| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Journal corruption is not only indicated by EBADMSG but also by
EADDRNOTAVAIL so treat that as corruption in a few more cases.
|
| |\
| |
| | |
fuzz-journal-remote: several cleanups
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After f12b399dd6362a03379cb769954ebfb9972236ed, the output path is
also used to determine the directory to be vacuumed. And if a filename
only path is specified, `writer_new()` fails since the commit.
This makes the specified path is always made absolute. This should not
change any behavior before the offending commit, as `journal_open()` opens
the specified journal file with `AT_FDCWD`.
Fixes #27012.
|
| | |
| |
| |
| | |
journal_remote_get_writer()
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
After f12b399dd6362a03379cb769954ebfb9972236ed, writer_new() may fail
with non-OOM error. Let's return the error cause, and logs the failure
in the caller side.
This also drops logs in journal_remote_get_writer(), adds its caller
typically logs the failure.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All daemons use a similar scheme to read their main config files and theirs
drop-ins. The main config files are always stored in /etc/systemd directory and
it's easy enough to construct the name of the drop-in directories based on the
name of the main config file.
Hence the new helper does that internally, which allows to reduce and simplify
the args passed previously to config_parse_many_nulstr().
Besides the overall code simplification it results:
16 files changed, 87 insertions(+), 159 deletions(-)
it allows to identify clearly the locations in the code where configuration
files are parsed.
|
| |
|
|
| |
This will help in a later commit to separate userspace from EFI builds.
|
| | |
|
| |\
| |
| | |
meson: Use dicts for test/fuzzer definitions
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's ensure that entry seqnums remain stable and monotonic across the
entire runtime of the system, even if local storage is turned off. Let's
do this by maintainer a counter file in /run/ which we mmap() and
wherein we maintain the counter from early-boot on till late shutdown.
This takes inspiration of the kernel-seqnum file we already maintain
like that that tracks which kmsg messages we already processed. In fact,
we reuse the same code for maintaining it.
This should allow the behaviour entry seqnums to be more predictable, in
particular when journal local storage is turned off. Previously, we'd
maintain the seqnum simply by always bumping it to the maximum of the
last written entry seqnum plus one, and the biggest seqnum so far
written to the journal file on disk. If we'd never write a file on disk,
or if no journal file was existing during the initrd→seqnum transition
we'd completely lose the current seqnum position during daemon restarts
(such as the one happening during the switch-root operation).
This also will cause a journal file rotation whenever we try to write to
a journal file with multiple sequence number IDs, so that we know that
from early boot trhough the entire runtime we'll have stable sequence
numbers that do not jump, and thus can be used to determine "lost"
messages.
|
| |
|
|
| |
No functional changes, just refactoring.
|
| |
|
|
|
|
| |
Meson+ninja+compiler do this for us and are better at it.
https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.
Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state
Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.
In some places, initialization is dropped if unnecessary.
|
| |
|
|
|
|
|
| |
Follow-up for f12b399dd6362a03379cb769954ebfb9972236ed from
https://github.com/systemd/systemd/pull/25076
CID#1501550
|
| |
|
|
|
|
|
| |
Follow-up for f12b399dd6362a03379cb769954ebfb9972236ed from
https://github.com/systemd/systemd/pull/25076
CID#1501551
|
| |
|
|
|
| |
* Support vacuuming for journal-remote
Co-authored-by: Berend De Schouwer <berend@deschouwer.co.za>
|
| |
|
|
| |
Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.
|
| |
|
|
|
|
| |
The name "def.h" originates from before the rule of "no needless abbreviations"
was established. Let's rename the file to clarify that it contains a collection
of various semi-related constants.
|
| |
|
|
|
| |
util.h is now about logarithms only, so we can rename it. Many files included
util.h for no apparent reason… Those includes are dropped.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This new output formatting option is similar to "short-monotonic" but
also shows the time delta between two messages.
This fixes #24641.
|
| | |
|
| |
|
|
| |
gcc will complain about all these with -Wformat-signedness.
|
| |
|
|
|
|
|
|
|
|
| |
../src/journal-remote/microhttpd-util.c: In function ‘check_permissions’:
../src/journal-remote/microhttpd-util.c:301:5: error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn]
301 | int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Fixes #23630.
|
| |
|
|
|
| |
This way we can still call fuzzers on old samples, but oss-fuzz will not waste
its and our time finding overly large inputs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without the size limits, oss-fuzz creates huge samples that time out. Usually
this is because some of our code has bad algorithmic complexity. For data like
configuration samples we don't need to care about this: non-rogue configs are
rarely more than a few items, and a bit of a slowdown with a few hundred items
is acceptable. This wouldn't be OK for processing of untrusted data though.
We need to set the limit in two ways: through .options and in the code. The
first because it nicely allows libFuzzer to avoid wasting time, and the second
because fuzzers like hongfuzz and afl don't support .options.
While at it, let's fix an off-by-one (65535 is the largest offset for a
power-of-two size, but we're checking the size here).
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems that we try to create a new file, which fails with -ENOSPC, and we
later fail when reading a file with ENODATA. journal_file_open() will return
-ENODATA if the file is too short or if journal_file_verify_header() fails.
We'll unlink a file we newly created if we fail to initialize it immediately
after creation. I'm not sure if the file we fail to open is the one we newly
created and e.g. failed to create the arena and such, or if it's the file we
were trying to rotate away from. Either way, I think we should be OK with
with a non-fully-initialized journal file.
Failed to create rotated journal: No space left on device
Failed to write entry of 2 bytes: No space left on device
sd_journal_open_files(["/tmp/fuzz-journal-remote.vELRpI.journal"]) failed: No data available
Assertion 'IN_SET(r, -ENOMEM, -EMFILE, -ENFILE)' failed at src/journal-remote/fuzz-journal-remote.c:70, function int LLVMFuzzerTestOneInput(const uint8_t *, size_t)(). Aborting.
oss-fuzz-39238: https://oss-fuzz.com/issue/4609851129462784
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a high-level function, and it belongs in libsystemd-shared. This way we
don't end up linking a separate copy into various binaries. It would even end
up in libsystemd, where it is not needed. (Maybe it'd be removed in some
optimization phase, but it's better to not rely on that.)
$ grep -l -r -a 'path is not absolute%s' build/
build/libnss_systemd.so.2
build/pam_systemd_home.so
build/test-dlopen
build/src/basic/libbasic.a.p/path-util.c.o
build/src/basic/libbasic.a
build/src/shared/libsystemd-shared-249.so
build/test-bus-error
build/libnss_mymachines.so.2
build/pam_systemd.so
build/libnss_resolve.so.2
build/libnss_myhostname.so.2
build/libsystemd.so.0.32.0
build/libudev.so.1.7.2
$ grep -l -r -a 'path is not absolute%s' build/
build/src/shared/libsystemd-shared-251.a.p/parse-helpers.c.o
build/src/shared/libsystemd-shared-251.a
build/src/shared/libsystemd-shared-251.so
No functional change.
|
| |
|
|
|
|
|
|
|
| |
GIT_VERSION is not available as a config.h variable, because it's rendered
into version.h during builds. Let's rework jinja2 rendering to also
parse version.h. No functional change, the new variable is so far unused.
I guess this will make partial rebuilds a bit slower, but it's useful
to be able to use the full version string.
|
| | |
|
| |
|
|
|
|
|
| |
Just some modernization/refactoring.
No change in behaviour, just let's do how we do things these days: use
flags param instead of list of bools.
|
| | |
|
| |
|
|
|
|
| |
and check_permission() should not be called in that case.
Replaces #22847.
|
| |
|
|
| |
This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
|
| |
|
|
|
| |
This also makes unsafe strings escaped when logged. Otherwise,
journalctl may not show the log message unless '--all' is specified.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The approach to use '''…'''.split() instead of a list of strings was initially
used when converting from automake because it allowed identical blocks of lines
to be used for both, making the conversion easier.
But over the years we have been using normal lists more and more, especially
when there were just a few filenames listed. This converts the rest.
No functional change.
|
| | |
|
| |
|
|
|
| |
JournalFile and JournaldFile are hard to distinguish from each other.
Let's use ManagedJournalFile instead to make the distinction more clear.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by always calling journal_remote_server_destroy, which resets global
variables like journal_remote_server_global. It should prevent crashes like
```
Assertion 'journal_remote_server_global == NULL' failed at src/journal-remote/journal-remote.c:312, function int journal_remote_server_init(RemoteServer *, const char *, JournalWriteSplitMode, _Bool, _Bool)(). Aborting.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==24769==ERROR: AddressSanitizer: ABRT on unknown address 0x0539000060c1 (pc 0x7f23b4d5818b bp 0x7ffcbc4080c0 sp 0x7ffcbc407e70 T0)
SCARINESS: 10 (signal)
#0 0x7f23b4d5818b in raise /build/glibc-eX1tMB/glibc-2.31/sysdeps/unix/sysv/linux/raise.c:51:1
#1 0x7f23b4d37858 in abort /build/glibc-eX1tMB/glibc-2.31/stdlib/abort.c:79:7
#2 0x7f23b5731809 in log_assert_failed systemd/src/basic/log.c:866:9
```
|
| |
|
|
|
|
| |
Not having to provide the full path in the source tree is much
nicer and the produced lists can also be used anywhere in the source
tree.
|
| |
|
|
| |
is deprecated since 0.9.74
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The meson default for static_library() are:
build_by_default=true, install=false. We never interact with the
static libraries, and we only care about them as a stepping-stone towards
the installable executables or libraries. Thus let's only build them if
they are a dependency of something else we are building.
While at it, let's drop install:false, since this appears to be the default.
This change would have fixed the issue with lib_import_common failing
to build too: we wouldn't attempt to build it.
In practice this changes very little, because we generally only declare static
libraries where there's something in the default target that will make use of
them. But it seems to be a better pattern to set build_by_default to false.
|
