X-Git-Url: http://git.lttng.org/?a=blobdiff_plain;f=libust%2Flttng-ust-comm.c;h=d88c4afb2346c000dedd5a96c9fa5239f37bb265;hb=381c0f1ef474e0ae8a96b3753470ca4bda45c764;hp=6b548f82e0dcad7ba850495d555c2b7f7a6b8dc5;hpb=83610856fc8fea9e25911b0ca9345970cc39ff17;p=lttng-ust.git

diff --git a/libust/lttng-ust-comm.c b/libust/lttng-ust-comm.c
index 6b548f82..d88c4afb 100644
--- a/libust/lttng-ust-comm.c
+++ b/libust/lttng-ust-comm.c
@@ -19,21 +19,32 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#define _LGPL_SOURCE
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/prctl.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
 #include <pthread.h>
 #include <semaphore.h>
 #include <time.h>
 #include <assert.h>
+#include <signal.h>
 #include <urcu/uatomic.h>
+#include <urcu/futex.h>
 
 #include <lttng-ust-comm.h>
 #include <ust/usterr-signal-safe.h>
 #include <ust/lttng-ust-abi.h>
 #include <ust/tracepoint.h>
+#include <ust/tracepoint-internal.h>
+#include <ust/ust.h>
+#include "ltt-tracer-core.h"
 
 /*
  * Has lttng ust comm constructor been called ?
@@ -41,10 +52,10 @@
 static int initialized;
 
 /*
- * communication thread mutex. Held when handling a command, also held
- * by fork() to deal with removal of threads, and by exit path.
+ * The ust_lock/ust_unlock lock is used as a communication thread mutex.
+ * Held when handling a command, also held by fork() to deal with
+ * removal of threads, and by exit path.
  */
-static pthread_mutex_t lttng_ust_comm_mutex = PTHREAD_MUTEX_INITIALIZER;
 
 /* Should the ust comm thread quit ? */
 static int lttng_ust_comm_should_quit;
@@ -70,29 +81,46 @@ static int sem_count = { 2 };
  */
 struct sock_info {
 	const char *name;
-	char sock_path[PATH_MAX];
-	int socket;
 	pthread_t ust_listener;	/* listener thread */
 	int root_handle;
-	int constructor_sem_posted;;
+	int constructor_sem_posted;
+	int allowed;
+	int global;
+
+	char sock_path[PATH_MAX];
+	int socket;
+
+	char wait_shm_path[PATH_MAX];
+	char *wait_shm_mmap;
 };
 
 /* Socket from app (connect) to session daemon (listen) for communication */
 struct sock_info global_apps = {
 	.name = "global",
+	.global = 1,
+
+	.root_handle = -1,
+	.allowed = 1,
+
 	.sock_path = DEFAULT_GLOBAL_APPS_UNIX_SOCK,
 	.socket = -1,
-	.root_handle = -1,
+
+	.wait_shm_path = DEFAULT_GLOBAL_APPS_WAIT_SHM_PATH,
 };
 
 /* TODO: allow global_apps_sock_path override */
 
 struct sock_info local_apps = {
 	.name = "local",
-	.socket = -1,
+	.global = 0,
 	.root_handle = -1,
+	.allowed = 0,	/* Check setuid bit first */
+
+	.socket = -1,
 };
 
+static int wait_poll_fallback;
+
 extern void ltt_ring_buffer_client_overwrite_init(void);
 extern void ltt_ring_buffer_client_discard_init(void);
 extern void ltt_ring_buffer_metadata_client_init(void);
@@ -101,15 +129,28 @@ extern void ltt_ring_buffer_client_discard_exit(void);
 extern void ltt_ring_buffer_metadata_client_exit(void);
 
 static
-int setup_local_apps_socket(void)
+int setup_local_apps(void)
 {
 	const char *home_dir;
+	uid_t uid;
 
+	uid = getuid();
+	/*
+	 * Disallow per-user tracing for setuid binaries.
+	 */
+	if (uid != geteuid()) {
+		local_apps.allowed = 0;
+		return 0;
+	} else {
+		local_apps.allowed = 1;
+	}
 	home_dir = (const char *) getenv("HOME");
 	if (!home_dir)
 		return -ENOENT;
 	snprintf(local_apps.sock_path, PATH_MAX,
 		 DEFAULT_HOME_APPS_UNIX_SOCK, home_dir);
+	snprintf(local_apps.wait_shm_path, PATH_MAX,
+		 DEFAULT_HOME_APPS_WAIT_SHM_PATH, uid);
 	return 0;
 }
 
@@ -176,6 +217,9 @@ int handle_register_done(struct sock_info *sock_info)
 	if (sock_info->constructor_sem_posted)
 		return 0;
 	sock_info->constructor_sem_posted = 1;
+	if (uatomic_read(&sem_count) <= 0) {
+		return 0;
+	}
 	ret = uatomic_add_return(&sem_count, -1);
 	if (ret == 0) {
 		ret = sem_post(&constructor_wait);
@@ -192,7 +236,7 @@ int handle_message(struct sock_info *sock_info,
 	const struct objd_ops *ops;
 	struct lttcomm_ust_reply lur;
 
-	pthread_mutex_lock(&lttng_ust_comm_mutex);
+	ust_lock();
 
 	memset(&lur, 0, sizeof(lur));
 
@@ -238,9 +282,34 @@ end:
 	} else {
 		lur.ret_code = LTTCOMM_SESSION_FAIL;
 	}
+	if (lum->cmd == LTTNG_UST_STREAM) {
+		/*
+		 * Special-case reply to send stream info.
+		 * Use lum.u output.
+		 */
+		lur.u.stream.memory_map_size = lum->u.stream.memory_map_size;
+	}
 	ret = send_reply(sock, &lur);
 
-	pthread_mutex_unlock(&lttng_ust_comm_mutex);
+	if (lum->cmd == LTTNG_UST_STREAM && ret >= 0) {
+		/* we also need to send the file descriptors. */
+		ret = lttcomm_send_fds_unix_sock(sock,
+			&lum->u.stream.shm_fd, &lum->u.stream.shm_fd,
+			1, sizeof(int));
+		if (ret < 0) {
+			perror("send shm_fd");
+			goto error;
+		}
+		ret = lttcomm_send_fds_unix_sock(sock,
+			&lum->u.stream.wait_fd, &lum->u.stream.wait_fd,
+			1, sizeof(int));
+		if (ret < 0) {
+			perror("send wait_fd");
+			goto error;
+		}
+	}
+error:
+	ust_unlock();
 	return ret;
 }
 
@@ -252,7 +321,7 @@ void cleanup_sock_info(struct sock_info *sock_info)
 	if (sock_info->socket != -1) {
 		ret = close(sock_info->socket);
 		if (ret) {
-			ERR("Error closing local apps socket");
+			ERR("Error closing apps socket");
 		}
 		sock_info->socket = -1;
 	}
@@ -263,6 +332,226 @@ void cleanup_sock_info(struct sock_info *sock_info)
 		}
 		sock_info->root_handle = -1;
 	}
+	sock_info->constructor_sem_posted = 0;
+	if (sock_info->wait_shm_mmap) {
+		ret = munmap(sock_info->wait_shm_mmap, sysconf(_SC_PAGE_SIZE));
+		if (ret) {
+			ERR("Error unmapping wait shm");
+		}
+		sock_info->wait_shm_mmap = NULL;
+	}
+}
+
+/*
+ * Using fork to set umask in the child process (not multi-thread safe).
+ * We deal with the shm_open vs ftruncate race (happening when the
+ * sessiond owns the shm and does not let everybody modify it, to ensure
+ * safety against shm_unlink) by simply letting the mmap fail and
+ * retrying after a few seconds.
+ * For global shm, everybody has rw access to it until the sessiond
+ * starts.
+ */
+static
+int get_wait_shm(struct sock_info *sock_info, size_t mmap_size)
+{
+	int wait_shm_fd, ret;
+	pid_t pid;
+
+	/*
+	 * Try to open read-only.
+	 */
+	wait_shm_fd = shm_open(sock_info->wait_shm_path, O_RDONLY, 0);
+	if (wait_shm_fd >= 0) {
+		goto end;
+	} else if (wait_shm_fd < 0 && errno != ENOENT) {
+		/*
+		 * Real-only open did not work, and it's not because the
+		 * entry was not present. It's a failure that prohibits
+		 * using shm.
+		 */
+		ERR("Error opening shm %s", sock_info->wait_shm_path);
+		goto end;
+	}
+	/*
+	 * If the open failed because the file did not exist, try
+	 * creating it ourself.
+	 */
+	pid = fork();
+	if (pid > 0) {
+		int status;
+
+		/*
+		 * Parent: wait for child to return, in which case the
+		 * shared memory map will have been created.
+		 */
+		pid = wait(&status);
+		if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+			wait_shm_fd = -1;
+			goto end;
+		}
+		/*
+		 * Try to open read-only again after creation.
+		 */
+		wait_shm_fd = shm_open(sock_info->wait_shm_path, O_RDONLY, 0);
+		if (wait_shm_fd < 0) {
+			/*
+			 * Real-only open did not work. It's a failure
+			 * that prohibits using shm.
+			 */
+			ERR("Error opening shm %s", sock_info->wait_shm_path);
+			goto end;
+		}
+		goto end;
+	} else if (pid == 0) {
+		int create_mode;
+
+		/* Child */
+		create_mode = S_IRUSR | S_IWUSR | S_IRGRP;
+		if (sock_info->global)
+			create_mode |= S_IROTH | S_IWGRP | S_IWOTH;
+		/*
+		 * We're alone in a child process, so we can modify the
+		 * process-wide umask.
+		 */
+		umask(~create_mode);
+		/*
+		 * Try creating shm (or get rw access).
+		 * We don't do an exclusive open, because we allow other
+		 * processes to create+ftruncate it concurrently.
+		 */
+		wait_shm_fd = shm_open(sock_info->wait_shm_path,
+				O_RDWR | O_CREAT, create_mode);
+		if (wait_shm_fd >= 0) {
+			ret = ftruncate(wait_shm_fd, mmap_size);
+			if (ret) {
+				PERROR("ftruncate");
+				exit(EXIT_FAILURE);
+			}
+			exit(EXIT_SUCCESS);
+		}
+		/*
+		 * For local shm, we need to have rw access to accept
+		 * opening it: this means the local sessiond will be
+		 * able to wake us up. For global shm, we open it even
+		 * if rw access is not granted, because the root.root
+		 * sessiond will be able to override all rights and wake
+		 * us up.
+		 */
+		if (!sock_info->global && errno != EACCES) {
+			ERR("Error opening shm %s", sock_info->wait_shm_path);
+			exit(EXIT_FAILURE);
+		}
+		/*
+		 * The shm exists, but we cannot open it RW. Report
+		 * success.
+		 */
+		exit(EXIT_SUCCESS);
+	} else {
+		return -1;
+	}
+end:
+	if (wait_shm_fd >= 0 && !sock_info->global) {
+		struct stat statbuf;
+
+		/*
+		 * Ensure that our user is the owner of the shm file for
+		 * local shm. If we do not own the file, it means our
+		 * sessiond will not have access to wake us up (there is
+		 * probably a rogue process trying to fake our
+		 * sessiond). Fallback to polling method in this case.
+		 */
+		ret = fstat(wait_shm_fd, &statbuf);
+		if (ret) {
+			PERROR("fstat");
+			goto error_close;
+		}
+		if (statbuf.st_uid != getuid())
+			goto error_close;
+	}
+	return wait_shm_fd;
+
+error_close:
+	ret = close(wait_shm_fd);
+	if (ret) {
+		PERROR("Error closing fd");
+	}
+	return -1;
+}
+
+static
+char *get_map_shm(struct sock_info *sock_info)
+{
+	size_t mmap_size = sysconf(_SC_PAGE_SIZE);
+	int wait_shm_fd, ret;
+	char *wait_shm_mmap;
+
+	wait_shm_fd = get_wait_shm(sock_info, mmap_size);
+	if (wait_shm_fd < 0) {
+		goto error;
+	}
+	wait_shm_mmap = mmap(NULL, mmap_size, PROT_READ,
+		  MAP_SHARED, wait_shm_fd, 0);
+	/* close shm fd immediately after taking the mmap reference */
+	ret = close(wait_shm_fd);
+	if (ret) {
+		PERROR("Error closing fd");
+	}
+	if (wait_shm_mmap == MAP_FAILED) {
+		DBG("mmap error (can be caused by race with sessiond). Fallback to poll mode.");
+		goto error;
+	}
+	return wait_shm_mmap;
+
+error:
+	return NULL;
+}
+
+static
+void wait_for_sessiond(struct sock_info *sock_info)
+{
+	int ret;
+
+	ust_lock();
+	if (lttng_ust_comm_should_quit) {
+		goto quit;
+	}
+	if (wait_poll_fallback) {
+		goto error;
+	}
+	if (!sock_info->wait_shm_mmap) {
+		sock_info->wait_shm_mmap = get_map_shm(sock_info);
+		if (!sock_info->wait_shm_mmap)
+			goto error;
+	}
+	ust_unlock();
+
+	DBG("Waiting for %s apps sessiond", sock_info->name);
+	/* Wait for futex wakeup */
+	if (uatomic_read((int32_t *) sock_info->wait_shm_mmap) == 0) {
+		ret = futex_async((int32_t *) sock_info->wait_shm_mmap,
+			FUTEX_WAIT, 0, NULL, NULL, 0);
+		if (ret < 0) {
+			if (errno == EFAULT) {
+				wait_poll_fallback = 1;
+				ERR(
+"Linux kernels 2.6.33 to 3.0 (with the exception of stable versions) "
+"do not support FUTEX_WAKE on read-only memory mappings correctly. "
+"Please upgrade your kernel "
+"(fix is commit 9ea71503a8ed9184d2d0b8ccc4d269d05f7940ae in Linux kernel "
+"mainline). LTTng-UST will use polling mode fallback.");
+			}
+			PERROR("futex");
+		}
+	}
+	return;
+
+quit:
+	ust_unlock();
+	return;
+
+error:
+	ust_unlock();
+	return;
 }
 
 /*
@@ -276,14 +565,29 @@ static
 void *ust_listener_thread(void *arg)
 {
 	struct sock_info *sock_info = arg;
-	int sock, ret;
+	int sock, ret, prev_connect_failed = 0, has_waited = 0;
 
 	/* Restart trying to connect to the session daemon */
 restart:
-	pthread_mutex_lock(&lttng_ust_comm_mutex);
+	if (prev_connect_failed) {
+		/* Wait for sessiond availability with pipe */
+		wait_for_sessiond(sock_info);
+		if (has_waited) {
+			has_waited = 0;
+			/*
+			 * Sleep for 5 seconds before retrying after a
+			 * sequence of failure / wait / failure. This
+			 * deals with a killed or broken session daemon.
+			 */
+			sleep(5);
+		}
+		has_waited = 1;
+		prev_connect_failed = 0;
+	}
+	ust_lock();
 
 	if (lttng_ust_comm_should_quit) {
-		pthread_mutex_unlock(&lttng_ust_comm_mutex);
+		ust_unlock();
 		goto quit;
 	}
 
@@ -295,20 +599,18 @@ restart:
 		sock_info->socket = -1;
 	}
 
-	/* Check for sessiond availability with pipe TODO */
-
 	/* Register */
 	ret = lttcomm_connect_unix_sock(sock_info->sock_path);
 	if (ret < 0) {
 		ERR("Error connecting to %s apps socket", sock_info->name);
+		prev_connect_failed = 1;
 		/*
 		 * If we cannot find the sessiond daemon, don't delay
 		 * constructor execution.
 		 */
 		ret = handle_register_done(sock_info);
 		assert(!ret);
-		pthread_mutex_unlock(&lttng_ust_comm_mutex);
-		sleep(5);
+		ust_unlock();
 		goto restart;
 	}
 
@@ -322,7 +624,7 @@ restart:
 		ret = lttng_abi_create_root_handle();
 		if (ret) {
 			ERR("Error creating root handle");
-			pthread_mutex_unlock(&lttng_ust_comm_mutex);
+			ust_unlock();
 			goto quit;
 		}
 		sock_info->root_handle = ret;
@@ -331,17 +633,17 @@ restart:
 	ret = register_app_to_sessiond(sock);
 	if (ret < 0) {
 		ERR("Error registering to %s apps socket", sock_info->name);
+		prev_connect_failed = 1;
 		/*
 		 * If we cannot register to the sessiond daemon, don't
 		 * delay constructor execution.
 		 */
 		ret = handle_register_done(sock_info);
 		assert(!ret);
-		pthread_mutex_unlock(&lttng_ust_comm_mutex);
-		sleep(5);
+		ust_unlock();
 		goto restart;
 	}
-	pthread_mutex_unlock(&lttng_ust_comm_mutex);
+	ust_unlock();
 
 	for (;;) {
 		ssize_t len;
@@ -449,16 +751,20 @@ void __attribute__((constructor)) lttng_ust_init(void)
 	ret = sem_init(&constructor_wait, 0, 0);
 	assert(!ret);
 
-	ret = setup_local_apps_socket();
+	ret = setup_local_apps();
 	if (ret) {
-		ERR("Error setting up to local apps socket");
+		ERR("Error setting up to local apps");
 	}
-
-	ret = pthread_create(&global_apps.ust_listener, NULL,
-			ust_listener_thread, &global_apps);
 	ret = pthread_create(&local_apps.ust_listener, NULL,
 			ust_listener_thread, &local_apps);
 
+	if (local_apps.allowed) {
+		ret = pthread_create(&global_apps.ust_listener, NULL,
+				ust_listener_thread, &global_apps);
+	} else {
+		handle_register_done(&local_apps);
+	}
+
 	switch (timeout_mode) {
 	case 1:	/* timeout wait */
 		do {
@@ -482,6 +788,27 @@ void __attribute__((constructor)) lttng_ust_init(void)
 	}
 }
 
+static
+void lttng_ust_cleanup(int exiting)
+{
+	cleanup_sock_info(&global_apps);
+	if (local_apps.allowed) {
+		cleanup_sock_info(&local_apps);
+	}
+	lttng_ust_abi_exit();
+	ltt_events_exit();
+	ltt_ring_buffer_client_discard_exit();
+	ltt_ring_buffer_client_overwrite_exit();
+	ltt_ring_buffer_metadata_client_exit();
+	exit_tracepoint();
+	if (!exiting) {
+		/* Reinitialize values for fork */
+		sem_count = 2;
+		lttng_ust_comm_should_quit = 0;
+		initialized = 0;
+	}
+}
+
 void __attribute__((destructor)) lttng_ust_exit(void)
 {
 	int ret;
@@ -497,30 +824,88 @@ void __attribute__((destructor)) lttng_ust_exit(void)
 	 * mutexes to ensure it is not in a mutex critical section when
 	 * pthread_cancel is later called.
 	 */
-	pthread_mutex_lock(&lttng_ust_comm_mutex);
+	ust_lock();
 	lttng_ust_comm_should_quit = 1;
-	pthread_mutex_unlock(&lttng_ust_comm_mutex);
+	ust_unlock();
 
-#if 0
 	ret = pthread_cancel(global_apps.ust_listener);
 	if (ret) {
 		ERR("Error cancelling global ust listener thread");
 	}
-#endif //0
+	if (local_apps.allowed) {
+		ret = pthread_cancel(local_apps.ust_listener);
+		if (ret) {
+			ERR("Error cancelling local ust listener thread");
+		}
+	}
+	lttng_ust_cleanup(1);
+}
 
-	cleanup_sock_info(&global_apps);
+/*
+ * We exclude the worker threads across fork and clone (except
+ * CLONE_VM), because these system calls only keep the forking thread
+ * running in the child.  Therefore, we don't want to call fork or clone
+ * in the middle of an tracepoint or ust tracing state modification.
+ * Holding this mutex protects these structures across fork and clone.
+ */
+void ust_before_fork(ust_fork_info_t *fork_info)
+{
+	/*
+	 * Disable signals. This is to avoid that the child intervenes
+	 * before it is properly setup for tracing. It is safer to
+	 * disable all signals, because then we know we are not breaking
+	 * anything by restoring the original mask.
+         */
+	sigset_t all_sigs;
+	int ret;
 
-	ret = pthread_cancel(local_apps.ust_listener);
-	if (ret) {
-		ERR("Error cancelling local ust listener thread");
+	/* Disable signals */
+	sigfillset(&all_sigs);
+	ret = sigprocmask(SIG_BLOCK, &all_sigs, &fork_info->orig_sigs);
+	if (ret == -1) {
+		PERROR("sigprocmask");
 	}
+	ust_lock();
+	rcu_bp_before_fork();
+}
 
-	cleanup_sock_info(&local_apps);
+static void ust_after_fork_common(ust_fork_info_t *fork_info)
+{
+	int ret;
 
-	lttng_ust_abi_exit();
-	ltt_events_exit();
-	ltt_ring_buffer_client_discard_exit();
-	ltt_ring_buffer_client_overwrite_exit();
-	ltt_ring_buffer_metadata_client_exit();
-	exit_tracepoint();
+	DBG("process %d", getpid());
+	ust_unlock();
+	/* Restore signals */
+	ret = sigprocmask(SIG_SETMASK, &fork_info->orig_sigs, NULL);
+	if (ret == -1) {
+		PERROR("sigprocmask");
+	}
+}
+
+void ust_after_fork_parent(ust_fork_info_t *fork_info)
+{
+	DBG("process %d", getpid());
+	rcu_bp_after_fork_parent();
+	/* Release mutexes and reenable signals */
+	ust_after_fork_common(fork_info);
+}
+
+/*
+ * After fork, in the child, we need to cleanup all the leftover state,
+ * except the worker thread which already magically disappeared thanks
+ * to the weird Linux fork semantics. After tyding up, we call
+ * lttng_ust_init() again to start over as a new PID.
+ *
+ * This is meant for forks() that have tracing in the child between the
+ * fork and following exec call (if there is any).
+ */
+void ust_after_fork_child(ust_fork_info_t *fork_info)
+{
+	DBG("process %d", getpid());
+	/* Release urcu mutexes */
+	rcu_bp_after_fork_child();
+	lttng_ust_cleanup(0);
+	/* Release mutexes and reenable signals */
+	ust_after_fork_common(fork_info);
+	lttng_ust_init();
 }