X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournal-file.c;h=7beedb4a254cc4edebd8025d5c6fd8489515ab4c;hb=f65425cbc4385b4f5b20ded641cbb07ad6a0938f;hp=9235e5fea2df5711acbe92ce141567ef175c7665;hpb=d98cc1f29fbf31ccc500d6e20c29b636b9af7e0f;p=elogind.git diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 9235e5fea..7beedb4a2 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -36,8 +36,6 @@ #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem)) #define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem)) -#define DEFAULT_WINDOW_SIZE (8ULL*1024ULL*1024ULL) - #define COMPRESSION_SIZE_THRESHOLD (512ULL) /* This is the minimum journal file size */ @@ -71,8 +69,6 @@ static int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime); static int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p); void journal_file_close(JournalFile *f) { - int t; - assert(f); /* Write the final tag */ @@ -80,9 +76,8 @@ void journal_file_close(JournalFile *f) { journal_file_append_tag(f); /* Sync everything to disk, before we mark the file offline */ - for (t = 0; t < _WINDOW_MAX; t++) - if (f->windows[t].ptr) - munmap(f->windows[t].ptr, f->windows[t].size); + if (f->mmap && f->fd >= 0) + mmap_cache_close_fd(f->mmap, f->fd); if (f->writable && f->fd >= 0) fdatasync(f->fd); @@ -100,6 +95,9 @@ void journal_file_close(JournalFile *f) { free(f->path); + if (f->mmap) + mmap_cache_unref(f->mmap); + #ifdef HAVE_XZ free(f->compress_buffer); #endif @@ -138,7 +136,7 @@ static int journal_file_init_header(JournalFile *f, JournalFile *template) { if (template) { h.seqnum_id = template->header->seqnum_id; - h.tail_seqnum = template->header->tail_seqnum; + h.tail_entry_seqnum = template->header->tail_entry_seqnum; } else h.seqnum_id = h.file_id; @@ -212,6 +210,10 @@ static int journal_file_verify_header(JournalFile *f) { if (le64toh(f->header->header_size) < HEADER_SIZE_MIN) return -EBADMSG; + if ((le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_AUTHENTICATED) && + !JOURNAL_HEADER_CONTAINS(f->header, n_tags)) + return -EBADMSG; + if ((uint64_t) f->last_stat.st_size < (le64toh(f->header->header_size) + le64toh(f->header->arena_size))) return -ENODATA; @@ -297,6 +299,8 @@ static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size) if (r != 0) return -r; + mmap_cache_close_fd_range(f->mmap, f->fd, old_size); + if (fstat(f->fd, &f->last_stat) < 0) return -errno; @@ -305,59 +309,11 @@ static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size) return 0; } -static int journal_file_map( - JournalFile *f, - uint64_t offset, - uint64_t size, - void **_window, - uint64_t *_woffset, - uint64_t *_wsize, - void **ret) { - - uint64_t woffset, wsize; - void *window; - +static int journal_file_move_to(JournalFile *f, int context, uint64_t offset, uint64_t size, void **ret) { assert(f); - assert(size > 0); assert(ret); - woffset = offset & ~((uint64_t) page_size() - 1ULL); - wsize = size + (offset - woffset); - wsize = PAGE_ALIGN(wsize); - /* Avoid SIGBUS on invalid accesses */ - if (woffset + wsize > (uint64_t) PAGE_ALIGN(f->last_stat.st_size)) - return -EADDRNOTAVAIL; - - window = mmap(NULL, wsize, f->prot, MAP_SHARED, f->fd, woffset); - if (window == MAP_FAILED) - return -errno; - - if (_window) - *_window = window; - - if (_woffset) - *_woffset = woffset; - - if (_wsize) - *_wsize = wsize; - - *ret = (uint8_t*) window + (offset - woffset); - - return 0; -} - -static int journal_file_move_to(JournalFile *f, int wt, uint64_t offset, uint64_t size, void **ret) { - void *p = NULL; - uint64_t delta; - int r; - Window *w; - - assert(f); - assert(ret); - assert(wt >= 0); - assert(wt < _WINDOW_MAX); - if (offset + size > (uint64_t) f->last_stat.st_size) { /* Hmm, out of range? Let's refresh the fstat() data * first, before we trust that check. */ @@ -367,57 +323,7 @@ static int journal_file_move_to(JournalFile *f, int wt, uint64_t offset, uint64_ return -EADDRNOTAVAIL; } - w = f->windows + wt; - - if (_likely_(w->ptr && - w->offset <= offset && - w->offset + w->size >= offset + size)) { - - *ret = (uint8_t*) w->ptr + (offset - w->offset); - return 0; - } - - if (w->ptr) { - if (munmap(w->ptr, w->size) < 0) - return -errno; - - w->ptr = NULL; - w->size = w->offset = 0; - } - - if (size < DEFAULT_WINDOW_SIZE) { - /* If the default window size is larger then what was - * asked for extend the mapping a bit in the hope to - * minimize needed remappings later on. We add half - * the window space before and half behind the - * requested mapping */ - - delta = (DEFAULT_WINDOW_SIZE - size) / 2; - - if (delta > offset) - delta = offset; - - offset -= delta; - size = DEFAULT_WINDOW_SIZE; - } else - delta = 0; - - if (offset + size > (uint64_t) f->last_stat.st_size) - size = (uint64_t) f->last_stat.st_size - offset; - - if (size <= 0) - return -EADDRNOTAVAIL; - - r = journal_file_map(f, - offset, size, - &w->ptr, &w->offset, &w->size, - &p); - - if (r < 0) - return r; - - *ret = (uint8_t*) p + delta; - return 0; + return mmap_cache_get(f->mmap, f->fd, f->prot, context, offset, size, ret); } static bool verify_hash(Object *o) { @@ -437,17 +343,38 @@ static bool verify_hash(Object *o) { return h1 == h2; } +static uint64_t minimum_header_size(Object *o) { + + static uint64_t table[] = { + [OBJECT_DATA] = sizeof(DataObject), + [OBJECT_FIELD] = sizeof(FieldObject), + [OBJECT_ENTRY] = sizeof(EntryObject), + [OBJECT_DATA_HASH_TABLE] = sizeof(HashTableObject), + [OBJECT_FIELD_HASH_TABLE] = sizeof(HashTableObject), + [OBJECT_ENTRY_ARRAY] = sizeof(EntryArrayObject), + [OBJECT_TAG] = sizeof(TagObject), + }; + + if (o->object.type >= ELEMENTSOF(table) || table[o->object.type] <= 0) + return sizeof(ObjectHeader); + + return table[o->object.type]; +} + int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Object **ret) { int r; void *t; Object *o; uint64_t s; + unsigned context; assert(f); assert(ret); - assert(type < _OBJECT_TYPE_MAX); - r = journal_file_move_to(f, type >= 0 ? type : WINDOW_UNKNOWN, offset, sizeof(ObjectHeader), &t); + /* One context for each type, plus one catch-all for the rest */ + context = type > 0 && type < _OBJECT_TYPE_MAX ? type : 0; + + r = journal_file_move_to(f, context, offset, sizeof(ObjectHeader), &t); if (r < 0) return r; @@ -457,6 +384,12 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec if (s < sizeof(ObjectHeader)) return -EBADMSG; + if (o->object.type <= OBJECT_UNUSED) + return -EBADMSG; + + if (s < minimum_header_size(o)) + return -EBADMSG; + if (type >= 0 && o->object.type != type) return -EBADMSG; @@ -480,7 +413,7 @@ static uint64_t journal_file_entry_seqnum(JournalFile *f, uint64_t *seqnum) { assert(f); - r = le64toh(f->header->tail_seqnum) + 1; + r = le64toh(f->header->tail_entry_seqnum) + 1; if (seqnum) { /* If an external seqnum counter was passed, we update @@ -493,10 +426,10 @@ static uint64_t journal_file_entry_seqnum(JournalFile *f, uint64_t *seqnum) { *seqnum = r; } - f->header->tail_seqnum = htole64(r); + f->header->tail_entry_seqnum = htole64(r); - if (f->header->head_seqnum == 0) - f->header->head_seqnum = htole64(r); + if (f->header->head_entry_seqnum == 0) + f->header->head_entry_seqnum = htole64(r); return r; } @@ -508,6 +441,7 @@ static int journal_file_append_object(JournalFile *f, int type, uint64_t size, O void *t; assert(f); + assert(type > 0 && type < _OBJECT_TYPE_MAX); assert(size >= sizeof(ObjectHeader)); assert(offset); assert(ret); @@ -613,7 +547,7 @@ static int journal_file_map_data_hash_table(JournalFile *f) { s = le64toh(f->header->data_hash_table_size); r = journal_file_move_to(f, - WINDOW_DATA_HASH_TABLE, + OBJECT_DATA_HASH_TABLE, p, s, &t); if (r < 0) @@ -634,7 +568,7 @@ static int journal_file_map_field_hash_table(JournalFile *f) { s = le64toh(f->header->field_hash_table_size); r = journal_file_move_to(f, - WINDOW_FIELD_HASH_TABLE, + OBJECT_FIELD_HASH_TABLE, p, s, &t); if (r < 0) @@ -2138,7 +2072,7 @@ static int journal_file_hmac_put_header(JournalFile *f) { gcry_md_write(f->hmac, &f->header->file_id, offsetof(Header, boot_id) - offsetof(Header, file_id)); gcry_md_write(f->hmac, &f->header->seqnum_id, offsetof(Header, arena_size) - offsetof(Header, seqnum_id)); gcry_md_write(f->hmac, &f->header->data_hash_table_offset, offsetof(Header, tail_object_offset) - offsetof(Header, data_hash_table_offset)); - gcry_md_write(f->hmac, &f->header->head_seqnum, offsetof(Header, head_entry_realtime) - offsetof(Header, head_seqnum)); + gcry_md_write(f->hmac, &f->header->head_entry_seqnum, offsetof(Header, head_entry_realtime) - offsetof(Header, head_entry_seqnum)); return 0; } @@ -2295,6 +2229,533 @@ static int journal_file_append_first_tag(JournalFile *f) { return 0; } +static int journal_file_object_verify(JournalFile *f, Object *o) { + assert(f); + assert(o); + + /* This does various superficial tests about the length an + * possible field values. It does not follow any references to + * other objects. */ + + switch (o->object.type) { + case OBJECT_DATA: + if (le64toh(o->data.entry_offset) <= 0 || + le64toh(o->data.n_entries) <= 0) + return -EBADMSG; + + if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0) + return -EBADMSG; + break; + + case OBJECT_FIELD: + if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) + return -EBADMSG; + break; + + case OBJECT_ENTRY: + if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) + return -EBADMSG; + + if ((le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0) + return -EBADMSG; + + if (le64toh(o->entry.seqnum) <= 0 || + le64toh(o->entry.realtime) <= 0) + return -EBADMSG; + + break; + + case OBJECT_DATA_HASH_TABLE: + case OBJECT_FIELD_HASH_TABLE: + if ((le64toh(o->object.size) - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0) + return -EBADMSG; + + break; + + case OBJECT_ENTRY_ARRAY: + if ((le64toh(o->object.size) - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0) + return -EBADMSG; + + break; + + case OBJECT_TAG: + if (le64toh(o->object.size) != sizeof(TagObject)) + return -EBADMSG; + break; + } + + return 0; +} + +static void draw_progress(uint64_t p, usec_t *last_usec) { + unsigned n, i, j, k; + usec_t z, x; + + if (!isatty(STDOUT_FILENO)) + return; + + z = now(CLOCK_MONOTONIC); + x = *last_usec; + + if (x != 0 && x + 40 * USEC_PER_MSEC > z) + return; + + *last_usec = z; + + n = (3 * columns()) / 4; + j = (n * (unsigned) p) / 65535ULL; + k = n - j; + + fputs("\r\x1B[?25l", stdout); + + for (i = 0; i < j; i++) + fputs("\xe2\x96\x88", stdout); + + for (i = 0; i < k; i++) + fputs("\xe2\x96\x91", stdout); + + printf(" %3lu%%", 100LU * (unsigned long) p / 65535LU); + + fputs("\r\x1B[?25h", stdout); + fflush(stdout); +} + +static void flush_progress(void) { + unsigned n, i; + + if (!isatty(STDOUT_FILENO)) + return; + + n = (3 * columns()) / 4; + + putchar('\r'); + + for (i = 0; i < n + 5; i++) + putchar(' '); + + putchar('\r'); + fflush(stdout); +} + +static int write_uint64(int fd, uint64_t p) { + ssize_t k; + + k = write(fd, &p, sizeof(p)); + if (k < 0) + return -errno; + if (k != sizeof(p)) + return -EIO; + + return 0; +} + +static int contains_uint64(MMapCache *m, int fd, uint64_t n, uint64_t p) { + uint64_t a, b; + int r; + + assert(m); + assert(fd >= 0); + + /* Bisection ... */ + + a = 0; b = n; + while (a < b) { + uint64_t c, *z; + + c = (a + b) / 2; + + r = mmap_cache_get(m, fd, PROT_READ, 0, c * sizeof(uint64_t), sizeof(uint64_t), (void **) &z); + if (r < 0) + return r; + + if (*z == p) + return 1; + + if (p < *z) + b = c; + else + a = c; + } + + return 0; +} + +int journal_file_verify(JournalFile *f, const char *key) { + int r; + Object *o; + uint64_t p = 0; + uint64_t tag_seqnum = 0, entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0; + sd_id128_t entry_boot_id; + bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false; + uint64_t n_weird = 0, n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0; + usec_t last_usec = 0; + int data_fd = -1, entry_fd = -1, entry_array_fd = -1; + char data_path[] = "/var/tmp/journal-data-XXXXXX", + entry_path[] = "/var/tmp/journal-entry-XXXXXX", + entry_array_path[] = "/var/tmp/journal-entry-array-XXXXXX"; + + assert(f); + + data_fd = mkostemp(data_path, O_CLOEXEC); + if (data_fd < 0) { + log_error("Failed to create data file: %m"); + goto fail; + } + unlink(data_path); + + entry_fd = mkostemp(entry_path, O_CLOEXEC); + if (entry_fd < 0) { + log_error("Failed to create entry file: %m"); + goto fail; + } + unlink(entry_path); + + entry_array_fd = mkostemp(entry_array_path, O_CLOEXEC); + if (entry_array_fd < 0) { + log_error("Failed to create entry array file: %m"); + goto fail; + } + unlink(entry_array_path); + + /* First iteration: we go through all objects, verify the + * superficial structure, headers, hashes. */ + + r = journal_file_hmac_put_header(f); + if (r < 0) { + log_error("Failed to calculate HMAC of header."); + goto fail; + } + + p = le64toh(f->header->header_size); + while (p != 0) { + draw_progress((0x7FFF * p) / le64toh(f->header->tail_object_offset), &last_usec); + + r = journal_file_move_to_object(f, -1, p, &o); + if (r < 0) { + log_error("Invalid object at %llu", (unsigned long long) p); + goto fail; + } + + if (le64toh(f->header->tail_object_offset) < p) { + log_error("Invalid tail object pointer."); + r = -EBADMSG; + goto fail; + } + + n_objects ++; + + r = journal_file_object_verify(f, o); + if (r < 0) { + log_error("Invalid object contents at %llu", (unsigned long long) p); + goto fail; + } + + r = journal_file_hmac_put_object(f, -1, p); + if (r < 0) { + log_error("Failed to calculate HMAC at %llu", (unsigned long long) p); + goto fail; + } + + if (o->object.flags & OBJECT_COMPRESSED && + !(le32toh(f->header->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED)) { + log_error("Compressed object without compression at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + if (o->object.flags & OBJECT_COMPRESSED && + o->object.type != OBJECT_DATA) { + log_error("Compressed non-data object at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + if (o->object.type == OBJECT_TAG) { + + if (!(le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_AUTHENTICATED)) { + log_error("Tag object without authentication at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + if (le64toh(o->tag.seqnum) != tag_seqnum) { + log_error("Tag sequence number out of synchronization at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + } else if (o->object.type == OBJECT_ENTRY) { + + r = write_uint64(entry_fd, p); + if (r < 0) + goto fail; + + if (!entry_seqnum_set && + le64toh(o->entry.seqnum) != le64toh(f->header->head_entry_seqnum)) { + log_error("Head entry sequence number incorrect"); + r = -EBADMSG; + goto fail; + } + + if (entry_seqnum_set && + entry_seqnum >= le64toh(o->entry.seqnum)) { + log_error("Entry sequence number out of synchronization at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + entry_seqnum = le64toh(o->entry.seqnum); + entry_seqnum_set = true; + + if (entry_monotonic_set && + sd_id128_equal(entry_boot_id, o->entry.boot_id) && + entry_monotonic > le64toh(o->entry.monotonic)) { + log_error("Entry timestamp out of synchronization at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + entry_monotonic = le64toh(o->entry.monotonic); + entry_boot_id = o->entry.boot_id; + entry_monotonic_set = true; + + if (!entry_realtime_set && + le64toh(o->entry.realtime) != le64toh(f->header->head_entry_realtime)) { + log_error("Head entry realtime timestamp incorrect"); + r = -EBADMSG; + goto fail; + } + + entry_realtime = le64toh(o->entry.realtime); + entry_realtime_set = true; + + n_entries ++; + } else if (o->object.type == OBJECT_ENTRY_ARRAY) { + + r = write_uint64(entry_array_fd, p); + if (r < 0) + goto fail; + + if (p == le64toh(f->header->entry_array_offset)) { + if (found_main_entry_array) { + log_error("More than one main entry array at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + found_main_entry_array = true; + } + + n_entry_arrays++; + + } else if (o->object.type == OBJECT_DATA) { + + r = write_uint64(data_fd, p); + if (r < 0) + goto fail; + + n_data++; + + } else if (o->object.type == OBJECT_FIELD) + n_fields++; + else if (o->object.type == OBJECT_DATA_HASH_TABLE) { + n_data_hash_tables++; + + if (n_data_hash_tables > 1) { + log_error("More than one data hash table at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + if (le64toh(f->header->data_hash_table_offset) != p + offsetof(HashTableObject, items) || + le64toh(f->header->data_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) { + log_error("Header fields for data hash table invalid."); + r = -EBADMSG; + goto fail; + } + } else if (o->object.type == OBJECT_FIELD_HASH_TABLE) { + n_field_hash_tables++; + + if (n_field_hash_tables > 1) { + log_error("More than one field hash table at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + if (le64toh(f->header->field_hash_table_offset) != p + offsetof(HashTableObject, items) || + le64toh(f->header->field_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) { + log_error("Header fields for field hash table invalid."); + r = -EBADMSG; + goto fail; + } + } else if (o->object.type >= _OBJECT_TYPE_MAX) + n_weird ++; + + if (p == le64toh(f->header->tail_object_offset)) + p = 0; + else + p = p + ALIGN64(le64toh(o->object.size)); + } + + if (n_objects != le64toh(f->header->n_objects)) { + log_error("Object number mismatch"); + r = -EBADMSG; + goto fail; + } + + if (n_entries != le64toh(f->header->n_entries)) { + log_error("Entry number mismatch"); + r = -EBADMSG; + goto fail; + } + + if (JOURNAL_HEADER_CONTAINS(f->header, n_data) && + n_data != le64toh(f->header->n_data)) { + log_error("Data number mismatch"); + r = -EBADMSG; + goto fail; + } + + if (JOURNAL_HEADER_CONTAINS(f->header, n_fields) && + n_fields != le64toh(f->header->n_fields)) { + log_error("Field number mismatch"); + r = -EBADMSG; + goto fail; + } + + if (JOURNAL_HEADER_CONTAINS(f->header, n_tags) && + tag_seqnum != le64toh(f->header->n_tags)) { + log_error("Tag number mismatch"); + r = -EBADMSG; + goto fail; + } + + if (n_data_hash_tables != 1) { + log_error("Missing data hash table"); + r = -EBADMSG; + goto fail; + } + + if (n_field_hash_tables != 1) { + log_error("Missing field hash table"); + r = -EBADMSG; + goto fail; + } + + if (!found_main_entry_array) { + log_error("Missing entry array"); + r = -EBADMSG; + goto fail; + } + + if (entry_seqnum_set && + entry_seqnum != le64toh(f->header->tail_entry_seqnum)) { + log_error("Invalid tail seqnum"); + r = -EBADMSG; + goto fail; + } + + if (entry_monotonic_set && + (!sd_id128_equal(entry_boot_id, f->header->boot_id) || + entry_monotonic != le64toh(f->header->tail_entry_monotonic))) { + log_error("Invalid tail monotonic timestamp"); + r = -EBADMSG; + goto fail; + } + + if (entry_realtime_set && entry_realtime != le64toh(f->header->tail_entry_realtime)) { + log_error("Invalid tail realtime timestamp"); + r = -EBADMSG; + goto fail; + } + + /* Second iteration: we go through all objects again, this + * time verify all pointers. */ + + p = le64toh(f->header->header_size); + while (p != 0) { + draw_progress(0x8000 + (0x7FFF * p) / le64toh(f->header->tail_object_offset), &last_usec); + + r = journal_file_move_to_object(f, -1, p, &o); + if (r < 0) { + log_error("Invalid object at %llu", (unsigned long long) p); + goto fail; + } + + if (o->object.type == OBJECT_ENTRY_ARRAY) { + uint64_t i = 0, n; + + if (le64toh(o->entry_array.next_entry_array_offset) != 0 && + !contains_uint64(f->mmap, entry_array_fd, n_entry_arrays, le64toh(o->entry_array.next_entry_array_offset))) { + log_error("Entry array chains up to invalid next array at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + + n = journal_file_entry_array_n_items(o); + for (i = 0; i < n; i++) { + if (le64toh(o->entry_array.items[i]) != 0 && + !contains_uint64(f->mmap, entry_fd, n_entries, le64toh(o->entry_array.items[i]))) { + + log_error("Entry array points to invalid next array at %llu", (unsigned long long) p); + r = -EBADMSG; + goto fail; + } + } + + } + + r = journal_file_move_to_object(f, -1, p, &o); + if (r < 0) { + log_error("Invalid object at %llu", (unsigned long long) p); + goto fail; + } + + if (p == le64toh(f->header->tail_object_offset)) + p = 0; + else + p = p + ALIGN64(le64toh(o->object.size)); + } + + flush_progress(); + + mmap_cache_close_fd(f->mmap, data_fd); + mmap_cache_close_fd(f->mmap, entry_fd); + mmap_cache_close_fd(f->mmap, entry_array_fd); + + close_nointr_nofail(data_fd); + close_nointr_nofail(entry_fd); + close_nointr_nofail(entry_array_fd); + + return 0; + +fail: + flush_progress(); + + log_error("File corruption detected at %s:%llu (of %llu, %llu%%).", + f->path, + (unsigned long long) p, + (unsigned long long) f->last_stat.st_size, + (unsigned long long) (100 * p / f->last_stat.st_size)); + + if (data_fd >= 0) { + mmap_cache_close_fd(f->mmap, data_fd); + close_nointr_nofail(data_fd); + } + + if (entry_fd >= 0) { + mmap_cache_close_fd(f->mmap, entry_fd); + close_nointr_nofail(entry_fd); + } + + if (entry_array_fd >= 0) { + mmap_cache_close_fd(f->mmap, entry_array_fd); + close_nointr_nofail(entry_array_fd); + } + + return r; +} + void journal_file_dump(JournalFile *f) { Object *o; int r; @@ -2403,8 +2864,8 @@ void journal_file_print_header(JournalFile *f) { (unsigned long long) le64toh(f->header->n_objects), (unsigned long long) le64toh(f->header->n_entries), yes_no(journal_file_rotate_suggested(f)), - (unsigned long long) le64toh(f->header->head_seqnum), - (unsigned long long) le64toh(f->header->tail_seqnum), + (unsigned long long) le64toh(f->header->head_entry_seqnum), + (unsigned long long) le64toh(f->header->tail_entry_seqnum), format_timestamp(x, sizeof(x), le64toh(f->header->head_entry_realtime)), format_timestamp(y, sizeof(y), le64toh(f->header->tail_entry_realtime))); @@ -2428,6 +2889,7 @@ int journal_file_open( bool compress, bool authenticate, JournalMetrics *metrics, + MMapCache *mmap_cache, JournalFile *template, JournalFile **ret) { @@ -2457,6 +2919,19 @@ int journal_file_open( f->compress = compress; f->authenticate = authenticate; + if (mmap_cache) + f->mmap = mmap_cache_ref(mmap_cache); + else { + /* One context for each type, plus the zeroth catchall + * context. One fd for the file plus one for each type + * (which we need during verification */ + f->mmap = mmap_cache_new(_OBJECT_TYPE_MAX, 1 + _OBJECT_TYPE_MAX); + if (!f->mmap) { + r = -ENOMEM; + goto fail; + } + } + f->path = strdup(fname); if (!f->path) { r = -ENOMEM; @@ -2594,7 +3069,7 @@ int journal_file_rotate(JournalFile **f, bool compress, bool authenticate) { sd_id128_to_string(old_file->header->seqnum_id, p + l - 8 + 1); snprintf(p + l - 8 + 1 + 32, 1 + 16 + 1 + 16 + 8 + 1, "-%016llx-%016llx.journal", - (unsigned long long) le64toh((*f)->header->tail_seqnum), + (unsigned long long) le64toh((*f)->header->tail_entry_seqnum), (unsigned long long) le64toh((*f)->header->tail_entry_realtime)); r = rename(old_file->path, p); @@ -2605,7 +3080,7 @@ int journal_file_rotate(JournalFile **f, bool compress, bool authenticate) { old_file->header->state = STATE_ARCHIVED; - r = journal_file_open(old_file->path, old_file->flags, old_file->mode, compress, authenticate, NULL, old_file, &new_file); + r = journal_file_open(old_file->path, old_file->flags, old_file->mode, compress, authenticate, NULL, old_file->mmap, old_file, &new_file); journal_file_close(old_file); *f = new_file; @@ -2619,6 +3094,7 @@ int journal_file_open_reliably( bool compress, bool authenticate, JournalMetrics *metrics, + MMapCache *mmap, JournalFile *template, JournalFile **ret) { @@ -2626,7 +3102,7 @@ int journal_file_open_reliably( size_t l; char *p; - r = journal_file_open(fname, flags, mode, compress, authenticate, metrics, template, ret); + r = journal_file_open(fname, flags, mode, compress, authenticate, metrics, mmap, template, ret); if (r != -EBADMSG && /* corrupted */ r != -ENODATA && /* truncated */ r != -EHOSTDOWN && /* other machine */ @@ -2660,7 +3136,7 @@ int journal_file_open_reliably( log_warning("File %s corrupted or uncleanly shut down, renaming and replacing.", fname); - return journal_file_open(fname, flags, mode, compress, authenticate, metrics, template, ret); + return journal_file_open(fname, flags, mode, compress, authenticate, metrics, mmap, template, ret); } struct vacuum_info {