]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
0284adc6 LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2012 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU Lesser General Public License as published by | |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
10 | (at your option) any later version. | |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | Lesser General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU Lesser General Public License | |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
19 | ***/ | |
20 | ||
0284adc6 | 21 | #include <fcntl.h> |
feb12d3e | 22 | #include <stddef.h> |
cf0fbc49 TA |
23 | #include <sys/mman.h> |
24 | #include <unistd.h> | |
0284adc6 | 25 | |
b5efdb8a | 26 | #include "alloc-util.h" |
3ffd4af2 LP |
27 | #include "compress.h" |
28 | #include "fd-util.h" | |
0d39fa9c | 29 | #include "fileio.h" |
34a8f081 | 30 | #include "fs-util.h" |
3ffd4af2 | 31 | #include "journal-authenticate.h" |
0284adc6 LP |
32 | #include "journal-def.h" |
33 | #include "journal-file.h" | |
0284adc6 | 34 | #include "journal-verify.h" |
f59a5f6b | 35 | #include "lookup3.h" |
3ffd4af2 | 36 | #include "macro.h" |
288a74cc | 37 | #include "terminal-util.h" |
3ffd4af2 | 38 | #include "util.h" |
f59a5f6b | 39 | |
54f3ff07 ZJS |
40 | static void draw_progress(uint64_t p, usec_t *last_usec) { |
41 | unsigned n, i, j, k; | |
42 | usec_t z, x; | |
43 | ||
44 | if (!on_tty()) | |
45 | return; | |
46 | ||
47 | z = now(CLOCK_MONOTONIC); | |
48 | x = *last_usec; | |
49 | ||
50 | if (x != 0 && x + 40 * USEC_PER_MSEC > z) | |
51 | return; | |
52 | ||
53 | *last_usec = z; | |
54 | ||
55 | n = (3 * columns()) / 4; | |
56 | j = (n * (unsigned) p) / 65535ULL; | |
57 | k = n - j; | |
58 | ||
7565bb98 LP |
59 | fputs("\r", stdout); |
60 | if (colors_enabled()) | |
61 | fputs("\x1B[?25l" ANSI_HIGHLIGHT_GREEN, stdout); | |
54f3ff07 ZJS |
62 | |
63 | for (i = 0; i < j; i++) | |
64 | fputs("\xe2\x96\x88", stdout); | |
65 | ||
1fc464f6 | 66 | fputs(ANSI_NORMAL, stdout); |
54f3ff07 ZJS |
67 | |
68 | for (i = 0; i < k; i++) | |
69 | fputs("\xe2\x96\x91", stdout); | |
70 | ||
71 | printf(" %3"PRIu64"%%", 100U * p / 65535U); | |
72 | ||
7565bb98 LP |
73 | fputs("\r", stdout); |
74 | if (colors_enabled()) | |
75 | fputs("\x1B[?25h", stdout); | |
76 | ||
54f3ff07 ZJS |
77 | fflush(stdout); |
78 | } | |
79 | ||
45c047b2 LP |
80 | static uint64_t scale_progress(uint64_t scale, uint64_t p, uint64_t m) { |
81 | ||
82 | /* Calculates scale * p / m, but handles m == 0 safely, and saturates */ | |
83 | ||
84 | if (p >= m || m == 0) | |
85 | return scale; | |
86 | ||
87 | return scale * p / m; | |
88 | } | |
89 | ||
54f3ff07 ZJS |
90 | static void flush_progress(void) { |
91 | unsigned n, i; | |
92 | ||
93 | if (!on_tty()) | |
94 | return; | |
95 | ||
96 | n = (3 * columns()) / 4; | |
97 | ||
98 | putchar('\r'); | |
99 | ||
100 | for (i = 0; i < n + 5; i++) | |
101 | putchar(' '); | |
102 | ||
103 | putchar('\r'); | |
104 | fflush(stdout); | |
105 | } | |
106 | ||
9ed794a3 | 107 | #define debug(_offset, _fmt, ...) do { \ |
54f3ff07 ZJS |
108 | flush_progress(); \ |
109 | log_debug(OFSfmt": " _fmt, _offset, ##__VA_ARGS__); \ | |
9ed794a3 | 110 | } while (0) |
54f3ff07 | 111 | |
9ed794a3 | 112 | #define warning(_offset, _fmt, ...) do { \ |
54f3ff07 ZJS |
113 | flush_progress(); \ |
114 | log_warning(OFSfmt": " _fmt, _offset, ##__VA_ARGS__); \ | |
9ed794a3 | 115 | } while (0) |
54f3ff07 | 116 | |
9ed794a3 | 117 | #define error(_offset, _fmt, ...) do { \ |
54f3ff07 ZJS |
118 | flush_progress(); \ |
119 | log_error(OFSfmt": " _fmt, (uint64_t)_offset, ##__VA_ARGS__); \ | |
9ed794a3 | 120 | } while (0) |
54f3ff07 | 121 | |
581fc868 ZJS |
122 | #define error_errno(_offset, error, _fmt, ...) do { \ |
123 | flush_progress(); \ | |
124 | log_error_errno(error, OFSfmt": " _fmt, (uint64_t)_offset, ##__VA_ARGS__); \ | |
125 | } while (0) | |
126 | ||
92fba83e | 127 | static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o) { |
db11ac1a LP |
128 | uint64_t i; |
129 | ||
0284adc6 | 130 | assert(f); |
92fba83e | 131 | assert(offset); |
0284adc6 LP |
132 | assert(o); |
133 | ||
134 | /* This does various superficial tests about the length an | |
135 | * possible field values. It does not follow any references to | |
136 | * other objects. */ | |
137 | ||
d89c8fdf | 138 | if ((o->object.flags & OBJECT_COMPRESSED_XZ) && |
bca9e39d LP |
139 | o->object.type != OBJECT_DATA) { |
140 | error(offset, "Found compressed object that isn't of type DATA, which is not allowed."); | |
f59a5f6b | 141 | return -EBADMSG; |
bca9e39d | 142 | } |
f59a5f6b | 143 | |
0284adc6 | 144 | switch (o->object.type) { |
f59a5f6b | 145 | |
fd5dc320 LP |
146 | case OBJECT_DATA: { |
147 | uint64_t h1, h2; | |
1ec7120e | 148 | int compression, r; |
fd5dc320 | 149 | |
92fba83e | 150 | if (le64toh(o->data.entry_offset) == 0) |
e80acc51 | 151 | warning(offset, "Unused data (entry_offset==0)"); |
92fba83e ZJS |
152 | |
153 | if ((le64toh(o->data.entry_offset) == 0) ^ (le64toh(o->data.n_entries) == 0)) { | |
f39c13e0 | 154 | error(offset, "Bad n_entries: %"PRIu64, le64toh(o->data.n_entries)); |
0284adc6 | 155 | return -EBADMSG; |
92fba83e | 156 | } |
0284adc6 | 157 | |
92fba83e | 158 | if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0) { |
e80acc51 | 159 | error(offset, "Bad object size (<= %zu): %"PRIu64, |
54f3ff07 ZJS |
160 | offsetof(DataObject, payload), |
161 | le64toh(o->object.size)); | |
0284adc6 | 162 | return -EBADMSG; |
92fba83e | 163 | } |
f59a5f6b | 164 | |
fd5dc320 | 165 | h1 = le64toh(o->data.hash); |
f59a5f6b | 166 | |
1ec7120e ZJS |
167 | compression = o->object.flags & OBJECT_COMPRESSION_MASK; |
168 | if (compression) { | |
d89c8fdf | 169 | _cleanup_free_ void *b = NULL; |
fa1c4b51 | 170 | size_t alloc = 0, b_size; |
f59a5f6b | 171 | |
1ec7120e ZJS |
172 | r = decompress_blob(compression, |
173 | o->data.payload, | |
174 | le64toh(o->object.size) - offsetof(Object, data.payload), | |
175 | &b, &alloc, &b_size, 0); | |
176 | if (r < 0) { | |
581fc868 ZJS |
177 | error_errno(offset, r, "%s decompression failed: %m", |
178 | object_compressed_to_string(compression)); | |
1ec7120e | 179 | return r; |
92fba83e | 180 | } |
fd5dc320 LP |
181 | |
182 | h2 = hash64(b, b_size); | |
fd5dc320 LP |
183 | } else |
184 | h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload)); | |
185 | ||
92fba83e | 186 | if (h1 != h2) { |
e80acc51 | 187 | error(offset, "Invalid hash (%08"PRIx64" vs. %08"PRIx64, h1, h2); |
fd5dc320 | 188 | return -EBADMSG; |
92fba83e | 189 | } |
f59a5f6b | 190 | |
f39c13e0 LP |
191 | if (!VALID64(le64toh(o->data.next_hash_offset)) || |
192 | !VALID64(le64toh(o->data.next_field_offset)) || | |
193 | !VALID64(le64toh(o->data.entry_offset)) || | |
194 | !VALID64(le64toh(o->data.entry_array_offset))) { | |
e80acc51 | 195 | error(offset, "Invalid offset (next_hash_offset="OFSfmt", next_field_offset="OFSfmt", entry_offset="OFSfmt", entry_array_offset="OFSfmt, |
f39c13e0 LP |
196 | le64toh(o->data.next_hash_offset), |
197 | le64toh(o->data.next_field_offset), | |
198 | le64toh(o->data.entry_offset), | |
199 | le64toh(o->data.entry_array_offset)); | |
db11ac1a | 200 | return -EBADMSG; |
92fba83e | 201 | } |
db11ac1a | 202 | |
0284adc6 | 203 | break; |
fd5dc320 | 204 | } |
0284adc6 LP |
205 | |
206 | case OBJECT_FIELD: | |
92fba83e | 207 | if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) { |
54f3ff07 | 208 | error(offset, |
e80acc51 | 209 | "Bad field size (<= %zu): %"PRIu64, |
54f3ff07 ZJS |
210 | offsetof(FieldObject, payload), |
211 | le64toh(o->object.size)); | |
0284adc6 | 212 | return -EBADMSG; |
92fba83e | 213 | } |
db11ac1a | 214 | |
f39c13e0 LP |
215 | if (!VALID64(le64toh(o->field.next_hash_offset)) || |
216 | !VALID64(le64toh(o->field.head_data_offset))) { | |
54f3ff07 | 217 | error(offset, |
e80acc51 | 218 | "Invalid offset (next_hash_offset="OFSfmt", head_data_offset="OFSfmt, |
f39c13e0 LP |
219 | le64toh(o->field.next_hash_offset), |
220 | le64toh(o->field.head_data_offset)); | |
db11ac1a | 221 | return -EBADMSG; |
92fba83e | 222 | } |
0284adc6 LP |
223 | break; |
224 | ||
225 | case OBJECT_ENTRY: | |
92fba83e | 226 | if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) { |
54f3ff07 | 227 | error(offset, |
e80acc51 | 228 | "Bad entry size (<= %zu): %"PRIu64, |
54f3ff07 ZJS |
229 | offsetof(EntryObject, items), |
230 | le64toh(o->object.size)); | |
0284adc6 | 231 | return -EBADMSG; |
92fba83e | 232 | } |
0284adc6 | 233 | |
92fba83e | 234 | if ((le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0) { |
54f3ff07 | 235 | error(offset, |
e80acc51 | 236 | "Invalid number items in entry: %"PRIu64, |
54f3ff07 | 237 | (le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem)); |
0284adc6 | 238 | return -EBADMSG; |
92fba83e ZJS |
239 | } |
240 | ||
241 | if (le64toh(o->entry.seqnum) <= 0) { | |
54f3ff07 | 242 | error(offset, |
e80acc51 | 243 | "Invalid entry seqnum: %"PRIx64, |
54f3ff07 | 244 | le64toh(o->entry.seqnum)); |
92fba83e ZJS |
245 | return -EBADMSG; |
246 | } | |
0284adc6 | 247 | |
92fba83e | 248 | if (!VALID_REALTIME(le64toh(o->entry.realtime))) { |
54f3ff07 | 249 | error(offset, |
e80acc51 | 250 | "Invalid entry realtime timestamp: %"PRIu64, |
54f3ff07 | 251 | le64toh(o->entry.realtime)); |
0284adc6 | 252 | return -EBADMSG; |
92fba83e ZJS |
253 | } |
254 | ||
255 | if (!VALID_MONOTONIC(le64toh(o->entry.monotonic))) { | |
54f3ff07 | 256 | error(offset, |
e80acc51 | 257 | "Invalid entry monotonic timestamp: %"PRIu64, |
54f3ff07 | 258 | le64toh(o->entry.monotonic)); |
92fba83e ZJS |
259 | return -EBADMSG; |
260 | } | |
0284adc6 | 261 | |
db11ac1a | 262 | for (i = 0; i < journal_file_entry_n_items(o); i++) { |
f39c13e0 LP |
263 | if (le64toh(o->entry.items[i].object_offset) == 0 || |
264 | !VALID64(le64toh(o->entry.items[i].object_offset))) { | |
54f3ff07 | 265 | error(offset, |
e80acc51 | 266 | "Invalid entry item (%"PRIu64"/%"PRIu64" offset: "OFSfmt, |
54f3ff07 | 267 | i, journal_file_entry_n_items(o), |
f39c13e0 | 268 | le64toh(o->entry.items[i].object_offset)); |
db11ac1a | 269 | return -EBADMSG; |
92fba83e | 270 | } |
db11ac1a LP |
271 | } |
272 | ||
0284adc6 LP |
273 | break; |
274 | ||
275 | case OBJECT_DATA_HASH_TABLE: | |
276 | case OBJECT_FIELD_HASH_TABLE: | |
92fba83e ZJS |
277 | if ((le64toh(o->object.size) - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0 || |
278 | (le64toh(o->object.size) - offsetof(HashTableObject, items)) / sizeof(HashItem) <= 0) { | |
54f3ff07 | 279 | error(offset, |
e80acc51 | 280 | "Invalid %s hash table size: %"PRIu64, |
54f3ff07 ZJS |
281 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", |
282 | le64toh(o->object.size)); | |
86adf873 | 283 | return -EBADMSG; |
92fba83e | 284 | } |
86adf873 | 285 | |
fb9a24b6 LP |
286 | for (i = 0; i < journal_file_hash_table_n_items(o); i++) { |
287 | if (o->hash_table.items[i].head_hash_offset != 0 && | |
92fba83e | 288 | !VALID64(le64toh(o->hash_table.items[i].head_hash_offset))) { |
54f3ff07 | 289 | error(offset, |
e80acc51 | 290 | "Invalid %s hash table item (%"PRIu64"/%"PRIu64") head_hash_offset: "OFSfmt, |
54f3ff07 ZJS |
291 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", |
292 | i, journal_file_hash_table_n_items(o), | |
293 | le64toh(o->hash_table.items[i].head_hash_offset)); | |
fb9a24b6 | 294 | return -EBADMSG; |
92fba83e | 295 | } |
fb9a24b6 | 296 | if (o->hash_table.items[i].tail_hash_offset != 0 && |
92fba83e | 297 | !VALID64(le64toh(o->hash_table.items[i].tail_hash_offset))) { |
54f3ff07 | 298 | error(offset, |
e80acc51 | 299 | "Invalid %s hash table item (%"PRIu64"/%"PRIu64") tail_hash_offset: "OFSfmt, |
54f3ff07 ZJS |
300 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", |
301 | i, journal_file_hash_table_n_items(o), | |
302 | le64toh(o->hash_table.items[i].tail_hash_offset)); | |
fb9a24b6 | 303 | return -EBADMSG; |
92fba83e | 304 | } |
fb9a24b6 LP |
305 | |
306 | if ((o->hash_table.items[i].head_hash_offset != 0) != | |
92fba83e | 307 | (o->hash_table.items[i].tail_hash_offset != 0)) { |
54f3ff07 | 308 | error(offset, |
e80acc51 | 309 | "Invalid %s hash table item (%"PRIu64"/%"PRIu64"): head_hash_offset="OFSfmt" tail_hash_offset="OFSfmt, |
54f3ff07 ZJS |
310 | o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field", |
311 | i, journal_file_hash_table_n_items(o), | |
312 | le64toh(o->hash_table.items[i].head_hash_offset), | |
313 | le64toh(o->hash_table.items[i].tail_hash_offset)); | |
fb9a24b6 | 314 | return -EBADMSG; |
92fba83e | 315 | } |
fb9a24b6 LP |
316 | } |
317 | ||
0284adc6 LP |
318 | break; |
319 | ||
320 | case OBJECT_ENTRY_ARRAY: | |
92fba83e ZJS |
321 | if ((le64toh(o->object.size) - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0 || |
322 | (le64toh(o->object.size) - offsetof(EntryArrayObject, items)) / sizeof(le64_t) <= 0) { | |
54f3ff07 | 323 | error(offset, |
e80acc51 | 324 | "Invalid object entry array size: %"PRIu64, |
54f3ff07 | 325 | le64toh(o->object.size)); |
86adf873 | 326 | return -EBADMSG; |
92fba83e | 327 | } |
86adf873 | 328 | |
f39c13e0 | 329 | if (!VALID64(le64toh(o->entry_array.next_entry_array_offset))) { |
54f3ff07 | 330 | error(offset, |
e80acc51 | 331 | "Invalid object entry array next_entry_array_offset: "OFSfmt, |
f39c13e0 | 332 | le64toh(o->entry_array.next_entry_array_offset)); |
db11ac1a | 333 | return -EBADMSG; |
92fba83e | 334 | } |
db11ac1a | 335 | |
fb9a24b6 | 336 | for (i = 0; i < journal_file_entry_array_n_items(o); i++) |
af13a6b0 GM |
337 | if (le64toh(o->entry_array.items[i]) != 0 && |
338 | !VALID64(le64toh(o->entry_array.items[i]))) { | |
54f3ff07 | 339 | error(offset, |
e80acc51 | 340 | "Invalid object entry array item (%"PRIu64"/%"PRIu64"): "OFSfmt, |
54f3ff07 ZJS |
341 | i, journal_file_entry_array_n_items(o), |
342 | le64toh(o->entry_array.items[i])); | |
fb9a24b6 | 343 | return -EBADMSG; |
92fba83e | 344 | } |
fb9a24b6 | 345 | |
0284adc6 LP |
346 | break; |
347 | ||
348 | case OBJECT_TAG: | |
92fba83e | 349 | if (le64toh(o->object.size) != sizeof(TagObject)) { |
54f3ff07 | 350 | error(offset, |
e80acc51 | 351 | "Invalid object tag size: %"PRIu64, |
54f3ff07 | 352 | le64toh(o->object.size)); |
0284adc6 | 353 | return -EBADMSG; |
92fba83e | 354 | } |
fc89a139 | 355 | |
f39c13e0 | 356 | if (!VALID_EPOCH(le64toh(o->tag.epoch))) { |
54f3ff07 | 357 | error(offset, |
e80acc51 | 358 | "Invalid object tag epoch: %"PRIu64, |
f39c13e0 | 359 | le64toh(o->tag.epoch)); |
fc89a139 | 360 | return -EBADMSG; |
92fba83e | 361 | } |
fc89a139 | 362 | |
0284adc6 LP |
363 | break; |
364 | } | |
365 | ||
366 | return 0; | |
367 | } | |
368 | ||
0284adc6 LP |
369 | static int write_uint64(int fd, uint64_t p) { |
370 | ssize_t k; | |
371 | ||
372 | k = write(fd, &p, sizeof(p)); | |
373 | if (k < 0) | |
374 | return -errno; | |
375 | if (k != sizeof(p)) | |
376 | return -EIO; | |
377 | ||
378 | return 0; | |
379 | } | |
380 | ||
be7cdd8e | 381 | static int contains_uint64(MMapCache *m, MMapFileDescriptor *f, uint64_t n, uint64_t p) { |
0284adc6 LP |
382 | uint64_t a, b; |
383 | int r; | |
384 | ||
385 | assert(m); | |
be7cdd8e | 386 | assert(f); |
0284adc6 LP |
387 | |
388 | /* Bisection ... */ | |
389 | ||
390 | a = 0; b = n; | |
391 | while (a < b) { | |
392 | uint64_t c, *z; | |
393 | ||
394 | c = (a + b) / 2; | |
395 | ||
b42549ad | 396 | r = mmap_cache_get(m, f, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z, NULL); |
0284adc6 LP |
397 | if (r < 0) |
398 | return r; | |
399 | ||
400 | if (*z == p) | |
401 | return 1; | |
402 | ||
a2e99cdf LP |
403 | if (a + 1 >= b) |
404 | return 0; | |
405 | ||
0284adc6 LP |
406 | if (p < *z) |
407 | b = c; | |
fcde2389 | 408 | else |
0284adc6 LP |
409 | a = c; |
410 | } | |
411 | ||
412 | return 0; | |
413 | } | |
414 | ||
86adf873 LP |
415 | static int entry_points_to_data( |
416 | JournalFile *f, | |
be7cdd8e | 417 | MMapFileDescriptor *cache_entry_fd, |
86adf873 LP |
418 | uint64_t n_entries, |
419 | uint64_t entry_p, | |
420 | uint64_t data_p) { | |
421 | ||
422 | int r; | |
423 | uint64_t i, n, a; | |
424 | Object *o; | |
425 | bool found = false; | |
426 | ||
427 | assert(f); | |
be7cdd8e | 428 | assert(cache_entry_fd); |
86adf873 | 429 | |
be7cdd8e | 430 | if (!contains_uint64(f->mmap, cache_entry_fd, n_entries, entry_p)) { |
e80acc51 | 431 | error(data_p, "Data object references invalid entry at "OFSfmt, entry_p); |
86adf873 LP |
432 | return -EBADMSG; |
433 | } | |
434 | ||
435 | r = journal_file_move_to_object(f, OBJECT_ENTRY, entry_p, &o); | |
436 | if (r < 0) | |
437 | return r; | |
438 | ||
439 | n = journal_file_entry_n_items(o); | |
440 | for (i = 0; i < n; i++) | |
441 | if (le64toh(o->entry.items[i].object_offset) == data_p) { | |
442 | found = true; | |
443 | break; | |
444 | } | |
445 | ||
446 | if (!found) { | |
e80acc51 | 447 | error(entry_p, "Data object at "OFSfmt" not referenced by linked entry", data_p); |
86adf873 LP |
448 | return -EBADMSG; |
449 | } | |
450 | ||
451 | /* Check if this entry is also in main entry array. Since the | |
452 | * main entry array has already been verified we can rely on | |
7517e174 | 453 | * its consistency. */ |
86adf873 | 454 | |
369f0589 | 455 | i = 0; |
86adf873 LP |
456 | n = le64toh(f->header->n_entries); |
457 | a = le64toh(f->header->entry_array_offset); | |
86adf873 LP |
458 | |
459 | while (i < n) { | |
369f0589 | 460 | uint64_t m, u; |
86adf873 LP |
461 | |
462 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
463 | if (r < 0) | |
464 | return r; | |
465 | ||
466 | m = journal_file_entry_array_n_items(o); | |
369f0589 LP |
467 | u = MIN(n - i, m); |
468 | ||
469 | if (entry_p <= le64toh(o->entry_array.items[u-1])) { | |
470 | uint64_t x, y, z; | |
471 | ||
472 | x = 0; | |
473 | y = u; | |
474 | ||
475 | while (x < y) { | |
476 | z = (x + y) / 2; | |
477 | ||
478 | if (le64toh(o->entry_array.items[z]) == entry_p) | |
479 | return 0; | |
480 | ||
481 | if (x + 1 >= y) | |
482 | break; | |
483 | ||
484 | if (entry_p < le64toh(o->entry_array.items[z])) | |
485 | y = z; | |
486 | else | |
487 | x = z; | |
488 | } | |
489 | ||
e80acc51 | 490 | error(entry_p, "Entry object doesn't exist in main entry array"); |
369f0589 LP |
491 | return -EBADMSG; |
492 | } | |
86adf873 | 493 | |
369f0589 | 494 | i += u; |
356fe3e6 | 495 | a = le64toh(o->entry_array.next_entry_array_offset); |
86adf873 LP |
496 | } |
497 | ||
498 | return 0; | |
499 | } | |
500 | ||
501 | static int verify_data( | |
502 | JournalFile *f, | |
503 | Object *o, uint64_t p, | |
be7cdd8e VC |
504 | MMapFileDescriptor *cache_entry_fd, uint64_t n_entries, |
505 | MMapFileDescriptor *cache_entry_array_fd, uint64_t n_entry_arrays) { | |
86adf873 LP |
506 | |
507 | uint64_t i, n, a, last, q; | |
508 | int r; | |
509 | ||
510 | assert(f); | |
511 | assert(o); | |
be7cdd8e VC |
512 | assert(cache_entry_fd); |
513 | assert(cache_entry_array_fd); | |
86adf873 LP |
514 | |
515 | n = le64toh(o->data.n_entries); | |
516 | a = le64toh(o->data.entry_array_offset); | |
517 | ||
92fba83e ZJS |
518 | /* Entry array means at least two objects */ |
519 | if (a && n < 2) { | |
e80acc51 | 520 | error(p, "Entry array present (entry_array_offset="OFSfmt", but n_entries=%"PRIu64")", a, n); |
92fba83e ZJS |
521 | return -EBADMSG; |
522 | } | |
523 | ||
524 | if (n == 0) | |
525 | return 0; | |
526 | ||
527 | /* We already checked that earlier */ | |
528 | assert(o->data.entry_offset); | |
86adf873 LP |
529 | |
530 | last = q = le64toh(o->data.entry_offset); | |
be7cdd8e | 531 | r = entry_points_to_data(f, cache_entry_fd, n_entries, q, p); |
86adf873 LP |
532 | if (r < 0) |
533 | return r; | |
534 | ||
2a7273ef | 535 | i = 1; |
86adf873 LP |
536 | while (i < n) { |
537 | uint64_t next, m, j; | |
538 | ||
539 | if (a == 0) { | |
e80acc51 | 540 | error(p, "Array chain too short"); |
86adf873 LP |
541 | return -EBADMSG; |
542 | } | |
543 | ||
be7cdd8e | 544 | if (!contains_uint64(f->mmap, cache_entry_array_fd, n_entry_arrays, a)) { |
e80acc51 | 545 | error(p, "Invalid array offset "OFSfmt, a); |
86adf873 LP |
546 | return -EBADMSG; |
547 | } | |
548 | ||
549 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
550 | if (r < 0) | |
551 | return r; | |
552 | ||
553 | next = le64toh(o->entry_array.next_entry_array_offset); | |
554 | if (next != 0 && next <= a) { | |
e80acc51 | 555 | error(p, "Array chain has cycle (jumps back from "OFSfmt" to "OFSfmt")", a, next); |
86adf873 LP |
556 | return -EBADMSG; |
557 | } | |
558 | ||
559 | m = journal_file_entry_array_n_items(o); | |
560 | for (j = 0; i < n && j < m; i++, j++) { | |
561 | ||
562 | q = le64toh(o->entry_array.items[j]); | |
563 | if (q <= last) { | |
e80acc51 | 564 | error(p, "Data object's entry array not sorted"); |
86adf873 LP |
565 | return -EBADMSG; |
566 | } | |
567 | last = q; | |
568 | ||
be7cdd8e | 569 | r = entry_points_to_data(f, cache_entry_fd, n_entries, q, p); |
86adf873 LP |
570 | if (r < 0) |
571 | return r; | |
572 | ||
573 | /* Pointer might have moved, reposition */ | |
574 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
575 | if (r < 0) | |
576 | return r; | |
577 | } | |
578 | ||
579 | a = next; | |
580 | } | |
581 | ||
582 | return 0; | |
583 | } | |
584 | ||
585 | static int verify_hash_table( | |
586 | JournalFile *f, | |
be7cdd8e VC |
587 | MMapFileDescriptor *cache_data_fd, uint64_t n_data, |
588 | MMapFileDescriptor *cache_entry_fd, uint64_t n_entries, | |
589 | MMapFileDescriptor *cache_entry_array_fd, uint64_t n_entry_arrays, | |
b72631e5 LP |
590 | usec_t *last_usec, |
591 | bool show_progress) { | |
86adf873 LP |
592 | |
593 | uint64_t i, n; | |
594 | int r; | |
595 | ||
596 | assert(f); | |
be7cdd8e VC |
597 | assert(cache_data_fd); |
598 | assert(cache_entry_fd); | |
599 | assert(cache_entry_array_fd); | |
86adf873 LP |
600 | assert(last_usec); |
601 | ||
602 | n = le64toh(f->header->data_hash_table_size) / sizeof(HashItem); | |
dade37d4 LP |
603 | if (n <= 0) |
604 | return 0; | |
605 | ||
606 | r = journal_file_map_data_hash_table(f); | |
607 | if (r < 0) | |
608 | return log_error_errno(r, "Failed to map data hash table: %m"); | |
609 | ||
86adf873 LP |
610 | for (i = 0; i < n; i++) { |
611 | uint64_t last = 0, p; | |
612 | ||
b72631e5 | 613 | if (show_progress) |
45c047b2 | 614 | draw_progress(0xC000 + scale_progress(0x3FFF, i, n), last_usec); |
86adf873 LP |
615 | |
616 | p = le64toh(f->data_hash_table[i].head_hash_offset); | |
617 | while (p != 0) { | |
618 | Object *o; | |
619 | uint64_t next; | |
620 | ||
be7cdd8e | 621 | if (!contains_uint64(f->mmap, cache_data_fd, n_data, p)) { |
e80acc51 | 622 | error(p, "Invalid data object at hash entry %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
623 | return -EBADMSG; |
624 | } | |
625 | ||
626 | r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); | |
627 | if (r < 0) | |
628 | return r; | |
629 | ||
630 | next = le64toh(o->data.next_hash_offset); | |
631 | if (next != 0 && next <= p) { | |
e80acc51 | 632 | error(p, "Hash chain has a cycle in hash entry %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
633 | return -EBADMSG; |
634 | } | |
635 | ||
636 | if (le64toh(o->data.hash) % n != i) { | |
e80acc51 | 637 | error(p, "Hash value mismatch in hash entry %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
638 | return -EBADMSG; |
639 | } | |
640 | ||
be7cdd8e | 641 | r = verify_data(f, o, p, cache_entry_fd, n_entries, cache_entry_array_fd, n_entry_arrays); |
86adf873 LP |
642 | if (r < 0) |
643 | return r; | |
644 | ||
645 | last = p; | |
646 | p = next; | |
647 | } | |
648 | ||
649 | if (last != le64toh(f->data_hash_table[i].tail_hash_offset)) { | |
e80acc51 | 650 | error(p, "Tail hash pointer mismatch in hash table"); |
86adf873 LP |
651 | return -EBADMSG; |
652 | } | |
653 | } | |
654 | ||
655 | return 0; | |
656 | } | |
657 | ||
658 | static int data_object_in_hash_table(JournalFile *f, uint64_t hash, uint64_t p) { | |
659 | uint64_t n, h, q; | |
660 | int r; | |
661 | assert(f); | |
662 | ||
663 | n = le64toh(f->header->data_hash_table_size) / sizeof(HashItem); | |
dade37d4 LP |
664 | if (n <= 0) |
665 | return 0; | |
666 | ||
667 | r = journal_file_map_data_hash_table(f); | |
668 | if (r < 0) | |
669 | return log_error_errno(r, "Failed to map data hash table: %m"); | |
670 | ||
86adf873 LP |
671 | h = hash % n; |
672 | ||
673 | q = le64toh(f->data_hash_table[h].head_hash_offset); | |
674 | while (q != 0) { | |
675 | Object *o; | |
676 | ||
677 | if (p == q) | |
678 | return 1; | |
679 | ||
680 | r = journal_file_move_to_object(f, OBJECT_DATA, q, &o); | |
681 | if (r < 0) | |
682 | return r; | |
683 | ||
684 | q = le64toh(o->data.next_hash_offset); | |
685 | } | |
686 | ||
687 | return 0; | |
688 | } | |
689 | ||
690 | static int verify_entry( | |
691 | JournalFile *f, | |
692 | Object *o, uint64_t p, | |
be7cdd8e | 693 | MMapFileDescriptor *cache_data_fd, uint64_t n_data) { |
86adf873 LP |
694 | |
695 | uint64_t i, n; | |
696 | int r; | |
697 | ||
698 | assert(f); | |
699 | assert(o); | |
be7cdd8e | 700 | assert(cache_data_fd); |
86adf873 LP |
701 | |
702 | n = journal_file_entry_n_items(o); | |
703 | for (i = 0; i < n; i++) { | |
704 | uint64_t q, h; | |
705 | Object *u; | |
706 | ||
707 | q = le64toh(o->entry.items[i].object_offset); | |
708 | h = le64toh(o->entry.items[i].hash); | |
709 | ||
be7cdd8e | 710 | if (!contains_uint64(f->mmap, cache_data_fd, n_data, q)) { |
e80acc51 LP |
711 | error(p, "Invalid data object of entry"); |
712 | return -EBADMSG; | |
713 | } | |
86adf873 LP |
714 | |
715 | r = journal_file_move_to_object(f, OBJECT_DATA, q, &u); | |
716 | if (r < 0) | |
717 | return r; | |
718 | ||
719 | if (le64toh(u->data.hash) != h) { | |
e80acc51 | 720 | error(p, "Hash mismatch for data object of entry"); |
86adf873 LP |
721 | return -EBADMSG; |
722 | } | |
723 | ||
724 | r = data_object_in_hash_table(f, h, q); | |
725 | if (r < 0) | |
726 | return r; | |
727 | if (r == 0) { | |
e80acc51 | 728 | error(p, "Data object missing from hash table"); |
86adf873 LP |
729 | return -EBADMSG; |
730 | } | |
731 | } | |
732 | ||
733 | return 0; | |
734 | } | |
735 | ||
736 | static int verify_entry_array( | |
737 | JournalFile *f, | |
be7cdd8e VC |
738 | MMapFileDescriptor *cache_data_fd, uint64_t n_data, |
739 | MMapFileDescriptor *cache_entry_fd, uint64_t n_entries, | |
740 | MMapFileDescriptor *cache_entry_array_fd, uint64_t n_entry_arrays, | |
b72631e5 LP |
741 | usec_t *last_usec, |
742 | bool show_progress) { | |
86adf873 LP |
743 | |
744 | uint64_t i = 0, a, n, last = 0; | |
745 | int r; | |
746 | ||
747 | assert(f); | |
be7cdd8e VC |
748 | assert(cache_data_fd); |
749 | assert(cache_entry_fd); | |
750 | assert(cache_entry_array_fd); | |
86adf873 LP |
751 | assert(last_usec); |
752 | ||
753 | n = le64toh(f->header->n_entries); | |
754 | a = le64toh(f->header->entry_array_offset); | |
755 | while (i < n) { | |
756 | uint64_t next, m, j; | |
757 | Object *o; | |
758 | ||
b72631e5 | 759 | if (show_progress) |
45c047b2 | 760 | draw_progress(0x8000 + scale_progress(0x3FFF, i, n), last_usec); |
86adf873 LP |
761 | |
762 | if (a == 0) { | |
e80acc51 | 763 | error(a, "Array chain too short at %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
764 | return -EBADMSG; |
765 | } | |
766 | ||
be7cdd8e | 767 | if (!contains_uint64(f->mmap, cache_entry_array_fd, n_entry_arrays, a)) { |
e80acc51 | 768 | error(a, "Invalid array %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
769 | return -EBADMSG; |
770 | } | |
771 | ||
772 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
773 | if (r < 0) | |
774 | return r; | |
775 | ||
776 | next = le64toh(o->entry_array.next_entry_array_offset); | |
777 | if (next != 0 && next <= a) { | |
e80acc51 | 778 | error(a, "Array chain has cycle at %"PRIu64" of %"PRIu64" (jumps back from to "OFSfmt")", i, n, next); |
86adf873 LP |
779 | return -EBADMSG; |
780 | } | |
781 | ||
782 | m = journal_file_entry_array_n_items(o); | |
783 | for (j = 0; i < n && j < m; i++, j++) { | |
784 | uint64_t p; | |
785 | ||
786 | p = le64toh(o->entry_array.items[j]); | |
787 | if (p <= last) { | |
e80acc51 | 788 | error(a, "Entry array not sorted at %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
789 | return -EBADMSG; |
790 | } | |
791 | last = p; | |
792 | ||
be7cdd8e | 793 | if (!contains_uint64(f->mmap, cache_entry_fd, n_entries, p)) { |
e80acc51 | 794 | error(a, "Invalid array entry at %"PRIu64" of %"PRIu64, i, n); |
86adf873 LP |
795 | return -EBADMSG; |
796 | } | |
797 | ||
798 | r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o); | |
799 | if (r < 0) | |
800 | return r; | |
801 | ||
be7cdd8e | 802 | r = verify_entry(f, o, p, cache_data_fd, n_data); |
86adf873 LP |
803 | if (r < 0) |
804 | return r; | |
805 | ||
806 | /* Pointer might have moved, reposition */ | |
807 | r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o); | |
808 | if (r < 0) | |
809 | return r; | |
810 | } | |
811 | ||
812 | a = next; | |
813 | } | |
814 | ||
815 | return 0; | |
816 | } | |
817 | ||
6c7be122 LP |
818 | int journal_file_verify( |
819 | JournalFile *f, | |
820 | const char *key, | |
2a7b539a | 821 | usec_t *first_contained, usec_t *last_validated, usec_t *last_contained, |
b72631e5 | 822 | bool show_progress) { |
0284adc6 LP |
823 | int r; |
824 | Object *o; | |
0ab5c3ed ZJS |
825 | uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0; |
826 | ||
14d10188 | 827 | uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0; |
0284adc6 LP |
828 | sd_id128_t entry_boot_id; |
829 | bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false; | |
14d10188 | 830 | uint64_t n_weird = 0, n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0; |
0284adc6 LP |
831 | usec_t last_usec = 0; |
832 | int data_fd = -1, entry_fd = -1, entry_array_fd = -1; | |
be7cdd8e | 833 | MMapFileDescriptor *cache_data_fd = NULL, *cache_entry_fd = NULL, *cache_entry_array_fd = NULL; |
97147f8c | 834 | unsigned i; |
e8c108ca | 835 | bool found_last = false; |
992e8f22 | 836 | const char *tmp_dir = NULL; |
34a8f081 | 837 | |
349cc4a5 | 838 | #if HAVE_GCRYPT |
0ab5c3ed ZJS |
839 | uint64_t last_tag = 0; |
840 | #endif | |
0284adc6 LP |
841 | assert(f); |
842 | ||
baed47c3 | 843 | if (key) { |
349cc4a5 | 844 | #if HAVE_GCRYPT |
baed47c3 | 845 | r = journal_file_parse_verification_key(f, key); |
b7c9ae91 LP |
846 | if (r < 0) { |
847 | log_error("Failed to parse seed."); | |
56e81f7c | 848 | return r; |
b7c9ae91 | 849 | } |
feb12d3e | 850 | #else |
15411c0c | 851 | return -EOPNOTSUPP; |
feb12d3e | 852 | #endif |
c586dbf1 LP |
853 | } else if (f->seal) |
854 | return -ENOKEY; | |
b7c9ae91 | 855 | |
992e8f22 | 856 | r = var_tmp_dir(&tmp_dir); |
34a8f081 OW |
857 | if (r < 0) { |
858 | log_error_errno(r, "Failed to determine temporary directory: %m"); | |
859 | goto fail; | |
860 | } | |
861 | ||
862 | data_fd = open_tmpfile_unlinkable(tmp_dir, O_RDWR | O_CLOEXEC); | |
0284adc6 | 863 | if (data_fd < 0) { |
709f6e46 | 864 | r = log_error_errno(data_fd, "Failed to create data file: %m"); |
0284adc6 LP |
865 | goto fail; |
866 | } | |
0284adc6 | 867 | |
34a8f081 | 868 | entry_fd = open_tmpfile_unlinkable(tmp_dir, O_RDWR | O_CLOEXEC); |
0284adc6 | 869 | if (entry_fd < 0) { |
709f6e46 | 870 | r = log_error_errno(entry_fd, "Failed to create entry file: %m"); |
0284adc6 LP |
871 | goto fail; |
872 | } | |
0284adc6 | 873 | |
34a8f081 | 874 | entry_array_fd = open_tmpfile_unlinkable(tmp_dir, O_RDWR | O_CLOEXEC); |
0284adc6 | 875 | if (entry_array_fd < 0) { |
709f6e46 | 876 | r = log_error_errno(entry_array_fd, |
76ef789d | 877 | "Failed to create entry array file: %m"); |
0284adc6 LP |
878 | goto fail; |
879 | } | |
0284adc6 | 880 | |
be7cdd8e VC |
881 | cache_data_fd = mmap_cache_add_fd(f->mmap, data_fd); |
882 | if (!cache_data_fd) { | |
883 | r = log_oom(); | |
884 | goto fail; | |
885 | } | |
886 | ||
887 | cache_entry_fd = mmap_cache_add_fd(f->mmap, entry_fd); | |
888 | if (!cache_entry_fd) { | |
889 | r = log_oom(); | |
890 | goto fail; | |
891 | } | |
892 | ||
893 | cache_entry_array_fd = mmap_cache_add_fd(f->mmap, entry_array_fd); | |
894 | if (!cache_entry_array_fd) { | |
895 | r = log_oom(); | |
896 | goto fail; | |
897 | } | |
898 | ||
54f3ff07 | 899 | if (le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_SUPPORTED) { |
97147f8c | 900 | log_error("Cannot verify file with unknown extensions."); |
15411c0c | 901 | r = -EOPNOTSUPP; |
97147f8c LP |
902 | goto fail; |
903 | } | |
904 | ||
905 | for (i = 0; i < sizeof(f->header->reserved); i++) | |
906 | if (f->header->reserved[i] != 0) { | |
e80acc51 | 907 | error(offsetof(Header, reserved[i]), "Reserved field is non-zero"); |
97147f8c LP |
908 | r = -EBADMSG; |
909 | goto fail; | |
910 | } | |
911 | ||
0284adc6 LP |
912 | /* First iteration: we go through all objects, verify the |
913 | * superficial structure, headers, hashes. */ | |
914 | ||
0284adc6 | 915 | p = le64toh(f->header->header_size); |
8dc37a85 LP |
916 | for (;;) { |
917 | /* Early exit if there are no objects in the file, at all */ | |
918 | if (le64toh(f->header->tail_object_offset) == 0) | |
919 | break; | |
920 | ||
b72631e5 | 921 | if (show_progress) |
45c047b2 | 922 | draw_progress(scale_progress(0x7FFF, p, le64toh(f->header->tail_object_offset)), &last_usec); |
0284adc6 | 923 | |
d05089d8 | 924 | r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o); |
0284adc6 | 925 | if (r < 0) { |
e80acc51 | 926 | error(p, "Invalid object"); |
0284adc6 LP |
927 | goto fail; |
928 | } | |
929 | ||
97147f8c | 930 | if (p > le64toh(f->header->tail_object_offset)) { |
e80acc51 | 931 | error(offsetof(Header, tail_object_offset), "Invalid tail object pointer"); |
0284adc6 LP |
932 | r = -EBADMSG; |
933 | goto fail; | |
934 | } | |
935 | ||
313cefa1 | 936 | n_objects++; |
0284adc6 | 937 | |
92fba83e | 938 | r = journal_file_object_verify(f, p, o); |
0284adc6 | 939 | if (r < 0) { |
581fc868 | 940 | error_errno(p, r, "Invalid object contents: %m"); |
0284adc6 LP |
941 | goto fail; |
942 | } | |
943 | ||
d89c8fdf ZJS |
944 | if ((o->object.flags & OBJECT_COMPRESSED_XZ) && |
945 | (o->object.flags & OBJECT_COMPRESSED_LZ4)) { | |
e80acc51 | 946 | error(p, "Objected with double compression"); |
54f3ff07 | 947 | r = -EINVAL; |
d89c8fdf ZJS |
948 | goto fail; |
949 | } | |
950 | ||
951 | if ((o->object.flags & OBJECT_COMPRESSED_XZ) && !JOURNAL_HEADER_COMPRESSED_XZ(f->header)) { | |
54f3ff07 | 952 | error(p, "XZ compressed object in file without XZ compression"); |
d89c8fdf ZJS |
953 | r = -EBADMSG; |
954 | goto fail; | |
955 | } | |
956 | ||
957 | if ((o->object.flags & OBJECT_COMPRESSED_LZ4) && !JOURNAL_HEADER_COMPRESSED_LZ4(f->header)) { | |
54f3ff07 | 958 | error(p, "LZ4 compressed object in file without LZ4 compression"); |
0284adc6 LP |
959 | r = -EBADMSG; |
960 | goto fail; | |
961 | } | |
962 | ||
a8e5f514 | 963 | switch (o->object.type) { |
0284adc6 | 964 | |
a8e5f514 LP |
965 | case OBJECT_DATA: |
966 | r = write_uint64(data_fd, p); | |
967 | if (r < 0) | |
0284adc6 | 968 | goto fail; |
0284adc6 | 969 | |
a8e5f514 LP |
970 | n_data++; |
971 | break; | |
0284adc6 | 972 | |
a8e5f514 LP |
973 | case OBJECT_FIELD: |
974 | n_fields++; | |
975 | break; | |
0284adc6 | 976 | |
a8e5f514 | 977 | case OBJECT_ENTRY: |
8088cbd3 | 978 | if (JOURNAL_HEADER_SEALED(f->header) && n_tags <= 0) { |
e80acc51 | 979 | error(p, "First entry before first tag"); |
6c7be122 LP |
980 | r = -EBADMSG; |
981 | goto fail; | |
982 | } | |
983 | ||
0284adc6 LP |
984 | r = write_uint64(entry_fd, p); |
985 | if (r < 0) | |
986 | goto fail; | |
987 | ||
f7fab8a5 | 988 | if (le64toh(o->entry.realtime) < last_tag_realtime) { |
e80acc51 | 989 | error(p, "Older entry after newer tag"); |
7b5fd91c LP |
990 | r = -EBADMSG; |
991 | goto fail; | |
992 | } | |
993 | ||
0284adc6 LP |
994 | if (!entry_seqnum_set && |
995 | le64toh(o->entry.seqnum) != le64toh(f->header->head_entry_seqnum)) { | |
e80acc51 | 996 | error(p, "Head entry sequence number incorrect"); |
0284adc6 LP |
997 | r = -EBADMSG; |
998 | goto fail; | |
999 | } | |
1000 | ||
1001 | if (entry_seqnum_set && | |
1002 | entry_seqnum >= le64toh(o->entry.seqnum)) { | |
e80acc51 | 1003 | error(p, "Entry sequence number out of synchronization"); |
0284adc6 LP |
1004 | r = -EBADMSG; |
1005 | goto fail; | |
1006 | } | |
1007 | ||
1008 | entry_seqnum = le64toh(o->entry.seqnum); | |
1009 | entry_seqnum_set = true; | |
1010 | ||
1011 | if (entry_monotonic_set && | |
1012 | sd_id128_equal(entry_boot_id, o->entry.boot_id) && | |
1013 | entry_monotonic > le64toh(o->entry.monotonic)) { | |
e80acc51 | 1014 | error(p, "Entry timestamp out of synchronization"); |
0284adc6 LP |
1015 | r = -EBADMSG; |
1016 | goto fail; | |
1017 | } | |
1018 | ||
1019 | entry_monotonic = le64toh(o->entry.monotonic); | |
1020 | entry_boot_id = o->entry.boot_id; | |
1021 | entry_monotonic_set = true; | |
1022 | ||
1023 | if (!entry_realtime_set && | |
1024 | le64toh(o->entry.realtime) != le64toh(f->header->head_entry_realtime)) { | |
e80acc51 | 1025 | error(p, "Head entry realtime timestamp incorrect"); |
0284adc6 LP |
1026 | r = -EBADMSG; |
1027 | goto fail; | |
1028 | } | |
1029 | ||
1030 | entry_realtime = le64toh(o->entry.realtime); | |
1031 | entry_realtime_set = true; | |
1032 | ||
313cefa1 | 1033 | n_entries++; |
a8e5f514 | 1034 | break; |
0284adc6 | 1035 | |
a8e5f514 | 1036 | case OBJECT_DATA_HASH_TABLE: |
0284adc6 | 1037 | if (n_data_hash_tables > 1) { |
e80acc51 | 1038 | error(p, "More than one data hash table"); |
0284adc6 LP |
1039 | r = -EBADMSG; |
1040 | goto fail; | |
1041 | } | |
1042 | ||
1043 | if (le64toh(f->header->data_hash_table_offset) != p + offsetof(HashTableObject, items) || | |
1044 | le64toh(f->header->data_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) { | |
54f3ff07 | 1045 | error(p, "header fields for data hash table invalid"); |
0284adc6 LP |
1046 | r = -EBADMSG; |
1047 | goto fail; | |
1048 | } | |
0284adc6 | 1049 | |
a8e5f514 LP |
1050 | n_data_hash_tables++; |
1051 | break; | |
1052 | ||
1053 | case OBJECT_FIELD_HASH_TABLE: | |
0284adc6 | 1054 | if (n_field_hash_tables > 1) { |
e80acc51 | 1055 | error(p, "More than one field hash table"); |
0284adc6 LP |
1056 | r = -EBADMSG; |
1057 | goto fail; | |
1058 | } | |
1059 | ||
1060 | if (le64toh(f->header->field_hash_table_offset) != p + offsetof(HashTableObject, items) || | |
1061 | le64toh(f->header->field_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) { | |
e80acc51 | 1062 | error(p, "Header fields for field hash table invalid"); |
0284adc6 LP |
1063 | r = -EBADMSG; |
1064 | goto fail; | |
1065 | } | |
a8e5f514 LP |
1066 | |
1067 | n_field_hash_tables++; | |
1068 | break; | |
1069 | ||
1070 | case OBJECT_ENTRY_ARRAY: | |
1071 | r = write_uint64(entry_array_fd, p); | |
1072 | if (r < 0) | |
1073 | goto fail; | |
1074 | ||
1075 | if (p == le64toh(f->header->entry_array_offset)) { | |
1076 | if (found_main_entry_array) { | |
e80acc51 | 1077 | error(p, "More than one main entry array"); |
a8e5f514 LP |
1078 | r = -EBADMSG; |
1079 | goto fail; | |
1080 | } | |
1081 | ||
1082 | found_main_entry_array = true; | |
1083 | } | |
1084 | ||
1085 | n_entry_arrays++; | |
1086 | break; | |
1087 | ||
feb12d3e | 1088 | case OBJECT_TAG: |
8088cbd3 | 1089 | if (!JOURNAL_HEADER_SEALED(f->header)) { |
e80acc51 | 1090 | error(p, "Tag object in file without sealing"); |
a8e5f514 LP |
1091 | r = -EBADMSG; |
1092 | goto fail; | |
1093 | } | |
1094 | ||
1095 | if (le64toh(o->tag.seqnum) != n_tags + 1) { | |
e80acc51 | 1096 | error(p, "Tag sequence number out of synchronization"); |
a8e5f514 LP |
1097 | r = -EBADMSG; |
1098 | goto fail; | |
1099 | } | |
1100 | ||
14d10188 | 1101 | if (le64toh(o->tag.epoch) < last_epoch) { |
e80acc51 | 1102 | error(p, "Epoch sequence out of synchronization"); |
7b5fd91c LP |
1103 | r = -EBADMSG; |
1104 | goto fail; | |
1105 | } | |
1106 | ||
349cc4a5 | 1107 | #if HAVE_GCRYPT |
c586dbf1 | 1108 | if (f->seal) { |
feb12d3e LP |
1109 | uint64_t q, rt; |
1110 | ||
e80acc51 | 1111 | debug(p, "Checking tag %"PRIu64"...", le64toh(o->tag.seqnum)); |
14d10188 | 1112 | |
f39c13e0 | 1113 | rt = f->fss_start_usec + le64toh(o->tag.epoch) * f->fss_interval_usec; |
f7fab8a5 | 1114 | if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) { |
54f3ff07 | 1115 | error(p, "tag/entry realtime timestamp out of synchronization"); |
c586dbf1 LP |
1116 | r = -EBADMSG; |
1117 | goto fail; | |
1118 | } | |
14d10188 | 1119 | |
c586dbf1 LP |
1120 | /* OK, now we know the epoch. So let's now set |
1121 | * it, and calculate the HMAC for everything | |
1122 | * since the last tag. */ | |
1123 | r = journal_file_fsprg_seek(f, le64toh(o->tag.epoch)); | |
14d10188 LP |
1124 | if (r < 0) |
1125 | goto fail; | |
1126 | ||
c586dbf1 | 1127 | r = journal_file_hmac_start(f); |
14d10188 LP |
1128 | if (r < 0) |
1129 | goto fail; | |
1130 | ||
c586dbf1 LP |
1131 | if (last_tag == 0) { |
1132 | r = journal_file_hmac_put_header(f); | |
1133 | if (r < 0) | |
1134 | goto fail; | |
1135 | ||
1136 | q = le64toh(f->header->header_size); | |
1137 | } else | |
1138 | q = last_tag; | |
1139 | ||
1140 | while (q <= p) { | |
d05089d8 | 1141 | r = journal_file_move_to_object(f, OBJECT_UNUSED, q, &o); |
c586dbf1 LP |
1142 | if (r < 0) |
1143 | goto fail; | |
1144 | ||
d05089d8 | 1145 | r = journal_file_hmac_put_object(f, OBJECT_UNUSED, o, q); |
c586dbf1 LP |
1146 | if (r < 0) |
1147 | goto fail; | |
1148 | ||
1149 | q = q + ALIGN64(le64toh(o->object.size)); | |
1150 | } | |
1151 | ||
1152 | /* Position might have changed, let's reposition things */ | |
d05089d8 | 1153 | r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o); |
14d10188 LP |
1154 | if (r < 0) |
1155 | goto fail; | |
1156 | ||
c586dbf1 | 1157 | if (memcmp(o->tag.tag, gcry_md_read(f->hmac, 0), TAG_LENGTH) != 0) { |
e80acc51 | 1158 | error(p, "Tag failed verification"); |
c586dbf1 LP |
1159 | r = -EBADMSG; |
1160 | goto fail; | |
1161 | } | |
14d10188 | 1162 | |
c586dbf1 LP |
1163 | f->hmac_running = false; |
1164 | last_tag_realtime = rt; | |
f7fab8a5 | 1165 | last_sealed_realtime = entry_realtime; |
14d10188 LP |
1166 | } |
1167 | ||
14d10188 | 1168 | last_tag = p + ALIGN64(le64toh(o->object.size)); |
0ab5c3ed ZJS |
1169 | #endif |
1170 | ||
c586dbf1 | 1171 | last_epoch = le64toh(o->tag.epoch); |
6c7be122 | 1172 | |
313cefa1 | 1173 | n_tags++; |
a8e5f514 LP |
1174 | break; |
1175 | ||
1176 | default: | |
313cefa1 | 1177 | n_weird++; |
a8e5f514 | 1178 | } |
0284adc6 | 1179 | |
8dc37a85 LP |
1180 | if (p == le64toh(f->header->tail_object_offset)) { |
1181 | found_last = true; | |
1182 | break; | |
1183 | } | |
0284adc6 | 1184 | |
8dc37a85 LP |
1185 | p = p + ALIGN64(le64toh(o->object.size)); |
1186 | }; | |
1187 | ||
1188 | if (!found_last && le64toh(f->header->tail_object_offset) != 0) { | |
e80acc51 | 1189 | error(le64toh(f->header->tail_object_offset), "Tail object pointer dead"); |
97147f8c LP |
1190 | r = -EBADMSG; |
1191 | goto fail; | |
1192 | } | |
1193 | ||
0284adc6 | 1194 | if (n_objects != le64toh(f->header->n_objects)) { |
e80acc51 | 1195 | error(offsetof(Header, n_objects), "Object number mismatch"); |
0284adc6 LP |
1196 | r = -EBADMSG; |
1197 | goto fail; | |
1198 | } | |
1199 | ||
1200 | if (n_entries != le64toh(f->header->n_entries)) { | |
e80acc51 | 1201 | error(offsetof(Header, n_entries), "Entry number mismatch"); |
0284adc6 LP |
1202 | r = -EBADMSG; |
1203 | goto fail; | |
1204 | } | |
1205 | ||
1206 | if (JOURNAL_HEADER_CONTAINS(f->header, n_data) && | |
1207 | n_data != le64toh(f->header->n_data)) { | |
e80acc51 | 1208 | error(offsetof(Header, n_data), "Data number mismatch"); |
0284adc6 LP |
1209 | r = -EBADMSG; |
1210 | goto fail; | |
1211 | } | |
1212 | ||
1213 | if (JOURNAL_HEADER_CONTAINS(f->header, n_fields) && | |
1214 | n_fields != le64toh(f->header->n_fields)) { | |
e80acc51 | 1215 | error(offsetof(Header, n_fields), "Field number mismatch"); |
0284adc6 LP |
1216 | r = -EBADMSG; |
1217 | goto fail; | |
1218 | } | |
1219 | ||
1220 | if (JOURNAL_HEADER_CONTAINS(f->header, n_tags) && | |
a8e5f514 | 1221 | n_tags != le64toh(f->header->n_tags)) { |
e80acc51 | 1222 | error(offsetof(Header, n_tags), "Tag number mismatch"); |
0284adc6 LP |
1223 | r = -EBADMSG; |
1224 | goto fail; | |
1225 | } | |
1226 | ||
2dee23eb LP |
1227 | if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays) && |
1228 | n_entry_arrays != le64toh(f->header->n_entry_arrays)) { | |
e80acc51 | 1229 | error(offsetof(Header, n_entry_arrays), "Entry array number mismatch"); |
2dee23eb LP |
1230 | r = -EBADMSG; |
1231 | goto fail; | |
1232 | } | |
1233 | ||
8dc37a85 | 1234 | if (!found_main_entry_array && le64toh(f->header->entry_array_offset) != 0) { |
e80acc51 | 1235 | error(0, "Missing entry array"); |
0284adc6 LP |
1236 | r = -EBADMSG; |
1237 | goto fail; | |
1238 | } | |
1239 | ||
1240 | if (entry_seqnum_set && | |
1241 | entry_seqnum != le64toh(f->header->tail_entry_seqnum)) { | |
e80acc51 | 1242 | error(offsetof(Header, tail_entry_seqnum), "Invalid tail seqnum"); |
0284adc6 LP |
1243 | r = -EBADMSG; |
1244 | goto fail; | |
1245 | } | |
1246 | ||
1247 | if (entry_monotonic_set && | |
1248 | (!sd_id128_equal(entry_boot_id, f->header->boot_id) || | |
1249 | entry_monotonic != le64toh(f->header->tail_entry_monotonic))) { | |
e80acc51 | 1250 | error(0, "Invalid tail monotonic timestamp"); |
0284adc6 LP |
1251 | r = -EBADMSG; |
1252 | goto fail; | |
1253 | } | |
1254 | ||
1255 | if (entry_realtime_set && entry_realtime != le64toh(f->header->tail_entry_realtime)) { | |
e80acc51 | 1256 | error(0, "Invalid tail realtime timestamp"); |
0284adc6 LP |
1257 | r = -EBADMSG; |
1258 | goto fail; | |
1259 | } | |
1260 | ||
86adf873 LP |
1261 | /* Second iteration: we follow all objects referenced from the |
1262 | * two entry points: the object hash table and the entry | |
1263 | * array. We also check that everything referenced (directly | |
1264 | * or indirectly) in the data hash table also exists in the | |
1265 | * entry array, and vice versa. Note that we do not care for | |
1266 | * unreferenced objects. We only care that everything that is | |
1267 | * referenced is consistent. */ | |
1268 | ||
1269 | r = verify_entry_array(f, | |
be7cdd8e VC |
1270 | cache_data_fd, n_data, |
1271 | cache_entry_fd, n_entries, | |
1272 | cache_entry_array_fd, n_entry_arrays, | |
b72631e5 LP |
1273 | &last_usec, |
1274 | show_progress); | |
86adf873 LP |
1275 | if (r < 0) |
1276 | goto fail; | |
0284adc6 | 1277 | |
86adf873 | 1278 | r = verify_hash_table(f, |
be7cdd8e VC |
1279 | cache_data_fd, n_data, |
1280 | cache_entry_fd, n_entries, | |
1281 | cache_entry_array_fd, n_entry_arrays, | |
b72631e5 LP |
1282 | &last_usec, |
1283 | show_progress); | |
86adf873 LP |
1284 | if (r < 0) |
1285 | goto fail; | |
0284adc6 | 1286 | |
b72631e5 LP |
1287 | if (show_progress) |
1288 | flush_progress(); | |
0284adc6 | 1289 | |
be7cdd8e VC |
1290 | mmap_cache_free_fd(f->mmap, cache_data_fd); |
1291 | mmap_cache_free_fd(f->mmap, cache_entry_fd); | |
1292 | mmap_cache_free_fd(f->mmap, cache_entry_array_fd); | |
0284adc6 | 1293 | |
03e334a1 LP |
1294 | safe_close(data_fd); |
1295 | safe_close(entry_fd); | |
1296 | safe_close(entry_array_fd); | |
0284adc6 | 1297 | |
2a7b539a LP |
1298 | if (first_contained) |
1299 | *first_contained = le64toh(f->header->head_entry_realtime); | |
6c7be122 | 1300 | if (last_validated) |
f7fab8a5 | 1301 | *last_validated = last_sealed_realtime; |
6c7be122 LP |
1302 | if (last_contained) |
1303 | *last_contained = le64toh(f->header->tail_entry_realtime); | |
1304 | ||
0284adc6 LP |
1305 | return 0; |
1306 | ||
1307 | fail: | |
b72631e5 LP |
1308 | if (show_progress) |
1309 | flush_progress(); | |
0284adc6 | 1310 | |
92fba83e | 1311 | log_error("File corruption detected at %s:"OFSfmt" (of %llu bytes, %"PRIu64"%%).", |
0284adc6 | 1312 | f->path, |
507f22bd | 1313 | p, |
0284adc6 | 1314 | (unsigned long long) f->last_stat.st_size, |
507f22bd | 1315 | 100 * p / f->last_stat.st_size); |
0284adc6 | 1316 | |
be7cdd8e | 1317 | if (data_fd >= 0) |
03e334a1 | 1318 | safe_close(data_fd); |
0284adc6 | 1319 | |
be7cdd8e | 1320 | if (entry_fd >= 0) |
03e334a1 | 1321 | safe_close(entry_fd); |
0284adc6 | 1322 | |
be7cdd8e | 1323 | if (entry_array_fd >= 0) |
03e334a1 | 1324 | safe_close(entry_array_fd); |
be7cdd8e VC |
1325 | |
1326 | if (cache_data_fd) | |
1327 | mmap_cache_free_fd(f->mmap, cache_data_fd); | |
1328 | ||
1329 | if (cache_entry_fd) | |
1330 | mmap_cache_free_fd(f->mmap, cache_entry_fd); | |
1331 | ||
1332 | if (cache_entry_array_fd) | |
1333 | mmap_cache_free_fd(f->mmap, cache_entry_array_fd); | |
0284adc6 LP |
1334 | |
1335 | return r; | |
1336 | } |