This breaks the ABI interface. Cryptsetup reencrypt code
depends on checking the minimal accessible FS block
to prevent the destruction of the filesystem if a user
requests reencryption to a larger sector than
the filesystem can handle.
This patch removes the condition to make ABI compatible
again (as we cannot add FSINFO bit retrospectively).
Karel Zak [Tue, 1 Nov 2022 09:30:06 +0000 (10:30 +0100)]
logger: always update header when read from stdin
The current code updates the header only when the priority has been
changed. It's incorrect because wanted is a valid header or each entry
(don't forget that logger for stdin use-case is used in pipe to log
long-time running processes).
This patch also fixes the initial timestamp; it was originally generated
on logger startup, it now generates the header on the first message.
old:
<13>Nov 1 10:42:14 kzak: Tue Nov 1 10:42:16 AM CET 2022
<13>Nov 1 10:42:14 kzak: Tue Nov 1 10:42:18 AM CET 2022
<13>Nov 1 10:42:14 kzak: Tue Nov 1 10:42:20 AM CET 2022
new:
<13>Nov 1 10:19:02 kzak: Tue Nov 1 10:19:02 AM CET 2022
<13>Nov 1 10:19:04 kzak: Tue Nov 1 10:19:04 AM CET 2022
<13>Nov 1 10:19:06 kzak: Tue Nov 1 10:19:06 AM CET 2022
Fixes: https://github.com/util-linux/util-linux/issues/1866 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Mon, 31 Oct 2022 12:54:45 +0000 (13:54 +0100)]
Merge branch 'lsfd-s390-proc-net-L3' of https://github.com/masatake/util-linux
* 'lsfd-s390-proc-net-L3' of https://github.com/masatake/util-linux:
lsfd: unify the code for reading /proc/net/tcp and udp
lsfd: make the logic for verifying the initial line of /proc/net/{tcp,udp} more flexible
Chris Down [Wed, 26 Oct 2022 14:47:36 +0000 (15:47 +0100)]
kill: Support mandating the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organistion experiencing this:
in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -r/--require-handler flag, which checks
if a userspace handler is present for the signal being sent. If it is
not, the process will be skipped.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Inside a container, the file /proc/self/mountinfo may contain many lines
with /dev/root. It is also quite likely that /dev/root is not visible
inside the container. This may cause mnt_guess_system_root() to try to use
libblkid before giving up, through mnt_resolve_spec() and
mnt_resolve_tag(), which calls blkid_evaluate_tag(). The call to
blkid_evaluate_tag() may trigger a scan of all block devices, which is
expensive.
For this reason, it doesn't make any sense for kernel_fs_postparse()
to call mnt_guess_system_root() more than once for every call to
mnt_table_parse_stream. Instead, save the result from the first call and
reuse it for all subsequent calls to kernel_fs_postparse(), so that there
is at most one call to mnt_guess_system_root() for every call
to mnt_table_parse_stream().
[kzak@redhat.com: - use sysroot_ prefix for the cached variables
- simplify code logic in kernel_fs_postparse()
- add free() to parser_cleanup()]
Signed-off-by: Viktor Rosendahl (BMW) <viktor.rosendahl@gmail.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Wed, 26 Oct 2022 07:41:29 +0000 (09:41 +0200)]
Merge branch 'cramfs/endianess-mismatch' of https://github.com/t-8ch/util-linux
* 'cramfs/endianess-mismatch' of https://github.com/t-8ch/util-linux:
libblkid: cramfs: report version
libblkid: cramfs: report filesystem size
libblkid: test big endian cramfs image
libblkid: cramfs: handle cross-endianess for checksums
Masatake YAMATO [Wed, 26 Oct 2022 02:56:00 +0000 (11:56 +0900)]
lsfd: make the logic for verifying the initial line of /proc/net/{tcp,udp} more flexible
The format of /proc/net/udp was changed in 6c25449e1a32 ("net: udp: fix alignment problem in udp4_seq_show()").
This kind of change can be applied to /proc/net/tcp, too.
Co-Authored-by: Thomas Weißschuh <thomas@t-8ch.de> Co-Authored-by: Masatake YAMATO <yamato@redhat.com>
Karel Zak [Wed, 12 Oct 2022 07:46:56 +0000 (09:46 +0200)]
libsmartcols: use standard deviation to optimize columns width
The standard deviation together with mean (average) of the data width
can be used to detect "problematic" columns and to calculate optimal
width.
The idea is to sort column by avg+deviation and start columns width
reduction from the column with the most wide and variable width. The
width reduction is also optimized by 68–95–99 rule (aka empirical
rule, avg+n*deviation; where n={1,2,3}) to cover 95% or 68% data in
the column.
The disadvantage is we need to link libsmartcols with -lm (math) due
to sqrt() function.
Karel Zak [Mon, 24 Oct 2022 09:04:40 +0000 (11:04 +0200)]
Merge branch 'tests' of https://github.com/t-8ch/util-linux
* 'tests' of https://github.com/t-8ch/util-linux:
ci: install dependencies from setup-ubuntu.sh
ci: s390x: install more test dependencies
lsfd: skip test mkfds-udp on s390x
Karel Zak [Fri, 21 Oct 2022 16:11:59 +0000 (18:11 +0200)]
libblkid: fix jmicron checksum and LE to CPU
- don't cast packed struct to uint16_t pointer, use temporary value
- calculate real count for the loop
- convert all to LE for checksum calculation (jm_to_cpu() ignores fillers)
Karel Zak [Fri, 21 Oct 2022 12:23:50 +0000 (14:23 +0200)]
lsfd: fix compiler warning [-Werror,-Wextra-semi]
isc-utils/lsfd-sock-xinfo.c:588:34: error: extra ';' outside of a function [-Werror,-Wextra-semi]
define_fill_column_func(tcp, TCP);
^
misc-utils/lsfd-sock-xinfo.c:703:34: error: extra ';' outside of a function [-Werror,-Wextra-semi]
define_fill_column_func(udp, UDP);
^
Addresses: 92a0dbce7c779923bd2a6fd7c53470ff6982ea50 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Fri, 21 Oct 2022 11:02:56 +0000 (13:02 +0200)]
Merge branch 'lsfd-udp' of https://github.com/masatake/util-linux
* 'lsfd-udp' of https://github.com/masatake/util-linux:
tests: (lsfd) add a case testing UDP sockets
lsfd: use extra information loaded from /proc/net/udp
lsfd: (man) write more about TCP scokets
Karel Zak [Fri, 21 Oct 2022 10:39:11 +0000 (12:39 +0200)]
Merge branch 'ci/big-endian' of https://github.com/t-8ch/util-linux
* 'ci/big-endian' of https://github.com/t-8ch/util-linux:
Run Ci on big-endian s390x
tests: disable nonfunctional tests under qemu user emulation
ci: don't run make with infinite parallel jobs
zhanchengbin [Mon, 10 Oct 2022 09:23:24 +0000 (17:23 +0800)]
fsck: Processes may kill other processes.
A error in disk-utils/fsck.c, if run the fsck -N command, processes
don't execute, just show what would be done. However, the pid whose
value is -1 is added to the instance_list list in the execute
function,if the kill_all function is called later, kill(-1, signum)
is executed, Signals are sent to all processes except the number one
process and itself. Other processes will be killed if they use the
default signal processing function.
Thomas Weißschuh [Mon, 10 Oct 2022 21:07:25 +0000 (23:07 +0200)]
libblkid: apfs: add test
Fixes #1807
Information known to macOS:
```
$ hdiutil attach apfs.img
/dev/disk1
/dev/disk2 EF57347C-0000-11AA-AA11-0030654
/dev/disk2s1 41504653-0000-11AA-AA11-0030654 /Volumes/testapfs
$ diskutil info disk2
Device Identifier: disk2
Device Node: /dev/disk2
Whole: Yes
Part of Whole: disk2
Device / Media Name: Disk Image
Volume Name: Not applicable (no file system)
Mounted: Not applicable (no file system)
File System: None
Content (IOContent): EF57347C-0000-11AA-AA11-00306543ECAC
OS Can Be Installed: No
Media Type: Generic
Protocol: Disk Image
SMART Status: Not Supported
Disk / Partition UUID: 25E5F1D3-11C0-4D36-98A5-3F66953519B9
Read-Only Media: No
Read-Only Volume: Not applicable (no file system)
Device Location: External
Removable Media: Removable
Media Removal: Software-Activated
Virtual: Yes
$ diskutil info disk2s1
Device Identifier: disk2s1
Device Node: /dev/disk2s1
Whole: No
Part of Whole: disk2
Volume Name: testapfs
Mounted: Yes
Mount Point: /Volumes/testapfs
Partition Type: 41504653-0000-11AA-AA11-00306543ECAC
File System Personality: APFS
Type (Bundle): apfs
Name (User Visible): APFS
Owners: Disabled
OS Can Be Installed: Yes
Media Type: Generic
Protocol: Disk Image
SMART Status: Not Supported
Volume UUID: 3EA5C1EF-64CB-447C-AE37-8046CDC35010
Disk / Partition UUID: 3EA5C1EF-64CB-447C-AE37-8046CDC35010
Milan Broz [Sun, 9 Oct 2022 18:20:45 +0000 (20:20 +0200)]
libblkid: avoid buffer overflow in ocfs superblock parsing
Label and mount values are checked only according to on-disk
values and not checked against the real structure size.
This can lead to reading of memory outside of superblock
struct and subsequent crash.
Reproducer found with OSS-Fuzz (issue 52270) running over
cryptsetup project (blkid is used in header init).
projects / thirdparty / util-linux.git / log
