systemd / systemd / 21121026098

coverage: 72.736% (+0.2%) from 72.561%
21121026098

push

github

YHNdnzj 
cryptenroll,cryptsetup,shutdown: only call mlockall if we have CAP_IPC_LOCK

Calling mlockall in an unprivileged process most notably had the effect
of making systemd-cryptenroll OOM while trying to open a normal-sized
argon2 keyslot due to it hitting RLIMIT_MEMLOCK.

9 of 14 new or added lines in 4 files covered. (64.29%)

1479 existing lines in 62 files now uncovered.

310610 of 427035 relevant lines covered (72.74%)

1127441.3 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/src/shared/kernel-image.c
1 
/* SPDX-License-Identifier: LGPL-2.1-or-later */
2 









3



#include "alloc-util.h"










4



#include "env-file.h"










5



#include "fd-util.h"










6



#include "fs-util.h"










7



#include "kernel-image.h"










8



#include "log.h"










9



#include "pe-binary.h"










10



#include "string-table.h"










11



#include "string-util.h"










12












13



#define PE_SECTION_READ_MAX (16U*1024U)










14












15



static const char * const kernel_image_type_table[_KERNEL_IMAGE_TYPE_MAX] = {










16



        [KERNEL_IMAGE_TYPE_UNKNOWN] = "unknown",










17



        [KERNEL_IMAGE_TYPE_UKI]     = "uki",










18



        [KERNEL_IMAGE_TYPE_ADDON]   = "addon",










19



        [KERNEL_IMAGE_TYPE_PE]      = "pe",










20



};










21













UNCOV

22



DEFINE_STRING_TABLE_LOOKUP_TO_STRING(kernel_image_type, KernelImageType);




×







23













UNCOV

24



static int uki_read_pretty_name(




×







25



                int fd,










26



                const PeHeader *pe_header,










27



                const IMAGE_SECTION_HEADER *sections,










28



                char **ret) {










29












30



        _cleanup_free_ char *pname = NULL, *name = NULL;




×







31



        _cleanup_fclose_ FILE *f = NULL;




×







32



        _cleanup_free_ void *osrel = NULL;




×







33



        size_t osrel_size;




×








UNCOV

34



        int r;




×







35












36



        assert(fd >= 0);




×







37



        assert(pe_header);




×







38



        assert(sections || le16toh(pe_header->pe.NumberOfSections) == 0);




×








UNCOV

39



        assert(ret);




×







40













UNCOV

41



        r = pe_read_section_data_by_name(




×







42



                        fd,










43



                        pe_header,










44



                        sections,










45



                        ".osrel",










46



                        /* max_size= */ PE_SECTION_READ_MAX,










47



                        &osrel,










48



                        &osrel_size);










49



        if (r == -ENXIO) { /* Section not found */




×







50



                *ret = NULL;




×








UNCOV

51



                return 0;




×







52



        }










53












54



        f = fmemopen(osrel, osrel_size, "r");




×







55



        if (!f)




×








UNCOV

56



                return log_error_errno(errno, "Failed to open embedded os-release file: %m");




×







57













UNCOV

58



        r = parse_env_file(




×







59



                        f, NULL,










60



                        "PRETTY_NAME", &pname,










61



                        "NAME",        &name);










62



        if (r < 0)




×








UNCOV

63



                return log_error_errno(r, "Failed to parse embedded os-release file: %m");




×







64












65



        /* follow the same logic as os_release_pretty_name() */










66



        if (!isempty(pname))




×







67



                *ret = TAKE_PTR(pname);




×







68



        else if (!isempty(name))




×








UNCOV

69



                *ret = TAKE_PTR(name);




×







70



        else {










71



                char *n = strdup("Linux");




×







72



                if (!n)




×








UNCOV

73



                        return log_oom();




×







74













UNCOV

75



                *ret = n;




×







76



        }










77












78



        return 0;










79



}










80













UNCOV

81



static int inspect_uki(




×







82



                int fd,










83



                const PeHeader *pe_header,










84



                const IMAGE_SECTION_HEADER *sections,










85



                char **ret_cmdline,










86



                char **ret_uname,










87



                char **ret_pretty_name) {










88












89



        _cleanup_free_ char *cmdline = NULL, *uname = NULL, *pname = NULL;




×








UNCOV

90



        int r;




×







91












92



        assert(fd >= 0);




×








UNCOV

93



        assert(sections || le16toh(pe_header->pe.NumberOfSections) == 0);




×







94












95



        if (ret_cmdline) {




×







96



                r = pe_read_section_data_by_name(fd, pe_header, sections, ".cmdline", PE_SECTION_READ_MAX, (void**) &cmdline, NULL);




×








UNCOV

97



                if (r < 0 && r != -ENXIO) /* If the section doesn't exist, that's fine */




×







98



                        return r;










99



        }










100












101



        if (ret_uname) {




×







102



                r = pe_read_section_data_by_name(fd, pe_header, sections, ".uname", PE_SECTION_READ_MAX, (void**) &uname, NULL);




×








UNCOV

103



                if (r < 0 && r != -ENXIO) /* If the section doesn't exist, that's fine */




×







104



                        return r;










105



        }










106












107



        if (ret_pretty_name) {




×







108



                r = uki_read_pretty_name(fd, pe_header, sections, &pname);




×








UNCOV

109



                if (r < 0)




×







110



                        return r;










111



        }










112












113



        if (ret_cmdline)




×







114



                *ret_cmdline = TAKE_PTR(cmdline);




×







115



        if (ret_uname)




×







116



                *ret_uname = TAKE_PTR(uname);




×







117



        if (ret_pretty_name)




×








UNCOV

118



                *ret_pretty_name = TAKE_PTR(pname);




×







119












120



        return 0;










121



}










122













UNCOV

123



int inspect_kernel(




×







124



                int dir_fd,










125



                const char *filename,










126



                KernelImageType *ret_type,










127



                char **ret_cmdline,










128



                char **ret_uname,










129



                char **ret_pretty_name) {










130












131



        _cleanup_free_ IMAGE_SECTION_HEADER *sections = NULL;




×







132



        _cleanup_free_ IMAGE_DOS_HEADER *dos_header = NULL;




×







133



        KernelImageType t = KERNEL_IMAGE_TYPE_UNKNOWN;




×







134



        _cleanup_free_ PeHeader *pe_header = NULL;




×







135



        _cleanup_close_ int fd = -EBADF;




×








UNCOV

136



        int r;




×







137












138



        assert(dir_fd >= 0 || IN_SET(dir_fd, AT_FDCWD, XAT_FDROOT));




×








UNCOV

139



        assert(filename);




×







140












141



        fd = xopenat(dir_fd, filename, O_RDONLY|O_CLOEXEC);




×







142



        if (fd < 0)




×








UNCOV

143



                return log_error_errno(fd, "Failed to open kernel image file '%s': %m", filename);




×







144












145



        r = pe_load_headers(fd, &dos_header, &pe_header);




×







146



        if (r == -EBADMSG) /* not a valid PE file */




×







147



                goto not_uki;




×







148



        if (r < 0)




×








UNCOV

149



                return log_error_errno(r, "Failed to parse kernel image file '%s': %m", filename);




×







150












151



        r = pe_load_sections(fd, dos_header, pe_header, &sections);




×







152



        if (r == -EBADMSG) /* not a valid PE file */




×







153



                goto not_uki;




×







154



        if (r < 0)




×








UNCOV

155



                return log_error_errno(r, "Failed to load PE sections from kernel image file '%s': %m", filename);




×







156












157



        if (pe_is_uki(pe_header, sections)) {




×







158



                r = inspect_uki(fd, pe_header, sections, ret_cmdline, ret_uname, ret_pretty_name);




×








UNCOV

159



                if (r < 0)




×







160



                        return r;










161












162



                t = KERNEL_IMAGE_TYPE_UKI;




×







163



                goto done;




×







164



        } else if (pe_is_addon(pe_header, sections)) {




×







165



                r = inspect_uki(fd, pe_header, sections, ret_cmdline, ret_uname, /* ret_pretty_name= */ NULL);




×








UNCOV

166



                if (r < 0)




×







167



                        return r;










168












169



                if (ret_pretty_name)




×








UNCOV

170



                        *ret_pretty_name = NULL;




×







171












172



                t = KERNEL_IMAGE_TYPE_ADDON;




×








UNCOV

173



                goto done;




×







174



        } else










175



                t = KERNEL_IMAGE_TYPE_PE;










176












177



not_uki:




×







178



        if (ret_cmdline)




×







179



                *ret_cmdline = NULL;




×







180



        if (ret_uname)




×







181



                *ret_uname = NULL;




×







182



        if (ret_pretty_name)




×








UNCOV

183



                *ret_pretty_name = NULL;




×







184












185



done:




×







186



        if (ret_type)




×








UNCOV

187



                *ret_type = t;




×







188












189



        return 0;










190



}
























    

  • 

    •