units: make locale directory writable for systemd-localed

With 8f20232fcb52dbe6255f3df6101fc057af90bcfa systemd-localed supports generating locales when required. This fails if the locale directory is read-only, so make it writable. Closes #19138
sd-bus: set retain attribute on BUS_ERROR_MAP_ELF_REGISTER
2026-03-11 23:54:46 +01:00 · 2021-03-29 12:33:36 +02:00 · 2021-03-29 12:31:42 +02:00 · 2021-03-29 10:51:32 +02:00 · 2021-03-26 15:54:58 +01:00 · 2021-03-26 15:54:56 +01:00
6 changed files with 34 additions and 24 deletions
--- a/meson.build
+++ b/meson.build
@ -857,10 +857,13 @@ conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale)

 localegen_path = get_option('localegen-path')
 have = false
+writable = ''
 if localegen_path != ''
        conf.set_quoted('LOCALEGEN_PATH', localegen_path)
        have = true
+        writable = ' /usr/lib/locale'
 endif
+substs.set('SERVICE_LOCALEGEN_WRITABLE', writable)
 conf.set10('HAVE_LOCALEGEN', have)

 conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@ -27,7 +27,8 @@
 #include "string-util.h"
 #include "tmpfile-util.h"

-#define READ_FULL_BYTES_MAX (4U*1024U*1024U)
+/* The maximum size of the file we'll read in one go. */
+#define READ_FULL_BYTES_MAX (4U*1024U*1024U - 1)

 int fopen_unlocked(const char *path, const char *options, FILE **ret) {
        assert(ret);
@ -386,8 +387,10 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re

        /* Start size for files in /proc/ which usually report a file size of 0. (Files in /sys/ report a
         * file size of 4K, which is probably OK for sizing our initial buffer, and sysfs attributes can't be
-         * larger anyway.) */
-        size = LINE_MAX / 2;
+         * larger anyway.)
+         *
+         * It's one less than 4k, so that the malloc() below allocates exactly 4k. */
+        size = 4095;

        /* Limit the number of attempts to read the number of bytes returned by fstat(). */
        n_retries = 3;
@ -403,22 +406,27 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re
                        return -EBADF;

                /* Be prepared for files from /proc which generally report a file size of 0. */
+                assert_cc(READ_FULL_BYTES_MAX < SSIZE_MAX);
                if (st.st_size > 0) {
-                        if (st.st_size > SSIZE_MAX) /* safety check in case off_t is 64bit and size_t 32bit */
+                        if (st.st_size > READ_FULL_BYTES_MAX)
                                return -E2BIG;

                        size = st.st_size;
                        n_retries--;
-                } else
-                        /* Double the buffer size (saturate in case of overflow) */
-                        size = size > SSIZE_MAX / 2 ? SSIZE_MAX : size * 2;
-
-                if (size > READ_FULL_BYTES_MAX)
-                        return -E2BIG;
+                } else {
+                        /* Double the buffer size */
+                        if (size >= READ_FULL_BYTES_MAX)
+                                return -E2BIG;
+                        if (size > READ_FULL_BYTES_MAX / 2 - 1)
+                                size = READ_FULL_BYTES_MAX; /* clamp to max */
+                        else
+                                size = size * 2 + 1; /* Stay always one less than page size, so we malloc evenly */
+                }

                buf = malloc(size + 1);
                if (!buf)
                        return -ENOMEM;
+                size = malloc_usable_size(buf) - 1; /* Use a bigger allocation if we got it anyway */

                for (;;) {
                        ssize_t k;
@ -462,16 +470,13 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re
                buf = TAKE_PTR(p);
        }

-        if (!ret_size) {
-                /* Safety check: if the caller doesn't want to know the size of what we
-                 * just read it will rely on the trailing NUL byte. But if there's an
-                 * embedded NUL byte, then we should refuse operation as otherwise
-                 * there'd be ambiguity about what we just read. */
-
-                if (memchr(buf, 0, n))
-                        return -EBADMSG;
-        } else
+        if (ret_size)
                *ret_size = n;
+        else if (memchr(buf, 0, n))
+                /* Safety check: if the caller doesn't want to know the size of what we just read it will
+                 * rely on the trailing NUL byte. But if there's an embedded NUL byte, then we should refuse
+                 * operation as otherwise there'd be ambiguity about what we just read. */
+                return -EBADMSG;

        buf[n] = 0;
        *ret_contents = TAKE_PTR(buf);
--- a/src/libsystemd/sd-bus/bus-error.h
+++ b/src/libsystemd/sd-bus/bus-error.h
@ -28,11 +28,17 @@ int bus_error_set_errnofv(sd_bus_error *e, int error, const char *format, va_lis
 * the bus error table, and BUS_ERROR_MAP_ELF_USE has to be used at
 * least once per compilation unit (i.e. per library), to ensure that
 * the error map is really added to the final binary.
+ *
+ * In addition, set the retain attribute so that the section cannot be
+ * discarded by ld --gc-sections -z start-stop-gc. Older compilers would
+ * warn for the unknown attribute, so just disable -Wattributes.
 */

 #define BUS_ERROR_MAP_ELF_REGISTER                                      \
+        _Pragma("GCC diagnostic ignored \"-Wattributes\"")              \
        _section_("SYSTEMD_BUS_ERROR_MAP")                              \
        _used_                                                          \
+        __attribute__((retain))                                         \
        _alignptr_                                                      \
        _variable_no_sanitize_address_

--- a/src/libsystemd/sd-device/test-sd-device-thread.c
+++ b/src/libsystemd/sd-device/test-sd-device-thread.c
@ -30,8 +30,6 @@ int main(int argc, char *argv[]) {
        const char *key, *value;
        int r;

-        unsetenv("SYSTEMD_MEMPOOL");
-
        r = sd_device_new_from_syspath(&loopback, "/sys/class/net/lo");
        if (r < 0)
                return handle_error_errno(r, "Failed to create loopback device object");
--- a/src/libudev/test-udev-device-thread.c
+++ b/src/libudev/test-udev-device-thread.c
@ -28,8 +28,6 @@ int main(int argc, char *argv[]) {
        pthread_t t;
        int r;

-        unsetenv("SYSTEMD_MEMPOOL");
-
        loopback = udev_device_new_from_syspath(NULL, "/sys/class/net/lo");
        if (!loopback)
                return handle_error_errno(errno, "Failed to create loopback device object");
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@ -33,7 +33,7 @@ ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
-ReadWritePaths=/etc
+ReadWritePaths=/etc@SERVICE_LOCALEGEN_WRITABLE@
 RestrictAddressFamilies=AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes
Author	SHA1	Message	Date
Christian Hesse	46cfe8f50d	units: make locale directory writable for systemd-localed With 8f20232fcb52dbe6255f3df6101fc057af90bcfa systemd-localed supports generating locales when required. This fails if the locale directory is read-only, so make it writable. Closes #19138	2021-03-29 12:33:36 +02:00
Fangrui Song	945317a4b6	sd-bus: set retain attribute on BUS_ERROR_MAP_ELF_REGISTER LLD 13 and GNU ld 2.37 support -z start-stop-gc which allows garbage collection of C identifier name sections despite the __start_/__stop_ references. Simply set the retain attribute so that GCC 11 (if configure-time binutils is 2.36 or newer)/Clang 13 will set the SHF_GNU_RETAIN section attribute to prevent garbage collection. Without the patch, there are linker errors like the following with -z start-stop-gc. ``` ld: error: undefined symbol: __start_SYSTEMD_BUS_ERROR_MAP >>> referenced by bus-error.c:93 (../src/libsystemd/sd-bus/bus-error.c:93) >>> sd-bus_bus-error.c.o:(bus_error_name_to_errno) in archive src/libsystemd/libsystemd_static.a ```	2021-03-29 12:31:42 +02:00
Zbigniew Jędrzejewski-Szmek	8a773a30ba	Merge pull request #19116 from keszybz/readvirtualfile-opt Optimize read_full_virtual_file() and another coverity issue	2021-03-29 10:51:32 +02:00
Zbigniew Jędrzejewski-Szmek	bc52deda4b	tests: drop calls to unsetenv SYSTEMD_MEMPOOL Coverity was complaining that we don't check the return value, which we stopped doing in 772e0a76f34914f6f81205e912e4744c6b23f704. But it seems that we don't want those calls at all. The test was originally added with the call in a6ee01caf3409ba9820e8824b9262fbac31a9f77, but I don't see why we should override this. If the user wants to execute the test with mempool disabled, we shouldn't ignore that. Coverity CID#1444464, CID#1444466.	2021-03-26 15:54:58 +01:00
Zbigniew Jędrzejewski-Szmek	f1a8a66c35	basic/fileio: use malloc_usable_size() to use all allocated memory	2021-03-26 15:54:56 +01:00
Zbigniew Jędrzejewski-Szmek	a9899ff358	basic/fileio: optimize buffer sizes in read_full_virtual_file() We'd proceed rather inefficiently: the initial buffer size was LINE_MAX/2, i.e. only 1k. We can read 4k at the same cost. Also, we'd try to allocate 1025, 2049, 4097 bytes, i.e. always one higher than the power-of-two size. Effectively the allocation would be bigger, and we'd waste the additional space. So let's allocate aligned to the power-of-two size. size=4095, 8191, 16383, so we allocate 4k, 8k, 16k.	2021-03-26 15:53:50 +01:00
Zbigniew Jędrzejewski-Szmek	ca79564309	basic/fileio: simplify calculation of buffer size in read_full_virtual_file() We'd first assign a value up to SSIZE_MAX, and then immediately check if we have a value bigger than READ_FULL_BYTES_MAX. This wasn't exactly wrong, but a bit roundabout. Let's immediately assign the value from the appropriate range or error out. Coverity CID#1450973.	2021-03-26 15:46:44 +01:00