summaryrefslogtreecommitdiff
path: root/src/journal
AgeCommit message (Collapse)Author
2016-01-12tree-wide: use xsprintf() where applicableDaniel Mack
Also add a coccinelle receipt to help with such transitions.
2016-01-12Merge pull request #2303 from aadamowski/fix-miscalculated-bufferDaniel Mack
Fix miscalculated buffer size and uses of size-unlimited sprintf()
2016-01-11Fix miscalculated buffer size and uses of size-unlimited sprintf()Aleksander Adamowski
function. Not sure if this results in an exploitable buffer overflow, probably not since the the int value is likely sanitized somewhere earlier and it's being put through a bit mask shortly before being used.
2016-01-08journal: normalize priority of logging sourcesVito Caputo
The stream event source has a priority of SD_EVENT_PRIORITY_NORMAL+5, and stdout source +10, but the native and syslog event sources are left at the default of 0. As a result, any heavy native or syslog logger can cause starvation of the other loggers. This is trivially demonstrated by running: dd if=/dev/urandom bs=8k | od | systemd-cat & # native spammer systemd-run echo hello & # stream logger journalctl --follow --output=verbose --no-pager --identifier=echo & ... and wait, and wait, the "hello" never comes. Now kill %1, "hello" arrives finally.
2015-12-23Merge pull request #2158 from keszybz/journal-decompressionLennart Poettering
Journal decompression fixes
2015-12-13journal: add the "repeating sequence" test caseZbigniew Jędrzejewski-Szmek
This was the case that caused various problems that were fixed in preceding patches, so it is good to add a test that uses it directly. In "may_fail" test cases try again with a bigger buffer. Instead of allocating various buffers on the stack, malloc them. This is more reliable in case of big buffers, and allows tools like valgrind and address sanitizer to find overflows more easily.
2015-12-13journal: add "xfail" test for partial lz4 decompressionZbigniew Jędrzejewski-Szmek
Add a test that LZ4_decompress_safe_partial does (not) work as expected, so that if it starts to work at some point, we'll catch this and adjust our code.
2015-12-13journal: fix reporting of output size in compres_stream_lz4Zbigniew Jędrzejewski-Szmek
The header is 7 bytes, and this size was not accounted for in total_out. This means that we could create a file that was 7 bytes longer than requested, and the debug output was also inconsistent.
2015-12-13journal: add dst_allocated_size parameter for compress_blobZbigniew Jędrzejewski-Szmek
compress_blob took src, src_size, dst and *dst_size, but dst_size wasn't used as an input parameter with the size of dst, but only as an output parameter. dst was implicitly assumed to be at least src_size-1. This code wasn't *wrong*, because the only real caller in journal-file.c got it right. But it was misleading, and the tests in test-compress.c got it wrong, and worked only because the output buffer happened to be the same size as input buffer. So add a seperate dst_allocated_size parameter to make it explicit what the size of the buffer is, and to allow test to proceed with different output buffer sizes.
2015-12-13journal: in some cases we have to decompress the full lz4 fieldZbigniew Jędrzejewski-Szmek
lz4 has to decompress a whole "sequence" at a time. When the compressed data is composed of a repeating pattern, the whole set of repeats has do be docompressed, and the output buffer has to be big enough. This is unfortunate, because potentially the slowdown is very big. We are only interested in the field name, but we might have to decompress the whole thing. But the full cost will be borne out only when the full entry is a repeating pattern. In practice this shouldn't happen (apart from tests and the like). Hopefully lz4 will be fixed to avoid this problem, or it will grow a new function which we can use [1], so this fix should be remporary. [1] https://groups.google.com/d/msg/lz4c/_3kkz5N6n00/oTahzqErCgAJ
2015-12-13journal: decompress_startswith can return an errorZbigniew Jędrzejewski-Szmek
The return value was used directly in an if, so an error was treated as success; we need to bail out instead. An error should not happen, unless we have a compression/decompression mismatch, so output a debug line.
2015-12-10journal: make mmap_cache_unref() a NOP when NULL is passed, like all other ↵Lennart Poettering
destructors
2015-12-03journal: silently skip failing large messages if journald is missingZbigniew Jędrzejewski-Szmek
We treated -ENOENT errors with silent failure, for small messages. Do the same for large messages.
2015-12-03journal: unbreak sd_journal_sendvZbigniew Jędrzejewski-Szmek
Borked since commit 3ee897d6c2401effbc82f5eef35fce405781d6c8 Author: Lennart Poettering <lennart@poettering.net> Date: Wed Sep 23 01:00:04 2015 +0200 tree-wide: port more code to use send_one_fd() and receive_one_fd() because here our fd is not connected and we need to specify the address.
2015-12-03test-journal-send: add tests for sendvZbigniew Jędrzejewski-Szmek
Also, check the return value of all calls. They are documented to return 0, even if journald is not listening.
2015-12-03journal: addition and multiplication do not commuteZbigniew Jędrzejewski-Szmek
2015-12-02test-journal-send: no need to set log levelZbigniew Jędrzejewski-Szmek
We only use the public api here, so don't include log.h.
2015-12-02lz4: fix size check which had no chance of working on big-endianZbigniew Jędrzejewski-Szmek
2015-11-30Merge pull request #2053 from poettering/selinux-fixDavid Herrmann
Two unrelated fixes
2015-11-27journal: move the gist of server_fix_perms to acl-util.[hc]Zbigniew Jędrzejewski-Szmek
Most of the function is moved to acl-util.c to make it possible to add tests in subsequent commit. Setting of the mode in server_fix_perms is removed: - we either just created the file ourselves, and the permission be better right, - or the file was already there, and we should not modify the permissions. server_fix_perms is renamed to server_fix_acls to better reflect new meaning, and made static because it is only used in one file.
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27Merge pull request #1937 from evverx/fix-stdout-parsingLennart Poettering
Fix stdout stream parsing
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-17journal: don't remove leading spacesEvgeny Vereshchagin
2015-11-17journal: drop empty lines after level_prefix removingEvgeny Vereshchagin
2015-11-17Merge pull request #1926 from phomes/include-order-libudevDaniel Mack
tree-wide: group include of libudev.h with sd-*
2015-11-17Merge pull request #1927 from evverx/no-entries-in-quiet-modeDaniel Mack
journalctl: don't print -- No entries -- in quiet mode
2015-11-17journalctl: don't print -- No entries -- in quiet modeEvgeny Vereshchagin
2015-11-17tree-wide: group include of libudev.h with sd-*Thomas Hindoe Paaboel Andersen
2015-11-17tree-wide: make macros for converting fds to pointers and back generic and ↵Lennart Poettering
use them everywhere
2015-11-17journald: trivial simplificationLennart Poettering
2015-11-17coredump: modernize error logging a bitLennart Poettering
2015-11-17tree-wide: use right cast macros for UIDs, GIDs and PIDsLennart Poettering
2015-11-17Merge pull request #1923 from zonque/siphashLennart Poettering
siphash24: let siphash24_finalize() and siphash24() return the result…
2015-11-16siphash24: let siphash24_finalize() and siphash24() return the result directlyDaniel Mack
Rather than passing a pointer to return the result, return it directly from the function calls. Also, return the result in native endianess, and let the callers care about the conversion. For hash tables and bloom filters, we don't care, but in order to keep MAC addresses and DHCP client IDs stable, we explicitly convert to LE.
2015-11-16tree-wide: sort includesThomas Hindoe Paaboel Andersen
Sort the includes accoding to the new coding style.
2015-11-16siphash24: change result argument to uint64_tMartin Pitt
Change the "out" parameter from uint8_t[8] to uint64_t. On architectures which enforce pointer alignment this fixes crashes when we previously cast an unaligned array to uint64_t*, and on others this should at least improve performance as the compiler now aligns these properly. This also simplifies the code in most cases by getting rid of typecasts. The only place which we can't change is struct duid's en.id, as that is _packed_ and public API, so we can't enforce alignment of the "id" field and have to use memcpy instead.
2015-11-12journald: fix accuracy of watchdog timer eventLennart Poettering
Adding 3/4th of the watchdog frequency as accuracy on top of 1/2 of the watchdog frequency means we might end up at 5/4th of the frequency which means we might miss the message from time to time. Maybe fixes #1804
2015-11-12journald: rework --sync/--rotate logic to use CLOCK_MONOTONIC timestamp filesLennart Poettering
Previously, we'd rely on the mtime timestamps of the touch files to see if our sync/rotation requests were already suppressed. This means we rely on CLOCK_REALTIME timestamps. With this patch we instead store the CLOCK_MONOTONIC timestamp *in* the touch files, and avoid relying on mtime. This should make things more reliable when the clock or underlying mtime granularity is not very good. This also adds warning messages if writing any of the flag files fails.
2015-11-11journalctl: change repeated if checks into switch blocksLennart Poettering
No functional changes.
2015-11-11journalctl: refuse to --machine= in combination with --flush, --sync or --rotateLennart Poettering
2015-11-11journalctl: make --rotate synchronous, tooLennart Poettering
Of course, ideally we'd just use normal synchronous bus calls, but this is out of the question as long as we rely on dbus-daemon (which logs to journald, and thus cannot use to avoid cyclic sync loops). Hence, instead, reuse the wait logic already implemented for --sync, and use a signal in one direction, and a mtime watch file for the reply.
2015-11-11journalctl: add new --sync switch for syncing the journal to diskLennart Poettering
With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-10journald: be less picky when receiving epoll eventsLennart Poettering
The event might be flagged with stuff we don't expect, hence don't be needlessly picky, just rely on the kernel passing us sensible events.
2015-11-10journald: never accept fds from file systems with mandatory locking enabledLennart Poettering
This is pretty much a work-around for a security vulnerability in kernels that allow unprivileged user namespaces. Fixes #1822.
2015-11-10journald: dispatch SIGTERM/SIGINT with a low priorityLennart Poettering
Let's make sure to process all queued log data before exiting, so that we don't unnecessary lose messages when shutting down. https://github.com/systemd/systemd/pull/1812#issuecomment-155149871
2015-11-10defs: rework CONF_DIRS_NULSTR() macroLennart Poettering
The macro is generically useful for putting together search paths, hence let's make it truly generic, by dropping the implicit ".d" appending it does, and leave that to the caller. Also rename it from CONF_DIRS_NULSTR() to CONF_PATHS_NULSTR(), since it's not strictly about dirs that way, but any kind of file system path. Also, mark CONF_DIR_SPLIT_USR() as internal macro by renaming it to _CONF_PATHS_SPLIT_USR() so that the leading underscore indicates that it's internal.
2015-11-09Merge pull request #1820 from michich/errno-v2Daniel Mack
[v2] treewide: treatment of errno and other cleanups
2015-11-09treewide: apply errno.cocciMichal Schmidt
with small manual cleanups for style.