picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
43611 commits 2 branches 0 tags 166 MiB
Commit graph

113 commits

Author SHA1 Message Date
Yu Watanabe f5947a5e92 tree-wide: drop missing.h 2019-10-31 17:57:03 +09:00
Franck Bui 2a3bebd02a coredump: (void)ify all calls of iovw_put_string_field() where we ignore failure on purpose 
All those calls are dealing with optional metadata.
 2019-07-16 17:41:07 +02:00
Franck Bui f46c706bdd coredump: gather all process metadata in iovecs first and then cache them 
Now we first gather all process metadata and populate the process info cache
with them. In this way, the cache only references metadata recorded in iovecs[]
so there's no need to bother freeing (part of) cached metadata later.

The other advantage is that the coredump handler mode and the service mode are
more similar as the cache is populated in the same way for both cases.

It also renames the array indexes so it becomes clear which metadata are passed
by the kernel and which ones are retrieved from the runtime environment.
 2019-07-16 17:40:35 +02:00
Franck Bui f8540bde72 coredump: use 'input_fd' name for the pipe fd passed by the kernel everywhere 
'input_fd' variable name is used mostly everywhere except in process_socket()
where it's named 'coredump_fd', which is pretty confusing since 'coredump_fd'
is used for the coredump filename in submit_coredump().

So let's use 'input_fd' consistently as name for the pipe fd passed by the
kernel.

No functional changes.
 2019-07-16 17:39:19 +02:00
Lennart Poettering b910cc72c0 tree-wide: get rid of strappend() 
It's a special case of strjoin(), so no need to keep both. In particular
as typing strjoin() is even shoert than strappend().
 2019-07-12 14:31:12 +09:00
Franck Bui 9a43538896 coredump: make use of the iovec-array helpers 
Previous code was allocating an array of iovecs big enough to store all the
fields added later by various functions.

This forced us to calculate the size of the array in advance which is too error
prone if for example one wants to add new fields or simply rework the
code. Various assertions were added to make sure there's no overflow but it's
still more code for no good reasons.

Instead, this patch switches to the new iovec array handling interface so the
array is grown dynamically when needed.

The other contraint was that some iovecs were supposed to be freed whereas some
others were not. This makes the code hard to (re)organize. The new code always
allocates fields so it becomes easier to rework the code.
 2019-06-28 08:24:09 +02:00
Franck Bui 11e6d9714e journal-import: extract helpers for handling arrays of iovec and make them available for others 2019-06-27 19:14:23 +02:00
Franck Bui 554c76b662 coredump: drop 2 useless assertions 2019-06-27 19:01:32 +02:00
Franck Bui 51d3783d87 coredump: slighlty simplify stack trace generation logic 
The main advantage is to avoid the code duplication used to build MESSAGE=
field.

No functional changes.
 2019-06-27 19:01:32 +02:00
Franck Bui 2705fcd63b coredump: fix the check on the number of passed args in backtrace mode 
In backtrace mode, '--backtrace' option should also be counted.
 2019-06-27 19:01:32 +02:00
Franck Bui aaeb25224d coredump: gather_pid_metadata() doesn't return 1 anymore 
Since commit 92e92d71fa, gather_pid_metadata()
returns only 0 or a negative value.
 2019-06-27 19:01:32 +02:00
Franck Bui 30a0554ebd coredump: rename set_iovec_field_free() into set_iovec_string_field_free() 
It's more in line with its counterpart set_iovec_string_field().

Also move the definition to io-util next to set_iovec_string_field().
 2019-06-27 19:01:28 +02:00
Franck Bui 47cf786c0a coredump: rely on /proc exclusively to get the name of the crashing process 
I couldn't see any reason why the kernel could provide COMM to the coredump
handler via the core_pattern command line but could not make it available in
/proc. So let's assume that this info is always available in /proc.

For "backtrace" mode (when --backtrace option is passed), I assumed that the
crashing process still exists at the time systemd-coredump is called.

Also changing the core_pattern line is an API breakage for any users of the
backtrace mode but given that systemd-coredump is installed in
/usr/lib/systemd, it's a private tool which has no internal users. At least no
one complained when the hostname was added to the core_pattern line
(f45b801551)...

Indeed it's much easier to get it from /proc since the kernel substitutes '%e'
specifier with multiple strings if the process name contains spaces (!).
 2019-06-26 11:17:23 +02:00
Franck Bui 57ae8f9936 coredump: fix one memleak in backtrace mode 
Journal importer internal structures need to be freed.
 2019-06-26 11:17:23 +02:00
Franck Bui 274fa94132 coredump: make use of STRINGIFY 2019-06-26 11:17:23 +02:00
Zbigniew Jędrzejewski-Szmek 09c1dceef1 basic/process-util: convert bool arg to flags 
In preparation for the next commit…
 2019-05-22 10:15:49 +02:00
Zbigniew Jędrzejewski-Szmek bc28751ed2 Rework cmdline printing to use unicode 
The functions to retrieve and print process cmdlines were based on the
assumption that they contain printable ASCII, and everything else
should be filtered out. That assumption doesn't hold in today's world,
where people are free to use unicode everywhere.

This replaces the custom cmdline reading code with a more generic approach
using utf8_escape_non_printable_full().
For kernel threads, truncation is done on the parenthesized name, so we'll
get "[worker]", "[worker…]", …, "[w…]", "[…", "…" as we reduce the number of
available columns.

This implementation is most likely slower for very long cmdlines, but I don't
think this is very important. The common case is to have short commandlines,
and should print those properly. Absurdly long cmdlines are the exception,
which needs to be handled correctly and safely, but speed is not too important.

Fixes #12532.

v2:
- use size_t for the number of columns. This change propagates into various
  other functions that call get_process_cmdline(), increasing the size of the
  patch, but the changes are rather trivial.
 2019-05-22 10:08:17 +02:00
Lennart Poettering 0892f3f999
Merge pull request #12420 from mrc0mmand/coccinelle-tweaks 
Coccinelle improvements
 2019-04-30 11:37:19 +02:00
Frantisek Sumsal ed0cb34682 tree-wide: code improvements suggested by Coccinelle 2019-04-30 09:39:07 +02:00
Ben Boeckel 5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Zbigniew Jędrzejewski-Szmek 2fe21124a6 Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
Zbigniew Jędrzejewski-Szmek 6e5dcce4b1 Voidify more mkdir_p calls 2019-03-27 11:53:12 +01:00
Lennart Poettering 0a9707187b util: split out memcmp()/memset() related calls into memory-util.[ch] 
Just some source rearranging.
 2019-03-13 12:16:43 +01:00
Topi Miettinen a1e92eee3e Remove 'inline' attributes from static functions in .c files (#11426) 
Let the compiler perform inlining (see #11397).
 2019-01-15 08:12:28 +01:00
Zbigniew Jędrzejewski-Szmek f0136e0922 coredump: fix message when we fail to save a journald coredump 
If creation of the message failed, we'd write a bogus entry:
systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
systemd-coredump[1400]: Coredump diverted to
 2019-01-09 23:41:53 +01:00
Zbigniew Jędrzejewski-Szmek 084eeb865c journald: do not store the iovec entry for process commandline on stack 
This fixes a crash where we would read the commandline, whose length is under
control of the sending program, and then crash when trying to create a stack
allocation for it.

CVE-2018-16864
https://bugzilla.redhat.com/show_bug.cgi?id=1653855

The message actually doesn't get written to disk, because
journal_file_append_entry() returns -E2BIG.
 2019-01-09 23:41:53 +01:00
Zbigniew Jędrzejewski-Szmek 4f62556d71 coredump: remove duplicate MESSAGE= prefix from message 
systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...

log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
which appends MESSAGE= on its own.
 2019-01-09 23:41:53 +01:00
Chris Down e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen 
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
 2018-12-12 20:47:40 +01:00
Lennart Poettering e4de72876e util-lib: split out all temporary file related calls into tmpfiles-util.c 
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.

No code changes, just some rearranging of source files.
 2018-12-02 13:22:29 +01:00
Zbigniew Jędrzejewski-Szmek baaa35ad70 coccinelle: make use of SYNTHETIC_ERRNO 
Ideally, coccinelle would strip unnecessary braces too. But I do not see any
option in coccinelle for this, so instead, I edited the patch text using
search&replace to remove the braces. Unfortunately this is not fully automatic,
in particular it didn't deal well with if-else-if-else blocks and ifdefs, so
there is an increased likelikehood be some bugs in such spots.

I also removed part of the patch that coccinelle generated for udev, where we
returns -1 for failure. This should be fixed independently.
 2018-11-22 10:54:38 +01:00
Lennart Poettering 6bf3c61c57 log: introduce new helper call log_setup_service() 
Let's reduce the common boilerplate and have a single setup function
used by all service code to setup logging.
 2018-11-20 11:18:22 +01:00
Lennart Poettering 5e332028f2 util-lib: move main() definition macros to its own header file 
This way, we can extend the macro a bit with stuff pulled in from other
headers without this affecting everything which pulls in macro.h, which
is one of our most basic headers.

This is just refactoring, no change in behaviour, in prepartion for
later changes.
 2018-11-19 21:14:34 +01:00
Zbigniew Jędrzejewski-Szmek 4515a95ee0 coredump: define main through macro 2018-11-17 09:13:35 +01:00
Yu Watanabe 25cad95c82 fuzz: decrease DATA_SIZE_MAX 
Fixes oss-fuzz#8658.
 2018-11-12 18:08:48 +09:00
Yu Watanabe 27f931d1cd coredump: update comments 2018-11-12 17:56:20 +09:00
Yu Watanabe 9d77ca39e5 coredump: include error cause in log message 2018-10-20 01:43:13 +09:00
Lennart Poettering 7b26ea6f06 coredump: FOREACH_LINE excorcism 2018-10-18 16:23:45 +02:00
Lennart Poettering fafff8f1ff user-util: rework get_user_creds() 
Let's fold get_user_creds_clean() into get_user_creds(), and introduce a
flags argument for it to select "clean" behaviour. This flags parameter
also learns to other new flags:

- USER_CREDS_SYNTHESIZE_FALLBACK: in this mode the user records for
  root/nobody are only synthesized as fallback. Normally, the synthesized
  records take precedence over what is in the user database.  With this
  flag set this is reversed, and the user database takes precedence, and
  the synthesized records are only used if they are missing there. This
  flag should be set in cases where doing NSS is deemed safe, and where
  there's interest in knowing the correct shell, for example if the
  admin changed root's shell to zsh or suchlike.

- USER_CREDS_ALLOW_MISSING: if set, and a UID/GID is specified by
  numeric value, and there's no user/group record for it accept it
  anyway. This allows us to fix #9767

This then also ports all users to set the most appropriate flags.

Fixes: #9767

[zj: remove one isempty() call]
 2018-08-20 15:58:21 +02:00
Lennart Poettering a6887cc03e tree-wide: drop MSG_NOSIGNAL flag from recvmsg() invocations 
MSG_NOSIGNAL is only defined for sendmsg(), not for recvmsg(), hence
let's drop it's use, in particular as it appears to create problems on
older kernels. See:

https://lists.freedesktop.org/archives/systemd-devel/2018-June/040869.html
 2018-06-20 16:12:55 +02:00
Lennart Poettering 0c69794138 tree-wide: remove Lennart's copyright lines 
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
 2018-06-14 10:20:20 +02:00
Lennart Poettering 818bf54632 tree-wide: drop 'This file is part of systemd' blurb 
This part of the copyright blurb stems from the GPL use recommendations:

https://www.gnu.org/licenses/gpl-howto.en.html

The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.

hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
 2018-06-14 10:20:20 +02:00
Zbigniew Jędrzejewski-Szmek a1230ff972 basic/log: add the log_struct terminator to macro 
This way all callers do not need to specify it.
Exhaustively tested by running test-log under valgrind ;)
 2018-06-04 13:46:03 +02:00
Lennart Poettering d27b725abf tree-wide: make use of memory_startswith() at various places 2018-05-30 13:11:51 +02:00
Zbigniew Jędrzejewski-Szmek ee0449fd7a coredump: properly treat Storage=none as disabled storage 
Also don't attempt to create /var/lib/systemd/coredump if storage
limit is set to 0 and coredump processing is disabled.
 2018-05-17 17:00:11 +02:00
Zbigniew Jędrzejewski-Szmek 11a1589223 tree-wide: drop license boilerplate 
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
 2018-04-06 18:58:55 +02:00
Yu Watanabe 1cc6c93a95 tree-wide: use TAKE_PTR() and TAKE_FD() macros 2018-04-05 14:26:26 +09:00
Lennart Poettering ae2a15bc14 macro: introduce TAKE_PTR() macro 
This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.

This takes inspiration from Rust:

https://doc.rust-lang.org/std/option/enum.Option.html#method.take

and was suggested by Alan Jenkins (@sourcejedi).

It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
 2018-03-22 20:21:42 +01:00
Lennart Poettering 8ac2f74fb6 tree-wide: make use of fsync_directory_of_file() all over the place 
Let's make use this at various places we call fsync(), to make things
fully reliable, as the kernel devs suggest to first fsync() files and
then fsync() the directories they are located in.
 2018-02-20 15:39:31 +01:00
Jakub Filak f45b801551 coredump: accept hostname on command line (#8033) 
This commint adds a new command line parameter to sytemd-coredump. The
parameter should be mappend to core_pattern's placeholder %h - hostname.

The field _HOSTNAME holds the name from the kernel's namespaces which might be
different then the one comming from process' namespaces.

It is true that the real hostname is usually available in the field
COREDUMP_ENVIRON (environment variables) but I believe it is more reliable to
use the value passed by kernel.

----

The length of iovec is no longer static and hence I corrected the declarations
of the functions set_iovec_field and set_iovec_field_free.

Thank you @yuwata and @poettering!
 2018-02-15 12:12:46 +01:00
Lennart Poettering e557b1a655 util: minor tweaks to disable_core_dumps() 
First, let's rename it to disable_coredumps(), as in the rest of our
codebase we spell it "coredump" rather than "core_dump", so let's stick
to that.

However, also log about failures to turn off core dumpling on LOG_DEBUG,
because debug logging is always a good idea.
 2018-01-10 18:44:09 +01:00