summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
| * | string-util: tweak cellescape() a bitLennart Poettering2018-06-012-22/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For short buffer sizes cellescape() was a bit wasteful, as it might suffice to to drop a single character to find enough place for the full four byte ellipsis, if that one character was a four character escape. With this rework we'll guarantee to drop the minimum number of characters from the end to fit in the ellipsis. If the buffers we write to are large this doesn't matter much. However, if they are short (as they are when talking about the process comm field) then it starts to matter that we put as much information as we can in the space we get.
| * | escape: add an explanatory comment about buffer sizesLennart Poettering2018-06-011-0/+2
| | |
| * | missing: define kernel internal limit TASK_COMM_LEN in userspace tooLennart Poettering2018-06-013-2/+9
| | | | | | | | | | | | | | | We already use it at two places, and we are about to add one too. Arbitrary literally hardcoded limits suck.
| * | process-util: mention that wait_for_terminate_with_timeout() should be ↵Lennart Poettering2018-06-011-6/+9
|/ / | | | | | | called with SIGCHLD blocked
* | networkd: enable to set IFF_ALLMULTI to network device (#9146)Susant Sahani2018-06-015-3/+18
| | | | | | networkd: allow setting set IFF_ALLMULTI flag on network devices
* | Minor spelling error - "Our of"->"Out of"Ian Miell2018-06-011-1/+1
| |
* | efi: explicitly cast physical address to UINTN when converting to/from pointersLennart Poettering2018-05-313-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | UINTN is the integer type equalling the native ptr size. Let's fix the casting warnings described in #7788 by casting the the pointers and values to this type first. That way we cast integers to the right size first before turning them into pointers, and pointers are first covnerted to integers of the right size before converting them into integers. Not tested, since I lack i386 EFI systems, but I think this is simple enough to be correct event without testing. Fixes: #7788
* | build-sys: Add option to link systemctl staticallyFelipe Sateler2018-05-312-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Systemctl is special because it is required for many tasks that may need to be performed when the system is not fully configured and/or partially broken: 1. Installing/Uninstalling services during OS installs and upgrades 2. Shutting down the system Therefore reduce the number of dependencies that systemctl pulls in, by not linking to systemd-shared. This brings a bit of resilience to systemctl (and its aliases shutdown, reboot, etc), by linking against less external libraries. Because this extra resilience comes at a cost of approximately 580 KB extra space, this is done behind a meson build option.
* | Merge pull request #9014 from keszybz/fuzz-journal-remoteLennart Poettering2018-05-3147-1351/+1882
|\ \ | |/ |/| A fuzzer for journal-remote
| * journal-remote: do not send _BOOT_ID twiceZbigniew Jędrzejewski-Szmek2018-05-312-8/+13
| | | | | | | | | | | | | | | | | | | | | | | | Also remove the comma from the comment everywhere, I think the comma unnecessarilly put emphasis on the clause after the comma. Fixes #9090. Reproducer: systemd-journal-remote --split-mode=none -o /tmp/msg6.journal --trust=all --listen-http=8080 systemd-journal-upload -u http://localhost:8080 journalctl --file /tmp/msg6.journal -o verbose -n1
| * journal-remote: parse the _BOOT_ID field and use the value when writing entriesZbigniew Jędrzejewski-Szmek2018-05-312-17/+32
| | | | | | | | | | | | The boot id is stored twice, and different code paths use either one or the other. So we need to store it both in the header and as a field for full compatibility.
| * journal: allow boot_id to be passed to journal_append_entry()Zbigniew Jędrzejewski-Szmek2018-05-318-19/+42
| | | | | | | | | | In this commit, this is done only in testing code, i.e. there is no functional change apart from tests.
| * journal: remove unused args from journal_file_copy_entry()Zbigniew Jędrzejewski-Szmek2018-05-314-5/+5
| |
| * shared/logs-show: be more careful before using a _SOURCE_REALTIME_TIMESTAMP ↵Zbigniew Jędrzejewski-Szmek2018-05-312-3/+1
| | | | | | | | | | | | | | | | entry journalctl -o short would display those entries, but journalctl -o short-full would refuse. If the entry is bad, just fall back to the receive-side realtime timestamp like we would if it was completely missing.
| * journal: refuse an entry with invalid timestamp fieldsZbigniew Jędrzejewski-Szmek2018-05-311-1/+10
| | | | | | | | | | | | The journal verification functions would reject such an entry. It would probably still display fine (because we prefer _SOURCE_REALTIME_TIMESTAMP= if present), but it seems wrong to create an entry that would not pass verification.
| * Use const char* for timestamp strings which we don't plan to modifyZbigniew Jędrzejewski-Szmek2018-05-315-31/+29
| | | | | | | | Makes the intent a bit clearer.
| * Always allow timestamps to be printedZbigniew Jędrzejewski-Szmek2018-05-313-9/+8
| | | | | | | | | | | | | | | | | | | | If the timestamp is above 9999-12-30, (or 2038-something-something on 32 bit), use XXXX-XX-XX XX:XX:XX as the replacement. The problem with refusing to print timestamps is that our code accepts such timestamps, so we can't really just refuse to process them afterwards. Also, it makes journal files non-portable, because suddently we might completely refuse to print entries which are totally OK on a different machine.
| * fuzz-journal-remote: write to /dev/null not stdoutZbigniew Jędrzejewski-Szmek2018-05-311-1/+8
| | | | | | | | | | | | | | This makes the fuzzing much more efficient. Optionally provide output is $SYSTEMD_FUZZ_OUTPUT is set, which makes debugging of any failures much easier. The case from 056129deb73df17ece4212db39d2ca0842d9a49c is still detected properly.
| * basic/journal-importer: "trusted" fields in binary format are not supportedZbigniew Jędrzejewski-Szmek2018-05-311-12/+6
| | | | | | | | | | | | | | | | | | | | | | The parser never accepted "__"-prefixed fields in binary format, but there was a comment questioning this decision. Let's make it official, and remove the comment. Also, for clarity, let's move the dunder field parsing after the field verification check. This doesn't change much, because invalid fields cannot be known special fields, but is seems cleaner to first verify the validity of the name, and then check if it is one of the known ones.
| * basic/journal-importer: reject any field names that journald would rejectZbigniew Jędrzejewski-Szmek2018-05-311-0/+11
| | | | | | | | | | | | | | | | | | | | | | $ build-asan/fuzz-journal-remote test/fuzz-regressions/fuzz-journal-remote/crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45 ... Ignoring invalid field: "S\020" Ignoring invalid field: "S\020" ... If the field name includes nul bytes, we won't print all of the name. But that seems enough of a corner case to ignore.
| * shared/logs-show: use _cleanup_Zbigniew Jędrzejewski-Szmek2018-05-311-21/+7
| |
| * shared/logs-show: fix mixup between length-based memory duplication and ↵Zbigniew Jędrzejewski-Szmek2018-05-312-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | string operations We'd look for a '=' separator using memchr, i.e. ignoring any nul bytes in the string, but then do a strndup, which would terminate on any nul byte, and then again do a memcmp, which would access memory past the chunk allocated by strndup. Of course, we probably shouldn't allow keys with nul bytes in them. But we currently do, so there might be journal files like that out there. So let's fix the journal-reading code first.
| * basic/random-util: do not use getrandom() under msanEvgeny Vereshchagin2018-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `fuzz-journal-remote` seems to be failing under `msan` as soon as it starts: $ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote Using seed corpus: fuzz-journal-remote_seed_corpus.zip /out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null INFO: Seed: 3380449479 INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d), INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0), INFO: 2 files found in /tmp/fuzz-journal-remote_corpus INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240) ==15==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13 #1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21 #2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13 #3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13 #4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21 #5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13 #6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13 #7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9 #8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13 #9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3 #10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7 #11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3 #12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6 #13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8) Uninitialized value was stored to memory at #0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16 #1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13 #2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21 #3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13 #4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13 #5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21 #6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13 #7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13 #8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9 #9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13 #10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3 #11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7 #12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3 #13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6 #14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize' #0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274 SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header Exiting MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b [vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all INFO: performing bad build checks for /out/fuzz-dhcp-server. INFO: performing bad build checks for /out/fuzz-journal-remote. INFO: performing bad build checks for /out/fuzz-unit-file. INFO: performing bad build checks for /out/fuzz-dns-packet. 4 fuzzers total, 0 seem to be broken (0%). Check build passed. It's a false positive which is most likely caused by https://github.com/google/sanitizers/issues/852. I think it could be got around by avoiding `getrandom` when the code is compiled with `msan`
| * fuzz-journal-remote: try all output modesZbigniew Jędrzejewski-Szmek2018-05-311-2/+8
| |
| * basic/journal-importer: escape & ellipsize bad data in log entriesZbigniew Jędrzejewski-Szmek2018-05-312-3/+11
| | | | | | | | | | | | | | We shouldn't just log arbitrary stuff, in particular newlines and control chars Now: Unknown dunder line __CURSORFACILITY=6\nSYSLOG_IDENTIFIER=/USR/SBIN/CRON\nMES…, ignoring. Unknown dunder line __REALTIME_TIME[TAMP=1404101101501874\n__MONOTONIC_TIMEST…, ignoring.
| * basic/string-util: add a convenience function to cescape mostly-ascii fieldsZbigniew Jędrzejewski-Szmek2018-05-313-16/+80
| | | | | | | | | | | | | | | | | | It's not supposed to be the most efficient, but instead fast and simple to use. I kept the logic in ellipsize_mem() to use unicode ellipsis even in non-unicode locales. I'm not quite convinced things should be this way, especially that with this patch it'd actually be simpler to always use "…" in unicode locale and "..." otherwise, but Lennart wanted it this way for some reason.
| * basic/journal-importer: do not write non-unicode char to logZbigniew Jędrzejewski-Szmek2018-05-313-4/+9
| | | | | | | | | | The type of cescape_char() is changed to int to make it easier to use in "%.*s". We know the value is between 1 and 4, so size_t is overkill.
| * journal-remote: when an entry is rejected with -EBADMSG, do not rotate the ↵Zbigniew Jędrzejewski-Szmek2018-05-313-5/+8
| | | | | | | | | | | | | | | | | | | | | | journal file Something is wrong with the entry (probably a missing timestamp), so no point in rotating. But suppress the error in process_source(), so that the processing of the data stream continues. Also, just return 0 from writer_write() on success, the only caller doesn't care.
| * journal-remote: verify realtime and monotonic timestamps earlyZbigniew Jędrzejewski-Szmek2018-05-311-13/+22
| | | | | | | | | | We would accept any value, and then journal_file_check_object() would reject the whole entry. Let's just ignore the field.
| * fuzz-journal-remote: a fuzzer for journal-remote over-the-wire inputZbigniew Jędrzejewski-Szmek2018-05-316-0/+251
| |
| * shared/logs-show: export show_journal()Zbigniew Jędrzejewski-Szmek2018-05-312-15/+29
| | | | | | | | This is a nice function to output some journal entries without much ado.
| * journal: rename output_journal to show_journal_entryZbigniew Jędrzejewski-Szmek2018-05-314-6/+6
| | | | | | | | | | We have show_journal, and output_journal, and it's not immediately clear how they related. Rename the first to show that it just prints one entry.
| * journal: allow writing journal files even if machine-id is missingZbigniew Jędrzejewski-Szmek2018-05-311-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | The code to open journal files seems like the wrong place to enforce this. We already check during boot and refuse to boot if machine-id is missing, no need to enforce this here. In particular, it seems better to write logs from journald even if they are not completely functional rather than refuse to operate at all, and systemd-journal-remote also writes journal files and may even be run on a system without systemd at all. The docker image that oss-fuzz uses has an empty /etc/machine-id. Obviously this is an error in the docker, but docker is fact of life, and it seems better for systemd-journal-remote to work in such an incomplete environment.
| * sd-id128: return -ENOMEDIUM on null idZbigniew Jędrzejewski-Szmek2018-05-312-4/+6
| | | | | | | | | | | | | | | | | | We currently return -ENOMEDIUM when /etc/machine-id is empty, and -EINVAL when it is all zeros. But -EINVAL is also used for invalid args. The distinction between empty and all-zero is not very important, let's use the same return code. Also document -ENOENT and -ENOMEDIUM since they can be a bit surprising.
| * fuzz-journal-remote: allow fuzzer to be built without µhttpdZbigniew Jędrzejewski-Szmek2018-05-313-9/+26
| | | | | | | | | | journal-remote still requires µhttpd, but things are easier if the fuzzer can be built without.
| * shared/dissect-image: avoid warning about unused function when compiled w/o ↵Zbigniew Jędrzejewski-Szmek2018-05-311-0/+2
| | | | | | | | blkid
| * log-generator: make message size configurable, add short optionsZbigniew Jędrzejewski-Szmek2018-05-311-2/+5
| | | | | | | | Also remove "b''" from the generated MESSAGE= field.
| * journal-remote: export handle_raw_source()Zbigniew Jędrzejewski-Szmek2018-05-312-7/+13
| |
| * journal-remote: split out µhttpd support and main() into a separate fileZbigniew Jędrzejewski-Szmek2018-05-315-1162/+1242
| | | | | | | | | | | | | | | | | | | | | | | | | | This is in preparation to reusing the RemoteServer in other concepts. I tried to keep changes to minimum: - arg_* global variables are now passed as state in RemoteServer - exported functions get the "journal_remote_" prefix - some variables are renamed In particular, there is an ugly global RemoveServer* variable. It was originally added because µhttpd did not allow state to be passed to the callbacks. I'm not sure if this has been remediated in µhttpd, but either way, this is not changed here, the global variable is only renamed for clarity.
| * journal: rewrap function argsZbigniew Jędrzejewski-Szmek2018-05-311-3/+16
| |
* | Merge pull request #9145 from poettering/itsy-bitsy-fixesZbigniew Jędrzejewski-Szmek2018-05-317-18/+22
|\ \ | | | | | | trivial fixes
| * | tree-wide: drop some double newlinesLennart Poettering2018-05-312-2/+0
| | |
| * | coccinelle says we should use EOPNOTSUPP rather than ENOTSUPLennart Poettering2018-05-311-1/+1
| | |
| * | portablectl: no need to validate profile name before checking whether it is ↵Lennart Poettering2018-05-311-3/+3
| | | | | | | | | | | | 'help'
| * | portablectl: support 'help' parameter on --copy=Lennart Poettering2018-05-311-1/+6
| | |
| * | portablectl: don't join strv if we don't want to display itLennart Poettering2018-05-311-5/+7
| | |
| * | portablectl: coccinelle says we should use TAKE_PTR() here, do soLennart Poettering2018-05-311-2/+1
| | |
| * | tree-wide: some O_NDELAY → O_NONBLOCK fixesLennart Poettering2018-05-313-4/+4
| |/ | | | | | | Somehow the coccinelle script misses these, hence fix them manually.
* | sysctl.d: request ECN on both in and outgoing connections (#9143)Thomas H. P. Andersen2018-05-311-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | To further avoid bufferbloat Explicit Congestion Notification (ECN) should be enabled for both in and outgoing connections. The kernel default is to enable it when requested for incoming connections, but not to request it on outgoing connections. This patch enables it for both. A long time ago enabling these was causing problems, but these issues have since been dealt with. Fixes #9087.
* | man: say more explicitly what to do in the SD_JOURNAL_INVALIDATE eventLennart Poettering2018-05-311-16/+21
|/ | | | | | | | | | | | This rewords the section, explicitly distuingishing the cases of clients that only want a continious log stream (which can simply treat SD_JOURNAL_INVALIDATE the same way as SD_JOURNAL_APPEND) and those which want to represent on screen the full state of the log data on disk. This is an alternative to a part of PR #9060, but keeps an explanation of the destinction of handling depending on the type of client. Fixes: #8963
View Lorry Controller Status