From d8161761b04769d53ed3a375e8cb6ec35d3b0a63 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Thu, 31 Jul 2025 14:59:50 +0200 Subject: [PATCH 1/3] sys-apps/systemd: Backport fix for networkd unmanaged issue to v256 This is upstream issue https://github.com/systemd/systemd/issues/36997 which we are hitting on Auzre, most likely since the networking rules shipped by azure-vm-utils are taking priority over Flatcar's own rule to keep enslaved NICs unmanaged. The azure-vm-utils configs use the ID_NET_MANAGED_BY property in addition to a custom property set on interfaces to keep them unmanaged. It isn't yet clear if only ID_NET_MANAGED_BY is affected or if it's the only thing that was fixed. Meanwhile we need to backport the bugfix. Patch 0011 is the actual fix and 0010 is included because it makes the backport easier. The bugfix will be in v258 and has been backported to v257.7 upstream. Signed-off-by: Jeremi Piotrowski --- ...lso-check-ifindex-iftype-and-kind-wh.patch | 119 ++++++++++++++ ...ck-ID_NET_MANAGED_BY-property-on-rec.patch | 146 ++++++++++++++++++ ...d-256.9.ebuild => systemd-256.9-r1.ebuild} | 2 + 3 files changed, 267 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-256.9.ebuild => systemd-256.9-r1.ebuild} (99%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch new file mode 100644 index 0000000000..bcdf2a3f75 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch @@ -0,0 +1,119 @@ +From 7136aa7db4423432392a0fe6055c48a922a4aad4 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 10 Sep 2024 00:12:41 +0900 +Subject: [PATCH] network/netdev: also check ifindex, iftype, and kind when + assigning NetDev to Link + +Even when a NetDev object with the same name found, its iftype or kind +may be different. For safety, let's also check them. + +(cherry picked from commit 1788c3462853e8bb955ff656007e20f402dd9af2) + +Signed-off-by: Jeremi Piotrowski +--- + src/network/netdev/netdev.c | 37 +++++++++++++++++++++++++++++++++++++ + src/network/netdev/netdev.h | 1 + + src/network/networkd-link.c | 10 ++-------- + 3 files changed, 40 insertions(+), 8 deletions(-) + +diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c +index 2b411425ba..9a528137ea 100644 +--- a/src/network/netdev/netdev.c ++++ b/src/network/netdev/netdev.c +@@ -265,6 +265,43 @@ int netdev_get(Manager *manager, const char *name, NetDev **ret) { + return 0; + } + ++void link_assign_netdev(Link *link) { ++ _unused_ _cleanup_(netdev_unrefp) NetDev *old = NULL; ++ NetDev *netdev; ++ ++ assert(link); ++ assert(link->manager); ++ assert(link->ifname); ++ ++ old = TAKE_PTR(link->netdev); ++ ++ if (netdev_get(link->manager, link->ifname, &netdev) < 0) ++ return; ++ ++ if (netdev->ifindex != link->ifindex) ++ return; ++ ++ if (NETDEV_VTABLE(netdev)->iftype != link->iftype) ++ return; ++ ++ if (!NETDEV_VTABLE(netdev)->skip_netdev_kind_check) { ++ const char *kind; ++ ++ if (netdev->kind == NETDEV_KIND_TAP) ++ kind = "tun"; /* the kernel does not distinguish between tun and tap */ ++ else ++ kind = netdev_kind_to_string(netdev->kind); ++ ++ if (!streq_ptr(kind, link->kind)) ++ return; ++ } ++ ++ link->netdev = netdev_ref(netdev); ++ ++ if (netdev != old) ++ log_link_debug(link, "Found matching .netdev file: %s", netdev->filename); ++} ++ + void netdev_enter_failed(NetDev *netdev) { + netdev->state = NETDEV_STATE_FAILED; + } +diff --git a/src/network/netdev/netdev.h b/src/network/netdev/netdev.h +index cb8cc8c6a9..1a03a9b592 100644 +--- a/src/network/netdev/netdev.h ++++ b/src/network/netdev/netdev.h +@@ -206,6 +206,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref); + + bool netdev_is_managed(NetDev *netdev); + int netdev_get(Manager *manager, const char *name, NetDev **ret); ++void link_assign_netdev(Link *link); + int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *newlink); + int netdev_generate_hw_addr(NetDev *netdev, Link *link, const char *name, + const struct hw_addr_data *hw_addr, struct hw_addr_data *ret); +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 8f21504d92..c3a5dc1f0d 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1317,7 +1317,6 @@ static int link_get_network(Link *link, Network **ret) { + + int link_reconfigure_impl(Link *link, bool force) { + Network *network = NULL; +- NetDev *netdev = NULL; + int r; + + assert(link); +@@ -1326,13 +1325,11 @@ int link_reconfigure_impl(Link *link, bool force) { + if (link->manager->state != MANAGER_RUNNING) + return 0; + ++ link_assign_netdev(link); ++ + if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER)) + return 0; + +- r = netdev_get(link->manager, link->ifname, &netdev); +- if (r < 0 && r != -ENOENT) +- return r; +- + r = link_get_network(link, &network); + if (r < 0 && r != -ENOENT) + return r; +@@ -1397,9 +1394,6 @@ int link_reconfigure_impl(Link *link, bool force) { + link_free_engines(link); + link->network = network_unref(link->network); + +- netdev_unref(link->netdev); +- link->netdev = netdev_ref(netdev); +- + if (!network) { + link_set_state(link, LINK_STATE_UNMANAGED); + return 0; +-- +2.39.5 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch new file mode 100644 index 0000000000..3ab34f08b6 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch @@ -0,0 +1,146 @@ +From 916523aabc7fcb3b5b9362100a5e3417aae00cb2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 11 Jun 2025 18:05:46 +0900 +Subject: [PATCH] network: also check ID_NET_MANAGED_BY property on + reconfigure + +Previously, the property was checked only when an uevent is received, +so even if an interface has ID_NET_MANAGED_BY property, the interface +will be configured by networkd when reconfiguration is triggered e.g. +when interface state is changed. + +Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05. +Fixes #36997. + +(cherry picked from commit 78f8d5ed71ecc16ad36d1c215d2d57433d127679) + +Signed-off-by: Jeremi Piotrowski +--- + src/network/networkd-link.c | 44 ++++++++++++++----- + .../test-network/conf/11-dummy-unmanaged.link | 8 ++++ + test/test-network/systemd-networkd-tests.py | 11 +++++ + 3 files changed, 53 insertions(+), 10 deletions(-) + create mode 100644 test/test-network/conf/11-dummy-unmanaged.link + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index c3a5dc1f0d..3ed1584807 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1315,6 +1315,32 @@ static int link_get_network(Link *link, Network **ret) { + return -ENOENT; + } + ++static int link_managed_by_us(Link *link) { ++ int r; ++ ++ assert(link); ++ ++ if (!link->dev) ++ return true; ++ ++ const char *s; ++ r = sd_device_get_property_value(link->dev, "ID_NET_MANAGED_BY", &s); ++ if (r == -ENOENT) ++ return true; ++ if (r < 0) ++ return log_link_warning_errno(link, r, "Failed to get ID_NET_MANAGED_BY udev property: %m"); ++ ++ if (streq(s, "io.systemd.Network")) ++ return true; ++ ++ if (link->state == LINK_STATE_UNMANAGED) ++ return false; /* Already in unmanaged state */ ++ ++ log_link_debug(link, "Interface is requested to be managed by '%s', unmanaging the interface.", s); ++ link_set_state(link, LINK_STATE_UNMANAGED); ++ return false; ++} ++ + int link_reconfigure_impl(Link *link, bool force) { + Network *network = NULL; + int r; +@@ -1330,6 +1356,10 @@ int link_reconfigure_impl(Link *link, bool force) { + if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER)) + return 0; + ++ r = link_managed_by_us(link); ++ if (r <= 0) ++ return r; ++ + r = link_get_network(link, &network); + if (r < 0 && r != -ENOENT) + return r; +@@ -1584,6 +1614,10 @@ static int link_initialized(Link *link, sd_device *device) { + * or sysattrs) may be outdated. */ + device_unref_and_replace(link->dev, device); + ++ r = link_managed_by_us(link); ++ if (r <= 0) ++ return r; ++ + if (link->dhcp_client) { + r = sd_dhcp_client_attach_device(link->dhcp_client, link->dev); + if (r < 0) +@@ -1651,7 +1685,6 @@ static int link_check_initialized(Link *link) { + + int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t action) { + int r, ifindex; +- const char *s; + Link *link; + + assert(m); +@@ -1686,15 +1719,6 @@ int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t + return 0; + } + +- r = sd_device_get_property_value(device, "ID_NET_MANAGED_BY", &s); +- if (r < 0 && r != -ENOENT) +- log_device_debug_errno(device, r, "Failed to get ID_NET_MANAGED_BY udev property, ignoring: %m"); +- if (r >= 0 && !streq(s, "io.systemd.Network")) { +- log_device_debug(device, "Interface is requested to be managed by '%s', not managing the interface.", s); +- link_set_state(link, LINK_STATE_UNMANAGED); +- return 0; +- } +- + r = link_initialized(link, device); + if (r < 0) + link_enter_failed(link); +diff --git a/test/test-network/conf/11-dummy-unmanaged.link b/test/test-network/conf/11-dummy-unmanaged.link +new file mode 100644 +index 0000000000..99c07a72ce +--- /dev/null ++++ b/test/test-network/conf/11-dummy-unmanaged.link +@@ -0,0 +1,8 @@ ++# SPDX-License-Identifier: MIT-0 ++[Match] ++Kind=dummy ++OriginalName=test1 ++ ++[Link] ++NamePolicy=keep ++Property=ID_NET_MANAGED_BY=hoge +diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py +index d8acf538f0..391d219de8 100755 +--- a/test/test-network/systemd-networkd-tests.py ++++ b/test/test-network/systemd-networkd-tests.py +@@ -2735,6 +2735,17 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities): + def tearDown(self): + tear_down_common() + ++ def test_ID_NET_MANAGED_BY(self): ++ copy_network_unit('11-dummy.netdev', '11-dummy-unmanaged.link', '11-dummy.network') ++ start_networkd() ++ self.wait_online('test1:off', setup_state='unmanaged') ++ ++ check_output('ip link set dev test1 up') ++ self.wait_online('test1:degraded', setup_state='unmanaged') ++ ++ check_output('ip link set dev test1 down') ++ self.wait_online('test1:off', setup_state='unmanaged') ++ + def verify_address_static( + self, + label1: str, +-- +2.39.5 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r1.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r1.ebuild index 92489ad0a1..ed6aaf1aaa 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r1.ebuild @@ -266,6 +266,8 @@ src_prepare() { "${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch" "${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch" "${FILESDIR}/0009-initrd-parse-etc.service.patch" + "${FILESDIR}/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch" + "${FILESDIR}/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch" ) if ! use vanilla; then From 58784822d33c740b93051693b17908c0f1135c0d Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Thu, 31 Jul 2025 15:05:53 +0200 Subject: [PATCH 2/3] sys-apps/systemd: Bump SDK systemd to v257.7 v257.7 contains a bugfix for a NIC unmanaged issue on Azure, bump to that revision to prevent us from accidentally regressing when we upgrade from v256 to v257. Signed-off-by: Jeremi Piotrowski --- .../src/third_party/coreos-overlay/sys-apps/systemd/Manifest | 2 +- .../systemd/{systemd-257.5.ebuild => systemd-257.7.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-257.5.ebuild => systemd-257.7.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest index aef14a442a..146d6845ad 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest @@ -1,2 +1,2 @@ DIST systemd-256.9.tar.gz 15774953 BLAKE2B caeff33d0906583094a44ab89fe9a9c1832a665f8cc768f86c55c5100bdd5c2b1500b2cd65e9519ef21d79bff92d1da3e84240793099a0e0c508afba3669c46e SHA512 aba7a0f7149fe3d28d9f930f244d5b997c28721e93e6f0768b0f0f1c918c87a0e8b7b347cffb2faa4740ca3ee3b04984454e85757365090a2cf32aba09f70681 -DIST systemd-257.5.tar.gz 16232112 BLAKE2B 142baef9b09217ea117ac09923604f7520a36d4c63cf04a78d1c4fbf7b057b977f5c77418168c0308a8dc6b48ccc6324438f30c87de8642e8e9cf12b47f90475 SHA512 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f +DIST systemd-257.7.tar.gz 16327096 BLAKE2B 59a28ce9b355b98f718f26489400640f3d732bbf73c00ea0571302dfc6dfb3585bf07ec56af06d74c5aa033b06a6220c3c839af6dba5ab7f8bde1aef4b58f0f6 SHA512 fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7.ebuild From 2455aee8baa845021351b265c43b92a7725c5a29 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Thu, 31 Jul 2025 15:35:17 +0200 Subject: [PATCH 3/3] overlay profiles: Accept ~keywords for systemd v257.7 Signed-off-by: Jeremi Piotrowski --- .../profiles/coreos/targets/sdk/package.accept_keywords | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords index 7b5df04972..b6f77435ee 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords @@ -1,2 +1,2 @@ # Temporarily put the SDK version ahead for sd-json support in Dracut. -=sys-apps/systemd-257.5 ~amd64 ~arm64 +=sys-apps/systemd-257.7 ~amd64 ~arm64