]>
Commit | Line | Data |
---|---|---|
0284adc6 LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2012 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | #include <unistd.h> | |
23 | #include <sys/mman.h> | |
24 | #include <fcntl.h> | |
feb12d3e | 25 | #include <stddef.h> |
0284adc6 LP |
26 | |
27 | #include "util.h" | |
28 | #include "macro.h" | |
29 | #include "journal-def.h" | |
30 | #include "journal-file.h" | |
31 | #include "journal-authenticate.h" | |
32 | #include "journal-verify.h" | |
f59a5f6b | 33 | #include "lookup3.h" |
fd5dc320 | 34 | #include "compress.h" |
288a74cc | 35 | #include "terminal-util.h" |
f59a5f6b | 36 | |
54f3ff07 ZJS |
37 | static void draw_progress(uint64_t p, usec_t *last_usec) { |
38 | unsigned n, i, j, k; | |
39 | usec_t z, x; | |
40 | ||
41 | if (!on_tty()) | |
42 | return; | |
43 | ||
44 | z = now(CLOCK_MONOTONIC); | |
45 | x = *last_usec; | |
46 | ||
47 | if (x != 0 && x + 40 * USEC_PER_MSEC > z) | |
48 | return; | |
49 | ||
50 | *last_usec = z; | |
51 | ||
52 | n = (3 * columns()) / 4; | |
53 | j = (n * (unsigned) p) / 65535ULL; | |
54 | k = n - j; | |
55 | ||
56 | fputs("\r\x1B[?25l" ANSI_HIGHLIGHT_GREEN_ON, stdout); | |
57 | ||
58 | for (i = 0; i < j; i++) | |
59 | fputs("\xe2\x96\x88", stdout); | |
60 | ||
61 | fputs(ANSI_HIGHLIGHT_OFF, stdout); | |
62 | ||
63 | for (i = 0; i < k; i++) | |
64 | fputs("\xe2\x96\x91", stdout); | |
65 | ||
66 | printf(" %3"PRIu64"%%", 100U * p / 65535U); | |
67 | ||
68 | fputs("\r\x1B[?25h", stdout); | |
69 | fflush(stdout); | |
70 | } | |
71 | ||
45c047b2 LP |
72 | static uint64_t scale_progress(uint64_t scale, uint64_t p, uint64_t m) { |
73 | ||
74 | /* Calculates scale * p / m, but handles m == 0 safely, and saturates */ | |
75 | ||
76 | if (p >= m || m == 0) | |
77 | return scale; | |
78 | ||
79 | return scale * p / m; | |
80 | } | |
81 | ||
54f3ff07 ZJS |
82 | static void flush_progress(void) { |
83 | unsigned n, i; | |
84 | ||
85 | if (!on_tty()) | |
86 | return; | |
87 | ||
88 | n = (3 * columns()) / 4; | |
89 | ||
90 | putchar('\r'); | |
91 | ||
92 | for (i = 0; i < n + 5; i++) | |
93 | putchar(' '); | |
94 | ||
95 | putchar('\r'); | |
96 | fflush(stdout); | |
97 | } | |
98 | ||
99 | #define debug(_offset, _fmt, ...) do{ \ | |
100 | flush_progress(); \ | |
101 | log_debug(OFSfmt": " _fmt, _offset, ##__VA_ARGS__); \ | |
102 | } while(0) | |
103 | ||
104 | #define warning(_offset, _fmt, ...) do{ \ | |
105 | flush_progress(); \ | |
106 | log_warning(OFSfmt": " _fmt, _offset, ##__VA_ARGS__); \ | |
107 | } while(0) | |
108 | ||
109 | #define error(_offset, _fmt, ...) do{ \ | |
110 | flush_progress(); \ | |
111 | log_error(OFSfmt": " _fmt, (uint64_t)_offset, ##__VA_ARGS__); \ | |
112 | } while(0) | |
113 | ||
92fba83e | 114 | static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o) { |
db11ac1a LP |
115 | uint64_t i; |
116 | ||
0284adc6 | 117 | assert(f); |
92fba83e | 118 | assert(offset); |
0284adc6 LP |
119 | assert(o); |
120 | ||
121 | /* This does various superficial tests about the length an | |
122 | * possible field values. It does not follow any references to | |
123 | * other objects. */ | |
124 | ||
d89c8fdf | 125 | if ((o->object.flags & OBJECT_COMPRESSED_XZ) && |
bca9e39d LP |
126 | o->object.type != OBJECT_DATA) { |
127 | error(offset, "Found compressed object that isn't of type DATA, which is not allowed."); | |
f59a5f6b | 128 | return -EBADMSG; |
bca9e39d | 129 | } |
f59a5f6b | 130 | |
0284adc6 | 131 | switch (o->object.type) { |
f59a5f6b | 132 | |
fd5dc320 LP |
133 | case OBJECT_DATA: { |
134 | uint64_t h1, h2; | |
1ec7120e | 135 | int compression, r; |
fd5dc320 | 136 | |
92fba83e | 137 | if (le64toh(o->data.entry_offset) == 0) |
54f3ff07 | 138 | warning(offset, "unused data (entry_offset==0)"); |
92fba83e ZJS |
139 | |
140 | if ((le64toh(o->data.entry_offset) == 0) ^ (le64toh(o->data.n_entries) == 0)) { | |
54f3ff07 | 141 | error(offset, "bad n_entries: %"PRIu64, o->data.n_entries); |
0284adc6 | 142 | return -EBADMSG; |
92fba83e | 143 | } |
0284adc6 | 144 | |
92fba83e | 145 | if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0) { |
54f3ff07 ZJS |
146 | error(offset, "bad object size (<= %zu): %"PRIu64, |
147 | offsetof(DataObject, payload), | |
148 | le64toh(o->object.size)); | |
0284adc6 | 149 | return -EBADMSG; |
92fba83e | 150 | } |
f59a5f6b | 151 | |
fd5dc320 | 152 | h1 = le64toh(o->data.hash); |
f59a5f6b | 153 | |
1ec7120e ZJS |
154 | compression = o->object.flags & OBJECT_COMPRESSION_MASK; |
155 | if (compression) { | |
d89c8fdf | 156 | _cleanup_free_ void *b = NULL; |
fa1c4b51 | 157 | size_t alloc = 0, b_size; |
f59a5f6b | 158 | |
1ec7120e ZJS |
159 | r = decompress_blob(compression, |
160 | o->data.payload, | |
161 | le64toh(o->object.size) - offsetof(Object, data.payload), | |
162 | &b, &alloc, &b_size, 0); | |
163 | if (r < 0) { | |
54f3ff07 ZJS |
164 | error(offset, "%s decompression failed: %s", |
165 | object_compressed_to_string(compression), strerror(-r)); | |
1ec7120e | 166 | return r; |
92fba83e | 167 | } |
fd5dc320 LP |
168 | |
169 | h2 = hash64(b, b_size); | |
fd5dc320 LP |
170 | } else |
171 | h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload)); | |
172 | ||
92fba83e | 173 | if (h1 != h2) { |
54f3ff07 | 174 | error(offset, "invalid hash (%08"PRIx64" vs. %08"PRIx64, h1, h2); |
fd5dc320 | 175 | return -EBADMSG; |
92fba83e | 176 | } |
f59a5f6b | 177 | |
db11ac1a LP |
178 | if (!VALID64(o->data.next_hash_offset) || |
179 | !VALID64(o->data.next_field_offset) || | |
180 | !VALID64(o->data.entry_offset) || | |
92fba83e | 181 | !VALID64(o->data.entry_array_offset)) { |
54f3ff07 ZJS |
182 | error(offset, "invalid offset (next_hash_offset="OFSfmt", next_field_offset="OFSfmt", entry_offset="OFSfmt", entry_array_offset="OFSfmt, |
183 | o->data.next_hash_offset, | |
184 | o->data.next_field_offset, | |
185 | o->data.entry_offset, | |
186 | o->data.entry_array_offset); | |
db11ac1a | 187 | return -EBADMSG; |
92fba83e | 188 | } |
db11ac1a | 189 | |
0284adc6 | 190 | break; |
fd5dc320 | 191 | } |
0284adc6 LP |
192 | |
193 | case OBJECT_FIELD: | |
92fba83e | 194 | if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) { |
54f3ff07 ZJS |
195 | error(offset, |
196 | "bad field size (<= %zu): %"PRIu64, | |
197 | offsetof(FieldObject, payload), | |
198 | le64toh(o->object.size)); | |
0284adc6 | 199 | return -EBADMSG; |
92fba83e | 200 | } |
db11ac1a LP |
201 | |
202 | if (!VALID64(o->field.next_hash_offset) || | |
92fba83e | 203 | !VALID64(o->field.head_data_offset)) { |
54f3ff07 ZJS |
204 | error(offset, |
205 | "invalid offset (next_hash_offset="OFSfmt", head_data_offset="OFSfmt, | |
206 | o->field.next_hash_offset, | |
207 | o->field.head_data_offset); | |
db11ac1a | 208 | return -EBADMSG; |
92fba83e | 209 | } |
0284adc6 LP |
210 | break; |
211 | ||
212 | case OBJECT_ENTRY: | |
92fba83e | 213 | if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) { |
54f3ff07 ZJS |
214 | error(offset, |
215 | "bad entry size (<= %zu): %"PRIu64, | |
216 | offsetof(EntryObject, items), | |
217 | le64toh(o->object.size)); | |
0284adc6 | 218 | return -EBADMSG; |
92fba83e | 219 | } |
0284adc6 | 220 | |
92fba83e | 221 | if ((le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0) { |
54f3ff07 ZJS |
222 | error(offset, |
223 | "invalid number items in entry: %"PRIu64, | |
224 | (le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem)); | |
0284adc6 | 225 | return -EBADMSG; |
92fba83e ZJS |
226 | } |
227 | ||
228 | if (le64toh(o->entry.seqnum) <= 0) { | |
54f3ff07 ZJS |
229 | error(offset, |
230 | "invalid entry seqnum: %"PRIx64, | |
231 | le64toh(o->entry.seqnum)); | |
92fba83e ZJS |
232 | return -EBADMSG; |
233 | } | |
0284adc6 | 234 | |
92fba83e | 235 | if (!VALID_REALTIME(le64toh(o->entry.realtime))) { |
54f3ff07 ZJS |
236 | error(offset, |
237 | "invalid entry realtime timestamp: %"PRIu64, | |
238 | le64toh(o->entry.realtime)); | |
0284adc6 | 239 | return -EBADMSG; |
92fba83e ZJS |
240 | } |
241 | ||
242 | if (!VALID_MONOTONIC(le64toh(o->entry.monotonic))) { | |
54f3ff07 ZJS |
243 | error(offset, |
244 | "invalid entry monotonic timestamp: %"PRIu64, | |
245 | le64toh(o->entry.monotonic)); | |
92fba83e ZJS |
246 | return -EBADMSG; |
247 | } | |
0284adc6 | 248 | |
db11ac1a LP |
249 | for (i = 0; i < journal_file_entry_n_items(o); i++) { |
250 | if (o->entry.items[i].object_offset == 0 || | |
92fba83e | 251 | !VALID64(o->entry.items[i].object_offset)) { |
54f3ff07 ZJS |
252 | error(offset, |
253 | "invalid entry item (%"PRIu64"/%"PRIu64" offset: "OFSfmt, | |
254 | i, journal_file_entry_n_items(o), | |
255 | o->entry.items[i].object_offset); | |
db11ac1a | 256 | return -EBADMSG; |
92fba83e | 257 | } |
db11ac1a LP |
258 | } |
259 | ||
0284adc6 LP |
260 | break; |
261 | ||
262 | case OBJECT_DATA_HASH_TABLE: | |
263 | case OBJECT_FIELD_HASH_TABLE: | |
92fba83e ZJS |
264 | if ((le64toh(o->object.size) - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0 || |
265 | (le64toh(o->object.size) - offsetof(HashTableObject, items)) / sizeof(HashItem) <= 0) { | |
54f3ff07 ZJS |
266 | error(offset, |
267 | "invalid %s hash table size: %"PRIu64, | |
268 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", | |
269 | le64toh(o->object.size)); | |
86adf873 | 270 | return -EBADMSG; |
92fba83e | 271 | } |
86adf873 | 272 | |
fb9a24b6 LP |
273 | for (i = 0; i < journal_file_hash_table_n_items(o); i++) { |
274 | if (o->hash_table.items[i].head_hash_offset != 0 && | |
92fba83e | 275 | !VALID64(le64toh(o->hash_table.items[i].head_hash_offset))) { |
54f3ff07 ZJS |
276 | error(offset, |
277 | "invalid %s hash table item (%"PRIu64"/%"PRIu64") head_hash_offset: "OFSfmt, | |
278 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", | |
279 | i, journal_file_hash_table_n_items(o), | |
280 | le64toh(o->hash_table.items[i].head_hash_offset)); | |
fb9a24b6 | 281 | return -EBADMSG; |
92fba83e | 282 | } |
fb9a24b6 | 283 | if (o->hash_table.items[i].tail_hash_offset != 0 && |
92fba83e | 284 | !VALID64(le64toh(o->hash_table.items[i].tail_hash_offset))) { |
54f3ff07 ZJS |
285 | error(offset, |
286 | "invalid %s hash table item (%"PRIu64"/%"PRIu64") tail_hash_offset: "OFSfmt, | |
287 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", | |
288 | i, journal_file_hash_table_n_items(o), | |
289 | le64toh(o->hash_table.items[i].tail_hash_offset)); | |
fb9a24b6 | 290 | return -EBADMSG; |
92fba83e | 291 | } |
fb9a24b6 LP |
292 | |
293 | if ((o->hash_table.items[i].head_hash_offset != 0) != | |
92fba83e | 294 | (o->hash_table.items[i].tail_hash_offset != 0)) { |
54f3ff07 ZJS |
295 | error(offset, |
296 | "invalid %s hash table item (%"PRIu64"/%"PRIu64"): head_hash_offset="OFSfmt" tail_hash_offset="OFSfmt, | |
297 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", | |
298 | i, journal_file_hash_table_n_items(o), | |
299 | le64toh(o->hash_table.items[i].head_hash_offset), | |
300 | le64toh(o->hash_table.items[i].tail_hash_offset)); | |
fb9a24b6 | 301 | return -EBADMSG; |
92fba83e | 302 | } |
fb9a24b6 LP |
303 | } |
304 | ||
0284adc6 LP |
305 | break; |
306 | ||
307 | case OBJECT_ENTRY_ARRAY: | |
92fba83e ZJS |
308 | if ((le64toh(o->object.size) - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0 || |
309 | (le64toh(o->object.size) - offsetof(EntryArrayObject, items)) / sizeof(le64_t) <= 0) { | |
54f3ff07 ZJS |
310 | error(offset, |
311 | "invalid object entry array size: %"PRIu64, | |
312 | le64toh(o->object.size)); | |
86adf873 | 313 | return -EBADMSG; |
92fba83e | 314 | } |
86adf873 | 315 | |
92fba83e | 316 | if (!VALID64(o->entry_array.next_entry_array_offset)) { |
54f3ff07 ZJS |
317 | error(offset, |
318 | "invalid object entry array next_entry_array_offset: "OFSfmt, | |
319 | o->entry_array.next_entry_array_offset); | |
db11ac1a | 320 | return -EBADMSG; |
92fba83e | 321 | } |
db11ac1a | 322 | |
fb9a24b6 | 323 | for (i = 0; i < journal_file_entry_array_n_items(o); i++) |
af13a6b0 GM |
324 | if (le64toh(o->entry_array.items[i]) != 0 && |
325 | !VALID64(le64toh(o->entry_array.items[i]))) { | |
54f3ff07 ZJS |
326 | error(offset, |
327 | "invalid object entry array item (%"PRIu64"/%"PRIu64"): "OFSfmt, | |
328 | i, journal_file_entry_array_n_items(o), | |
329 | le64toh(o->entry_array.items[i])); | |
fb9a24b6 | 330 | return -EBADMSG; |
92fba83e | 331 | } |
fb9a24b6 | 332 | |
0284adc6 LP |
333 | break; |
334 | ||
335 | case OBJECT_TAG: | |
92fba83e | 336 | if (le64toh(o->object.size) != sizeof(TagObject)) { |
54f3ff07 ZJS |
337 | error(offset, |
338 | "invalid object tag size: %"PRIu64, | |
339 | le64toh(o->object.size)); | |
0284adc6 | 340 | return -EBADMSG; |
92fba83e | 341 | } |
fc89a139 | 342 | |
92fba83e | 343 | if (!VALID_EPOCH(o->tag.epoch)) { |
54f3ff07 ZJS |
344 | error(offset, |
345 | "invalid object tag epoch: %"PRIu64, | |
346 | o->tag.epoch); | |
fc89a139 | 347 | return -EBADMSG; |
92fba83e | 348 | } |
fc89a139 | 349 | |
0284adc6 LP |
350 | break; |
351 | } | |
352 | ||
353 | return 0; | |
354 | } | |
355 | ||
0284adc6 LP |
356 | static int write_uint64(int fd, uint64_t p) { |
357 | ssize_t k; | |
358 | ||
359 | k = write(fd, &p, sizeof(p)); | |
360 | if (k < 0) | |
361 | return -errno; | |
362 | if (k != sizeof(p)) | |
363 | return -EIO; | |
364 | ||
365 | return 0; | |
366 | } | |
367 | ||
368 | static int contains_uint64(MMapCache *m, int fd, uint64_t n, uint64_t p) { | |
369 | uint64_t a, b; | |
370 | int r; | |
371 | ||
372 | assert(m); | |
373 | assert(fd >= 0); | |
374 | ||
375 | /* Bisection ... */ | |
376 | ||
377 | a = 0; b = n; | |
378 | while (a < b) { | |
379 | uint64_t c, *z; | |
380 | ||
381 | c = (a + b) / 2; | |
382 | ||
1b8951e5 | 383 | r = mmap_cache_get(m, fd, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z); |
0284adc6 LP |
384 | if (r < 0) |
385 | return r; | |
386 | ||
387 | if (*z == p) | |
388 | return 1; | |
389 | ||
a2e99cdf LP |
390 | if (a + 1 >= b) |
391 | return 0; | |
392 | ||
0284adc6 LP |
393 | if (p < *z) |
394 | b = c; | |
fcde2389 | 395 | else |
0284adc6 LP |
396 | a = c; |
397 | } | |
398 | ||
399 | return 0; | |
400 | } | |
401 | ||
86adf873 LP |
402 | static int entry_points_to_data( |
403 | JournalFile *f, | |
404 | int entry_fd, | |
405 | uint64_t n_entries, | |
406 | uint64_t entry_p, | |
407 | uint64_t data_p) { | |
408 | ||
409 | int r; | |
410 | uint64_t i, n, a; | |
411 | Object *o; | |
412 | bool found = false; | |
413 | ||
414 | assert(f); | |
415 | assert(entry_fd >= 0); | |
416 | ||
417 | if (!contains_uint64(f->mmap, entry_fd, n_entries, entry_p)) { | |
54f3ff07 ZJS |
418 | error(data_p, |
419 | "data object references invalid entry at "OFSfmt, entry_p); | |
86adf873 LP |
420 | return -EBADMSG; |
421 | } | |
422 | ||
423 | r = journal_file_move_to_object(f, OBJECT_ENTRY, entry_p, &o); | |
424 | if (r < 0) | |
425 | return r; | |
426 | ||
427 | n = journal_file_entry_n_items(o); | |
428 | for (i = 0; i < n; i++) | |
429 | if (le64toh(o->entry.items[i].object_offset) == data_p) { | |
430 | found = true; | |
431 | break; | |
432 | } | |
433 | ||
434 | if (!found) { | |
54f3ff07 ZJS |
435 | error(entry_p, |
436 | "data object at "OFSfmt" not referenced by linked entry", data_p); | |
86adf873 LP |
437 | return -EBADMSG; |
438 | } | |
439 | ||
440 | /* Check if this entry is also in main entry array. Since the | |
441 | * main entry array has already been verified we can rely on | |
7517e174 | 442 | * its consistency. */ |
86adf873 | 443 | |
369f0589 | 444 | i = 0; |
86adf873 LP |
445 | n = le64toh(f->header->n_entries); |
446 | a = le64toh(f->header->entry_array_offset); | |
86adf873 LP |
447 | |
448 | while (i < n) { | |
369f0589 | 449 | uint64_t m, u; |
86adf873 LP |
450 | |
451 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
452 | if (r < 0) | |
453 | return r; | |
454 | ||
455 | m = journal_file_entry_array_n_items(o); | |
369f0589 LP |
456 | u = MIN(n - i, m); |
457 | ||
458 | if (entry_p <= le64toh(o->entry_array.items[u-1])) { | |
459 | uint64_t x, y, z; | |
460 | ||
461 | x = 0; | |
462 | y = u; | |
463 | ||
464 | while (x < y) { | |
465 | z = (x + y) / 2; | |
466 | ||
467 | if (le64toh(o->entry_array.items[z]) == entry_p) | |
468 | return 0; | |
469 | ||
470 | if (x + 1 >= y) | |
471 | break; | |
472 | ||
473 | if (entry_p < le64toh(o->entry_array.items[z])) | |
474 | y = z; | |
475 | else | |
476 | x = z; | |
477 | } | |
478 | ||
54f3ff07 | 479 | error(entry_p, "entry object doesn't exist in main entry array"); |
369f0589 LP |
480 | return -EBADMSG; |
481 | } | |
86adf873 | 482 | |
369f0589 | 483 | i += u; |
356fe3e6 | 484 | a = le64toh(o->entry_array.next_entry_array_offset); |
86adf873 LP |
485 | } |
486 | ||
487 | return 0; | |
488 | } | |
489 | ||
490 | static int verify_data( | |
491 | JournalFile *f, | |
492 | Object *o, uint64_t p, | |
493 | int entry_fd, uint64_t n_entries, | |
494 | int entry_array_fd, uint64_t n_entry_arrays) { | |
495 | ||
496 | uint64_t i, n, a, last, q; | |
497 | int r; | |
498 | ||
499 | assert(f); | |
500 | assert(o); | |
501 | assert(entry_fd >= 0); | |
502 | assert(entry_array_fd >= 0); | |
503 | ||
504 | n = le64toh(o->data.n_entries); | |
505 | a = le64toh(o->data.entry_array_offset); | |
506 | ||
92fba83e ZJS |
507 | /* Entry array means at least two objects */ |
508 | if (a && n < 2) { | |
54f3ff07 ZJS |
509 | error(p, |
510 | "entry array present (entry_array_offset="OFSfmt", but n_entries=%"PRIu64")", | |
511 | a, n); | |
92fba83e ZJS |
512 | return -EBADMSG; |
513 | } | |
514 | ||
515 | if (n == 0) | |
516 | return 0; | |
517 | ||
518 | /* We already checked that earlier */ | |
519 | assert(o->data.entry_offset); | |
86adf873 LP |
520 | |
521 | last = q = le64toh(o->data.entry_offset); | |
522 | r = entry_points_to_data(f, entry_fd, n_entries, q, p); | |
523 | if (r < 0) | |
524 | return r; | |
525 | ||
2a7273ef | 526 | i = 1; |
86adf873 LP |
527 | while (i < n) { |
528 | uint64_t next, m, j; | |
529 | ||
530 | if (a == 0) { | |
54f3ff07 | 531 | error(p, "array chain too short"); |
86adf873 LP |
532 | return -EBADMSG; |
533 | } | |
534 | ||
535 | if (!contains_uint64(f->mmap, entry_array_fd, n_entry_arrays, a)) { | |
54f3ff07 | 536 | error(p, "invalid array offset "OFSfmt, a); |
86adf873 LP |
537 | return -EBADMSG; |
538 | } | |
539 | ||
540 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
541 | if (r < 0) | |
542 | return r; | |
543 | ||
544 | next = le64toh(o->entry_array.next_entry_array_offset); | |
545 | if (next != 0 && next <= a) { | |
54f3ff07 ZJS |
546 | error(p, "array chain has cycle (jumps back from "OFSfmt" to "OFSfmt")", |
547 | a, next); | |
86adf873 LP |
548 | return -EBADMSG; |
549 | } | |
550 | ||
551 | m = journal_file_entry_array_n_items(o); | |
552 | for (j = 0; i < n && j < m; i++, j++) { | |
553 | ||
554 | q = le64toh(o->entry_array.items[j]); | |
555 | if (q <= last) { | |
54f3ff07 | 556 | error(p, "data object's entry array not sorted"); |
86adf873 LP |
557 | return -EBADMSG; |
558 | } | |
559 | last = q; | |
560 | ||
561 | r = entry_points_to_data(f, entry_fd, n_entries, q, p); | |
562 | if (r < 0) | |
563 | return r; | |
564 | ||
565 | /* Pointer might have moved, reposition */ | |
566 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
567 | if (r < 0) | |
568 | return r; | |
569 | } | |
570 | ||
571 | a = next; | |
572 | } | |
573 | ||
574 | return 0; | |
575 | } | |
576 | ||
577 | static int verify_hash_table( | |
578 | JournalFile *f, | |
579 | int data_fd, uint64_t n_data, | |
580 | int entry_fd, uint64_t n_entries, | |
581 | int entry_array_fd, uint64_t n_entry_arrays, | |
b72631e5 LP |
582 | usec_t *last_usec, |
583 | bool show_progress) { | |
86adf873 LP |
584 | |
585 | uint64_t i, n; | |
586 | int r; | |
587 | ||
588 | assert(f); | |
589 | assert(data_fd >= 0); | |
590 | assert(entry_fd >= 0); | |
591 | assert(entry_array_fd >= 0); | |
592 | assert(last_usec); | |
593 | ||
594 | n = le64toh(f->header->data_hash_table_size) / sizeof(HashItem); | |
dade37d4 LP |
595 | if (n <= 0) |
596 | return 0; | |
597 | ||
598 | r = journal_file_map_data_hash_table(f); | |
599 | if (r < 0) | |
600 | return log_error_errno(r, "Failed to map data hash table: %m"); | |
601 | ||
86adf873 LP |
602 | for (i = 0; i < n; i++) { |
603 | uint64_t last = 0, p; | |
604 | ||
b72631e5 | 605 | if (show_progress) |
45c047b2 | 606 | draw_progress(0xC000 + scale_progress(0x3FFF, i, n), last_usec); |
86adf873 LP |
607 | |
608 | p = le64toh(f->data_hash_table[i].head_hash_offset); | |
609 | while (p != 0) { | |
610 | Object *o; | |
611 | uint64_t next; | |
612 | ||
613 | if (!contains_uint64(f->mmap, data_fd, n_data, p)) { | |
54f3ff07 ZJS |
614 | error(p, "invalid data object at hash entry %"PRIu64" of %"PRIu64, |
615 | i, n); | |
86adf873 LP |
616 | return -EBADMSG; |
617 | } | |
618 | ||
619 | r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); | |
620 | if (r < 0) | |
621 | return r; | |
622 | ||
623 | next = le64toh(o->data.next_hash_offset); | |
624 | if (next != 0 && next <= p) { | |
54f3ff07 ZJS |
625 | error(p, "hash chain has a cycle in hash entry %"PRIu64" of %"PRIu64, |
626 | i, n); | |
86adf873 LP |
627 | return -EBADMSG; |
628 | } | |
629 | ||
630 | if (le64toh(o->data.hash) % n != i) { | |
54f3ff07 ZJS |
631 | error(p, "hash value mismatch in hash entry %"PRIu64" of %"PRIu64, |
632 | i, n); | |
86adf873 LP |
633 | return -EBADMSG; |
634 | } | |
635 | ||
636 | r = verify_data(f, o, p, entry_fd, n_entries, entry_array_fd, n_entry_arrays); | |
637 | if (r < 0) | |
638 | return r; | |
639 | ||
640 | last = p; | |
641 | p = next; | |
642 | } | |
643 | ||
644 | if (last != le64toh(f->data_hash_table[i].tail_hash_offset)) { | |
54f3ff07 | 645 | error(p, "tail hash pointer mismatch in hash table"); |
86adf873 LP |
646 | return -EBADMSG; |
647 | } | |
648 | } | |
649 | ||
650 | return 0; | |
651 | } | |
652 | ||
653 | static int data_object_in_hash_table(JournalFile *f, uint64_t hash, uint64_t p) { | |
654 | uint64_t n, h, q; | |
655 | int r; | |
656 | assert(f); | |
657 | ||
658 | n = le64toh(f->header->data_hash_table_size) / sizeof(HashItem); | |
dade37d4 LP |
659 | if (n <= 0) |
660 | return 0; | |
661 | ||
662 | r = journal_file_map_data_hash_table(f); | |
663 | if (r < 0) | |
664 | return log_error_errno(r, "Failed to map data hash table: %m"); | |
665 | ||
86adf873 LP |
666 | h = hash % n; |
667 | ||
668 | q = le64toh(f->data_hash_table[h].head_hash_offset); | |
669 | while (q != 0) { | |
670 | Object *o; | |
671 | ||
672 | if (p == q) | |
673 | return 1; | |
674 | ||
675 | r = journal_file_move_to_object(f, OBJECT_DATA, q, &o); | |
676 | if (r < 0) | |
677 | return r; | |
678 | ||
679 | q = le64toh(o->data.next_hash_offset); | |
680 | } | |
681 | ||
682 | return 0; | |
683 | } | |
684 | ||
685 | static int verify_entry( | |
686 | JournalFile *f, | |
687 | Object *o, uint64_t p, | |
688 | int data_fd, uint64_t n_data) { | |
689 | ||
690 | uint64_t i, n; | |
691 | int r; | |
692 | ||
693 | assert(f); | |
694 | assert(o); | |
695 | assert(data_fd >= 0); | |
696 | ||
697 | n = journal_file_entry_n_items(o); | |
698 | for (i = 0; i < n; i++) { | |
699 | uint64_t q, h; | |
700 | Object *u; | |
701 | ||
702 | q = le64toh(o->entry.items[i].object_offset); | |
703 | h = le64toh(o->entry.items[i].hash); | |
704 | ||
705 | if (!contains_uint64(f->mmap, data_fd, n_data, q)) { | |
54f3ff07 | 706 | error(p, "invalid data object of entry"); |
86adf873 LP |
707 | return -EBADMSG; |
708 | } | |
709 | ||
710 | r = journal_file_move_to_object(f, OBJECT_DATA, q, &u); | |
711 | if (r < 0) | |
712 | return r; | |
713 | ||
714 | if (le64toh(u->data.hash) != h) { | |
54f3ff07 | 715 | error(p, "hash mismatch for data object of entry"); |
86adf873 LP |
716 | return -EBADMSG; |
717 | } | |
718 | ||
719 | r = data_object_in_hash_table(f, h, q); | |
720 | if (r < 0) | |
721 | return r; | |
722 | if (r == 0) { | |
54f3ff07 | 723 | error(p, "data object missing from hash table"); |
86adf873 LP |
724 | return -EBADMSG; |
725 | } | |
726 | } | |
727 | ||
728 | return 0; | |
729 | } | |
730 | ||
731 | static int verify_entry_array( | |
732 | JournalFile *f, | |
733 | int data_fd, uint64_t n_data, | |
734 | int entry_fd, uint64_t n_entries, | |
735 | int entry_array_fd, uint64_t n_entry_arrays, | |
b72631e5 LP |
736 | usec_t *last_usec, |
737 | bool show_progress) { | |
86adf873 LP |
738 | |
739 | uint64_t i = 0, a, n, last = 0; | |
740 | int r; | |
741 | ||
742 | assert(f); | |
743 | assert(data_fd >= 0); | |
744 | assert(entry_fd >= 0); | |
745 | assert(entry_array_fd >= 0); | |
746 | assert(last_usec); | |
747 | ||
748 | n = le64toh(f->header->n_entries); | |
749 | a = le64toh(f->header->entry_array_offset); | |
750 | while (i < n) { | |
751 | uint64_t next, m, j; | |
752 | Object *o; | |
753 | ||
b72631e5 | 754 | if (show_progress) |
45c047b2 | 755 | draw_progress(0x8000 + scale_progress(0x3FFF, i, n), last_usec); |
86adf873 LP |
756 | |
757 | if (a == 0) { | |
54f3ff07 | 758 | error(a, "array chain too short at %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
759 | return -EBADMSG; |
760 | } | |
761 | ||
762 | if (!contains_uint64(f->mmap, entry_array_fd, n_entry_arrays, a)) { | |
54f3ff07 | 763 | error(a, "invalid array %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
764 | return -EBADMSG; |
765 | } | |
766 | ||
767 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
768 | if (r < 0) | |
769 | return r; | |
770 | ||
771 | next = le64toh(o->entry_array.next_entry_array_offset); | |
772 | if (next != 0 && next <= a) { | |
54f3ff07 ZJS |
773 | error(a, |
774 | "array chain has cycle at %"PRIu64" of %"PRIu64" (jumps back from to "OFSfmt")", | |
775 | i, n, next); | |
86adf873 LP |
776 | return -EBADMSG; |
777 | } | |
778 | ||
779 | m = journal_file_entry_array_n_items(o); | |
780 | for (j = 0; i < n && j < m; i++, j++) { | |
781 | uint64_t p; | |
782 | ||
783 | p = le64toh(o->entry_array.items[j]); | |
784 | if (p <= last) { | |
54f3ff07 ZJS |
785 | error(a, "entry array not sorted at %"PRIu64" of %"PRIu64, |
786 | i, n); | |
86adf873 LP |
787 | return -EBADMSG; |
788 | } | |
789 | last = p; | |
790 | ||
791 | if (!contains_uint64(f->mmap, entry_fd, n_entries, p)) { | |
54f3ff07 ZJS |
792 | error(a, "invalid array entry at %"PRIu64" of %"PRIu64, |
793 | i, n); | |
86adf873 LP |
794 | return -EBADMSG; |
795 | } | |
796 | ||
797 | r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o); | |
798 | if (r < 0) | |
799 | return r; | |
800 | ||
801 | r = verify_entry(f, o, p, data_fd, n_data); | |
802 | if (r < 0) | |
803 | return r; | |
804 | ||
805 | /* Pointer might have moved, reposition */ | |
806 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
807 | if (r < 0) | |
808 | return r; | |
809 | } | |
810 | ||
811 | a = next; | |
812 | } | |
813 | ||
814 | return 0; | |
815 | } | |
816 | ||
6c7be122 LP |
817 | int journal_file_verify( |
818 | JournalFile *f, | |
819 | const char *key, | |
2a7b539a | 820 | usec_t *first_contained, usec_t *last_validated, usec_t *last_contained, |
b72631e5 | 821 | bool show_progress) { |
0284adc6 LP |
822 | int r; |
823 | Object *o; | |
0ab5c3ed ZJS |
824 | uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0; |
825 | ||
14d10188 | 826 | uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0; |
0284adc6 LP |
827 | sd_id128_t entry_boot_id; |
828 | bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false; | |
14d10188 | 829 | uint64_t n_weird = 0, n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0; |
0284adc6 LP |
830 | usec_t last_usec = 0; |
831 | int data_fd = -1, entry_fd = -1, entry_array_fd = -1; | |
97147f8c | 832 | unsigned i; |
e8c108ca | 833 | bool found_last = false; |
0ab5c3ed ZJS |
834 | #ifdef HAVE_GCRYPT |
835 | uint64_t last_tag = 0; | |
836 | #endif | |
0284adc6 LP |
837 | assert(f); |
838 | ||
baed47c3 | 839 | if (key) { |
feb12d3e | 840 | #ifdef HAVE_GCRYPT |
baed47c3 | 841 | r = journal_file_parse_verification_key(f, key); |
b7c9ae91 LP |
842 | if (r < 0) { |
843 | log_error("Failed to parse seed."); | |
56e81f7c | 844 | return r; |
b7c9ae91 | 845 | } |
feb12d3e | 846 | #else |
15411c0c | 847 | return -EOPNOTSUPP; |
feb12d3e | 848 | #endif |
c586dbf1 LP |
849 | } else if (f->seal) |
850 | return -ENOKEY; | |
b7c9ae91 | 851 | |
8e33886e | 852 | data_fd = open_tmpfile("/var/tmp", O_RDWR | O_CLOEXEC); |
0284adc6 | 853 | if (data_fd < 0) { |
56f64d95 | 854 | log_error_errno(errno, "Failed to create data file: %m"); |
1137e6c7 | 855 | r = -errno; |
0284adc6 LP |
856 | goto fail; |
857 | } | |
0284adc6 | 858 | |
8e33886e | 859 | entry_fd = open_tmpfile("/var/tmp", O_RDWR | O_CLOEXEC); |
0284adc6 | 860 | if (entry_fd < 0) { |
56f64d95 | 861 | log_error_errno(errno, "Failed to create entry file: %m"); |
1137e6c7 | 862 | r = -errno; |
0284adc6 LP |
863 | goto fail; |
864 | } | |
0284adc6 | 865 | |
8e33886e | 866 | entry_array_fd = open_tmpfile("/var/tmp", O_RDWR | O_CLOEXEC); |
0284adc6 | 867 | if (entry_array_fd < 0) { |
56f64d95 | 868 | log_error_errno(errno, "Failed to create entry array file: %m"); |
1137e6c7 | 869 | r = -errno; |
0284adc6 LP |
870 | goto fail; |
871 | } | |
0284adc6 | 872 | |
54f3ff07 | 873 | if (le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_SUPPORTED) { |
97147f8c | 874 | log_error("Cannot verify file with unknown extensions."); |
15411c0c | 875 | r = -EOPNOTSUPP; |
97147f8c LP |
876 | goto fail; |
877 | } | |
878 | ||
879 | for (i = 0; i < sizeof(f->header->reserved); i++) | |
880 | if (f->header->reserved[i] != 0) { | |
54f3ff07 | 881 | error(offsetof(Header, reserved[i]), "reserved field is non-zero"); |
97147f8c LP |
882 | r = -EBADMSG; |
883 | goto fail; | |
884 | } | |
885 | ||
0284adc6 LP |
886 | /* First iteration: we go through all objects, verify the |
887 | * superficial structure, headers, hashes. */ | |
888 | ||
0284adc6 | 889 | p = le64toh(f->header->header_size); |
8dc37a85 LP |
890 | for (;;) { |
891 | /* Early exit if there are no objects in the file, at all */ | |
892 | if (le64toh(f->header->tail_object_offset) == 0) | |
893 | break; | |
894 | ||
b72631e5 | 895 | if (show_progress) |
45c047b2 | 896 | draw_progress(scale_progress(0x7FFF, p, le64toh(f->header->tail_object_offset)), &last_usec); |
0284adc6 | 897 | |
d05089d8 | 898 | r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o); |
0284adc6 | 899 | if (r < 0) { |
54f3ff07 | 900 | error(p, "invalid object"); |
0284adc6 LP |
901 | goto fail; |
902 | } | |
903 | ||
97147f8c | 904 | if (p > le64toh(f->header->tail_object_offset)) { |
54f3ff07 | 905 | error(offsetof(Header, tail_object_offset), "invalid tail object pointer"); |
0284adc6 LP |
906 | r = -EBADMSG; |
907 | goto fail; | |
908 | } | |
909 | ||
910 | n_objects ++; | |
911 | ||
92fba83e | 912 | r = journal_file_object_verify(f, p, o); |
0284adc6 | 913 | if (r < 0) { |
54f3ff07 | 914 | error(p, "invalid object contents: %s", strerror(-r)); |
0284adc6 LP |
915 | goto fail; |
916 | } | |
917 | ||
d89c8fdf ZJS |
918 | if ((o->object.flags & OBJECT_COMPRESSED_XZ) && |
919 | (o->object.flags & OBJECT_COMPRESSED_LZ4)) { | |
54f3ff07 ZJS |
920 | error(p, "objected with double compression"); |
921 | r = -EINVAL; | |
d89c8fdf ZJS |
922 | goto fail; |
923 | } | |
924 | ||
925 | if ((o->object.flags & OBJECT_COMPRESSED_XZ) && !JOURNAL_HEADER_COMPRESSED_XZ(f->header)) { | |
54f3ff07 | 926 | error(p, "XZ compressed object in file without XZ compression"); |
d89c8fdf ZJS |
927 | r = -EBADMSG; |
928 | goto fail; | |
929 | } | |
930 | ||
931 | if ((o->object.flags & OBJECT_COMPRESSED_LZ4) && !JOURNAL_HEADER_COMPRESSED_LZ4(f->header)) { | |
54f3ff07 | 932 | error(p, "LZ4 compressed object in file without LZ4 compression"); |
0284adc6 LP |
933 | r = -EBADMSG; |
934 | goto fail; | |
935 | } | |
936 | ||
a8e5f514 | 937 | switch (o->object.type) { |
0284adc6 | 938 | |
a8e5f514 LP |
939 | case OBJECT_DATA: |
940 | r = write_uint64(data_fd, p); | |
941 | if (r < 0) | |
0284adc6 | 942 | goto fail; |
0284adc6 | 943 | |
a8e5f514 LP |
944 | n_data++; |
945 | break; | |
0284adc6 | 946 | |
a8e5f514 LP |
947 | case OBJECT_FIELD: |
948 | n_fields++; | |
949 | break; | |
0284adc6 | 950 | |
a8e5f514 | 951 | case OBJECT_ENTRY: |
8088cbd3 | 952 | if (JOURNAL_HEADER_SEALED(f->header) && n_tags <= 0) { |
54f3ff07 | 953 | error(p, "first entry before first tag"); |
6c7be122 LP |
954 | r = -EBADMSG; |
955 | goto fail; | |
956 | } | |
957 | ||
0284adc6 LP |
958 | r = write_uint64(entry_fd, p); |
959 | if (r < 0) | |
960 | goto fail; | |
961 | ||
f7fab8a5 | 962 | if (le64toh(o->entry.realtime) < last_tag_realtime) { |
54f3ff07 | 963 | error(p, "older entry after newer tag"); |
7b5fd91c LP |
964 | r = -EBADMSG; |
965 | goto fail; | |
966 | } | |
967 | ||
0284adc6 LP |
968 | if (!entry_seqnum_set && |
969 | le64toh(o->entry.seqnum) != le64toh(f->header->head_entry_seqnum)) { | |
54f3ff07 | 970 | error(p, "head entry sequence number incorrect"); |
0284adc6 LP |
971 | r = -EBADMSG; |
972 | goto fail; | |
973 | } | |
974 | ||
975 | if (entry_seqnum_set && | |
976 | entry_seqnum >= le64toh(o->entry.seqnum)) { | |
54f3ff07 | 977 | error(p, "entry sequence number out of synchronization"); |
0284adc6 LP |
978 | r = -EBADMSG; |
979 | goto fail; | |
980 | } | |
981 | ||
982 | entry_seqnum = le64toh(o->entry.seqnum); | |
983 | entry_seqnum_set = true; | |
984 | ||
985 | if (entry_monotonic_set && | |
986 | sd_id128_equal(entry_boot_id, o->entry.boot_id) && | |
987 | entry_monotonic > le64toh(o->entry.monotonic)) { | |
54f3ff07 | 988 | error(p, "entry timestamp out of synchronization"); |
0284adc6 LP |
989 | r = -EBADMSG; |
990 | goto fail; | |
991 | } | |
992 | ||
993 | entry_monotonic = le64toh(o->entry.monotonic); | |
994 | entry_boot_id = o->entry.boot_id; | |
995 | entry_monotonic_set = true; | |
996 | ||
997 | if (!entry_realtime_set && | |
998 | le64toh(o->entry.realtime) != le64toh(f->header->head_entry_realtime)) { | |
54f3ff07 | 999 | error(p, "head entry realtime timestamp incorrect"); |
0284adc6 LP |
1000 | r = -EBADMSG; |
1001 | goto fail; | |
1002 | } | |
1003 | ||
1004 | entry_realtime = le64toh(o->entry.realtime); | |
1005 | entry_realtime_set = true; | |
1006 | ||
1007 | n_entries ++; | |
a8e5f514 | 1008 | break; |
0284adc6 | 1009 | |
a8e5f514 | 1010 | case OBJECT_DATA_HASH_TABLE: |
0284adc6 | 1011 | if (n_data_hash_tables > 1) { |
54f3ff07 | 1012 | error(p, "more than one data hash table"); |
0284adc6 LP |
1013 | r = -EBADMSG; |
1014 | goto fail; | |
1015 | } | |
1016 | ||
1017 | if (le64toh(f->header->data_hash_table_offset) != p + offsetof(HashTableObject, items) || | |
1018 | le64toh(f->header->data_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) { | |
54f3ff07 | 1019 | error(p, "header fields for data hash table invalid"); |
0284adc6 LP |
1020 | r = -EBADMSG; |
1021 | goto fail; | |
1022 | } | |
0284adc6 | 1023 | |
a8e5f514 LP |
1024 | n_data_hash_tables++; |
1025 | break; | |
1026 | ||
1027 | case OBJECT_FIELD_HASH_TABLE: | |
0284adc6 | 1028 | if (n_field_hash_tables > 1) { |
54f3ff07 | 1029 | error(p, "more than one field hash table"); |
0284adc6 LP |
1030 | r = -EBADMSG; |
1031 | goto fail; | |
1032 | } | |
1033 | ||
1034 | if (le64toh(f->header->field_hash_table_offset) != p + offsetof(HashTableObject, items) || | |
1035 | le64toh(f->header->field_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) { | |
54f3ff07 | 1036 | error(p, "header fields for field hash table invalid"); |
0284adc6 LP |
1037 | r = -EBADMSG; |
1038 | goto fail; | |
1039 | } | |
a8e5f514 LP |
1040 | |
1041 | n_field_hash_tables++; | |
1042 | break; | |
1043 | ||
1044 | case OBJECT_ENTRY_ARRAY: | |
1045 | r = write_uint64(entry_array_fd, p); | |
1046 | if (r < 0) | |
1047 | goto fail; | |
1048 | ||
1049 | if (p == le64toh(f->header->entry_array_offset)) { | |
1050 | if (found_main_entry_array) { | |
54f3ff07 | 1051 | error(p, "more than one main entry array"); |
a8e5f514 LP |
1052 | r = -EBADMSG; |
1053 | goto fail; | |
1054 | } | |
1055 | ||
1056 | found_main_entry_array = true; | |
1057 | } | |
1058 | ||
1059 | n_entry_arrays++; | |
1060 | break; | |
1061 | ||
feb12d3e | 1062 | case OBJECT_TAG: |
8088cbd3 | 1063 | if (!JOURNAL_HEADER_SEALED(f->header)) { |
54f3ff07 | 1064 | error(p, "tag object in file without sealing"); |
a8e5f514 LP |
1065 | r = -EBADMSG; |
1066 | goto fail; | |
1067 | } | |
1068 | ||
1069 | if (le64toh(o->tag.seqnum) != n_tags + 1) { | |
54f3ff07 | 1070 | error(p, "tag sequence number out of synchronization"); |
a8e5f514 LP |
1071 | r = -EBADMSG; |
1072 | goto fail; | |
1073 | } | |
1074 | ||
14d10188 | 1075 | if (le64toh(o->tag.epoch) < last_epoch) { |
54f3ff07 | 1076 | error(p, "epoch sequence out of synchronization"); |
7b5fd91c LP |
1077 | r = -EBADMSG; |
1078 | goto fail; | |
1079 | } | |
1080 | ||
feb12d3e | 1081 | #ifdef HAVE_GCRYPT |
c586dbf1 | 1082 | if (f->seal) { |
feb12d3e LP |
1083 | uint64_t q, rt; |
1084 | ||
54f3ff07 | 1085 | debug(p, "checking tag %"PRIu64"...", le64toh(o->tag.seqnum)); |
14d10188 | 1086 | |
f7fab8a5 LP |
1087 | rt = f->fss_start_usec + o->tag.epoch * f->fss_interval_usec; |
1088 | if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) { | |
54f3ff07 | 1089 | error(p, "tag/entry realtime timestamp out of synchronization"); |
c586dbf1 LP |
1090 | r = -EBADMSG; |
1091 | goto fail; | |
1092 | } | |
14d10188 | 1093 | |
c586dbf1 LP |
1094 | /* OK, now we know the epoch. So let's now set |
1095 | * it, and calculate the HMAC for everything | |
1096 | * since the last tag. */ | |
1097 | r = journal_file_fsprg_seek(f, le64toh(o->tag.epoch)); | |
14d10188 LP |
1098 | if (r < 0) |
1099 | goto fail; | |
1100 | ||
c586dbf1 | 1101 | r = journal_file_hmac_start(f); |
14d10188 LP |
1102 | if (r < 0) |
1103 | goto fail; | |
1104 | ||
c586dbf1 LP |
1105 | if (last_tag == 0) { |
1106 | r = journal_file_hmac_put_header(f); | |
1107 | if (r < 0) | |
1108 | goto fail; | |
1109 | ||
1110 | q = le64toh(f->header->header_size); | |
1111 | } else | |
1112 | q = last_tag; | |
1113 | ||
1114 | while (q <= p) { | |
d05089d8 | 1115 | r = journal_file_move_to_object(f, OBJECT_UNUSED, q, &o); |
c586dbf1 LP |
1116 | if (r < 0) |
1117 | goto fail; | |
1118 | ||
d05089d8 | 1119 | r = journal_file_hmac_put_object(f, OBJECT_UNUSED, o, q); |
c586dbf1 LP |
1120 | if (r < 0) |
1121 | goto fail; | |
1122 | ||
1123 | q = q + ALIGN64(le64toh(o->object.size)); | |
1124 | } | |
1125 | ||
1126 | /* Position might have changed, let's reposition things */ | |
d05089d8 | 1127 | r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o); |
14d10188 LP |
1128 | if (r < 0) |
1129 | goto fail; | |
1130 | ||
c586dbf1 | 1131 | if (memcmp(o->tag.tag, gcry_md_read(f->hmac, 0), TAG_LENGTH) != 0) { |
54f3ff07 | 1132 | error(p, "tag failed verification"); |
c586dbf1 LP |
1133 | r = -EBADMSG; |
1134 | goto fail; | |
1135 | } | |
14d10188 | 1136 | |
c586dbf1 LP |
1137 | f->hmac_running = false; |
1138 | last_tag_realtime = rt; | |
f7fab8a5 | 1139 | last_sealed_realtime = entry_realtime; |
14d10188 LP |
1140 | } |
1141 | ||
14d10188 | 1142 | last_tag = p + ALIGN64(le64toh(o->object.size)); |
0ab5c3ed ZJS |
1143 | #endif |
1144 | ||
c586dbf1 | 1145 | last_epoch = le64toh(o->tag.epoch); |
6c7be122 | 1146 | |
a8e5f514 LP |
1147 | n_tags ++; |
1148 | break; | |
1149 | ||
1150 | default: | |
0284adc6 | 1151 | n_weird ++; |
a8e5f514 | 1152 | } |
0284adc6 | 1153 | |
8dc37a85 LP |
1154 | if (p == le64toh(f->header->tail_object_offset)) { |
1155 | found_last = true; | |
1156 | break; | |
1157 | } | |
0284adc6 | 1158 | |
8dc37a85 LP |
1159 | p = p + ALIGN64(le64toh(o->object.size)); |
1160 | }; | |
1161 | ||
1162 | if (!found_last && le64toh(f->header->tail_object_offset) != 0) { | |
54f3ff07 | 1163 | error(le64toh(f->header->tail_object_offset), "tail object pointer dead"); |
97147f8c LP |
1164 | r = -EBADMSG; |
1165 | goto fail; | |
1166 | } | |
1167 | ||
0284adc6 | 1168 | if (n_objects != le64toh(f->header->n_objects)) { |
54f3ff07 | 1169 | error(offsetof(Header, n_objects), "object number mismatch"); |
0284adc6 LP |
1170 | r = -EBADMSG; |
1171 | goto fail; | |
1172 | } | |
1173 | ||
1174 | if (n_entries != le64toh(f->header->n_entries)) { | |
54f3ff07 | 1175 | error(offsetof(Header, n_entries), "entry number mismatch"); |
0284adc6 LP |
1176 | r = -EBADMSG; |
1177 | goto fail; | |
1178 | } | |
1179 | ||
1180 | if (JOURNAL_HEADER_CONTAINS(f->header, n_data) && | |
1181 | n_data != le64toh(f->header->n_data)) { | |
54f3ff07 | 1182 | error(offsetof(Header, n_data), "data number mismatch"); |
0284adc6 LP |
1183 | r = -EBADMSG; |
1184 | goto fail; | |
1185 | } | |
1186 | ||
1187 | if (JOURNAL_HEADER_CONTAINS(f->header, n_fields) && | |
1188 | n_fields != le64toh(f->header->n_fields)) { | |
54f3ff07 | 1189 | error(offsetof(Header, n_fields), "field number mismatch"); |
0284adc6 LP |
1190 | r = -EBADMSG; |
1191 | goto fail; | |
1192 | } | |
1193 | ||
1194 | if (JOURNAL_HEADER_CONTAINS(f->header, n_tags) && | |
a8e5f514 | 1195 | n_tags != le64toh(f->header->n_tags)) { |
54f3ff07 | 1196 | error(offsetof(Header, n_tags), "tag number mismatch"); |
0284adc6 LP |
1197 | r = -EBADMSG; |
1198 | goto fail; | |
1199 | } | |
1200 | ||
2dee23eb LP |
1201 | if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays) && |
1202 | n_entry_arrays != le64toh(f->header->n_entry_arrays)) { | |
54f3ff07 | 1203 | error(offsetof(Header, n_entry_arrays), "entry array number mismatch"); |
2dee23eb LP |
1204 | r = -EBADMSG; |
1205 | goto fail; | |
1206 | } | |
1207 | ||
8dc37a85 | 1208 | if (!found_main_entry_array && le64toh(f->header->entry_array_offset) != 0) { |
54f3ff07 | 1209 | error(0, "missing entry array"); |
0284adc6 LP |
1210 | r = -EBADMSG; |
1211 | goto fail; | |
1212 | } | |
1213 | ||
1214 | if (entry_seqnum_set && | |
1215 | entry_seqnum != le64toh(f->header->tail_entry_seqnum)) { | |
54f3ff07 | 1216 | error(offsetof(Header, tail_entry_seqnum), "invalid tail seqnum"); |
0284adc6 LP |
1217 | r = -EBADMSG; |
1218 | goto fail; | |
1219 | } | |
1220 | ||
1221 | if (entry_monotonic_set && | |
1222 | (!sd_id128_equal(entry_boot_id, f->header->boot_id) || | |
1223 | entry_monotonic != le64toh(f->header->tail_entry_monotonic))) { | |
54f3ff07 | 1224 | error(0, "invalid tail monotonic timestamp"); |
0284adc6 LP |
1225 | r = -EBADMSG; |
1226 | goto fail; | |
1227 | } | |
1228 | ||
1229 | if (entry_realtime_set && entry_realtime != le64toh(f->header->tail_entry_realtime)) { | |
54f3ff07 | 1230 | error(0, "invalid tail realtime timestamp"); |
0284adc6 LP |
1231 | r = -EBADMSG; |
1232 | goto fail; | |
1233 | } | |
1234 | ||
86adf873 LP |
1235 | /* Second iteration: we follow all objects referenced from the |
1236 | * two entry points: the object hash table and the entry | |
1237 | * array. We also check that everything referenced (directly | |
1238 | * or indirectly) in the data hash table also exists in the | |
1239 | * entry array, and vice versa. Note that we do not care for | |
1240 | * unreferenced objects. We only care that everything that is | |
1241 | * referenced is consistent. */ | |
1242 | ||
1243 | r = verify_entry_array(f, | |
1244 | data_fd, n_data, | |
1245 | entry_fd, n_entries, | |
1246 | entry_array_fd, n_entry_arrays, | |
b72631e5 LP |
1247 | &last_usec, |
1248 | show_progress); | |
86adf873 LP |
1249 | if (r < 0) |
1250 | goto fail; | |
0284adc6 | 1251 | |
86adf873 LP |
1252 | r = verify_hash_table(f, |
1253 | data_fd, n_data, | |
1254 | entry_fd, n_entries, | |
1255 | entry_array_fd, n_entry_arrays, | |
b72631e5 LP |
1256 | &last_usec, |
1257 | show_progress); | |
86adf873 LP |
1258 | if (r < 0) |
1259 | goto fail; | |
0284adc6 | 1260 | |
b72631e5 LP |
1261 | if (show_progress) |
1262 | flush_progress(); | |
0284adc6 LP |
1263 | |
1264 | mmap_cache_close_fd(f->mmap, data_fd); | |
1265 | mmap_cache_close_fd(f->mmap, entry_fd); | |
1266 | mmap_cache_close_fd(f->mmap, entry_array_fd); | |
1267 | ||
03e334a1 LP |
1268 | safe_close(data_fd); |
1269 | safe_close(entry_fd); | |
1270 | safe_close(entry_array_fd); | |
0284adc6 | 1271 | |
2a7b539a LP |
1272 | if (first_contained) |
1273 | *first_contained = le64toh(f->header->head_entry_realtime); | |
6c7be122 | 1274 | if (last_validated) |
f7fab8a5 | 1275 | *last_validated = last_sealed_realtime; |
6c7be122 LP |
1276 | if (last_contained) |
1277 | *last_contained = le64toh(f->header->tail_entry_realtime); | |
1278 | ||
0284adc6 LP |
1279 | return 0; |
1280 | ||
1281 | fail: | |
b72631e5 LP |
1282 | if (show_progress) |
1283 | flush_progress(); | |
0284adc6 | 1284 | |
92fba83e | 1285 | log_error("File corruption detected at %s:"OFSfmt" (of %llu bytes, %"PRIu64"%%).", |
0284adc6 | 1286 | f->path, |
507f22bd | 1287 | p, |
0284adc6 | 1288 | (unsigned long long) f->last_stat.st_size, |
507f22bd | 1289 | 100 * p / f->last_stat.st_size); |
0284adc6 LP |
1290 | |
1291 | if (data_fd >= 0) { | |
1292 | mmap_cache_close_fd(f->mmap, data_fd); | |
03e334a1 | 1293 | safe_close(data_fd); |
0284adc6 LP |
1294 | } |
1295 | ||
1296 | if (entry_fd >= 0) { | |
1297 | mmap_cache_close_fd(f->mmap, entry_fd); | |
03e334a1 | 1298 | safe_close(entry_fd); |
0284adc6 LP |
1299 | } |
1300 | ||
1301 | if (entry_array_fd >= 0) { | |
1302 | mmap_cache_close_fd(f->mmap, entry_array_fd); | |
03e334a1 | 1303 | safe_close(entry_array_fd); |
0284adc6 LP |
1304 | } |
1305 | ||
1306 | return r; | |
1307 | } |