]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/journal/journal-verify.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pkgconfig: define variables relative to ${prefix}/${rootprefix}/${sysconfdir}
[thirdparty/systemd.git] / src / journal / journal-verify.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <fcntl.h>
4 #include <stddef.h>
5 #include <sys/mman.h>
6 #include <unistd.h>
7
8 #include "alloc-util.h"
9 #include "compress.h"
10 #include "fd-util.h"
11 #include "fileio.h"
12 #include "fs-util.h"
13 #include "journal-authenticate.h"
14 #include "journal-def.h"
15 #include "journal-file.h"
16 #include "journal-verify.h"
17 #include "lookup3.h"
18 #include "macro.h"
19 #include "terminal-util.h"
20 #include "util.h"
21
22 static void draw_progress(uint64_t p, usec_t *last_usec) {
23 unsigned n, i, j, k;
24 usec_t z, x;
25
26 if (!on_tty())
27 return;
28
29 z = now(CLOCK_MONOTONIC);
30 x = *last_usec;
31
32 if (x != 0 && x + 40 * USEC_PER_MSEC > z)
33 return;
34
35 *last_usec = z;
36
37 n = (3 * columns()) / 4;
38 j = (n * (unsigned) p) / 65535ULL;
39 k = n - j;
40
41 fputs("\r", stdout);
42 if (colors_enabled())
43 fputs("\x1B[?25l" ANSI_HIGHLIGHT_GREEN, stdout);
44
45 for (i = 0; i < j; i++)
46 fputs("\xe2\x96\x88", stdout);
47
48 fputs(ANSI_NORMAL, stdout);
49
50 for (i = 0; i < k; i++)
51 fputs("\xe2\x96\x91", stdout);
52
53 printf(" %3"PRIu64"%%", 100U * p / 65535U);
54
55 fputs("\r", stdout);
56 if (colors_enabled())
57 fputs("\x1B[?25h", stdout);
58
59 fflush(stdout);
60 }
61
62 static uint64_t scale_progress(uint64_t scale, uint64_t p, uint64_t m) {
63 /* Calculates scale * p / m, but handles m == 0 safely, and saturates.
64 * Currently all callers use m >= 1, but we keep the check to be defensive.
65 */
66
67 if (p >= m || m == 0) /* lgtm [cpp/constant-comparison] */
68 return scale;
69
70 return scale * p / m;
71 }
72
73 static void flush_progress(void) {
74 unsigned n, i;
75
76 if (!on_tty())
77 return;
78
79 n = (3 * columns()) / 4;
80
81 putchar('\r');
82
83 for (i = 0; i < n + 5; i++)
84 putchar(' ');
85
86 putchar('\r');
87 fflush(stdout);
88 }
89
90 #define debug(_offset, _fmt, ...) do { \
91 flush_progress(); \
92 log_debug(OFSfmt": " _fmt, _offset, ##__VA_ARGS__); \
93 } while (0)
94
95 #define warning(_offset, _fmt, ...) do { \
96 flush_progress(); \
97 log_warning(OFSfmt": " _fmt, _offset, ##__VA_ARGS__); \
98 } while (0)
99
100 #define error(_offset, _fmt, ...) do { \
101 flush_progress(); \
102 log_error(OFSfmt": " _fmt, (uint64_t)_offset, ##__VA_ARGS__); \
103 } while (0)
104
105 #define error_errno(_offset, error, _fmt, ...) do { \
106 flush_progress(); \
107 log_error_errno(error, OFSfmt": " _fmt, (uint64_t)_offset, ##__VA_ARGS__); \
108 } while (0)
109
110 static int journal_file_object_verify(JournalFile *f, uint64_t offset, Object *o) {
111 uint64_t i;
112
113 assert(f);
114 assert(offset);
115 assert(o);
116
117 /* This does various superficial tests about the length an
118 * possible field values. It does not follow any references to
119 * other objects. */
120
121 if ((o->object.flags & OBJECT_COMPRESSED_XZ) &&
122 o->object.type != OBJECT_DATA) {
123 error(offset, "Found compressed object that isn't of type DATA, which is not allowed.");
124 return -EBADMSG;
125 }
126
127 switch (o->object.type) {
128
129 case OBJECT_DATA: {
130 uint64_t h1, h2;
131 int compression, r;
132
133 if (le64toh(o->data.entry_offset) == 0)
134 warning(offset, "Unused data (entry_offset==0)");
135
136 if ((le64toh(o->data.entry_offset) == 0) ^ (le64toh(o->data.n_entries) == 0)) {
137 error(offset, "Bad n_entries: %"PRIu64, le64toh(o->data.n_entries));
138 return -EBADMSG;
139 }
140
141 if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0) {
142 error(offset, "Bad object size (<= %zu): %"PRIu64,
143 offsetof(DataObject, payload),
144 le64toh(o->object.size));
145 return -EBADMSG;
146 }
147
148 h1 = le64toh(o->data.hash);
149
150 compression = o->object.flags & OBJECT_COMPRESSION_MASK;
151 if (compression) {
152 _cleanup_free_ void *b = NULL;
153 size_t alloc = 0, b_size;
154
155 r = decompress_blob(compression,
156 o->data.payload,
157 le64toh(o->object.size) - offsetof(Object, data.payload),
158 &b, &alloc, &b_size, 0);
159 if (r < 0) {
160 error_errno(offset, r, "%s decompression failed: %m",
161 object_compressed_to_string(compression));
162 return r;
163 }
164
165 h2 = hash64(b, b_size);
166 } else
167 h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload));
168
169 if (h1 != h2) {
170 error(offset, "Invalid hash (%08"PRIx64" vs. %08"PRIx64, h1, h2);
171 return -EBADMSG;
172 }
173
174 if (!VALID64(le64toh(o->data.next_hash_offset)) ||
175 !VALID64(le64toh(o->data.next_field_offset)) ||
176 !VALID64(le64toh(o->data.entry_offset)) ||
177 !VALID64(le64toh(o->data.entry_array_offset))) {
178 error(offset, "Invalid offset (next_hash_offset="OFSfmt", next_field_offset="OFSfmt", entry_offset="OFSfmt", entry_array_offset="OFSfmt,
179 le64toh(o->data.next_hash_offset),
180 le64toh(o->data.next_field_offset),
181 le64toh(o->data.entry_offset),
182 le64toh(o->data.entry_array_offset));
183 return -EBADMSG;
184 }
185
186 break;
187 }
188
189 case OBJECT_FIELD:
190 if (le64toh(o->object.size) - offsetof(FieldObject, payload) <= 0) {
191 error(offset,
192 "Bad field size (<= %zu): %"PRIu64,
193 offsetof(FieldObject, payload),
194 le64toh(o->object.size));
195 return -EBADMSG;
196 }
197
198 if (!VALID64(le64toh(o->field.next_hash_offset)) ||
199 !VALID64(le64toh(o->field.head_data_offset))) {
200 error(offset,
201 "Invalid offset (next_hash_offset="OFSfmt", head_data_offset="OFSfmt,
202 le64toh(o->field.next_hash_offset),
203 le64toh(o->field.head_data_offset));
204 return -EBADMSG;
205 }
206 break;
207
208 case OBJECT_ENTRY:
209 if ((le64toh(o->object.size) - offsetof(EntryObject, items)) % sizeof(EntryItem) != 0) {
210 error(offset,
211 "Bad entry size (<= %zu): %"PRIu64,
212 offsetof(EntryObject, items),
213 le64toh(o->object.size));
214 return -EBADMSG;
215 }
216
217 if ((le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem) <= 0) {
218 error(offset,
219 "Invalid number items in entry: %"PRIu64,
220 (le64toh(o->object.size) - offsetof(EntryObject, items)) / sizeof(EntryItem));
221 return -EBADMSG;
222 }
223
224 if (le64toh(o->entry.seqnum) <= 0) {
225 error(offset,
226 "Invalid entry seqnum: %"PRIx64,
227 le64toh(o->entry.seqnum));
228 return -EBADMSG;
229 }
230
231 if (!VALID_REALTIME(le64toh(o->entry.realtime))) {
232 error(offset,
233 "Invalid entry realtime timestamp: %"PRIu64,
234 le64toh(o->entry.realtime));
235 return -EBADMSG;
236 }
237
238 if (!VALID_MONOTONIC(le64toh(o->entry.monotonic))) {
239 error(offset,
240 "Invalid entry monotonic timestamp: %"PRIu64,
241 le64toh(o->entry.monotonic));
242 return -EBADMSG;
243 }
244
245 for (i = 0; i < journal_file_entry_n_items(o); i++) {
246 if (le64toh(o->entry.items[i].object_offset) == 0 ||
247 !VALID64(le64toh(o->entry.items[i].object_offset))) {
248 error(offset,
249 "Invalid entry item (%"PRIu64"/%"PRIu64" offset: "OFSfmt,
250 i, journal_file_entry_n_items(o),
251 le64toh(o->entry.items[i].object_offset));
252 return -EBADMSG;
253 }
254 }
255
256 break;
257
258 case OBJECT_DATA_HASH_TABLE:
259 case OBJECT_FIELD_HASH_TABLE:
260 if ((le64toh(o->object.size) - offsetof(HashTableObject, items)) % sizeof(HashItem) != 0 ||
261 (le64toh(o->object.size) - offsetof(HashTableObject, items)) / sizeof(HashItem) <= 0) {
262 error(offset,
263 "Invalid %s hash table size: %"PRIu64,
264 o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field",
265 le64toh(o->object.size));
266 return -EBADMSG;
267 }
268
269 for (i = 0; i < journal_file_hash_table_n_items(o); i++) {
270 if (o->hash_table.items[i].head_hash_offset != 0 &&
271 !VALID64(le64toh(o->hash_table.items[i].head_hash_offset))) {
272 error(offset,
273 "Invalid %s hash table item (%"PRIu64"/%"PRIu64") head_hash_offset: "OFSfmt,
274 o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field",
275 i, journal_file_hash_table_n_items(o),
276 le64toh(o->hash_table.items[i].head_hash_offset));
277 return -EBADMSG;
278 }
279 if (o->hash_table.items[i].tail_hash_offset != 0 &&
280 !VALID64(le64toh(o->hash_table.items[i].tail_hash_offset))) {
281 error(offset,
282 "Invalid %s hash table item (%"PRIu64"/%"PRIu64") tail_hash_offset: "OFSfmt,
283 o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field",
284 i, journal_file_hash_table_n_items(o),
285 le64toh(o->hash_table.items[i].tail_hash_offset));
286 return -EBADMSG;
287 }
288
289 if ((o->hash_table.items[i].head_hash_offset != 0) !=
290 (o->hash_table.items[i].tail_hash_offset != 0)) {
291 error(offset,
292 "Invalid %s hash table item (%"PRIu64"/%"PRIu64"): head_hash_offset="OFSfmt" tail_hash_offset="OFSfmt,
293 o->object.type == OBJECT_DATA_HASH_TABLE ? "data" : "field",
294 i, journal_file_hash_table_n_items(o),
295 le64toh(o->hash_table.items[i].head_hash_offset),
296 le64toh(o->hash_table.items[i].tail_hash_offset));
297 return -EBADMSG;
298 }
299 }
300
301 break;
302
303 case OBJECT_ENTRY_ARRAY:
304 if ((le64toh(o->object.size) - offsetof(EntryArrayObject, items)) % sizeof(le64_t) != 0 ||
305 (le64toh(o->object.size) - offsetof(EntryArrayObject, items)) / sizeof(le64_t) <= 0) {
306 error(offset,
307 "Invalid object entry array size: %"PRIu64,
308 le64toh(o->object.size));
309 return -EBADMSG;
310 }
311
312 if (!VALID64(le64toh(o->entry_array.next_entry_array_offset))) {
313 error(offset,
314 "Invalid object entry array next_entry_array_offset: "OFSfmt,
315 le64toh(o->entry_array.next_entry_array_offset));
316 return -EBADMSG;
317 }
318
319 for (i = 0; i < journal_file_entry_array_n_items(o); i++)
320 if (le64toh(o->entry_array.items[i]) != 0 &&
321 !VALID64(le64toh(o->entry_array.items[i]))) {
322 error(offset,
323 "Invalid object entry array item (%"PRIu64"/%"PRIu64"): "OFSfmt,
324 i, journal_file_entry_array_n_items(o),
325 le64toh(o->entry_array.items[i]));
326 return -EBADMSG;
327 }
328
329 break;
330
331 case OBJECT_TAG:
332 if (le64toh(o->object.size) != sizeof(TagObject)) {
333 error(offset,
334 "Invalid object tag size: %"PRIu64,
335 le64toh(o->object.size));
336 return -EBADMSG;
337 }
338
339 if (!VALID_EPOCH(le64toh(o->tag.epoch))) {
340 error(offset,
341 "Invalid object tag epoch: %"PRIu64,
342 le64toh(o->tag.epoch));
343 return -EBADMSG;
344 }
345
346 break;
347 }
348
349 return 0;
350 }
351
352 static int write_uint64(int fd, uint64_t p) {
353 ssize_t k;
354
355 k = write(fd, &p, sizeof(p));
356 if (k < 0)
357 return -errno;
358 if (k != sizeof(p))
359 return -EIO;
360
361 return 0;
362 }
363
364 static int contains_uint64(MMapCache *m, MMapFileDescriptor *f, uint64_t n, uint64_t p) {
365 uint64_t a, b;
366 int r;
367
368 assert(m);
369 assert(f);
370
371 /* Bisection ... */
372
373 a = 0; b = n;
374 while (a < b) {
375 uint64_t c, *z;
376
377 c = (a + b) / 2;
378
379 r = mmap_cache_get(m, f, PROT_READ|PROT_WRITE, 0, false, c * sizeof(uint64_t), sizeof(uint64_t), NULL, (void **) &z, NULL);
380 if (r < 0)
381 return r;
382
383 if (*z == p)
384 return 1;
385
386 if (a + 1 >= b)
387 return 0;
388
389 if (p < *z)
390 b = c;
391 else
392 a = c;
393 }
394
395 return 0;
396 }
397
398 static int entry_points_to_data(
399 JournalFile *f,
400 MMapFileDescriptor *cache_entry_fd,
401 uint64_t n_entries,
402 uint64_t entry_p,
403 uint64_t data_p) {
404
405 int r;
406 uint64_t i, n, a;
407 Object *o;
408 bool found = false;
409
410 assert(f);
411 assert(cache_entry_fd);
412
413 if (!contains_uint64(f->mmap, cache_entry_fd, n_entries, entry_p)) {
414 error(data_p, "Data object references invalid entry at "OFSfmt, entry_p);
415 return -EBADMSG;
416 }
417
418 r = journal_file_move_to_object(f, OBJECT_ENTRY, entry_p, &o);
419 if (r < 0)
420 return r;
421
422 n = journal_file_entry_n_items(o);
423 for (i = 0; i < n; i++)
424 if (le64toh(o->entry.items[i].object_offset) == data_p) {
425 found = true;
426 break;
427 }
428
429 if (!found) {
430 error(entry_p, "Data object at "OFSfmt" not referenced by linked entry", data_p);
431 return -EBADMSG;
432 }
433
434 /* Check if this entry is also in main entry array. Since the
435 * main entry array has already been verified we can rely on
436 * its consistency. */
437
438 i = 0;
439 n = le64toh(f->header->n_entries);
440 a = le64toh(f->header->entry_array_offset);
441
442 while (i < n) {
443 uint64_t m, u;
444
445 r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
446 if (r < 0)
447 return r;
448
449 m = journal_file_entry_array_n_items(o);
450 u = MIN(n - i, m);
451
452 if (entry_p <= le64toh(o->entry_array.items[u-1])) {
453 uint64_t x, y, z;
454
455 x = 0;
456 y = u;
457
458 while (x < y) {
459 z = (x + y) / 2;
460
461 if (le64toh(o->entry_array.items[z]) == entry_p)
462 return 0;
463
464 if (x + 1 >= y)
465 break;
466
467 if (entry_p < le64toh(o->entry_array.items[z]))
468 y = z;
469 else
470 x = z;
471 }
472
473 error(entry_p, "Entry object doesn't exist in main entry array");
474 return -EBADMSG;
475 }
476
477 i += u;
478 a = le64toh(o->entry_array.next_entry_array_offset);
479 }
480
481 return 0;
482 }
483
484 static int verify_data(
485 JournalFile *f,
486 Object *o, uint64_t p,
487 MMapFileDescriptor *cache_entry_fd, uint64_t n_entries,
488 MMapFileDescriptor *cache_entry_array_fd, uint64_t n_entry_arrays) {
489
490 uint64_t i, n, a, last, q;
491 int r;
492
493 assert(f);
494 assert(o);
495 assert(cache_entry_fd);
496 assert(cache_entry_array_fd);
497
498 n = le64toh(o->data.n_entries);
499 a = le64toh(o->data.entry_array_offset);
500
501 /* Entry array means at least two objects */
502 if (a && n < 2) {
503 error(p, "Entry array present (entry_array_offset="OFSfmt", but n_entries=%"PRIu64")", a, n);
504 return -EBADMSG;
505 }
506
507 if (n == 0)
508 return 0;
509
510 /* We already checked that earlier */
511 assert(o->data.entry_offset);
512
513 last = q = le64toh(o->data.entry_offset);
514 r = entry_points_to_data(f, cache_entry_fd, n_entries, q, p);
515 if (r < 0)
516 return r;
517
518 i = 1;
519 while (i < n) {
520 uint64_t next, m, j;
521
522 if (a == 0) {
523 error(p, "Array chain too short");
524 return -EBADMSG;
525 }
526
527 if (!contains_uint64(f->mmap, cache_entry_array_fd, n_entry_arrays, a)) {
528 error(p, "Invalid array offset "OFSfmt, a);
529 return -EBADMSG;
530 }
531
532 r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
533 if (r < 0)
534 return r;
535
536 next = le64toh(o->entry_array.next_entry_array_offset);
537 if (next != 0 && next <= a) {
538 error(p, "Array chain has cycle (jumps back from "OFSfmt" to "OFSfmt")", a, next);
539 return -EBADMSG;
540 }
541
542 m = journal_file_entry_array_n_items(o);
543 for (j = 0; i < n && j < m; i++, j++) {
544
545 q = le64toh(o->entry_array.items[j]);
546 if (q <= last) {
547 error(p, "Data object's entry array not sorted");
548 return -EBADMSG;
549 }
550 last = q;
551
552 r = entry_points_to_data(f, cache_entry_fd, n_entries, q, p);
553 if (r < 0)
554 return r;
555
556 /* Pointer might have moved, reposition */
557 r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
558 if (r < 0)
559 return r;
560 }
561
562 a = next;
563 }
564
565 return 0;
566 }
567
568 static int verify_hash_table(
569 JournalFile *f,
570 MMapFileDescriptor *cache_data_fd, uint64_t n_data,
571 MMapFileDescriptor *cache_entry_fd, uint64_t n_entries,
572 MMapFileDescriptor *cache_entry_array_fd, uint64_t n_entry_arrays,
573 usec_t *last_usec,
574 bool show_progress) {
575
576 uint64_t i, n;
577 int r;
578
579 assert(f);
580 assert(cache_data_fd);
581 assert(cache_entry_fd);
582 assert(cache_entry_array_fd);
583 assert(last_usec);
584
585 n = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
586 if (n <= 0)
587 return 0;
588
589 r = journal_file_map_data_hash_table(f);
590 if (r < 0)
591 return log_error_errno(r, "Failed to map data hash table: %m");
592
593 for (i = 0; i < n; i++) {
594 uint64_t last = 0, p;
595
596 if (show_progress)
597 draw_progress(0xC000 + scale_progress(0x3FFF, i, n), last_usec);
598
599 p = le64toh(f->data_hash_table[i].head_hash_offset);
600 while (p != 0) {
601 Object *o;
602 uint64_t next;
603
604 if (!contains_uint64(f->mmap, cache_data_fd, n_data, p)) {
605 error(p, "Invalid data object at hash entry %"PRIu64" of %"PRIu64, i, n);
606 return -EBADMSG;
607 }
608
609 r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
610 if (r < 0)
611 return r;
612
613 next = le64toh(o->data.next_hash_offset);
614 if (next != 0 && next <= p) {
615 error(p, "Hash chain has a cycle in hash entry %"PRIu64" of %"PRIu64, i, n);
616 return -EBADMSG;
617 }
618
619 if (le64toh(o->data.hash) % n != i) {
620 error(p, "Hash value mismatch in hash entry %"PRIu64" of %"PRIu64, i, n);
621 return -EBADMSG;
622 }
623
624 r = verify_data(f, o, p, cache_entry_fd, n_entries, cache_entry_array_fd, n_entry_arrays);
625 if (r < 0)
626 return r;
627
628 last = p;
629 p = next;
630 }
631
632 if (last != le64toh(f->data_hash_table[i].tail_hash_offset)) {
633 error(p, "Tail hash pointer mismatch in hash table");
634 return -EBADMSG;
635 }
636 }
637
638 return 0;
639 }
640
641 static int data_object_in_hash_table(JournalFile *f, uint64_t hash, uint64_t p) {
642 uint64_t n, h, q;
643 int r;
644 assert(f);
645
646 n = le64toh(f->header->data_hash_table_size) / sizeof(HashItem);
647 if (n <= 0)
648 return 0;
649
650 r = journal_file_map_data_hash_table(f);
651 if (r < 0)
652 return log_error_errno(r, "Failed to map data hash table: %m");
653
654 h = hash % n;
655
656 q = le64toh(f->data_hash_table[h].head_hash_offset);
657 while (q != 0) {
658 Object *o;
659
660 if (p == q)
661 return 1;
662
663 r = journal_file_move_to_object(f, OBJECT_DATA, q, &o);
664 if (r < 0)
665 return r;
666
667 q = le64toh(o->data.next_hash_offset);
668 }
669
670 return 0;
671 }
672
673 static int verify_entry(
674 JournalFile *f,
675 Object *o, uint64_t p,
676 MMapFileDescriptor *cache_data_fd, uint64_t n_data) {
677
678 uint64_t i, n;
679 int r;
680
681 assert(f);
682 assert(o);
683 assert(cache_data_fd);
684
685 n = journal_file_entry_n_items(o);
686 for (i = 0; i < n; i++) {
687 uint64_t q, h;
688 Object *u;
689
690 q = le64toh(o->entry.items[i].object_offset);
691 h = le64toh(o->entry.items[i].hash);
692
693 if (!contains_uint64(f->mmap, cache_data_fd, n_data, q)) {
694 error(p, "Invalid data object of entry");
695 return -EBADMSG;
696 }
697
698 r = journal_file_move_to_object(f, OBJECT_DATA, q, &u);
699 if (r < 0)
700 return r;
701
702 if (le64toh(u->data.hash) != h) {
703 error(p, "Hash mismatch for data object of entry");
704 return -EBADMSG;
705 }
706
707 r = data_object_in_hash_table(f, h, q);
708 if (r < 0)
709 return r;
710 if (r == 0) {
711 error(p, "Data object missing from hash table");
712 return -EBADMSG;
713 }
714 }
715
716 return 0;
717 }
718
719 static int verify_entry_array(
720 JournalFile *f,
721 MMapFileDescriptor *cache_data_fd, uint64_t n_data,
722 MMapFileDescriptor *cache_entry_fd, uint64_t n_entries,
723 MMapFileDescriptor *cache_entry_array_fd, uint64_t n_entry_arrays,
724 usec_t *last_usec,
725 bool show_progress) {
726
727 uint64_t i = 0, a, n, last = 0;
728 int r;
729
730 assert(f);
731 assert(cache_data_fd);
732 assert(cache_entry_fd);
733 assert(cache_entry_array_fd);
734 assert(last_usec);
735
736 n = le64toh(f->header->n_entries);
737 a = le64toh(f->header->entry_array_offset);
738 while (i < n) {
739 uint64_t next, m, j;
740 Object *o;
741
742 if (show_progress)
743 draw_progress(0x8000 + scale_progress(0x3FFF, i, n), last_usec);
744
745 if (a == 0) {
746 error(a, "Array chain too short at %"PRIu64" of %"PRIu64, i, n);
747 return -EBADMSG;
748 }
749
750 if (!contains_uint64(f->mmap, cache_entry_array_fd, n_entry_arrays, a)) {
751 error(a, "Invalid array %"PRIu64" of %"PRIu64, i, n);
752 return -EBADMSG;
753 }
754
755 r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
756 if (r < 0)
757 return r;
758
759 next = le64toh(o->entry_array.next_entry_array_offset);
760 if (next != 0 && next <= a) {
761 error(a, "Array chain has cycle at %"PRIu64" of %"PRIu64" (jumps back from to "OFSfmt")", i, n, next);
762 return -EBADMSG;
763 }
764
765 m = journal_file_entry_array_n_items(o);
766 for (j = 0; i < n && j < m; i++, j++) {
767 uint64_t p;
768
769 p = le64toh(o->entry_array.items[j]);
770 if (p <= last) {
771 error(a, "Entry array not sorted at %"PRIu64" of %"PRIu64, i, n);
772 return -EBADMSG;
773 }
774 last = p;
775
776 if (!contains_uint64(f->mmap, cache_entry_fd, n_entries, p)) {
777 error(a, "Invalid array entry at %"PRIu64" of %"PRIu64, i, n);
778 return -EBADMSG;
779 }
780
781 r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o);
782 if (r < 0)
783 return r;
784
785 r = verify_entry(f, o, p, cache_data_fd, n_data);
786 if (r < 0)
787 return r;
788
789 /* Pointer might have moved, reposition */
790 r = journal_file_move_to_object(f, OBJECT_ENTRY_ARRAY, a, &o);
791 if (r < 0)
792 return r;
793 }
794
795 a = next;
796 }
797
798 return 0;
799 }
800
801 int journal_file_verify(
802 JournalFile *f,
803 const char *key,
804 usec_t *first_contained, usec_t *last_validated, usec_t *last_contained,
805 bool show_progress) {
806 int r;
807 Object *o;
808 uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0;
809
810 uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0;
811 sd_id128_t entry_boot_id;
812 bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false;
813 uint64_t n_weird = 0, n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0;
814 usec_t last_usec = 0;
815 int data_fd = -1, entry_fd = -1, entry_array_fd = -1;
816 MMapFileDescriptor *cache_data_fd = NULL, *cache_entry_fd = NULL, *cache_entry_array_fd = NULL;
817 unsigned i;
818 bool found_last = false;
819 const char *tmp_dir = NULL;
820
821 #if HAVE_GCRYPT
822 uint64_t last_tag = 0;
823 #endif
824 assert(f);
825
826 if (key) {
827 #if HAVE_GCRYPT
828 r = journal_file_parse_verification_key(f, key);
829 if (r < 0) {
830 log_error("Failed to parse seed.");
831 return r;
832 }
833 #else
834 return -EOPNOTSUPP;
835 #endif
836 } else if (f->seal)
837 return -ENOKEY;
838
839 r = var_tmp_dir(&tmp_dir);
840 if (r < 0) {
841 log_error_errno(r, "Failed to determine temporary directory: %m");
842 goto fail;
843 }
844
845 data_fd = open_tmpfile_unlinkable(tmp_dir, O_RDWR | O_CLOEXEC);
846 if (data_fd < 0) {
847 r = log_error_errno(data_fd, "Failed to create data file: %m");
848 goto fail;
849 }
850
851 entry_fd = open_tmpfile_unlinkable(tmp_dir, O_RDWR | O_CLOEXEC);
852 if (entry_fd < 0) {
853 r = log_error_errno(entry_fd, "Failed to create entry file: %m");
854 goto fail;
855 }
856
857 entry_array_fd = open_tmpfile_unlinkable(tmp_dir, O_RDWR | O_CLOEXEC);
858 if (entry_array_fd < 0) {
859 r = log_error_errno(entry_array_fd,
860 "Failed to create entry array file: %m");
861 goto fail;
862 }
863
864 cache_data_fd = mmap_cache_add_fd(f->mmap, data_fd);
865 if (!cache_data_fd) {
866 r = log_oom();
867 goto fail;
868 }
869
870 cache_entry_fd = mmap_cache_add_fd(f->mmap, entry_fd);
871 if (!cache_entry_fd) {
872 r = log_oom();
873 goto fail;
874 }
875
876 cache_entry_array_fd = mmap_cache_add_fd(f->mmap, entry_array_fd);
877 if (!cache_entry_array_fd) {
878 r = log_oom();
879 goto fail;
880 }
881
882 if (le32toh(f->header->compatible_flags) & ~HEADER_COMPATIBLE_SUPPORTED) {
883 log_error("Cannot verify file with unknown extensions.");
884 r = -EOPNOTSUPP;
885 goto fail;
886 }
887
888 for (i = 0; i < sizeof(f->header->reserved); i++)
889 if (f->header->reserved[i] != 0) {
890 error(offsetof(Header, reserved[i]), "Reserved field is non-zero");
891 r = -EBADMSG;
892 goto fail;
893 }
894
895 /* First iteration: we go through all objects, verify the
896 * superficial structure, headers, hashes. */
897
898 p = le64toh(f->header->header_size);
899 for (;;) {
900 /* Early exit if there are no objects in the file, at all */
901 if (le64toh(f->header->tail_object_offset) == 0)
902 break;
903
904 if (show_progress)
905 draw_progress(scale_progress(0x7FFF, p, le64toh(f->header->tail_object_offset)), &last_usec);
906
907 r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o);
908 if (r < 0) {
909 error(p, "Invalid object");
910 goto fail;
911 }
912
913 if (p > le64toh(f->header->tail_object_offset)) {
914 error(offsetof(Header, tail_object_offset), "Invalid tail object pointer");
915 r = -EBADMSG;
916 goto fail;
917 }
918
919 n_objects++;
920
921 r = journal_file_object_verify(f, p, o);
922 if (r < 0) {
923 error_errno(p, r, "Invalid object contents: %m");
924 goto fail;
925 }
926
927 if ((o->object.flags & OBJECT_COMPRESSED_XZ) &&
928 (o->object.flags & OBJECT_COMPRESSED_LZ4)) {
929 error(p, "Objected with double compression");
930 r = -EINVAL;
931 goto fail;
932 }
933
934 if ((o->object.flags & OBJECT_COMPRESSED_XZ) && !JOURNAL_HEADER_COMPRESSED_XZ(f->header)) {
935 error(p, "XZ compressed object in file without XZ compression");
936 r = -EBADMSG;
937 goto fail;
938 }
939
940 if ((o->object.flags & OBJECT_COMPRESSED_LZ4) && !JOURNAL_HEADER_COMPRESSED_LZ4(f->header)) {
941 error(p, "LZ4 compressed object in file without LZ4 compression");
942 r = -EBADMSG;
943 goto fail;
944 }
945
946 switch (o->object.type) {
947
948 case OBJECT_DATA:
949 r = write_uint64(data_fd, p);
950 if (r < 0)
951 goto fail;
952
953 n_data++;
954 break;
955
956 case OBJECT_FIELD:
957 n_fields++;
958 break;
959
960 case OBJECT_ENTRY:
961 if (JOURNAL_HEADER_SEALED(f->header) && n_tags <= 0) {
962 error(p, "First entry before first tag");
963 r = -EBADMSG;
964 goto fail;
965 }
966
967 r = write_uint64(entry_fd, p);
968 if (r < 0)
969 goto fail;
970
971 if (le64toh(o->entry.realtime) < last_tag_realtime) {
972 error(p, "Older entry after newer tag");
973 r = -EBADMSG;
974 goto fail;
975 }
976
977 if (!entry_seqnum_set &&
978 le64toh(o->entry.seqnum) != le64toh(f->header->head_entry_seqnum)) {
979 error(p, "Head entry sequence number incorrect");
980 r = -EBADMSG;
981 goto fail;
982 }
983
984 if (entry_seqnum_set &&
985 entry_seqnum >= le64toh(o->entry.seqnum)) {
986 error(p, "Entry sequence number out of synchronization");
987 r = -EBADMSG;
988 goto fail;
989 }
990
991 entry_seqnum = le64toh(o->entry.seqnum);
992 entry_seqnum_set = true;
993
994 if (entry_monotonic_set &&
995 sd_id128_equal(entry_boot_id, o->entry.boot_id) &&
996 entry_monotonic > le64toh(o->entry.monotonic)) {
997 error(p, "Entry timestamp out of synchronization");
998 r = -EBADMSG;
999 goto fail;
1000 }
1001
1002 entry_monotonic = le64toh(o->entry.monotonic);
1003 entry_boot_id = o->entry.boot_id;
1004 entry_monotonic_set = true;
1005
1006 if (!entry_realtime_set &&
1007 le64toh(o->entry.realtime) != le64toh(f->header->head_entry_realtime)) {
1008 error(p, "Head entry realtime timestamp incorrect");
1009 r = -EBADMSG;
1010 goto fail;
1011 }
1012
1013 entry_realtime = le64toh(o->entry.realtime);
1014 entry_realtime_set = true;
1015
1016 n_entries++;
1017 break;
1018
1019 case OBJECT_DATA_HASH_TABLE:
1020 if (n_data_hash_tables > 1) {
1021 error(p, "More than one data hash table");
1022 r = -EBADMSG;
1023 goto fail;
1024 }
1025
1026 if (le64toh(f->header->data_hash_table_offset) != p + offsetof(HashTableObject, items) ||
1027 le64toh(f->header->data_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) {
1028 error(p, "header fields for data hash table invalid");
1029 r = -EBADMSG;
1030 goto fail;
1031 }
1032
1033 n_data_hash_tables++;
1034 break;
1035
1036 case OBJECT_FIELD_HASH_TABLE:
1037 if (n_field_hash_tables > 1) {
1038 error(p, "More than one field hash table");
1039 r = -EBADMSG;
1040 goto fail;
1041 }
1042
1043 if (le64toh(f->header->field_hash_table_offset) != p + offsetof(HashTableObject, items) ||
1044 le64toh(f->header->field_hash_table_size) != le64toh(o->object.size) - offsetof(HashTableObject, items)) {
1045 error(p, "Header fields for field hash table invalid");
1046 r = -EBADMSG;
1047 goto fail;
1048 }
1049
1050 n_field_hash_tables++;
1051 break;
1052
1053 case OBJECT_ENTRY_ARRAY:
1054 r = write_uint64(entry_array_fd, p);
1055 if (r < 0)
1056 goto fail;
1057
1058 if (p == le64toh(f->header->entry_array_offset)) {
1059 if (found_main_entry_array) {
1060 error(p, "More than one main entry array");
1061 r = -EBADMSG;
1062 goto fail;
1063 }
1064
1065 found_main_entry_array = true;
1066 }
1067
1068 n_entry_arrays++;
1069 break;
1070
1071 case OBJECT_TAG:
1072 if (!JOURNAL_HEADER_SEALED(f->header)) {
1073 error(p, "Tag object in file without sealing");
1074 r = -EBADMSG;
1075 goto fail;
1076 }
1077
1078 if (le64toh(o->tag.seqnum) != n_tags + 1) {
1079 error(p, "Tag sequence number out of synchronization");
1080 r = -EBADMSG;
1081 goto fail;
1082 }
1083
1084 if (le64toh(o->tag.epoch) < last_epoch) {
1085 error(p, "Epoch sequence out of synchronization");
1086 r = -EBADMSG;
1087 goto fail;
1088 }
1089
1090 #if HAVE_GCRYPT
1091 if (f->seal) {
1092 uint64_t q, rt;
1093
1094 debug(p, "Checking tag %"PRIu64"...", le64toh(o->tag.seqnum));
1095
1096 rt = f->fss_start_usec + le64toh(o->tag.epoch) * f->fss_interval_usec;
1097 if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) {
1098 error(p, "tag/entry realtime timestamp out of synchronization");
1099 r = -EBADMSG;
1100 goto fail;
1101 }
1102
1103 /* OK, now we know the epoch. So let's now set
1104 * it, and calculate the HMAC for everything
1105 * since the last tag. */
1106 r = journal_file_fsprg_seek(f, le64toh(o->tag.epoch));
1107 if (r < 0)
1108 goto fail;
1109
1110 r = journal_file_hmac_start(f);
1111 if (r < 0)
1112 goto fail;
1113
1114 if (last_tag == 0) {
1115 r = journal_file_hmac_put_header(f);
1116 if (r < 0)
1117 goto fail;
1118
1119 q = le64toh(f->header->header_size);
1120 } else
1121 q = last_tag;
1122
1123 while (q <= p) {
1124 r = journal_file_move_to_object(f, OBJECT_UNUSED, q, &o);
1125 if (r < 0)
1126 goto fail;
1127
1128 r = journal_file_hmac_put_object(f, OBJECT_UNUSED, o, q);
1129 if (r < 0)
1130 goto fail;
1131
1132 q = q + ALIGN64(le64toh(o->object.size));
1133 }
1134
1135 /* Position might have changed, let's reposition things */
1136 r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &o);
1137 if (r < 0)
1138 goto fail;
1139
1140 if (memcmp(o->tag.tag, gcry_md_read(f->hmac, 0), TAG_LENGTH) != 0) {
1141 error(p, "Tag failed verification");
1142 r = -EBADMSG;
1143 goto fail;
1144 }
1145
1146 f->hmac_running = false;
1147 last_tag_realtime = rt;
1148 last_sealed_realtime = entry_realtime;
1149 }
1150
1151 last_tag = p + ALIGN64(le64toh(o->object.size));
1152 #endif
1153
1154 last_epoch = le64toh(o->tag.epoch);
1155
1156 n_tags++;
1157 break;
1158
1159 default:
1160 n_weird++;
1161 }
1162
1163 if (p == le64toh(f->header->tail_object_offset)) {
1164 found_last = true;
1165 break;
1166 }
1167
1168 p = p + ALIGN64(le64toh(o->object.size));
1169 };
1170
1171 if (!found_last && le64toh(f->header->tail_object_offset) != 0) {
1172 error(le64toh(f->header->tail_object_offset), "Tail object pointer dead");
1173 r = -EBADMSG;
1174 goto fail;
1175 }
1176
1177 if (n_objects != le64toh(f->header->n_objects)) {
1178 error(offsetof(Header, n_objects), "Object number mismatch");
1179 r = -EBADMSG;
1180 goto fail;
1181 }
1182
1183 if (n_entries != le64toh(f->header->n_entries)) {
1184 error(offsetof(Header, n_entries), "Entry number mismatch");
1185 r = -EBADMSG;
1186 goto fail;
1187 }
1188
1189 if (JOURNAL_HEADER_CONTAINS(f->header, n_data) &&
1190 n_data != le64toh(f->header->n_data)) {
1191 error(offsetof(Header, n_data), "Data number mismatch");
1192 r = -EBADMSG;
1193 goto fail;
1194 }
1195
1196 if (JOURNAL_HEADER_CONTAINS(f->header, n_fields) &&
1197 n_fields != le64toh(f->header->n_fields)) {
1198 error(offsetof(Header, n_fields), "Field number mismatch");
1199 r = -EBADMSG;
1200 goto fail;
1201 }
1202
1203 if (JOURNAL_HEADER_CONTAINS(f->header, n_tags) &&
1204 n_tags != le64toh(f->header->n_tags)) {
1205 error(offsetof(Header, n_tags), "Tag number mismatch");
1206 r = -EBADMSG;
1207 goto fail;
1208 }
1209
1210 if (JOURNAL_HEADER_CONTAINS(f->header, n_entry_arrays) &&
1211 n_entry_arrays != le64toh(f->header->n_entry_arrays)) {
1212 error(offsetof(Header, n_entry_arrays), "Entry array number mismatch");
1213 r = -EBADMSG;
1214 goto fail;
1215 }
1216
1217 if (!found_main_entry_array && le64toh(f->header->entry_array_offset) != 0) {
1218 error(0, "Missing entry array");
1219 r = -EBADMSG;
1220 goto fail;
1221 }
1222
1223 if (entry_seqnum_set &&
1224 entry_seqnum != le64toh(f->header->tail_entry_seqnum)) {
1225 error(offsetof(Header, tail_entry_seqnum), "Invalid tail seqnum");
1226 r = -EBADMSG;
1227 goto fail;
1228 }
1229
1230 if (entry_monotonic_set &&
1231 (sd_id128_equal(entry_boot_id, f->header->boot_id) &&
1232 entry_monotonic != le64toh(f->header->tail_entry_monotonic))) {
1233 error(0, "Invalid tail monotonic timestamp");
1234 r = -EBADMSG;
1235 goto fail;
1236 }
1237
1238 if (entry_realtime_set && entry_realtime != le64toh(f->header->tail_entry_realtime)) {
1239 error(0, "Invalid tail realtime timestamp");
1240 r = -EBADMSG;
1241 goto fail;
1242 }
1243
1244 /* Second iteration: we follow all objects referenced from the
1245 * two entry points: the object hash table and the entry
1246 * array. We also check that everything referenced (directly
1247 * or indirectly) in the data hash table also exists in the
1248 * entry array, and vice versa. Note that we do not care for
1249 * unreferenced objects. We only care that everything that is
1250 * referenced is consistent. */
1251
1252 r = verify_entry_array(f,
1253 cache_data_fd, n_data,
1254 cache_entry_fd, n_entries,
1255 cache_entry_array_fd, n_entry_arrays,
1256 &last_usec,
1257 show_progress);
1258 if (r < 0)
1259 goto fail;
1260
1261 r = verify_hash_table(f,
1262 cache_data_fd, n_data,
1263 cache_entry_fd, n_entries,
1264 cache_entry_array_fd, n_entry_arrays,
1265 &last_usec,
1266 show_progress);
1267 if (r < 0)
1268 goto fail;
1269
1270 if (show_progress)
1271 flush_progress();
1272
1273 mmap_cache_free_fd(f->mmap, cache_data_fd);
1274 mmap_cache_free_fd(f->mmap, cache_entry_fd);
1275 mmap_cache_free_fd(f->mmap, cache_entry_array_fd);
1276
1277 safe_close(data_fd);
1278 safe_close(entry_fd);
1279 safe_close(entry_array_fd);
1280
1281 if (first_contained)
1282 *first_contained = le64toh(f->header->head_entry_realtime);
1283 if (last_validated)
1284 *last_validated = last_sealed_realtime;
1285 if (last_contained)
1286 *last_contained = le64toh(f->header->tail_entry_realtime);
1287
1288 return 0;
1289
1290 fail:
1291 if (show_progress)
1292 flush_progress();
1293
1294 log_error("File corruption detected at %s:"OFSfmt" (of %llu bytes, %"PRIu64"%%).",
1295 f->path,
1296 p,
1297 (unsigned long long) f->last_stat.st_size,
1298 100 * p / f->last_stat.st_size);
1299
1300 if (data_fd >= 0)
1301 safe_close(data_fd);
1302
1303 if (entry_fd >= 0)
1304 safe_close(entry_fd);
1305
1306 if (entry_array_fd >= 0)
1307 safe_close(entry_array_fd);
1308
1309 if (cache_data_fd)
1310 mmap_cache_free_fd(f->mmap, cache_data_fd);
1311
1312 if (cache_entry_fd)
1313 mmap_cache_free_fd(f->mmap, cache_entry_fd);
1314
1315 if (cache_entry_array_fd)
1316 mmap_cache_free_fd(f->mmap, cache_entry_array_fd);
1317
1318 return r;
1319 }
Unnamed repository; edit this file 'description' to name the repository.