src/boot/efi/boot.c

@@ -42,7 +42,6 @@ _used_ _section_(".osrel") static const char osrel[] =
 
 enum loader_type {
         LOADER_UNDEFINED,
-        LOADER_AUTO,
         LOADER_EFI,
         LOADER_LINUX,
         LOADER_STUB,
@@ -61,6 +60,7 @@ typedef struct {
         CHAR16 *options;
         CHAR16 key;
         EFI_STATUS (*call)(void);
+        BOOLEAN no_autoselect;
         BOOLEAN non_unique;
         UINTN tries_done;
         UINTN tries_left;
@@ -142,20 +142,27 @@ static BOOLEAN line_edit(
                 UINTN y_pos) {
 
         _cleanup_freepool_ CHAR16 *line = NULL, *print = NULL;
-        UINTN size, len, first = 0, cursor = 0, clear = 0;
+        UINTN size, len, first, cursor, clear;
+        BOOLEAN exit, enter;
 
         assert(line_out);
 
         if (!line_in)
                 line_in = L"";
 
-        len = StrLen(line_in);
+        size = StrLen(line_in) + 1024;
-        size = len + 1024;
         line = xnew(CHAR16, size);
-        print = xnew(CHAR16, x_max + 1);
-        StrCpy(line, line_in);
 
-        for (;;) {
+        StrCpy(line, line_in);
+        len = StrLen(line);
+        print = xnew(CHAR16, x_max + 1);
+
+        first = 0;
+        cursor = 0;
+        clear = 0;
+        enter = FALSE;
+        exit = FALSE;
+        while (!exit) {
                 EFI_STATUS err;
                 UINT64 key;
                 UINTN j;
@@ -189,7 +196,8 @@ static BOOLEAN line_edit(
                 case KEYPRESS(EFI_CONTROL_PRESSED, 0, 'g'):
                 case KEYPRESS(EFI_CONTROL_PRESSED, 0, CHAR_CTRL('c')):
                 case KEYPRESS(EFI_CONTROL_PRESSED, 0, CHAR_CTRL('g')):
-                        return FALSE;
+                        exit = TRUE;
+                        break;
 
                 case KEYPRESS(0, SCAN_HOME, 0):
                 case KEYPRESS(EFI_CONTROL_PRESSED, 0, 'a'):
@@ -316,7 +324,9 @@ static BOOLEAN line_edit(
                 case KEYPRESS(0, CHAR_CARRIAGE_RETURN, CHAR_CARRIAGE_RETURN): /* Teclast X98+ II firmware sends malformed events */
                         if (StrCmp(line, line_in) != 0)
                                 *line_out = TAKE_PTR(line);
-                        return TRUE;
+                        enter = TRUE;
+                        exit = TRUE;
+                        break;
 
                 case KEYPRESS(0, 0, CHAR_BACKSPACE):
                         if (len == 0)
@@ -363,6 +373,8 @@ static BOOLEAN line_edit(
                         continue;
                 }
         }
+
+        return enter;
 }
 
 static UINTN entry_lookup_key(Config *config, UINTN start, CHAR16 key) {
@@ -529,6 +541,7 @@ static void print_status(Config *config, CHAR16 *loaded_image_path) {
                 ps_string(L"        loader: %s\n", entry->loader);
                 ps_string(L"    devicetree: %s\n", entry->devicetree);
                 ps_string(L"       options: %s\n", entry->options);
+                  ps_bool(L"   auto-select: %s\n", !entry->no_autoselect);
                   ps_bool(L" internal call: %s\n", !!entry->call);
 
                   ps_bool(L"counting boots: %s\n", entry->tries_left != UINTN_MAX);
@@ -1632,6 +1645,12 @@ static INTN config_entry_compare(const ConfigEntry *a, const ConfigEntry *b) {
         return 0;
 }
 
+static void config_sort_entries(Config *config) {
+        assert(config);
+
+        sort_pointer_array((void**) config->entries, config->entry_count, (compare_pointer_func_t) config_entry_compare);
+}
+
 static UINTN config_entry_find(Config *config, const CHAR16 *needle) {
         assert(config);
 
@@ -1676,16 +1695,14 @@ static void config_default_entry_select(Config *config) {
         /* select the last suitable entry */
         i = config->entry_count;
         while (i--) {
-                if (config->entries[i]->type == LOADER_AUTO || config->entries[i]->call)
+                if (config->entries[i]->no_autoselect)
                         continue;
                 config->idx_default = i;
                 return;
         }
 
-        /* If no configured entry to select from was found, enable the menu. */
+        /* no entry found */
-        config->idx_default = 0;
+        config->idx_default = IDX_INVALID;
-        if (config->timeout_sec == 0)
-                config->timeout_sec = 10;
 }
 
 static BOOLEAN find_nonunique(ConfigEntry **entries, UINTN entry_count) {
@@ -1791,6 +1808,7 @@ static BOOLEAN config_entry_add_call(
                 .id = xstrdup(id),
                 .title = xstrdup(title),
                 .call = call,
+                .no_autoselect = TRUE,
                 .tries_done = UINTN_MAX,
                 .tries_left = UINTN_MAX,
         };
@@ -1903,16 +1921,19 @@ static BOOLEAN config_entry_add_loader_auto(
                 return FALSE;
         handle->Close(handle);
 
-        entry = config_entry_add_loader(config, device, LOADER_AUTO, id, key, title, loader, NULL);
+        entry = config_entry_add_loader(config, device, LOADER_UNDEFINED, id, key, title, loader, NULL);
         if (!entry)
                 return FALSE;
 
+        /* do not boot right away into auto-detected entries */
+        entry->no_autoselect = TRUE;
+
         return TRUE;
 }
 
 static void config_entry_add_osx(Config *config) {
         EFI_STATUS err;
-        UINTN n_handles = 0;
+        UINTN handle_count = 0;
         _cleanup_freepool_ EFI_HANDLE *handles = NULL;
 
         assert(config);
@@ -1920,25 +1941,21 @@ static void config_entry_add_osx(Config *config) {
         if (!config->auto_entries)
                 return;
 
-        err = LibLocateHandle(ByProtocol, &FileSystemProtocol, NULL, &n_handles, &handles);
+        err = LibLocateHandle(ByProtocol, &FileSystemProtocol, NULL, &handle_count, &handles);
-        if (EFI_ERROR(err))
+        if (!EFI_ERROR(err)) {
-                return;
+                for (UINTN i = 0; i < handle_count; i++) {
+                        EFI_FILE *root;
+                        BOOLEAN found;
 
-        for (UINTN i = 0; i < n_handles; i++) {
+                        root = LibOpenRoot(handles[i]);
-                _cleanup_(file_handle_closep) EFI_FILE *root = LibOpenRoot(handles[i]);
+                        if (!root)
-                if (!root)
+                                continue;
-                        continue;
+                        found = config_entry_add_loader_auto(config, handles[i], root, NULL, L"auto-osx", 'a', L"macOS",
-
+                                                             L"\\System\\Library\\CoreServices\\boot.efi");
-                if (config_entry_add_loader_auto(
+                        root->Close(root);
-                                config,
+                        if (found)
-                                handles[i],
+                                break;
-                                root,
+                }
-                                NULL,
-                                L"auto-osx",
-                                'a',
-                                L"macOS",
-                                L"\\System\\Library\\CoreServices\\boot.efi"))
-                        break;
         }
 }
 
@@ -2130,8 +2147,8 @@ static void config_load_xbootldr(
                 Config *config,
                 EFI_HANDLE *device) {
 
-        _cleanup_(file_handle_closep) EFI_FILE *root_dir = NULL;
         EFI_HANDLE new_device;
+        EFI_FILE *root_dir;
         EFI_STATUS err;
 
         assert(config);
@@ -2327,7 +2344,7 @@ static void config_load_all_entries(
         config_load_xbootldr(config, loaded_image->DeviceHandle);
 
         /* sort entries after version number */
-        sort_pointer_array((void **) config->entries, config->entry_count, (compare_pointer_func_t) config_entry_compare);
+        config_sort_entries(config);
 
         /* if we find some well-known loaders, add them to the end of the list */
         config_entry_add_osx(config);
@@ -2342,16 +2359,6 @@ static void config_load_all_entries(
                                       L"auto-reboot-to-firmware-setup",
                                       L"Reboot Into Firmware Interface",
                                       reboot_into_firmware);
-
-        if (config->entry_count == 0)
-                return
-
-        config_write_entries_to_variable(config);
-
-        config_title_generate(config);
-
-        /* select entry by configured pattern or EFI LoaderDefaultEntry= variable */
-        config_default_entry_select(config);
 }
 
 EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
@@ -2403,6 +2410,20 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
                 goto out;
         }
 
+        config_write_entries_to_variable(&config);
+
+        config_title_generate(&config);
+
+        /* select entry by configured pattern or EFI LoaderDefaultEntry= variable */
+        config_default_entry_select(&config);
+
+        /* if no configured entry to select from was found, enable the menu */
+        if (config.idx_default == IDX_INVALID) {
+                config.idx_default = 0;
+                if (config.timeout_sec == 0)
+                        config.timeout_sec = 10;
+        }
+
         /* select entry or show menu when key is pressed or timeout is set */
         if (config.force_menu || config.timeout_sec > 0)
                 menu = TRUE;

src/boot/efi/meson.build

@@ -312,10 +312,9 @@ efi_headers = files(
         'shim.h',
         'splash.h',
         'util.h',
-        'xbootldr.h',
+        'xbootldr.h')
-)
 
-common_sources = files(
+common_sources = [
         'assert.c',
         'devicetree.c',
         'disk.c',
@@ -323,34 +322,31 @@ common_sources = files(
         'measure.c',
         'pe.c',
         'secure-boot.c',
-        'util.c',
+        'util.c']
-)
 
-systemd_boot_sources = files(
+systemd_boot_sources = [
         'boot.c',
         'console.c',
         'drivers.c',
         'random-seed.c',
         'shim.c',
-        'xbootldr.c',
+        'xbootldr.c']
-)
 
-stub_sources = files(
+stub_sources = [
         'cpio.c',
         'initrd.c',
         'splash.c',
-        'stub.c',
+        'stub.c']
-)
 
 if efi_arch[1] in ['ia32', 'x86_64']
-        stub_sources += files('linux_x86.c')
+        stub_sources += 'linux_x86.c'
 else
-        stub_sources += files('linux.c')
+        stub_sources += 'linux.c'
 endif
 
 # BCD parser only makes sense on arches that Windows supports.
 if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
-        systemd_boot_sources += files('bcd.c')
+        systemd_boot_sources += 'bcd.c'
         tests += [
                 [['src/boot/efi/test-bcd.c'],
                  [],
@@ -366,10 +362,9 @@ endif
 systemd_boot_objects = []
 stub_objects = []
 foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources
-        # FIXME: replace ''.format(file) with fs.name(file) when meson_version requirement is >= 0.59.0
+        o_file = custom_target(file.split('/')[-1] + '.o',
-        o_file = custom_target('@0@.o'.format(file).split('/')[-1],
                                input : file,
-                               output : '@0@.o'.format(file).split('/')[-1],
+                               output : file.split('/')[-1] + '.o',
                                command : [cc.cmd_array(), '-c', '@INPUT@', '-o', '@OUTPUT@', efi_cflags],
                                depend_files : efi_headers + fundamental_headers)
         if (fundamental_source_paths + common_sources + systemd_boot_sources).contains(file)

src/boot/efi/util.c

@@ -529,17 +529,21 @@ void sort_pointer_array(
                 return;
 
         for (UINTN i = 1; i < n_members; i++) {
-                UINTN k;
+                BOOLEAN more = FALSE;
-                void *entry = array[i];
 
-                for (k = i; k > 0; k--) {
+                for (UINTN k = 0; k < n_members - i; k++) {
-                        if (compare(array[k - 1], entry) <= 0)
+                        void *entry;
-                                break;
 
-                        array[k] = array[k - 1];
+                        if (compare(array[k], array[k+1]) <= 0)
+                                continue;
+
+                        entry = array[k];
+                        array[k] = array[k+1];
+                        array[k+1] = entry;
+                        more = TRUE;
                 }
-
+                if (!more)
-                array[k] = entry;
+                        break;
         }
 }
 

src/core/execute.c

@@ -1732,6 +1732,21 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) {
 #endif
 
 #if HAVE_LIBBPF
+static bool skip_lsm_bpf_unsupported(const Unit* u, const char* msg) {
+        assert(u);
+        assert(u->manager);
+
+        if (lsm_bpf_supported())
+                return false;
+
+        /* lsm_bpf_setup succeeded */
+        if (u->manager->restrict_fs)
+                return false;
+
+        log_unit_debug(u, "LSM BPF not supported, skipping %s", msg);
+        return true;
+}
+
 static int apply_restrict_filesystems(Unit *u, const ExecContext *c) {
         assert(u);
         assert(c);
@@ -1739,11 +1754,8 @@ static int apply_restrict_filesystems(Unit *u, const ExecContext *c) {
         if (!exec_context_restrict_filesystems_set(c))
                 return 0;
 
-        if (!u->manager->restrict_fs) {
+        if (skip_lsm_bpf_unsupported(u, "RestrictFileSystems="))
-                /* LSM BPF is unsupported or lsm_bpf_setup failed */
-                log_unit_debug(u, "LSM BPF not supported, skipping RestrictFileSystems=");
                 return 0;
-        }
 
         return lsm_bpf_unit_restrict_filesystems(u, c->restrict_filesystems, c->restrict_filesystems_allow_list);
 }
@@ -4096,11 +4108,13 @@ static int exec_child(
         }
 
 #if HAVE_LIBBPF
-        if (unit->manager->restrict_fs) {
+        if (MANAGER_IS_SYSTEM(unit->manager) && lsm_bpf_supported()) {
-                int bpf_map_fd = lsm_bpf_map_restrict_fs_fd(unit);
+                int bpf_map_fd = -1;
+
+                bpf_map_fd = lsm_bpf_map_restrict_fs_fd(unit);
                 if (bpf_map_fd < 0) {
                         *exit_status = EXIT_FDS;
-                        return log_unit_error_errno(unit, bpf_map_fd, "Failed to get restrict filesystems BPF map fd: %m");
+                        return log_unit_error_errno(unit, r, "Failed to get restrict filesystems BPF map fd: %m");
                 }
 
                 r = add_shifted_fd(keep_fds, ELEMENTSOF(keep_fds), &n_keep_fds, bpf_map_fd, &bpf_map_fd);

src/fundamental/meson.build

@@ -8,16 +8,20 @@ fundamental_headers = files(
         'macro-fundamental.h',
         'sha256.h',
         'string-util-fundamental.h',
-        'types-fundamental.h',
+        'types-fundamental.h')
-)
+
+sources = '''
+        bootspec-fundamental.c
+        efivars-fundamental.c
+        string-util-fundamental.c
+        sha256.c
+'''.split()
 
 # for sd-boot
-fundamental_source_paths = files(
+fundamental_source_paths = []
-        'bootspec-fundamental.c',
+foreach source : sources
-        'efivars-fundamental.c',
+        fundamental_source_paths += meson.current_source_dir() / source
-        'sha256.c',
+endforeach
-        'string-util-fundamental.c',
-)
 
 # for libbasic
-fundamental_sources = fundamental_source_paths + fundamental_headers
+fundamental_sources = files(sources) + fundamental_headers

src/shared/boot-timestamps.c

@@ -5,13 +5,11 @@
 #include "efi-loader.h"
 #include "macro.h"
 #include "time-util.h"
-#include "virt.h"
 
 int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_timestamp *loader) {
         usec_t x = 0, y = 0, a;
         int r;
         dual_timestamp _n;
-        bool use_firmware = true;
 
         assert(firmware);
         assert(loader);
@@ -26,10 +24,6 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time
                 r = efi_loader_get_boot_usec(&x, &y);
                 if (r < 0)
                         return r;
-
-                /* If we are running in a VM, the init timestamp would
-                 * be equivalent to the host uptime. */
-                use_firmware = detect_vm() <= 0;
         }
 
         /* Let's convert this to timestamps where the firmware
@@ -39,14 +33,12 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time
          * the monotonic timestamps here as negative of the actual
          * value. */
 
-        if (use_firmware) {
+        firmware->monotonic = y;
-                firmware->monotonic = y;
-                a = n->monotonic + firmware->monotonic;
-                firmware->realtime = n->realtime > a ? n->realtime - a : 0;
-        } else
-                firmware->monotonic = firmware->realtime = 0;
-
         loader->monotonic = y - x;
+
+        a = n->monotonic + firmware->monotonic;
+        firmware->realtime = n->realtime > a ? n->realtime - a : 0;
+
         a = n->monotonic + loader->monotonic;
         loader->realtime = n->realtime > a ? n->realtime - a : 0;
 

test/test-fstab-generator.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
+set -ex
 
 if [[ -n "$1" ]]; then
     generator=$1
@@ -30,9 +30,7 @@ for f in "$src"/test-*.input; do
             sed -i -e 's:ExecStart=/lib/systemd/systemd-fsck:ExecStart=/usr/lib/systemd/systemd-fsck:' "$out"/systemd-fsck-root.service
         fi
 
-        # We store empty files rather than symlinks, so that they don't get pruned when packaged up, so compare
+        if ! diff -u "$out" "${f%.input}.expected"; then
-        # the list of filenames rather than their content
-        if ! diff -u <(find "$out" -printf '%P\n' | sort) <(find "${f%.input}.expected" -printf '%P\n' | sort); then
             echo "**** Unexpected output for $f"
             exit 1
         fi

test/test-fstab-generator/test-01-dev-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-02-dhcp.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-03-dhcp6.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-04-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-05-nfs4.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-06-ipv4.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-07-ipv6.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-08-implicit-nfs.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-09-cifs.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-10-iscsi.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-11-live.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-12-dev-sdx.expected/initrd-root-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-12-dev-sdx.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-13-label.expected/initrd-root-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-13-label.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-14-uuid.expected/initrd-root-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-14-uuid.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-15-partuuid.expected/initrd-root-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-15-partuuid.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-16-tmpfs.expected/initrd-root-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/test-fstab-generator/test-16-tmpfs.expected/initrd-usr-fs.target.requires/sysroot.mount

@@ -0,0 +1 @@
+../sysroot.mount

test/units/testsuite-55.sh

@@ -22,13 +22,7 @@ fi
 
 rm -rf /etc/systemd/system/testsuite-55-testbloat.service.d
 
-# Configure oomd explicitly to avoid conflicts with distro dropins
+echo "DefaultMemoryPressureDurationSec=2s" >>/etc/systemd/oomd.conf
-mkdir -p /etc/systemd/oomd.conf.d/
-echo -e "[OOM]\nDefaultMemoryPressureDurationSec=2s" >/etc/systemd/oomd.conf.d/99-oomd-test.conf
-mkdir -p /etc/systemd/system/-.slice.d/
-echo -e "[Slice]\nManagedOOMSwap=auto" >/etc/systemd/system/-.slice.d/99-oomd-test.conf
-mkdir -p /etc/systemd/system/user@.service.d/
-echo -e "[Service]\nManagedOOMMemoryPressure=auto\nManagedOOMMemoryPressureLimit=0%" >/etc/systemd/system/user@.service.d/99-oomd-test.conf
 
 mkdir -p /etc/systemd/system/systemd-oomd.service.d/
 echo -e "[Service]\nEnvironment=SYSTEMD_LOG_LEVEL=debug" >/etc/systemd/system/systemd-oomd.service.d/debug.conf