projects / lttng-ust.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Disallow local apps tracing for setuid binaries
[lttng-ust.git] / libust / lttng-ust-comm.c
1 /*
2 * lttng-ust-comm.c
3 *
4 * Copyright (C) 2011 David Goulet <david.goulet@polymtl.ca>
5 * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; only
10 * version 2.1 of the License.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include <sys/types.h>
23 #include <sys/socket.h>
24 #include <sys/prctl.h>
25 #include <unistd.h>
26 #include <errno.h>
27 #include <pthread.h>
28 #include <semaphore.h>
29 #include <time.h>
30 #include <assert.h>
31 #include <urcu/uatomic.h>
32
33 #include <lttng-ust-comm.h>
34 #include <ust/usterr-signal-safe.h>
35 #include <ust/lttng-ust-abi.h>
36 #include <ust/tracepoint.h>
37
38 /*
39 * Has lttng ust comm constructor been called ?
40 */
41 static int initialized;
42
43 /*
44 * communication thread mutex. Held when handling a command, also held
45 * by fork() to deal with removal of threads, and by exit path.
46 */
47 static pthread_mutex_t lttng_ust_comm_mutex = PTHREAD_MUTEX_INITIALIZER;
48
49 /* Should the ust comm thread quit ? */
50 static int lttng_ust_comm_should_quit;
51
52 /*
53 * Wait for either of these before continuing to the main
54 * program:
55 * - the register_done message from sessiond daemon
56 * (will let the sessiond daemon enable sessions before main
57 * starts.)
58 * - sessiond daemon is not reachable.
59 * - timeout (ensuring applications are resilient to session
60 * daemon problems).
61 */
62 static sem_t constructor_wait;
63 /*
64 * Doing this for both the global and local sessiond.
65 */
66 static int sem_count = { 2 };
67
68 /*
69 * Info about socket and associated listener thread.
70 */
71 struct sock_info {
72 const char *name;
73 char sock_path[PATH_MAX];
74 int socket;
75 pthread_t ust_listener; /* listener thread */
76 int root_handle;
77 int constructor_sem_posted;
78 int allowed;
79 };
80
81 /* Socket from app (connect) to session daemon (listen) for communication */
82 struct sock_info global_apps = {
83 .name = "global",
84 .sock_path = DEFAULT_GLOBAL_APPS_UNIX_SOCK,
85 .socket = -1,
86 .root_handle = -1,
87 .allowed = 1,
88 };
89
90 /* TODO: allow global_apps_sock_path override */
91
92 struct sock_info local_apps = {
93 .name = "local",
94 .socket = -1,
95 .root_handle = -1,
96 .allowed = 0, /* Check setuid bit first */
97 };
98
99 extern void ltt_ring_buffer_client_overwrite_init(void);
100 extern void ltt_ring_buffer_client_discard_init(void);
101 extern void ltt_ring_buffer_metadata_client_init(void);
102 extern void ltt_ring_buffer_client_overwrite_exit(void);
103 extern void ltt_ring_buffer_client_discard_exit(void);
104 extern void ltt_ring_buffer_metadata_client_exit(void);
105
106 static
107 int setup_local_apps(void)
108 {
109 const char *home_dir;
110
111 /*
112 * Disallow per-user tracing for setuid binaries.
113 */
114 if (getuid() != geteuid()) {
115 local_apps.allowed = 0;
116 return;
117 } else {
118 local_apps.allowed = 1;
119 }
120 home_dir = (const char *) getenv("HOME");
121 if (!home_dir)
122 return -ENOENT;
123 snprintf(local_apps.sock_path, PATH_MAX,
124 DEFAULT_HOME_APPS_UNIX_SOCK, home_dir);
125 return 0;
126 }
127
128 static
129 int register_app_to_sessiond(int socket)
130 {
131 ssize_t ret;
132 int prctl_ret;
133 struct {
134 uint32_t major;
135 uint32_t minor;
136 pid_t pid;
137 pid_t ppid;
138 uid_t uid;
139 gid_t gid;
140 char name[16]; /* process name */
141 } reg_msg;
142
143 reg_msg.major = LTTNG_UST_COMM_VERSION_MAJOR;
144 reg_msg.minor = LTTNG_UST_COMM_VERSION_MINOR;
145 reg_msg.pid = getpid();
146 reg_msg.ppid = getppid();
147 reg_msg.uid = getuid();
148 reg_msg.gid = getgid();
149 prctl_ret = prctl(PR_GET_NAME, (unsigned long) reg_msg.name, 0, 0, 0);
150 if (prctl_ret) {
151 ERR("Error executing prctl");
152 return -errno;
153 }
154
155 ret = lttcomm_send_unix_sock(socket, &reg_msg, sizeof(reg_msg));
156 if (ret >= 0 && ret != sizeof(reg_msg))
157 return -EIO;
158 return ret;
159 }
160
161 static
162 int send_reply(int sock, struct lttcomm_ust_reply *lur)
163 {
164 ssize_t len;
165
166 len = lttcomm_send_unix_sock(sock, lur, sizeof(*lur));
167 switch (len) {
168 case sizeof(*lur):
169 DBG("message successfully sent");
170 return 0;
171 case -1:
172 if (errno == ECONNRESET) {
173 printf("remote end closed connection\n");
174 return 0;
175 }
176 return -1;
177 default:
178 printf("incorrect message size: %zd\n", len);
179 return -1;
180 }
181 }
182
183 static
184 int handle_register_done(struct sock_info *sock_info)
185 {
186 int ret;
187
188 if (sock_info->constructor_sem_posted)
189 return 0;
190 sock_info->constructor_sem_posted = 1;
191 ret = uatomic_add_return(&sem_count, -1);
192 if (ret == 0) {
193 ret = sem_post(&constructor_wait);
194 assert(!ret);
195 }
196 return 0;
197 }
198
199 static
200 int handle_message(struct sock_info *sock_info,
201 int sock, struct lttcomm_ust_msg *lum)
202 {
203 int ret = 0;
204 const struct objd_ops *ops;
205 struct lttcomm_ust_reply lur;
206
207 pthread_mutex_lock(&lttng_ust_comm_mutex);
208
209 memset(&lur, 0, sizeof(lur));
210
211 if (lttng_ust_comm_should_quit) {
212 ret = -EPERM;
213 goto end;
214 }
215
216 ops = objd_ops(lum->handle);
217 if (!ops) {
218 ret = -ENOENT;
219 goto end;
220 }
221
222 switch (lum->cmd) {
223 case LTTNG_UST_REGISTER_DONE:
224 if (lum->handle == LTTNG_UST_ROOT_HANDLE)
225 ret = handle_register_done(sock_info);
226 else
227 ret = -EINVAL;
228 break;
229 case LTTNG_UST_RELEASE:
230 if (lum->handle == LTTNG_UST_ROOT_HANDLE)
231 ret = -EPERM;
232 else
233 ret = objd_unref(lum->handle);
234 break;
235 default:
236 if (ops->cmd)
237 ret = ops->cmd(lum->handle, lum->cmd,
238 (unsigned long) &lum->u);
239 else
240 ret = -ENOSYS;
241 break;
242 }
243
244 end:
245 lur.handle = lum->handle;
246 lur.cmd = lum->cmd;
247 lur.ret_val = ret;
248 if (ret >= 0) {
249 lur.ret_code = LTTCOMM_OK;
250 } else {
251 lur.ret_code = LTTCOMM_SESSION_FAIL;
252 }
253 ret = send_reply(sock, &lur);
254
255 pthread_mutex_unlock(&lttng_ust_comm_mutex);
256 return ret;
257 }
258
259 static
260 void cleanup_sock_info(struct sock_info *sock_info)
261 {
262 int ret;
263
264 if (sock_info->socket != -1) {
265 ret = close(sock_info->socket);
266 if (ret) {
267 ERR("Error closing local apps socket");
268 }
269 sock_info->socket = -1;
270 }
271 if (sock_info->root_handle != -1) {
272 ret = objd_unref(sock_info->root_handle);
273 if (ret) {
274 ERR("Error unref root handle");
275 }
276 sock_info->root_handle = -1;
277 }
278 }
279
280 /*
281 * This thread does not allocate any resource, except within
282 * handle_message, within mutex protection. This mutex protects against
283 * fork and exit.
284 * The other moment it allocates resources is at socket connexion, which
285 * is also protected by the mutex.
286 */
287 static
288 void *ust_listener_thread(void *arg)
289 {
290 struct sock_info *sock_info = arg;
291 int sock, ret;
292
293 /* Restart trying to connect to the session daemon */
294 restart:
295 pthread_mutex_lock(&lttng_ust_comm_mutex);
296
297 if (lttng_ust_comm_should_quit) {
298 pthread_mutex_unlock(&lttng_ust_comm_mutex);
299 goto quit;
300 }
301
302 if (sock_info->socket != -1) {
303 ret = close(sock_info->socket);
304 if (ret) {
305 ERR("Error closing %s apps socket", sock_info->name);
306 }
307 sock_info->socket = -1;
308 }
309
310 /* Check for sessiond availability with pipe TODO */
311
312 /* Register */
313 ret = lttcomm_connect_unix_sock(sock_info->sock_path);
314 if (ret < 0) {
315 ERR("Error connecting to %s apps socket", sock_info->name);
316 /*
317 * If we cannot find the sessiond daemon, don't delay
318 * constructor execution.
319 */
320 ret = handle_register_done(sock_info);
321 assert(!ret);
322 pthread_mutex_unlock(&lttng_ust_comm_mutex);
323 sleep(5);
324 goto restart;
325 }
326
327 sock_info->socket = sock = ret;
328
329 /*
330 * Create only one root handle per listener thread for the whole
331 * process lifetime.
332 */
333 if (sock_info->root_handle == -1) {
334 ret = lttng_abi_create_root_handle();
335 if (ret) {
336 ERR("Error creating root handle");
337 pthread_mutex_unlock(&lttng_ust_comm_mutex);
338 goto quit;
339 }
340 sock_info->root_handle = ret;
341 }
342
343 ret = register_app_to_sessiond(sock);
344 if (ret < 0) {
345 ERR("Error registering to %s apps socket", sock_info->name);
346 /*
347 * If we cannot register to the sessiond daemon, don't
348 * delay constructor execution.
349 */
350 ret = handle_register_done(sock_info);
351 assert(!ret);
352 pthread_mutex_unlock(&lttng_ust_comm_mutex);
353 sleep(5);
354 goto restart;
355 }
356 pthread_mutex_unlock(&lttng_ust_comm_mutex);
357
358 for (;;) {
359 ssize_t len;
360 struct lttcomm_ust_msg lum;
361
362 len = lttcomm_recv_unix_sock(sock, &lum, sizeof(lum));
363 switch (len) {
364 case 0: /* orderly shutdown */
365 DBG("%s ltt-sessiond has performed an orderly shutdown\n", sock_info->name);
366 goto end;
367 case sizeof(lum):
368 DBG("message received\n");
369 ret = handle_message(sock_info, sock, &lum);
370 if (ret < 0) {
371 ERR("Error handling message for %s socket", sock_info->name);
372 }
373 continue;
374 case -1:
375 if (errno == ECONNRESET) {
376 ERR("%s remote end closed connection\n", sock_info->name);
377 goto end;
378 }
379 goto end;
380 default:
381 ERR("incorrect message size (%s socket): %zd\n", sock_info->name, len);
382 continue;
383 }
384
385 }
386 end:
387 goto restart; /* try to reconnect */
388 quit:
389 return NULL;
390 }
391
392 /*
393 * Return values: -1: don't wait. 0: wait forever. 1: timeout wait.
394 */
395 static
396 int get_timeout(struct timespec *constructor_timeout)
397 {
398 long constructor_delay_ms = LTTNG_UST_DEFAULT_CONSTRUCTOR_TIMEOUT_MS;
399 char *str_delay;
400 int ret;
401
402 str_delay = getenv("UST_REGISTER_TIMEOUT");
403 if (str_delay) {
404 constructor_delay_ms = strtol(str_delay, NULL, 10);
405 }
406
407 switch (constructor_delay_ms) {
408 case -1:/* fall-through */
409 case 0:
410 return constructor_delay_ms;
411 default:
412 break;
413 }
414
415 /*
416 * If we are unable to find the current time, don't wait.
417 */
418 ret = clock_gettime(CLOCK_REALTIME, constructor_timeout);
419 if (ret) {
420 return -1;
421 }
422 constructor_timeout->tv_sec += constructor_delay_ms / 1000UL;
423 constructor_timeout->tv_nsec +=
424 (constructor_delay_ms % 1000UL) * 1000000UL;
425 if (constructor_timeout->tv_nsec >= 1000000000UL) {
426 constructor_timeout->tv_sec++;
427 constructor_timeout->tv_nsec -= 1000000000UL;
428 }
429 return 1;
430 }
431
432 /*
433 * sessiond monitoring thread: monitor presence of global and per-user
434 * sessiond by polling the application common named pipe.
435 */
436 /* TODO */
437
438 void __attribute__((constructor)) lttng_ust_init(void)
439 {
440 struct timespec constructor_timeout;
441 int timeout_mode;
442 int ret;
443
444 if (uatomic_xchg(&initialized, 1) == 1)
445 return;
446
447 /*
448 * We want precise control over the order in which we construct
449 * our sub-libraries vs starting to receive commands from
450 * sessiond (otherwise leading to errors when trying to create
451 * sessiond before the init functions are completed).
452 */
453 init_usterr();
454 init_tracepoint();
455 ltt_ring_buffer_metadata_client_init();
456 ltt_ring_buffer_client_overwrite_init();
457 ltt_ring_buffer_client_discard_init();
458
459 timeout_mode = get_timeout(&constructor_timeout);
460
461 ret = sem_init(&constructor_wait, 0, 0);
462 assert(!ret);
463
464 ret = setup_local_apps();
465 if (ret) {
466 ERR("Error setting up to local apps");
467 }
468 ret = pthread_create(&local_apps.ust_listener, NULL,
469 ust_listener_thread, &local_apps);
470
471 if (local_apps.allowed) {
472 ret = pthread_create(&global_apps.ust_listener, NULL,
473 ust_listener_thread, &global_apps);
474 } else {
475 handle_register_done(&local_apps);
476 }
477
478 switch (timeout_mode) {
479 case 1: /* timeout wait */
480 do {
481 ret = sem_timedwait(&constructor_wait,
482 &constructor_timeout);
483 } while (ret < 0 && errno == EINTR);
484 if (ret < 0 && errno == ETIMEDOUT) {
485 ERR("Timed out waiting for ltt-sessiond");
486 } else {
487 assert(!ret);
488 }
489 break;
490 case -1:/* wait forever */
491 do {
492 ret = sem_wait(&constructor_wait);
493 } while (ret < 0 && errno == EINTR);
494 assert(!ret);
495 break;
496 case 0: /* no timeout */
497 break;
498 }
499 }
500
501 void __attribute__((destructor)) lttng_ust_exit(void)
502 {
503 int ret;
504
505 /*
506 * Using pthread_cancel here because:
507 * A) we don't want to hang application teardown.
508 * B) the thread is not allocating any resource.
509 */
510
511 /*
512 * Require the communication thread to quit. Synchronize with
513 * mutexes to ensure it is not in a mutex critical section when
514 * pthread_cancel is later called.
515 */
516 pthread_mutex_lock(&lttng_ust_comm_mutex);
517 lttng_ust_comm_should_quit = 1;
518 pthread_mutex_unlock(&lttng_ust_comm_mutex);
519
520 ret = pthread_cancel(global_apps.ust_listener);
521 if (ret) {
522 ERR("Error cancelling global ust listener thread");
523 }
524
525 cleanup_sock_info(&global_apps);
526
527 if (local_apps.allowed) {
528 ret = pthread_cancel(local_apps.ust_listener);
529 if (ret) {
530 ERR("Error cancelling local ust listener thread");
531 }
532
533 cleanup_sock_info(&local_apps);
534 }
535
536 lttng_ust_abi_exit();
537 ltt_events_exit();
538 ltt_ring_buffer_client_discard_exit();
539 ltt_ring_buffer_client_overwrite_exit();
540 ltt_ring_buffer_metadata_client_exit();
541 exit_tracepoint();
542 }
LTTng 2.0 Userspace Tracer
This page took 0.040079 seconds and 4 git commands to generate.