1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

45485 Commits

Author SHA1 Message Date
Lennart Poettering
70cd1e561c docs: document the new journal file format additions 2020-06-25 15:02:41 +02:00
Lennart Poettering
bbcd38e41e docs: import journal file format docs from fdo wiki
Just an import, with no textual changes (some fixed URLs however)
2020-06-25 15:02:34 +02:00
Lennart Poettering
8653185a9e journal: support zstd compression for large objects in journal files 2020-06-25 15:02:18 +02:00
Lennart Poettering
0dbe57ee86 journal-file: when individual hash chains grow too large, rotate
Even with the new keyed hash table journal feature: if an attacker
manages to get access to the journal file id it could synthesize records
that result in hash collisions. Let's rotate automatically when we
notice that, so that a new journal file ID is generated, our performance
is restored and the attacker has to guess a new file ID before being
able to trigger the issue again.

That said, untrusted peers should never get access to journal files in
the first case...
2020-06-25 15:02:00 +02:00
Lennart Poettering
4ce534f4cd journal: use a different hash function for each journal file
This adds a new (incompatible) feature to journal files: if enabled the
hash function used for the hash tables is no longer jenkins hash with a
zero key, but siphash keyed by the file uuid that is included in the
file header anyway. This should make our hash tables more robust against
collision attacks, as long as the attacker has no read access to the
journal files. We switch from jenkins to siphash simply because it's
more well-known and we standardize for the rest of our codebase onto it.

This is hardening in order to make collision attacks harder for clients
that can forge log messages but have no read access to the logs. It has
no effect on clients that have read access.
2020-06-25 15:01:45 +02:00
Lennart Poettering
7851ec6634 journal: make signature arrays const 2020-06-25 15:01:40 +02:00
Lennart Poettering
20b0acfacd journal: rename hash64() to jenkins_hash64()
Let's prefix this with "jenkins_" since it wraps the jenkins hash. We
want to add support for other hash functions to journald soon, hence
better be clear with what this is. In particular as all other symbols
defined by lookup3.h actually are prefixed "jenkins_".
2020-06-25 15:01:36 +02:00
Lennart Poettering
f4474e004d journal-file: rename return parameters to ret_xyz
Let's clean this up a bit, following our usual nomenclature to name
return parameters ret-xyz.

This is mostly a bit of renaming, but there's also some minor other
changes: if we return a pointer to a mmap'ed object plus its offset, in
almost all cases we are happy if either parameter is NULL in case the
caller is not interested in it. Let's fix the remaining case to do this
too, to minimize surprises.
2020-06-25 15:01:22 +02:00
Lennart Poettering
5030c85a3e journal-file: also show field hash table size in debug output 2020-06-25 15:01:17 +02:00
Lennart Poettering
e958c05703 journal-file: simplify boot ID acquiring 2020-06-25 15:01:12 +02:00
Lennart Poettering
cde8c5f722 journal: store NE hash instead of LE hash in Match object
We keep converting forth and back though we never need it in LE. Let's
stop doing those conversions hence.
2020-06-25 15:00:59 +02:00
Lennart Poettering
a76560915f journal-file: use FLAGS_SET where appropriate 2020-06-25 15:00:44 +02:00
Lennart Poettering
e9ece6a0e3 journal: fix definition of _OBJECT_COMPRESSED_MAX
The object flags field is a bitmask, hence don't sloppily define
_OBJECT_COMPRESSED_MAX as one mor than the previous flag. That worked OK
as long as we only had two flags, but will fall apart as soon as we have
three. Let's fix this.

(It's kinda sloppy how the string table is built here, as it will be
quite sparse as soon as we have more enum entries, but let's keep it for
now.)
2020-06-25 15:00:37 +02:00
Lennart Poettering
d1d8f0f369 macro: add CONST_MIN() similar to CONST_MAX() 2020-06-25 15:00:09 +02:00
Lennart Poettering
f49bead3b0
Merge pull request #16257 from keszybz/two-fuzzer-issues
Two fuzzer issues
2020-06-25 14:40:35 +02:00
Lennart Poettering
b7d81d19cc
Merge pull request #16249 from bluca/root_verity_sig
Verity: add support for root hash signature
2020-06-25 13:53:17 +02:00
Evgeny Vereshchagin
a055076988 ci: free up some resources on Pipelines
Now that CIFuzz supports all the sanitizers we use and ALLOWED_BROKEN_TARGETS_PERCENTAGE
we no longer need that bash script.
2020-06-25 10:48:57 +02:00
Evgeny Vereshchagin
efa5bef285 ci: switch to Ubuntu Bionic on Semaphore
To judge from the settings page where I was kind of nudged into switching to
Ubuntu 18.04 it looks like Ubuntu Xenial is deprecated there.
2020-06-25 10:47:33 +02:00
Luca Boccassi
d4d55b0d13 core: add RootHashSignature service parameter
Allow to explicitly pass root hash signature as a unit option. Takes precedence
over implicit checks.
2020-06-25 08:45:21 +01:00
Luca Boccassi
c2923fdcd7 dissect/nspawn: add support for dm-verity root hash signature
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
2020-06-25 08:45:21 +01:00
Luca Boccassi
035e8e50d7 veritysetup: add support for dm-verity root hash signature
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it in the
veritysetup helper binary.
2020-06-25 08:44:49 +01:00
Zbigniew Jędrzejewski-Szmek
e60d3b13df
Merge pull request #16265 from Werkov/fix-16248
cgroup: Parse infinity properly for memory protections
2020-06-25 09:25:18 +02:00
Zbigniew Jędrzejewski-Szmek
fd7c7fc8ee
Merge pull request #16271 from yuwata/network-cleanups-around-link-get
network: several tiny cleanups around link_get()
2020-06-25 09:06:49 +02:00
Michal Koutný
e41de5e491 missing: Add new Linux capabilities
Linux kernel v5.8 adds two new capabilities. Make sure we can recongize
them even when built with older kernel.
2020-06-25 09:02:43 +02:00
Lennart Poettering
6b000af4f2 tree-wide: avoid some loaded terms
https://tools.ietf.org/html/draft-knodel-terminology-02
https://lwn.net/Articles/823224/

This gets rid of most but not occasions of these loaded terms:

1. scsi_id and friends are something that is supposed to be removed from
   our tree (see #7594)

2. The test suite defines an API used by the ubuntu CI. We can remove
   this too later, but this needs to be done in sync with the ubuntu CI.

3. In some cases the terms are part of APIs we call or where we expose
   concepts the kernel names the way it names them. (In particular all
   remaining uses of the word "slave" in our codebase are like this,
   it's used by the POSIX PTY layer, by the network subsystem, the mount
   API and the block device subsystem). Getting rid of the term in these
   contexts would mean doing some major fixes of the kernel ABI first.

Regarding the replacements: when whitelist/blacklist is used as noun we
replace with with allow list/deny list, and when used as verb with
allow-list/deny-list.
2020-06-25 09:00:19 +02:00
Zbigniew Jędrzejewski-Szmek
f23810da20 fuzz-udev-rules: -ENOBUFS should be accepted too
In udev_rules_load(), add a debug message. Otherwise there'd be no indication
that parsing was aborted.
2020-06-25 08:51:21 +02:00
Zbigniew Jędrzejewski-Szmek
85fbebe61a journal: fix buffer overrun when urlifying
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21122.

message is only valid until message_len, and we need to make sure we're not
reading pass that. Bug introduced in 2108b56749.
2020-06-25 08:51:21 +02:00
Yu Watanabe
f50f597217 network: fix typo in comment 2020-06-25 13:43:35 +09:00
Yu Watanabe
7936917e3e network: do not update operstate when netdev is not ready 2020-06-25 13:41:47 +09:00
Yu Watanabe
e856ed00f9 network: fix assertion in link_get() 2020-06-25 13:17:37 +09:00
Yu Watanabe
25b831bac8 network: check that received ifindex is valid 2020-06-25 13:13:47 +09:00
Michal Koutný
d184fb39b6 test: Test memory limit parsing
This covers parsing from configuration files only. Properties set via
DBus have separate code path whose testing would require DBus setup.
2020-06-24 23:16:11 +02:00
Michal Koutný
67e2baff6b cgroup: Parse infinity properly for memory protections
This fixes commit db2b8d2e28 that
rectified parsing empty values but broke parsing explicit infinity.
Intended parsing semantics will be captured in a testcase in a follow up
commit.

Ref: #16248
2020-06-24 23:16:06 +02:00
Evgeny Vereshchagin
b18573e16f ci: bring back Coverity part 2
It's just a follow-up to https://github.com/systemd/systemd/pull/16266.

Currently the Coverity stage is failing with
```
Starting container systemd-fedora-latest
2db425228e1addbce607c7e47e492a0faef2c2c4e85701c6c239a50de95944eb
Error: No such container: bash
The command "$CI_MANAGERS/fedora.sh SETUP" failed and exited with 1 during .
Your build has been stopped.
```

https://travis-ci.org/github/systemd/systemd/builds/701798193
2020-06-24 22:58:17 +02:00
Evgeny Vereshchagin
595cb4211a ci: bring back Coverity
Looks like DOCKER_EXEC got lost somewhere along the way, which, in
turn, caused the "coverity" job to fail with
```
$ $DOCKER_EXEC meson cov-build -Dman=false
Command 'meson' not found, but can be installed with:
apt install meson
Please ask your administrator.
```

https://travis-ci.org/github/systemd/systemd/builds/701705788
2020-06-24 22:32:56 +02:00
Lennart Poettering
c4e90266db
Merge pull request #16093 from yuwata/network-htb-add-settings-15213
network: tc: add several settings for HTB
2020-06-24 19:07:41 +02:00
Lennart Poettering
f9044b74c5
Merge pull request #16106 from yuwata/network-tc-ets
network: tc: introduce ETS
2020-06-24 19:04:43 +02:00
Zbigniew Jędrzejewski-Szmek
f83803a649
Merge pull request #16238 from keszybz/set-handling-more
Fix handling of cases where a duplicate item is added to a set and related cleanups
2020-06-24 17:42:13 +02:00
Filipe Brandenburger
41d1f469cf log: introduce log_parse_environment_cli() and log_setup_cli()
Presently, CLI utilities such as systemctl will check whether they have a tty
attached or not to decide whether to parse /proc/cmdline or EFI variable
SystemdOptions looking for systemd.log_* entries.

But this check will be misleading if these tools are being launched by a
daemon, such as a monitoring daemon or automation service that runs in
background.

Make log handling of CLI tools uniform by never checking /proc/cmdline or EFI
variables to determine the logging level.

Furthermore, introduce a new log_setup_cli() shortcut to set up common options
used by most command-line utilities.
2020-06-24 16:49:26 +02:00
Zbigniew Jędrzejewski-Szmek
e198eba7c2 sysv-generator: reduce scope of variables 2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
80ce54adaf socket-proxy: use structured initialization in one place 2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
add74e8929 basic/hashmap,set: propagate allocation location info in _copy()
Also use double space before the tracking args at the end. Without
the comma this looks ugly, but it's a bit better with the double space.
At least it doesn't look like a variable with a type.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
35e601d4f9 tree-wide: use set_ensure_consume() in various places
No funtional change.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
39dbd0c74c networkd: take ref immediately after storing item in set
I'm not sure if I understand the code correctly, but it seems that if
storig in the second set failed, we'd return with the first set having
no reference on the link object, and the link object could be freed in the
future, leaving the set with a dangling reference.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
d02fd8b1c6 core/bpf-firewall: use the correct cleanup function
On error, we'd just free the object, and not close the fd.

While at it, let's use set_ensure_consume() to make sure we don't leak
the object if it was already in the set. I'm not sure if that condition
can be achieved.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
648c339c49 logind: fix possible memleak of message if the message was already in the set
I'm not sure if it is actually possible to encounter this condition. But
let's make the handling correct regardless.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
d378ef708b portable: rework set handling in portable_detach()
_cleanup_set_free_ is enough for unit_files, because unit_files is
allocated in set_put_strdup(), which uses string_hash_ops_free.

This fixes a leak if marker was already present in the table.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
ab9dd0b997 resolved: fix memleak on duplicate host lines in /etc/hosts 2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
ceb17827fa resolved: simplify allocation failure handling in dns_stub_process_query()
Old code was correct, but let's make things more explicit.
2020-06-24 10:38:15 +02:00
Zbigniew Jędrzejewski-Szmek
b8b46b1ce5 basic/set,hashmap: pass through allocation info in more cases 2020-06-24 10:38:15 +02:00