The utility fsck.cramfs is prone to a bus error on file systems for
big endian systems with non-standard header sizes. While calculating
the crc32 checksum, it does not properly handle a possible offset
for bootcodes, resulting in out of boundary access of mmap'ed area.
You can trigger the issue with the following commands:
libfdisk: (sun) fix creation of whole disk partition
sun_add_partition() allowed the 1st sector to be 0 for the 3rd partition
only if that sector was free or if other partitions covered the whole
disk. Now it's always allowed for the 1st sector to be set to 0 for
the 3rd partition.
[kzak@redhat.com: - print info about "wholedisk" before "First sector" dialog for 3rd partition
- default to 0 for 3rd partition start sector]
Signed-off-by: Mikhail Vorobyov <m.vorobyov@cs.msu.ru> Signed-off-by: Karel Zak <kzak@redhat.com>
Prarit Bhargava [Wed, 1 Nov 2017 14:37:00 +0000 (15:37 +0100)]
dmesg: Add --force-prefix option
The kernel outputs multi-line messages (kernel messages that contain
the end-of-line character '\n'). These message are currently displayed by
dmesg as
The kernel timestamps each of these lines with [965199.028940] and the
dmesg utility should do the same.
Add the 'force-prefix'/'-p' dmesg option to add decode & timestamp
information to each line of a multi-line message.
Notes: The new print_record() algorithm stores the decode & timestamp
information in buffers. If the force-prefix option is used, the
message is split into separate lines and each line is prefixed with
the stored decode & timestamp information. The splitting of the
message into separate lines is done using strtok() which requires
write access to the message buffer (ie, the const message buffer is
now copied into a writeable buffer).
Successfully tested by me by looking at sysrq-t and sysrq-w output.
All known good /tests passed with these changes.
[kzak@redhat.com:
- use snprintf()
- cleanup \n usage (don't count line break to the
message text in the parsers and always print \n after the text
- add the option to the man page
- use --force-prefix for kmsg only, old syslog(2) API splits messages itself
- strdup() the message text only on force-prefix]
Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Kevin Locke [Mon, 30 Oct 2017 19:50:51 +0000 (13:50 -0600)]
bash-completion: Exclude /dev/fd from fsck find
When the bash-completion for fsck runs `find -L /dev/ -type b` it
descends into /dev/fd after opening '.' as file descriptor 3. This
causes find to search through /dev/fd/3/ which includes everything below
the current directory, which can take a very long time.
To avoid this, prune /dev/fd in the find expression.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
Milan Broz [Mon, 23 Oct 2017 14:26:51 +0000 (16:26 +0200)]
blkid: Add support for LUKS2 and new LABEL attributes.
This patch adds support for detection of a LUKS2 superblock.
LUKS2 is new version of Linux Unified Key Setup for encrypted
block devices.
LUKS2 contains a binary header and then JSON area for metadata.
Blkid should only parse the binary part, including newly available
optional LABEL and SUBSYSTEM fields.
LABEL is similar to filesystem label. The SUBSYSTEM field is
in principle, just a second label and can be used for specific udev rules
(for example if you have some 3rd party system that activates
volumes automatically, you can mark devices using this attribute).
Both labels are optional.
The magic string and UUID location are intentionally on the same offset
as LUKS v1, so even unpatched blkid now recognizes LUKS2.
Anyway, the code should not parse other versions of the header, so we now
explicitly check for header version and support only version 1 and 2.
Karel Zak [Fri, 20 Oct 2017 10:31:09 +0000 (12:31 +0200)]
lsmem: add --split
Now the way how lsmem lists memory ranges is affected by used output
columns. It makes it very difficult to use in scripts where you want
to use for example only one column
ranges=$(lsmem -oRANGE)
and in this case all is merged to the one (or two) huge ranges and all
attributes are ignored. The --split allows to control this behavior
ranges=$(lsmem -oRANGE --split=STATE,ZONES)
forces lsmem to list ranges by STATE and ZONES differences.
The existing s390 and x86_64 dumps already contain the valid_zones sysfs
attribute, so just add a new "lsmem -o +ZONES" test command and update
the expected results.
With this patch, valid memory zones can be shown with lsmem, and chmem can
set memory online/offline in a specific memory zone, if allowed by the
kernel. The valid memory zones are read from the "valid_zones" sysfs
attribute, and setting memory online to a specific zone is done by
echoing "online_kernel" or "online_movable" to the "state" sysfs
attribute, in addition to the previous "online".
This patch also changes the default behavior of chmem, when setting memory
online without specifying a memory zone. If valid, memory will be set
online to the zone Movable. This zone is preferable for memory hotplug, as
it makes memory offline much more likely to succeed.
Karel Zak [Mon, 9 Oct 2017 10:44:48 +0000 (12:44 +0200)]
libmount: use eacess() rather than open() to check mtab/utab
The open() syscall is probably the most strong way how to check write
accessibility in all situations, but it's overkill and on some
paranoid systems with enabled audit/selinux. It fills logs with
"Permission denied" entries. Let's use eaccess() if available.
This allows to conveniently kill the entire process tree
below the forked program, a common problem when scripting
tasks that need to reliably fully terminate without leaving
reparented subprocesses behind.
The example added to the man page shows the most common use.
Karel Zak [Wed, 11 Oct 2017 10:35:24 +0000 (12:35 +0200)]
logger: allow to reconnect on initial failed connect too
The current code sets noact flag if unix socked connection failed. This is ugly.
We want to reconnect always in all cases (well, except --socket-error=on).
Karel Zak [Tue, 10 Oct 2017 11:56:30 +0000 (13:56 +0200)]
logger: reconnect on failed send()
The libc syslog() reconnects on failed send(). We need the same thing
as logger(1) is expected as long time running tool. For example
recommended Apache configuration is:
Karel Zak [Mon, 2 Oct 2017 11:44:29 +0000 (13:44 +0200)]
libmount: add human compatible message for EBADMSG errno
mount: /media/sdb5: mount(2) system call failed: Bad message.
is really ugly for end users. It seems XFS, extN (etc) use EBADMSG for
bad checksums. For network or pseudo filesystems continue to use "Bad
message" error...
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1496764 Signed-off-by: Karel Zak <kzak@redhat.com>
[kzak@redhat.com: - fix loopcxt_get_blocksize()
- remove lo_blocksize from loop_info64]
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz> Cc: Ming Lei <ming.lei@redhat.com> Cc: Hannes Reinecke <hare@suse.com> Cc: Omar Sandoval <osandov@fb.com> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Karel Zak <kzak@redhat.com>
A program using setproctitle can trigger an out of boundary access
if an attacker was able to clear the environment before execution.
The check in setproctitle prevents overflows, but does not take into
account that the whole length of the arguments could be 1, which is
possible by supplying such a program name to execlp(3) or using a
symbolic link, e.g. argv[0] = "l", argv[1] = NULL.
Only login uses setproctitle, which is not affected by this
problem due to initializing the environment right before the call.
The functions warnx(3) and gettext(3) are not safe to use within signal
handlers and should be avoided. Preparing the message beforehand and
calling write(2) as well as calling _exit(2) solves the problem.
[kzak@redhat.com: - use program_invocation_short_name rather than argv[0],
- use ignore_result() to keep compiler happy]
The current implementation would return always 0, as it is the return
code of mnt_fs_get_propagation. Change the implementation to raise an
exception on an error and return the propagation flags otherwise.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>