[systemd-commits] 7 commits - src/journal src/shared src/test
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Jan 28 04:50:37 PST 2014
src/journal/coredumpctl.c | 2
src/journal/journalctl.c | 2
src/journal/test-catalog.c | 9 +-
src/journal/test-mmap-cache.c | 7 +
src/shared/ask-password-api.c | 5 -
src/shared/missing.h | 16 ++++
src/shared/util.c | 161 ++++++++++++++++++++----------------------
src/shared/util.h | 1
src/test/test-fileio.c | 10 +-
src/test/test-tmpfiles.c | 4 -
src/test/test-unit-file.c | 18 +++-
src/test/test-util.c | 8 +-
12 files changed, 134 insertions(+), 109 deletions(-)
New commits:
commit 2d5bdf5bc0e4714d42e5999a4e37553a6bf83575
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:47:35 2014 +0100
always use the same code for creating temporary files
Let's unify our code here, and also always specifiy O_CLOEXEC.
diff --git a/src/journal/coredumpctl.c b/src/journal/coredumpctl.c
index e564ab6..3bceb48 100644
--- a/src/journal/coredumpctl.c
+++ b/src/journal/coredumpctl.c
@@ -472,7 +472,7 @@ static int run_gdb(sd_journal *j) {
data = (const uint8_t*) data + 9;
len -= 9;
- fd = mkostemp(path, O_WRONLY);
+ fd = mkostemp_safe(path, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
log_error("Failed to create temporary file: %m");
return -errno;
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 2d99ade..482795b 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1286,7 +1286,7 @@ static int setup_keys(void) {
n /= arg_interval;
close_nointr_nofail(fd);
- fd = mkostemp(k, O_WRONLY|O_CLOEXEC|O_NOCTTY);
+ fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
log_error("Failed to open %s: %m", k);
r = -errno;
diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c
index ffe1802..b087a8b 100644
--- a/src/journal/test-catalog.c
+++ b/src/journal/test-catalog.c
@@ -24,6 +24,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
+#include <fcntl.h>
#include "util.h"
#include "log.h"
@@ -45,7 +46,9 @@ static void test_import(Hashmap *h, struct strbuf *sb,
const char* contents, ssize_t size, int code) {
int r;
char name[] = "/tmp/test-catalog.XXXXXX";
- _cleanup_close_ int fd = mkstemp(name);
+ _cleanup_close_ int fd;
+
+ fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(write(fd, contents, size) == size);
@@ -98,10 +101,10 @@ static void test_catalog_importing(void) {
static const char* database = NULL;
static void test_catalog_update(void) {
+ static char name[] = "/tmp/test-catalog.XXXXXX";
int r;
- static char name[] = "/tmp/test-catalog.XXXXXX";
- r = mkstemp(name);
+ r = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
assert(r >= 0);
database = name;
diff --git a/src/journal/test-mmap-cache.c b/src/journal/test-mmap-cache.c
index e2ffaf4..7d03bfe 100644
--- a/src/journal/test-mmap-cache.c
+++ b/src/journal/test-mmap-cache.c
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <sys/mman.h>
#include <unistd.h>
+#include <fcntl.h>
#include "log.h"
#include "macro.h"
@@ -36,15 +37,15 @@ int main(int argc, char *argv[]) {
assert_se(m = mmap_cache_new());
- x = mkstemp(px);
+ x = mkostemp_safe(px, O_RDWR|O_CLOEXEC);
assert(x >= 0);
unlink(px);
- y = mkstemp(py);
+ y = mkostemp_safe(py, O_RDWR|O_CLOEXEC);
assert(y >= 0);
unlink(py);
- z = mkstemp(pz);
+ z = mkostemp_safe(pz, O_RDWR|O_CLOEXEC);
assert(z >= 0);
unlink(pz);
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index c9c82b2..a328f14 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -325,10 +325,7 @@ int ask_password_agent(
mkdir_p_label("/run/systemd/ask-password", 0755);
- RUN_WITH_UMASK(0022) {
- fd = mkostemp(temp, O_CLOEXEC|O_CREAT|O_WRONLY);
- }
-
+ fd = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
log_error("Failed to create password file: %m");
r = -errno;
diff --git a/src/shared/util.c b/src/shared/util.c
index f9cbb20..2b91ef8 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3893,7 +3893,7 @@ int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
t[k] = '.';
stpcpy(stpcpy(t+k+1, fn), "XXXXXX");
- fd = mkostemp(t, O_WRONLY|O_CLOEXEC);
+ fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
if (fd < 0) {
free(t);
return -errno;
@@ -6115,11 +6115,15 @@ int mkostemp_safe(char *pattern, int flags) {
unsigned long tries = TMP_MAX;
char *s;
int r;
+ _cleanup_umask_ mode_t u;
assert(pattern);
+ u = umask(077);
+
/* This is much like like mkostemp() but avoids using any
- * static variables, thus is async signal safe */
+ * static variables, thus is async signal safe. Also, it's not
+ * subject to umask(). */
s = endswith(pattern, "XXXXXX");
if (!s)
diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c
index eb4fbc9..47a0907 100644
--- a/src/test/test-fileio.c
+++ b/src/test/test-fileio.c
@@ -41,11 +41,11 @@ static void test_parse_env_file(void) {
char **i;
unsigned k;
- fd = mkstemp(p);
+ fd = mkostemp_safe(p, O_RDWR|O_CLOEXEC);
assert_se(fd >= 0);
close(fd);
- fd = mkostemp(t, O_CLOEXEC);
+ fd = mkostemp_safe(t, O_RDWR|O_CLOEXEC);
assert_se(fd >= 0);
f = fdopen(fd, "w");
@@ -154,11 +154,11 @@ static void test_parse_multiline_env_file(void) {
_cleanup_strv_free_ char **a = NULL, **b = NULL;
char **i;
- fd = mkstemp(p);
+ fd = mkostemp_safe(p, O_RDWR|O_CLOEXEC);
assert_se(fd >= 0);
close(fd);
- fd = mkostemp(t, O_CLOEXEC);
+ fd = mkostemp_safe(t, O_RDWR|O_CLOEXEC);
assert_se(fd >= 0);
f = fdopen(fd, "w");
@@ -207,7 +207,7 @@ static void test_executable_is_script(void) {
FILE *f;
char *command;
- fd = mkostemp(t, O_CLOEXEC);
+ fd = mkostemp_safe(t, O_RDWR|O_CLOEXEC);
assert_se(fd >= 0);
f = fdopen(fd, "w");
diff --git a/src/test/test-tmpfiles.c b/src/test/test-tmpfiles.c
index f25a0dc..565f0f8 100644
--- a/src/test/test-tmpfiles.c
+++ b/src/test/test-tmpfiles.c
@@ -34,13 +34,13 @@ int main(int argc, char** argv) {
_cleanup_close_ int fd, fd2;
_cleanup_free_ char *cmd, *cmd2;
- fd = open_tmpfile(p, O_RDWR);
+ fd = open_tmpfile(p, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(asprintf(&cmd, "ls -l /proc/"PID_FMT"/fd/%d", getpid(), fd) > 0);
system(cmd);
- fd2 = mkostemp_safe(pattern, O_RDWR);
+ fd2 = mkostemp_safe(pattern, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(unlink(pattern) == 0);
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index 1b4133b..a8d5b65 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -25,6 +25,7 @@
#include <stddef.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include "install.h"
#include "install-printf.h"
@@ -221,7 +222,9 @@ static void test_load_env_file_1(void) {
int r;
char name[] = "/tmp/test-load-env-file.XXXXXX";
- _cleanup_close_ int fd = mkstemp(name);
+ _cleanup_close_ int fd;
+
+ fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(write(fd, env_file_1, sizeof(env_file_1)) == sizeof(env_file_1));
@@ -242,7 +245,9 @@ static void test_load_env_file_2(void) {
int r;
char name[] = "/tmp/test-load-env-file.XXXXXX";
- _cleanup_close_ int fd = mkstemp(name);
+ _cleanup_close_ int fd;
+
+ fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(write(fd, env_file_2, sizeof(env_file_2)) == sizeof(env_file_2));
@@ -258,7 +263,9 @@ static void test_load_env_file_3(void) {
int r;
char name[] = "/tmp/test-load-env-file.XXXXXX";
- _cleanup_close_ int fd = mkstemp(name);
+ _cleanup_close_ int fd;
+
+ fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(write(fd, env_file_3, sizeof(env_file_3)) == sizeof(env_file_3));
@@ -270,10 +277,11 @@ static void test_load_env_file_3(void) {
static void test_load_env_file_4(void) {
_cleanup_strv_free_ char **data = NULL;
+ char name[] = "/tmp/test-load-env-file.XXXXXX";
+ _cleanup_close_ int fd;
int r;
- char name[] = "/tmp/test-load-env-file.XXXXXX";
- _cleanup_close_ int fd = mkstemp(name);
+ fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
assert(fd >= 0);
assert_se(write(fd, env_file_4, sizeof(env_file_4)) == sizeof(env_file_4));
diff --git a/src/test/test-util.c b/src/test/test-util.c
index f819589..43bb024 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -56,9 +56,9 @@ static void test_close_many(void) {
char name1[] = "/tmp/test-close-many.XXXXXX";
char name2[] = "/tmp/test-close-many.XXXXXX";
- fds[0] = mkstemp(name0);
- fds[1] = mkstemp(name1);
- fds[2] = mkstemp(name2);
+ fds[0] = mkostemp_safe(name0, O_RDWR|O_CLOEXEC);
+ fds[1] = mkostemp_safe(name1, O_RDWR|O_CLOEXEC);
+ fds[2] = mkostemp_safe(name2, O_RDWR|O_CLOEXEC);
close_many(fds, 2);
@@ -591,7 +591,7 @@ static void test_writev_safe(void) {
IOVEC_SET_STRING(iov[1], ALPHANUMERICAL "\n");
IOVEC_SET_STRING(iov[2], "");
- fd = mkstemp(name);
+ fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
printf("test_writev_safe: %s", name);
r = writev_safe(fd, iov, 3);
commit 7736202ce9149942e96e525c08d508daa448aff5
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:26:48 2014 +0100
util: pick slightly safer open() flags when creating temporary files
diff --git a/src/shared/util.c b/src/shared/util.c
index a6e8614..f9cbb20 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -6136,7 +6136,7 @@ int mkostemp_safe(char *pattern, int flags) {
for (i = 0; i < 6; i++)
s[i] = ALPHANUMERICAL[(unsigned) s[i] % (sizeof(ALPHANUMERICAL)-1)];
- fd = open(pattern, flags|O_EXCL|O_CREAT, S_IRUSR|S_IWUSR);
+ fd = open(pattern, flags|O_EXCL|O_CREAT|O_NOCTTY|O_NOFOLLOW, S_IRUSR|S_IWUSR);
if (fd >= 0)
return fd;
if (!IN_SET(errno, EEXIST, EINTR))
@@ -6153,10 +6153,13 @@ int open_tmpfile(const char *path, int flags) {
assert(path);
#ifdef O_TMPFILE
- fd = open(path, flags|O_TMPFILE|O_NOCTTY, S_IRUSR|S_IWUSR);
+ /* Try O_TMPFILE first, if it is supported */
+ fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
if (fd >= 0)
return fd;
#endif
+
+ /* Fall back to unguessable name + unlinking */
p = strappenda(path, "/systemd-tmp-XXXXXX");
fd = mkostemp_safe(p, flags);
commit c09918f97a3c2fc4c8320d327eafd287bc2138da
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:25:51 2014 +0100
util: define O_TMPFILE on x86/x86-64, where the generic value is used
On other archs we'll not define it so that open_tmpfile() falls back to
unguessable name + unlink.
diff --git a/src/shared/missing.h b/src/shared/missing.h
index 4e62100..939f81d 100644
--- a/src/shared/missing.h
+++ b/src/shared/missing.h
@@ -327,3 +327,19 @@ static inline int name_to_handle_at(int fd, const char *name, struct file_handle
#ifndef TMP_MAX
# define TMP_MAX 238328
#endif
+
+#if defined(__i386__) || defined(__x86_64__)
+
+/* The precise definition of __O_TMPFILE is arch specific, so let's
+ * just define this on x86 where we know the value. */
+
+#ifndef __O_TMPFILE
+#define __O_TMPFILE 020000000
+#endif
+
+/* a horrid kludge trying to make sure that this will fail on old kernels */
+#ifndef O_TMPFILE
+#define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
+#endif
+
+#endif
commit a6afc4aeaa5018859f8c8a397001ee4e3794545e
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:09:14 2014 +0100
util: pass original flags value to mkostemp(), in open_tmpfile()
diff --git a/src/shared/util.c b/src/shared/util.c
index 0e7d5c5..a6e8614 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -6147,17 +6147,19 @@ int mkostemp_safe(char *pattern, int flags) {
}
int open_tmpfile(const char *path, int flags) {
- int fd;
char *p;
+ int fd;
+
+ assert(path);
#ifdef O_TMPFILE
- fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
+ fd = open(path, flags|O_TMPFILE|O_NOCTTY, S_IRUSR|S_IWUSR);
if (fd >= 0)
return fd;
#endif
p = strappenda(path, "/systemd-tmp-XXXXXX");
- fd = mkostemp_safe(p, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(p, flags);
if (fd < 0)
return fd;
commit d37a91e860ce953079870bdbd2526b2c04bb9ea5
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:08:34 2014 +0100
util: simplify mkostemp_safe()
Make it use dev_urandom() and endswith().
diff --git a/src/shared/util.c b/src/shared/util.c
index f452431..0e7d5c5 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3835,12 +3835,13 @@ char* hostname_cleanup(char *s, bool lowercase) {
}
int pipe_eof(int fd) {
- int r;
struct pollfd pollfd = {
.fd = fd,
.events = POLLIN|POLLHUP,
};
+ int r;
+
r = poll(&pollfd, 1, 0);
if (r < 0)
return -errno;
@@ -6111,23 +6112,29 @@ int writev_safe(int fd, const struct iovec *w, int j) {
}
int mkostemp_safe(char *pattern, int flags) {
- char *s = pattern + strlen(pattern) - 6;
- uint64_t tries = TMP_MAX;
- int randfd, fd, i;
+ unsigned long tries = TMP_MAX;
+ char *s;
+ int r;
- assert(streq(s, "XXXXXX"));
+ assert(pattern);
- randfd = open("/dev/urandom", O_RDONLY);
- if (randfd < 0)
- return -ENOSYS;
+ /* This is much like like mkostemp() but avoids using any
+ * static variables, thus is async signal safe */
+
+ s = endswith(pattern, "XXXXXX");
+ if (!s)
+ return -EINVAL;
while (tries--) {
- fd = read(randfd, s, 6);
- if (fd == 0)
- return -ENOSYS;
+ unsigned i;
+ int fd;
+
+ r = dev_urandom(s, 6);
+ if (r < 0)
+ return r;
for (i = 0; i < 6; i++)
- s[i] = ALPHANUMERICAL[(unsigned) s[i] % strlen(ALPHANUMERICAL)];
+ s[i] = ALPHANUMERICAL[(unsigned) s[i] % (sizeof(ALPHANUMERICAL)-1)];
fd = open(pattern, flags|O_EXCL|O_CREAT, S_IRUSR|S_IWUSR);
if (fd >= 0)
commit b89446bb33fbe6b9820efdbea62433657757a03f
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:07:28 2014 +0100
util: introduce new dev_urandom() call that is like random_bytes() but doesn't fall back to PRNG
diff --git a/src/shared/util.c b/src/shared/util.c
index 945f152..f452431 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -2255,25 +2255,37 @@ char* dirname_malloc(const char *path) {
return dir;
}
-void random_bytes(void *p, size_t n) {
- static bool srand_called = false;
+int dev_urandom(void *p, size_t n) {
_cleanup_close_ int fd;
ssize_t k;
- uint8_t *q;
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0)
- goto fallback;
+ return errno == ENOENT ? -ENOSYS : -errno;
k = loop_read(fd, p, n, true);
- if (k < 0 || (size_t) k != n)
- goto fallback;
+ if (k < 0)
+ return (int) k;
+ if ((size_t) k != n)
+ return -EIO;
- return;
+ return 0;
+}
-fallback:
+void random_bytes(void *p, size_t n) {
+ static bool srand_called = false;
+ uint8_t *q;
+ int r;
+
+ r = dev_urandom(p, n);
+ if (r >= 0)
+ return;
+
+ /* If some idiot made /dev/urandom unavailable to us, he'll
+ * get a PRNG instead. */
if (!srand_called) {
+ unsigned x = 0;
#ifdef HAVE_SYS_AUXV_H
/* The kernel provides us with a bit of entropy in
@@ -2285,16 +2297,16 @@ fallback:
auxv = (void*) getauxval(AT_RANDOM);
if (auxv)
- srand(*(unsigned*) auxv);
- else
+ x ^= *(unsigned*) auxv;
#endif
- srand(time(NULL) + gettid());
+ x ^= (unsigned) now(CLOCK_REALTIME);
+ x ^= (unsigned) gettid();
+
+ srand(x);
srand_called = true;
}
- /* If some idiot made /dev/urandom unavailable to us, he'll
- * get a PRNG instead. */
for (q = p; q < (uint8_t*) p + n; q ++)
*q = rand();
}
diff --git a/src/shared/util.h b/src/shared/util.h
index 1169864..117855d 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -272,6 +272,7 @@ int make_stdio(int fd);
int make_null_stdio(void);
int make_console_stdio(void);
+int dev_urandom(void *p, size_t n);
void random_bytes(void *p, size_t n);
static inline uint64_t random_u64(void) {
commit 7d5dd5e0cf2f0f2af39d72b1ee65651731bf0129
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Jan 28 13:06:44 2014 +0100
util: modernize loop_read() and loop_write() a bit
Let's make use of fd_wait_for_event() here, instead of rolling our own.
diff --git a/src/shared/util.c b/src/shared/util.c
index a437d9b..945f152 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -2037,45 +2037,31 @@ int close_pipe(int p[]) {
}
ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) {
- uint8_t *p;
+ uint8_t *p = buf;
ssize_t n = 0;
assert(fd >= 0);
assert(buf);
- p = buf;
-
while (nbytes > 0) {
ssize_t k;
- if ((k = read(fd, p, nbytes)) <= 0) {
-
- if (k < 0 && errno == EINTR)
- continue;
-
- if (k < 0 && errno == EAGAIN && do_poll) {
- struct pollfd pollfd = {
- .fd = fd,
- .events = POLLIN,
- };
-
- if (poll(&pollfd, 1, -1) < 0) {
- if (errno == EINTR)
- continue;
+ k = read(fd, p, nbytes);
+ if (k < 0 && errno == EINTR)
+ continue;
- return n > 0 ? n : -errno;
- }
+ if (k < 0 && errno == EAGAIN && do_poll) {
- /* We knowingly ignore the revents value here,
- * and expect that any error/EOF is reported
- * via read()/write()
- */
+ /* We knowingly ignore any return value here,
+ * and expect that any error/EOF is reported
+ * via read() */
- continue;
- }
+ fd_wait_for_event(fd, POLLIN, (usec_t) -1);
+ continue;
+ }
+ if (k <= 0)
return n > 0 ? n : (k < 0 ? -errno : 0);
- }
p += k;
nbytes -= k;
@@ -2086,46 +2072,31 @@ ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) {
}
ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) {
- const uint8_t *p;
+ const uint8_t *p = buf;
ssize_t n = 0;
assert(fd >= 0);
assert(buf);
- p = buf;
-
while (nbytes > 0) {
ssize_t k;
k = write(fd, p, nbytes);
- if (k <= 0) {
-
- if (k < 0 && errno == EINTR)
- continue;
-
- if (k < 0 && errno == EAGAIN && do_poll) {
- struct pollfd pollfd = {
- .fd = fd,
- .events = POLLOUT,
- };
-
- if (poll(&pollfd, 1, -1) < 0) {
- if (errno == EINTR)
- continue;
+ if (k < 0 && errno == EINTR)
+ continue;
- return n > 0 ? n : -errno;
- }
+ if (k < 0 && errno == EAGAIN && do_poll) {
- /* We knowingly ignore the revents value here,
- * and expect that any error/EOF is reported
- * via read()/write()
- */
+ /* We knowingly ignore any return value here,
+ * and expect that any error/EOF is reported
+ * via write() */
- continue;
- }
+ fd_wait_for_event(fd, POLLOUT, (usec_t) -1);
+ continue;
+ }
+ if (k <= 0)
return n > 0 ? n : (k < 0 ? -errno : 0);
- }
p += k;
nbytes -= k;
More information about the systemd-commits
mailing list