Merge pull request #19129 from keszybz/test-random-range

Test random_u64_range()

hwdb.d/README

@@ -0,0 +1,11 @@
+Files in this directory specify a description of hardware devices, in the form
+of mappings from modalias-like keys (which identify specific hardware devices)
+to udev properties.
+
+Files in this directory are not read by udev directly. Instead,
+man:systemd-hwdb(8) compiles them into a binary database.
+
+See man:hwdb(7) for an overview of the configuration file format, and
+man:systemd-udevd.service(8) for a description of the udev daemon.
+
+Use 'systemd-analyze cat-config udev/hwdb.d' to display the effective config.

hwdb.d/meson.build

@@ -4,6 +4,7 @@
 # they are very long but quite repetitive and the parser is not very fast.
 # So we don't "test" them.
 hwdb_files_notest = files('''
+        README
         20-dmi-id.hwdb
         20-pci-vendor-model.hwdb
         20-pci-classes.hwdb

meson.build

@@ -3472,7 +3472,8 @@ if install_sysconfdir
         install_data('xorg/50-systemd-user.sh',
                      install_dir : xinitrcdir)
 endif
-install_data('modprobe.d/systemd.conf',
+install_data('README',
+             'modprobe.d/systemd.conf',
              install_dir : modprobedir)
 install_data('LICENSE.GPL2',
              'LICENSE.LGPL2.1',

modprobe.d/README

@@ -0,0 +1,7 @@
+Files in this directory contain configuration for modprobe, a program to load
+kernel modules.
+
+See man:modprobe.d(5) for explanation of the configuration file format, and
+man:modprobe(8) for a description of the program itself.
+
+Use 'systemd-analyze cat-config modprobe.d' to display the effective config.

rules.d/README

@@ -0,0 +1,8 @@
+Files in this directory contain configuration for systemd-udev.service, a
+daemon that manages symlinks to device nodes, permissions of devices nodes,
+emits device events for userspace, and renames network interfaces.
+
+See man:udev(7) for an overview of the configuration file format, and
+man:systemd-udevd.service(8) for a description of service itself.
+
+Use 'systemd-analyze cat-config udev/rules.d' to display the effective config.

rules.d/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+install_data(
+        'README',
+        install_dir : udevrulesdir)
+
 rules = files('''
         60-autosuspend.rules
         60-block.rules

src/basic/log.h

@@ -216,7 +216,7 @@ int log_emergency_level(void);
 #define log_error_errno(error, ...)     log_full_errno(LOG_ERR,     error, __VA_ARGS__)
 #define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__)
 
-#ifdef LOG_TRACE
+#if LOG_TRACE
 #  define log_trace(...) log_debug(__VA_ARGS__)
 #else
 #  define log_trace(...) do {} while (0)

src/core/dbus-manager.c

@@ -2664,7 +2664,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
         SD_BUS_PROPERTY("ShowStatus", "b", property_get_show_status, 0, 0),
         SD_BUS_PROPERTY("UnitPath", "as", NULL, offsetof(Manager, lookup_paths.search_path), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("DefaultStandardOutput", "s", bus_property_get_exec_output, offsetof(Manager, default_std_output), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("DefaultStandardError", "s", bus_property_get_exec_output, offsetof(Manager, default_std_output), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("DefaultStandardError", "s", bus_property_get_exec_output, offsetof(Manager, default_std_error), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_WRITABLE_PROPERTY("RuntimeWatchdogUSec", "t", property_get_runtime_watchdog, property_set_runtime_watchdog, 0, 0),
         SD_BUS_WRITABLE_PROPERTY("RebootWatchdogUSec", "t", property_get_reboot_watchdog, property_set_reboot_watchdog, 0, 0),
         /* The following item is an obsolete alias */

src/core/system.conf.in

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/system.conf' to display the full config.
+#
 # See systemd-system.conf(5) for details.
 
 [Manager]

src/coredump/coredump.conf

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/coredump.conf' to display the full config.
+#
 # See coredump.conf(5) for details.
 
 [Coredump]

src/home/homed.conf

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/homed.conf' to display the full config.
+#
 # See homed.conf(5) for details.
 
 [Home]

src/journal/journald.conf

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config.
+#
 # See journald.conf(5) for details.
 
 [Journal]

src/libsystemd-network/test-dhcp6-client.c

@@ -467,6 +467,7 @@ static int test_advertise_option(sd_event *e) {
 
                 case SD_DHCP6_OPTION_SERVERID:
                         assert_se(optlen == 14);
+                        assert_se(optval == &msg_advertise[179]);
                         assert_se(!memcmp(optval, &msg_advertise[179], optlen));
 
                         assert_se(dhcp6_lease_set_serverid(lease, optval,

src/login/logind.conf.in

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/logind.conf' to display the full config.
+#
 # See logind.conf(5) for details.
 
 [Login]

src/oom/oomd.conf

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/oomd.conf' to display the full config.
+#
 # See oomd.conf(5) for details
 
 [OOM]

src/resolve/resolved-dns-query.c

@@ -1122,6 +1122,8 @@ int dns_query_process_cname_one(DnsQuery *q) {
                 q->previous_redirect_unauthenticated = true;
         if (!FLAGS_SET(q->answer_query_flags, SD_RESOLVED_CONFIDENTIAL))
                 q->previous_redirect_non_confidential = true;
+        if (!FLAGS_SET(q->answer_query_flags, SD_RESOLVED_SYNTHETIC))
+                q->previous_redirect_non_synthetic = true;
 
         /* OK, let's actually follow the CNAME */
         r = dns_query_cname_redirect(q, cname);
@@ -1244,9 +1246,17 @@ bool dns_query_fully_confidential(DnsQuery *q) {
         return FLAGS_SET(q->answer_query_flags, SD_RESOLVED_CONFIDENTIAL) && !q->previous_redirect_non_confidential;
 }
 
-bool dns_query_fully_synthetic(DnsQuery *q) {
+bool dns_query_fully_authoritative(DnsQuery *q) {
         assert(q);
 
-        return (q->answer_query_flags & (SD_RESOLVED_SYNTHETIC | SD_RESOLVED_FROM_TRUST_ANCHOR)) &&
-                !(q->answer_query_flags & SD_RESOLVED_FROM_MASK & ~SD_RESOLVED_FROM_TRUST_ANCHOR);
+        /* We are authoritative for everything synthetic (except if a previous CNAME/DNAME) wasn't
+         * synthetic. (Note: SD_RESOLVED_SYNTHETIC is reset on each CNAME/DNAME, hence the explicit check for
+         * previous synthetic DNAME/CNAME redirections.)*/
+        if ((q->answer_query_flags & SD_RESOLVED_SYNTHETIC) && !q->previous_redirect_non_synthetic)
+                return true;
+
+        /* We are also authoritative for everything coming only from the trust anchor and the local
+         * zones. (Note: the SD_RESOLVED_FROM_xyz flags we merge on each redirect, hence no need to
+         * explicitly check previous redirects here.)*/
+        return (q->answer_query_flags & SD_RESOLVED_FROM_MASK & ~(SD_RESOLVED_FROM_TRUST_ANCHOR | SD_RESOLVED_FROM_ZONE)) == 0;
 }

src/resolve/resolved-dns-query.h

@@ -80,6 +80,7 @@ struct DnsQuery {
         int answer_errno; /* if state is DNS_TRANSACTION_ERRNO */
         bool previous_redirect_unauthenticated;
         bool previous_redirect_non_confidential;
+        bool previous_redirect_non_synthetic;
         DnsPacket *answer_full_packet;
 
         /* Bus + Varlink client information */
@@ -142,7 +143,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQuery*, dns_query_free);
 
 bool dns_query_fully_authenticated(DnsQuery *q);
 bool dns_query_fully_confidential(DnsQuery *q);
-bool dns_query_fully_synthetic(DnsQuery *q);
+bool dns_query_fully_authoritative(DnsQuery *q);
 
 static inline uint64_t dns_query_reply_flags_make(DnsQuery *q) {
         assert(q);

src/resolve/resolved-dns-stub.c

@@ -580,7 +580,7 @@ static int dns_stub_send_reply(
                         DNS_PACKET_ID(q->request_packet),
                         rcode,
                         truncated,
-                        dns_query_fully_synthetic(q),
+                        dns_query_fully_authoritative(q),
                         !!q->request_packet->opt,
                         edns0_do,
                         DNS_PACKET_AD(q->request_packet) && dns_query_fully_authenticated(q),

src/resolve/resolved.conf.in

@@ -10,6 +10,8 @@
 # the system.conf.d/ subdirectory. The latter is generally recommended.
 # Defaults can be restored by simply deleting this file and all drop-ins.
 #
+# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
+#
 # See resolved.conf(5) for details.
 
 [Resolve]

src/test/test-random-util.c

@@ -1,17 +1,20 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include <math.h>
+
 #include "hexdecoct.h"
-#include "random-util.h"
 #include "log.h"
+#include "memory-util.h"
+#include "random-util.h"
+#include "terminal-util.h"
 #include "tests.h"
 
 static void test_genuine_random_bytes(RandomFlags flags) {
         uint8_t buf[16] = {};
-        unsigned i;
 
         log_info("/* %s */", __func__);
 
-        for (i = 1; i < sizeof buf; i++) {
+        for (size_t i = 1; i < sizeof buf; i++) {
                 assert_se(genuine_random_bytes(buf, i, flags) == 0);
                 if (i + 1 < sizeof buf)
                         assert_se(buf[i] == 0);
@@ -22,11 +25,10 @@ static void test_genuine_random_bytes(RandomFlags flags) {
 
 static void test_pseudo_random_bytes(void) {
         uint8_t buf[16] = {};
-        unsigned i;
 
         log_info("/* %s */", __func__);
 
-        for (i = 1; i < sizeof buf; i++) {
+        for (size_t i = 1; i < sizeof buf; i++) {
                 pseudo_random_bytes(buf, i);
                 if (i + 1 < sizeof buf)
                         assert_se(buf[i] == 0);
@@ -36,9 +38,11 @@ static void test_pseudo_random_bytes(void) {
 }
 
 static void test_rdrand(void) {
-        int r, i;
+        int r;
 
-        for (i = 0; i < 10; i++) {
+        log_info("/* %s */", __func__);
+
+        for (unsigned i = 0; i < 10; i++) {
                 unsigned long x = 0;
 
                 r = rdrand(&x);
@@ -51,6 +55,50 @@ static void test_rdrand(void) {
         }
 }
 
+#define TOTAL 100000
+
+static void test_random_u64_range_one(unsigned mod) {
+        log_info("/* %s(%u) */", __func__, mod);
+
+        unsigned max = 0, count[mod];
+        zero(count);
+
+        for (unsigned i = 0; i < TOTAL; i++) {
+                uint64_t x;
+
+                x = random_u64_range(mod);
+
+                log_trace("%05u: %"PRIu64, i, x);
+                count[x]++;
+                max = MAX(max, count[x]);
+        }
+
+        /* Print histogram: vertical axis — value, horizontal axis — count.
+         *
+         * The expected value is always TOTAL/mod, because the distribution should be flat. The expected
+         * variance is TOTAL×p×(1-p), where p==1/mod, and standard deviation the root of the variance.
+         * Assert that the deviation from the expected value is less than 6 standard deviations.
+         */
+        unsigned scale = 2 * max / (columns() < 20 ? 80 : columns() - 20);
+        double exp = (double) TOTAL / mod;
+
+        for (size_t i = 0; i < mod; i++) {
+                double dev = (count[i] - exp) / sqrt(exp * (mod > 1 ? mod - 1 : 1) / mod);
+                log_debug("%02zu: %5u (%+.3f)%*s",
+                          i, count[i], dev,
+                          count[i] / scale, "x");
+
+                assert_se(fabs(dev) < 6); /* 6 sigma is excessive, but this check should be enough to
+                                           * identify catastrophic failure while minimizing false
+                                           * positives. */
+        }
+}
+
+static void test_random_u64_range(void) {
+        for (unsigned mod = 1; mod < 29; mod++)
+                test_random_u64_range_one(mod);
+}
+
 int main(int argc, char **argv) {
         test_setup_logging(LOG_DEBUG);
 
@@ -61,8 +109,8 @@ int main(int argc, char **argv) {
         test_genuine_random_bytes(RANDOM_ALLOW_INSECURE);
 
         test_pseudo_random_bytes();
-
         test_rdrand();
+        test_random_u64_range();
 
         return 0;
 }

sysctl.d/README

@@ -0,0 +1,8 @@
+Files in this directory contain configuration for systemd-sysctl.service, a
+service to configure sysctl kernel parameters.
+
+See man:sysctl.d(5) for explanation of the configuration file format, and
+man:sysctl(8) and man:systemd-sysctl.service(8) for a description of when and
+how this configuration is applied.
+
+Use 'systemd-analyze cat-config sysctl.d' to display the effective config.

sysctl.d/meson.build

@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 install_data(
+        'README',
         '50-default.conf',
         install_dir : sysctldir)
 

sysusers.d/README

@@ -0,0 +1,8 @@
+Files in this directory contain configuration for systemd-sysusers, a program
+to allocate system users and groups.
+
+See man:sysusers.d(5) for explanation of the configuration file format, and
+man:systemd-sysusers(8) for a description of when and how this configuration is
+applied.
+
+Use 'systemd-analyze cat-config sysusers.d' to display the effective config.

sysusers.d/meson.build

@@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+if enable_sysusers
+        install_data('README', install_dir : sysusersdir)
+endif
+
 in_files = ['basic.conf']
 
 foreach file : in_files

tmpfiles.d/README

@@ -0,0 +1,8 @@
+Files in this directory contain configuration for systemd-tmpfiles, a program
+to create, delete, and clean up volatile and temporary files and directories.
+
+See man:tmpfiles.d(5) for explanation of the configuration file format, and
+man:systemd-tmpfiles(8) for a description of when and how this configuration is
+applied.
+
+Use 'systemd-analyze cat-config tmpfiles.d' to display the effective config.

tmpfiles.d/meson.build

@@ -2,19 +2,20 @@
 
 enable_tmpfiles = conf.get('ENABLE_TMPFILES') == 1
 
-tmpfiles = [['home.conf',            ''],
-            ['journal-nocow.conf',   ''],
-            ['systemd-nologin.conf', 'HAVE_PAM'],
-            ['systemd-nspawn.conf',  'ENABLE_MACHINED'],
-            ['systemd-tmp.conf',     ''],
-            ['portables.conf',       'ENABLE_PORTABLED'],
-            ['systemd-pstore.conf',  'ENABLE_PSTORE'],
-            ['tmp.conf',             ''],
-            ['x11.conf',             ''],
-            ['legacy.conf',          'HAVE_SYSV_COMPAT'],
-           ]
+files = [['README',               ''],
+         ['home.conf',            ''],
+         ['journal-nocow.conf',   ''],
+         ['systemd-nologin.conf', 'HAVE_PAM'],
+         ['systemd-nspawn.conf',  'ENABLE_MACHINED'],
+         ['systemd-tmp.conf',     ''],
+         ['portables.conf',       'ENABLE_PORTABLED'],
+         ['systemd-pstore.conf',  'ENABLE_PSTORE'],
+         ['tmp.conf',             ''],
+         ['x11.conf',             ''],
+         ['legacy.conf',          'HAVE_SYSV_COMPAT'],
+        ]
 
-foreach pair : tmpfiles
+foreach pair : files
         if not enable_tmpfiles
                 # do nothing
         elif pair[1] == '' or conf.get(pair[1]) == 1