Merge 2045a29e6c into 8e7ef6abb8

Follow-up for 710653d3bc.

NEWS

@@ -96,6 +96,9 @@ CHANGES WITH 258 in spe:
           continue to work, update to xf86-input-evdev >= 2.11.0 and
           xf86-input-libinput >= 1.5.0 before updating to systemd >= 258.
 
+        * The meson option 'integration-tests' has been deprecated, and will be
+          removed in a future release.
+
         — <place>, <date>
 
 CHANGES WITH 257:

rules.d/70-uaccess.rules.in

@@ -77,6 +77,20 @@ ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
 # media player raw devices (for user-mode drivers, Android SDK, etc.)
 SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
 
+# Android devices (ADB DbC, ADB, Fastboot)
+# Used to interact with devices over Android Debug Bridge and Fastboot protocols, see:
+# * https://developer.android.com/tools/adb
+# * https://source.android.com/docs/setup/test/running
+# * https://source.android.com/docs/setup/test/flash
+#
+# The bInterfaceClass and bInterfaceSubClass used are documented in source code here:
+# * https://android.googlesource.com/platform/packages/modules/adb/+/d0db47dcdf941673f405e1095e6ffb5e565902e5/adb.h#199
+# * https://android.googlesource.com/platform/system/core/+/7199051aaf0ddfa2849650933119307327d8669c/fastboot/fastboot.cpp#244
+#
+# Since it's using a generic vendor specific interface class, this can potentially result
+# in a rare case where non-ADB/Fastboot device ends up with an ID_DEBUG_APPLIANCE="android".
+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:dc0201:*|*:ff4201:*|*:ff4203:*", ENV{ID_DEBUG_APPLIANCE}="android"
+
 # software-defined radio communication devices
 ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess"
 
@@ -111,4 +125,7 @@ SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess"
 # As defined in https://en.wikipedia.org/wiki/3Dconnexion
 SUBSYSTEM=="hidraw", ENV{ID_INPUT_3D_MOUSE}=="1", TAG+="uaccess"
 
+# Debug interfaces (e.g. Android Debug Bridge)
+ENV{ID_DEBUG_APPLIANCE}=="?*", TAG+="uaccess"
+
 LABEL="uaccess_end"

src/analyze/analyze-verify-util.c

@@ -31,7 +31,7 @@ static void log_syntax_callback(const char *unit, int level, void *userdata) {
 
         r = set_put_strdup(s, unit);
         if (r < 0) {
-                set_free_free(*s);
+                set_free(*s);
                 *s = POINTER_MAX;
         }
 }
@@ -265,7 +265,7 @@ static int verify_unit(Unit *u, bool check_man, const char *root) {
 static void set_destroy_ignore_pointer_max(Set **s) {
         if (*s == POINTER_MAX)
                 return;
-        set_free_free(*s);
+        set_free(*s);
 }
 
 int verify_units(

src/basic/fd-util.c

@@ -1001,13 +1001,13 @@ int fd_verify_safe_flags_full(int fd, int extra_flags) {
         if (flags < 0)
                 return -errno;
 
-        unexpected_flags = flags & ~(O_ACCMODE|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
+        unexpected_flags = flags & ~(O_ACCMODE_STRICT|O_NOFOLLOW|RAW_O_LARGEFILE|extra_flags);
         if (unexpected_flags != 0)
                 return log_debug_errno(SYNTHETIC_ERRNO(EREMOTEIO),
                                        "Unexpected flags set for extrinsic fd: 0%o",
                                        (unsigned) unexpected_flags);
 
-        return flags & (O_ACCMODE | extra_flags); /* return the flags variable, but remove the noise */
+        return flags & (O_ACCMODE_STRICT | extra_flags); /* return the flags variable, but remove the noise */
 }
 
 int read_nr_open(void) {
@@ -1132,7 +1132,7 @@ int fds_are_same_mount(int fd1, int fd2) {
 }
 
 const char* accmode_to_string(int flags) {
-        switch (flags & O_ACCMODE) {
+        switch (flags & O_ACCMODE_STRICT) {
         case O_RDONLY:
                 return "ro";
         case O_WRONLY:

src/basic/fs-util.c

@@ -1036,7 +1036,7 @@ int open_mkdir_at_full(int dirfd, const char *path, int flags, XOpenFlags xopen_
 
         if (flags & ~(O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_EXCL|O_NOATIME|O_NOFOLLOW|O_PATH))
                 return -EINVAL;
-        if ((flags & O_ACCMODE) != O_RDONLY)
+        if ((flags & O_ACCMODE_STRICT) != O_RDONLY)
                 return -EINVAL;
 
         /* Note that O_DIRECTORY|O_NOFOLLOW is implied, but we allow specifying it anyway. The following

src/basic/hashmap.h

@@ -88,8 +88,10 @@ OrderedHashmap* _ordered_hashmap_new(const struct hash_ops *hash_ops  HASHMAP_DE
 #define hashmap_new(ops) _hashmap_new(ops  HASHMAP_DEBUG_SRC_ARGS)
 #define ordered_hashmap_new(ops) _ordered_hashmap_new(ops  HASHMAP_DEBUG_SRC_ARGS)
 
-#define hashmap_free_and_replace(a, b)          \
+#define hashmap_free_and_replace(a, b)                          \
         free_and_replace_full(a, b, hashmap_free)
+#define ordered_hashmap_free_and_replace(a, b)                  \
+        free_and_replace_full(a, b, ordered_hashmap_free)
 
 HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
 static inline Hashmap* hashmap_free(Hashmap *h) {

src/basic/missing_fcntl.h

@@ -43,3 +43,9 @@
 #ifndef AT_HANDLE_FID
 #define AT_HANDLE_FID AT_REMOVEDIR
 #endif
+
+/* On musl, O_ACCMODE is defined as (03|O_SEARCH), unlike glibc which defines it as
+ * (O_RDONLY|O_WRONLY|O_RDWR). Additionally, O_SEARCH is simply defined as O_PATH. This changes the behaviour
+ * of O_ACCMODE in certain situations, which we don't want. This definition is copied from glibc and works
+ * around the problems with musl's definition. */
+#define O_ACCMODE_STRICT (O_RDONLY|O_WRONLY|O_RDWR)

src/core/bpf-devices.c

@@ -251,51 +251,6 @@ int bpf_devices_apply_policy(
         return 0;
 }
 
-int bpf_devices_supported(void) {
-        const struct bpf_insn trivial[] = {
-                BPF_MOV64_IMM(BPF_REG_0, 1),
-                BPF_EXIT_INSN()
-        };
-
-        _cleanup_(bpf_program_freep) BPFProgram *program = NULL;
-        static int supported = -1;
-        int r;
-
-        /* Checks whether BPF device controller is supported. For this, we check two things:
-         *
-         * a) whether we are privileged
-         * b) the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_DEVICE programs, which we require
-         */
-
-        if (supported >= 0)
-                return supported;
-
-        if (geteuid() != 0) {
-                log_debug("Not enough privileges, BPF device control is not supported.");
-                return supported = 0;
-        }
-
-        r = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE, "sd_devices", &program);
-        if (r < 0) {
-                log_debug_errno(r, "Can't allocate CGROUP DEVICE BPF program, BPF device control is not supported: %m");
-                return supported = 0;
-        }
-
-        r = bpf_program_add_instructions(program, trivial, ELEMENTSOF(trivial));
-        if (r < 0) {
-                log_debug_errno(r, "Can't add trivial instructions to CGROUP DEVICE BPF program, BPF device control is not supported: %m");
-                return supported = 0;
-        }
-
-        r = bpf_program_load_kernel(program, NULL, 0);
-        if (r < 0) {
-                log_debug_errno(r, "Can't load kernel CGROUP DEVICE BPF program, BPF device control is not supported: %m");
-                return supported = 0;
-        }
-
-        return supported = 1;
-}
-
 static int allow_list_device_pattern(
                 BPFProgram *prog,
                 const char *path,

src/core/bpf-devices.h

@@ -15,7 +15,6 @@ int bpf_devices_apply_policy(
                 const char *cgroup_path,
                 BPFProgram **prog_installed);
 
-int bpf_devices_supported(void);
 int bpf_devices_allow_list_device(BPFProgram *prog, const char *path, const char *node, CGroupDevicePermissions p);
 int bpf_devices_allow_list_major(BPFProgram *prog, const char *path, const char *name, char type, CGroupDevicePermissions p);
 int bpf_devices_allow_list_static(BPFProgram *prog, const char *path);

src/core/bpf-firewall.c

@@ -542,7 +542,7 @@ int bpf_firewall_compile(Unit *u) {
         bool ip_allow_any = false, ip_deny_any = false;
         CGroupContext *cc;
         CGroupRuntime *crt;
-        int r, supported;
+        int r;
 
         assert(u);
 
@@ -554,27 +554,12 @@ int bpf_firewall_compile(Unit *u) {
         if (!crt)
                 return -ENOMEM;
 
-        supported = bpf_firewall_supported();
+        if (bpf_program_supported() <= 0)
-        if (supported < 0)
-                return supported;
-        if (supported == BPF_FIREWALL_UNSUPPORTED)
                 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
                                             "bpf-firewall: BPF firewalling not supported, proceeding without.");
-        if (supported != BPF_FIREWALL_SUPPORTED_WITH_MULTI && u->type == UNIT_SLICE)
-                /* If BPF_F_ALLOW_MULTI is not supported we don't support any BPF magic on inner nodes (i.e. on slice
-                 * units), since that would mean leaf nodes couldn't do any BPF anymore at all. Under the assumption
-                 * that BPF is more interesting on leaf nodes we hence avoid it on inner nodes in that case. This is
-                 * consistent with old systemd behaviour from before v238, where BPF wasn't supported in inner nodes at
-                 * all, either. */
-                return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                            "bpf-firewall: BPF_F_ALLOW_MULTI is not supported, not doing BPF firewall on slice units.");
 
-        /* If BPF_F_ALLOW_MULTI flag is supported program name is also supported (both were added to v4.15
+        ingress_name = "sd_fw_ingress";
-         * kernel). */
+        egress_name = "sd_fw_egress";
-        if (supported == BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
-                ingress_name = "sd_fw_ingress";
-                egress_name = "sd_fw_egress";
-        }
 
         /* Note that when we compile a new firewall we first flush out the access maps and the BPF programs themselves,
          * but we reuse the accounting maps. That way the firewall in effect always maps to the actual
@@ -646,7 +631,7 @@ static int load_bpf_progs_from_fs_to_set(Unit *u, char **filter_paths, Set **set
 int bpf_firewall_load_custom(Unit *u) {
         CGroupContext *cc;
         CGroupRuntime *crt;
-        int r, supported;
+        int r;
 
         assert(u);
 
@@ -660,13 +645,9 @@ int bpf_firewall_load_custom(Unit *u) {
         if (!(cc->ip_filters_ingress || cc->ip_filters_egress))
                 return 0;
 
-        supported = bpf_firewall_supported();
+        if (bpf_program_supported() <= 0)
-        if (supported < 0)
-                return supported;
-
-        if (supported != BPF_FIREWALL_SUPPORTED_WITH_MULTI)
                 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                            "bpf-firewall: BPF_F_ALLOW_MULTI not supported, cannot attach custom BPF programs.");
+                                            "bpf-firewall: BPF firewalling not supported, cannot attach custom BPF programs.");
 
         r = load_bpf_progs_from_fs_to_set(u, cc->ip_filters_ingress, &crt->ip_bpf_custom_ingress);
         if (r < 0)
@@ -702,8 +683,7 @@ int bpf_firewall_install(Unit *u) {
         _cleanup_free_ char *path = NULL;
         CGroupContext *cc;
         CGroupRuntime *crt;
-        int r, supported;
+        int r;
-        uint32_t flags;
 
         assert(u);
 
@@ -718,43 +698,23 @@ int bpf_firewall_install(Unit *u) {
         if (!crt->cgroup_realized)
                 return -EINVAL;
 
-        supported = bpf_firewall_supported();
+        if (bpf_program_supported() <= 0)
-        if (supported < 0)
-                return supported;
-        if (supported == BPF_FIREWALL_UNSUPPORTED)
                 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
                                             "bpf-firewall: BPF firewalling not supported, proceeding without.");
-        if (supported != BPF_FIREWALL_SUPPORTED_WITH_MULTI && u->type == UNIT_SLICE)
-                return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                            "bpf-firewall: BPF_F_ALLOW_MULTI not supported, not doing BPF firewall on slice units.");
-        if (supported != BPF_FIREWALL_SUPPORTED_WITH_MULTI &&
-            (!set_isempty(crt->ip_bpf_custom_ingress) || !set_isempty(crt->ip_bpf_custom_egress)))
-                return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                            "bpf-firewall: BPF_F_ALLOW_MULTI not supported, cannot attach custom BPF programs.");
 
         r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, crt->cgroup_path, NULL, &path);
         if (r < 0)
                 return log_unit_error_errno(u, r, "bpf-firewall: Failed to determine cgroup path: %m");
 
-        flags = supported == BPF_FIREWALL_SUPPORTED_WITH_MULTI ? BPF_F_ALLOW_MULTI : 0;
+        /* Let's clear the fields, but destroy the programs only after attaching the new programs, so that
-
+         * there's no time window where neither program is attached. (There will be a program where both are
-        if (FLAGS_SET(flags, BPF_F_ALLOW_MULTI)) {
+         * attached, but that's OK, since this is a security feature where we rather want to lock down too
-                /* If we have BPF_F_ALLOW_MULTI, then let's clear the fields, but destroy the programs only
+         * much than too little. */
-                 * after attaching the new programs, so that there's no time window where neither program is
+        ip_bpf_egress_uninstall = TAKE_PTR(crt->ip_bpf_egress_installed);
-                 * attached. (There will be a program where both are attached, but that's OK, since this is a
+        ip_bpf_ingress_uninstall = TAKE_PTR(crt->ip_bpf_ingress_installed);
-                 * security feature where we rather want to lock down too much than too little */
-                ip_bpf_egress_uninstall = TAKE_PTR(crt->ip_bpf_egress_installed);
-                ip_bpf_ingress_uninstall = TAKE_PTR(crt->ip_bpf_ingress_installed);
-        } else {
-                /* If we don't have BPF_F_ALLOW_MULTI then unref the old BPF programs (which will implicitly
-                 * detach them) right before attaching the new program, to minimize the time window when we
-                 * don't account for IP traffic. */
-                crt->ip_bpf_egress_installed = bpf_program_free(crt->ip_bpf_egress_installed);
-                crt->ip_bpf_ingress_installed = bpf_program_free(crt->ip_bpf_ingress_installed);
-        }
 
         if (crt->ip_bpf_egress) {
-                r = bpf_program_cgroup_attach(crt->ip_bpf_egress, BPF_CGROUP_INET_EGRESS, path, flags);
+                r = bpf_program_cgroup_attach(crt->ip_bpf_egress, BPF_CGROUP_INET_EGRESS, path, BPF_F_ALLOW_MULTI);
                 if (r < 0)
                         return log_unit_error_errno(u, r,
                                 "bpf-firewall: Attaching egress BPF program to cgroup %s failed: %m", path);
@@ -764,7 +724,7 @@ int bpf_firewall_install(Unit *u) {
         }
 
         if (crt->ip_bpf_ingress) {
-                r = bpf_program_cgroup_attach(crt->ip_bpf_ingress, BPF_CGROUP_INET_INGRESS, path, flags);
+                r = bpf_program_cgroup_attach(crt->ip_bpf_ingress, BPF_CGROUP_INET_INGRESS, path, BPF_F_ALLOW_MULTI);
                 if (r < 0)
                         return log_unit_error_errno(u, r,
                                 "bpf-firewall: Attaching ingress BPF program to cgroup %s failed: %m", path);
@@ -830,118 +790,9 @@ int bpf_firewall_reset_accounting(int map_fd) {
         return bpf_map_update_element(map_fd, &key, &value);
 }
 
-static int bpf_firewall_unsupported_reason = 0;
-
-int bpf_firewall_supported(void) {
-        const struct bpf_insn trivial[] = {
-                BPF_MOV64_IMM(BPF_REG_0, 1),
-                BPF_EXIT_INSN()
-        };
-
-        _cleanup_(bpf_program_freep) BPFProgram *program = NULL;
-        static int supported = -1;
-        union bpf_attr attr;
-        int r;
-
-        /* Checks whether BPF firewalling is supported. For this, we check the following things:
-         *
-         * - the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_SKB programs, which we require
-         * - the BPF implementation in the kernel supports the BPF_PROG_DETACH call, which we require
-         */
-        if (supported >= 0)
-                return supported;
-
-        /* prog_name is NULL since it is supported only starting from v4.15 kernel. */
-        r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, NULL, &program);
-        if (r < 0) {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(r, "bpf-firewall: Can't allocate CGROUP SKB BPF program, BPF firewalling is not supported: %m");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-
-        r = bpf_program_add_instructions(program, trivial, ELEMENTSOF(trivial));
-        if (r < 0) {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(r, "bpf-firewall: Can't add trivial instructions to CGROUP SKB BPF program, BPF firewalling is not supported: %m");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-
-        r = bpf_program_load_kernel(program, NULL, 0);
-        if (r < 0) {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(r, "bpf-firewall: Can't load kernel CGROUP SKB BPF program, BPF firewalling is not supported: %m");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-
-        /* Unfortunately the kernel allows us to create BPF_PROG_TYPE_CGROUP_SKB programs even when CONFIG_CGROUP_BPF
-         * is turned off at kernel compilation time. This sucks of course: why does it allow us to create a cgroup BPF
-         * program if we can't do a thing with it later?
-         *
-         * We detect this case by issuing the BPF_PROG_DETACH bpf() call with invalid file descriptors: if
-         * CONFIG_CGROUP_BPF is turned off, then the call will fail early with EINVAL. If it is turned on the
-         * parameters are validated however, and that'll fail with EBADF then. */
-
-        // FIXME: Clang doesn't 0-pad with structured initialization, causing
-        // the kernel to reject the bpf_attr as invalid. See:
-        // https://github.com/torvalds/linux/blob/v5.9/kernel/bpf/syscall.c#L65
-        // Ideally it should behave like GCC, so that we can remove these workarounds.
-        zero(attr);
-        attr.attach_type = BPF_CGROUP_INET_EGRESS;
-        attr.target_fd = -EBADF;
-        attr.attach_bpf_fd = -EBADF;
-
-        if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0) {
-                if (errno != EBADF) {
-                        bpf_firewall_unsupported_reason =
-                                log_debug_errno(errno, "bpf-firewall: Didn't get EBADF from BPF_PROG_DETACH, BPF firewalling is not supported: %m");
-                        return supported = BPF_FIREWALL_UNSUPPORTED;
-                }
-
-                /* YAY! */
-        } else {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(SYNTHETIC_ERRNO(EBADE),
-                                        "bpf-firewall: Wut? Kernel accepted our invalid BPF_PROG_DETACH call? "
-                                        "Something is weird, assuming BPF firewalling is broken and hence not supported.");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-
-        /* So now we know that the BPF program is generally available, let's see if BPF_F_ALLOW_MULTI is also supported
-         * (which was added in kernel 4.15). We use a similar logic as before, but this time we use the BPF_PROG_ATTACH
-         * bpf() call and the BPF_F_ALLOW_MULTI flags value. Since the flags are checked early in the system call we'll
-         * get EINVAL if it's not supported, and EBADF as before if it is available.
-         * Use probe result as the indicator that program name is also supported since they both were
-         * added in kernel 4.15. */
-
-        zero(attr);
-        attr.attach_type = BPF_CGROUP_INET_EGRESS;
-        attr.target_fd = -EBADF;
-        attr.attach_bpf_fd = -EBADF;
-        attr.attach_flags = BPF_F_ALLOW_MULTI;
-
-        if (bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)) < 0) {
-                if (errno == EBADF) {
-                        log_debug_errno(errno, "bpf-firewall: Got EBADF when using BPF_F_ALLOW_MULTI, which indicates it is supported. Yay!");
-                        return supported = BPF_FIREWALL_SUPPORTED_WITH_MULTI;
-                }
-
-                if (errno == EINVAL)
-                        log_debug_errno(errno, "bpf-firewall: Got EINVAL error when using BPF_F_ALLOW_MULTI, which indicates it's not supported.");
-                else
-                        log_debug_errno(errno, "bpf-firewall: Got unexpected error when using BPF_F_ALLOW_MULTI, assuming it's not supported: %m");
-
-                return supported = BPF_FIREWALL_SUPPORTED;
-        } else {
-                bpf_firewall_unsupported_reason =
-                        log_debug_errno(SYNTHETIC_ERRNO(EBADE),
-                                        "bpf-firewall: Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? "
-                                        "Something is weird, assuming BPF firewalling is broken and hence not supported.");
-                return supported = BPF_FIREWALL_UNSUPPORTED;
-        }
-}
-
 void emit_bpf_firewall_warning(Unit *u) {
         static bool warned = false;
+        int r;
 
         assert(u);
         assert(u->manager);
@@ -949,9 +800,12 @@ void emit_bpf_firewall_warning(Unit *u) {
         if (warned || MANAGER_IS_TEST_RUN(u->manager))
                 return;
 
-        bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0;
+        r = bpf_program_supported();
+        assert(r < 0);
 
-        log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+        bool quiet = ERRNO_IS_NEG_PRIVILEGE(r) && detect_container() > 0;
+
+        log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, r,
                             "unit configures an IP firewall, but %s.\n"
                             "(This warning is only shown for the first unit using IP firewalling.)",
                             getuid() != 0 ? "not running as root" :

src/core/bpf-firewall.h

@@ -6,14 +6,6 @@
 #include "cgroup.h"
 #include "unit.h"
 
-enum {
-        BPF_FIREWALL_UNSUPPORTED          = 0,
-        BPF_FIREWALL_SUPPORTED            = 1,
-        BPF_FIREWALL_SUPPORTED_WITH_MULTI = 2,
-};
-
-int bpf_firewall_supported(void);
-
 int bpf_firewall_compile(Unit *u);
 int bpf_firewall_install(Unit *u);
 int bpf_firewall_load_custom(Unit *u);

src/core/cgroup.c

@@ -3511,22 +3511,11 @@ static int cg_bpf_mask_supported(CGroupMask *ret) {
         CGroupMask mask = 0;
         int r;
 
-        /* BPF-based firewall */
+        /* BPF-based firewall, device access control, and pinned foreign prog */
-        r = bpf_firewall_supported();
+        if (bpf_program_supported() > 0)
-        if (r < 0)
+                mask |= CGROUP_MASK_BPF_FIREWALL |
-                return r;
+                        CGROUP_MASK_BPF_DEVICES |
-        if (r > 0)
+                        CGROUP_MASK_BPF_FOREIGN;
-                mask |= CGROUP_MASK_BPF_FIREWALL;
-
-        /* BPF-based device access control */
-        r = bpf_devices_supported();
-        if (r < 0)
-                return r;
-        if (r > 0)
-                mask |= CGROUP_MASK_BPF_DEVICES;
-
-        /* BPF pinned prog (always supported by cgroup v2) */
-        mask |= CGROUP_MASK_BPF_FOREIGN;
 
         /* BPF-based bind{4|6} hooks */
         r = bpf_socket_bind_supported();

src/core/dbus-cgroup.c

@@ -634,18 +634,13 @@ static int bus_cgroup_set_transient_property(
 
                         unit_write_setting(u, flags, name, buf);
 
-                        if (*filters) {
+                        if (*filters && bpf_program_supported() <= 0) {
-                                r = bpf_firewall_supported();
+                                static bool warned = false;
-                                if (r < 0)
-                                        return r;
-                                if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
-                                        static bool warned = false;
 
-                                        log_full(warned ? LOG_DEBUG : LOG_WARNING,
+                                log_full(warned ? LOG_DEBUG : LOG_WARNING,
-                                                 "Transient unit %s configures an IP firewall with BPF, but the local system does not support BPF/cgroup firewalling with multiple filters.\n"
+                                         "Transient unit %s configures an IP firewall with BPF, but the local system does not support BPF/cgroup firewalling with multiple filters.\n"
-                                                 "Starting this unit will fail! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id);
+                                         "Starting this unit will fail! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id);
-                                        warned = true;
+                                warned = true;
-                                }
                         }
                 }
 

src/core/exec-invoke.c

@@ -267,7 +267,7 @@ static int acquire_path(const char *path, int flags, mode_t mode) {
 
         assert(path);
 
-        if (IN_SET(flags & O_ACCMODE, O_WRONLY, O_RDWR))
+        if (IN_SET(flags & O_ACCMODE_STRICT, O_WRONLY, O_RDWR))
                 flags |= O_CREAT;
 
         fd = open(path, flags|O_NOCTTY, mode);
@@ -291,9 +291,9 @@ static int acquire_path(const char *path, int flags, mode_t mode) {
         if (r < 0)
                 return r;
 
-        if ((flags & O_ACCMODE) == O_RDONLY)
+        if ((flags & O_ACCMODE_STRICT) == O_RDONLY)
                 r = shutdown(fd, SHUT_WR);
-        else if ((flags & O_ACCMODE) == O_WRONLY)
+        else if ((flags & O_ACCMODE_STRICT) == O_WRONLY)
                 r = shutdown(fd, SHUT_RD);
         else
                 r = 0;

src/core/load-fragment.c

@@ -5712,15 +5712,12 @@ int config_parse_ip_filter_bpf_progs(
         if (r < 0)
                 return log_oom();
 
-        r = bpf_firewall_supported();
+        if (bpf_program_supported() <= 0) {
-        if (r < 0)
-                return r;
-        if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
                 static bool warned = false;
 
-                log_full(warned ? LOG_DEBUG : LOG_WARNING,
+                log_syntax(unit, warned ? LOG_DEBUG : LOG_WARNING, filename, line, 0,
-                         "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
+                           "Configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters. "
-                         "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
+                           "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", lvalue, rvalue);
 
                 warned = true;
         }

src/core/socket.c

@@ -1477,8 +1477,6 @@ static int socket_address_listen_do(
         })
 
 static int fork_needed(const SocketAddress *address, Socket *s) {
-        int r;
-
         assert(address);
         assert(s);
 
@@ -1492,13 +1490,9 @@ static int fork_needed(const SocketAddress *address, Socket *s) {
                         if (nft_set->source == NFT_SET_SOURCE_CGROUP)
                                 return true;
 
-        if (IN_SET(address->sockaddr.sa.sa_family, AF_INET, AF_INET6)) {
+        if (IN_SET(address->sockaddr.sa.sa_family, AF_INET, AF_INET6))
-                r = bpf_firewall_supported();
+                if (bpf_program_supported() <= 0) /* If BPF firewalling isn't supported anyway — there's no point in this forking complexity */
-                if (r < 0)
-                        return r;
-                if (r != BPF_FIREWALL_UNSUPPORTED) /* If BPF firewalling isn't supported anyway — there's no point in this forking complexity */
                         return true;
-        }
 
         return exec_needs_network_namespace(&s->exec_context);
 }
@@ -3023,10 +3017,7 @@ static int socket_accept_in_cgroup(Socket *s, SocketPort *p, int fd) {
         if (!IN_SET(p->address.sockaddr.sa.sa_family, AF_INET, AF_INET6))
                 goto shortcut;
 
-        r = bpf_firewall_supported();
+        if (bpf_program_supported() <= 0)
-        if (r < 0)
-                return r;
-        if (r == BPF_FIREWALL_UNSUPPORTED)
                 goto shortcut;
 
         if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0)

src/coredump/coredump-vacuum.c

@@ -38,11 +38,10 @@ static VacuumCandidate* vacuum_candidate_free(VacuumCandidate *c) {
 }
 DEFINE_TRIVIAL_CLEANUP_FUNC(VacuumCandidate*, vacuum_candidate_free);
 
-static Hashmap* vacuum_candidate_hashmap_free(Hashmap *h) {
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
-        return hashmap_free_with_destructor(h, vacuum_candidate_free);
+                vacuum_candidate_hash_ops,
-}
+                void, trivial_hash_func, trivial_compare_func,
-
+                VacuumCandidate, vacuum_candidate_free);
-DEFINE_TRIVIAL_CLEANUP_FUNC(Hashmap*, vacuum_candidate_hashmap_free);
 
 static int uid_from_file_name(const char *filename, uid_t *uid) {
         const char *p, *e, *u;
@@ -141,7 +140,7 @@ int coredump_vacuum(int exclude_fd, uint64_t keep_free, uint64_t max_use) {
         }
 
         for (;;) {
-                _cleanup_(vacuum_candidate_hashmap_freep) Hashmap *h = NULL;
+                _cleanup_hashmap_free_ Hashmap *h = NULL;
                 VacuumCandidate *worst = NULL;
                 uint64_t sum = 0;
 
@@ -171,10 +170,6 @@ int coredump_vacuum(int exclude_fd, uint64_t keep_free, uint64_t max_use) {
                         if (exclude_fd >= 0 && stat_inode_same(&exclude_st, &st))
                                 continue;
 
-                        r = hashmap_ensure_allocated(&h, NULL);
-                        if (r < 0)
-                                return log_oom();
-
                         t = timespec_load(&st.st_mtim);
 
                         c = hashmap_get(h, UID_TO_PTR(uid));
@@ -197,7 +192,7 @@ int coredump_vacuum(int exclude_fd, uint64_t keep_free, uint64_t max_use) {
                                         return r;
                                 n->oldest_mtime = t;
 
-                                r = hashmap_put(h, UID_TO_PTR(uid), n);
+                                r = hashmap_ensure_put(&h, &vacuum_candidate_hash_ops, UID_TO_PTR(uid), n);
                                 if (r < 0)
                                         return log_oom();
 

src/libsystemd/sd-device/device-enumerator.c

@@ -91,7 +91,7 @@ static void device_unref_many(sd_device **devices, size_t n) {
 static void device_enumerator_unref_devices(sd_device_enumerator *enumerator) {
         assert(enumerator);
 
-        hashmap_clear_with_destructor(enumerator->devices_by_syspath, sd_device_unref);
+        hashmap_clear(enumerator->devices_by_syspath);
         device_unref_many(enumerator->devices, enumerator->n_devices);
         enumerator->devices = mfree(enumerator->devices);
         enumerator->n_devices = 0;
@@ -471,6 +471,11 @@ failed:
         return r;
 }
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                device_hash_ops_by_syspath,
+                char, path_hash_func, path_compare,
+                sd_device, sd_device_unref);
+
 int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *device) {
         const char *syspath;
         int r;
@@ -482,7 +487,7 @@ int device_enumerator_add_device(sd_device_enumerator *enumerator, sd_device *de
         if (r < 0)
                 return r;
 
-        r = hashmap_ensure_put(&enumerator->devices_by_syspath, &string_hash_ops, syspath, device);
+        r = hashmap_ensure_put(&enumerator->devices_by_syspath, &device_hash_ops_by_syspath, syspath, device);
         if (IN_SET(r, -EEXIST, 0))
                 return 0;
         if (r < 0)

src/libsystemd/sd-device/device-private.c

@@ -692,8 +692,8 @@ int device_clone_with_db(sd_device *device, sd_device **ret) {
 void device_cleanup_tags(sd_device *device) {
         assert(device);
 
-        device->all_tags = set_free_free(device->all_tags);
+        device->all_tags = set_free(device->all_tags);
-        device->current_tags = set_free_free(device->current_tags);
+        device->current_tags = set_free(device->current_tags);
         device->property_tags_outdated = true;
         device->tags_generation++;
 }
@@ -701,7 +701,7 @@ void device_cleanup_tags(sd_device *device) {
 void device_cleanup_devlinks(sd_device *device) {
         assert(device);
 
-        set_free_free(device->devlinks);
+        set_free(device->devlinks);
         device->devlinks = NULL;
         device->property_devlinks_outdated = true;
         device->devlinks_generation++;

src/libsystemd/sd-journal/journal-file.c

@@ -98,7 +98,7 @@ DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
                 JournalFile, journal_file_close);
 
 static int mmap_prot_from_open_flags(int flags) {
-        switch (flags & O_ACCMODE) {
+        switch (flags & O_ACCMODE_STRICT) {
         case O_RDONLY:
                 return PROT_READ;
         case O_WRONLY:
@@ -4075,10 +4075,10 @@ int journal_file_open(
         assert(mmap_cache);
         assert(ret);
 
-        if (!IN_SET((open_flags & O_ACCMODE), O_RDONLY, O_RDWR))
+        if (!IN_SET((open_flags & O_ACCMODE_STRICT), O_RDONLY, O_RDWR))
                 return -EINVAL;
 
-        if ((open_flags & O_ACCMODE) == O_RDONLY && FLAGS_SET(open_flags, O_CREAT))
+        if ((open_flags & O_ACCMODE_STRICT) == O_RDONLY && FLAGS_SET(open_flags, O_CREAT))
                 return -EINVAL;
 
         if (fname && (open_flags & O_CREAT) && !endswith(fname, ".journal"))

src/libsystemd/sd-journal/journal-file.h

@@ -1,7 +1,6 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
-#include <fcntl.h>
 #include <inttypes.h>
 #include <sys/uio.h>
 
@@ -15,6 +14,7 @@
 #include "compress.h"
 #include "hashmap.h"
 #include "journal-def.h"
+#include "missing_fcntl.h"
 #include "mmap-cache.h"
 #include "sparse-endian.h"
 #include "time-util.h"
@@ -391,5 +391,5 @@ static inline uint32_t COMPRESSION_TO_HEADER_INCOMPATIBLE_FLAG(Compression c) {
 
 static inline bool journal_file_writable(JournalFile *f) {
         assert(f);
-        return (f->open_flags & O_ACCMODE) != O_RDONLY;
+        return (f->open_flags & O_ACCMODE_STRICT) != O_RDONLY;
 }

src/libsystemd/sd-netlink/netlink-genl.c

@@ -46,11 +46,21 @@ static GenericNetlinkFamily *genl_family_free(GenericNetlinkFamily *f) {
 
 DEFINE_TRIVIAL_CLEANUP_FUNC(GenericNetlinkFamily*, genl_family_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                genl_family_hash_ops_by_name,
+                char, string_hash_func, string_compare_func,
+                GenericNetlinkFamily, genl_family_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                genl_family_hash_ops_by_id,
+                void, trivial_hash_func, trivial_compare_func,
+                GenericNetlinkFamily, genl_family_free);
+
 void genl_clear_family(sd_netlink *nl) {
         assert(nl);
 
-        nl->genl_family_by_name = hashmap_free_with_destructor(nl->genl_family_by_name, genl_family_free);
+        nl->genl_family_by_name = hashmap_free(nl->genl_family_by_name);
-        nl->genl_family_by_id = hashmap_free_with_destructor(nl->genl_family_by_id, genl_family_free);
+        nl->genl_family_by_id = hashmap_free(nl->genl_family_by_id);
 }
 
 static int genl_family_new_unsupported(
@@ -80,7 +90,7 @@ static int genl_family_new_unsupported(
         if (!f->name)
                 return -ENOMEM;
 
-        r = hashmap_ensure_put(&nl->genl_family_by_name, &string_hash_ops, f->name, f);
+        r = hashmap_ensure_put(&nl->genl_family_by_name, &genl_family_hash_ops_by_name, f->name, f);
         if (r < 0)
                 return r;
 
@@ -190,11 +200,11 @@ static int genl_family_new(
                         return r;
         }
 
-        r = hashmap_ensure_put(&nl->genl_family_by_id, NULL, UINT_TO_PTR(f->id), f);
+        r = hashmap_ensure_put(&nl->genl_family_by_id, &genl_family_hash_ops_by_id, UINT_TO_PTR(f->id), f);
         if (r < 0)
                 return r;
 
-        r = hashmap_ensure_put(&nl->genl_family_by_name, &string_hash_ops, f->name, f);
+        r = hashmap_ensure_put(&nl->genl_family_by_name, &genl_family_hash_ops_by_name, f->name, f);
         if (r < 0) {
                 hashmap_remove(nl->genl_family_by_id, UINT_TO_PTR(f->id));
                 return r;

src/libudev/libudev-device-internal.h

@@ -6,5 +6,5 @@
 
 struct udev_device;
 
-struct udev_device *udev_device_new(struct udev *udev, sd_device *device);
+struct udev_device* udev_device_new(struct udev *udev, sd_device *device);
-sd_device *udev_device_get_sd_device(struct udev_device *udev_device);
+sd_device* udev_device_get_sd_device(struct udev_device *udev_device);

src/libudev/libudev-device.c

@@ -120,7 +120,7 @@ _public_ dev_t udev_device_get_devnum(struct udev_device *udev_device) {
  *
  * Returns: the driver name string, or #NULL if there is no driver attached.
  **/
-_public_ const char *udev_device_get_driver(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_driver(struct udev_device *udev_device) {
         const char *driver;
         int r;
 
@@ -141,7 +141,7 @@ _public_ const char *udev_device_get_driver(struct udev_device *udev_device) {
  *
  * Returns: the devtype name of the udev device, or #NULL if it cannot be determined
  **/
-_public_ const char *udev_device_get_devtype(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_devtype(struct udev_device *udev_device) {
         const char *devtype;
         int r;
 
@@ -165,7 +165,7 @@ _public_ const char *udev_device_get_devtype(struct udev_device *udev_device) {
  *
  * Returns: the subsystem name of the udev device, or #NULL if it cannot be determined
  **/
-_public_ const char *udev_device_get_subsystem(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_subsystem(struct udev_device *udev_device) {
         const char *subsystem;
         int r;
 
@@ -187,7 +187,7 @@ _public_ const char *udev_device_get_subsystem(struct udev_device *udev_device)
  *
  * Returns: the property string, or #NULL if there is no such property.
  **/
-_public_ const char *udev_device_get_property_value(struct udev_device *udev_device, const char *key) {
+_public_ const char* udev_device_get_property_value(struct udev_device *udev_device, const char *key) {
         const char *value;
         int r;
 
@@ -200,7 +200,7 @@ _public_ const char *udev_device_get_property_value(struct udev_device *udev_dev
         return value;
 }
 
-struct udev_device *udev_device_new(struct udev *udev, sd_device *device) {
+struct udev_device* udev_device_new(struct udev *udev, sd_device *device) {
         _cleanup_(udev_list_freep) struct udev_list *properties = NULL, *all_tags = NULL, *current_tags = NULL, *sysattrs = NULL, *devlinks = NULL;
         struct udev_device *udev_device;
 
@@ -254,7 +254,7 @@ struct udev_device *udev_device_new(struct udev *udev, sd_device *device) {
  *
  * Returns: a new udev device, or #NULL, if it does not exist
  **/
-_public_ struct udev_device *udev_device_new_from_syspath(struct udev *udev, const char *syspath) {
+_public_ struct udev_device* udev_device_new_from_syspath(struct udev *udev, const char *syspath) {
         _cleanup_(sd_device_unrefp) sd_device *device = NULL;
         int r;
 
@@ -281,7 +281,7 @@ _public_ struct udev_device *udev_device_new_from_syspath(struct udev *udev, con
  *
  * Returns: a new udev device, or #NULL, if it does not exist
  **/
-_public_ struct udev_device *udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum) {
+_public_ struct udev_device* udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum) {
         _cleanup_(sd_device_unrefp) sd_device *device = NULL;
         int r;
 
@@ -310,7 +310,7 @@ _public_ struct udev_device *udev_device_new_from_devnum(struct udev *udev, char
  *
  * Returns: a new udev device, or #NULL, if it does not exist
  **/
-_public_ struct udev_device *udev_device_new_from_device_id(struct udev *udev, const char *id) {
+_public_ struct udev_device* udev_device_new_from_device_id(struct udev *udev, const char *id) {
         _cleanup_(sd_device_unrefp) sd_device *device = NULL;
         int r;
 
@@ -336,7 +336,7 @@ _public_ struct udev_device *udev_device_new_from_device_id(struct udev *udev, c
  *
  * Returns: a new udev device, or #NULL, if it does not exist
  **/
-_public_ struct udev_device *udev_device_new_from_subsystem_sysname(struct udev *udev, const char *subsystem, const char *sysname) {
+_public_ struct udev_device* udev_device_new_from_subsystem_sysname(struct udev *udev, const char *subsystem, const char *sysname) {
         _cleanup_(sd_device_unrefp) sd_device *device = NULL;
         int r;
 
@@ -361,7 +361,7 @@ _public_ struct udev_device *udev_device_new_from_subsystem_sysname(struct udev
  *
  * Returns: a new udev device, or #NULL, if it does not exist
  **/
-_public_ struct udev_device *udev_device_new_from_environment(struct udev *udev) {
+_public_ struct udev_device* udev_device_new_from_environment(struct udev *udev) {
         _cleanup_(sd_device_unrefp) sd_device *device = NULL;
         int r;
 
@@ -372,7 +372,7 @@ _public_ struct udev_device *udev_device_new_from_environment(struct udev *udev)
         return udev_device_new(udev, device);
 }
 
-static struct udev_device *device_new_from_parent(struct udev_device *child) {
+static struct udev_device* device_new_from_parent(struct udev_device *child) {
         sd_device *parent;
         int r;
 
@@ -403,7 +403,7 @@ static struct udev_device *device_new_from_parent(struct udev_device *child) {
  *
  * Returns: a new udev device, or #NULL, if it no parent exist.
  **/
-_public_ struct udev_device *udev_device_get_parent(struct udev_device *udev_device) {
+_public_ struct udev_device* udev_device_get_parent(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         if (!udev_device->parent_set) {
@@ -436,7 +436,11 @@ _public_ struct udev_device *udev_device_get_parent(struct udev_device *udev_dev
  *
  * Returns: a new udev device, or #NULL if no matching parent exists.
  **/
-_public_ struct udev_device *udev_device_get_parent_with_subsystem_devtype(struct udev_device *udev_device, const char *subsystem, const char *devtype) {
+_public_ struct udev_device* udev_device_get_parent_with_subsystem_devtype(
+                struct udev_device *udev_device,
+                const char *subsystem,
+                const char *devtype) {
+
         sd_device *parent;
         int r;
 
@@ -467,13 +471,13 @@ _public_ struct udev_device *udev_device_get_parent_with_subsystem_devtype(struc
  *
  * Returns: the udev library context
  **/
-_public_ struct udev *udev_device_get_udev(struct udev_device *udev_device) {
+_public_ struct udev* udev_device_get_udev(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         return udev_device->udev;
 }
 
-static struct udev_device *udev_device_free(struct udev_device *udev_device) {
+static struct udev_device* udev_device_free(struct udev_device *udev_device) {
         assert(udev_device);
 
         sd_device_unref(udev_device->device);
@@ -517,7 +521,7 @@ DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(struct udev_device, udev_device, udev_devic
  *
  * Returns: the devpath of the udev device
  **/
-_public_ const char *udev_device_get_devpath(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_devpath(struct udev_device *udev_device) {
         const char *devpath;
         int r;
 
@@ -539,7 +543,7 @@ _public_ const char *udev_device_get_devpath(struct udev_device *udev_device) {
  *
  * Returns: the sys path of the udev device
  **/
-_public_ const char *udev_device_get_syspath(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_syspath(struct udev_device *udev_device) {
         const char *syspath;
         int r;
 
@@ -560,7 +564,7 @@ _public_ const char *udev_device_get_syspath(struct udev_device *udev_device) {
  *
  * Returns: the name string of the device
  **/
-_public_ const char *udev_device_get_sysname(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_sysname(struct udev_device *udev_device) {
         const char *sysname;
         int r;
 
@@ -581,7 +585,7 @@ _public_ const char *udev_device_get_sysname(struct udev_device *udev_device) {
  *
  * Returns: the trailing number string of the device name
  **/
-_public_ const char *udev_device_get_sysnum(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_sysnum(struct udev_device *udev_device) {
         const char *sysnum;
         int r;
 
@@ -605,7 +609,7 @@ _public_ const char *udev_device_get_sysnum(struct udev_device *udev_device) {
  *
  * Returns: the device node file name of the udev device, or #NULL if no device node exists
  **/
-_public_ const char *udev_device_get_devnode(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_devnode(struct udev_device *udev_device) {
         const char *devnode;
         int r;
 
@@ -631,7 +635,7 @@ _public_ const char *udev_device_get_devnode(struct udev_device *udev_device) {
  *
  * Returns: the first entry of the device node link list
  **/
-_public_ struct udev_list_entry *udev_device_get_devlinks_list_entry(struct udev_device *udev_device) {
+_public_ struct udev_list_entry* udev_device_get_devlinks_list_entry(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         if (device_get_devlinks_generation(udev_device->device) != udev_device->devlinks_generation ||
@@ -661,7 +665,7 @@ _public_ struct udev_list_entry *udev_device_get_devlinks_list_entry(struct udev
  *
  * Returns: the first entry of the property list
  **/
-_public_ struct udev_list_entry *udev_device_get_properties_list_entry(struct udev_device *udev_device) {
+_public_ struct udev_list_entry* udev_device_get_properties_list_entry(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         if (device_get_properties_generation(udev_device->device) != udev_device->properties_generation ||
@@ -689,7 +693,7 @@ _public_ struct udev_list_entry *udev_device_get_properties_list_entry(struct ud
  *
  * Returns: the kernel action value, or #NULL if there is no action value available.
  **/
-_public_ const char *udev_device_get_action(struct udev_device *udev_device) {
+_public_ const char* udev_device_get_action(struct udev_device *udev_device) {
         sd_device_action_t action;
 
         assert_return_errno(udev_device, NULL, EINVAL);
@@ -735,7 +739,7 @@ _public_ unsigned long long int udev_device_get_usec_since_initialized(struct ud
  *
  * Returns: the content of a sys attribute file, or #NULL if there is no sys attribute value.
  **/
-_public_ const char *udev_device_get_sysattr_value(struct udev_device *udev_device, const char *sysattr) {
+_public_ const char* udev_device_get_sysattr_value(struct udev_device *udev_device, const char *sysattr) {
         const char *value;
         int r;
 
@@ -780,7 +784,7 @@ _public_ int udev_device_set_sysattr_value(struct udev_device *udev_device, cons
  *
  * Returns: the first entry of the property list
  **/
-_public_ struct udev_list_entry *udev_device_get_sysattr_list_entry(struct udev_device *udev_device) {
+_public_ struct udev_list_entry* udev_device_get_sysattr_list_entry(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         if (!udev_device->sysattrs_read) {
@@ -832,7 +836,7 @@ _public_ int udev_device_get_is_initialized(struct udev_device *udev_device) {
  *
  * Returns: the first entry of the tag list
  **/
-_public_ struct udev_list_entry *udev_device_get_tags_list_entry(struct udev_device *udev_device) {
+_public_ struct udev_list_entry* udev_device_get_tags_list_entry(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         if (device_get_tags_generation(udev_device->device) != udev_device->all_tags_generation ||
@@ -850,7 +854,7 @@ _public_ struct udev_list_entry *udev_device_get_tags_list_entry(struct udev_dev
         return udev_list_get_entry(udev_device->all_tags);
 }
 
-_public_ struct udev_list_entry *udev_device_get_current_tags_list_entry(struct udev_device *udev_device) {
+_public_ struct udev_list_entry* udev_device_get_current_tags_list_entry(struct udev_device *udev_device) {
         assert_return_errno(udev_device, NULL, EINVAL);
 
         if (device_get_tags_generation(udev_device->device) != udev_device->current_tags_generation ||
@@ -889,7 +893,7 @@ _public_ int udev_device_has_current_tag(struct udev_device *udev_device, const
         return sd_device_has_current_tag(udev_device->device, tag) > 0;
 }
 
-sd_device *udev_device_get_sd_device(struct udev_device *udev_device) {
+sd_device* udev_device_get_sd_device(struct udev_device *udev_device) {
         assert(udev_device);
 
         return udev_device->device;

src/libudev/libudev-enumerate.c

@@ -49,7 +49,7 @@ struct udev_enumerate {
  *
  * Returns: an enumeration context.
  **/
-_public_ struct udev_enumerate *udev_enumerate_new(struct udev *udev) {
+_public_ struct udev_enumerate* udev_enumerate_new(struct udev *udev) {
         _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
         _cleanup_(udev_list_freep) struct udev_list *list = NULL;
         struct udev_enumerate *udev_enumerate;
@@ -81,7 +81,7 @@ _public_ struct udev_enumerate *udev_enumerate_new(struct udev *udev) {
         return udev_enumerate;
 }
 
-static struct udev_enumerate *udev_enumerate_free(struct udev_enumerate *udev_enumerate) {
+static struct udev_enumerate* udev_enumerate_free(struct udev_enumerate *udev_enumerate) {
         assert(udev_enumerate);
 
         udev_list_free(udev_enumerate->devices_list);
@@ -117,7 +117,7 @@ DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(struct udev_enumerate, udev_enumerate, udev
  *
  * Returns: a pointer to the context.
  */
-_public_ struct udev *udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate) {
+_public_ struct udev* udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate) {
         assert_return_errno(udev_enumerate, NULL, EINVAL);
 
         return udev_enumerate->udev;
@@ -131,7 +131,7 @@ _public_ struct udev *udev_enumerate_get_udev(struct udev_enumerate *udev_enumer
  *
  * Returns: a udev_list_entry.
  */
-_public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enumerate *udev_enumerate) {
+_public_ struct udev_list_entry* udev_enumerate_get_list_entry(struct udev_enumerate *udev_enumerate) {
         struct udev_list_entry *e;
 
         assert_return_errno(udev_enumerate, NULL, EINVAL);

src/libudev/libudev-hwdb.c

@@ -34,7 +34,7 @@ struct udev_hwdb {
  *
  * Returns: a hwdb context.
  **/
-_public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) {
+_public_ struct udev_hwdb* udev_hwdb_new(struct udev *udev) {
         _cleanup_(udev_list_freep) struct udev_list *list = NULL;
         _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb_internal = NULL;
         struct udev_hwdb *hwdb;
@@ -61,7 +61,7 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) {
         return hwdb;
 }
 
-static struct udev_hwdb *udev_hwdb_free(struct udev_hwdb *hwdb) {
+static struct udev_hwdb* udev_hwdb_free(struct udev_hwdb *hwdb) {
         assert(hwdb);
 
         sd_hwdb_unref(hwdb->hwdb);
@@ -102,7 +102,7 @@ DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(struct udev_hwdb, udev_hwdb, udev_hwdb_free
  *
  * Returns: a udev_list_entry.
  */
-_public_ struct udev_list_entry *udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned flags) {
+_public_ struct udev_list_entry* udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned flags) {
         const char *key, *value;
         struct udev_list_entry *e;
 

src/libudev/libudev-list-internal.h

@@ -7,10 +7,10 @@
 
 struct udev_list;
 
-struct udev_list *udev_list_new(bool unique);
+struct udev_list* udev_list_new(bool unique);
 void udev_list_cleanup(struct udev_list *list);
-struct udev_list *udev_list_free(struct udev_list *list);
+struct udev_list* udev_list_free(struct udev_list *list);
-DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_list *, udev_list_free);
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_list*, udev_list_free);
 
-struct udev_list_entry *udev_list_get_entry(struct udev_list *list);
+struct udev_list_entry* udev_list_get_entry(struct udev_list *list);
-struct udev_list_entry *udev_list_entry_add(struct udev_list *list, const char *name, const char *value);
+struct udev_list_entry* udev_list_entry_add(struct udev_list *list, const char *name, const char *value);

src/libudev/libudev-list.c

@@ -4,7 +4,6 @@
 #include "hashmap.h"
 #include "libudev-list-internal.h"
 #include "list.h"
-#include "sort-util.h"
 
 /**
  * SECTION:libudev-list
@@ -34,7 +33,7 @@ struct udev_list {
         bool uptodate:1;
 };
 
-static struct udev_list_entry *udev_list_entry_free(struct udev_list_entry *entry) {
+static struct udev_list_entry* udev_list_entry_free(struct udev_list_entry *entry) {
         if (!entry)
                 return NULL;
 
@@ -52,9 +51,14 @@ static struct udev_list_entry *udev_list_entry_free(struct udev_list_entry *entr
         return mfree(entry);
 }
 
-DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_list_entry *, udev_list_entry_free);
+DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_list_entry*, udev_list_entry_free);
 
-struct udev_list *udev_list_new(bool unique) {
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                udev_list_entry_hash_ops,
+                char, string_hash_func, string_compare_func,
+                struct udev_list_entry, udev_list_entry_free);
+
+struct udev_list* udev_list_new(bool unique) {
         struct udev_list *list;
 
         list = new(struct udev_list, 1);
@@ -68,36 +72,26 @@ struct udev_list *udev_list_new(bool unique) {
         return list;
 }
 
-struct udev_list_entry *udev_list_entry_add(struct udev_list *list, const char *_name, const char *_value) {
+struct udev_list_entry* udev_list_entry_add(struct udev_list *list, const char *name, const char *value) {
         _cleanup_(udev_list_entry_freep) struct udev_list_entry *entry = NULL;
-        _cleanup_free_ char *name = NULL, *value = NULL;
 
         assert(list);
-        assert(_name);
+        assert(name);
 
-        name = strdup(_name);
+        entry = new0(struct udev_list_entry, 1);
-        if (!name)
-                return NULL;
-
-        if (_value) {
-                value = strdup(_value);
-                if (!value)
-                        return NULL;
-        }
-
-        entry = new(struct udev_list_entry, 1);
         if (!entry)
                 return NULL;
 
-        *entry = (struct udev_list_entry) {
+        if (strdup_to(&entry->name, name) < 0)
-                .name = TAKE_PTR(name),
+                return NULL;
-                .value = TAKE_PTR(value),
+
-        };
+        if (strdup_to(&entry->value, value) < 0)
+                return NULL;
 
         if (list->unique) {
                 udev_list_entry_free(hashmap_get(list->unique_entries, entry->name));
 
-                if (hashmap_ensure_put(&list->unique_entries, &string_hash_ops, entry->name, entry) < 0)
+                if (hashmap_ensure_put(&list->unique_entries, &udev_list_entry_hash_ops, entry->name, entry) < 0)
                         return NULL;
 
                 list->uptodate = false;
@@ -115,13 +109,13 @@ void udev_list_cleanup(struct udev_list *list) {
 
         if (list->unique) {
                 list->uptodate = false;
-                hashmap_clear_with_destructor(list->unique_entries, udev_list_entry_free);
+                hashmap_clear(list->unique_entries);
         } else
                 LIST_FOREACH(entries, i, list->entries)
                         udev_list_entry_free(i);
 }
 
-struct udev_list *udev_list_free(struct udev_list *list) {
+struct udev_list* udev_list_free(struct udev_list *list) {
         if (!list)
                 return NULL;
 
@@ -131,11 +125,7 @@ struct udev_list *udev_list_free(struct udev_list *list) {
         return mfree(list);
 }
 
-static int udev_list_entry_compare_func(struct udev_list_entry * const *a, struct udev_list_entry * const *b) {
+struct udev_list_entry* udev_list_get_entry(struct udev_list *list) {
-        return strcmp((*a)->name, (*b)->name);
-}
-
-struct udev_list_entry *udev_list_get_entry(struct udev_list *list) {
         if (!list)
                 return NULL;
 
@@ -151,18 +141,10 @@ struct udev_list_entry *udev_list_get_entry(struct udev_list *list) {
                         LIST_PREPEND(entries, list->entries, hashmap_first(list->unique_entries));
                 else {
                         _cleanup_free_ struct udev_list_entry **buf = NULL;
-                        struct udev_list_entry *entry, **p;
 
-                        buf = new(struct udev_list_entry *, n);
+                        if (hashmap_dump_sorted(list->unique_entries, (void***) &buf, /* ret_n = */ NULL) < 0)
-                        if (!buf)
                                 return NULL;
 
-                        p = buf;
-                        HASHMAP_FOREACH(entry, list->unique_entries)
-                                *p++ = entry;
-
-                        typesafe_qsort(buf, n, udev_list_entry_compare_func);
-
                         for (size_t j = n; j > 0; j--)
                                 LIST_PREPEND(entries, list->entries, buf[j-1]);
                 }
@@ -181,7 +163,7 @@ struct udev_list_entry *udev_list_get_entry(struct udev_list *list) {
  *
  * Returns: udev_list_entry, #NULL if no more entries are available.
  */
-_public_ struct udev_list_entry *udev_list_entry_get_next(struct udev_list_entry *list_entry) {
+_public_ struct udev_list_entry* udev_list_entry_get_next(struct udev_list_entry *list_entry) {
         if (!list_entry)
                 return NULL;
         if (list_entry->list->unique && !list_entry->list->uptodate)
@@ -198,7 +180,7 @@ _public_ struct udev_list_entry *udev_list_entry_get_next(struct udev_list_entry
  *
  * Returns: udev_list_entry, #NULL if no matching entry is found.
  */
-_public_ struct udev_list_entry *udev_list_entry_get_by_name(struct udev_list_entry *list_entry, const char *name) {
+_public_ struct udev_list_entry* udev_list_entry_get_by_name(struct udev_list_entry *list_entry, const char *name) {
         if (!list_entry)
                 return NULL;
         if (!list_entry->list->unique || !list_entry->list->uptodate)
@@ -214,7 +196,7 @@ _public_ struct udev_list_entry *udev_list_entry_get_by_name(struct udev_list_en
  *
  * Returns: the name string of this entry.
  */
-_public_ const char *udev_list_entry_get_name(struct udev_list_entry *list_entry) {
+_public_ const char* udev_list_entry_get_name(struct udev_list_entry *list_entry) {
         if (!list_entry)
                 return NULL;
         return list_entry->name;
@@ -228,7 +210,7 @@ _public_ const char *udev_list_entry_get_name(struct udev_list_entry *list_entry
  *
  * Returns: the value string of this entry.
  */
-_public_ const char *udev_list_entry_get_value(struct udev_list_entry *list_entry) {
+_public_ const char* udev_list_entry_get_value(struct udev_list_entry *list_entry) {
         if (!list_entry)
                 return NULL;
         return list_entry->value;

src/libudev/libudev-monitor.c

@@ -63,7 +63,7 @@ static MonitorNetlinkGroup monitor_netlink_group_from_string(const char *name) {
  *
  * Returns: a new udev monitor, or #NULL, in case of an error
  **/
-_public_ struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char *name) {
+_public_ struct udev_monitor* udev_monitor_new_from_netlink(struct udev *udev, const char *name) {
         _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *m = NULL;
         struct udev_monitor *udev_monitor;
         MonitorNetlinkGroup g;
@@ -133,7 +133,7 @@ _public_ int udev_monitor_set_receive_buffer_size(struct udev_monitor *udev_moni
         return sd_device_monitor_set_receive_buffer_size(udev_monitor->monitor, (size_t) size);
 }
 
-static struct udev_monitor *udev_monitor_free(struct udev_monitor *udev_monitor) {
+static struct udev_monitor* udev_monitor_free(struct udev_monitor *udev_monitor) {
         assert(udev_monitor);
 
         sd_device_monitor_unref(udev_monitor->monitor);
@@ -169,7 +169,7 @@ DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(struct udev_monitor, udev_monitor, udev_mon
  *
  * Returns: the udev library context
  **/
-_public_ struct udev *udev_monitor_get_udev(struct udev_monitor *udev_monitor) {
+_public_ struct udev* udev_monitor_get_udev(struct udev_monitor *udev_monitor) {
         assert_return(udev_monitor, NULL);
 
         return udev_monitor->udev;
@@ -236,7 +236,7 @@ static int udev_monitor_receive_sd_device(struct udev_monitor *udev_monitor, sd_
  *
  * Returns: a new udev device, or #NULL, in case of an error
  **/
-_public_ struct udev_device *udev_monitor_receive_device(struct udev_monitor *udev_monitor) {
+_public_ struct udev_device* udev_monitor_receive_device(struct udev_monitor *udev_monitor) {
         _cleanup_(sd_device_unrefp) sd_device *device = NULL;
         int r;
 

src/libudev/libudev-queue.c

@@ -40,7 +40,7 @@ struct udev_queue {
  *
  * Returns: the udev queue context, or #NULL on error.
  **/
-_public_ struct udev_queue *udev_queue_new(struct udev *udev) {
+_public_ struct udev_queue* udev_queue_new(struct udev *udev) {
         struct udev_queue *udev_queue;
 
         udev_queue = new(struct udev_queue, 1);
@@ -56,7 +56,7 @@ _public_ struct udev_queue *udev_queue_new(struct udev *udev) {
         return udev_queue;
 }
 
-static struct udev_queue *udev_queue_free(struct udev_queue *udev_queue) {
+static struct udev_queue* udev_queue_free(struct udev_queue *udev_queue) {
         assert(udev_queue);
 
         safe_close(udev_queue->fd);
@@ -91,7 +91,7 @@ DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(struct udev_queue, udev_queue, udev_queue_f
  *
  * Returns: the udev library context.
  **/
-_public_ struct udev *udev_queue_get_udev(struct udev_queue *udev_queue) {
+_public_ struct udev* udev_queue_get_udev(struct udev_queue *udev_queue) {
         assert_return_errno(udev_queue, NULL, EINVAL);
 
         return udev_queue->udev;
@@ -155,8 +155,11 @@ _public_ int udev_queue_get_queue_is_empty(struct udev_queue *udev_queue) {
  *
  * Returns: a flag indicating if udev is currently handling events.
  **/
-_public_ int udev_queue_get_seqnum_sequence_is_finished(struct udev_queue *udev_queue,
+_public_ int udev_queue_get_seqnum_sequence_is_finished(
-                                                        unsigned long long int start, unsigned long long int end) {
+                struct udev_queue *udev_queue,
+                unsigned long long int start,
+                unsigned long long int end) {
+
         return udev_queue_is_empty() > 0;
 }
 
@@ -181,7 +184,7 @@ _public_ int udev_queue_get_seqnum_is_finished(struct udev_queue *udev_queue, un
  *
  * Returns: NULL.
  **/
-_public_ struct udev_list_entry *udev_queue_get_queued_list_entry(struct udev_queue *udev_queue) {
+_public_ struct udev_list_entry* udev_queue_get_queued_list_entry(struct udev_queue *udev_queue) {
         return_with_errno(NULL, ENODATA);
 }
 

src/libudev/libudev.c

@@ -36,7 +36,7 @@ struct udev {
  *
  * Returns: stored userdata
  **/
-_public_ void *udev_get_userdata(struct udev *udev) {
+_public_ void* udev_get_userdata(struct udev *udev) {
         assert_return(udev, NULL);
 
         return udev->userdata;
@@ -66,7 +66,7 @@ _public_ void udev_set_userdata(struct udev *udev, void *userdata) {
  *
  * Returns: a new udev library context
  **/
-_public_ struct udev *udev_new(void) {
+_public_ struct udev* udev_new(void) {
         struct udev *udev;
 
         udev = new(struct udev, 1);
@@ -99,7 +99,7 @@ DEFINE_PUBLIC_TRIVIAL_REF_FUNC(struct udev, udev);
  *
  * Returns: the passed udev library context if it has still an active reference, or #NULL otherwise.
  **/
-_public_ struct udev *udev_unref(struct udev *udev) {
+_public_ struct udev* udev_unref(struct udev *udev) {
         if (!udev)
                 return NULL;
 
@@ -123,10 +123,14 @@ _public_ struct udev *udev_unref(struct udev *udev) {
  *
  **/
 _public_ void udev_set_log_fn(
-                        struct udev *udev,
+                struct udev *udev,
-                        void (*log_fn)(struct udev *udev,
+                void (*log_fn)(struct udev *udev,
-                                       int priority, const char *file, int line, const char *fn,
+                               int priority,
-                                       const char *format, va_list args)) {
+                               const char *file,
+                               int line,
+                               const char *fn,
+                               const char *format,
+                               va_list args)) {
         return;
 }
 

src/libudev/libudev.h

@@ -18,16 +18,21 @@ extern "C" {
  * allows custom logging
  */
 struct udev;
-struct udev *udev_ref(struct udev *udev);
+struct udev* udev_ref(struct udev *udev);
-struct udev *udev_unref(struct udev *udev);
+struct udev* udev_unref(struct udev *udev);
-struct udev *udev_new(void);
+struct udev* udev_new(void);
-void udev_set_log_fn(struct udev *udev,
+void udev_set_log_fn(
-                            void (*log_fn)(struct udev *udev,
+                struct udev *udev,
-                                           int priority, const char *file, int line, const char *fn,
+                void (*log_fn)(struct udev *udev,
-                                           const char *format, va_list args)) __attribute__((__deprecated__));
+                               int priority,
+                               const char *file,
+                               int line,
+                               const char *fn,
+                               const char *format,
+                               va_list args)) __attribute__((__deprecated__));
 int udev_get_log_priority(struct udev *udev) __attribute__((__deprecated__));
 void udev_set_log_priority(struct udev *udev, int priority) __attribute__((__deprecated__));
-void *udev_get_userdata(struct udev *udev);
+void* udev_get_userdata(struct udev *udev);
 void udev_set_userdata(struct udev *udev, void *userdata);
 
 /*
@@ -36,8 +41,8 @@ void udev_set_userdata(struct udev *udev, void *userdata);
  * access to libudev generated lists
  */
 struct udev_list_entry;
-struct udev_list_entry *udev_list_entry_get_next(struct udev_list_entry *list_entry);
+struct udev_list_entry* udev_list_entry_get_next(struct udev_list_entry *list_entry);
-struct udev_list_entry *udev_list_entry_get_by_name(struct udev_list_entry *list_entry, const char *name);
+struct udev_list_entry* udev_list_entry_get_by_name(struct udev_list_entry *list_entry, const char *name);
 const char* udev_list_entry_get_name(struct udev_list_entry *list_entry);
 const char* udev_list_entry_get_value(struct udev_list_entry *list_entry);
 /**
@@ -58,18 +63,20 @@ const char* udev_list_entry_get_value(struct udev_list_entry *list_entry);
  * access to sysfs/kernel devices
  */
 struct udev_device;
-struct udev_device *udev_device_ref(struct udev_device *udev_device);
+struct udev_device* udev_device_ref(struct udev_device *udev_device);
-struct udev_device *udev_device_unref(struct udev_device *udev_device);
+struct udev_device* udev_device_unref(struct udev_device *udev_device);
-struct udev *udev_device_get_udev(struct udev_device *udev_device);
+struct udev* udev_device_get_udev(struct udev_device *udev_device);
-struct udev_device *udev_device_new_from_syspath(struct udev *udev, const char *syspath);
+struct udev_device* udev_device_new_from_syspath(struct udev *udev, const char *syspath);
-struct udev_device *udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum);
+struct udev_device* udev_device_new_from_devnum(struct udev *udev, char type, dev_t devnum);
-struct udev_device *udev_device_new_from_subsystem_sysname(struct udev *udev, const char *subsystem, const char *sysname);
+struct udev_device* udev_device_new_from_subsystem_sysname(struct udev *udev, const char *subsystem, const char *sysname);
-struct udev_device *udev_device_new_from_device_id(struct udev *udev, const char *id);
+struct udev_device* udev_device_new_from_device_id(struct udev *udev, const char *id);
-struct udev_device *udev_device_new_from_environment(struct udev *udev);
+struct udev_device* udev_device_new_from_environment(struct udev *udev);
 /* udev_device_get_parent_*() does not take a reference on the returned device, it is automatically unref'd with the parent */
-struct udev_device *udev_device_get_parent(struct udev_device *udev_device);
+struct udev_device* udev_device_get_parent(struct udev_device *udev_device);
-struct udev_device *udev_device_get_parent_with_subsystem_devtype(struct udev_device *udev_device,
+struct udev_device* udev_device_get_parent_with_subsystem_devtype(
-                                                                  const char *subsystem, const char *devtype);
+                struct udev_device *udev_device,
+                const char *subsystem,
+                const char *devtype);
 /* retrieve device properties */
 const char* udev_device_get_devpath(struct udev_device *udev_device);
 const char* udev_device_get_subsystem(struct udev_device *udev_device);
@@ -79,11 +86,11 @@ const char* udev_device_get_sysname(struct udev_device *udev_device);
 const char* udev_device_get_sysnum(struct udev_device *udev_device);
 const char* udev_device_get_devnode(struct udev_device *udev_device);
 int udev_device_get_is_initialized(struct udev_device *udev_device);
-struct udev_list_entry *udev_device_get_devlinks_list_entry(struct udev_device *udev_device);
+struct udev_list_entry* udev_device_get_devlinks_list_entry(struct udev_device *udev_device);
-struct udev_list_entry *udev_device_get_properties_list_entry(struct udev_device *udev_device);
+struct udev_list_entry* udev_device_get_properties_list_entry(struct udev_device *udev_device);
-struct udev_list_entry *udev_device_get_tags_list_entry(struct udev_device *udev_device);
+struct udev_list_entry* udev_device_get_tags_list_entry(struct udev_device *udev_device);
-struct udev_list_entry *udev_device_get_current_tags_list_entry(struct udev_device *udev_device);
+struct udev_list_entry* udev_device_get_current_tags_list_entry(struct udev_device *udev_device);
-struct udev_list_entry *udev_device_get_sysattr_list_entry(struct udev_device *udev_device);
+struct udev_list_entry* udev_device_get_sysattr_list_entry(struct udev_device *udev_device);
 const char* udev_device_get_property_value(struct udev_device *udev_device, const char *key);
 const char* udev_device_get_driver(struct udev_device *udev_device);
 dev_t udev_device_get_devnum(struct udev_device *udev_device);
@@ -101,19 +108,21 @@ int udev_device_has_current_tag(struct udev_device *udev_device, const char *tag
  * access to kernel uevents and udev events
  */
 struct udev_monitor;
-struct udev_monitor *udev_monitor_ref(struct udev_monitor *udev_monitor);
+struct udev_monitor* udev_monitor_ref(struct udev_monitor *udev_monitor);
-struct udev_monitor *udev_monitor_unref(struct udev_monitor *udev_monitor);
+struct udev_monitor* udev_monitor_unref(struct udev_monitor *udev_monitor);
-struct udev *udev_monitor_get_udev(struct udev_monitor *udev_monitor);
+struct udev* udev_monitor_get_udev(struct udev_monitor *udev_monitor);
 /* kernel and udev generated events over netlink */
-struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char *name);
+struct udev_monitor* udev_monitor_new_from_netlink(struct udev *udev, const char *name);
 /* bind socket */
 int udev_monitor_enable_receiving(struct udev_monitor *udev_monitor);
 int udev_monitor_set_receive_buffer_size(struct udev_monitor *udev_monitor, int size);
 int udev_monitor_get_fd(struct udev_monitor *udev_monitor);
-struct udev_device *udev_monitor_receive_device(struct udev_monitor *udev_monitor);
+struct udev_device* udev_monitor_receive_device(struct udev_monitor *udev_monitor);
 /* in-kernel socket filters to select messages that get delivered to a listener */
-int udev_monitor_filter_add_match_subsystem_devtype(struct udev_monitor *udev_monitor,
+int udev_monitor_filter_add_match_subsystem_devtype(
-                                                    const char *subsystem, const char *devtype);
+                struct udev_monitor *udev_monitor,
+                const char *subsystem,
+                const char *devtype);
 int udev_monitor_filter_add_match_tag(struct udev_monitor *udev_monitor, const char *tag);
 int udev_monitor_filter_update(struct udev_monitor *udev_monitor);
 int udev_monitor_filter_remove(struct udev_monitor *udev_monitor);
@@ -124,10 +133,10 @@ int udev_monitor_filter_remove(struct udev_monitor *udev_monitor);
  * search sysfs for specific devices and provide a sorted list
  */
 struct udev_enumerate;
-struct udev_enumerate *udev_enumerate_ref(struct udev_enumerate *udev_enumerate);
+struct udev_enumerate* udev_enumerate_ref(struct udev_enumerate *udev_enumerate);
-struct udev_enumerate *udev_enumerate_unref(struct udev_enumerate *udev_enumerate);
+struct udev_enumerate* udev_enumerate_unref(struct udev_enumerate *udev_enumerate);
-struct udev *udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate);
+struct udev* udev_enumerate_get_udev(struct udev_enumerate *udev_enumerate);
-struct udev_enumerate *udev_enumerate_new(struct udev *udev);
+struct udev_enumerate* udev_enumerate_new(struct udev *udev);
 /* device properties filter */
 int udev_enumerate_add_match_subsystem(struct udev_enumerate *udev_enumerate, const char *subsystem);
 int udev_enumerate_add_nomatch_subsystem(struct udev_enumerate *udev_enumerate, const char *subsystem);
@@ -143,7 +152,7 @@ int udev_enumerate_add_syspath(struct udev_enumerate *udev_enumerate, const char
 int udev_enumerate_scan_devices(struct udev_enumerate *udev_enumerate);
 int udev_enumerate_scan_subsystems(struct udev_enumerate *udev_enumerate);
 /* return device list */
-struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enumerate *udev_enumerate);
+struct udev_list_entry* udev_enumerate_get_list_entry(struct udev_enumerate *udev_enumerate);
 
 /*
  * udev_queue
@@ -151,20 +160,22 @@ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enumerate *ude
  * access to the currently running udev events
  */
 struct udev_queue;
-struct udev_queue *udev_queue_ref(struct udev_queue *udev_queue);
+struct udev_queue* udev_queue_ref(struct udev_queue *udev_queue);
-struct udev_queue *udev_queue_unref(struct udev_queue *udev_queue);
+struct udev_queue* udev_queue_unref(struct udev_queue *udev_queue);
-struct udev *udev_queue_get_udev(struct udev_queue *udev_queue);
+struct udev* udev_queue_get_udev(struct udev_queue *udev_queue);
-struct udev_queue *udev_queue_new(struct udev *udev);
+struct udev_queue* udev_queue_new(struct udev *udev);
 unsigned long long int udev_queue_get_kernel_seqnum(struct udev_queue *udev_queue) __attribute__((__deprecated__));
 unsigned long long int udev_queue_get_udev_seqnum(struct udev_queue *udev_queue) __attribute__((__deprecated__));
 int udev_queue_get_udev_is_active(struct udev_queue *udev_queue);
 int udev_queue_get_queue_is_empty(struct udev_queue *udev_queue);
 int udev_queue_get_seqnum_is_finished(struct udev_queue *udev_queue, unsigned long long int seqnum) __attribute__((__deprecated__));
-int udev_queue_get_seqnum_sequence_is_finished(struct udev_queue *udev_queue,
+int udev_queue_get_seqnum_sequence_is_finished(
-                                               unsigned long long int start, unsigned long long int end) __attribute__((__deprecated__));
+                struct udev_queue *udev_queue,
+                unsigned long long int start,
+                unsigned long long int end) __attribute__((__deprecated__));
 int udev_queue_get_fd(struct udev_queue *udev_queue);
 int udev_queue_flush(struct udev_queue *udev_queue);
-struct udev_list_entry *udev_queue_get_queued_list_entry(struct udev_queue *udev_queue) __attribute__((__deprecated__));
+struct udev_list_entry* udev_queue_get_queued_list_entry(struct udev_queue *udev_queue) __attribute__((__deprecated__));
 
 /*
  *  udev_hwdb
@@ -172,10 +183,10 @@ struct udev_list_entry *udev_queue_get_queued_list_entry(struct udev_queue *udev
  *  access to the static hardware properties database
  */
 struct udev_hwdb;
-struct udev_hwdb *udev_hwdb_new(struct udev *udev);
+struct udev_hwdb* udev_hwdb_new(struct udev *udev);
-struct udev_hwdb *udev_hwdb_ref(struct udev_hwdb *hwdb);
+struct udev_hwdb* udev_hwdb_ref(struct udev_hwdb *hwdb);
-struct udev_hwdb *udev_hwdb_unref(struct udev_hwdb *hwdb);
+struct udev_hwdb* udev_hwdb_unref(struct udev_hwdb *hwdb);
-struct udev_list_entry *udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned flags);
+struct udev_list_entry* udev_hwdb_get_properties_list_entry(struct udev_hwdb *hwdb, const char *modalias, unsigned flags);
 
 /*
  * udev_util

src/login/logind-session-dbus.c

@@ -536,7 +536,7 @@ static int method_set_tty(sd_bus_message *message, void *userdata, sd_bus_error
         flags = fcntl(fd, F_GETFL, 0);
         if (flags < 0)
                 return -errno;
-        if ((flags & O_ACCMODE) != O_RDWR)
+        if ((flags & O_ACCMODE_STRICT) != O_RDWR)
                 return -EACCES;
         if (FLAGS_SET(flags, O_PATH))
                 return -ENOTTY;

src/mountfsd/mountwork.c

@@ -99,7 +99,7 @@ static int validate_image_fd(int fd, MountImageParameters *p) {
         if (fl < 0)
                 return log_debug_errno(fl, "Image file descriptor has unsafe flags set: %m");
 
-        switch (fl & O_ACCMODE) {
+        switch (fl & O_ACCMODE_STRICT) {
 
         case O_RDONLY:
                 p->read_only = true;

src/network/networkd-bridge-fdb.c

@@ -22,8 +22,7 @@
 
 #define STATIC_BRIDGE_FDB_ENTRIES_PER_NETWORK_MAX 1024U
 
-/* remove and FDB entry. */
+static BridgeFDB* bridge_fdb_free(BridgeFDB *fdb) {
-BridgeFDB *bridge_fdb_free(BridgeFDB *fdb) {
         if (!fdb)
                 return NULL;
 
@@ -40,7 +39,11 @@ BridgeFDB *bridge_fdb_free(BridgeFDB *fdb) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(BridgeFDB, bridge_fdb_free);
 
-/* create a new FDB entry or get an existing one. */
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                bridge_fdb_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                BridgeFDB, bridge_fdb_free);
+
 static int bridge_fdb_new_static(
                 Network *network,
                 const char *filename,
@@ -83,13 +86,12 @@ static int bridge_fdb_new_static(
                 .ntf_flags = NEIGHBOR_CACHE_ENTRY_FLAGS_SELF,
         };
 
-        r = hashmap_ensure_put(&network->bridge_fdb_entries_by_section, &config_section_hash_ops, fdb->section, fdb);
+        r = hashmap_ensure_put(&network->bridge_fdb_entries_by_section, &bridge_fdb_hash_ops_by_section, fdb->section, fdb);
         if (r < 0)
                 return r;
 
         /* return allocated FDB structure. */
         *ret = TAKE_PTR(fdb);
-
         return 0;
 }
 

src/network/networkd-bridge-fdb.h

@@ -40,8 +40,6 @@ typedef struct BridgeFDB {
         int outgoing_ifindex;
 } BridgeFDB;
 
-BridgeFDB *bridge_fdb_free(BridgeFDB *fdb);
-
 void network_drop_invalid_bridge_fdb_entries(Network *network);
 
 int link_request_static_bridge_fdb(Link *link);

src/network/networkd-bridge-mdb.c

@@ -10,13 +10,13 @@
 #include "networkd-manager.h"
 #include "networkd-network.h"
 #include "networkd-queue.h"
+#include "networkd-util.h"
 #include "string-util.h"
 #include "vlan-util.h"
 
 #define STATIC_BRIDGE_MDB_ENTRIES_PER_NETWORK_MAX 1024U
 
-/* remove MDB entry. */
+static BridgeMDB* bridge_mdb_free(BridgeMDB *mdb) {
-BridgeMDB *bridge_mdb_free(BridgeMDB *mdb) {
         if (!mdb)
                 return NULL;
 
@@ -32,7 +32,11 @@ BridgeMDB *bridge_mdb_free(BridgeMDB *mdb) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(BridgeMDB, bridge_mdb_free);
 
-/* create a new MDB entry or get an existing one. */
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                bridge_mdb_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                BridgeMDB, bridge_mdb_free);
+
 static int bridge_mdb_new_static(
                 Network *network,
                 const char *filename,
@@ -74,7 +78,7 @@ static int bridge_mdb_new_static(
                 .type = _BRIDGE_MDB_ENTRY_TYPE_INVALID,
         };
 
-        r = hashmap_ensure_put(&network->bridge_mdb_entries_by_section, &config_section_hash_ops, mdb->section, mdb);
+        r = hashmap_ensure_put(&network->bridge_mdb_entries_by_section, &bridge_mdb_hash_ops_by_section, mdb->section, mdb);
         if (r < 0)
                 return r;
 

src/network/networkd-bridge-mdb.h

@@ -5,7 +5,6 @@
 
 #include "conf-parser.h"
 #include "in-addr-util.h"
-#include "networkd-util.h"
 
 typedef struct Link Link;
 typedef struct Network Network;
@@ -30,8 +29,6 @@ typedef struct BridgeMDB {
         uint16_t vlan_id;
 } BridgeMDB;
 
-BridgeMDB *bridge_mdb_free(BridgeMDB *mdb);
-
 void network_drop_invalid_bridge_mdb_entries(Network *network);
 
 int link_request_static_bridge_mdb(Link *link);

src/network/networkd-dhcp-server-static-lease.c

@@ -7,9 +7,7 @@
 #include "networkd-network.h"
 #include "networkd-util.h"
 
-DEFINE_SECTION_CLEANUP_FUNCTIONS(DHCPStaticLease, dhcp_static_lease_free);
+static DHCPStaticLease* dhcp_static_lease_free(DHCPStaticLease *static_lease) {
-
-DHCPStaticLease *dhcp_static_lease_free(DHCPStaticLease *static_lease) {
         if (!static_lease)
                 return NULL;
 
@@ -21,6 +19,13 @@ DHCPStaticLease *dhcp_static_lease_free(DHCPStaticLease *static_lease) {
         return mfree(static_lease);
 }
 
+DEFINE_SECTION_CLEANUP_FUNCTIONS(DHCPStaticLease, dhcp_static_lease_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                static_lease_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                DHCPStaticLease, dhcp_static_lease_free);
+
 static int dhcp_static_lease_new(DHCPStaticLease **ret) {
         DHCPStaticLease *p;
 
@@ -60,7 +65,8 @@ static int lease_new_static(Network *network, const char *filename, unsigned sec
 
         static_lease->network = network;
         static_lease->section = TAKE_PTR(n);
-        r = hashmap_ensure_put(&network->dhcp_static_leases_by_section, &config_section_hash_ops, static_lease->section, static_lease);
+
+        r = hashmap_ensure_put(&network->dhcp_static_leases_by_section, &static_lease_hash_ops_by_section, static_lease->section, static_lease);
         if (r < 0)
                 return r;
 

src/network/networkd-dhcp-server-static-lease.h

@@ -19,7 +19,6 @@ typedef struct DHCPStaticLease {
         size_t client_id_size;
 } DHCPStaticLease;
 
-DHCPStaticLease *dhcp_static_lease_free(DHCPStaticLease *lease);
 void network_drop_invalid_static_leases(Network *network);
 
 CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_static_lease_address);

src/network/networkd-dns.c

@@ -281,7 +281,7 @@ int config_parse_dnssec_negative_trust_anchors(
         assert(rvalue);
 
         if (isempty(rvalue)) {
-                *nta = set_free_free(*nta);
+                *nta = set_free(*nta);
                 return 0;
         }
 
@@ -306,7 +306,7 @@ int config_parse_dnssec_negative_trust_anchors(
                         continue;
                 }
 
-                r = set_ensure_consume(nta, &dns_name_hash_ops, TAKE_PTR(w));
+                r = set_ensure_consume(nta, &dns_name_hash_ops_free, TAKE_PTR(w));
                 if (r < 0)
                         return log_oom();
         }

src/network/networkd-ipv6-proxy-ndp.c

@@ -22,7 +22,13 @@ void network_adjust_ipv6_proxy_ndp(Network *network) {
                 log_once(LOG_WARNING,
                          "%s: IPv6 proxy NDP addresses are set, but IPv6 is not supported by kernel, "
                          "Ignoring IPv6 proxy NDP addresses.", network->filename);
-                network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses);
+                network->ipv6_proxy_ndp_addresses = set_free(network->ipv6_proxy_ndp_addresses);
+                return;
+        }
+
+        if (network->ipv6_proxy_ndp == 0) {
+                log_warning("%s: IPv6ProxyNDP= is disabled. Ignoring IPv6ProxyNDPAddress=.", network->filename);
+                network->ipv6_proxy_ndp_addresses = set_free(network->ipv6_proxy_ndp_addresses);
         }
 }
 
@@ -149,7 +155,7 @@ int config_parse_ipv6_proxy_ndp_address(
         assert(rvalue);
 
         if (isempty(rvalue)) {
-                network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses);
+                network->ipv6_proxy_ndp_addresses = set_free(network->ipv6_proxy_ndp_addresses);
                 return 0;
         }
 
@@ -170,11 +176,9 @@ int config_parse_ipv6_proxy_ndp_address(
         if (!address)
                 return log_oom();
 
-        r = set_ensure_put(&network->ipv6_proxy_ndp_addresses, &in6_addr_hash_ops, address);
+        r = set_ensure_consume(&network->ipv6_proxy_ndp_addresses, &in6_addr_hash_ops_free, TAKE_PTR(address));
         if (r < 0)
                 return log_oom();
-        if (r > 0)
-                TAKE_PTR(address);
 
         return 0;
 }

src/network/networkd-link-bus.c

@@ -479,7 +479,7 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
 }
 
 int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-        _cleanup_set_free_free_ Set *ns = NULL;
+        _cleanup_set_free_ Set *ns = NULL;
         _cleanup_strv_free_ char **ntas = NULL;
         Link *l = ASSERT_PTR(userdata);
         int r;
@@ -502,7 +502,7 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid negative trust anchor domain: %s", *i);
         }
 
-        ns = set_new(&dns_name_hash_ops);
+        ns = set_new(&dns_name_hash_ops_free);
         if (!ns)
                 return -ENOMEM;
 
@@ -523,8 +523,7 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
         if (r == 0)
                 return 1; /* Polkit will call us back */
 
-        set_free_free(l->dnssec_negative_trust_anchors);
+        set_free_and_replace(l->dnssec_negative_trust_anchors, ns);
-        l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
 
         r = link_save_and_clean_full(l, /* also_save_manager = */ true);
         if (r < 0)

src/network/networkd-link.c

@@ -231,7 +231,7 @@ void link_dns_settings_clear(Link *link) {
         link->dnssec_mode = _DNSSEC_MODE_INVALID;
         link->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
 
-        link->dnssec_negative_trust_anchors = set_free_free(link->dnssec_negative_trust_anchors);
+        link->dnssec_negative_trust_anchors = set_free(link->dnssec_negative_trust_anchors);
 }
 
 static void link_free_engines(Link *link) {
@@ -261,7 +261,7 @@ static void link_free_engines(Link *link) {
         link->radv = sd_radv_unref(link->radv);
 }
 
-static Link *link_free(Link *link) {
+static Link* link_free(Link *link) {
         assert(link);
 
         (void) link_clear_sysctl_shadows(link);
@@ -295,7 +295,7 @@ static Link *link_free(Link *link) {
         hashmap_free(link->bound_to_links);
         hashmap_free(link->bound_by_links);
 
-        set_free_with_destructor(link->slaves, link_unref);
+        set_free(link->slaves);
 
         network_unref(link->network);
 
@@ -307,6 +307,11 @@ static Link *link_free(Link *link) {
 
 DEFINE_TRIVIAL_REF_UNREF_FUNC(Link, link, link_free);
 
+DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                link_hash_ops,
+                void, trivial_hash_func, trivial_compare_func,
+                Link, link_unref);
+
 int link_get_by_index(Manager *m, int ifindex, Link **ret) {
         Link *link;
 
@@ -985,7 +990,7 @@ static int link_append_to_master(Link *link) {
         if (link_get_master(link, &master) < 0)
                 return 0;
 
-        r = set_ensure_put(&master->slaves, NULL, link);
+        r = set_ensure_put(&master->slaves, &link_hash_ops, link);
         if (r <= 0)
                 return r;
 
@@ -2746,7 +2751,7 @@ static int link_new(Manager *manager, sd_netlink_message *message, Link **ret) {
                 .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID,
         };
 
-        r = hashmap_ensure_put(&manager->links_by_index, NULL, INT_TO_PTR(link->ifindex), link);
+        r = hashmap_ensure_put(&manager->links_by_index, &link_hash_ops, INT_TO_PTR(link->ifindex), link);
         if (r < 0)
                 return log_link_debug_errno(link, r, "Failed to store link into manager: %m");
 

src/network/networkd-link.h

@@ -222,6 +222,8 @@ typedef struct Link {
         char **ntp;
 } Link;
 
+extern const struct hash_ops link_hash_ops;
+
 typedef int (*link_netlink_message_handler_t)(sd_netlink*, sd_netlink_message*, Link*);
 
 bool link_is_ready_to_configure(Link *link, bool allow_unmanaged);

src/network/networkd-manager.c

@@ -672,15 +672,16 @@ Manager* manager_free(Manager *m) {
         m->request_queue = ordered_set_free(m->request_queue);
         m->remove_request_queue = ordered_set_free(m->remove_request_queue);
 
-        m->dirty_links = set_free_with_destructor(m->dirty_links, link_unref);
         m->new_wlan_ifindices = set_free(m->new_wlan_ifindices);
+
+        m->dirty_links = set_free(m->dirty_links);
         m->links_by_name = hashmap_free(m->links_by_name);
         m->links_by_hw_addr = hashmap_free(m->links_by_hw_addr);
         m->links_by_dhcp_pd_subnet_prefix = hashmap_free(m->links_by_dhcp_pd_subnet_prefix);
-        m->links_by_index = hashmap_free_with_destructor(m->links_by_index, link_unref);
+        m->links_by_index = hashmap_free(m->links_by_index);
 
         m->dhcp_pd_subnet_ids = set_free(m->dhcp_pd_subnet_ids);
-        m->networks = ordered_hashmap_free_with_destructor(m->networks, network_unref);
+        m->networks = ordered_hashmap_free(m->networks);
 
         /* The same object may be registered with multiple names, and netdev_detach() may drop multiple
          * entries. Hence, hashmap_free_with_destructor() cannot be used. */
@@ -691,7 +692,7 @@ Manager* manager_free(Manager *m) {
         m->tuntap_fds_by_name = hashmap_free(m->tuntap_fds_by_name);
 
         m->wiphy_by_name = hashmap_free(m->wiphy_by_name);
-        m->wiphy_by_index = hashmap_free_with_destructor(m->wiphy_by_index, wiphy_free);
+        m->wiphy_by_index = hashmap_free(m->wiphy_by_index);
 
         ordered_set_free(m->address_pools);
 

src/network/networkd-ndisc.c

@@ -89,11 +89,11 @@ void network_adjust_ndisc(Network *network) {
         /* When RouterAllowList=, PrefixAllowList= or RouteAllowList= are specified, then
          * RouterDenyList=, PrefixDenyList= or RouteDenyList= are ignored, respectively. */
         if (!set_isempty(network->ndisc_allow_listed_router))
-                network->ndisc_deny_listed_router = set_free_free(network->ndisc_deny_listed_router);
+                network->ndisc_deny_listed_router = set_free(network->ndisc_deny_listed_router);
         if (!set_isempty(network->ndisc_allow_listed_prefix))
-                network->ndisc_deny_listed_prefix = set_free_free(network->ndisc_deny_listed_prefix);
+                network->ndisc_deny_listed_prefix = set_free(network->ndisc_deny_listed_prefix);
         if (!set_isempty(network->ndisc_allow_listed_route_prefix))
-                network->ndisc_deny_listed_route_prefix = set_free_free(network->ndisc_deny_listed_route_prefix);
+                network->ndisc_deny_listed_route_prefix = set_free(network->ndisc_deny_listed_route_prefix);
 }
 
 static int ndisc_check_ready(Link *link);

src/network/networkd-network.c

@@ -44,6 +44,16 @@
 #include "strv.h"
 #include "tclass.h"
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                network_hash_ops,
+                char, string_hash_func, string_compare_func,
+                Network, network_unref);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                stacked_netdevs_hash_ops,
+                char, string_hash_func, string_compare_func,
+                NetDev, netdev_unref);
+
 static int network_resolve_netdev_one(Network *network, const char *name, NetDevKind kind, NetDev **ret) {
         const char *kind_string;
         NetDev *netdev;
@@ -105,14 +115,14 @@ static int network_resolve_stacked_netdevs(Network *network) {
                 if (network_resolve_netdev_one(network, name, PTR_TO_INT(kind), &netdev) <= 0)
                         continue;
 
-                r = hashmap_ensure_put(&network->stacked_netdevs, &string_hash_ops, netdev->ifname, netdev);
+                r = hashmap_ensure_put(&network->stacked_netdevs, &stacked_netdevs_hash_ops, netdev->ifname, netdev);
                 if (r == -ENOMEM)
                         return log_oom();
                 if (r < 0)
                         log_warning_errno(r, "%s: Failed to add NetDev '%s' to network, ignoring: %m",
                                           network->filename, (const char *) name);
 
-                netdev = NULL;
+                TAKE_PTR(netdev);
         }
 
         return 0;
@@ -291,11 +301,6 @@ int network_verify(Network *network) {
         if (network->keep_configuration < 0)
                 network->keep_configuration = KEEP_CONFIGURATION_NO;
 
-        if (network->ipv6_proxy_ndp == 0 && !set_isempty(network->ipv6_proxy_ndp_addresses)) {
-                log_warning("%s: IPv6ProxyNDP= is disabled. Ignoring IPv6ProxyNDPAddress=.", network->filename);
-                network->ipv6_proxy_ndp_addresses = set_free_free(network->ipv6_proxy_ndp_addresses);
-        }
-
         r = network_drop_invalid_addresses(network);
         if (r < 0)
                 return r; /* network_drop_invalid_addresses() logs internally. */
@@ -594,7 +599,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
         if (r < 0)
                 return r; /* network_verify() logs internally. */
 
-        r = ordered_hashmap_ensure_put(networks, &string_hash_ops, network->name, network);
+        r = ordered_hashmap_ensure_put(networks, &network_hash_ops, network->name, network);
         if (r < 0)
                 return log_warning_errno(r, "%s: Failed to store configuration into hashmap: %m", filename);
 
@@ -645,7 +650,7 @@ static bool network_netdev_equal(Network *a, Network *b) {
 }
 
 int network_reload(Manager *manager) {
-        OrderedHashmap *new_networks = NULL;
+        _cleanup_ordered_hashmap_free_ OrderedHashmap *new_networks = NULL;
         Network *n, *old;
         int r;
 
@@ -653,7 +658,7 @@ int network_reload(Manager *manager) {
 
         r = network_load(manager, &new_networks);
         if (r < 0)
-                goto failure;
+                return r;
 
         ORDERED_HASHMAP_FOREACH(n, new_networks) {
                 r = network_get_by_name(manager, n->name, &old);
@@ -675,14 +680,13 @@ int network_reload(Manager *manager) {
                 /* Nothing updated, use the existing Network object, and drop the new one. */
                 r = ordered_hashmap_replace(new_networks, old->name, old);
                 if (r < 0)
-                        goto failure;
+                        return r;
 
                 network_ref(old);
                 network_unref(n);
         }
 
-        ordered_hashmap_free_with_destructor(manager->networks, network_unref);
+        ordered_hashmap_free_and_replace(manager->networks, new_networks);
-        manager->networks = new_networks;
 
         r = manager_build_dhcp_pd_subnet_ids(manager);
         if (r < 0)
@@ -693,11 +697,6 @@ int network_reload(Manager *manager) {
                 return r;
 
         return 0;
-
-failure:
-        ordered_hashmap_free_with_destructor(new_networks, network_unref);
-
-        return r;
 }
 
 int manager_build_dhcp_pd_subnet_ids(Manager *manager) {
@@ -752,7 +751,7 @@ static Network *network_free(Network *network) {
         free(network->dns);
         ordered_set_free(network->search_domains);
         ordered_set_free(network->route_domains);
-        set_free_free(network->dnssec_negative_trust_anchors);
+        set_free(network->dnssec_negative_trust_anchors);
 
         /* DHCP server */
         free(network->dhcp_server_relay_agent_circuit_id);
@@ -825,23 +824,23 @@ static Network *network_free(Network *network) {
         netdev_unref(network->bridge);
         netdev_unref(network->bond);
         netdev_unref(network->vrf);
-        hashmap_free_with_destructor(network->stacked_netdevs, netdev_unref);
+        hashmap_free(network->stacked_netdevs);
 
         /* static configs */
-        set_free_free(network->ipv6_proxy_ndp_addresses);
+        set_free(network->ipv6_proxy_ndp_addresses);
         ordered_hashmap_free(network->addresses_by_section);
         hashmap_free(network->routes_by_section);
         ordered_hashmap_free(network->nexthops_by_section);
-        hashmap_free_with_destructor(network->bridge_fdb_entries_by_section, bridge_fdb_free);
+        hashmap_free(network->bridge_fdb_entries_by_section);
-        hashmap_free_with_destructor(network->bridge_mdb_entries_by_section, bridge_mdb_free);
+        hashmap_free(network->bridge_mdb_entries_by_section);
         ordered_hashmap_free(network->neighbors_by_section);
         hashmap_free(network->address_labels_by_section);
-        hashmap_free_with_destructor(network->prefixes_by_section, prefix_free);
+        hashmap_free(network->prefixes_by_section);
-        hashmap_free_with_destructor(network->route_prefixes_by_section, route_prefix_free);
+        hashmap_free(network->route_prefixes_by_section);
-        hashmap_free_with_destructor(network->pref64_prefixes_by_section, prefix64_free);
+        hashmap_free(network->pref64_prefixes_by_section);
         hashmap_free(network->rules_by_section);
-        hashmap_free_with_destructor(network->dhcp_static_leases_by_section, dhcp_static_lease_free);
+        hashmap_free(network->dhcp_static_leases_by_section);
-        ordered_hashmap_free_with_destructor(network->sr_iov_by_section, sr_iov_free);
+        ordered_hashmap_free(network->sr_iov_by_section);
         hashmap_free(network->qdiscs_by_section);
         hashmap_free(network->tclasses_by_section);
 

src/network/networkd-radv.c

@@ -35,7 +35,7 @@ bool link_radv_enabled(Link *link) {
         return link->network->router_prefix_delegation;
 }
 
-Prefix* prefix_free(Prefix *prefix) {
+static Prefix* prefix_free(Prefix *prefix) {
         if (!prefix)
                 return NULL;
 
@@ -52,6 +52,11 @@ Prefix* prefix_free(Prefix *prefix) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(Prefix, prefix_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                prefix_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                Prefix, prefix_free);
+
 static int prefix_new_static(Network *network, const char *filename, unsigned section_line, Prefix **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(prefix_freep) Prefix *prefix = NULL;
@@ -87,7 +92,7 @@ static int prefix_new_static(Network *network, const char *filename, unsigned se
                 .prefix.preferred_until = USEC_INFINITY,
         };
 
-        r = hashmap_ensure_put(&network->prefixes_by_section, &config_section_hash_ops, prefix->section, prefix);
+        r = hashmap_ensure_put(&network->prefixes_by_section, &prefix_hash_ops_by_section, prefix->section, prefix);
         if (r < 0)
                 return r;
 
@@ -95,7 +100,7 @@ static int prefix_new_static(Network *network, const char *filename, unsigned se
         return 0;
 }
 
-RoutePrefix* route_prefix_free(RoutePrefix *prefix) {
+static RoutePrefix* route_prefix_free(RoutePrefix *prefix) {
         if (!prefix)
                 return NULL;
 
@@ -111,6 +116,11 @@ RoutePrefix* route_prefix_free(RoutePrefix *prefix) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(RoutePrefix, route_prefix_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                route_prefix_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                RoutePrefix, route_prefix_free);
+
 static int route_prefix_new_static(Network *network, const char *filename, unsigned section_line, RoutePrefix **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(route_prefix_freep) RoutePrefix *prefix = NULL;
@@ -143,7 +153,7 @@ static int route_prefix_new_static(Network *network, const char *filename, unsig
                 .route.valid_until = USEC_INFINITY,
         };
 
-        r = hashmap_ensure_put(&network->route_prefixes_by_section, &config_section_hash_ops, prefix->section, prefix);
+        r = hashmap_ensure_put(&network->route_prefixes_by_section, &route_prefix_hash_ops_by_section, prefix->section, prefix);
         if (r < 0)
                 return r;
 
@@ -151,7 +161,7 @@ static int route_prefix_new_static(Network *network, const char *filename, unsig
         return 0;
 }
 
-Prefix64* prefix64_free(Prefix64 *prefix) {
+static Prefix64* prefix64_free(Prefix64 *prefix) {
         if (!prefix)
                 return NULL;
 
@@ -167,6 +177,11 @@ Prefix64* prefix64_free(Prefix64 *prefix) {
 
 DEFINE_SECTION_CLEANUP_FUNCTIONS(Prefix64, prefix64_free);
 
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                prefix64_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                Prefix64, prefix64_free);
+
 static int prefix64_new_static(Network *network, const char *filename, unsigned section_line, Prefix64 **ret) {
         _cleanup_(config_section_freep) ConfigSection *n = NULL;
         _cleanup_(prefix64_freep) Prefix64 *prefix = NULL;
@@ -199,7 +214,7 @@ static int prefix64_new_static(Network *network, const char *filename, unsigned
                 .prefix64.valid_until = USEC_INFINITY,
         };
 
-        r = hashmap_ensure_put(&network->pref64_prefixes_by_section, &config_section_hash_ops, prefix->section, prefix);
+        r = hashmap_ensure_put(&network->pref64_prefixes_by_section, &prefix64_hash_ops_by_section, prefix->section, prefix);
         if (r < 0)
                 return r;
 
@@ -809,9 +824,9 @@ void network_adjust_radv(Network *network) {
         }
 
         if (!FLAGS_SET(network->router_prefix_delegation, RADV_PREFIX_DELEGATION_STATIC)) {
-                network->prefixes_by_section = hashmap_free_with_destructor(network->prefixes_by_section, prefix_free);
+                network->prefixes_by_section = hashmap_free(network->prefixes_by_section);
-                network->route_prefixes_by_section = hashmap_free_with_destructor(network->route_prefixes_by_section, route_prefix_free);
+                network->route_prefixes_by_section = hashmap_free(network->route_prefixes_by_section);
-                network->pref64_prefixes_by_section = hashmap_free_with_destructor(network->pref64_prefixes_by_section, prefix64_free);
+                network->pref64_prefixes_by_section = hashmap_free(network->pref64_prefixes_by_section);
         }
 
         if (!network->router_prefix_delegation)

src/network/networkd-radv.h

@@ -52,10 +52,6 @@ typedef struct Prefix64 {
         sd_ndisc_prefix64 prefix64;
 } Prefix64;
 
-Prefix* prefix_free(Prefix *prefix);
-RoutePrefix* route_prefix_free(RoutePrefix *prefix);
-Prefix64* prefix64_free(Prefix64 *prefix);
-
 void network_adjust_radv(Network *network);
 
 int link_request_radv_addresses(Link *link);

src/network/networkd-state-file.c

@@ -947,8 +947,6 @@ static int link_save(Link *link) {
 }
 
 void link_dirty(Link *link) {
-        int r;
-
         assert(link);
         assert(link->manager);
 
@@ -962,10 +960,9 @@ void link_dirty(Link *link) {
         /* Also mark manager dirty as link is dirty */
         link->manager->dirty = true;
 
-        r = set_ensure_put(&link->manager->dirty_links, NULL, link);
+        if (set_ensure_put(&link->manager->dirty_links, &link_hash_ops, link) <= 0)
-        if (r <= 0)
+                return; /* Ignore allocation errors and don't take another ref if the link was already dirty */
-                /* Ignore allocation errors and don't take another ref if the link was already dirty */
+
-                return;
         link_ref(link);
 }
 

src/network/networkd-wiphy.c

@@ -12,7 +12,7 @@
 #include "udev-util.h"
 #include "wifi-util.h"
 
-Wiphy *wiphy_free(Wiphy *w) {
+static Wiphy* wiphy_free(Wiphy *w) {
         if (!w)
                 return NULL;
 
@@ -29,6 +29,13 @@ Wiphy *wiphy_free(Wiphy *w) {
         return mfree(w);
 }
 
+DEFINE_TRIVIAL_CLEANUP_FUNC(Wiphy*, wiphy_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                wiphy_hash_ops,
+                void, trivial_hash_func, trivial_compare_func,
+                Wiphy, wiphy_free);
+
 static int wiphy_new(Manager *manager, sd_netlink_message *message, Wiphy **ret) {
         _cleanup_(wiphy_freep) Wiphy *w = NULL;
         _cleanup_free_ char *name = NULL;
@@ -56,7 +63,7 @@ static int wiphy_new(Manager *manager, sd_netlink_message *message, Wiphy **ret)
                 .name = TAKE_PTR(name),
         };
 
-        r = hashmap_ensure_put(&manager->wiphy_by_index, NULL, UINT32_TO_PTR(w->index), w);
+        r = hashmap_ensure_put(&manager->wiphy_by_index, &wiphy_hash_ops, UINT32_TO_PTR(w->index), w);
         if (r < 0)
                 return r;
 

src/network/networkd-wiphy.h

@@ -31,9 +31,6 @@ typedef struct Wiphy {
         RFKillState rfkill_state;
 } Wiphy;
 
-Wiphy *wiphy_free(Wiphy *w);
-DEFINE_TRIVIAL_CLEANUP_FUNC(Wiphy*, wiphy_free);
-
 int wiphy_get_by_index(Manager *manager, uint32_t index, Wiphy **ret);
 int wiphy_get_by_name(Manager *manager, const char *name, Wiphy **ret);
 

src/shared/bpf-program.c

@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include <fcntl.h>
+#include <linux/bpf_insn.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -41,6 +42,69 @@ DEFINE_STRING_TABLE_LOOKUP(bpf_cgroup_attach_type, int);
 
 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(bpf_program_hash_ops, void, trivial_hash_func, trivial_compare_func, bpf_program_free);
 
+int bpf_program_supported(void) {
+        static bool cached = false;
+        static int result = 0;
+        int r;
+
+        /* Currently, we only use the following three types:
+        * - BPF_PROG_TYPE_CGROUP_SKB, supported since kernel v4.10 (0e33661de493db325435d565a4a722120ae4cbf3),
+        * - BPF_PROG_TYPE_CGROUP_DEVICE, supported since kernel v4.15 (ebc614f687369f9df99828572b1d85a7c2de3d92),
+        * - BPF_PROG_TYPE_CGROUP_SOCK_ADDR, supported since kernel v4.17 (4fbac77d2d092b475dda9eea66da674369665427).
+        * Hence, it is enough to check only one, as our baseline on the kernel is v5.4. */
+
+        if (cached)
+                return result;
+
+        cached = true;
+
+        _cleanup_(bpf_program_freep) BPFProgram *program = NULL;
+        r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, NULL, &program);
+        if (r < 0)
+                return result = r;
+
+        static const struct bpf_insn trivial[] = {
+                BPF_MOV64_IMM(BPF_REG_0, 1),
+                BPF_EXIT_INSN()
+        };
+        r = bpf_program_add_instructions(program, trivial, ELEMENTSOF(trivial));
+        if (r < 0)
+                return result = r;
+
+        r = bpf_program_load_kernel(program, NULL, 0);
+        if (r < 0)
+                return result = r;
+
+        /* Unfortunately the kernel allows us to create BPF_PROG_TYPE_CGROUP_SKB programs even when CONFIG_CGROUP_BPF
+         * is turned off at kernel compilation time. This sucks of course: why does it allow us to create a cgroup BPF
+         * program if we can't do a thing with it later?
+         *
+         * We detect this case by issuing the BPF_PROG_DETACH bpf() call with invalid file descriptors: if
+         * CONFIG_CGROUP_BPF is turned off, then the call will fail early with EINVAL. If it is turned on the
+         * parameters are validated however, and that'll fail with EBADF then. */
+
+        // FIXME: Clang doesn't 0-pad with structured initialization, causing
+        // the kernel to reject the bpf_attr as invalid. See:
+        // https://github.com/torvalds/linux/blob/v5.9/kernel/bpf/syscall.c#L65
+        // Ideally it should behave like GCC, so that we can remove these workarounds.
+        union bpf_attr attr;
+        zero(attr);
+        attr.attach_type = BPF_CGROUP_INET_EGRESS; /* since kernel v4.10 (0e33661de493db325435d565a4a722120ae4cbf3) */
+        attr.target_fd = -EBADF;
+        attr.attach_bpf_fd = -EBADF;
+
+        if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0) {
+                if (errno != EBADF)
+                        return result = log_debug_errno(errno, "Didn't get EBADF from invalid BPF_PROG_DETACH call: %m");
+
+                /* YAY! */
+                return result = true;
+        }
+
+        return result = log_debug_errno(SYNTHETIC_ERRNO(EBADE),
+                                        "Wut? Kernel accepted our invalid BPF_PROG_DETACH call? Something is weird, assuming BPF is broken and hence not supported.");
+}
+
 BPFProgram *bpf_program_free(BPFProgram *p) {
         if (!p)
                 return NULL;

src/shared/bpf-program.h

@@ -33,6 +33,8 @@ struct BPFProgram {
         uint32_t attached_flags;
 };
 
+int bpf_program_supported(void);
+
 int bpf_program_new(uint32_t prog_type, const char *prog_name, BPFProgram **ret);
 int bpf_program_new_from_bpffs_path(const char *path, BPFProgram **ret);
 BPFProgram *bpf_program_free(BPFProgram *p);

src/shared/data-fd-util.c

@@ -146,13 +146,13 @@ int memfd_clone_fd(int fd, const char *name, int mode) {
 
         assert(fd >= 0);
         assert(name);
-        assert(IN_SET(mode & O_ACCMODE, O_RDONLY, O_RDWR));
+        assert(IN_SET(mode & O_ACCMODE_STRICT, O_RDONLY, O_RDWR));
         assert((mode & ~(O_RDONLY|O_RDWR|O_CLOEXEC)) == 0);
 
         if (fstat(fd, &st) < 0)
                 return -errno;
 
-        ro = (mode & O_ACCMODE) == O_RDONLY;
+        ro = (mode & O_ACCMODE_STRICT) == O_RDONLY;
         exec = st.st_mode & 0111;
 
         mfd = memfd_create_wrapper(name,

src/shared/journal-file-util.c

@@ -504,7 +504,7 @@ int journal_file_open_reliably(
                     -EIDRM))            /* File has been deleted */
                 return r;
 
-        if ((open_flags & O_ACCMODE) == O_RDONLY)
+        if ((open_flags & O_ACCMODE_STRICT) == O_RDONLY)
                 return r;
 
         if (!(open_flags & O_CREAT))
@@ -519,7 +519,7 @@ int journal_file_open_reliably(
         /* The file is corrupted. Try opening it read-only as the template before rotating to inherit its
          * sequence number and ID. */
         r = journal_file_open(-EBADF, fname,
-                              (open_flags & ~(O_ACCMODE|O_CREAT|O_EXCL)) | O_RDONLY,
+                              (open_flags & ~(O_ACCMODE_STRICT|O_CREAT|O_EXCL)) | O_RDONLY,
                               file_flags, 0, compress_threshold_bytes, NULL,
                               mmap_cache, /* template = */ NULL, &old_file);
         if (r < 0)

src/shared/loop-util.c

@@ -500,7 +500,7 @@ static int loop_device_make_internal(
                 .block_size = sector_size,
                 .info = {
                         /* Use the specified flags, but configure the read-only flag from the open flags, and force autoclear */
-                        .lo_flags = (loop_flags & ~LO_FLAGS_READ_ONLY) | ((open_flags & O_ACCMODE) == O_RDONLY ? LO_FLAGS_READ_ONLY : 0) | LO_FLAGS_AUTOCLEAR,
+                        .lo_flags = (loop_flags & ~LO_FLAGS_READ_ONLY) | ((open_flags & O_ACCMODE_STRICT) == O_RDONLY ? LO_FLAGS_READ_ONLY : 0) | LO_FLAGS_AUTOCLEAR,
                         .lo_offset = offset,
                         .lo_sizelimit = size == UINT64_MAX ? 0 : size,
                 },

src/shared/netif-sriov.c

@@ -9,6 +9,25 @@
 #include "stdio-util.h"
 #include "string-util.h"
 
+static SRIOV* sr_iov_free(SRIOV *sr_iov) {
+        if (!sr_iov)
+                return NULL;
+
+        if (sr_iov->sr_iov_by_section && sr_iov->section)
+                ordered_hashmap_remove(sr_iov->sr_iov_by_section, sr_iov->section);
+
+        config_section_free(sr_iov->section);
+
+        return mfree(sr_iov);
+}
+
+DEFINE_SECTION_CLEANUP_FUNCTIONS(SRIOV, sr_iov_free);
+
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+                sr_iov_hash_ops_by_section,
+                ConfigSection, config_section_hash_func, config_section_compare_func,
+                SRIOV, sr_iov_free);
+
 static int sr_iov_new(SRIOV **ret) {
         SRIOV *sr_iov;
 
@@ -57,7 +76,7 @@ static int sr_iov_new_static(OrderedHashmap **sr_iov_by_section, const char *fil
         if (r < 0)
                 return r;
 
-        r = ordered_hashmap_ensure_put(sr_iov_by_section, &config_section_hash_ops, n, sr_iov);
+        r = ordered_hashmap_ensure_put(sr_iov_by_section, &sr_iov_hash_ops_by_section, n, sr_iov);
         if (r < 0)
                 return r;
 
@@ -68,18 +87,6 @@ static int sr_iov_new_static(OrderedHashmap **sr_iov_by_section, const char *fil
         return 0;
 }
 
-SRIOV *sr_iov_free(SRIOV *sr_iov) {
-        if (!sr_iov)
-                return NULL;
-
-        if (sr_iov->sr_iov_by_section && sr_iov->section)
-                ordered_hashmap_remove(sr_iov->sr_iov_by_section, sr_iov->section);
-
-        config_section_free(sr_iov->section);
-
-        return mfree(sr_iov);
-}
-
 void sr_iov_hash_func(const SRIOV *sr_iov, struct siphash *state) {
         assert(sr_iov);
         assert(state);

src/shared/netif-sriov.h

@@ -32,7 +32,6 @@ typedef struct SRIOV {
         struct ether_addr mac;
 } SRIOV;
 
-SRIOV *sr_iov_free(SRIOV *sr_iov);
 void sr_iov_hash_func(const SRIOV *sr_iov, struct siphash *state);
 int sr_iov_compare_func(const SRIOV *s1, const SRIOV *s2);
 int sr_iov_set_netlink_message(SRIOV *sr_iov, sd_netlink_message *req);
@@ -40,8 +39,6 @@ int sr_iov_get_num_vfs(sd_device *device, uint32_t *ret);
 int sr_iov_set_num_vfs(sd_device *device, uint32_t num_vfs, OrderedHashmap *sr_iov_by_section);
 int sr_iov_drop_invalid_sections(uint32_t num_vfs, OrderedHashmap *sr_iov_by_section);
 
-DEFINE_SECTION_CLEANUP_FUNCTIONS(SRIOV, sr_iov_free);
-
 CONFIG_PARSER_PROTOTYPE(config_parse_sr_iov_uint32);
 CONFIG_PARSER_PROTOTYPE(config_parse_sr_iov_boolean);
 CONFIG_PARSER_PROTOTYPE(config_parse_sr_iov_link_state);

src/shared/tests.c

@@ -219,7 +219,10 @@ static int allocate_scope(void) {
                 return 0;
         }
 
-        r = sd_bus_default_system(&bus);
+        if (geteuid() == 0)
+                r = sd_bus_default_system(&bus);
+        else
+                r = sd_bus_default_user(&bus);
         if (r < 0)
                 return log_error_errno(r, "Failed to connect to system bus: %m");
 

src/shutdown/detach-loopback.c

@@ -17,6 +17,7 @@
 #include "blockdev-util.h"
 #include "detach-loopback.h"
 #include "device-util.h"
+#include "errno-util.h"
 #include "fd-util.h"
 #include "shutdown.h"
 
@@ -106,8 +107,12 @@ static int delete_loopback(const char *device) {
 
         fd = open(device, O_RDONLY|O_CLOEXEC);
         if (fd < 0) {
-                log_debug_errno(errno, "Failed to open loopback device %s: %m", device);
+                if (ERRNO_IS_DEVICE_ABSENT(errno)) {
-                return errno == ENOENT ? 0 : -errno;
+                        log_debug_errno(errno, "Tried to open loopback device '%s', but device disappeared by now, ignoring: %m", device);
+                        return 0;
+                }
+
+                return log_debug_errno(errno, "Failed to open loopback device '%s': %m", device);
         }
 
         /* Loopback block devices don't sync in-flight blocks when we clear the fd, hence sync explicitly

src/shutdown/detach-md.c

@@ -131,12 +131,21 @@ static int delete_md(RaidDevice *m) {
         assert(m->path);
 
         fd = open(m->path, O_RDONLY|O_CLOEXEC|O_EXCL);
-        if (fd < 0)
+        if (fd < 0) {
-                return -errno;
+                if (ERRNO_IS_DEVICE_ABSENT(errno)) {
+                        log_debug_errno(errno, "Tried to open MD device '%s', but device disappeared by now, ignoring: %m", m->path);
+                        return 0;
+                }
+
+                return log_debug_errno(errno, "Failed to open MD device '%s': %m", m->path);
+        }
 
         (void) sync_with_progress(fd);
 
-        return RET_NERRNO(ioctl(fd, STOP_ARRAY, NULL));
+        if (ioctl(fd, STOP_ARRAY, NULL) < 0)
+                return log_debug_errno(errno, "Failed to issue STOP_ARRAY on MD device '%s': %m", m->path);
+
+        return 1;
 }
 
 static int md_points_list_detach(RaidDevice **head, bool *changed, bool last_try) {
@@ -164,8 +173,9 @@ static int md_points_list_detach(RaidDevice **head, bool *changed, bool last_try
                         n_failed++;
                         continue;
                 }
+                if (r > 0)
+                        *changed = true;
 
-                *changed = true;
                 raid_device_free(head, m);
         }
 

src/shutdown/detach-swap.c

@@ -7,6 +7,7 @@
 
 #include "alloc-util.h"
 #include "detach-swap.h"
+#include "errno-util.h"
 #include "libmount-util.h"
 
 static void swap_device_free(SwapDevice **head, SwapDevice *m) {
@@ -74,20 +75,23 @@ int swap_list_get(const char *swaps, SwapDevice **head) {
 }
 
 static int swap_points_list_off(SwapDevice **head, bool *changed) {
-        int n_failed = 0;
+        int n_failed = 0, r;
 
         assert(head);
         assert(changed);
 
         LIST_FOREACH(swap_device, m, *head) {
                 log_info("Deactivating swap %s.", m->path);
-                if (swapoff(m->path) < 0) {
+                r = RET_NERRNO(swapoff(m->path));
-                        log_warning_errno(errno, "Could not deactivate swap %s: %m", m->path);
+                if (ERRNO_IS_NEG_DEVICE_ABSENT(r))
+                        log_debug_errno(r, "Tried to deactivate swap '%s', but swap disappeared by now, ignoring: %m", m->path);
+                else if (r < 0) {
+                        log_warning_errno(r, "Could not deactivate swap %s: %m", m->path);
                         n_failed++;
                         continue;
-                }
+                } else
+                        *changed = true;
 
-                *changed = true;
                 swap_device_free(head, m);
         }
 

src/sysusers/sysusers.c

@@ -143,7 +143,7 @@ static void context_done(Context *c) {
         hashmap_free(c->database_by_gid);
         hashmap_free(c->database_by_groupname);
 
-        set_free_free(c->names);
+        set_free(c->names);
         uid_range_free(c->uid_range);
 }
 
@@ -231,9 +231,8 @@ static int load_user_database(Context *c) {
                 if (!n)
                         return -ENOMEM;
 
-                /* Note that we use NULL hash_ops (i.e. trivial_hash_ops) here, so identical strings can
+                /* Note that we use trivial_hash_ops_free here, so identical strings can exist in the set. */
-                 * exist in the set. */
+                r = set_ensure_consume(&c->names, &trivial_hash_ops_free, n);
-                r = set_ensure_consume(&c->names, /* hash_ops= */ NULL, n);
                 if (r < 0)
                         return r;
                 assert(r > 0);  /* The set uses pointer comparisons, so n must not be in the set. */
@@ -274,9 +273,8 @@ static int load_group_database(Context *c) {
                 if (!n)
                         return -ENOMEM;
 
-                /* Note that we use NULL hash_ops (i.e. trivial_hash_ops) here, so identical strings can
+                /* Note that we use trivial_hash_ops_free here, so identical strings can exist in the set. */
-                 * exist in the set. */
+                r = set_ensure_consume(&c->names, &trivial_hash_ops_free, n);
-                r = set_ensure_consume(&c->names, /* hash_ops= */ NULL, n);
                 if (r < 0)
                         return r;
                 assert(r > 0);  /* The set uses pointer comparisons, so n must not be in the set. */

src/sysv-generator/sysv-generator.c

@@ -64,7 +64,7 @@ typedef struct SysvStub {
         bool loaded;
 } SysvStub;
 
-static SysvStub* free_sysvstub(SysvStub *s) {
+static SysvStub* sysvstub_free(SysvStub *s) {
         if (!s)
                 return NULL;
 
@@ -78,11 +78,12 @@ static SysvStub* free_sysvstub(SysvStub *s) {
         strv_free(s->wanted_by);
         return mfree(s);
 }
-DEFINE_TRIVIAL_CLEANUP_FUNC(SysvStub*, free_sysvstub);
+DEFINE_TRIVIAL_CLEANUP_FUNC(SysvStub*, sysvstub_free);
 
-static void free_sysvstub_hashmapp(Hashmap **h) {
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
-        hashmap_free_with_destructor(*h, free_sysvstub);
+                sysvstub_hash_ops,
-}
+                char, string_hash_func, string_compare_func,
+                SysvStub, sysvstub_free);
 
 static int add_alias(const char *service, const char *alias) {
         _cleanup_free_ char *link = NULL;
@@ -728,7 +729,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) {
 
                 FOREACH_DIRENT(de, d, log_error_errno(errno, "Failed to enumerate directory %s, ignoring: %m", *path)) {
                         _cleanup_free_ char *fpath = NULL, *name = NULL;
-                        _cleanup_(free_sysvstubp) SysvStub *service = NULL;
+                        _cleanup_(sysvstub_freep) SysvStub *service = NULL;
                         struct stat st;
 
                         if (fstatat(dirfd(d), de->d_name, &st, 0) < 0) {
@@ -894,7 +895,7 @@ finish:
 }
 
 static int run(const char *dest, const char *dest_early, const char *dest_late) {
-        _cleanup_(free_sysvstub_hashmapp) Hashmap *all_services = NULL;
+        _cleanup_hashmap_free_ Hashmap *all_services = NULL;
         _cleanup_(lookup_paths_done) LookupPaths lp = {};
         SysvStub *service;
         int r;
@@ -910,7 +911,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
         if (r < 0)
                 return r;
 
-        all_services = hashmap_new(&string_hash_ops);
+        all_services = hashmap_new(&sysvstub_hash_ops);
         if (!all_services)
                 return log_oom();
 

src/test/test-bpf-devices.c

@@ -257,6 +257,11 @@ int main(int argc, char *argv[]) {
 
         test_setup_logging(LOG_DEBUG);
 
+        r = bpf_program_supported();
+        if (r < 0)
+                return log_tests_skipped_errno(r, "BPF device filter not supported");
+        ASSERT_TRUE(r);
+
         ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl));
         rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
         (void) setrlimit(RLIMIT_MEMLOCK, &rl);
@@ -274,11 +279,6 @@ int main(int argc, char *argv[]) {
         if (r < 0)
                 return log_tests_skipped_errno(r, "Failed to prepare cgroup subtree");
 
-        r = bpf_devices_supported();
-        if (r == 0)
-                return log_tests_skipped("BPF device filter not supported");
-        ASSERT_EQ(r, 1);
-
         r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, cgroup, NULL, &controller_path);
         ASSERT_OK(r);
 

src/test/test-bpf-firewall.c

@@ -31,7 +31,6 @@ int main(int argc, char *argv[]) {
         struct rlimit rl;
         int r;
         union bpf_attr attr;
-        bool test_custom_filter = false;
         const char *test_prog = "/sys/fs/bpf/test-dropper";
 
         test_setup_logging(LOG_DEBUG);
@@ -39,6 +38,11 @@ int main(int argc, char *argv[]) {
         if (detect_container() > 0)
                 return log_tests_skipped("test-bpf-firewall fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
 
+        r = bpf_program_supported();
+        if (r < 0)
+                return log_tests_skipped_errno(r, "BPF firewalling not supported");
+        ASSERT_TRUE(r);
+
         ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl));
         rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
         (void) setrlimit(RLIMIT_MEMLOCK, &rl);
@@ -65,34 +69,17 @@ int main(int argc, char *argv[]) {
         r = bpf_program_add_instructions(p, exit_insn, ELEMENTSOF(exit_insn));
         ASSERT_EQ(r, 0);
 
-        r = bpf_firewall_supported();
-        if (r == BPF_FIREWALL_UNSUPPORTED)
-                return log_tests_skipped("BPF firewalling not supported");
-        ASSERT_GT(r, 0);
-
-        if (r == BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
-                log_notice("BPF firewalling with BPF_F_ALLOW_MULTI supported. Yay!");
-                test_custom_filter = true;
-        } else
-                log_notice("BPF firewalling (though without BPF_F_ALLOW_MULTI) supported. Good.");
-
         r = bpf_program_load_kernel(p, log_buf, ELEMENTSOF(log_buf));
         ASSERT_OK(r);
 
-        if (test_custom_filter) {
+        zero(attr);
-                zero(attr);
+        attr.pathname = PTR_TO_UINT64(test_prog);
-                attr.pathname = PTR_TO_UINT64(test_prog);
+        attr.bpf_fd = p->kernel_fd;
-                attr.bpf_fd = p->kernel_fd;
+        attr.file_flags = 0;
-                attr.file_flags = 0;
 
-                (void) unlink(test_prog);
+        (void) unlink(test_prog);
 
-                r = bpf(BPF_OBJ_PIN, &attr, sizeof(attr));
+        ASSERT_OK(bpf(BPF_OBJ_PIN, &attr, sizeof(attr)));
-                if (r < 0) {
-                        log_warning_errno(errno, "BPF object pinning failed, will not run custom filter test: %m");
-                        test_custom_filter = false;
-                }
-        }
 
         p = bpf_program_free(p);
 
@@ -192,31 +179,30 @@ int main(int argc, char *argv[]) {
         assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.code != CLD_EXITED ||
                   SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.status != EXIT_SUCCESS);
 
-        if (test_custom_filter) {
+        /* testing custom filter */
-                assert_se(u = unit_new(m, sizeof(Service)));
+        assert_se(u = unit_new(m, sizeof(Service)));
-                assert_se(unit_add_name(u, "custom-filter.service") == 0);
+        assert_se(unit_add_name(u, "custom-filter.service") == 0);
-                assert_se(cc = unit_get_cgroup_context(u));
+        assert_se(cc = unit_get_cgroup_context(u));
-                u->perpetual = true;
+        u->perpetual = true;
 
-                cc->ip_accounting = true;
+        cc->ip_accounting = true;
 
-                assert_se(config_parse_ip_filter_bpf_progs(u->id, "filename", 1, "Service", 1, "IPIngressFilterPath", 0, test_prog, &cc->ip_filters_ingress, u) == 0);
+        assert_se(config_parse_ip_filter_bpf_progs(u->id, "filename", 1, "Service", 1, "IPIngressFilterPath", 0, test_prog, &cc->ip_filters_ingress, u) == 0);
-                assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "-/bin/ping -c 1 127.0.0.1 -W 5", SERVICE(u)->exec_command, u) == 0);
+        assert_se(config_parse_exec(u->id, "filename", 1, "Service", 1, "ExecStart", SERVICE_EXEC_START, "-/bin/ping -c 1 127.0.0.1 -W 5", SERVICE(u)->exec_command, u) == 0);
 
-                SERVICE(u)->type = SERVICE_ONESHOT;
+        SERVICE(u)->type = SERVICE_ONESHOT;
-                u->load_state = UNIT_LOADED;
+        u->load_state = UNIT_LOADED;
 
-                ASSERT_OK(unit_start(u, NULL));
+        ASSERT_OK(unit_start(u, NULL));
 
-                while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED))
+        while (!IN_SET(SERVICE(u)->state, SERVICE_DEAD, SERVICE_FAILED))
-                        assert_se(sd_event_run(m->event, UINT64_MAX) >= 0);
+                assert_se(sd_event_run(m->event, UINT64_MAX) >= 0);
 
-                assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code != CLD_EXITED ||
+        assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.code != CLD_EXITED ||
-                          SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status != EXIT_SUCCESS);
+                  SERVICE(u)->exec_command[SERVICE_EXEC_START]->exec_status.status != EXIT_SUCCESS);
 
-                (void) unlink(test_prog);
+        (void) unlink(test_prog);
-                assert_se(SERVICE(u)->state == SERVICE_DEAD);
+        assert_se(SERVICE(u)->state == SERVICE_DEAD);
-        }
 
         return 0;
 }

src/test/test-bpf-foreign-programs.c

@@ -279,8 +279,9 @@ int main(int argc, char *argv[]) {
         if (detect_container() > 0)
                 return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
 
-        if (getuid() != 0)
+        r = bpf_program_supported();
-                return log_tests_skipped("not running as root");
+        if (r < 0)
+                return log_tests_skipped_errno(r, "not running as root");
 
         ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl));
         rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);

src/test/test-fileio.c

@@ -1104,7 +1104,7 @@ TEST(fdopen_independent) {
         zero(buf);
         assert_se(fread(buf, 1, sizeof(buf), f) == strlen(TEST_TEXT));
         ASSERT_STREQ(buf, TEST_TEXT);
-        assert_se((fcntl(fileno(f), F_GETFL) & O_ACCMODE) == O_RDONLY);
+        assert_se((fcntl(fileno(f), F_GETFL) & O_ACCMODE_STRICT) == O_RDONLY);
         assert_se(FLAGS_SET(fcntl(fileno(f), F_GETFD), FD_CLOEXEC));
         f = safe_fclose(f);
 
@@ -1112,7 +1112,7 @@ TEST(fdopen_independent) {
         zero(buf);
         assert_se(fread(buf, 1, sizeof(buf), f) == strlen(TEST_TEXT));
         ASSERT_STREQ(buf, TEST_TEXT);
-        assert_se((fcntl(fileno(f), F_GETFL) & O_ACCMODE) == O_RDONLY);
+        assert_se((fcntl(fileno(f), F_GETFL) & O_ACCMODE_STRICT) == O_RDONLY);
         assert_se(!FLAGS_SET(fcntl(fileno(f), F_GETFD), FD_CLOEXEC));
         f = safe_fclose(f);
 
@@ -1120,7 +1120,7 @@ TEST(fdopen_independent) {
         zero(buf);
         assert_se(fread(buf, 1, sizeof(buf), f) == strlen(TEST_TEXT));
         ASSERT_STREQ(buf, TEST_TEXT);
-        assert_se((fcntl(fileno(f), F_GETFL) & O_ACCMODE) == O_RDWR);
+        assert_se((fcntl(fileno(f), F_GETFL) & O_ACCMODE_STRICT) == O_RDWR);
         assert_se(FLAGS_SET(fcntl(fileno(f), F_GETFD), FD_CLOEXEC));
         f = safe_fclose(f);
 }

src/udev/net/link-config.c

@@ -75,7 +75,7 @@ static LinkConfig* link_config_free(LinkConfig *config) {
         erase_and_free(config->wol_password);
         cpu_set_free(config->rps_cpu_mask);
 
-        ordered_hashmap_free_with_destructor(config->sr_iov_by_section, sr_iov_free);
+        ordered_hashmap_free(config->sr_iov_by_section);
 
         return mfree(config);
 }