New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
journal: deal better with reading from zeroed out journal mmaps #15557
Commits on Apr 23, 2020
-
macro: add READ_NOW() macro for force reading of memory, making a copy
When accessing journal files we generally are fine when values change beneath our feet, while we are looking at them, as long as they change from something valid to zero. This is required since we nowadays forcibly unallocate journal files on vacuuming, to ensure they are actually released. However, we need to make sure that the validity checks we enforce are done on suitable copies of the fields in the file. Thus provide a macro that forces a copy, and disallows the compiler from merging our copy with the actually memory where it is from.
Configuration menu - View commit details
-
Copy full SHA for ed50f18 - Browse repository at this point
Copy the full SHA ed50f18View commit details -
journal-file: avoid risky subtraction when validity checking object
The value might change beneath what we do, and hence let's avoid any chance of underflow.
Configuration menu - View commit details
-
Copy full SHA for 20ee282 - Browse repository at this point
Copy the full SHA 20ee282View commit details -
Configuration menu - View commit details
-
Copy full SHA for e6fea30 - Browse repository at this point
Copy the full SHA e6fea30View commit details -
Configuration menu - View commit details
-
Copy full SHA for bba6e4a - Browse repository at this point
Copy the full SHA bba6e4aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 13933c6 - Browse repository at this point
Copy the full SHA 13933c6View commit details -
journal: don't assert on mmap'ed object type
Mappings canbe replaced by all zeroes under our feet if vacuuming decides to unallocate some file. Hence let's not check for this kind of stuff in an assert. (Typically, we should genreate runtime errors in this case, in particular EBADMSG, which the callers generally look for. But in this case this is just an extra precaution check anyway, so let's just remove it.)
Configuration menu - View commit details
-
Copy full SHA for 0600ff0 - Browse repository at this point
Copy the full SHA 0600ff0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7113989 - Browse repository at this point
Copy the full SHA 7113989View commit details -
journal: make sure to explicitly copy out values of mmap before doing…
… arithmetics on them Our journal code is generally supposed to be written in a fashion that the underlying file can be deallocated any time, i.e. our mmap of it suddenly becomes all zeroes. The idea is that we catch that when parsing everything. For that to work safely we need to make sure that when doing arithmetics or comparisons on values read from the map we don't run into TTOCTTOU issues when determining validity. Hence we need to copy out the values before use and operate on the copies. This requires some special care since the C compiler could suppress our copies as optimization. Hence use the new READ_NOW() macro to force a copy by using memcpy(), and use it whenever we start doing an arithmetic operation on it, or validity checking of multiple steps. Fixes: systemd#14943
Configuration menu - View commit details
-
Copy full SHA for 893e0f8 - Browse repository at this point
Copy the full SHA 893e0f8View commit details -
Configuration menu - View commit details
-
Copy full SHA for bfbd5be - Browse repository at this point
Copy the full SHA bfbd5beView commit details