Compare commits

...

7 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek ae366f3acb NEWS: last rites 2020-07-30 21:02:36 +02:00
Lennart Poettering cae1e8fb88 loop-device: implicitly sync device on detach
Apparently, if IO is still in flight at the moment we invoke LOOP_CLR_FD
it is likely simply dropped (probably because yanking physical storage,
such as a USB stick would drop it too). Let's protect ourselves against
that and always sync explicitly before we invoke it.
2020-07-30 20:56:13 +02:00
Zbigniew Jędrzejewski-Szmek 3660da17b0
Merge pull request #16624 from keszybz/timesync-retry-interval
Make timesyncd retry interval grow more slowly
2020-07-30 20:47:41 +02:00
Amitanand.Chikorde e7e954243a udev: fix codesonar warnings
Fixed below systemd codesonar warning.
isprint() is invoked here with an argument of signed
type char, but only has defined behavior for int arguments that are
either representable as unsigned char or equal to the value
of macro EOF(-1).

As per codesonar report, in a number of libc implementations, isprint()
function implemented using lookup tables (arrays): passing in a
negative value can result in a read underrun.
2020-07-30 18:55:50 +02:00
Zbigniew Jędrzejewski-Szmek b67ec8e5b2 pid1: stop limiting size of /dev/shm
The explicit limit is dropped, which means that we return to the kernel default
of 50% of RAM. See 362a55fc14 for a discussion why that is not as much as it
seems. It turns out various applications need more space in /dev/shm and we
would break them by imposing a low limit.

While at it, rename the define and use a single macro for various tmpfs mounts.
We don't really care what the purpose of the given tmpfs is, so it seems
reasonable to use a single macro.

This effectively reverts part of 7d85383edb. Fixes #16617.
2020-07-30 18:48:35 +02:00
Zbigniew Jędrzejewski-Szmek 5919bd3df3 timesync: increase retry interval more slowly
The new retry intervals are [15, 20, 26, 34, 45, 60, 80, 106, 141, 188, 250,
333, 360, ...]. This should allow graceful response if a transient network
failure is encountered. Growth is exponential, but with a small power and
capped to a non-too-large value so that we resynchronize within a few minutes
after network is restored. I made the minimum 15 s to make sure that we never
send packets more often than that.

Fixes #16492.
2020-07-30 15:15:11 +02:00
Yu Watanabe 94ec163ad2 timedatectl: do not show (null) if the address of NTP server is not resolved 2020-07-17 03:10:42 +09:00
10 changed files with 81 additions and 79 deletions

78
NEWS
View File

@ -114,7 +114,7 @@ CHANGES WITH 246:
* tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm, * tmpfs mounts automatically created by systemd (/tmp, /run, /dev/shm,
and others) now have a size and inode limits applied (50% of RAM for and others) now have a size and inode limits applied (50% of RAM for
/tmp, 10% of RAM for /dev/shm, etc.) /tmp and /dev/shm, 10% of RAM for other mounts, etc.)
* nss-mymachines lost support for resolution of users and groups, and * nss-mymachines lost support for resolution of users and groups, and
now only does resolution of hostnames. This functionality is now now only does resolution of hostnames. This functionality is now
@ -564,45 +564,45 @@ CHANGES WITH 246:
distribution-specific defaults in .mkosi/ based on your preference. distribution-specific defaults in .mkosi/ based on your preference.
Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander Contributions from: 24bisquitz, Adam Nielsen, Alan Perry, Alexander
Malafeev, Alin Popa, Alvin Šipraga, Amos Bird, Andreas Rammhold, Malafeev, Amitanand.Chikorde, Alin Popa, Alvin Šipraga, Amos Bird,
AndreRH, Andrew Doran, Anita Zhang, Ankit Jain, antznin, Arnaud Andreas Rammhold, AndreRH, Andrew Doran, Anita Zhang, Ankit Jain,
Ferraris, Arthur Moraes do Lago, Arusekk, Balaji Punnuru, Balint antznin, Arnaud Ferraris, Arthur Moraes do Lago, Arusekk, Balaji
Reczey, Bastien Nocera, bemarek, Benjamin Berg, Benjamin Dahlhoff, Punnuru, Balint Reczey, Bastien Nocera, bemarek, Benjamin Berg,
Benjamin Robin, Chris Down, Chris Kerr, Christian Göttsche, Christian Benjamin Dahlhoff, Benjamin Robin, Chris Down, Chris Kerr, Christian
Hesse, Christian Oder, Ciprian Hacman, Clinton Roy, codicodi, Corey Göttsche, Christian Hesse, Christian Oder, Ciprian Hacman, Clinton Roy,
Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan, Daniel Fullmer, codicodi, Corey Hinshaw, Daan De Meyer, Dana Olson, Dan Callaghan,
Daniel Rusek, Dan Streetman, Dave Reisner, David Edmundson, David Wood, Daniel Fullmer, Daniel Rusek, Dan Streetman, Dave Reisner, David
Denis Pronin, Diego Escalante Urrelo, Dimitri John Ledkov, Edmundson, David Wood, Denis Pronin, Diego Escalante Urrelo, Dimitri
dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel Garette, Eric John Ledkov, dolphrundgren, duguxy, Einsler Lee, Elisei Roca, Emmanuel
Anderson, Eric DeVolder, Evgeny Vereshchagin, ExtinctFire, fangxiuning, Garette, Eric Anderson, Eric DeVolder, Evgeny Vereshchagin,
Ferran Pallarès Roca, Filipe Brandenburger, Filippo Falezza, Finn, ExtinctFire, fangxiuning, Ferran Pallarès Roca, Filipe Brandenburger,
Florian Klink, Florian Mayer, Franck Bui, Frantisek Sumsal, gaurav, Filippo Falezza, Finn, Florian Klink, Florian Mayer, Franck Bui,
Georg Müller, Gergely Polonkai, Giedrius Statkevičius, Gigadoc2, Frantisek Sumsal, gaurav, Georg Müller, Gergely Polonkai, Giedrius
gogogogi, gzjsgdsb, Hans de Goede, Haochen Tong, ianhi, ignapk, Jakov Statkevičius, Gigadoc2, gogogogi, Gaurav Singh, gzjsgdsb, Hans de
Smolic, James T. Lee, Jan Janssen, Jan Klötzke, Jan Palus, Jay Burger, Goede, Haochen Tong, ianhi, ignapk, Jakov Smolic, James T. Lee, Jan
Jeremy Cline, Jérémy Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Janssen, Jan Klötzke, Jan Palus, Jay Burger, Jeremy Cline, Jérémy
Joerg Behrmann, Jörg Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Rosen, Jian-Hong Pan, Jiri Slaby, Joel Shapiro, Joerg Behrmann, Jörg
Levinsen, Kevin Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Thalheim, Jouke Witteveen, Kai-Heng Feng, Kenny Levinsen, Kevin
Lénaïc Huard, Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca Kuehler, Kumar Kartikeya Dwivedi, layderv, laydervus, Lénaïc Huard,
BRUNO, Lucas Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Lennart Poettering, Lidong Zhong, Luca Boccassi, Luca BRUNO, Lucas
Stelmach, Maciej S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Werkmeister, Lukas Klingsbo, Lukáš Nykrýn, Łukasz Stelmach, Maciej
Holtmann, Marc Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt S. Szmigiero, MadMcCrow, Marc-André Lureau, Marcel Holtmann, Marc
Ranostay, Maxim Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Kleine-Budde, Martin Hundebøll, Matthew Leeds, Matt Ranostay, Maxim
Michael Gubbels, Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Fomin, MaxVerevkin, Michael Biebl, Michael Chapman, Michael Gubbels,
Michal Sekletár, Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Michael Marley, Michał Bartoszkiewicz, Michal Koutný, Michal Sekletár,
Motiejus Jakštys, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Mike Gilbert, Mike Kazantsev, Mikhail Novosyolov, ml, Motiejus Jakštys,
Hambüchen, Norbert Lange, Paul Cercueil, pelzvieh, Peter Hutterer, nabijaczleweli, nerdopolis, Niccolò Maggioni, Niklas Hambüchen, Norbert
Piero La Terza, Pieter Lexis, Piotr Drąg, Rafael Fontenelle, Richard Lange, Paul Cercueil, pelzvieh, Peter Hutterer, Piero La Terza, Pieter
Petri, Ronan Pigott, Ross Lagerwall, Rubens Figueiredo, satmandu, Lexis, Piotr Drąg, Rafael Fontenelle, Richard Petri, Ronan Pigott, Ross
Sean-StarLabs, Sebastian Jennen, sterlinghughes, Surhud More, Susant Lagerwall, Rubens Figueiredo, satmandu, Sean-StarLabs, Sebastian
Sahani, szb512, Thomas Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Jennen, sterlinghughes, Surhud More, Susant Sahani, szb512, Thomas
Tomer Shechner, Tom Hughes, Topi Miettinen, Tudor Roman, Uwe Haller, Tobias Hunger, Tom, Tomáš Pospíšek, Tomer Shechner, Tom Hughes,
Kleine-König, Valery0xff, Vito Caputo, Vladimir Panteleev, Vladyslav Topi Miettinen, Tudor Roman, Uwe Kleine-König, Valery0xff, Vito Caputo,
Tronko, Wen Yang, Yegor Vialov, Yigal Korman, Yi Gao, YmrDtnJu, Yuri Vladimir Panteleev, Vladyslav Tronko, Wen Yang, Yegor Vialov, Yigal
Chornoivan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Zhu Li, Дамјан Korman, Yi Gao, YmrDtnJu, Yuri Chornoivan, Yu Watanabe, Zbigniew
Георгиевски, наб Jędrzejewski-Szmek, Zhu Li, Дамјан Георгиевски, наб
Warsaw, 2020-07-24 Warsaw, 2020-07-30
CHANGES WITH 245: CHANGES WITH 245:

View File

@ -72,10 +72,10 @@ static const MountPoint mount_table[] = {
#if ENABLE_SMACK #if ENABLE_SMACK
{ "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV, { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV,
mac_smack_use, MNT_FATAL }, mac_smack_use, MNT_FATAL },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL }, mac_smack_use, MNT_FATAL },
#endif #endif
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER }, NULL, MNT_FATAL|MNT_IN_CONTAINER },
{ "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC,
NULL, MNT_IN_CONTAINER }, NULL, MNT_IN_CONTAINER },

View File

@ -326,23 +326,21 @@ static int append_bind_mounts(MountEntry **p, const BindMount *binds, size_t n)
} }
static int append_tmpfs_mounts(MountEntry **p, const TemporaryFileSystem *tmpfs, size_t n) { static int append_tmpfs_mounts(MountEntry **p, const TemporaryFileSystem *tmpfs, size_t n) {
size_t i;
int r;
assert(p); assert(p);
for (i = 0; i < n; i++) { for (size_t i = 0; i < n; i++) {
const TemporaryFileSystem *t = tmpfs + i; const TemporaryFileSystem *t = tmpfs + i;
_cleanup_free_ char *o = NULL, *str = NULL; _cleanup_free_ char *o = NULL, *str = NULL;
unsigned long flags; unsigned long flags;
bool ro = false; bool ro = false;
int r;
if (!path_is_absolute(t->path)) if (!path_is_absolute(t->path))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
"Path is not absolute: %s", "Path is not absolute: %s",
t->path); t->path);
str = strjoin("mode=0755" TMPFS_LIMITS_TEMPORARY_FS ",", t->options); str = strjoin("mode=0755" NESTED_TMPFS_LIMITS ",", t->options);
if (!str) if (!str)
return -ENOMEM; return -ENOMEM;

View File

@ -549,7 +549,7 @@ int mount_all(const char *dest,
MOUNT_IN_USERNS|MOUNT_MKDIR }, MOUNT_IN_USERNS|MOUNT_MKDIR },
/* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */ /* Then we list outer child mounts (i.e. mounts applied *before* entering user namespacing) */
{ "tmpfs", "/tmp", "tmpfs", "mode=1777" TMPFS_LIMITS_TMP, MS_NOSUID|MS_NODEV|MS_STRICTATIME, { "tmpfs", "/tmp", "tmpfs", "mode=1777" NESTED_TMPFS_LIMITS, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_APPLY_TMPFS_TMP|MOUNT_MKDIR }, MOUNT_FATAL|MOUNT_APPLY_TMPFS_TMP|MOUNT_MKDIR },
{ "tmpfs", "/sys", "tmpfs", "mode=555" TMPFS_LIMITS_SYS, MS_NOSUID|MS_NOEXEC|MS_NODEV, { "tmpfs", "/sys", "tmpfs", "mode=555" TMPFS_LIMITS_SYS, MS_NOSUID|MS_NOEXEC|MS_NODEV,
MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS|MOUNT_MKDIR }, MOUNT_FATAL|MOUNT_APPLY_APIVFS_NETNS|MOUNT_MKDIR },
@ -559,7 +559,7 @@ int mount_all(const char *dest,
MOUNT_FATAL|MOUNT_MKDIR }, /* skipped if above was mounted */ MOUNT_FATAL|MOUNT_MKDIR }, /* skipped if above was mounted */
{ "tmpfs", "/dev", "tmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_STRICTATIME, { "tmpfs", "/dev", "tmpfs", "mode=755" TMPFS_LIMITS_DEV, MS_NOSUID|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_MKDIR }, MOUNT_FATAL|MOUNT_MKDIR },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777" TMPFS_LIMITS_DEV_SHM, MS_NOSUID|MS_NODEV|MS_STRICTATIME, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777" NESTED_TMPFS_LIMITS, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_MKDIR }, MOUNT_FATAL|MOUNT_MKDIR },
{ "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME, { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
MOUNT_FATAL|MOUNT_MKDIR }, MOUNT_FATAL|MOUNT_MKDIR },

View File

@ -191,6 +191,10 @@ LoopDevice* loop_device_unref(LoopDevice *d) {
return NULL; return NULL;
if (d->fd >= 0) { if (d->fd >= 0) {
/* Implicitly sync the device, since otherwise in-flight blocks might not get written */
if (fsync(d->fd) < 0)
log_debug_errno(errno, "Failed to sync loop block device, ignoring: %m");
if (d->nr >= 0 && !d->relinquished) { if (d->nr >= 0 && !d->relinquished) {
if (ioctl(d->fd, LOOP_CLR_FD) < 0) if (ioctl(d->fd, LOOP_CLR_FD) < 0)
log_debug_errno(errno, "Failed to clear loop device: %m"); log_debug_errno(errno, "Failed to clear loop device: %m");
@ -216,7 +220,7 @@ LoopDevice* loop_device_unref(LoopDevice *d) {
log_warning_errno(errno, "Failed to remove device %s: %m", strna(d->node)); log_warning_errno(errno, "Failed to remove device %s: %m", strna(d->node));
break; break;
} }
usleep(50 * USEC_PER_MSEC); (void) usleep(50 * USEC_PER_MSEC);
} }
} }

View File

@ -21,13 +21,11 @@
* PID1 because 16MB of free space is required. */ * PID1 because 16MB of free space is required. */
#define TMPFS_LIMITS_RUN ",size=20%,nr_inodes=800k" #define TMPFS_LIMITS_RUN ",size=20%,nr_inodes=800k"
/* The limit used for various tmpfs mounts, but not /tmp itself. /* The limit used for various nested tmpfs mounts, in paricular for guests started by systemd-nspawn.
* 10% of RAM (using 16GB of RAM as a baseline) translates to 400k inodes (assuming 4k each) and 25% * 10% of RAM (using 16GB of RAM as a baseline) translates to 400k inodes (assuming 4k each) and 25%
* translates to 1M inodes. * translates to 1M inodes.
* /tmp is configured through a .mount unit file. */ * (On the host, /tmp is configured through a .mount unit file.) */
#define TMPFS_LIMITS_TMP ",size=10%,nr_inodes=400k" #define NESTED_TMPFS_LIMITS ",size=10%,nr_inodes=400k"
#define TMPFS_LIMITS_DEV_SHM TMPFS_LIMITS_TMP
#define TMPFS_LIMITS_TEMPORARY_FS TMPFS_LIMITS_TMP
/* More space for volatile root and /var */ /* More space for volatile root and /var */
#define TMPFS_LIMITS_VAR ",size=25%,nr_inodes=1m" #define TMPFS_LIMITS_VAR ",size=25%,nr_inodes=1m"

View File

@ -409,7 +409,7 @@ static int print_ntp_status_info(NTPStatusInfo *i) {
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
r = table_add_cell_stringf(table, NULL, "%s (%s)", i->server_address, i->server_name); r = table_add_cell_stringf(table, NULL, "%s (%s)", strna(i->server_address), strna(i->server_name));
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);

View File

@ -137,11 +137,10 @@ static int manager_send_request(Manager *m) {
} }
/* re-arm timer with increasing timeout, in case the packets never arrive back */ /* re-arm timer with increasing timeout, in case the packets never arrive back */
if (m->retry_interval > 0) { if (m->retry_interval == 0)
if (m->retry_interval < m->poll_interval_max_usec) m->retry_interval = NTP_RETRY_INTERVAL_MIN_USEC;
m->retry_interval *= 2; else
} else m->retry_interval = MIN(m->retry_interval * 4/3, NTP_RETRY_INTERVAL_MAX_USEC);
m->retry_interval = m->poll_interval_min_usec;
r = manager_arm_timer(m, m->retry_interval); r = manager_arm_timer(m, m->retry_interval);
if (r < 0) if (r < 0)

View File

@ -24,6 +24,9 @@ typedef struct Manager Manager;
#define NTP_POLL_INTERVAL_MIN_USEC (32 * USEC_PER_SEC) #define NTP_POLL_INTERVAL_MIN_USEC (32 * USEC_PER_SEC)
#define NTP_POLL_INTERVAL_MAX_USEC (2048 * USEC_PER_SEC) #define NTP_POLL_INTERVAL_MAX_USEC (2048 * USEC_PER_SEC)
#define NTP_RETRY_INTERVAL_MIN_USEC (15 * USEC_PER_SEC)
#define NTP_RETRY_INTERVAL_MAX_USEC (6 * 60 * USEC_PER_SEC) /* 6 minutes */
struct Manager { struct Manager {
sd_bus *bus; sd_bus *bus;
sd_event *event; sd_event *event;

View File

@ -100,7 +100,7 @@ static int print_all_attributes(sd_device *device, bool is_parent) {
/* skip nonprintable attributes */ /* skip nonprintable attributes */
len = strlen(value); len = strlen(value);
while (len > 0 && isprint(value[len-1])) while (len > 0 && isprint((unsigned char) value[len-1]))
len--; len--;
if (len > 0) if (len > 0)
continue; continue;