X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournal-file.c;h=f01f12496cd533e7b96d0a5a5c92d0c239e951c3;hp=4d7a6ff17d4b1ab6ec8ac018985eb314b48507bd;hb=feb12d3ed2c7f9132c64773c7c41b9e3a608a814;hpb=3223f44f2312d01113a9c51f898528041cc7bd8d diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 4d7a6ff17..f01f12496 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -64,9 +64,11 @@ void journal_file_close(JournalFile *f) { assert(f); +#ifdef HAVE_GCRYPT /* Write the final tag */ - if (f->seal) + if (f->seal && f->writable) journal_file_append_tag(f); +#endif /* Sync everything to disk, before we mark the file offline */ if (f->mmap && f->fd >= 0) @@ -203,15 +205,26 @@ static int journal_file_verify_header(JournalFile *f) { #endif } + if (f->header->state >= _STATE_MAX) + return -EBADMSG; + /* The first addition was n_data, so check that we are at least this large */ if (le64toh(f->header->header_size) < HEADER_SIZE_MIN) return -EBADMSG; - if ((le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_SEALED) && - !JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays)) + if (JOURNAL_HEADER_SEALED(f->header) && !JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays)) return -EBADMSG; - if ((uint64_t) f->last_stat.st_size < (le64toh(f->header->header_size) + le64toh(f->header->arena_size))) + if ((le64toh(f->header->header_size) + le64toh(f->header->arena_size)) > (uint64_t) f->last_stat.st_size) + return -ENODATA; + + if (le64toh(f->header->tail_object_offset) > (le64toh(f->header->header_size) + le64toh(f->header->arena_size))) + return -ENODATA; + + if (!VALID64(f->header->data_hash_table_offset) || + !VALID64(f->header->field_hash_table_offset) || + !VALID64(f->header->tail_object_offset) || + !VALID64(f->header->entry_array_offset)) return -ENODATA; if (f->writable) { @@ -239,8 +252,10 @@ static int journal_file_verify_header(JournalFile *f) { } } - f->compress = !!(le32toh(f->header->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED); - f->seal = !!(le32toh(f->header->compatible_flags) & HEADER_COMPATIBLE_SEALED); + f->compress = JOURNAL_HEADER_COMPRESSED(f->header); + + if (f->writable) + f->seal = JOURNAL_HEADER_SEALED(f->header); return 0; } @@ -351,6 +366,10 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec assert(f); assert(ret); + /* Objects may only be located at multiple of 64 bit */ + if (!VALID64(offset)) + return -EFAULT; + /* One context for each type, plus one catch-all for the rest */ context = type > 0 && type < _OBJECT_TYPE_MAX ? type : 0; @@ -747,9 +766,11 @@ static int journal_file_append_data( if (r < 0) return r; +#ifdef HAVE_GCRYPT r = journal_file_hmac_put_object(f, OBJECT_DATA, p); if (r < 0) return r; +#endif /* The linking might have altered the window, so let's * refresh our pointer */ @@ -780,6 +801,14 @@ uint64_t journal_file_entry_array_n_items(Object *o) { return (le64toh(o->object.size) - offsetof(Object, entry_array.items)) / sizeof(uint64_t); } +uint64_t journal_file_hash_table_n_items(Object *o) { + assert(o); + assert(o->object.type == OBJECT_DATA_HASH_TABLE || + o->object.type == OBJECT_FIELD_HASH_TABLE); + + return (le64toh(o->object.size) - offsetof(Object, hash_table.items)) / sizeof(HashItem); +} + static int link_entry_into_array(JournalFile *f, le64_t *first, le64_t *idx, @@ -827,9 +856,11 @@ static int link_entry_into_array(JournalFile *f, if (r < 0) return r; +#ifdef HAVE_GCRYPT r = journal_file_hmac_put_object(f, OBJECT_ENTRY_ARRAY, q); if (r < 0) return r; +#endif o->entry_array.items[i] = htole64(p); @@ -971,9 +1002,11 @@ static int journal_file_append_entry_internal( o->entry.xor_hash = htole64(xor_hash); o->entry.boot_id = f->header->boot_id; +#ifdef HAVE_GCRYPT r = journal_file_hmac_put_object(f, OBJECT_ENTRY, np); if (r < 0) return r; +#endif r = journal_file_link_entry(f, o, np); if (r < 0) @@ -1024,9 +1057,11 @@ int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const st ts->monotonic < le64toh(f->header->tail_entry_monotonic)) return -EINVAL; +#ifdef HAVE_GCRYPT r = journal_file_maybe_append_tag(f, ts->realtime); if (r < 0) return r; +#endif /* alloca() can't take 0, hence let's allocate at least one */ items = alloca(sizeof(EntryItem) * MAX(1, n_iovec)); @@ -1829,7 +1864,7 @@ void journal_file_dump(JournalFile *f) { break; case OBJECT_ENTRY: - printf("Type: OBJECT_ENTRY %llu %llu %llu\n", + printf("Type: OBJECT_ENTRY seqnum=%llu monotonic=%llu realtime=%llu\n", (unsigned long long) le64toh(o->entry.seqnum), (unsigned long long) le64toh(o->entry.monotonic), (unsigned long long) le64toh(o->entry.realtime)); @@ -1848,8 +1883,9 @@ void journal_file_dump(JournalFile *f) { break; case OBJECT_TAG: - printf("Type: OBJECT_TAG %llu\n", - (unsigned long long) le64toh(o->tag.seqnum)); + printf("Type: OBJECT_TAG seqnum=%llu epoch=%llu\n", + (unsigned long long) le64toh(o->tag.seqnum), + (unsigned long long) le64toh(o->tag.epoch)); break; } @@ -1900,10 +1936,10 @@ void journal_file_print_header(JournalFile *f) { f->header->state == STATE_OFFLINE ? "OFFLINE" : f->header->state == STATE_ONLINE ? "ONLINE" : f->header->state == STATE_ARCHIVED ? "ARCHIVED" : "UNKNOWN", - (f->header->compatible_flags & HEADER_COMPATIBLE_SEALED) ? " SEALED" : "", - (f->header->compatible_flags & ~HEADER_COMPATIBLE_SEALED) ? " ???" : "", - (f->header->incompatible_flags & HEADER_INCOMPATIBLE_COMPRESSED) ? " COMPRESSED" : "", - (f->header->incompatible_flags & ~HEADER_INCOMPATIBLE_COMPRESSED) ? " ???" : "", + JOURNAL_HEADER_SEALED(f->header) ? " SEALED" : "", + (le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_SEALED) ? " ???" : "", + JOURNAL_HEADER_COMPRESSED(f->header) ? " COMPRESSED" : "", + (le32toh(f->header->incompatible_flags) & ~HEADER_INCOMPATIBLE_COMPRESSED) ? " ???" : "", (unsigned long long) le64toh(f->header->header_size), (unsigned long long) le64toh(f->header->arena_size), (unsigned long long) le64toh(f->header->data_hash_table_size) / sizeof(HashItem), @@ -1957,7 +1993,8 @@ int journal_file_open( (flags & O_ACCMODE) != O_RDWR) return -EINVAL; - if (!endswith(fname, ".journal")) + if (!endswith(fname, ".journal") && + !endswith(fname, ".journal~")) return -EINVAL; f = new0(JournalFile, 1); @@ -1976,10 +2013,7 @@ int journal_file_open( if (mmap_cache) f->mmap = mmap_cache_ref(mmap_cache); else { - /* One context for each type, plus the zeroth catchall - * context. One fd for the file plus one for each type - * (which we need during verification */ - f->mmap = mmap_cache_new(_OBJECT_TYPE_MAX, 1 + _OBJECT_TYPE_MAX); + f->mmap = mmap_cache_new(); if (!f->mmap) { r = -ENOMEM; goto fail; @@ -2006,11 +2040,13 @@ int journal_file_open( if (f->last_stat.st_size == 0 && f->writable) { newly_created = true; +#ifdef HAVE_GCRYPT /* Try to load the FSPRG state, and if we can't, then * just don't do sealing */ r = journal_file_fss_load(f); if (r < 0) f->seal = false; +#endif r = journal_file_init_header(f, template); if (r < 0) @@ -2040,11 +2076,13 @@ int journal_file_open( goto fail; } +#ifdef HAVE_GCRYPT if (!newly_created && f->writable) { r = journal_file_fss_load(f); if (r < 0) goto fail; } +#endif if (f->writable) { if (metrics) { @@ -2058,9 +2096,11 @@ int journal_file_open( goto fail; } +#ifdef HAVE_GCRYPT r = journal_file_hmac_setup(f); if (r < 0) goto fail; +#endif if (newly_created) { r = journal_file_setup_field_hash_table(f); @@ -2071,9 +2111,11 @@ int journal_file_open( if (r < 0) goto fail; +#ifdef HAVE_GCRYPT r = journal_file_append_first_tag(f); if (r < 0) goto fail; +#endif } r = journal_file_map_field_hash_table(f);