mirror of
https://github.com/systemd/systemd
synced 2024-10-04 15:21:01 +00:00
Merge pull request #30633 from mrc0mmand/cocci-shenanigans
coccinelle: rework how we run the Coccinelle transformations
This commit is contained in:
commit
fe3fcb9492
|
@ -3,7 +3,6 @@
|
||||||
expression e, v, flags;
|
expression e, v, flags;
|
||||||
expression list args;
|
expression list args;
|
||||||
@@
|
@@
|
||||||
+ return
|
|
||||||
- json_log(v, flags, 0, args);
|
- json_log(v, flags, 0, args);
|
||||||
+ json_log(v, flags, SYNTHETIC_ERRNO(e), args);
|
|
||||||
- return -e;
|
- return -e;
|
||||||
|
+ return json_log(v, flags, SYNTHETIC_ERRNO(e), args);
|
||||||
|
|
|
@ -2,6 +2,14 @@
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
# FIXME:
|
||||||
|
# - Coccinelle doesn't like our TEST() macros, which then causes name conflicts; i.e. Cocci can't process
|
||||||
|
# that TEST(xsetxattr) yields test_xsetxattr() and uses just xsetxattr() in this case, which then conflicts
|
||||||
|
# with the tested xsetxattr() function, leading up to the whole test case getting skipped due to
|
||||||
|
# conflicting typedefs
|
||||||
|
# - something keeps pulling in src/boot/efi/*.h stuff, even though it's excluded
|
||||||
|
# - Coccinelle has issues with some of our more complex macros
|
||||||
|
|
||||||
# Exclude following paths from the Coccinelle transformations
|
# Exclude following paths from the Coccinelle transformations
|
||||||
EXCLUDED_PATHS=(
|
EXCLUDED_PATHS=(
|
||||||
"src/boot/efi/*"
|
"src/boot/efi/*"
|
||||||
|
@ -10,13 +18,17 @@ EXCLUDED_PATHS=(
|
||||||
# Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
|
# Symlinked to test-bus-vtable-cc.cc, which causes issues with the IN_SET macro
|
||||||
"src/libsystemd/sd-bus/test-bus-vtable.c"
|
"src/libsystemd/sd-bus/test-bus-vtable.c"
|
||||||
"src/libsystemd/sd-journal/lookup3.c"
|
"src/libsystemd/sd-journal/lookup3.c"
|
||||||
|
# Ignore man examples, as they redefine some macros we use internally, which makes Coccinelle complain
|
||||||
|
# and ignore code that tries to use the redefined stuff
|
||||||
|
"man/*"
|
||||||
)
|
)
|
||||||
|
|
||||||
TOP_DIR="$(git rev-parse --show-toplevel)"
|
TOP_DIR="$(git rev-parse --show-toplevel)"
|
||||||
|
CACHE_DIR="$(dirname "$0")/.coccinelle-cache"
|
||||||
ARGS=()
|
ARGS=()
|
||||||
|
|
||||||
# Create an array from files tracked by git...
|
# Create an array from files tracked by git...
|
||||||
mapfile -t FILES < <(git ls-files ':/*.[ch]')
|
mapfile -t FILES < <(git ls-files ':/*.c')
|
||||||
# ...and filter everything that matches patterns from EXCLUDED_PATHS
|
# ...and filter everything that matches patterns from EXCLUDED_PATHS
|
||||||
for excl in "${EXCLUDED_PATHS[@]}"; do
|
for excl in "${EXCLUDED_PATHS[@]}"; do
|
||||||
# shellcheck disable=SC2206
|
# shellcheck disable=SC2206
|
||||||
|
@ -37,12 +49,43 @@ fi
|
||||||
|
|
||||||
[[ ${#@} -ne 0 ]] && SCRIPTS=("$@") || SCRIPTS=("$TOP_DIR"/coccinelle/*.cocci)
|
[[ ${#@} -ne 0 ]] && SCRIPTS=("$@") || SCRIPTS=("$TOP_DIR"/coccinelle/*.cocci)
|
||||||
|
|
||||||
|
mkdir -p "$CACHE_DIR"
|
||||||
|
echo "--x-- Using Coccinelle cache directory: $CACHE_DIR"
|
||||||
|
echo "--x--"
|
||||||
|
echo "--x-- Note: running spatch for the first time without populated cache takes"
|
||||||
|
echo "--x-- a _long_ time (15-30 minutes). Also, the cache is quite large"
|
||||||
|
echo "--x-- (~15 GiB), so make sure you have enough free space."
|
||||||
|
echo
|
||||||
|
|
||||||
for script in "${SCRIPTS[@]}"; do
|
for script in "${SCRIPTS[@]}"; do
|
||||||
echo "--x-- Processing $script --x--"
|
echo "--x-- Processing $script --x--"
|
||||||
TMPFILE="$(mktemp)"
|
TMPFILE="$(mktemp)"
|
||||||
echo "+ spatch --sp-file $script ${ARGS[*]} ..."
|
echo "+ spatch --sp-file $script ${ARGS[*]} ..."
|
||||||
parallel --halt now,fail=1 --keep-order --noswap --max-args=20 \
|
# A couple of notes:
|
||||||
spatch --macro-file="$TOP_DIR/coccinelle/macros.h" --smpl-spacing --sp-file "$script" "${ARGS[@]}" ::: "${FILES[@]}" \
|
#
|
||||||
|
# 1) Limit this to 10 files at once, as processing the ASTs is _very_ memory hungry - e.g. with 20 files
|
||||||
|
# at once one spatch process can take around 2.5 GiB of RAM, which can easily eat up all available RAM
|
||||||
|
# when paired together with parallel
|
||||||
|
#
|
||||||
|
# 2) Make sure spatch can find our includes via -I <dir>, similarly as we do when compiling stuff
|
||||||
|
#
|
||||||
|
# 3) Make sure to include includes from includes (--recursive-includes), but use them only to get type
|
||||||
|
# definitions (--include-headers-for-types) - otherwise we'd start formating them as well, which might be
|
||||||
|
# unwanted, especially for includes we fetch verbatim from third-parties
|
||||||
|
#
|
||||||
|
# 4) Use cache, since generating the full AST is _very_ expensive, i.e. the uncached run takes 15 - 30
|
||||||
|
# minutes (for one rule(!)), vs 30 - 90 seconds when the cache is populated. One major downside of the
|
||||||
|
# cache is that it's quite big - ATTOW the cache takes around 15 GiB, but the performance boost is
|
||||||
|
# definitely worth it
|
||||||
|
parallel --halt now,fail=1 --keep-order --noswap --max-args=10 \
|
||||||
|
spatch --cache-prefix "$CACHE_DIR" \
|
||||||
|
-I src \
|
||||||
|
--recursive-includes \
|
||||||
|
--include-headers-for-types \
|
||||||
|
--smpl-spacing \
|
||||||
|
--sp-file "$script" \
|
||||||
|
"${ARGS[@]}" ::: "${FILES[@]}" \
|
||||||
2>"$TMPFILE" || cat "$TMPFILE"
|
2>"$TMPFILE" || cat "$TMPFILE"
|
||||||
|
rm -f "$TMPFILE"
|
||||||
echo -e "--x-- Processed $script --x--\n"
|
echo -e "--x-- Processed $script --x--\n"
|
||||||
done
|
done
|
||||||
|
|
|
@ -1,28 +1,13 @@
|
||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||||
@@
|
@@
|
||||||
position p : script:python() { p[0].file != "src/journal/lookup3.c" };
|
position p : script:python() { p[0].file != "src/journal/lookup3.c" };
|
||||||
identifier id;
|
expression e,e1;
|
||||||
expression e;
|
|
||||||
@@
|
@@
|
||||||
if (...)
|
- if (e) {
|
||||||
- {
|
+ if (e)
|
||||||
(
|
(
|
||||||
id@p(...);
|
e1@p;
|
||||||
|
|
|
|
||||||
e@p;
|
return e1@p;
|
||||||
)
|
|
||||||
- }
|
|
||||||
|
|
||||||
@@
|
|
||||||
position p : script:python() { p[0].file != "src/journal/lookup3.c" };
|
|
||||||
identifier id;
|
|
||||||
expression e;
|
|
||||||
@@
|
|
||||||
if (...)
|
|
||||||
- {
|
|
||||||
(
|
|
||||||
return id@p(...);
|
|
||||||
|
|
|
||||||
return e@p;
|
|
||||||
)
|
)
|
||||||
- }
|
- }
|
||||||
|
|
|
@ -1311,7 +1311,7 @@ int bus_set_transient_exec_command(
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
/* Drop Ex from the written setting. E.g. ExecStart=, not ExecStartEx=. */
|
/* Drop Ex from the written setting. E.g. ExecStart=, not ExecStartEx=. */
|
||||||
const char *written_name = is_ex_prop ? strndupa(name, strlen(name) - 2) : name;
|
const char *written_name = is_ex_prop ? strndupa_safe(name, strlen(name) - 2) : name;
|
||||||
|
|
||||||
r = sd_bus_message_enter_container(message, 'a', is_ex_prop ? "(sasas)" : "(sasb)");
|
r = sd_bus_message_enter_container(message, 'a', is_ex_prop ? "(sasas)" : "(sasb)");
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|
|
@ -879,7 +879,7 @@ static int request_handler_machine(
|
||||||
SD_ID128_FORMAT_VAL(bid),
|
SD_ID128_FORMAT_VAL(bid),
|
||||||
hostname_cleanup(hostname),
|
hostname_cleanup(hostname),
|
||||||
os_release_pretty_name(pretty_name, os_name),
|
os_release_pretty_name(pretty_name, os_name),
|
||||||
v ? v : "bare",
|
v ?: "bare",
|
||||||
usage,
|
usage,
|
||||||
cutoff_from,
|
cutoff_from,
|
||||||
cutoff_to);
|
cutoff_to);
|
||||||
|
|
|
@ -627,7 +627,7 @@ static int message_new_reply(
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
t->dont_send = !!(call->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED);
|
t->dont_send = FLAGS_SET(call->header->flags, BUS_MESSAGE_NO_REPLY_EXPECTED);
|
||||||
t->enforced_reply_signature = call->enforced_reply_signature;
|
t->enforced_reply_signature = call->enforced_reply_signature;
|
||||||
|
|
||||||
/* let's copy the sensitive flag over. Let's do that as a safety precaution to keep a transaction
|
/* let's copy the sensitive flag over. Let's do that as a safety precaution to keep a transaction
|
||||||
|
|
|
@ -217,7 +217,7 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
|
||||||
/* And possibly check the third line, too */
|
/* And possibly check the third line, too */
|
||||||
if (b->accept_fd) {
|
if (b->accept_fd) {
|
||||||
l = lines[i++];
|
l = lines[i++];
|
||||||
b->can_fds = !!memory_startswith(l, lines[i] - l, "AGREE_UNIX_FD");
|
b->can_fds = memory_startswith(l, lines[i] - l, "AGREE_UNIX_FD");
|
||||||
}
|
}
|
||||||
|
|
||||||
assert(i == n);
|
assert(i == n);
|
||||||
|
|
|
@ -321,7 +321,7 @@ _public_ int sd_bus_set_bus_client(sd_bus *bus, int b) {
|
||||||
assert_return(!bus->patch_sender, -EPERM);
|
assert_return(!bus->patch_sender, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->bus_client = !!b;
|
bus->bus_client = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -331,7 +331,7 @@ _public_ int sd_bus_set_monitor(sd_bus *bus, int b) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->is_monitor = !!b;
|
bus->is_monitor = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -341,7 +341,7 @@ _public_ int sd_bus_negotiate_fds(sd_bus *bus, int b) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->accept_fd = !!b;
|
bus->accept_fd = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -353,7 +353,7 @@ _public_ int sd_bus_negotiate_timestamp(sd_bus *bus, int b) {
|
||||||
|
|
||||||
/* This is not actually supported by any of our transports these days, but we do honour it for synthetic
|
/* This is not actually supported by any of our transports these days, but we do honour it for synthetic
|
||||||
* replies, and maybe one day classic D-Bus learns this too */
|
* replies, and maybe one day classic D-Bus learns this too */
|
||||||
bus->attach_timestamp = !!b;
|
bus->attach_timestamp = b;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -380,7 +380,7 @@ _public_ int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->is_server = !!b;
|
bus->is_server = b;
|
||||||
bus->server_id = server_id;
|
bus->server_id = server_id;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -391,7 +391,7 @@ _public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->anonymous_auth = !!b;
|
bus->anonymous_auth = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -401,7 +401,7 @@ _public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->trusted = !!b;
|
bus->trusted = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -419,7 +419,7 @@ _public_ int sd_bus_set_allow_interactive_authorization(sd_bus *bus, int b) {
|
||||||
assert_return(bus = bus_resolve(bus), -ENOPKG);
|
assert_return(bus = bus_resolve(bus), -ENOPKG);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->allow_interactive_authorization = !!b;
|
bus->allow_interactive_authorization = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -437,7 +437,7 @@ _public_ int sd_bus_set_watch_bind(sd_bus *bus, int b) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->watch_bind = !!b;
|
bus->watch_bind = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -455,7 +455,7 @@ _public_ int sd_bus_set_connected_signal(sd_bus *bus, int b) {
|
||||||
assert_return(bus->state == BUS_UNSET, -EPERM);
|
assert_return(bus->state == BUS_UNSET, -EPERM);
|
||||||
assert_return(!bus_origin_changed(bus), -ECHILD);
|
assert_return(!bus_origin_changed(bus), -ECHILD);
|
||||||
|
|
||||||
bus->connected_signal = !!b;
|
bus->connected_signal = b;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -494,10 +494,9 @@ static int client(struct context *c) {
|
||||||
}
|
}
|
||||||
assert_se(sd_bus_message_exit_container(reply) >= 0);
|
assert_se(sd_bus_message_exit_container(reply) >= 0);
|
||||||
|
|
||||||
if (streq(path, "/value/a")) {
|
if (streq(path, "/value/a"))
|
||||||
/* ObjectManager must be here */
|
/* ObjectManager must be here */
|
||||||
assert_se(found_object_manager_interface);
|
assert_se(found_object_manager_interface);
|
||||||
}
|
|
||||||
|
|
||||||
} else
|
} else
|
||||||
assert_se(sd_bus_message_skip(reply, "a{sa{sv}}") >= 0);
|
assert_se(sd_bus_message_skip(reply, "a{sa{sv}}") >= 0);
|
||||||
|
|
|
@ -5038,7 +5038,7 @@ _public_ int sd_event_set_watchdog(sd_event *e, int b) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
e->watchdog = !!b;
|
e->watchdog = b;
|
||||||
return e->watchdog;
|
return e->watchdog;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
|
|
|
@ -172,10 +172,8 @@ static int run(int argc, char *argv[]) {
|
||||||
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
|
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
|
||||||
|
|
||||||
ctx = kmod_new(NULL, NULL);
|
ctx = kmod_new(NULL, NULL);
|
||||||
if (!ctx) {
|
if (!ctx)
|
||||||
log_error("Failed to allocate memory for kmod.");
|
return log_oom();
|
||||||
return -ENOMEM;
|
|
||||||
}
|
|
||||||
|
|
||||||
kmod_load_resources(ctx);
|
kmod_load_resources(ctx);
|
||||||
kmod_set_log_fn(ctx, systemd_kmod_log, NULL);
|
kmod_set_log_fn(ctx, systemd_kmod_log, NULL);
|
||||||
|
|
|
@ -608,7 +608,7 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sd_ndisc_router_route_get_preference(rt, &preference);
|
r = sd_ndisc_router_route_get_preference(rt, &preference);
|
||||||
if (r == -ENOTSUP) {
|
if (r == -EOPNOTSUPP) {
|
||||||
log_link_debug_errno(link, r, "Received route prefix with unsupported preference, ignoring: %m");
|
log_link_debug_errno(link, r, "Received route prefix with unsupported preference, ignoring: %m");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2869,7 +2869,7 @@ int config_parse_route_tcp_rto(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (IN_SET(usec, 0, USEC_INFINITY) ||
|
if (!timestamp_is_set(usec) ||
|
||||||
DIV_ROUND_UP(usec, USEC_PER_MSEC) > UINT32_MAX) {
|
DIV_ROUND_UP(usec, USEC_PER_MSEC) > UINT32_MAX) {
|
||||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||||
"Route TCP retransmission timeout (RTO) must be in the range 0…%"PRIu32"ms, ignoring assignment: %s", UINT32_MAX, rvalue);
|
"Route TCP retransmission timeout (RTO) must be in the range 0…%"PRIu32"ms, ignoring assignment: %s", UINT32_MAX, rvalue);
|
||||||
|
|
|
@ -1837,10 +1837,8 @@ static int oci_seccomp_syscalls(const char *name, JsonVariant *v, JsonDispatchFl
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (strv_isempty(rule.names)) {
|
if (strv_isempty(rule.names))
|
||||||
json_log(e, flags, 0, "System call name list is empty.");
|
return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "System call name list is empty.");
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
STRV_FOREACH(i, rule.names) {
|
STRV_FOREACH(i, rule.names) {
|
||||||
int nr;
|
int nr;
|
||||||
|
|
|
@ -4172,8 +4172,7 @@ static int sign_verity_roothash(
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert PKCS7 signature to DER: %s",
|
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert PKCS7 signature to DER: %s",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
|
|
||||||
ret_signature->iov_base = TAKE_PTR(sig);
|
*ret_signature = IOVEC_MAKE(TAKE_PTR(sig), sigsz);
|
||||||
ret_signature->iov_len = sigsz;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -257,7 +257,7 @@ static int killall(int sig, Set *pids, bool send_sighup) {
|
||||||
|
|
||||||
r = pidref_kill(&pidref, sig);
|
r = pidref_kill(&pidref, sig);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
if (errno != -ESRCH)
|
if (r != -ESRCH)
|
||||||
log_warning_errno(errno, "Could not kill " PID_FMT ", ignoring: %m", pidref.pid);
|
log_warning_errno(errno, "Could not kill " PID_FMT ", ignoring: %m", pidref.pid);
|
||||||
} else {
|
} else {
|
||||||
n_killed++;
|
n_killed++;
|
||||||
|
|
|
@ -2059,7 +2059,7 @@ int tpm2_create_primary(
|
||||||
session ? session->esys_handle : ESYS_TR_PASSWORD,
|
session ? session->esys_handle : ESYS_TR_PASSWORD,
|
||||||
ESYS_TR_NONE,
|
ESYS_TR_NONE,
|
||||||
ESYS_TR_NONE,
|
ESYS_TR_NONE,
|
||||||
sensitive ? sensitive : &(TPM2B_SENSITIVE_CREATE) {},
|
sensitive ?: &(TPM2B_SENSITIVE_CREATE) {},
|
||||||
template,
|
template,
|
||||||
/* outsideInfo= */ NULL,
|
/* outsideInfo= */ NULL,
|
||||||
&(TPML_PCR_SELECTION) {},
|
&(TPML_PCR_SELECTION) {},
|
||||||
|
@ -5891,10 +5891,7 @@ int tpm2_unseal_data(
|
||||||
"Failed to unseal data: %s", sym_Tss2_RC_Decode(rc));
|
"Failed to unseal data: %s", sym_Tss2_RC_Decode(rc));
|
||||||
|
|
||||||
_cleanup_(iovec_done) struct iovec d = {};
|
_cleanup_(iovec_done) struct iovec d = {};
|
||||||
d = (struct iovec) {
|
d = IOVEC_MAKE(memdup(unsealed->buffer, unsealed->size), unsealed->size);
|
||||||
.iov_base = memdup(unsealed->buffer, unsealed->size),
|
|
||||||
.iov_len = unsealed->size,
|
|
||||||
};
|
|
||||||
|
|
||||||
explicit_bzero_safe(unsealed->buffer, unsealed->size);
|
explicit_bzero_safe(unsealed->buffer, unsealed->size);
|
||||||
|
|
||||||
|
|
|
@ -247,13 +247,12 @@ static int find_paths_to_edit(
|
||||||
return r; /* Already logged by unit_find_paths() */
|
return r; /* Already logged by unit_find_paths() */
|
||||||
|
|
||||||
if (!path) {
|
if (!path) {
|
||||||
if (!arg_force) {
|
if (!arg_force)
|
||||||
log_info("Run 'systemctl edit%s --force --full %s' to create a new unit.",
|
return log_info_errno(SYNTHETIC_ERRNO(ENOENT),
|
||||||
|
"Run 'systemctl edit%s --force --full %s' to create a new unit.",
|
||||||
arg_runtime_scope == RUNTIME_SCOPE_GLOBAL ? " --global" :
|
arg_runtime_scope == RUNTIME_SCOPE_GLOBAL ? " --global" :
|
||||||
arg_runtime_scope == RUNTIME_SCOPE_USER ? " --user" : "",
|
arg_runtime_scope == RUNTIME_SCOPE_USER ? " --user" : "",
|
||||||
*name);
|
*name);
|
||||||
return -ENOENT;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Create a new unit from scratch */
|
/* Create a new unit from scratch */
|
||||||
r = unit_file_create_new(
|
r = unit_file_create_new(
|
||||||
|
|
|
@ -82,7 +82,7 @@ TEST(fd_acl_make_read_only) {
|
||||||
(void) fd_add_uid_acl_permission(fd, 1, ACL_READ|ACL_WRITE|ACL_EXECUTE);
|
(void) fd_add_uid_acl_permission(fd, 1, ACL_READ|ACL_WRITE|ACL_EXECUTE);
|
||||||
|
|
||||||
assert_se(fstat(fd, &st) >= 0);
|
assert_se(fstat(fd, &st) >= 0);
|
||||||
assert_se((st.st_mode & 0200) == 0200);
|
assert_se(FLAGS_SET(st.st_mode, 0200));
|
||||||
|
|
||||||
cmd = strjoina("getfacl -p ", fn);
|
cmd = strjoina("getfacl -p ", fn);
|
||||||
assert_se(system(cmd) == 0);
|
assert_se(system(cmd) == 0);
|
||||||
|
|
|
@ -99,7 +99,7 @@ TEST(load_userns) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
r = uid_range_load_userns(&p, NULL);
|
r = uid_range_load_userns(&p, NULL);
|
||||||
if (r < 0 && ERRNO_IS_NOT_SUPPORTED(r))
|
if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
assert_se(r >= 0);
|
assert_se(r >= 0);
|
||||||
|
|
|
@ -632,7 +632,7 @@ static int find_real_nvme_parent(sd_device *dev, sd_device **ret) {
|
||||||
return -ENXIO;
|
return -ENXIO;
|
||||||
|
|
||||||
end += strspn(end, DIGITS);
|
end += strspn(end, DIGITS);
|
||||||
sysname = strndupa(sysname, end - sysname);
|
sysname = strndupa_safe(sysname, end - sysname);
|
||||||
|
|
||||||
r = sd_device_new_from_subsystem_sysname(&nvme, "nvme", sysname);
|
r = sd_device_new_from_subsystem_sysname(&nvme, "nvme", sysname);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|
Loading…
Reference in a new issue