As usual, we need to protect ourselves against concurrent modification
of journal files. We a pretty good at that these days when reading
journal files. But journal_file_copy_entry() so far wasn't too good with
that. journal_file_append_data() so far returned EINVAL when you pass
invalid data to it. Since we pass the source data as-is in there, it's
going to fail if the journal source file is slightly invalid due to a
concurrent update.
Hence, we need to validate data gracefully here that we think comes from
a safe place, because actually it doesn't, it's directly copied from an
unsafe journal file.
Hence, let's introduce a clear error code here, and look for it in
journal_file_copy_entry(), and handle it gracefully.
Pretty sure this fixes #33372, but it's a race, so I don't know for
sure. If this remains reproducible we need to look at this again.
Fixes: #33372
assert(f);
+ /* Return a recognizable error for data that is submitted for *writing*. Note that we leave EBADMSG
+ * for bad messages we *read*. And EINVAL is too generic an error (which might be triggered by all
+ * kinds of other places). Hence use a separate EUCLEAN here. */
if (!data || size == 0)
- return -EINVAL;
+ return -EUCLEAN;
hash = journal_file_hash_data(f, data, size);
eq = memchr(data, '=', size);
if (!eq)
- return -EINVAL;
+ return -EUCLEAN;
osize = journal_file_data_payload_offset(f) + size;
r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p);
return r;
assert(r > 0);
- if (l == 0)
- return -EBADMSG;
-
r = journal_file_append_data(to, data, l, &u, &h);
+ if (r == -EUCLEAN) {
+ log_debug_errno(r, "Entry item %"PRIu64" invalid, skipping over it: %m", i);
+ continue;
+ }
if (r < 0)
return r;
projects / thirdparty / systemd.git / commitdiff
