Forked from
pkg / systemd
105 commits behind the upstream repository.
-
Michael Biebl authoredsystemd (241-5) unstable; urgency=medium * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" This change left the keyboard in an unusable state when exiting an X session. (Closes: #929229) systemd (241-4) unstable; urgency=medium * journal-remote: Do not request Content-Length if Transfer-Encoding is chunked (Closes: #927008) * systemctl: Restore "systemctl reboot ARG" functionality. Fixes a regression introduced in v240. (Closes: #928659) * random-util: Eat up bad RDRAND values seen on AMD CPUs. Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle while still reporting success via the carry flag. Filter out invalid data like -1 (and also 0, just to be sure). (Closes: #921267) * Add check to switch VTs only between K_XLATE or K_UNICODE. Switching to K_UNICODE from other than L_XLATE can make the keyboard unusable and possibly leak keypresses from X. (CVE-2018-20839, Closes: #929116) * Document that DRM render nodes are now owned by group "render" (Closes: #926886) systemd (241-3) unstable; urgency=high [ Michael Biebl ] * Drop systemd-shim alternative from libpam-systemd. A fixed systemd-shim package which works with newer versions of systemd is unlikely to happen given that the systemd-shim package has been removed from the archive. Drop the alternative dependency from libpam-systemd accordingly. * Properly remove duplicate directories from systemd package. When removing duplicate directories from the systemd package, sort the list of directories in reverse order so we properly delete nested directories. * udev: Run programs in the specified order (Closes: #925190) * bash-completion: Use default completion for redirect operators (Closes: #924541) * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's (Closes: #815582) * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf" Apparently Conflicts= are not a reliable mechanism to ensure alternative NTP implementations take precedence over systemd-timesyncd. (Closes: #902026) * network: Fix routing policy rule issue. When multiple links request a routing policy, make sure they are all applied correctly. (Closes: #924406) * pam-systemd: Use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) [ Martin Pitt ] * Enable udev autopkgtest in containers. This test doesn't actually need udev.service (which is disabled in containers) and works fine in LXC. * Enable boot-and-service autopkgtest in containers - Skip tests which can't work in containers. - Add missing rsyslog test dependency. - e2scrub_reap.service fails in containers, ignore (filed as #926138) - Relax pgrep pattern for gdm, as there's no wayland session in containers. systemd (241-2) unstable; urgency=medium [ Martin Pitt ] * debian/tests/boot-smoke: Create journal and udevdb artifacts on all failures * autopkgtests: Replace obsolete $ADT_* variables * networkd-test: Ignore failures of test_route_only_dns* in containers. This test exposes a race condition when running in LXC, see issue #11848 for details. Until that is understood and fixed, skip the test as it's not a recent regression. (Closes: #924539) * Bump Standards-Version to 4.3.0. No changes necessary. * debian/tests/boot-smoke: Only check current boot for connection timeouts. Otherwise we'll catch some Failed to resolve group 'render': Connection timed out messages that happen in earlier boots during VM setup, before the "render" group is created. Fixes https://github.com/systemd/systemd/issues/11875 * timedated: Fix emitted value when ntp client is enabled/disabled. Fixes a regression introduced in 241. * debian/tests/timedated: Check enabling/disabling NTP. Assert that `timedatectl set-ntp` correctly controls the service, sets the `org.freedesktop.timedate1 NTP` property, and sends the right `PropertiesChanged` signal. This reproduces <https://github.com/systemd/systemd/issues/11944> and also the earlier <https://github.com/systemd/systemd/issues/9672>. [ Michael Biebl ] * Disable fallback DNS servers in resolved (Closes: #923081) * cgtop: Fix processing of controllers other than CPU (Closes: #921280) * udev: Restore debug level when logging a failure in the external prog called by IMPORT{program} (Closes: #924199) * core: Remove "." path components from required mount paths. Fixes mount related failures when a user's home directory contains "/./" (Closes: #923881) * udev.init: Use new s-s-d --notify-await to start udev daemon. Fixes a race condition during startup under SysV init. Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version of start-stop-daemon which supports --notify-await is installed. (Closes: #908796) * Make /dev/dri/renderD* accessible to group "render" Follow upstream and make render nodes available to a dedicated system group "render" instead of "video". Keep the uaccess tag for local, active users. systemd (241-1) unstable; urgency=medium [ Adam Borowski ] * Make libpam-systemd Provide: logind, default-logind. This allows alternate logind implementations such as elogind, without having to recompile every dependent package -- as long as the client API remains compatible. These new virtual packages got policy-approved in #917431. (Closes: #915407) [ Felipe Sateler ] * New upstream version 241 - Refresh patches - Backport upstream fix for Driver= matches in .network files [ Martin Pitt ] * debian/libsystemd0.symbols: Add new symbol from release 241 * Fix various bugs and races in networkd tests. This should get the autopkgtest back to green, which regressed with dnsmasq 2.80. systemd (240-6) unstable; urgency=high * High urgency as this fixes a vulnerability. [ Felipe Sateler ] * Reenable pristine-tar in gbp.conf. The pristine-tar bug has been fixed, so we can use it again. This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e. * d/watch: add version mangle to transform -rc to ~rc. Upstream has started releasing rcs, so let's account for that * Fix comment about why we disable hwclock.service. Systemd nowadays doesn't do it itself because the kernel does it on its own when necessary, and when not, it is not safe to save the hwclock (eg, there is no certainty the system clock is correct) * udev: Backport upstream preventing mass killings when not running under systemd (Closes: #918764) [ Dimitri John Ledkov ] * debian/tests/storage: improve cleanups. On fast ppc64el machines, cryptsetup start job may not complete by the time tearDown is executed. In that case stop, causes to simply cancel the start job without actually cleaning up the dmsetup node. This leads to failing subsequent test as it no longer starts with a clean device. Thus ensure the systemd-cryptsetup unit is started, before stopping it. Also rmmod scsi_debug module at the end, to allow re-running the test in a loop. * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey. * debian/tests/control: add socat to upstream tests for pull #11591 * Blacklist TEST-10-ISSUE-2467 #11706 * debian/tests/storage: fix for LUKS2 and avoid interactive password prompts. [ Martin Pitt ] * udevadm: Fix segfault with subsystem-match containing '/' (Closes: #919206) * sd-bus: if we receive an invalid dbus message, ignore and proceed * sd-bus: enforce a size limit on D-Bus object paths. This avoids accessing/modifying memory outside of the allocated stack region by sending specially crafted D-Bus messages with very large object paths. Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>, patch provided by Riccardo Schirone <rschiron@redhat.com>. (CVE-2019-6454)Michael Biebl authoredsystemd (241-5) unstable; urgency=medium * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" This change left the keyboard in an unusable state when exiting an X session. (Closes: #929229) systemd (241-4) unstable; urgency=medium * journal-remote: Do not request Content-Length if Transfer-Encoding is chunked (Closes: #927008) * systemctl: Restore "systemctl reboot ARG" functionality. Fixes a regression introduced in v240. (Closes: #928659) * random-util: Eat up bad RDRAND values seen on AMD CPUs. Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle while still reporting success via the carry flag. Filter out invalid data like -1 (and also 0, just to be sure). (Closes: #921267) * Add check to switch VTs only between K_XLATE or K_UNICODE. Switching to K_UNICODE from other than L_XLATE can make the keyboard unusable and possibly leak keypresses from X. (CVE-2018-20839, Closes: #929116) * Document that DRM render nodes are now owned by group "render" (Closes: #926886) systemd (241-3) unstable; urgency=high [ Michael Biebl ] * Drop systemd-shim alternative from libpam-systemd. A fixed systemd-shim package which works with newer versions of systemd is unlikely to happen given that the systemd-shim package has been removed from the archive. Drop the alternative dependency from libpam-systemd accordingly. * Properly remove duplicate directories from systemd package. When removing duplicate directories from the systemd package, sort the list of directories in reverse order so we properly delete nested directories. * udev: Run programs in the specified order (Closes: #925190) * bash-completion: Use default completion for redirect operators (Closes: #924541) * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's (Closes: #815582) * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf" Apparently Conflicts= are not a reliable mechanism to ensure alternative NTP implementations take precedence over systemd-timesyncd. (Closes: #902026) * network: Fix routing policy rule issue. When multiple links request a routing policy, make sure they are all applied correctly. (Closes: #924406) * pam-systemd: Use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) [ Martin Pitt ] * Enable udev autopkgtest in containers. This test doesn't actually need udev.service (which is disabled in containers) and works fine in LXC. * Enable boot-and-service autopkgtest in containers - Skip tests which can't work in containers. - Add missing rsyslog test dependency. - e2scrub_reap.service fails in containers, ignore (filed as #926138) - Relax pgrep pattern for gdm, as there's no wayland session in containers. systemd (241-2) unstable; urgency=medium [ Martin Pitt ] * debian/tests/boot-smoke: Create journal and udevdb artifacts on all failures * autopkgtests: Replace obsolete $ADT_* variables * networkd-test: Ignore failures of test_route_only_dns* in containers. This test exposes a race condition when running in LXC, see issue #11848 for details. Until that is understood and fixed, skip the test as it's not a recent regression. (Closes: #924539) * Bump Standards-Version to 4.3.0. No changes necessary. * debian/tests/boot-smoke: Only check current boot for connection timeouts. Otherwise we'll catch some Failed to resolve group 'render': Connection timed out messages that happen in earlier boots during VM setup, before the "render" group is created. Fixes https://github.com/systemd/systemd/issues/11875 * timedated: Fix emitted value when ntp client is enabled/disabled. Fixes a regression introduced in 241. * debian/tests/timedated: Check enabling/disabling NTP. Assert that `timedatectl set-ntp` correctly controls the service, sets the `org.freedesktop.timedate1 NTP` property, and sends the right `PropertiesChanged` signal. This reproduces <https://github.com/systemd/systemd/issues/11944> and also the earlier <https://github.com/systemd/systemd/issues/9672>. [ Michael Biebl ] * Disable fallback DNS servers in resolved (Closes: #923081) * cgtop: Fix processing of controllers other than CPU (Closes: #921280) * udev: Restore debug level when logging a failure in the external prog called by IMPORT{program} (Closes: #924199) * core: Remove "." path components from required mount paths. Fixes mount related failures when a user's home directory contains "/./" (Closes: #923881) * udev.init: Use new s-s-d --notify-await to start udev daemon. Fixes a race condition during startup under SysV init. Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version of start-stop-daemon which supports --notify-await is installed. (Closes: #908796) * Make /dev/dri/renderD* accessible to group "render" Follow upstream and make render nodes available to a dedicated system group "render" instead of "video". Keep the uaccess tag for local, active users. systemd (241-1) unstable; urgency=medium [ Adam Borowski ] * Make libpam-systemd Provide: logind, default-logind. This allows alternate logind implementations such as elogind, without having to recompile every dependent package -- as long as the client API remains compatible. These new virtual packages got policy-approved in #917431. (Closes: #915407) [ Felipe Sateler ] * New upstream version 241 - Refresh patches - Backport upstream fix for Driver= matches in .network files [ Martin Pitt ] * debian/libsystemd0.symbols: Add new symbol from release 241 * Fix various bugs and races in networkd tests. This should get the autopkgtest back to green, which regressed with dnsmasq 2.80. systemd (240-6) unstable; urgency=high * High urgency as this fixes a vulnerability. [ Felipe Sateler ] * Reenable pristine-tar in gbp.conf. The pristine-tar bug has been fixed, so we can use it again. This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e. * d/watch: add version mangle to transform -rc to ~rc. Upstream has started releasing rcs, so let's account for that * Fix comment about why we disable hwclock.service. Systemd nowadays doesn't do it itself because the kernel does it on its own when necessary, and when not, it is not safe to save the hwclock (eg, there is no certainty the system clock is correct) * udev: Backport upstream preventing mass killings when not running under systemd (Closes: #918764) [ Dimitri John Ledkov ] * debian/tests/storage: improve cleanups. On fast ppc64el machines, cryptsetup start job may not complete by the time tearDown is executed. In that case stop, causes to simply cancel the start job without actually cleaning up the dmsetup node. This leads to failing subsequent test as it no longer starts with a clean device. Thus ensure the systemd-cryptsetup unit is started, before stopping it. Also rmmod scsi_debug module at the end, to allow re-running the test in a loop. * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey. * debian/tests/control: add socat to upstream tests for pull #11591 * Blacklist TEST-10-ISSUE-2467 #11706 * debian/tests/storage: fix for LUKS2 and avoid interactive password prompts. [ Martin Pitt ] * udevadm: Fix segfault with subsystem-match containing '/' (Closes: #919206) * sd-bus: if we receive an invalid dbus message, ignore and proceed * sd-bus: enforce a size limit on D-Bus object paths. This avoids accessing/modifying memory outside of the allocated stack region by sending specially crafted D-Bus messages with very large object paths. Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>, patch provided by Riccardo Schirone <rschiron@redhat.com>. (CVE-2019-6454)
cgtop-Fix-processing-of-controllers-other-than-CPU.patch 6.22 KiB
From: Szabolcs Fruhwald <sfruhwald@google.com>
Date: Wed, 20 Feb 2019 12:38:50 -0800
Subject: cgtop: Fix processing of controllers other than CPU
After debugging the issue with gdb, I found that the following change
94ddb08 "cgtop: Still try to get CPU statistics if controller-free"
has introduced a bug, which prevents process(..) method processing
memory and io controllers when cpu_accounting_is_cheap() is true.
The obvious fix is to move this branch to be the last one, keeping
the intended behavior of the above change, without having a negative
effect on the other controllers.
Fixes #11773 [systemd-cgtop no longer shows memory (and io) usage]
(cherry picked from commit 5fe74e893c7939a360dc4eb75dbf3f540526c968)
---
src/cgtop/cgtop.c | 130 +++++++++++++++++++++++++++---------------------------
1 file changed, 65 insertions(+), 65 deletions(-)
diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c
index b3bda30..ab3b979 100644
--- a/src/cgtop/cgtop.c
+++ b/src/cgtop/cgtop.c
@@ -223,71 +223,6 @@ static int process(
if (g->n_tasks > 0)
g->n_tasks_valid = true;
- } else if (STR_IN_SET(controller, "cpu", "cpuacct") || cpu_accounting_is_cheap()) {
- _cleanup_free_ char *p = NULL, *v = NULL;
- uint64_t new_usage;
- nsec_t timestamp;
-
- if (is_root_cgroup(path)) {
- r = procfs_cpu_get_usage(&new_usage);
- if (r < 0)
- return r;
- } else if (all_unified) {
- _cleanup_free_ char *val = NULL;
-
- if (!streq(controller, "cpu"))
- return 0;
-
- r = cg_get_keyed_attribute("cpu", path, "cpu.stat", STRV_MAKE("usage_usec"), &val);
- if (IN_SET(r, -ENOENT, -ENXIO))
- return 0;
- if (r < 0)
- return r;
-
- r = safe_atou64(val, &new_usage);
- if (r < 0)
- return r;
-
- new_usage *= NSEC_PER_USEC;
- } else {
- if (!streq(controller, "cpuacct"))
- return 0;
-
- r = cg_get_path(controller, path, "cpuacct.usage", &p);
- if (r < 0)
- return r;
-
- r = read_one_line_file(p, &v);
- if (r == -ENOENT)
- return 0;
- if (r < 0)
- return r;
-
- r = safe_atou64(v, &new_usage);- if (r < 0)
- return r;
- }
-
- timestamp = now_nsec(CLOCK_MONOTONIC);
-
- if (g->cpu_iteration == iteration - 1 &&
- (nsec_t) new_usage > g->cpu_usage) {
-
- nsec_t x, y;
-
- x = timestamp - g->cpu_timestamp;
- if (x < 1)
- x = 1;
-
- y = (nsec_t) new_usage - g->cpu_usage;
- g->cpu_fraction = (double) y / (double) x;
- g->cpu_valid = true;
- }
-
- g->cpu_usage = (nsec_t) new_usage;
- g->cpu_timestamp = timestamp;
- g->cpu_iteration = iteration;
-
} else if (streq(controller, "memory")) {
if (is_root_cgroup(path)) {
@@ -411,6 +346,71 @@ static int process(
g->io_output = wr;
g->io_timestamp = timestamp;
g->io_iteration = iteration;
+ } else if (STR_IN_SET(controller, "cpu", "cpuacct") || cpu_accounting_is_cheap()) {
+ _cleanup_free_ char *p = NULL, *v = NULL;
+ uint64_t new_usage;
+ nsec_t timestamp;
+
+ if (is_root_cgroup(path)) {
+ r = procfs_cpu_get_usage(&new_usage);
+ if (r < 0)
+ return r;
+ } else if (all_unified) {
+ _cleanup_free_ char *val = NULL;
+
+ if (!streq(controller, "cpu"))
+ return 0;
+
+ r = cg_get_keyed_attribute("cpu", path, "cpu.stat", STRV_MAKE("usage_usec"), &val);
+ if (IN_SET(r, -ENOENT, -ENXIO))
+ return 0;
+ if (r < 0)
+ return r;
+
+ r = safe_atou64(val, &new_usage);
+ if (r < 0)
+ return r;
+
+ new_usage *= NSEC_PER_USEC;
+ } else {
+ if (!streq(controller, "cpuacct"))
+ return 0;
+
+ r = cg_get_path(controller, path, "cpuacct.usage", &p);
+ if (r < 0)
+ return r;
+
+ r = read_one_line_file(p, &v);
+ if (r == -ENOENT)
+ return 0;
+ if (r < 0)
+ return r;+
+ r = safe_atou64(v, &new_usage);
+ if (r < 0)
+ return r;
+ }
+
+ timestamp = now_nsec(CLOCK_MONOTONIC);
+
+ if (g->cpu_iteration == iteration - 1 &&
+ (nsec_t) new_usage > g->cpu_usage) {
+
+ nsec_t x, y;
+
+ x = timestamp - g->cpu_timestamp;
+ if (x < 1)
+ x = 1;
+
+ y = (nsec_t) new_usage - g->cpu_usage;
+ g->cpu_fraction = (double) y / (double) x;
+ g->cpu_valid = true;
+ }
+
+ g->cpu_usage = (nsec_t) new_usage;
+ g->cpu_timestamp = timestamp;
+ g->cpu_iteration = iteration;
+
}
if (ret)