chiark / gitweb /
journal: Don't hold pointers to journal while remapping
authorMarti Raudsepp <marti@juffo.org>
Fri, 9 Mar 2012 14:45:36 +0000 (16:45 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 14 Mar 2012 16:55:55 +0000 (17:55 +0100)
Hi!

I was trying out the journal and the journalctl utility sometimes
crashed on me. After some debugging, I tracked it down to the fact
that next_with_matches() holds the "c" object pointer through the
journal_file_next_entry_for_data() call -- which apparently may re-map
the journal file, invalidating the pointer.

The attached patch fixes this crash for me, but being unfamiliar with
the code, I don't know if I'm doing the right thing.

This patch is also available from my github repository:
git://github.com/intgr/systemd.git
https://github.com/intgr/systemd

Regards,
Marti

For the record, here's the original stack trace at the time of remapping:

ret=0x7fff1d5cdec0) at src/journal/journal-file.c:330
ret=0x7fff1d5cdf28) at src/journal/journal-file.c:414
ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at
src/journal/journal-file.c:1101
i=5705, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at
src/journal/journal-file.c:1147
p=6413608, data_offset=66600, direction=DIRECTION_DOWN,
ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at
src/journal/journal-file.c:1626
direction=DIRECTION_DOWN, ret=0x7fff1d5ce120, offset=0x7fff1d5ce128)
at src/journal/sd-journal.c:533
direction=DIRECTION_DOWN, ret=0x7fff1d5ce170, offset=0x7fff1d5ce178)
at src/journal/sd-journal.c:595
src/journal/sd-journal.c:651

From 9266fc6a58065a7c5dab67430fd78925e519dce9 Mon Sep 17 00:00:00 2001
From: Marti Raudsepp <marti@juffo.org>
Date: Fri, 9 Mar 2012 16:23:00 +0200
Subject: [PATCH] journal: Don't hold pointers to journal while remapping

This would cause a segfault otherwise.

src/journal/sd-journal.c

index baf51db..86ac267 100644 (file)
@@ -527,6 +527,9 @@ static int next_with_matches(sd_journal *j, JournalFile *f, direction_t directio
                          * matches are not OK */
 
                         r = journal_file_next_entry_for_data(f, c, cp, le64toh(c->entry.items[k].object_offset), direction, &qo, &q);
+                        /* This pointer is invalidated if the window was
+                         * remapped. May need to re-fetch it later */
+                        c = NULL;
                         if (r < 0)
                                 return r;
 
@@ -552,8 +555,15 @@ static int next_with_matches(sd_journal *j, JournalFile *f, direction_t directio
 
                 /* Did this entry match against all matches? */
                 if (found) {
-                        if (ret)
+                        if (ret) {
+                                if (c == NULL) {
+                                        /* Re-fetch the entry */
+                                        r = journal_file_move_to_object(f, OBJECT_ENTRY, cp, &c);
+                                        if (r < 0)
+                                                return r;
+                                }
                                 *ret = c;
+                        }
                         if (offset)
                                 *offset = cp;
                         return 1;