|
|
572a44 |
From 035c9e559064114e3f7ba19b593a97c4a4d4f060 Mon Sep 17 00:00:00 2001
|
|
|
572a44 |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
572a44 |
Date: Sat, 28 Dec 2013 19:33:23 -0500
|
|
|
572a44 |
Subject: [PATCH] journal: fix access to munmapped memory in
|
|
|
572a44 |
sd_journal_enumerate_unique
|
|
|
572a44 |
|
|
|
572a44 |
sd_j_e_u needs to keep a reference to an object while comparing it
|
|
|
572a44 |
with possibly duplicate objects in other files. Because the size of
|
|
|
572a44 |
mmap cache is limited, with enough files and object to compare to,
|
|
|
572a44 |
at some point the object being compared would be munmapped, resulting
|
|
|
572a44 |
in a segmentation fault.
|
|
|
572a44 |
|
|
|
572a44 |
Fix this issue by turning keep_always into a reference count that can
|
|
|
572a44 |
be increased and decreased. Other callers which set keep_always=true
|
|
|
572a44 |
are unmodified: their references are never released but are ignored
|
|
|
572a44 |
when the whole file is closed, which happens at some point. keep_always
|
|
|
572a44 |
is increased in sd_j_e_u and later on released.
|
|
|
572a44 |
---
|
|
|
572a44 |
src/journal/journal-file.c | 5 +---
|
|
|
572a44 |
src/journal/journal-file.h | 24 +++++++++++++++++++
|
|
|
572a44 |
src/journal/journal-verify.c | 4 ----
|
|
|
572a44 |
src/journal/mmap-cache.c | 57 +++++++++++++++++++++++++++++++++++---------
|
|
|
572a44 |
src/journal/mmap-cache.h | 18 +++++++++++++-
|
|
|
572a44 |
src/journal/sd-journal.c | 18 +++++++++++---
|
|
|
572a44 |
6 files changed, 103 insertions(+), 23 deletions(-)
|
|
|
572a44 |
|
|
|
572a44 |
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
|
|
572a44 |
index 748816a..9dbd674 100644
|
|
|
572a44 |
--- a/src/journal/journal-file.c
|
|
|
572a44 |
+++ b/src/journal/journal-file.c
|
|
|
572a44 |
@@ -419,7 +419,6 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
|
|
|
572a44 |
void *t;
|
|
|
572a44 |
Object *o;
|
|
|
572a44 |
uint64_t s;
|
|
|
572a44 |
- unsigned context;
|
|
|
572a44 |
|
|
|
572a44 |
assert(f);
|
|
|
572a44 |
assert(ret);
|
|
|
572a44 |
@@ -428,10 +427,8 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
|
|
|
572a44 |
if (!VALID64(offset))
|
|
|
572a44 |
return -EFAULT;
|
|
|
572a44 |
|
|
|
572a44 |
- /* One context for each type, plus one catch-all for the rest */
|
|
|
572a44 |
- context = type > 0 && type < _OBJECT_TYPE_MAX ? type : 0;
|
|
|
572a44 |
|
|
|
572a44 |
- r = journal_file_move_to(f, context, false, offset, sizeof(ObjectHeader), &t);
|
|
|
572a44 |
+ r = journal_file_move_to(f, type_to_context(type), false, offset, sizeof(ObjectHeader), &t);
|
|
|
572a44 |
if (r < 0)
|
|
|
572a44 |
return r;
|
|
|
572a44 |
|
|
|
572a44 |
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
|
|
|
572a44 |
index 5cc2c2d..376c3d4 100644
|
|
|
572a44 |
--- a/src/journal/journal-file.h
|
|
|
572a44 |
+++ b/src/journal/journal-file.h
|
|
|
572a44 |
@@ -128,6 +128,10 @@ int journal_file_open_reliably(
|
|
|
572a44 |
#define ALIGN64(x) (((x) + 7ULL) & ~7ULL)
|
|
|
572a44 |
#define VALID64(x) (((x) & 7ULL) == 0ULL)
|
|
|
572a44 |
|
|
|
572a44 |
+/* Use six characters to cover the offsets common in smallish journal
|
|
|
572a44 |
+ * files without adding too many zeros. */
|
|
|
572a44 |
+#define OFSfmt "%06"PRIx64
|
|
|
572a44 |
+
|
|
|
572a44 |
static inline bool VALID_REALTIME(uint64_t u) {
|
|
|
572a44 |
/* This considers timestamps until the year 3112 valid. That should be plenty room... */
|
|
|
572a44 |
return u > 0 && u < (1ULL << 55);
|
|
|
572a44 |
@@ -197,3 +201,23 @@ int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *
|
|
|
572a44 |
int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot, usec_t *from, usec_t *to);
|
|
|
572a44 |
|
|
|
572a44 |
bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec);
|
|
|
572a44 |
+
|
|
|
572a44 |
+
|
|
|
572a44 |
+static unsigned type_to_context(int type) {
|
|
|
572a44 |
+ /* One context for each type, plus one catch-all for the rest */
|
|
|
572a44 |
+ return type > 0 && type < _OBJECT_TYPE_MAX ? type : 0;
|
|
|
572a44 |
+}
|
|
|
572a44 |
+
|
|
|
572a44 |
+static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) {
|
|
|
572a44 |
+ unsigned context = type_to_context(o->object.type);
|
|
|
572a44 |
+
|
|
|
572a44 |
+ return mmap_cache_get(f->mmap, f->fd, f->prot, context, true,
|
|
|
572a44 |
+ offset, o->object.size, &f->last_stat, NULL);
|
|
|
572a44 |
+}
|
|
|
572a44 |
+
|
|
|
572a44 |
+static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) {
|
|
|
572a44 |
+ unsigned context = type_to_context(o->object.type);
|
|
|
572a44 |
+
|
|
|
572a44 |
+ return mmap_cache_release(f->mmap, f->fd, f->prot, context,
|
|
|
572a44 |
+ offset, o->object.size);
|
|
|
572a44 |
+}
|
|
|
572a44 |
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
|
|
|
572a44 |
index 82b0f0a..f2422ff 100644
|
|
|
572a44 |
--- a/src/journal/journal-verify.c
|
|
|
572a44 |
+++ b/src/journal/journal-verify.c
|
|
|
572a44 |
@@ -34,10 +34,6 @@
|
|
|
572a44 |
#include "compress.h"
|
|
|
572a44 |
#include "fsprg.h"
|
|
|
572a44 |
|
|
|
572a44 |
-/* Use six characters to cover the offsets common in smallish journal
|
|
|
572a44 |
- * files without adding to many zeros. */
|
|
|
572a44 |
-#define OFSfmt "%06"PRIx64
|
|
|
572a44 |
-
|
|
|
572a44 |
static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o) {
|
|
|
572a44 |
uint64_t i;
|
|
|
572a44 |
|
|
|
572a44 |
diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
|
|
|
572a44 |
index 03b57be..cfb26da 100644
|
|
|
572a44 |
--- a/src/journal/mmap-cache.c
|
|
|
572a44 |
+++ b/src/journal/mmap-cache.c
|
|
|
572a44 |
@@ -38,7 +38,7 @@ typedef struct FileDescriptor FileDescriptor;
|
|
|
572a44 |
struct Window {
|
|
|
572a44 |
MMapCache *cache;
|
|
|
572a44 |
|
|
|
572a44 |
- bool keep_always;
|
|
|
572a44 |
+ unsigned keep_always;
|
|
|
572a44 |
bool in_unused;
|
|
|
572a44 |
|
|
|
572a44 |
int prot;
|
|
|
572a44 |
@@ -182,7 +182,7 @@ static void context_detach_window(Context *c) {
|
|
|
572a44 |
c->window = NULL;
|
|
|
572a44 |
LIST_REMOVE(Context, by_window, w->contexts, c);
|
|
|
572a44 |
|
|
|
572a44 |
- if (!w->contexts && !w->keep_always) {
|
|
|
572a44 |
+ if (!w->contexts && w->keep_always == 0) {
|
|
|
572a44 |
/* Not used anymore? */
|
|
|
572a44 |
LIST_PREPEND(Window, unused, c->cache->unused, w);
|
|
|
572a44 |
if (!c->cache->last_unused)
|
|
|
572a44 |
@@ -357,7 +357,6 @@ static int try_context(
|
|
|
572a44 |
assert(m->n_ref > 0);
|
|
|
572a44 |
assert(fd >= 0);
|
|
|
572a44 |
assert(size > 0);
|
|
|
572a44 |
- assert(ret);
|
|
|
572a44 |
|
|
|
572a44 |
c = hashmap_get(m->contexts, UINT_TO_PTR(context+1));
|
|
|
572a44 |
if (!c)
|
|
|
572a44 |
@@ -375,9 +374,10 @@ static int try_context(
|
|
|
572a44 |
return 0;
|
|
|
572a44 |
}
|
|
|
572a44 |
|
|
|
572a44 |
- c->window->keep_always = c->window->keep_always || keep_always;
|
|
|
572a44 |
+ c->window->keep_always += keep_always;
|
|
|
572a44 |
|
|
|
572a44 |
- *ret = (uint8_t*) c->window->ptr + (offset - c->window->offset);
|
|
|
572a44 |
+ if (ret)
|
|
|
572a44 |
+ *ret = (uint8_t*) c->window->ptr + (offset - c->window->offset);
|
|
|
572a44 |
return 1;
|
|
|
572a44 |
}
|
|
|
572a44 |
|
|
|
572a44 |
@@ -399,7 +399,6 @@ static int find_mmap(
|
|
|
572a44 |
assert(m->n_ref > 0);
|
|
|
572a44 |
assert(fd >= 0);
|
|
|
572a44 |
assert(size > 0);
|
|
|
572a44 |
- assert(ret);
|
|
|
572a44 |
|
|
|
572a44 |
f = hashmap_get(m->fds, INT_TO_PTR(fd + 1));
|
|
|
572a44 |
if (!f)
|
|
|
572a44 |
@@ -419,9 +418,10 @@ static int find_mmap(
|
|
|
572a44 |
return -ENOMEM;
|
|
|
572a44 |
|
|
|
572a44 |
context_attach_window(c, w);
|
|
|
572a44 |
- w->keep_always = w->keep_always || keep_always;
|
|
|
572a44 |
+ w->keep_always += keep_always;
|
|
|
572a44 |
|
|
|
572a44 |
- *ret = (uint8_t*) w->ptr + (offset - w->offset);
|
|
|
572a44 |
+ if (ret)
|
|
|
572a44 |
+ *ret = (uint8_t*) w->ptr + (offset - w->offset);
|
|
|
572a44 |
return 1;
|
|
|
572a44 |
}
|
|
|
572a44 |
|
|
|
572a44 |
@@ -447,7 +447,6 @@ static int add_mmap(
|
|
|
572a44 |
assert(m->n_ref > 0);
|
|
|
572a44 |
assert(fd >= 0);
|
|
|
572a44 |
assert(size > 0);
|
|
|
572a44 |
- assert(ret);
|
|
|
572a44 |
|
|
|
572a44 |
woffset = offset & ~((uint64_t) page_size() - 1ULL);
|
|
|
572a44 |
wsize = size + (offset - woffset);
|
|
|
572a44 |
@@ -517,7 +516,8 @@ static int add_mmap(
|
|
|
572a44 |
c->window = w;
|
|
|
572a44 |
LIST_PREPEND(Context, by_window, w->contexts, c);
|
|
|
572a44 |
|
|
|
572a44 |
- *ret = (uint8_t*) w->ptr + (offset - w->offset);
|
|
|
572a44 |
+ if (ret)
|
|
|
572a44 |
+ *ret = (uint8_t*) w->ptr + (offset - w->offset);
|
|
|
572a44 |
return 1;
|
|
|
572a44 |
}
|
|
|
572a44 |
|
|
|
572a44 |
@@ -538,7 +538,6 @@ int mmap_cache_get(
|
|
|
572a44 |
assert(m->n_ref > 0);
|
|
|
572a44 |
assert(fd >= 0);
|
|
|
572a44 |
assert(size > 0);
|
|
|
572a44 |
- assert(ret);
|
|
|
572a44 |
|
|
|
572a44 |
/* Check whether the current context is the right one already */
|
|
|
572a44 |
r = try_context(m, fd, prot, context, keep_always, offset, size, ret);
|
|
|
572a44 |
@@ -554,6 +553,42 @@ int mmap_cache_get(
|
|
|
572a44 |
return add_mmap(m, fd, prot, context, keep_always, offset, size, st, ret);
|
|
|
572a44 |
}
|
|
|
572a44 |
|
|
|
572a44 |
+int mmap_cache_release(
|
|
|
572a44 |
+ MMapCache *m,
|
|
|
572a44 |
+ int fd,
|
|
|
572a44 |
+ int prot,
|
|
|
572a44 |
+ unsigned context,
|
|
|
572a44 |
+ uint64_t offset,
|
|
|
572a44 |
+ size_t size) {
|
|
|
572a44 |
+
|
|
|
572a44 |
+ FileDescriptor *f;
|
|
|
572a44 |
+ Window *w;
|
|
|
572a44 |
+
|
|
|
572a44 |
+ assert(m);
|
|
|
572a44 |
+ assert(m->n_ref > 0);
|
|
|
572a44 |
+ assert(fd >= 0);
|
|
|
572a44 |
+ assert(size > 0);
|
|
|
572a44 |
+
|
|
|
572a44 |
+ f = hashmap_get(m->fds, INT_TO_PTR(fd + 1));
|
|
|
572a44 |
+ if (!f)
|
|
|
572a44 |
+ return -EBADF;
|
|
|
572a44 |
+
|
|
|
572a44 |
+ assert(f->fd == fd);
|
|
|
572a44 |
+
|
|
|
572a44 |
+ LIST_FOREACH(by_fd, w, f->windows)
|
|
|
572a44 |
+ if (window_matches(w, fd, prot, offset, size))
|
|
|
572a44 |
+ break;
|
|
|
572a44 |
+
|
|
|
572a44 |
+ if (!w)
|
|
|
572a44 |
+ return -ENOENT;
|
|
|
572a44 |
+
|
|
|
572a44 |
+ if (w->keep_always == 0)
|
|
|
572a44 |
+ return -ENOLCK;
|
|
|
572a44 |
+
|
|
|
572a44 |
+ w->keep_always -= 1;
|
|
|
572a44 |
+ return 0;
|
|
|
572a44 |
+}
|
|
|
572a44 |
+
|
|
|
572a44 |
void mmap_cache_close_fd(MMapCache *m, int fd) {
|
|
|
572a44 |
FileDescriptor *f;
|
|
|
572a44 |
|
|
|
572a44 |
diff --git a/src/journal/mmap-cache.h b/src/journal/mmap-cache.h
|
|
|
572a44 |
index 0c42fb8..e5e3b38 100644
|
|
|
572a44 |
--- a/src/journal/mmap-cache.h
|
|
|
572a44 |
+++ b/src/journal/mmap-cache.h
|
|
|
572a44 |
@@ -31,6 +31,22 @@ MMapCache* mmap_cache_new(void);
|
|
|
572a44 |
MMapCache* mmap_cache_ref(MMapCache *m);
|
|
|
572a44 |
MMapCache* mmap_cache_unref(MMapCache *m);
|
|
|
572a44 |
|
|
|
572a44 |
-int mmap_cache_get(MMapCache *m, int fd, int prot, unsigned context, bool keep_always, uint64_t offset, size_t size, struct stat *st, void **ret);
|
|
|
572a44 |
+int mmap_cache_get(
|
|
|
572a44 |
+ MMapCache *m,
|
|
|
572a44 |
+ int fd,
|
|
|
572a44 |
+ int prot,
|
|
|
572a44 |
+ unsigned context,
|
|
|
572a44 |
+ bool keep_always,
|
|
|
572a44 |
+ uint64_t offset,
|
|
|
572a44 |
+ size_t size,
|
|
|
572a44 |
+ struct stat *st,
|
|
|
572a44 |
+ void **ret);
|
|
|
572a44 |
+int mmap_cache_release(
|
|
|
572a44 |
+ MMapCache *m,
|
|
|
572a44 |
+ int fd,
|
|
|
572a44 |
+ int prot,
|
|
|
572a44 |
+ unsigned context,
|
|
|
572a44 |
+ uint64_t offset,
|
|
|
572a44 |
+ size_t size);
|
|
|
572a44 |
void mmap_cache_close_fd(MMapCache *m, int fd);
|
|
|
572a44 |
void mmap_cache_close_context(MMapCache *m, unsigned context);
|
|
|
572a44 |
diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c
|
|
|
572a44 |
index 9676f0f..67a77e6 100644
|
|
|
572a44 |
--- a/src/journal/sd-journal.c
|
|
|
572a44 |
+++ b/src/journal/sd-journal.c
|
|
|
572a44 |
@@ -2506,9 +2506,7 @@ _public_ int sd_journal_query_unique(sd_journal *j, const char *field) {
|
|
|
572a44 |
}
|
|
|
572a44 |
|
|
|
572a44 |
_public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_t *l) {
|
|
|
572a44 |
- Object *o;
|
|
|
572a44 |
size_t k;
|
|
|
572a44 |
- int r;
|
|
|
572a44 |
|
|
|
572a44 |
if (!j)
|
|
|
572a44 |
return -EINVAL;
|
|
|
572a44 |
@@ -2533,9 +2531,11 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
|
|
|
572a44 |
for (;;) {
|
|
|
572a44 |
JournalFile *of;
|
|
|
572a44 |
Iterator i;
|
|
|
572a44 |
+ Object *o;
|
|
|
572a44 |
const void *odata;
|
|
|
572a44 |
size_t ol;
|
|
|
572a44 |
bool found;
|
|
|
572a44 |
+ int r;
|
|
|
572a44 |
|
|
|
572a44 |
/* Proceed to next data object in the field's linked list */
|
|
|
572a44 |
if (j->unique_offset == 0) {
|
|
|
572a44 |
@@ -2572,8 +2572,16 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
|
|
|
572a44 |
return r;
|
|
|
572a44 |
|
|
|
572a44 |
/* Let's do the type check by hand, since we used 0 context above. */
|
|
|
572a44 |
- if (o->object.type != OBJECT_DATA)
|
|
|
572a44 |
+ if (o->object.type != OBJECT_DATA) {
|
|
|
572a44 |
+ log_error("%s:offset " OFSfmt ": object has type %d, expected %d",
|
|
|
572a44 |
+ j->unique_file->path, j->unique_offset,
|
|
|
572a44 |
+ o->object.type, OBJECT_DATA);
|
|
|
572a44 |
return -EBADMSG;
|
|
|
572a44 |
+ }
|
|
|
572a44 |
+
|
|
|
572a44 |
+ r = journal_file_object_keep(j->unique_file, o, j->unique_offset);
|
|
|
572a44 |
+ if (r < 0)
|
|
|
572a44 |
+ return r;
|
|
|
572a44 |
|
|
|
572a44 |
r = return_data(j, j->unique_file, o, &odata, &ol);
|
|
|
572a44 |
if (r < 0)
|
|
|
572a44 |
@@ -2607,6 +2615,10 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
|
|
|
572a44 |
if (found)
|
|
|
572a44 |
continue;
|
|
|
572a44 |
|
|
|
572a44 |
+ r = journal_file_object_release(j->unique_file, o, j->unique_offset);
|
|
|
572a44 |
+ if (r < 0)
|
|
|
572a44 |
+ return r;
|
|
|
572a44 |
+
|
|
|
572a44 |
r = return_data(j, j->unique_file, o, data, l);
|
|
|
572a44 |
if (r < 0)
|
|
|
572a44 |
return r;
|