== by 0x11FAEB: worker_spawn (udevd.c:461)
==351== by 0x1216E5: event_run (udevd.c:584)
==351== by 0x1216E5: event_queue_start (udevd.c:823)
==351== by 0x122213: on_uevent (udevd.c:927)
==351== by 0x141F2F: source_dispatch (sd-event.c:2272)
==351== by 0x142D52: sd_event_dispatch (sd-event.c:2631)
==351== by 0x142D52: sd_event_run (sd-event.c:2690)
==351== by 0x142D52: sd_event_loop (sd-event.c:2710)
==351== by 0x1159CB: run (udevd.c:1643)
==351== by 0x1159CB: main (udevd.c:1772)
This adds /sys/firmware lookup for sysname when creating a new device,
which allows device-tree properties lookup. This look-up can then be
used in udev rules, allowing device-tree-based model detection.
All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.
Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'
Coverity was complaining about TOCTOU (CID #745806). Indeed, it seems better
to open the file and avoid the stat altogether:
- O_NOFOLLOW means we'll get ELOOP, which we can translate to EINVAL as before,
- similarly, open(O_WRONLY) on a directory will fail with EISDIR,
- and finally, it makes no sense to check access mode ourselves: just let
the kernel do it and propagate the error.
v2:
- fix memleak, don't clober input arg
gcc 7 adds -Wimplicit-fallthrough=3 to -Wextra. There are a few ways
we could deal with that. After we take into account the need to stay compatible
with older versions of the compiler (and other compilers), I don't think adding
__attribute__((fallthrough)), even as a macro, is worth the trouble. It sticks
out too much, a comment is just as good. But gcc has some very specific
requiremnts how the comment should look. Adjust it the specific form that it
likes. I don't think the extra stuff we had in those comments was adding much
value.
(Note: the documentation seems to be wrong, and seems to describe a different
pattern from the one that is actually used. I guess either the docs or the code
will have to change before gcc 7 is finalized.)
Let's use chase_symlinks() everywhere, and stop using GNU
canonicalize_file_name() everywhere. For most cases this should not change
behaviour, however increase exposure of our function to get better tested. Most
importantly in a few cases (most notably nspawn) it can take the correct root
directory into account when chasing symlinks.
As suggested here:
https://github.com/systemd/systemd/pull/4296#issuecomment-251911349
Let's try AF_INET first as socket, but let's fall back to AF_NETLINK, so that
we can use a protocol-independent socket here if possible. This has the benefit
that our code will still work even if AF_INET/AF_INET6 is made unavailable (for
exmple via seccomp), at least on current kernels.
The 'drivers' pseudo-subsystem needs special treatment. These pseudo-devices are
found under /sys/bus/drivers/, so needs the real subsystem encoded
in the device_id in order to be resolved.
The reader side already assumed this to be the case.
The statemachine was unable to parse properties with empty values,
reported in [0].
When reaching the start of the KEY, we would unconditionally read
one more character before starting to look for the end-of-line.
Simply look for the end-of-line from the first character.
[0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
strjoina() is unsafe to be used in an unbounded loop as alloca() has no error
reporting. Thus devices with a large number of tags or devlinks trigger a
segfault in device_properties_prepare() due to overflowing the stack.
Rewrite the building of the "tags" and "devlinks" strings using
GREEDY_REALLOC() and strpcpy() to work with arbitrarily long strings. This also
avoids re-copying the entire string in each loop iteration.
Before this commit we always appended one final ":" to "tags". Change this to
start with an iniital ":" and for each tag append instead of prepend a ":".
This unifies what happens for the first and all subsequent tags so that we can
use a for loop.
Fixes#2954
Throughout the tree there's spurious use of spaces separating ++ and --
operators from their respective operands. Make ++ and -- operator
consistent with the majority of existing uses; discard the spaces.
Usually, we place the #pragma once before the copyright blurb in header files,
but in a few cases we didn't. Move those around, so that we do the same thing
everywhere.
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.
This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.
Also touches a few unrelated include files.
The kernel replaces '/' in device names with '!', we translate that back
to '/' in sysname, when taking sysname as input, we should translate it
back again.
Use %m where previously %s was used together with strerrno().
Fixes: e53fc357a9 "tree-wide: remove a number of invocations of
strerror() and replace by %m"