#include "journal-file.h"
#include "lookup3.h"
#include "compress.h"
+#include "fsprg.h"
#define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem))
#define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem))
-#define DEFAULT_WINDOW_SIZE (8ULL*1024ULL*1024ULL)
-
#define COMPRESSION_SIZE_THRESHOLD (512ULL)
/* This is the minimum journal file size */
#define JOURNAL_HEADER_CONTAINS(h, field) \
(le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))
-static const char signature[] = { 'L', 'P', 'K', 'S', 'H', 'H', 'R', 'H' };
+static int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime);
+static int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p);
void journal_file_close(JournalFile *f) {
- int t;
-
assert(f);
+ /* Write the final tag */
+ if (f->authenticate)
+ journal_file_append_tag(f);
+
+ /* Sync everything to disk, before we mark the file offline */
+ if (f->mmap && f->fd >= 0)
+ mmap_cache_close_fd(f->mmap, f->fd);
+
+ if (f->writable && f->fd >= 0)
+ fdatasync(f->fd);
+
if (f->header) {
- if (f->writable)
+ /* Mark the file offline. Don't override the archived state if it already is set */
+ if (f->writable && f->header->state == STATE_ONLINE)
f->header->state = STATE_OFFLINE;
munmap(f->header, PAGE_ALIGN(sizeof(Header)));
}
- for (t = 0; t < _WINDOW_MAX; t++)
- if (f->windows[t].ptr)
- munmap(f->windows[t].ptr, f->windows[t].size);
-
if (f->fd >= 0)
close_nointr_nofail(f->fd);
free(f->path);
+ if (f->mmap)
+ mmap_cache_unref(f->mmap);
+
#ifdef HAVE_XZ
free(f->compress_buffer);
#endif
+#ifdef HAVE_GCRYPT
+ if (f->fsprg_header)
+ munmap(f->fsprg_header, PAGE_ALIGN(f->fsprg_size));
+
+ if (f->hmac)
+ gcry_md_close(f->hmac);
+#endif
+
free(f);
}
assert(f);
zero(h);
- memcpy(h.signature, signature, 8);
+ memcpy(h.signature, HEADER_SIGNATURE, 8);
h.header_size = htole64(ALIGN64(sizeof(h)));
+ h.incompatible_flags =
+ htole32(f->compress ? HEADER_INCOMPATIBLE_COMPRESSED : 0);
+
+ h.compatible_flags =
+ htole32(f->authenticate ? HEADER_COMPATIBLE_AUTHENTICATED : 0);
+
r = sd_id128_randomize(&h.file_id);
if (r < 0)
return r;
if (template) {
h.seqnum_id = template->header->seqnum_id;
- h.tail_seqnum = template->header->tail_seqnum;
+ h.tail_entry_seqnum = template->header->tail_entry_seqnum;
} else
h.seqnum_id = h.file_id;
f->header->state = STATE_ONLINE;
- __sync_synchronize();
+ /* Sync the online state to disk */
+ msync(f->header, PAGE_ALIGN(sizeof(Header)), MS_SYNC);
+ fdatasync(f->fd);
return 0;
}
static int journal_file_verify_header(JournalFile *f) {
assert(f);
- if (memcmp(f->header, signature, 8))
+ if (memcmp(f->header->signature, HEADER_SIGNATURE, 8))
return -EBADMSG;
+ /* In both read and write mode we refuse to open files with
+ * incompatible flags we don't know */
#ifdef HAVE_XZ
- if ((le64toh(f->header->incompatible_flags) & ~HEADER_INCOMPATIBLE_COMPRESSED) != 0)
+ if ((le32toh(f->header->incompatible_flags) & ~HEADER_INCOMPATIBLE_COMPRESSED) != 0)
return -EPROTONOSUPPORT;
#else
if (f->header->incompatible_flags != 0)
return -EPROTONOSUPPORT;
#endif
+ /* When open for writing we refuse to open files with
+ * compatible flags, too */
+ if (f->writable) {
+#ifdef HAVE_GCRYPT
+ if ((le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_AUTHENTICATED) != 0)
+ return -EPROTONOSUPPORT;
+#else
+ if (f->header->compatible_flags != 0)
+ return -EPROTONOSUPPORT;
+#endif
+ }
+
/* The first addition was n_data, so check that we are at least this large */
if (le64toh(f->header->header_size) < HEADER_SIZE_MIN)
return -EBADMSG;
+ if ((le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_AUTHENTICATED) &&
+ !JOURNAL_HEADER_CONTAINS(f->header, n_tags))
+ return -EBADMSG;
+
if ((uint64_t) f->last_stat.st_size < (le64toh(f->header->header_size) + le64toh(f->header->arena_size)))
return -ENODATA;
}
}
+ f->compress = !!(le32toh(f->header->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED);
+ f->authenticate = !!(le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_AUTHENTICATED);
+
return 0;
}
if (r != 0)
return -r;
+ mmap_cache_close_fd_range(f->mmap, f->fd, old_size);
+
if (fstat(f->fd, &f->last_stat) < 0)
return -errno;
return 0;
}
-static int journal_file_map(
- JournalFile *f,
- uint64_t offset,
- uint64_t size,
- void **_window,
- uint64_t *_woffset,
- uint64_t *_wsize,
- void **ret) {
-
- uint64_t woffset, wsize;
- void *window;
-
+static int journal_file_move_to(JournalFile *f, int context, uint64_t offset, uint64_t size, void **ret) {
assert(f);
- assert(size > 0);
assert(ret);
- woffset = offset & ~((uint64_t) page_size() - 1ULL);
- wsize = size + (offset - woffset);
- wsize = PAGE_ALIGN(wsize);
-
/* Avoid SIGBUS on invalid accesses */
- if (woffset + wsize > (uint64_t) PAGE_ALIGN(f->last_stat.st_size))
- return -EADDRNOTAVAIL;
-
- window = mmap(NULL, wsize, f->prot, MAP_SHARED, f->fd, woffset);
- if (window == MAP_FAILED)
- return -errno;
-
- if (_window)
- *_window = window;
-
- if (_woffset)
- *_woffset = woffset;
-
- if (_wsize)
- *_wsize = wsize;
-
- *ret = (uint8_t*) window + (offset - woffset);
-
- return 0;
-}
-
-static int journal_file_move_to(JournalFile *f, int wt, uint64_t offset, uint64_t size, void **ret) {
- void *p = NULL;
- uint64_t delta;
- int r;
- Window *w;
-
- assert(f);
- assert(ret);
- assert(wt >= 0);
- assert(wt < _WINDOW_MAX);
-
if (offset + size > (uint64_t) f->last_stat.st_size) {
/* Hmm, out of range? Let's refresh the fstat() data
* first, before we trust that check. */
return -EADDRNOTAVAIL;
}
- w = f->windows + wt;
-
- if (_likely_(w->ptr &&
- w->offset <= offset &&
- w->offset + w->size >= offset + size)) {
-
- *ret = (uint8_t*) w->ptr + (offset - w->offset);
- return 0;
- }
-
- if (w->ptr) {
- if (munmap(w->ptr, w->size) < 0)
- return -errno;
-
- w->ptr = NULL;
- w->size = w->offset = 0;
- }
-
- if (size < DEFAULT_WINDOW_SIZE) {
- /* If the default window size is larger then what was
- * asked for extend the mapping a bit in the hope to
- * minimize needed remappings later on. We add half
- * the window space before and half behind the
- * requested mapping */
-
- delta = (DEFAULT_WINDOW_SIZE - size) / 2;
-
- if (delta > offset)
- delta = offset;
-
- offset -= delta;
- size = DEFAULT_WINDOW_SIZE;
- } else
- delta = 0;
-
- if (offset + size > (uint64_t) f->last_stat.st_size)
- size = (uint64_t) f->last_stat.st_size - offset;
-
- if (size <= 0)
- return -EADDRNOTAVAIL;
-
- r = journal_file_map(f,
- offset, size,
- &w->ptr, &w->offset, &w->size,
- &p);
-
- if (r < 0)
- return r;
-
- *ret = (uint8_t*) p + delta;
- return 0;
+ return mmap_cache_get(f->mmap, f->fd, f->prot, context, offset, size, ret);
}
static bool verify_hash(Object *o) {
return h1 == h2;
}
+static uint64_t minimum_header_size(Object *o) {
+
+ static uint64_t table[] = {
+ [OBJECT_DATA] = sizeof(DataObject),
+ [OBJECT_FIELD] = sizeof(FieldObject),
+ [OBJECT_ENTRY] = sizeof(EntryObject),
+ [OBJECT_DATA_HASH_TABLE] = sizeof(HashTableObject),
+ [OBJECT_FIELD_HASH_TABLE] = sizeof(HashTableObject),
+ [OBJECT_ENTRY_ARRAY] = sizeof(EntryArrayObject),
+ [OBJECT_TAG] = sizeof(TagObject),
+ };
+
+ if (o->object.type >= ELEMENTSOF(table) || table[o->object.type] <= 0)
+ return sizeof(ObjectHeader);
+
+ return table[o->object.type];
+}
+
int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Object **ret) {
int r;
void *t;
Object *o;
uint64_t s;
+ unsigned context;
assert(f);
assert(ret);
- assert(type < _OBJECT_TYPE_MAX);
- r = journal_file_move_to(f, type >= 0 ? type : WINDOW_UNKNOWN, offset, sizeof(ObjectHeader), &t);
+ /* One context for each type, plus one catch-all for the rest */
+ context = type > 0 && type < _OBJECT_TYPE_MAX ? type : 0;
+
+ r = journal_file_move_to(f, context, offset, sizeof(ObjectHeader), &t);
if (r < 0)
return r;
if (s < sizeof(ObjectHeader))
return -EBADMSG;
+ if (o->object.type <= OBJECT_UNUSED)
+ return -EBADMSG;
+
+ if (s < minimum_header_size(o))
+ return -EBADMSG;
+
if (type >= 0 && o->object.type != type)
return -EBADMSG;
return 0;
}
-static uint64_t journal_file_seqnum(JournalFile *f, uint64_t *seqnum) {
+static uint64_t journal_file_entry_seqnum(JournalFile *f, uint64_t *seqnum) {
uint64_t r;
assert(f);
- r = le64toh(f->header->tail_seqnum) + 1;
+ r = le64toh(f->header->tail_entry_seqnum) + 1;
if (seqnum) {
/* If an external seqnum counter was passed, we update
*seqnum = r;
}
- f->header->tail_seqnum = htole64(r);
+ f->header->tail_entry_seqnum = htole64(r);
- if (f->header->head_seqnum == 0)
- f->header->head_seqnum = htole64(r);
+ if (f->header->head_entry_seqnum == 0)
+ f->header->head_entry_seqnum = htole64(r);
return r;
}
void *t;
assert(f);
+ assert(type > 0 && type < _OBJECT_TYPE_MAX);
assert(size >= sizeof(ObjectHeader));
assert(offset);
assert(ret);
assert(f);
- /* We estimate that we need 1 hash table entry per 2K of
+ /* We estimate that we need 1 hash table entry per 768 of
journal file and we want to make sure we never get beyond
75% fill level. Calculate the hash table size for the
maximum file size based on these metrics. */
- s = (f->metrics.max_size * 4 / 2048 / 3) * sizeof(HashItem);
+ s = (f->metrics.max_size * 4 / 768 / 3) * sizeof(HashItem);
if (s < DEFAULT_DATA_HASH_TABLE_SIZE)
s = DEFAULT_DATA_HASH_TABLE_SIZE;
- log_info("Reserving %llu entries in hash table.", (unsigned long long) s);
+ log_info("Reserving %llu entries in hash table.", (unsigned long long) (s / sizeof(HashItem)));
r = journal_file_append_object(f,
OBJECT_DATA_HASH_TABLE,
s = le64toh(f->header->data_hash_table_size);
r = journal_file_move_to(f,
- WINDOW_DATA_HASH_TABLE,
+ OBJECT_DATA_HASH_TABLE,
p, s,
&t);
if (r < 0)
s = le64toh(f->header->field_hash_table_size);
r = journal_file_move_to(f,
- WINDOW_FIELD_HASH_TABLE,
+ OBJECT_FIELD_HASH_TABLE,
p, s,
&t);
if (r < 0)
o->object.size = htole64(offsetof(Object, data.payload) + rsize);
o->object.flags |= OBJECT_COMPRESSED;
- f->header->incompatible_flags = htole32(le32toh(f->header->incompatible_flags) | HEADER_INCOMPATIBLE_COMPRESSED);
-
log_debug("Compressed data object %lu -> %lu", (unsigned long) size, (unsigned long) rsize);
}
}
#endif
- if (!compressed)
+ if (!compressed && size > 0)
memcpy(o->data.payload, data, size);
r = journal_file_link_data(f, o, p, hash);
if (r < 0)
return r;
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, p);
+ if (r < 0)
+ return r;
+
/* The linking might have altered the window, so let's
* refresh our pointer */
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
if (r < 0)
return r;
+ r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, q);
+ if (r < 0)
+ return r;
+
o->entry_array.items[i] = htole64(p);
if (ap == 0)
if (r < 0)
return r;
- o->entry.seqnum = htole64(journal_file_seqnum(f, seqnum));
+ o->entry.seqnum = htole64(journal_file_entry_seqnum(f, seqnum));
memcpy(o->entry.items, items, n_items * sizeof(EntryItem));
o->entry.realtime = htole64(ts->realtime);
o->entry.monotonic = htole64(ts->monotonic);
o->entry.xor_hash = htole64(xor_hash);
o->entry.boot_id = f->header->boot_id;
+ r = journal_file_hmac_put_object(f, OBJECT_ENTRY, np);
+ if (r < 0)
+ return r;
+
r = journal_file_link_entry(f, o, np);
if (r < 0)
return r;
ts->monotonic < le64toh(f->header->tail_entry_monotonic))
return -EINVAL;
- items = alloca(sizeof(EntryItem) * n_iovec);
+ r = journal_file_maybe_append_tag(f, ts->realtime);
+ if (r < 0)
+ return r;
+
+ /* alloca() can't take 0, hence let's allocate at least one */
+ items = alloca(sizeof(EntryItem) * MAX(1, n_iovec));
for (i = 0; i < n_iovec; i++) {
uint64_t p;
ret, offset, NULL);
}
-void journal_file_dump(JournalFile *f) {
+static void *fsprg_state(JournalFile *f) {
+ uint64_t a, b;
+ assert(f);
+
+ if (!f->authenticate)
+ return NULL;
+
+ a = le64toh(f->fsprg_header->header_size);
+ b = le64toh(f->fsprg_header->state_size);
+
+ if (a + b > f->fsprg_size)
+ return NULL;
+
+ return (uint8_t*) f->fsprg_header + a;
+}
+
+static uint64_t journal_file_tag_seqnum(JournalFile *f) {
+ uint64_t r;
+
+ assert(f);
+
+ r = le64toh(f->header->n_tags) + 1;
+ f->header->n_tags = htole64(r);
+
+ return r;
+}
+
+int journal_file_append_tag(JournalFile *f) {
Object *o;
- int r;
uint64_t p;
+ int r;
assert(f);
- journal_file_print_header(f);
+ if (!f->authenticate)
+ return 0;
- p = le64toh(f->header->header_size);
- while (p != 0) {
- r = journal_file_move_to_object(f, -1, p, &o);
- if (r < 0)
- goto fail;
+ if (!f->hmac_running)
+ return 0;
- switch (o->object.type) {
+ log_debug("Writing tag for epoch %llu\n", (unsigned long long) FSPRG_GetEpoch(fsprg_state(f)));
- case OBJECT_UNUSED:
- printf("Type: OBJECT_UNUSED\n");
- break;
+ assert(f->hmac);
- case OBJECT_DATA:
- printf("Type: OBJECT_DATA\n");
- break;
+ r = journal_file_append_object(f, OBJECT_TAG, sizeof(struct TagObject), &o, &p);
+ if (r < 0)
+ return r;
- case OBJECT_ENTRY:
- printf("Type: OBJECT_ENTRY %llu %llu %llu\n",
- (unsigned long long) le64toh(o->entry.seqnum),
- (unsigned long long) le64toh(o->entry.monotonic),
- (unsigned long long) le64toh(o->entry.realtime));
- break;
+ o->tag.seqnum = htole64(journal_file_tag_seqnum(f));
- case OBJECT_FIELD_HASH_TABLE:
- printf("Type: OBJECT_FIELD_HASH_TABLE\n");
- break;
+ /* Add the tag object itself, so that we can protect its
+ * header. This will exclude the actual hash value in it */
+ r = journal_file_hmac_put_object(f, OBJECT_TAG, p);
+ if (r < 0)
+ return r;
- case OBJECT_DATA_HASH_TABLE:
- printf("Type: OBJECT_DATA_HASH_TABLE\n");
- break;
+ /* Get the HMAC tag and store it in the object */
+ memcpy(o->tag.tag, gcry_md_read(f->hmac, 0), TAG_LENGTH);
+ f->hmac_running = false;
- case OBJECT_ENTRY_ARRAY:
- printf("Type: OBJECT_ENTRY_ARRAY\n");
- break;
+ return 0;
+}
- case OBJECT_SIGNATURE:
- printf("Type: OBJECT_SIGNATURE\n");
- break;
- }
+static int journal_file_hmac_start(JournalFile *f) {
+ uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
- if (o->object.flags & OBJECT_COMPRESSED)
- printf("Flags: COMPRESSED\n");
+ assert(f);
- if (p == le64toh(f->header->tail_object_offset))
- p = 0;
- else
- p = p + ALIGN64(le64toh(o->object.size));
- }
+ if (!f->authenticate)
+ return 0;
- return;
-fail:
- log_error("File corrupt");
+ if (f->hmac_running)
+ return 0;
+
+ /* Prepare HMAC for next cycle */
+ gcry_md_reset(f->hmac);
+ FSPRG_GetKey(fsprg_state(f), key, sizeof(key), 0);
+ gcry_md_setkey(f->hmac, key, sizeof(key));
+
+ f->hmac_running = true;
+
+ return 0;
}
-void journal_file_print_header(JournalFile *f) {
- char a[33], b[33], c[33];
- char x[FORMAT_TIMESTAMP_MAX], y[FORMAT_TIMESTAMP_MAX];
+static int journal_file_get_epoch(JournalFile *f, uint64_t realtime, uint64_t *epoch) {
+ uint64_t t;
assert(f);
+ assert(epoch);
+ assert(f->authenticate);
- printf("File Path: %s\n"
- "File ID: %s\n"
- "Machine ID: %s\n"
- "Boot ID: %s\n"
- "Sequential Number ID: %s\n"
- "State: %s\n"
- "Compatible Flags:%s%s\n"
- "Incompatible Flags:%s%s\n"
- "Header size: %llu\n"
- "Arena size: %llu\n"
- "Data Hash Table Size: %llu\n"
- "Field Hash Table Size: %llu\n"
- "Objects: %llu\n"
- "Entry Objects: %llu\n"
- "Rotate Suggested: %s\n"
- "Head Sequential Number: %llu\n"
- "Tail Sequential Number: %llu\n"
- "Head Realtime Timestamp: %s\n"
- "Tail Realtime Timestamp: %s\n",
- f->path,
- sd_id128_to_string(f->header->file_id, a),
- sd_id128_to_string(f->header->machine_id, b),
- sd_id128_to_string(f->header->boot_id, c),
- sd_id128_to_string(f->header->seqnum_id, c),
- f->header->state == STATE_OFFLINE ? "offline" :
- f->header->state == STATE_ONLINE ? "online" :
- f->header->state == STATE_ARCHIVED ? "archived" : "unknown",
- (f->header->compatible_flags & HEADER_COMPATIBLE_SIGNED) ? " SIGNED" : "",
- (f->header->compatible_flags & ~HEADER_COMPATIBLE_SIGNED) ? " ???" : "",
- (f->header->incompatible_flags & HEADER_INCOMPATIBLE_COMPRESSED) ? " COMPRESSED" : "",
- (f->header->incompatible_flags & ~HEADER_INCOMPATIBLE_COMPRESSED) ? " ???" : "",
- (unsigned long long) le64toh(f->header->header_size),
- (unsigned long long) le64toh(f->header->arena_size),
- (unsigned long long) le64toh(f->header->data_hash_table_size) / sizeof(HashItem),
- (unsigned long long) le64toh(f->header->field_hash_table_size) / sizeof(HashItem),
- (unsigned long long) le64toh(f->header->n_objects),
- (unsigned long long) le64toh(f->header->n_entries),
- yes_no(journal_file_rotate_suggested(f)),
- (unsigned long long) le64toh(f->header->head_seqnum),
- (unsigned long long) le64toh(f->header->tail_seqnum),
- format_timestamp(x, sizeof(x), le64toh(f->header->head_entry_realtime)),
- format_timestamp(y, sizeof(y), le64toh(f->header->tail_entry_realtime)));
+ if (le64toh(f->fsprg_header->fsprg_start_usec) == 0 ||
+ le64toh(f->fsprg_header->fsprg_interval_usec) == 0)
+ return -ENOTSUP;
- if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
- printf("Data Objects: %llu\n"
- "Data Hash Table Fill: %.1f%%\n",
- (unsigned long long) le64toh(f->header->n_data),
- 100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))));
+ if (realtime < le64toh(f->fsprg_header->fsprg_start_usec))
+ return -ESTALE;
- if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
- printf("Field Objects: %llu\n"
- "Field Hash Table Fill: %.1f%%\n",
- (unsigned long long) le64toh(f->header->n_fields),
- 100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))));
-}
+ t = realtime - le64toh(f->fsprg_header->fsprg_start_usec);
+ t = t / le64toh(f->fsprg_header->fsprg_interval_usec);
-int journal_file_open(
- const char *fname,
- int flags,
- mode_t mode,
- JournalMetrics *metrics,
- JournalFile *template,
- JournalFile **ret) {
+ *epoch = t;
+ return 0;
+}
- JournalFile *f;
+static int journal_file_need_evolve(JournalFile *f, uint64_t realtime) {
+ uint64_t goal, epoch;
int r;
- bool newly_created = false;
+ assert(f);
- assert(fname);
+ if (!f->authenticate)
+ return 0;
- if ((flags & O_ACCMODE) != O_RDONLY &&
- (flags & O_ACCMODE) != O_RDWR)
- return -EINVAL;
+ r = journal_file_get_epoch(f, realtime, &goal);
+ if (r < 0)
+ return r;
- if (!endswith(fname, ".journal"))
- return -EINVAL;
+ epoch = FSPRG_GetEpoch(fsprg_state(f));
+ if (epoch > goal)
+ return -ESTALE;
- f = new0(JournalFile, 1);
- if (!f)
- return -ENOMEM;
+ return epoch != goal;
+}
- f->fd = -1;
- f->flags = flags;
- f->mode = mode;
- f->writable = (flags & O_ACCMODE) != O_RDONLY;
- f->prot = prot_from_flags(flags);
+static int journal_file_evolve(JournalFile *f, uint64_t realtime) {
+ uint64_t goal, epoch;
+ int r;
- if (template)
- f->compress = template->compress;
+ assert(f);
- f->path = strdup(fname);
- if (!f->path) {
- r = -ENOMEM;
- goto fail;
- }
+ if (!f->authenticate)
+ return 0;
- f->fd = open(f->path, f->flags|O_CLOEXEC, f->mode);
- if (f->fd < 0) {
- r = -errno;
- goto fail;
- }
+ r = journal_file_get_epoch(f, realtime, &goal);
+ if (r < 0)
+ return r;
+
+ epoch = FSPRG_GetEpoch(fsprg_state(f));
+ if (epoch < goal)
+ log_debug("Evolving FSPRG key from epoch %llu to %llu.", (unsigned long long) epoch, (unsigned long long) goal);
+
+ for (;;) {
+ if (epoch > goal)
+ return -ESTALE;
+ if (epoch == goal)
+ return 0;
+
+ FSPRG_Evolve(fsprg_state(f));
+ epoch = FSPRG_GetEpoch(fsprg_state(f));
+ }
+}
+
+static int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) {
+ int r;
+
+ assert(f);
+
+ if (!f->authenticate)
+ return 0;
+
+ r = journal_file_need_evolve(f, realtime);
+ if (r <= 0)
+ return 0;
+
+ r = journal_file_append_tag(f);
+ if (r < 0)
+ return r;
+
+ r = journal_file_evolve(f, realtime);
+ if (r < 0)
+ return r;
+
+ r = journal_file_hmac_start(f);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
+static int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
+ int r;
+ Object *o;
+
+ assert(f);
+
+ if (!f->authenticate)
+ return 0;
+
+ r = journal_file_hmac_start(f);
+ if (r < 0)
+ return r;
+
+ r = journal_file_move_to_object(f, type, p, &o);
+ if (r < 0)
+ return r;
+
+ gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload));
+
+ switch (o->object.type) {
+
+ case OBJECT_DATA:
+ /* All but: hash and payload are mutable */
+ gcry_md_write(f->hmac, &o->data.hash, sizeof(o->data.hash));
+ gcry_md_write(f->hmac, o->data.payload, le64toh(o->object.size) - offsetof(DataObject, payload));
+ break;
+
+ case OBJECT_ENTRY:
+ /* All */
+ gcry_md_write(f->hmac, &o->entry.seqnum, le64toh(o->object.size) - offsetof(EntryObject, seqnum));
+ break;
+
+ case OBJECT_FIELD_HASH_TABLE:
+ case OBJECT_DATA_HASH_TABLE:
+ case OBJECT_ENTRY_ARRAY:
+ /* Nothing: everything is mutable */
+ break;
+
+ case OBJECT_TAG:
+ /* All but the tag itself */
+ gcry_md_write(f->hmac, &o->tag.seqnum, sizeof(o->tag.seqnum));
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int journal_file_hmac_put_header(JournalFile *f) {
+ int r;
+
+ assert(f);
+
+ if (!f->authenticate)
+ return 0;
+
+ r = journal_file_hmac_start(f);
+ if (r < 0)
+ return r;
+
+ /* All but state+reserved, boot_id, arena_size,
+ * tail_object_offset, n_objects, n_entries, tail_seqnum,
+ * head_entry_realtime, tail_entry_realtime,
+ * tail_entry_monotonic, n_data, n_fields, header_tag */
+
+ gcry_md_write(f->hmac, f->header->signature, offsetof(Header, state) - offsetof(Header, signature));
+ gcry_md_write(f->hmac, &f->header->file_id, offsetof(Header, boot_id) - offsetof(Header, file_id));
+ gcry_md_write(f->hmac, &f->header->seqnum_id, offsetof(Header, arena_size) - offsetof(Header, seqnum_id));
+ gcry_md_write(f->hmac, &f->header->data_hash_table_offset, offsetof(Header, tail_object_offset) - offsetof(Header, data_hash_table_offset));
+ gcry_md_write(f->hmac, &f->header->head_entry_seqnum, offsetof(Header, head_entry_realtime) - offsetof(Header, head_entry_seqnum));
+
+ return 0;
+}
+
+static int journal_file_load_fsprg(JournalFile *f) {
+ int r, fd = -1;
+ char *p = NULL;
+ struct stat st;
+ FSPRGHeader *m = NULL;
+ sd_id128_t machine;
+
+ assert(f);
+
+ if (!f->authenticate)
+ return 0;
+
+ r = sd_id128_get_machine(&machine);
+ if (r < 0)
+ return r;
+
+ if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fsprg",
+ SD_ID128_FORMAT_VAL(machine)) < 0)
+ return -ENOMEM;
+
+ fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
+ if (fd < 0) {
+ log_error("Failed to open %s: %m", p);
+ r = -errno;
+ goto finish;
+ }
+
+ if (fstat(fd, &st) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (st.st_size < (off_t) sizeof(FSPRGHeader)) {
+ r = -ENODATA;
+ goto finish;
+ }
+
+ m = mmap(NULL, PAGE_ALIGN(sizeof(FSPRGHeader)), PROT_READ, MAP_SHARED, fd, 0);
+ if (m == MAP_FAILED) {
+ m = NULL;
+ r = -errno;
+ goto finish;
+ }
+
+ if (memcmp(m->signature, FSPRG_HEADER_SIGNATURE, 8) != 0) {
+ r = -EBADMSG;
+ goto finish;
+ }
+
+ if (m->incompatible_flags != 0) {
+ r = -EPROTONOSUPPORT;
+ goto finish;
+ }
+
+ if (le64toh(m->header_size) < sizeof(FSPRGHeader)) {
+ r = -EBADMSG;
+ goto finish;
+ }
+
+ if (le64toh(m->state_size) != FSPRG_stateinbytes(m->secpar)) {
+ r = -EBADMSG;
+ goto finish;
+ }
+
+ f->fsprg_size = le64toh(m->header_size) + le64toh(m->state_size);
+ if ((uint64_t) st.st_size < f->fsprg_size) {
+ r = -ENODATA;
+ goto finish;
+ }
+
+ if (!sd_id128_equal(machine, m->machine_id)) {
+ r = -EHOSTDOWN;
+ goto finish;
+ }
+
+ if (le64toh(m->fsprg_start_usec) <= 0 ||
+ le64toh(m->fsprg_interval_usec) <= 0) {
+ r = -EBADMSG;
+ goto finish;
+ }
+
+ f->fsprg_header = mmap(NULL, PAGE_ALIGN(f->fsprg_size), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+ if (f->fsprg_header == MAP_FAILED) {
+ f->fsprg_header = NULL;
+ r = -errno;
+ goto finish;
+ }
+
+ r = 0;
+
+finish:
+ if (m)
+ munmap(m, PAGE_ALIGN(sizeof(FSPRGHeader)));
+
+ if (fd >= 0)
+ close_nointr_nofail(fd);
+
+ free(p);
+ return r;
+}
+
+static int journal_file_setup_hmac(JournalFile *f) {
+ gcry_error_t e;
+
+ if (!f->authenticate)
+ return 0;
+
+ e = gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ if (e != 0)
+ return -ENOTSUP;
+
+ return 0;
+}
+
+static int journal_file_append_first_tag(JournalFile *f) {
+ int r;
+ uint64_t p;
+
+ if (!f->authenticate)
+ return 0;
+
+ log_debug("Calculating first tag...");
+
+ r = journal_file_hmac_put_header(f);
+ if (r < 0)
+ return r;
+
+ p = le64toh(f->header->field_hash_table_offset);
+ if (p < offsetof(Object, hash_table.items))
+ return -EINVAL;
+ p -= offsetof(Object, hash_table.items);
+
+ r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p);
+ if (r < 0)
+ return r;
+
+ p = le64toh(f->header->data_hash_table_offset);
+ if (p < offsetof(Object, hash_table.items))
+ return -EINVAL;
+ p -= offsetof(Object, hash_table.items);
+
+ r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p);
+ if (r < 0)
+ return r;
+
+ r = journal_file_append_tag(f);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
+static int journal_file_object_verify(JournalFile *f, Object *o) {
+ assert(f);
+ assert(o);
+
+ /* This does various superficial tests about the length an
+ * possible field values. It does not follow any references to
+ * other objects. */
+
+ switch (o->object.type) {
+ case OBJECT_DATA:
+ if (le64toh(o->data.entry_offset) <= 0 ||
+ le64toh(o->data.n_entries) <= 0)
+ return -EBADMSG;
+
+ if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0)
+ return -EBADMSG;
+ break;
+
+ case OBJECT_FIELD:
+ if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0)
+ return -EBADMSG;
+ break;
+
+ case OBJECT_ENTRY:
+ if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0)
+ return -EBADMSG;
+
+ if ((le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0)
+ return -EBADMSG;
+
+ if (le64toh(o->entry.seqnum) <= 0 ||
+ le64toh(o->entry.realtime) <= 0)
+ return -EBADMSG;
+
+ break;
+
+ case OBJECT_DATA_HASH_TABLE:
+ case OBJECT_FIELD_HASH_TABLE:
+ if ((le64toh(o->object.size) - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0)
+ return -EBADMSG;
+
+ break;
+
+ case OBJECT_ENTRY_ARRAY:
+ if ((le64toh(o->object.size) - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0)
+ return -EBADMSG;
+
+ break;
+
+ case OBJECT_TAG:
+ if (le64toh(o->object.size) != sizeof(TagObject))
+ return -EBADMSG;
+ break;
+ }
+
+ return 0;
+}
+
+static void draw_progress(uint64_t p, usec_t *last_usec) {
+ unsigned n, i, j, k;
+ usec_t z, x;
+
+ if (!isatty(STDOUT_FILENO))
+ return;
+
+ z = now(CLOCK_MONOTONIC);
+ x = *last_usec;
+
+ if (x != 0 && x + 40 * USEC_PER_MSEC > z)
+ return;
+
+ *last_usec = z;
+
+ n = (3 * columns()) / 4;
+ j = (n * (unsigned) p) / 65535ULL;
+ k = n - j;
+
+ fputs("\r\x1B[?25l", stdout);
+
+ for (i = 0; i < j; i++)
+ fputs("\xe2\x96\x88", stdout);
+
+ for (i = 0; i < k; i++)
+ fputs("\xe2\x96\x91", stdout);
+
+ printf(" %3lu%%", 100LU * (unsigned long) p / 65535LU);
+
+ fputs("\r\x1B[?25h", stdout);
+ fflush(stdout);
+}
+
+static void flush_progress(void) {
+ unsigned n, i;
+
+ if (!isatty(STDOUT_FILENO))
+ return;
+
+ n = (3 * columns()) / 4;
+
+ putchar('\r');
+
+ for (i = 0; i < n + 5; i++)
+ putchar(' ');
+
+ putchar('\r');
+ fflush(stdout);
+}
+
+static int write_uint64(int fd, uint64_t p) {
+ ssize_t k;
+
+ k = write(fd, &p, sizeof(p));
+ if (k < 0)
+ return -errno;
+ if (k != sizeof(p))
+ return -EIO;
+
+ return 0;
+}
+
+static int contains_uint64(MMapCache *m, int fd, uint64_t n, uint64_t p) {
+ uint64_t a, b;
+ int r;
+
+ assert(m);
+ assert(fd >= 0);
+
+ /* Bisection ... */
+
+ a = 0; b = n;
+ while (a < b) {
+ uint64_t c, *z;
+
+ c = (a + b) / 2;
+
+ r = mmap_cache_get(m, fd, PROT_READ, 0, c * sizeof(uint64_t), sizeof(uint64_t), (void **) &z);
+ if (r < 0)
+ return r;
+
+ if (*z == p)
+ return 1;
+
+ if (p < *z)
+ b = c;
+ else
+ a = c;
+ }
+
+ return 0;
+}
+
+int journal_file_verify(JournalFile *f, const char *key) {
+ int r;
+ Object *o;
+ uint64_t p = 0;
+ uint64_t tag_seqnum = 0, entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0;
+ sd_id128_t entry_boot_id;
+ bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false;
+ uint64_t n_weird = 0, n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0;
+ usec_t last_usec = 0;
+ int data_fd = -1, entry_fd = -1, entry_array_fd = -1;
+ char data_path[] = "/var/tmp/journal-data-XXXXXX",
+ entry_path[] = "/var/tmp/journal-entry-XXXXXX",
+ entry_array_path[] = "/var/tmp/journal-entry-array-XXXXXX";
+
+ assert(f);
+
+ data_fd = mkostemp(data_path, O_CLOEXEC);
+ if (data_fd < 0) {
+ log_error("Failed to create data file: %m");
+ goto fail;
+ }
+ unlink(data_path);
+
+ entry_fd = mkostemp(entry_path, O_CLOEXEC);
+ if (entry_fd < 0) {
+ log_error("Failed to create entry file: %m");
+ goto fail;
+ }
+ unlink(entry_path);
+
+ entry_array_fd = mkostemp(entry_array_path, O_CLOEXEC);
+ if (entry_array_fd < 0) {
+ log_error("Failed to create entry array file: %m");
+ goto fail;
+ }
+ unlink(entry_array_path);
+
+ /* First iteration: we go through all objects, verify the
+ * superficial structure, headers, hashes. */
+
+ r = journal_file_hmac_put_header(f);
+ if (r < 0) {
+ log_error("Failed to calculate HMAC of header.");
+ goto fail;
+ }
+
+ p = le64toh(f->header->header_size);
+ while (p != 0) {
+ draw_progress((0x7FFF * p) / le64toh(f->header->tail_object_offset), &last_usec);
+
+ r = journal_file_move_to_object(f, -1, p, &o);
+ if (r < 0) {
+ log_error("Invalid object at %llu", (unsigned long long) p);
+ goto fail;
+ }
+
+ if (le64toh(f->header->tail_object_offset) < p) {
+ log_error("Invalid tail object pointer.");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ n_objects ++;
+
+ r = journal_file_object_verify(f, o);
+ if (r < 0) {
+ log_error("Invalid object contents at %llu", (unsigned long long) p);
+ goto fail;
+ }
+
+ r = journal_file_hmac_put_object(f, -1, p);
+ if (r < 0) {
+ log_error("Failed to calculate HMAC at %llu", (unsigned long long) p);
+ goto fail;
+ }
+
+ if (o->object.flags & OBJECT_COMPRESSED &&
+ !(le32toh(f->header->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED)) {
+ log_error("Compressed object without compression at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (o->object.flags & OBJECT_COMPRESSED &&
+ o->object.type != OBJECT_DATA) {
+ log_error("Compressed non-data object at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (o->object.type == OBJECT_TAG) {
+
+ if (!(le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_AUTHENTICATED)) {
+ log_error("Tag object without authentication at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (le64toh(o->tag.seqnum) != tag_seqnum) {
+ log_error("Tag sequence number out of synchronization at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ } else if (o->object.type == OBJECT_ENTRY) {
+
+ r = write_uint64(entry_fd, p);
+ if (r < 0)
+ goto fail;
+
+ if (!entry_seqnum_set &&
+ le64toh(o->entry.seqnum) != le64toh(f->header->head_entry_seqnum)) {
+ log_error("Head entry sequence number incorrect");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (entry_seqnum_set &&
+ entry_seqnum >= le64toh(o->entry.seqnum)) {
+ log_error("Entry sequence number out of synchronization at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ entry_seqnum = le64toh(o->entry.seqnum);
+ entry_seqnum_set = true;
+
+ if (entry_monotonic_set &&
+ sd_id128_equal(entry_boot_id, o->entry.boot_id) &&
+ entry_monotonic > le64toh(o->entry.monotonic)) {
+ log_error("Entry timestamp out of synchronization at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ entry_monotonic = le64toh(o->entry.monotonic);
+ entry_boot_id = o->entry.boot_id;
+ entry_monotonic_set = true;
+
+ if (!entry_realtime_set &&
+ le64toh(o->entry.realtime) != le64toh(f->header->head_entry_realtime)) {
+ log_error("Head entry realtime timestamp incorrect");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ entry_realtime = le64toh(o->entry.realtime);
+ entry_realtime_set = true;
+
+ n_entries ++;
+ } else if (o->object.type == OBJECT_ENTRY_ARRAY) {
+
+ r = write_uint64(entry_array_fd, p);
+ if (r < 0)
+ goto fail;
+
+ if (p == le64toh(f->header->entry_array_offset)) {
+ if (found_main_entry_array) {
+ log_error("More than one main entry array at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ found_main_entry_array = true;
+ }
+
+ n_entry_arrays++;
+
+ } else if (o->object.type == OBJECT_DATA) {
+
+ r = write_uint64(data_fd, p);
+ if (r < 0)
+ goto fail;
+
+ n_data++;
+
+ } else if (o->object.type == OBJECT_FIELD)
+ n_fields++;
+ else if (o->object.type == OBJECT_DATA_HASH_TABLE) {
+ n_data_hash_tables++;
+
+ if (n_data_hash_tables > 1) {
+ log_error("More than one data hash table at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (le64toh(f->header->data_hash_table_offset) != p + offsetof(HashTableObject, items) ||
+ le64toh(f->header->data_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) {
+ log_error("Header fields for data hash table invalid.");
+ r = -EBADMSG;
+ goto fail;
+ }
+ } else if (o->object.type == OBJECT_FIELD_HASH_TABLE) {
+ n_field_hash_tables++;
+
+ if (n_field_hash_tables > 1) {
+ log_error("More than one field hash table at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (le64toh(f->header->field_hash_table_offset) != p + offsetof(HashTableObject, items) ||
+ le64toh(f->header->field_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) {
+ log_error("Header fields for field hash table invalid.");
+ r = -EBADMSG;
+ goto fail;
+ }
+ } else if (o->object.type >= _OBJECT_TYPE_MAX)
+ n_weird ++;
+
+ if (p == le64toh(f->header->tail_object_offset))
+ p = 0;
+ else
+ p = p + ALIGN64(le64toh(o->object.size));
+ }
+
+ if (n_objects != le64toh(f->header->n_objects)) {
+ log_error("Object number mismatch");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (n_entries != le64toh(f->header->n_entries)) {
+ log_error("Entry number mismatch");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (JOURNAL_HEADER_CONTAINS(f->header, n_data) &&
+ n_data != le64toh(f->header->n_data)) {
+ log_error("Data number mismatch");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (JOURNAL_HEADER_CONTAINS(f->header, n_fields) &&
+ n_fields != le64toh(f->header->n_fields)) {
+ log_error("Field number mismatch");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (JOURNAL_HEADER_CONTAINS(f->header, n_tags) &&
+ tag_seqnum != le64toh(f->header->n_tags)) {
+ log_error("Tag number mismatch");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (n_data_hash_tables != 1) {
+ log_error("Missing data hash table");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (n_field_hash_tables != 1) {
+ log_error("Missing field hash table");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (!found_main_entry_array) {
+ log_error("Missing entry array");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (entry_seqnum_set &&
+ entry_seqnum != le64toh(f->header->tail_entry_seqnum)) {
+ log_error("Invalid tail seqnum");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (entry_monotonic_set &&
+ (!sd_id128_equal(entry_boot_id, f->header->boot_id) ||
+ entry_monotonic != le64toh(f->header->tail_entry_monotonic))) {
+ log_error("Invalid tail monotonic timestamp");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ if (entry_realtime_set && entry_realtime != le64toh(f->header->tail_entry_realtime)) {
+ log_error("Invalid tail realtime timestamp");
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ /* Second iteration: we go through all objects again, this
+ * time verify all pointers. */
+
+ p = le64toh(f->header->header_size);
+ while (p != 0) {
+ draw_progress(0x8000 + (0x7FFF * p) / le64toh(f->header->tail_object_offset), &last_usec);
+
+ r = journal_file_move_to_object(f, -1, p, &o);
+ if (r < 0) {
+ log_error("Invalid object at %llu", (unsigned long long) p);
+ goto fail;
+ }
+
+ if (o->object.type == OBJECT_ENTRY_ARRAY) {
+ uint64_t i = 0, n;
+
+ if (le64toh(o->entry_array.next_entry_array_offset) != 0 &&
+ !contains_uint64(f->mmap, entry_array_fd, n_entry_arrays, le64toh(o->entry_array.next_entry_array_offset))) {
+ log_error("Entry array chains up to invalid next array at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+
+ n = journal_file_entry_array_n_items(o);
+ for (i = 0; i < n; i++) {
+ if (le64toh(o->entry_array.items[i]) != 0 &&
+ !contains_uint64(f->mmap, entry_fd, n_entries, le64toh(o->entry_array.items[i]))) {
+
+ log_error("Entry array points to invalid next array at %llu", (unsigned long long) p);
+ r = -EBADMSG;
+ goto fail;
+ }
+ }
+
+ }
+
+ r = journal_file_move_to_object(f, -1, p, &o);
+ if (r < 0) {
+ log_error("Invalid object at %llu", (unsigned long long) p);
+ goto fail;
+ }
+
+ if (p == le64toh(f->header->tail_object_offset))
+ p = 0;
+ else
+ p = p + ALIGN64(le64toh(o->object.size));
+ }
+
+ flush_progress();
+
+ mmap_cache_close_fd(f->mmap, data_fd);
+ mmap_cache_close_fd(f->mmap, entry_fd);
+ mmap_cache_close_fd(f->mmap, entry_array_fd);
+
+ close_nointr_nofail(data_fd);
+ close_nointr_nofail(entry_fd);
+ close_nointr_nofail(entry_array_fd);
+
+ return 0;
+
+fail:
+ flush_progress();
+
+ log_error("File corruption detected at %s:%llu (of %llu, %llu%%).",
+ f->path,
+ (unsigned long long) p,
+ (unsigned long long) f->last_stat.st_size,
+ (unsigned long long) (100 * p / f->last_stat.st_size));
+
+ if (data_fd >= 0) {
+ mmap_cache_close_fd(f->mmap, data_fd);
+ close_nointr_nofail(data_fd);
+ }
+
+ if (entry_fd >= 0) {
+ mmap_cache_close_fd(f->mmap, entry_fd);
+ close_nointr_nofail(entry_fd);
+ }
+
+ if (entry_array_fd >= 0) {
+ mmap_cache_close_fd(f->mmap, entry_array_fd);
+ close_nointr_nofail(entry_array_fd);
+ }
+
+ return r;
+}
+
+void journal_file_dump(JournalFile *f) {
+ Object *o;
+ int r;
+ uint64_t p;
+
+ assert(f);
+
+ journal_file_print_header(f);
+
+ p = le64toh(f->header->header_size);
+ while (p != 0) {
+ r = journal_file_move_to_object(f, -1, p, &o);
+ if (r < 0)
+ goto fail;
+
+ switch (o->object.type) {
+
+ case OBJECT_UNUSED:
+ printf("Type: OBJECT_UNUSED\n");
+ break;
+
+ case OBJECT_DATA:
+ printf("Type: OBJECT_DATA\n");
+ break;
+
+ case OBJECT_ENTRY:
+ printf("Type: OBJECT_ENTRY %llu %llu %llu\n",
+ (unsigned long long) le64toh(o->entry.seqnum),
+ (unsigned long long) le64toh(o->entry.monotonic),
+ (unsigned long long) le64toh(o->entry.realtime));
+ break;
+
+ case OBJECT_FIELD_HASH_TABLE:
+ printf("Type: OBJECT_FIELD_HASH_TABLE\n");
+ break;
+
+ case OBJECT_DATA_HASH_TABLE:
+ printf("Type: OBJECT_DATA_HASH_TABLE\n");
+ break;
+
+ case OBJECT_ENTRY_ARRAY:
+ printf("Type: OBJECT_ENTRY_ARRAY\n");
+ break;
+
+ case OBJECT_TAG:
+ printf("Type: OBJECT_TAG %llu\n",
+ (unsigned long long) le64toh(o->tag.seqnum));
+ break;
+ }
+
+ if (o->object.flags & OBJECT_COMPRESSED)
+ printf("Flags: COMPRESSED\n");
+
+ if (p == le64toh(f->header->tail_object_offset))
+ p = 0;
+ else
+ p = p + ALIGN64(le64toh(o->object.size));
+ }
+
+ return;
+fail:
+ log_error("File corrupt");
+}
+
+void journal_file_print_header(JournalFile *f) {
+ char a[33], b[33], c[33];
+ char x[FORMAT_TIMESTAMP_MAX], y[FORMAT_TIMESTAMP_MAX];
+
+ assert(f);
+
+ printf("File Path: %s\n"
+ "File ID: %s\n"
+ "Machine ID: %s\n"
+ "Boot ID: %s\n"
+ "Sequential Number ID: %s\n"
+ "State: %s\n"
+ "Compatible Flags:%s%s\n"
+ "Incompatible Flags:%s%s\n"
+ "Header size: %llu\n"
+ "Arena size: %llu\n"
+ "Data Hash Table Size: %llu\n"
+ "Field Hash Table Size: %llu\n"
+ "Objects: %llu\n"
+ "Entry Objects: %llu\n"
+ "Rotate Suggested: %s\n"
+ "Head Sequential Number: %llu\n"
+ "Tail Sequential Number: %llu\n"
+ "Head Realtime Timestamp: %s\n"
+ "Tail Realtime Timestamp: %s\n",
+ f->path,
+ sd_id128_to_string(f->header->file_id, a),
+ sd_id128_to_string(f->header->machine_id, b),
+ sd_id128_to_string(f->header->boot_id, c),
+ sd_id128_to_string(f->header->seqnum_id, c),
+ f->header->state == STATE_OFFLINE ? "offline" :
+ f->header->state == STATE_ONLINE ? "online" :
+ f->header->state == STATE_ARCHIVED ? "archived" : "unknown",
+ (f->header->compatible_flags & HEADER_COMPATIBLE_AUTHENTICATED) ? " AUTHENTICATED" : "",
+ (f->header->compatible_flags & ~HEADER_COMPATIBLE_AUTHENTICATED) ? " ???" : "",
+ (f->header->incompatible_flags & HEADER_INCOMPATIBLE_COMPRESSED) ? " COMPRESSED" : "",
+ (f->header->incompatible_flags & ~HEADER_INCOMPATIBLE_COMPRESSED) ? " ???" : "",
+ (unsigned long long) le64toh(f->header->header_size),
+ (unsigned long long) le64toh(f->header->arena_size),
+ (unsigned long long) le64toh(f->header->data_hash_table_size) / sizeof(HashItem),
+ (unsigned long long) le64toh(f->header->field_hash_table_size) / sizeof(HashItem),
+ (unsigned long long) le64toh(f->header->n_objects),
+ (unsigned long long) le64toh(f->header->n_entries),
+ yes_no(journal_file_rotate_suggested(f)),
+ (unsigned long long) le64toh(f->header->head_entry_seqnum),
+ (unsigned long long) le64toh(f->header->tail_entry_seqnum),
+ format_timestamp(x, sizeof(x), le64toh(f->header->head_entry_realtime)),
+ format_timestamp(y, sizeof(y), le64toh(f->header->tail_entry_realtime)));
+
+ if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
+ printf("Data Objects: %llu\n"
+ "Data Hash Table Fill: %.1f%%\n",
+ (unsigned long long) le64toh(f->header->n_data),
+ 100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))));
+
+ if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
+ printf("Field Objects: %llu\n"
+ "Field Hash Table Fill: %.1f%%\n",
+ (unsigned long long) le64toh(f->header->n_fields),
+ 100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))));
+}
+
+int journal_file_open(
+ const char *fname,
+ int flags,
+ mode_t mode,
+ bool compress,
+ bool authenticate,
+ JournalMetrics *metrics,
+ MMapCache *mmap_cache,
+ JournalFile *template,
+ JournalFile **ret) {
+
+ JournalFile *f;
+ int r;
+ bool newly_created = false;
+
+ assert(fname);
+
+ if ((flags & O_ACCMODE) != O_RDONLY &&
+ (flags & O_ACCMODE) != O_RDWR)
+ return -EINVAL;
+
+ if (!endswith(fname, ".journal"))
+ return -EINVAL;
+
+ f = new0(JournalFile, 1);
+ if (!f)
+ return -ENOMEM;
+
+ f->fd = -1;
+ f->mode = mode;
+
+ f->flags = flags;
+ f->prot = prot_from_flags(flags);
+ f->writable = (flags & O_ACCMODE) != O_RDONLY;
+ f->compress = compress;
+ f->authenticate = authenticate;
+
+ if (mmap_cache)
+ f->mmap = mmap_cache_ref(mmap_cache);
+ else {
+ /* One context for each type, plus the zeroth catchall
+ * context. One fd for the file plus one for each type
+ * (which we need during verification */
+ f->mmap = mmap_cache_new(_OBJECT_TYPE_MAX, 1 + _OBJECT_TYPE_MAX);
+ if (!f->mmap) {
+ r = -ENOMEM;
+ goto fail;
+ }
+ }
+
+ f->path = strdup(fname);
+ if (!f->path) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ f->fd = open(f->path, f->flags|O_CLOEXEC, f->mode);
+ if (f->fd < 0) {
+ r = -errno;
+ goto fail;
+ }
if (fstat(f->fd, &f->last_stat) < 0) {
r = -errno;
if (f->last_stat.st_size == 0 && f->writable) {
newly_created = true;
+ /* Try to load the FSPRG state, and if we can't, then
+ * just don't do authentication */
+ r = journal_file_load_fsprg(f);
+ if (r < 0)
+ f->authenticate = false;
+
r = journal_file_init_header(f, template);
if (r < 0)
goto fail;
goto fail;
}
+ if (!newly_created && f->writable) {
+ r = journal_file_load_fsprg(f);
+ if (r < 0)
+ goto fail;
+ }
+
if (f->writable) {
if (metrics) {
journal_default_metrics(metrics, f->fd);
r = journal_file_refresh_header(f);
if (r < 0)
goto fail;
+
+ r = journal_file_setup_hmac(f);
+ if (r < 0)
+ goto fail;
}
if (newly_created) {
-
r = journal_file_setup_field_hash_table(f);
if (r < 0)
goto fail;
r = journal_file_setup_data_hash_table(f);
if (r < 0)
goto fail;
+
+ r = journal_file_append_first_tag(f);
+ if (r < 0)
+ goto fail;
}
r = journal_file_map_field_hash_table(f);
return r;
}
-int journal_file_rotate(JournalFile **f) {
+int journal_file_rotate(JournalFile **f, bool compress, bool authenticate) {
char *p;
size_t l;
JournalFile *old_file, *new_file = NULL;
sd_id128_to_string(old_file->header->seqnum_id, p + l - 8 + 1);
snprintf(p + l - 8 + 1 + 32, 1 + 16 + 1 + 16 + 8 + 1,
"-%016llx-%016llx.journal",
- (unsigned long long) le64toh((*f)->header->tail_seqnum),
+ (unsigned long long) le64toh((*f)->header->tail_entry_seqnum),
(unsigned long long) le64toh((*f)->header->tail_entry_realtime));
r = rename(old_file->path, p);
old_file->header->state = STATE_ARCHIVED;
- r = journal_file_open(old_file->path, old_file->flags, old_file->mode, NULL, old_file, &new_file);
+ r = journal_file_open(old_file->path, old_file->flags, old_file->mode, compress, authenticate, NULL, old_file->mmap, old_file, &new_file);
journal_file_close(old_file);
*f = new_file;
const char *fname,
int flags,
mode_t mode,
+ bool compress,
+ bool authenticate,
JournalMetrics *metrics,
+ MMapCache *mmap,
JournalFile *template,
JournalFile **ret) {
size_t l;
char *p;
- r = journal_file_open(fname, flags, mode, metrics, template, ret);
+ r = journal_file_open(fname, flags, mode, compress, authenticate, metrics, mmap, template, ret);
if (r != -EBADMSG && /* corrupted */
r != -ENODATA && /* truncated */
r != -EHOSTDOWN && /* other machine */
- r != -EPROTONOSUPPORT) /* incompatible feature */
+ r != -EPROTONOSUPPORT && /* incompatible feature */
+ r != -EBUSY && /* unclean shutdown */
+ r != -ESHUTDOWN /* already archived */)
return r;
if ((flags & O_ACCMODE) == O_RDONLY)
if (!(flags & O_CREAT))
return r;
+ if (!endswith(fname, ".journal"))
+ return r;
+
/* The file is corrupted. Rotate it away and try it again (but only once) */
l = strlen(fname);
if (r < 0)
return -errno;
- log_warning("File %s corrupted, renaming and replacing.", fname);
+ log_warning("File %s corrupted or uncleanly shut down, renaming and replacing.", fname);
- return journal_file_open(fname, flags, mode, metrics, template, ret);
+ return journal_file_open(fname, flags, mode, compress, authenticate, metrics, mmap, template, ret);
}
struct vacuum_info {
n_list ++;
}
- qsort(list, n_list, sizeof(struct vacuum_info), vacuum_compare);
+ if (n_list > 0)
+ qsort(list, n_list, sizeof(struct vacuum_info), vacuum_compare);
for(i = 0; i < n_list; i++) {
struct statvfs ss;
/* If we gained new header fields we gained new features,
* hence suggest a rotation */
- if (le64toh(f->header->header_size) < sizeof(Header))
+ if (le64toh(f->header->header_size) < sizeof(Header)) {
+ log_debug("%s uses an outdated header, suggesting rotation.", f->path);
return true;
+ }
/* Let's check if the hash tables grew over a certain fill
* level (75%, borrowing this value from Java's hash table
* in newer versions. */
if (JOURNAL_HEADER_CONTAINS(f->header, n_data))
- if (le64toh(f->header->n_data) * 4ULL > (le64toh(f->header->data_hash_table_size) / sizeof(HashItem)) * 3ULL)
+ if (le64toh(f->header->n_data) * 4ULL > (le64toh(f->header->data_hash_table_size) / sizeof(HashItem)) * 3ULL) {
+ log_debug("Data hash table of %s has a fill level at %.1f (%llu of %llu items, %llu file size, %llu bytes per hash table item), suggesting rotation.",
+ f->path,
+ 100.0 * (double) le64toh(f->header->n_data) / ((double) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem))),
+ (unsigned long long) le64toh(f->header->n_data),
+ (unsigned long long) (le64toh(f->header->data_hash_table_size) / sizeof(HashItem)),
+ (unsigned long long) (f->last_stat.st_size),
+ (unsigned long long) (f->last_stat.st_size / le64toh(f->header->n_data)));
return true;
+ }
if (JOURNAL_HEADER_CONTAINS(f->header, n_fields))
- if (le64toh(f->header->n_fields) * 4ULL > (le64toh(f->header->field_hash_table_size) / sizeof(HashItem)) * 3ULL)
+ if (le64toh(f->header->n_fields) * 4ULL > (le64toh(f->header->field_hash_table_size) / sizeof(HashItem)) * 3ULL) {
+ log_debug("Field hash table of %s has a fill level at %.1f (%llu of %llu items), suggesting rotation.",
+ f->path,
+ 100.0 * (double) le64toh(f->header->n_fields) / ((double) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem))),
+ (unsigned long long) le64toh(f->header->n_fields),
+ (unsigned long long) (le64toh(f->header->field_hash_table_size) / sizeof(HashItem)));
return true;
+ }
return false;
}