348ced9097
Before, journald would remove journal files until both MaxUse= and KeepFree= settings would be satisfied. The first one depends (if set automatically) on the size of the file system and is constant. But the second one depends on current use of the file system, and a spike in disk usage would cause journald to delete journal files, trying to reach usage which would leave 15% of the disk free. This behaviour is surprising for the user who doesn't expect his logs to be purged when disk usage goes above 85%, which on a large disk could be some gigabytes from being full. In addition attempting to keep 15% free provides an attack vector where filling the disk sufficiently disposes of almost all logs. Instead, obey KeepFree= only as a limit on adding additional files. When replacing old files with new, ignore KeepFree=. This means that if journal disk usage reached some high point that at some later point start to violate the KeepFree= constraint, journald will not add files to go above this point, but it will stay (slightly) below it. When journald is restarted, it forgets the previous maximum usage value, and sets the limit based on the current usage, so if disk remains to be filled, journald might use one journal-file-size less on each restart, if restarts happen just after rotation. This seems like a reasonable compromise between implementation complexity and robustness.
224 lines
8 KiB
C
224 lines
8 KiB
C
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
|
|
|
|
#pragma once
|
|
|
|
/***
|
|
This file is part of systemd.
|
|
|
|
Copyright 2011 Lennart Poettering
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
***/
|
|
|
|
#include <inttypes.h>
|
|
|
|
#ifdef HAVE_GCRYPT
|
|
#include <gcrypt.h>
|
|
#endif
|
|
|
|
#include <systemd/sd-id128.h>
|
|
|
|
#include "sparse-endian.h"
|
|
#include "journal-def.h"
|
|
#include "util.h"
|
|
#include "mmap-cache.h"
|
|
#include "hashmap.h"
|
|
|
|
typedef struct JournalMetrics {
|
|
uint64_t max_use;
|
|
uint64_t use;
|
|
uint64_t max_size;
|
|
uint64_t min_size;
|
|
uint64_t keep_free;
|
|
} JournalMetrics;
|
|
|
|
typedef enum direction {
|
|
DIRECTION_UP,
|
|
DIRECTION_DOWN
|
|
} direction_t;
|
|
|
|
typedef struct JournalFile {
|
|
int fd;
|
|
|
|
mode_t mode;
|
|
|
|
int flags;
|
|
int prot;
|
|
bool writable:1;
|
|
bool compress:1;
|
|
bool seal:1;
|
|
|
|
bool tail_entry_monotonic_valid:1;
|
|
|
|
direction_t last_direction;
|
|
|
|
char *path;
|
|
struct stat last_stat;
|
|
|
|
Header *header;
|
|
HashItem *data_hash_table;
|
|
HashItem *field_hash_table;
|
|
|
|
uint64_t current_offset;
|
|
|
|
JournalMetrics metrics;
|
|
MMapCache *mmap;
|
|
|
|
Hashmap *chain_cache;
|
|
|
|
#ifdef HAVE_XZ
|
|
void *compress_buffer;
|
|
uint64_t compress_buffer_size;
|
|
#endif
|
|
|
|
#ifdef HAVE_GCRYPT
|
|
gcry_md_hd_t hmac;
|
|
bool hmac_running;
|
|
|
|
FSSHeader *fss_file;
|
|
size_t fss_file_size;
|
|
|
|
uint64_t fss_start_usec;
|
|
uint64_t fss_interval_usec;
|
|
|
|
void *fsprg_state;
|
|
size_t fsprg_state_size;
|
|
|
|
void *fsprg_seed;
|
|
size_t fsprg_seed_size;
|
|
#endif
|
|
} JournalFile;
|
|
|
|
int journal_file_open(
|
|
const char *fname,
|
|
int flags,
|
|
mode_t mode,
|
|
bool compress,
|
|
bool seal,
|
|
JournalMetrics *metrics,
|
|
MMapCache *mmap_cache,
|
|
JournalFile *template,
|
|
JournalFile **ret);
|
|
|
|
int journal_file_set_offline(JournalFile *f);
|
|
void journal_file_close(JournalFile *j);
|
|
|
|
int journal_file_open_reliably(
|
|
const char *fname,
|
|
int flags,
|
|
mode_t mode,
|
|
bool compress,
|
|
bool seal,
|
|
JournalMetrics *metrics,
|
|
MMapCache *mmap_cache,
|
|
JournalFile *template,
|
|
JournalFile **ret);
|
|
|
|
#define ALIGN64(x) (((x) + 7ULL) & ~7ULL)
|
|
#define VALID64(x) (((x) & 7ULL) == 0ULL)
|
|
|
|
/* Use six characters to cover the offsets common in smallish journal
|
|
* files without adding too many zeros. */
|
|
#define OFSfmt "%06"PRIx64
|
|
|
|
static inline bool VALID_REALTIME(uint64_t u) {
|
|
/* This considers timestamps until the year 3112 valid. That should be plenty room... */
|
|
return u > 0 && u < (1ULL << 55);
|
|
}
|
|
|
|
static inline bool VALID_MONOTONIC(uint64_t u) {
|
|
/* This considers timestamps until 1142 years of runtime valid. */
|
|
return u < (1ULL << 55);
|
|
}
|
|
|
|
static inline bool VALID_EPOCH(uint64_t u) {
|
|
/* This allows changing the key for 1142 years, every usec. */
|
|
return u < (1ULL << 55);
|
|
}
|
|
|
|
#define JOURNAL_HEADER_CONTAINS(h, field) \
|
|
(le64toh((h)->header_size) >= offsetof(Header, field) + sizeof((h)->field))
|
|
|
|
#define JOURNAL_HEADER_SEALED(h) \
|
|
(!!(le32toh((h)->compatible_flags) & HEADER_COMPATIBLE_SEALED))
|
|
|
|
#define JOURNAL_HEADER_COMPRESSED(h) \
|
|
(!!(le32toh((h)->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED))
|
|
|
|
int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Object **ret);
|
|
|
|
uint64_t journal_file_entry_n_items(Object *o) _pure_;
|
|
uint64_t journal_file_entry_array_n_items(Object *o) _pure_;
|
|
uint64_t journal_file_hash_table_n_items(Object *o) _pure_;
|
|
|
|
int journal_file_append_object(JournalFile *f, int type, uint64_t size, Object **ret, uint64_t *offset);
|
|
int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const struct iovec iovec[], unsigned n_iovec, uint64_t *seqno, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_find_data_object(JournalFile *f, const void *data, uint64_t size, Object **ret, uint64_t *offset);
|
|
int journal_file_find_data_object_with_hash(JournalFile *f, const void *data, uint64_t size, uint64_t hash, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_find_field_object(JournalFile *f, const void *field, uint64_t size, Object **ret, uint64_t *offset);
|
|
int journal_file_find_field_object_with_hash(JournalFile *f, const void *field, uint64_t size, uint64_t hash, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_next_entry(JournalFile *f, Object *o, uint64_t p, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_skip_entry(JournalFile *f, Object *o, uint64_t p, int64_t skip, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_next_entry_for_data(JournalFile *f, Object *o, uint64_t p, uint64_t data_offset, direction_t direction, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_move_to_entry_by_offset(JournalFile *f, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_move_to_entry_by_seqnum(JournalFile *f, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_move_to_entry_by_realtime(JournalFile *f, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_move_to_entry_by_monotonic(JournalFile *f, sd_id128_t boot_id, uint64_t monotonic, direction_t direction, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_move_to_entry_by_offset_for_data(JournalFile *f, uint64_t data_offset, uint64_t p, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_move_to_entry_by_seqnum_for_data(JournalFile *f, uint64_t data_offset, uint64_t seqnum, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_move_to_entry_by_realtime_for_data(JournalFile *f, uint64_t data_offset, uint64_t realtime, direction_t direction, Object **ret, uint64_t *offset);
|
|
int journal_file_move_to_entry_by_monotonic_for_data(JournalFile *f, uint64_t data_offset, sd_id128_t boot_id, uint64_t monotonic, direction_t direction, Object **ret, uint64_t *offset);
|
|
|
|
int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p, uint64_t *seqnum, Object **ret, uint64_t *offset);
|
|
|
|
void journal_file_dump(JournalFile *f);
|
|
void journal_file_print_header(JournalFile *f);
|
|
|
|
int journal_file_rotate(JournalFile **f, bool compress, bool seal);
|
|
|
|
void journal_file_post_change(JournalFile *f);
|
|
|
|
void journal_default_metrics(JournalMetrics *m, int fd);
|
|
|
|
int journal_file_get_cutoff_realtime_usec(JournalFile *f, usec_t *from, usec_t *to);
|
|
int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot, usec_t *from, usec_t *to);
|
|
|
|
bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec);
|
|
|
|
|
|
static unsigned type_to_context(int type) {
|
|
/* One context for each type, plus one catch-all for the rest */
|
|
return type > 0 && type < _OBJECT_TYPE_MAX ? type : 0;
|
|
}
|
|
|
|
static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) {
|
|
unsigned context = type_to_context(o->object.type);
|
|
|
|
return mmap_cache_get(f->mmap, f->fd, f->prot, context, true,
|
|
offset, o->object.size, &f->last_stat, NULL);
|
|
}
|
|
|
|
static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) {
|
|
unsigned context = type_to_context(o->object.type);
|
|
|
|
return mmap_cache_release(f->mmap, f->fd, f->prot, context,
|
|
offset, o->object.size);
|
|
}
|