hwdb: add fuzz for Dell Latitude E7470 (#18876 )

copy: move sync_rights() to copy.c and rename copy_rights()
It's so similar to copy_access(), hence let's move it over and rename it in similar style to the rest of the functions. No change in behaviour, just moving things over.
2025-10-03 10:44:44 +02:00 · 2021-03-05 10:10:54 +10:00 · 2021-03-04 22:35:52 +00:00 · 2021-03-05 07:12:51 +09:00 · 2021-03-04 20:50:41 +00:00 · 2021-03-04 20:50:07 +00:00
10 changed files with 93 additions and 66 deletions
--- a/hwdb.d/60-evdev.hwdb
+++ b/hwdb.d/60-evdev.hwdb
@ -265,10 +265,10 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE725

 # Dell Latitude E7470
 evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470:*
- EVDEV_ABS_00=29:2930:30
- EVDEV_ABS_01=26:1533:29
- EVDEV_ABS_35=29:2930:30
- EVDEV_ABS_36=26:1533:29
+ EVDEV_ABS_00=29:2930:30:16
+ EVDEV_ABS_01=26:1533:29:16
+ EVDEV_ABS_35=29:2930:30:16
+ EVDEV_ABS_36=26:1533:29:16

 # Dell Precision 5510
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510:*
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -801,46 +801,59 @@
      <varlistentry>
        <term><option>--network-interface=</option></term>

-        <listitem><para>Assign the specified network interface to the
-        container. This will remove the specified interface from the
-        calling namespace and place it in the container. When the
-        container terminates, it is moved back to the host namespace.
-        Note that <option>--network-interface=</option> implies
-        <option>--private-network</option>. This option may be used
-        more than once to add multiple network interfaces to the
-        container.</para></listitem>
+        <listitem><para>Assign the specified network interface to the container. This will remove the
+        specified interface from the calling namespace and place it in the container. When the container
+        terminates, it is moved back to the calling namespace.  Note that
+        <option>--network-interface=</option> implies <option>--private-network</option>. This option may be
+        used more than once to add multiple network interfaces to the container.</para>
+
+        <para>Note that any network interface specified this way must already exist at the time the container
+        is started. If the container shall be started automatically at boot via a
+        <filename>systemd-nspawn@.service</filename> unit file instance, it might hence make sense to add a
+        unit file drop-in to the service instance
+        (e.g. <filename>/etc/systemd/system/systemd-nspawn@foobar.service.d/50-network.conf</filename>) with
+        contents like the following:</para>
+
+        <programlisting>[Unit]
+Wants=sys-subsystem-net-devices-ens1.device
+After=sys-subsystem-net-devices-ens1.device</programlisting>
+
+        <para>This will make sure that activation of the container service will be delayed until the
+        <literal>ens1</literal> network interface has shown up. This is required since hardware probing is
+        fully asynchronous, and network interfaces might be discovered only later during the boot process,
+        after the container would normally be started without these explicit dependencies.</para>
+        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--network-macvlan=</option></term>

-        <listitem><para>Create a <literal>macvlan</literal> interface
-        of the specified Ethernet network interface and add it to the
-        container. A <literal>macvlan</literal> interface is a virtual
-        interface that adds a second MAC address to an existing
-        physical Ethernet link. The interface in the container will be
-        named after the interface on the host, prefixed with
-        <literal>mv-</literal>. Note that
-        <option>--network-macvlan=</option> implies
-        <option>--private-network</option>. This option may be used
-        more than once to add multiple network interfaces to the
-        container.</para></listitem>
+        <listitem><para>Create a <literal>macvlan</literal> interface of the specified Ethernet network
+        interface and add it to the container. A <literal>macvlan</literal> interface is a virtual interface
+        that adds a second MAC address to an existing physical Ethernet link. The interface in the container
+        will be named after the interface on the host, prefixed with <literal>mv-</literal>. Note that
+        <option>--network-macvlan=</option> implies <option>--private-network</option>. This option may be
+        used more than once to add multiple network interfaces to the container.</para>
+
+        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
+        already exist at the time the container is started, and thus similar unit file drop-ins as described
+        above might be useful.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--network-ipvlan=</option></term>

-        <listitem><para>Create an <literal>ipvlan</literal> interface
-        of the specified Ethernet network interface and add it to the
-        container. An <literal>ipvlan</literal> interface is a virtual
-        interface, similar to a <literal>macvlan</literal> interface,
-        which uses the same MAC address as the underlying interface.
-        The interface in the container will be named after the
-        interface on the host, prefixed with <literal>iv-</literal>.
-        Note that <option>--network-ipvlan=</option> implies
-        <option>--private-network</option>. This option may be used
-        more than once to add multiple network interfaces to the
-        container.</para></listitem>
+        <listitem><para>Create an <literal>ipvlan</literal> interface of the specified Ethernet network
+        interface and add it to the container. An <literal>ipvlan</literal> interface is a virtual interface,
+        similar to a <literal>macvlan</literal> interface, which uses the same MAC address as the underlying
+        interface.  The interface in the container will be named after the interface on the host, prefixed
+        with <literal>iv-</literal>.  Note that <option>--network-ipvlan=</option> implies
+        <option>--private-network</option>. This option may be used more than once to add multiple network
+        interfaces to the container.</para>
+
+        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
+        already exist at the time the container is started, and thus similar unit file drop-ins as described
+        above might be useful.</para></listitem>
      </varlistentry>

      <varlistentry>
@ -907,7 +920,11 @@
        this option is used, the host side of the Ethernet link will use the <literal>vb-</literal> prefix
        instead of <literal>ve-</literal>. Regardless of the used naming prefix the same network interface
        name length limits imposed by Linux apply, along with the complications this creates (for details see
-        above).</para></listitem>
+        above).</para>
+
+        <para>As with <option>--network-interface=</option>, the underlying bridge network interface must
+        already exist at the time the container is started, and thus similar unit file drop-ins as described
+        above might be useful.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/src/basic/copy.c
+++ b/src/basic/copy.c
@ -1147,24 +1147,24 @@ int copy_file_atomic_full(
         * writing it. */

        if (copy_flags & COPY_REPLACE) {
-                r = tempfn_random(to, NULL, &t);
+                _cleanup_free_ char *f = NULL;
+
+                r = tempfn_random(to, NULL, &f);
                if (r < 0)
                        return r;

                if (copy_flags & COPY_MAC_CREATE) {
                        r = mac_selinux_create_file_prepare(to, S_IFREG);
-                        if (r < 0) {
-                                t = mfree(t);
+                        if (r < 0)
                                return r;
-                        }
                }
-                fdt = open(t, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
+                fdt = open(f, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
                if (copy_flags & COPY_MAC_CREATE)
                        mac_selinux_create_file_clear();
-                if (fdt < 0) {
-                        t = mfree(t);
+                if (fdt < 0)
                        return -errno;
-                }
+
+                t = TAKE_PTR(f);
        } else {
                if (copy_flags & COPY_MAC_CREATE) {
                        r = mac_selinux_create_file_prepare(to, S_IFREG);
@ -1232,6 +1232,8 @@ int copy_access(int fdf, int fdt) {
        assert(fdf >= 0);
        assert(fdt >= 0);

+        /* Copies just the access mode (and not the ownership) from fdf to fdt */
+
        if (fstat(fdf, &st) < 0)
                return -errno;

@ -1241,6 +1243,20 @@ int copy_access(int fdf, int fdt) {
        return 0;
 }

+int copy_rights(int fdf, int fdt) {
+        struct stat st;
+
+        assert(fdf >= 0);
+        assert(fdt >= 0);
+
+        /* Copies both access mode and ownership from fdf to fdt */
+
+        if (fstat(fdf, &st) < 0)
+                return -errno;
+
+        return fchmod_and_chown(fdt, st.st_mode & 07777, st.st_uid, st.st_gid);
+}
+
 int copy_xattr(int fdf, int fdt) {
        _cleanup_free_ char *names = NULL;
        int ret = 0, r;
--- a/src/basic/copy.h
+++ b/src/basic/copy.h
@ -64,4 +64,5 @@ static inline int copy_bytes(int fdf, int fdt, uint64_t max_bytes, CopyFlags cop

 int copy_times(int fdf, int fdt, CopyFlags flags);
 int copy_access(int fdf, int fdt);
+int copy_rights(int fdf, int fdt);
 int copy_xattr(int fdf, int fdt);
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@ -548,7 +548,9 @@ int read_full_stream_full(
                }

                buf = t;
-                n = n_next;
+                /* Unless a size has been explicitly specified, try to read as much as fits into the memory
+                 * we allocated (minus 1, to leave one byte for the safety NUL byte) */
+                n = size == SIZE_MAX ? malloc_usable_size(buf) - 1 : n_next;

                errno = 0;
                k = fread(buf + l, 1, n - l, f);
@ -1325,15 +1327,6 @@ int warn_file_is_world_accessible(const char *filename, struct stat *st, const c
        return 0;
 }

-int sync_rights(int from, int to) {
-        struct stat st;
-
-        if (fstat(from, &st) < 0)
-                return -errno;
-
-        return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
-}
-
 int rename_and_apply_smack_floor_label(const char *from, const char *to) {
        int r = 0;
        if (rename(from, to) < 0)
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@ -118,6 +118,4 @@ int safe_fgetc(FILE *f, char *ret);

 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line);

-int sync_rights(int from, int to);
-
 int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);
--- a/src/basic/rm-rf.h
+++ b/src/basic/rm-rf.h
@ -24,7 +24,7 @@ static inline char *rm_rf_physical_and_free(char *p) {
        if (!p)
                return NULL;

-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK|REMOVE_CHMOD);
        free(p);
        return NULL;
 }
@ -37,7 +37,7 @@ static inline char *rm_rf_subvolume_and_free(char *p) {
        if (!p)
                return NULL;

-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME|REMOVE_MISSING_OK|REMOVE_CHMOD);
        free(p);
        return NULL;
 }
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@ -675,7 +675,7 @@ static int write_root_passwd(const char *passwd_path, const char *password, cons
        if (original) {
                struct passwd *i;

-                r = sync_rights(fileno(original), fileno(passwd));
+                r = copy_rights(fileno(original), fileno(passwd));
                if (r < 0)
                        return r;

@ -743,7 +743,7 @@ static int write_root_shadow(const char *shadow_path, const char *hashed_passwor
        if (original) {
                struct spwd *i;

-                r = sync_rights(fileno(original), fileno(shadow));
+                r = copy_rights(fileno(original), fileno(shadow));
                if (r < 0)
                        return r;

--- a/src/run/run.c
+++ b/src/run/run.c
@ -956,10 +956,12 @@ static int make_unit_name(sd_bus *bus, UnitType t, char **ret) {
                return 0;
        }

-        /* We managed to get the unique name, then let's use that to
-         * name our transient units. */
+        /* We managed to get the unique name, then let's use that to name our transient units. */

-        id = startswith(unique, ":");
+        id = startswith(unique, ":1."); /* let' strip the usual prefix */
+        if (!id)
+                id = startswith(unique, ":"); /* the spec only requires things to start with a colon, hence
+                                               * let's add a generic fallback for that. */
        if (!id)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Unique name %s has unexpected format.",
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@ -393,7 +393,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
        original = fopen(passwd_path, "re");
        if (original) {

-                r = sync_rights(fileno(original), fileno(passwd));
+                r = copy_rights(fileno(original), fileno(passwd));
                if (r < 0)
                        return r;

@ -494,7 +494,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
        original = fopen(shadow_path, "re");
        if (original) {

-                r = sync_rights(fileno(original), fileno(shadow));
+                r = copy_rights(fileno(original), fileno(shadow));
                if (r < 0)
                        return r;

@ -590,7 +590,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
        original = fopen(group_path, "re");
        if (original) {

-                r = sync_rights(fileno(original), fileno(group));
+                r = copy_rights(fileno(original), fileno(group));
                if (r < 0)
                        return r;

@ -688,7 +688,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
        if (original) {
                struct sgrp *sg;

-                r = sync_rights(fileno(original), fileno(gshadow));
+                r = copy_rights(fileno(original), fileno(gshadow));
                if (r < 0)
                        return r;
Author	SHA1	Message	Date
Alastair Pharo	329998b365	hwdb: add fuzz for Dell Latitude E7470 (#18876 )	2021-03-05 10:10:54 +10:00
Lennart Poettering	bb72c43485	copy: move sync_rights() to copy.c and rename copy_rights() It's so similar to copy_access(), hence let's move it over and rename it in similar style to the rest of the functions. No change in behaviour, just moving things over.	2021-03-04 22:35:52 +00:00
Lennart Poettering	e1aec57dd1	copy: simplify error paths when creating temporary files	2021-03-05 07:12:51 +09:00
Lennart Poettering	e6283cbf48	run: tweak algorithm for generating unit name from dbus unique name This reverts behaviour of systemd-run's unit name generation to the status quo ante of #18871: we chop off the ":1." prefix if we can. However, to address the issue that the unique name can overrun we then do what #18871 did as fallback: only chop off the ":" prefix. This way we should have pretty names that look like they always looked in the common case, but in the case of a unique name overrun we still will have names that work. Follow-up for #18871	2021-03-04 20:50:41 +00:00
Lennart Poettering	4d930e87ee	rm-rf: fix up chmod in the _cleanup_ rm_rf() destructors REMOVE_CHMOD is necessary to remove files/dirs that are owned by us but have an access mode that would not allow us to remove them. In generic destructor calls for use with `_cleanup_` that are "fire-and-forget" style we should make use of that, to maximize the chance we can actually remove the files/dirs. (Also, add in REMOVE_MISSING_OK. Just because prettier, we ignore the return codes anyway, but it' a bit nicer to ignore a bit fewer errors.)	2021-03-04 20:50:07 +00:00
Lennart Poettering	44a8ad7a24	man: document how to use --network-interface= during boot Fixes: #18793	2021-03-04 18:55:36 +01:00
Lennart Poettering	a60d064748	fileio: minor read_full_stream_full() optimization If we shall read as much of a file/stream as we can, then it makes sense to use the full malloc()ed memory, not just the part we asked for.	2021-03-04 18:55:02 +01:00