Compare commits

..

4 Commits

Author SHA1 Message Date
Luca Boccassi 165c23c6b2 NEWS: list more recent changes 2021-06-08 21:23:26 +01:00
Zbigniew Jędrzejewski-Szmek 7ff9d99e9e test-libcrypt-util: print out default for password settings, run make_salt() a few times
Inspired by
https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow.
2021-06-08 21:41:17 +02:00
Zbigniew Jędrzejewski-Szmek a77f9dfbae resolved: fix strange function recursion
In dns_server_unlink_marked() and dns_server_mark_all() we done recursively.
People might have dozens of servers defined, and it's better to avoid recursion
when a simple loop suffices.

dns_server_unlink_marked() would only unmark the first marked server.

Fixes #19651.
2021-06-08 21:40:54 +02:00
Vito Caputo 592d419ce6 journal-file: truncate archived journals
Journal files have space allocated in 8MiB-aligned increments.

This can add up to substantial wasted space as many archived journals
accumulate without using all the allocated space.

This commit introduces truncating to the offset a subsequent append
would get written at when archiving.

Fixes https://github.com/systemd/systemd/issues/17613
2021-06-08 21:36:47 +02:00
5 changed files with 136 additions and 41 deletions

34
NEWS
View File

@ -84,7 +84,8 @@ CHANGES WITH 249 in spe:
* portablectl gained a new switch --extension= for enabling portable
service images with extensions that follow the extension image
concept introduced with v248.
concept introduced with v248, and thus allows layering multiple
images when setting up the root filesystem of the service.
* systemd-coredump will now extract ELF build-id information from
processes dumping core and include it in the coredump report.
@ -416,6 +417,37 @@ CHANGES WITH 249 in spe:
https://systemd.io/ARCHITECTURE
* Units using ConditionNeedsUpdate= will no longer be activated in
the initrd.
* It is now possible to list a template unit in WantedBy= or RequiredBy=
of another template unit, which will be triggered using the same
instance name.
* A new MemoryAvailable property is available for units. If the unit,
or the slice(s) it is part of, have a memory limit set via MemoryMax=/
MemoryHigh=, MemoryAvailable will indicate how much more memory the
unit can claim before hitting the limit(s).
* systemd-coredump will now try to stay below the cgroup memory limit
placed on itself or one of the slices it runs under, if the storage
area for core files (/var/lib/systemd/coredump/) is placed on a tmpfs,
since files written on such filesystems count toward the cgroup memory
limit. If there is not enough available memory in such cases to store
the core file uncompressed, systemd-coredump will skip to compressed
storage directly (if enabled) and it will avoid analyzing the core file
to print backtrace and metadata in the journal.
* tmpfiles.d gained a new '=' modifier to check if the type of a path
matches the configured expectations, and remove it if not.
* tmpfiles.d's 'Age' now accepts an 'age-by' argument, which allows to
specify which of the several available filesystem timestamp to look
at when deciding whether a path has aged enough to be cleaned.
* Journal files, which are allocated in fixed incremenets, are now
truncated when rotated/archived to remove unused space from their tails.
* …
Contributions from: …

View File

@ -89,6 +89,41 @@
# pragma GCC diagnostic ignored "-Waddress-of-packed-member"
#endif
static int journal_file_tail_end(JournalFile *f, uint64_t *ret_offset) {
Object *tail;
uint64_t p;
int r;
assert(f);
assert(f->header);
assert(ret_offset);
p = le64toh(f->header->tail_object_offset);
if (p == 0)
p = le64toh(f->header->header_size);
else {
uint64_t sz;
r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &tail);
if (r < 0)
return r;
sz = le64toh(READ_NOW(tail->object.size));
if (sz > UINT64_MAX - sizeof(uint64_t) + 1)
return -EBADMSG;
sz = ALIGN64(sz);
if (p > UINT64_MAX - sz)
return -EBADMSG;
p += sz;
}
*ret_offset = p;
return 0;
}
/* This may be called from a separate thread to prevent blocking the caller for the duration of fsync().
* As a result we use atomic operations on f->offline_state for inter-thread communications with
* journal_file_set_offline() and journal_file_set_online(). */
@ -122,6 +157,25 @@ static void journal_file_set_offline_internal(JournalFile *f) {
f->header->state = f->archive ? STATE_ARCHIVED : STATE_OFFLINE;
(void) fsync(f->fd);
if (f->archive) {
uint64_t p;
int r;
/* truncate excess from the end of archives */
r = journal_file_tail_end(f, &p);
if (r < 0)
log_debug_errno(r, "Failed to determine end of tail object, ignoring: %m");
else {
/* arena_size can't exceed the file size, ensure it's updated before truncating */
f->header->arena_size = htole64(p - le64toh(f->header->header_size));
(void) fsync(f->fd);
if (ftruncate(f->fd, p) < 0)
log_debug_errno(errno, "Failed to truncate archive at end of tail object, ignoring: %m");
}
}
break;
case OFFLINE_OFFLINING:
@ -1054,7 +1108,7 @@ int journal_file_append_object(
int r;
uint64_t p;
Object *tail, *o;
Object *o;
void *t;
assert(f);
@ -1066,27 +1120,10 @@ int journal_file_append_object(
if (r < 0)
return r;
p = le64toh(f->header->tail_object_offset);
if (p == 0)
p = le64toh(f->header->header_size);
else {
uint64_t sz;
r = journal_file_move_to_object(f, OBJECT_UNUSED, p, &tail);
r = journal_file_tail_end(f, &p);
if (r < 0)
return r;
sz = le64toh(READ_NOW(tail->object.size));
if (sz > UINT64_MAX - sizeof(uint64_t) + 1)
return -EBADMSG;
sz = ALIGN64(sz);
if (p > UINT64_MAX - sz)
return -EBADMSG;
p += sz;
}
r = journal_file_allocate(f, p, size);
if (r < 0)
return r;

View File

@ -805,30 +805,30 @@ void dns_server_unlink_all(DnsServer *first) {
dns_server_unlink_all(next);
}
bool dns_server_unlink_marked(DnsServer *first) {
bool dns_server_unlink_marked(DnsServer *server) {
bool changed = false;
while (server) {
DnsServer *next;
bool changed;
if (!first)
return false;
next = server->servers_next;
next = first->servers_next;
if (first->marked) {
if (server->marked) {
dns_server_unlink(server);
changed = true;
dns_server_unlink(first);
} else
changed = false;
return changed || dns_server_unlink_marked(next);
}
void dns_server_mark_all(DnsServer *first) {
if (!first)
return;
server = next;
}
first->marked = true;
dns_server_mark_all(first->servers_next);
return changed;
}
void dns_server_mark_all(DnsServer *server) {
while (server) {
server->marked = true;
server = server->servers_next;
}
}
DnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr, uint16_t port, int ifindex, const char *name) {

View File

@ -224,7 +224,7 @@ tests += [
[['src/test/test-os-util.c']],
[['src/test/test-libcrypt-util.c'],
[], [], [], '', 'timeout=120'],
[], [libcrypt], [], '', 'timeout=120'],
[['src/test/test-escape.c']],

View File

@ -10,6 +10,29 @@
#include "tests.h"
#include "libcrypt-util.h"
static void test_crypt_preferred_method(void) {
log_info("/* %s */", __func__);
log_info("crypt_preferred_method: %s",
#if HAVE_CRYPT_PREFERRED_METHOD
crypt_preferred_method()
#else
"(not available)"
#endif
);
}
static void test_make_salt(void) {
log_info("/* %s */", __func__);
for (int i = 0; i < 10; i++) {
_cleanup_free_ char *t;
assert_se(make_salt(&t) == 0);
log_info("%s", t);
}
}
static int test_hash_password(void) {
log_info("/* %s */", __func__);
@ -93,6 +116,9 @@ int main(int argc, char *argv[]) {
return log_tests_skipped("crypt_r() causes a buffer overflow on ppc64el, see https://github.com/systemd/systemd/pull/16981#issuecomment-691203787");
#endif
test_crypt_preferred_method();
test_make_salt();
if (!test_hash_password())
return log_tests_skipped("crypt doesn't support yescrypt or sha512crypt");