forked from pool/systemd
- Added patches to fix journal with FSS protection enabled (bsc#1000435)
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch 0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch 0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=952
This commit is contained in:
parent
81b3fbf7c4
commit
35fc3cae4d
@ -0,0 +1,54 @@
|
||||
From 6dac79e09ec1b45f05b3e9a5f1f445859b6eefd2 Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Fri, 23 Sep 2016 13:33:01 +0200
|
||||
Subject: [PATCH 1/1] journal: fix HMAC calculation when appending a data
|
||||
object
|
||||
|
||||
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
|
||||
calculation of the HMAC is broken because the hash for a data object
|
||||
including a field is done in the wrong order: the field object is
|
||||
hashed before the data object is.
|
||||
|
||||
However during verification, the hash is done in the opposite order as
|
||||
objects are scanned sequentially.
|
||||
|
||||
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
|
||||
|
||||
[fbui: fixes bsc#1000435]
|
||||
---
|
||||
src/journal/journal-file.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
||||
index a9882cf..a24d97d 100644
|
||||
--- a/src/journal/journal-file.c
|
||||
+++ b/src/journal/journal-file.c
|
||||
@@ -1111,6 +1111,12 @@ static int journal_file_append_data(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
+#ifdef HAVE_GCRYPT
|
||||
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+#endif
|
||||
+
|
||||
/* The linking might have altered the window, so let's
|
||||
* refresh our pointer */
|
||||
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
|
||||
@@ -1135,12 +1141,6 @@ static int journal_file_append_data(
|
||||
fo->field.head_data_offset = le64toh(p);
|
||||
}
|
||||
|
||||
-#ifdef HAVE_GCRYPT
|
||||
- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
-#endif
|
||||
-
|
||||
if (ret)
|
||||
*ret = o;
|
||||
|
||||
--
|
||||
2.10.0
|
||||
|
@ -0,0 +1,93 @@
|
||||
From 0d0bad044f8f19c472acb69d10861a66d3d267b6 Mon Sep 17 00:00:00 2001
|
||||
From: Vito Caputo <vcaputo@gnugeneration.com>
|
||||
Date: Tue, 26 Apr 2016 23:29:43 -0700
|
||||
Subject: [PATCH 1/1] journal: set STATE_ARCHIVED as part of offlining (#2740)
|
||||
|
||||
The only code path which makes a journal durable is via
|
||||
journal_file_set_offline().
|
||||
|
||||
When we perform a rotate the journal's header->state is being set to
|
||||
STATE_ARCHIVED prior to journal_file_set_offline() being called.
|
||||
|
||||
In journal_file_set_offline(), we short-circuit the entire offline when
|
||||
f->header->state != STATE_ONLINE.
|
||||
|
||||
This all results in none of the journal_file_set_offline() fsync() calls
|
||||
being reached when rotate archives a journal, so archived journals are
|
||||
never explicitly made durable.
|
||||
|
||||
What we do now is instead of setting the f->header->state to
|
||||
STATE_ARCHIVED directly in journal_file_rotate() prior to
|
||||
journal_file_close(), we set an archive flag in f->archive for the
|
||||
journal_file_set_offline() machinery to honor by committing
|
||||
STATE_ARCHIVED instead of STATE_OFFLINE when set.
|
||||
|
||||
Prior to this, rotated journals were never getting fsync() explicitly
|
||||
performed on them, since journal_file_set_offline() short-circuited.
|
||||
Obviously this is undesirable, and depends entirely on the underlying
|
||||
filesystem as to how much durability was achieved when simply closing
|
||||
the file.
|
||||
|
||||
Note that this problem existed prior to the recent asynchronous fsync
|
||||
changes, but those changes do facilitate our performing this durable
|
||||
offline on rotate without blocking, regardless of the underlying
|
||||
filesystem sync-on-close semantics.
|
||||
|
||||
(cherry picked from commit 8eb851711fd166024297c425e9261200c36f489d)
|
||||
|
||||
[fbui: context adjustment: the asynchronous journal_file_set_offline()
|
||||
thingie doesn't exist in v228]
|
||||
|
||||
[fbui: this also fixes the case when we wanted to append a tag (for
|
||||
FSS verification) when closing the journal. Before this patch,
|
||||
journal_file_append_tag() failed (silently) because re-opening
|
||||
the journal to write the tag was not possible since it was
|
||||
already in "archived" mode.]
|
||||
---
|
||||
src/journal/journal-file.c | 10 ++++++++--
|
||||
src/journal/journal-file.h | 1 +
|
||||
2 files changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
||||
index f9ff954..e7eecad 100644
|
||||
--- a/src/journal/journal-file.c
|
||||
+++ b/src/journal/journal-file.c
|
||||
@@ -130,7 +130,7 @@ int journal_file_set_offline(JournalFile *f) {
|
||||
if (mmap_cache_got_sigbus(f->mmap, f->fd))
|
||||
return -EIO;
|
||||
|
||||
- f->header->state = STATE_OFFLINE;
|
||||
+ f->header->state = f->archive ? STATE_ARCHIVED : STATE_OFFLINE;
|
||||
|
||||
if (mmap_cache_got_sigbus(f->mmap, f->fd))
|
||||
return -EIO;
|
||||
@@ -2813,7 +2813,13 @@ int journal_file_rotate(JournalFile **f, bool compress, bool seal) {
|
||||
if (r < 0 && errno != ENOENT)
|
||||
return -errno;
|
||||
|
||||
- old_file->header->state = STATE_ARCHIVED;
|
||||
+ /* Set as archive so offlining commits w/state=STATE_ARCHIVED.
|
||||
+ * Previously we would set old_file->header->state to STATE_ARCHIVED directly here,
|
||||
+ * but journal_file_set_offline() short-circuits when state != STATE_ONLINE, which
|
||||
+ * would result in the rotated journal never getting fsync() called before closing.
|
||||
+ * Now we simply queue the archive state by setting an archive bit, leaving the state
|
||||
+ * as STATE_ONLINE so proper offlining occurs. */
|
||||
+ old_file->archive = true;
|
||||
|
||||
/* Currently, btrfs is not very good with out write patterns
|
||||
* and fragments heavily. Let's defrag our journal files when
|
||||
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
|
||||
index 898d12d..436e5ff 100644
|
||||
--- a/src/journal/journal-file.h
|
||||
+++ b/src/journal/journal-file.h
|
||||
@@ -76,6 +76,7 @@ typedef struct JournalFile {
|
||||
bool compress_lz4:1;
|
||||
bool seal:1;
|
||||
bool defrag_on_close:1;
|
||||
+ bool archive:1;
|
||||
|
||||
bool tail_entry_monotonic_valid:1;
|
||||
|
||||
--
|
||||
2.10.0
|
||||
|
@ -0,0 +1,36 @@
|
||||
From 9f47fe6b6a9aad001e99f1fdea78a0c54ce8ae55 Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Fri, 23 Sep 2016 12:12:13 +0200
|
||||
Subject: [PATCH 1/1] journal: warn when we fail to append a tag to a journal
|
||||
|
||||
We shouldn't silently fail when appending the tag to a journal file
|
||||
since FSS protection will simply be disabled in this case.
|
||||
|
||||
(cherry picked from commit 43cd8794839548a6f332875e8bee8bed2652bf2c)
|
||||
---
|
||||
src/journal/journal-file.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
||||
index e7eecad..a9882cf 100644
|
||||
--- a/src/journal/journal-file.c
|
||||
+++ b/src/journal/journal-file.c
|
||||
@@ -145,8 +145,13 @@ JournalFile* journal_file_close(JournalFile *f) {
|
||||
|
||||
#ifdef HAVE_GCRYPT
|
||||
/* Write the final tag */
|
||||
- if (f->seal && f->writable)
|
||||
- journal_file_append_tag(f);
|
||||
+ if (f->seal && f->writable) {
|
||||
+ int r;
|
||||
+
|
||||
+ r = journal_file_append_tag(f);
|
||||
+ if (r < 0)
|
||||
+ log_error_errno(r, "Failed to append tag when closing journal: %m");
|
||||
+ }
|
||||
#endif
|
||||
|
||||
journal_file_set_offline(f);
|
||||
--
|
||||
2.10.0
|
||||
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 26 09:09:27 UTC 2016 - fbui@suse.com
|
||||
|
||||
- Added patches to fix journal with FSS protection enabled (bsc#1000435)
|
||||
|
||||
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
|
||||
0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
|
||||
0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 21 11:54:39 UTC 2016 - fbui@suse.com
|
||||
|
||||
|
@ -265,6 +265,9 @@ Patch529: 0001-systemctl-pid1-do-not-warn-about-missing-install-inf.patch
|
||||
Patch530: systemd-230-cgroup2-use-new-fstype-for-unified-hierarchy.patch
|
||||
# PATCH-FIX-UPSTREAM -- fixed after 231
|
||||
Patch531: 0001-rules-block-add-support-for-pmem-devices-3683.patch
|
||||
Patch532: 0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
|
||||
Patch533: 0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
|
||||
Patch534: 0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
|
||||
|
||||
# UDEV PATCHES
|
||||
# ============
|
||||
@ -611,6 +614,9 @@ cp %{SOURCE7} m4/
|
||||
%patch529 -p1
|
||||
%patch530 -p1
|
||||
%patch531 -p1
|
||||
%patch532 -p1
|
||||
%patch533 -p1
|
||||
%patch534 -p1
|
||||
|
||||
# udev patches
|
||||
%patch1002 -p1
|
||||
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 26 09:09:27 UTC 2016 - fbui@suse.com
|
||||
|
||||
- Added patches to fix journal with FSS protection enabled (bsc#1000435)
|
||||
|
||||
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
|
||||
0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
|
||||
0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 21 11:54:39 UTC 2016 - fbui@suse.com
|
||||
|
||||
|
@ -260,6 +260,9 @@ Patch529: 0001-systemctl-pid1-do-not-warn-about-missing-install-inf.patch
|
||||
Patch530: systemd-230-cgroup2-use-new-fstype-for-unified-hierarchy.patch
|
||||
# PATCH-FIX-UPSTREAM -- fixed after 231
|
||||
Patch531: 0001-rules-block-add-support-for-pmem-devices-3683.patch
|
||||
Patch532: 0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
|
||||
Patch533: 0001-journal-warn-when-we-fail-to-append-a-tag-to-a-journ.patch
|
||||
Patch534: 0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
|
||||
|
||||
# UDEV PATCHES
|
||||
# ============
|
||||
@ -606,6 +609,9 @@ cp %{SOURCE7} m4/
|
||||
%patch529 -p1
|
||||
%patch530 -p1
|
||||
%patch531 -p1
|
||||
%patch532 -p1
|
||||
%patch533 -p1
|
||||
%patch534 -p1
|
||||
|
||||
# udev patches
|
||||
%patch1002 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user