Merge pull request #3159 from flatcar/jepio/systemd-azure-network-backport

systemd: backport network-nic-unmanaged bugfix to v256

Author: jepio

sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.accept_keywords

@@ -1,2 +1,2 @@
 # Temporarily put the SDK version ahead for sd-json support in Dracut.
-=sys-apps/systemd-257.5 ~amd64 ~arm64
+=sys-apps/systemd-257.7 ~amd64 ~arm64

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest

@@ -1,2 +1,2 @@
 DIST systemd-256.9.tar.gz 15774953 BLAKE2B caeff33d0906583094a44ab89fe9a9c1832a665f8cc768f86c55c5100bdd5c2b1500b2cd65e9519ef21d79bff92d1da3e84240793099a0e0c508afba3669c46e SHA512 aba7a0f7149fe3d28d9f930f244d5b997c28721e93e6f0768b0f0f1c918c87a0e8b7b347cffb2faa4740ca3ee3b04984454e85757365090a2cf32aba09f70681
-DIST systemd-257.5.tar.gz 16232112 BLAKE2B 142baef9b09217ea117ac09923604f7520a36d4c63cf04a78d1c4fbf7b057b977f5c77418168c0308a8dc6b48ccc6324438f30c87de8642e8e9cf12b47f90475 SHA512 9e5352c20c9edac53f302a534532035185139998628ed0a85411f440df47f1dd7cce6651aec787484809bb1aa2825008d062714c37936cbfd08451fbe29a998f
+DIST systemd-257.7.tar.gz 16327096 BLAKE2B 59a28ce9b355b98f718f26489400640f3d732bbf73c00ea0571302dfc6dfb3585bf07ec56af06d74c5aa033b06a6220c3c839af6dba5ab7f8bde1aef4b58f0f6 SHA512 fdc7c0153432b261ad8018c869dc714ce1d6d2a8428bdec46f7c5f120b196d3a553a375ae433f0c166c57b6e8b3c56549f585349b7b6ff83c2a86a32982d8411

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch

@@ -0,0 +1,119 @@
+From 7136aa7db4423432392a0fe6055c48a922a4aad4 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <[email protected]>
+Date: Tue, 10 Sep 2024 00:12:41 +0900
+Subject: [PATCH] network/netdev: also check ifindex, iftype, and kind when
+ assigning NetDev to Link
+
+Even when a NetDev object with the same name found, its iftype or kind
+may be different. For safety, let's also check them.
+
+(cherry picked from commit 1788c3462853e8bb955ff656007e20f402dd9af2)
+
+Signed-off-by: Jeremi Piotrowski <[email protected]>
+---
+ src/network/netdev/netdev.c | 37 +++++++++++++++++++++++++++++++++++++
+ src/network/netdev/netdev.h |  1 +
+ src/network/networkd-link.c | 10 ++--------
+ 3 files changed, 40 insertions(+), 8 deletions(-)
+
+diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
+index 2b411425ba..9a528137ea 100644
+--- a/src/network/netdev/netdev.c
++++ b/src/network/netdev/netdev.c
+@@ -265,6 +265,43 @@ int netdev_get(Manager *manager, const char *name, NetDev **ret) {
+         return 0;
+ }
+ 
++void link_assign_netdev(Link *link) {
++        _unused_ _cleanup_(netdev_unrefp) NetDev *old = NULL;
++        NetDev *netdev;
++
++        assert(link);
++        assert(link->manager);
++        assert(link->ifname);
++
++        old = TAKE_PTR(link->netdev);
++
++        if (netdev_get(link->manager, link->ifname, &netdev) < 0)
++                return;
++
++        if (netdev->ifindex != link->ifindex)
++                return;
++
++        if (NETDEV_VTABLE(netdev)->iftype != link->iftype)
++                return;
++
++        if (!NETDEV_VTABLE(netdev)->skip_netdev_kind_check) {
++                const char *kind;
++
++                if (netdev->kind == NETDEV_KIND_TAP)
++                        kind = "tun"; /* the kernel does not distinguish between tun and tap */
++                else
++                        kind = netdev_kind_to_string(netdev->kind);
++
++                if (!streq_ptr(kind, link->kind))
++                        return;
++        }
++
++        link->netdev = netdev_ref(netdev);
++
++        if (netdev != old)
++                log_link_debug(link, "Found matching .netdev file: %s", netdev->filename);
++}
++
+ void netdev_enter_failed(NetDev *netdev) {
+         netdev->state = NETDEV_STATE_FAILED;
+ }
+diff --git a/src/network/netdev/netdev.h b/src/network/netdev/netdev.h
+index cb8cc8c6a9..1a03a9b592 100644
+--- a/src/network/netdev/netdev.h
++++ b/src/network/netdev/netdev.h
+@@ -206,6 +206,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref);
+ 
+ bool netdev_is_managed(NetDev *netdev);
+ int netdev_get(Manager *manager, const char *name, NetDev **ret);
++void link_assign_netdev(Link *link);
+ int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *newlink);
+ int netdev_generate_hw_addr(NetDev *netdev, Link *link, const char *name,
+                             const struct hw_addr_data *hw_addr, struct hw_addr_data *ret);
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 8f21504d92..c3a5dc1f0d 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1317,7 +1317,6 @@ static int link_get_network(Link *link, Network **ret) {
+ 
+ int link_reconfigure_impl(Link *link, bool force) {
+         Network *network = NULL;
+-        NetDev *netdev = NULL;
+         int r;
+ 
+         assert(link);
+@@ -1326,13 +1325,11 @@ int link_reconfigure_impl(Link *link, bool force) {
+         if (link->manager->state != MANAGER_RUNNING)
+                 return 0;
+ 
++        link_assign_netdev(link);
++
+         if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER))
+                 return 0;
+ 
+-        r = netdev_get(link->manager, link->ifname, &netdev);
+-        if (r < 0 && r != -ENOENT)
+-                return r;
+-
+         r = link_get_network(link, &network);
+         if (r < 0 && r != -ENOENT)
+                 return r;
+@@ -1397,9 +1394,6 @@ int link_reconfigure_impl(Link *link, bool force) {
+         link_free_engines(link);
+         link->network = network_unref(link->network);
+ 
+-        netdev_unref(link->netdev);
+-        link->netdev = netdev_ref(netdev);
+-
+         if (!network) {
+                 link_set_state(link, LINK_STATE_UNMANAGED);
+                 return 0;
+-- 
+2.39.5
+

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch

@@ -0,0 +1,146 @@
+From 916523aabc7fcb3b5b9362100a5e3417aae00cb2 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <[email protected]>
+Date: Wed, 11 Jun 2025 18:05:46 +0900
+Subject: [PATCH] network: also check ID_NET_MANAGED_BY property on
+ reconfigure
+
+Previously, the property was checked only when an uevent is received,
+so even if an interface has ID_NET_MANAGED_BY property, the interface
+will be configured by networkd when reconfiguration is triggered e.g.
+when interface state is changed.
+
+Follow-up for ba87a61d05d637be9f0b21707f7fe3b0a74c5a05.
+Fixes #36997.
+
+(cherry picked from commit 78f8d5ed71ecc16ad36d1c215d2d57433d127679)
+
+Signed-off-by: Jeremi Piotrowski <[email protected]>
+---
+ src/network/networkd-link.c                   | 44 ++++++++++++++-----
+ .../test-network/conf/11-dummy-unmanaged.link |  8 ++++
+ test/test-network/systemd-networkd-tests.py   | 11 +++++
+ 3 files changed, 53 insertions(+), 10 deletions(-)
+ create mode 100644 test/test-network/conf/11-dummy-unmanaged.link
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index c3a5dc1f0d..3ed1584807 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1315,6 +1315,32 @@ static int link_get_network(Link *link, Network **ret) {
+         return -ENOENT;
+ }
+ 
++static int link_managed_by_us(Link *link) {
++        int r;
++
++        assert(link);
++
++        if (!link->dev)
++                return true;
++
++        const char *s;
++        r = sd_device_get_property_value(link->dev, "ID_NET_MANAGED_BY", &s);
++        if (r == -ENOENT)
++                return true;
++        if (r < 0)
++                return log_link_warning_errno(link, r, "Failed to get ID_NET_MANAGED_BY udev property: %m");
++
++        if (streq(s, "io.systemd.Network"))
++                return true;
++
++        if (link->state == LINK_STATE_UNMANAGED)
++                return false; /* Already in unmanaged state */
++
++        log_link_debug(link, "Interface is requested to be managed by '%s', unmanaging the interface.", s);
++        link_set_state(link, LINK_STATE_UNMANAGED);
++        return false;
++}
++
+ int link_reconfigure_impl(Link *link, bool force) {
+         Network *network = NULL;
+         int r;
+@@ -1330,6 +1356,10 @@ int link_reconfigure_impl(Link *link, bool force) {
+         if (IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_LINGER))
+                 return 0;
+ 
++        r = link_managed_by_us(link);
++        if (r <= 0)
++                return r;
++
+         r = link_get_network(link, &network);
+         if (r < 0 && r != -ENOENT)
+                 return r;
+@@ -1584,6 +1614,10 @@ static int link_initialized(Link *link, sd_device *device) {
+          * or sysattrs) may be outdated. */
+         device_unref_and_replace(link->dev, device);
+ 
++        r = link_managed_by_us(link);
++        if (r <= 0)
++                return r;
++
+         if (link->dhcp_client) {
+                 r = sd_dhcp_client_attach_device(link->dhcp_client, link->dev);
+                 if (r < 0)
+@@ -1651,7 +1685,6 @@ static int link_check_initialized(Link *link) {
+ 
+ int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t action) {
+         int r, ifindex;
+-        const char *s;
+         Link *link;
+ 
+         assert(m);
+@@ -1686,15 +1719,6 @@ int manager_udev_process_link(Manager *m, sd_device *device, sd_device_action_t
+                 return 0;
+         }
+ 
+-        r = sd_device_get_property_value(device, "ID_NET_MANAGED_BY", &s);
+-        if (r < 0 && r != -ENOENT)
+-                log_device_debug_errno(device, r, "Failed to get ID_NET_MANAGED_BY udev property, ignoring: %m");
+-        if (r >= 0 && !streq(s, "io.systemd.Network")) {
+-                log_device_debug(device, "Interface is requested to be managed by '%s', not managing the interface.", s);
+-                link_set_state(link, LINK_STATE_UNMANAGED);
+-                return 0;
+-        }
+-
+         r = link_initialized(link, device);
+         if (r < 0)
+                 link_enter_failed(link);
+diff --git a/test/test-network/conf/11-dummy-unmanaged.link b/test/test-network/conf/11-dummy-unmanaged.link
+new file mode 100644
+index 0000000000..99c07a72ce
+--- /dev/null
++++ b/test/test-network/conf/11-dummy-unmanaged.link
+@@ -0,0 +1,8 @@
++# SPDX-License-Identifier: MIT-0
++[Match]
++Kind=dummy
++OriginalName=test1
++
++[Link]
++NamePolicy=keep
++Property=ID_NET_MANAGED_BY=hoge
+diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
+index d8acf538f0..391d219de8 100755
+--- a/test/test-network/systemd-networkd-tests.py
++++ b/test/test-network/systemd-networkd-tests.py
+@@ -2735,6 +2735,17 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
+     def tearDown(self):
+         tear_down_common()
+ 
++    def test_ID_NET_MANAGED_BY(self):
++        copy_network_unit('11-dummy.netdev', '11-dummy-unmanaged.link', '11-dummy.network')
++        start_networkd()
++        self.wait_online('test1:off', setup_state='unmanaged')
++
++        check_output('ip link set dev test1 up')
++        self.wait_online('test1:degraded', setup_state='unmanaged')
++
++        check_output('ip link set dev test1 down')
++        self.wait_online('test1:off', setup_state='unmanaged')
++
+     def verify_address_static(
+             self,
+             label1: str,
+-- 
+2.39.5
+

sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild renamed to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r1.ebuild

@@ -266,6 +266,8 @@ src_prepare() {
 		"${FILESDIR}/0006-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
 		"${FILESDIR}/0007-units-Keep-using-old-journal-file-format.patch"
 		"${FILESDIR}/0009-initrd-parse-etc.service.patch"
+		"${FILESDIR}/0010-network-netdev-also-check-ifindex-iftype-and-kind-wh.patch"
+		"${FILESDIR}/0011-network-also-check-ID_NET_MANAGED_BY-property-on-rec.patch"
 	)
 
 	if ! use vanilla; then