projects / lttng-tools.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix: Possible buffer overflows in strncat() usage
[lttng-tools.git] / src / common / ust-consumer / ust-consumer.c
1 /*
2 * Copyright (C) 2011 - Julien Desfossez <julien.desfossez@polymtl.ca>
3 * Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License, version 2 only,
7 * as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
17 */
18
19 #define _GNU_SOURCE
20 #include <assert.h>
21 #include <lttng/ust-ctl.h>
22 #include <poll.h>
23 #include <pthread.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/mman.h>
27 #include <sys/socket.h>
28 #include <sys/stat.h>
29 #include <sys/types.h>
30 #include <inttypes.h>
31 #include <unistd.h>
32
33 #include <common/common.h>
34 #include <common/sessiond-comm/sessiond-comm.h>
35 #include <common/relayd/relayd.h>
36 #include <common/compat/fcntl.h>
37
38 #include "ust-consumer.h"
39
40 extern struct lttng_consumer_global_data consumer_data;
41 extern int consumer_poll_timeout;
42 extern volatile int consumer_quit;
43
44 /*
45 * Wrapper over the mmap() read offset from ust-ctl library. Since this can be
46 * compiled out, we isolate it in this library.
47 */
48 int lttng_ustctl_get_mmap_read_offset(struct lttng_ust_shm_handle *handle,
49 struct lttng_ust_lib_ring_buffer *buf, unsigned long *off)
50 {
51 return ustctl_get_mmap_read_offset(handle, buf, off);
52 };
53
54 /*
55 * Take a snapshot for a specific fd
56 *
57 * Returns 0 on success, < 0 on error
58 */
59 int lttng_ustconsumer_take_snapshot(struct lttng_consumer_local_data *ctx,
60 struct lttng_consumer_stream *stream)
61 {
62 int ret = 0;
63
64 ret = ustctl_snapshot(stream->chan->handle, stream->buf);
65 if (ret != 0) {
66 errno = -ret;
67 PERROR("Getting sub-buffer snapshot.");
68 }
69
70 return ret;
71 }
72
73 /*
74 * Get the produced position
75 *
76 * Returns 0 on success, < 0 on error
77 */
78 int lttng_ustconsumer_get_produced_snapshot(
79 struct lttng_consumer_local_data *ctx,
80 struct lttng_consumer_stream *stream,
81 unsigned long *pos)
82 {
83 int ret;
84
85 ret = ustctl_snapshot_get_produced(stream->chan->handle,
86 stream->buf, pos);
87 if (ret != 0) {
88 errno = -ret;
89 PERROR("kernctl_snapshot_get_produced");
90 }
91
92 return ret;
93 }
94
95 int lttng_ustconsumer_recv_cmd(struct lttng_consumer_local_data *ctx,
96 int sock, struct pollfd *consumer_sockpoll)
97 {
98 ssize_t ret;
99 struct lttcomm_consumer_msg msg;
100
101 ret = lttcomm_recv_unix_sock(sock, &msg, sizeof(msg));
102 if (ret != sizeof(msg)) {
103 DBG("Consumer received unexpected message size %zd (expects %zu)",
104 ret, sizeof(msg));
105 lttng_consumer_send_error(ctx, CONSUMERD_ERROR_RECV_FD);
106 return ret;
107 }
108 if (msg.cmd_type == LTTNG_CONSUMER_STOP) {
109 return -ENOENT;
110 }
111
112 /* relayd needs RCU read-side lock */
113 rcu_read_lock();
114
115 switch (msg.cmd_type) {
116 case LTTNG_CONSUMER_ADD_RELAYD_SOCKET:
117 {
118 int fd;
119 struct consumer_relayd_sock_pair *relayd;
120
121 DBG("UST Consumer adding relayd socket");
122
123 /* Get relayd reference if exists. */
124 relayd = consumer_find_relayd(msg.u.relayd_sock.net_index);
125 if (relayd == NULL) {
126 /* Not found. Allocate one. */
127 relayd = consumer_allocate_relayd_sock_pair(
128 msg.u.relayd_sock.net_index);
129 if (relayd == NULL) {
130 lttng_consumer_send_error(ctx, CONSUMERD_OUTFD_ERROR);
131 goto end_nosignal;
132 }
133 }
134
135 /* Poll on consumer socket. */
136 if (lttng_consumer_poll_socket(consumer_sockpoll) < 0) {
137 rcu_read_unlock();
138 return -EINTR;
139 }
140
141 /* Get relayd socket from session daemon */
142 ret = lttcomm_recv_fds_unix_sock(sock, &fd, 1);
143 if (ret != sizeof(fd)) {
144 lttng_consumer_send_error(ctx, CONSUMERD_ERROR_RECV_FD);
145 goto end_nosignal;
146 }
147
148 /* Copy socket information and received FD */
149 switch (msg.u.relayd_sock.type) {
150 case LTTNG_STREAM_CONTROL:
151 /* Copy received lttcomm socket */
152 lttcomm_copy_sock(&relayd->control_sock, &msg.u.relayd_sock.sock);
153 ret = lttcomm_create_sock(&relayd->control_sock);
154 if (ret < 0) {
155 goto end_nosignal;
156 }
157
158 /* Close the created socket fd which is useless */
159 close(relayd->control_sock.fd);
160
161 /* Assign new file descriptor */
162 relayd->control_sock.fd = fd;
163 break;
164 case LTTNG_STREAM_DATA:
165 /* Copy received lttcomm socket */
166 lttcomm_copy_sock(&relayd->data_sock, &msg.u.relayd_sock.sock);
167 ret = lttcomm_create_sock(&relayd->data_sock);
168 if (ret < 0) {
169 goto end_nosignal;
170 }
171
172 /* Close the created socket fd which is useless */
173 close(relayd->data_sock.fd);
174
175 /* Assign new file descriptor */
176 relayd->data_sock.fd = fd;
177 break;
178 default:
179 ERR("Unknown relayd socket type");
180 goto end_nosignal;
181 }
182
183 DBG("Consumer %s socket created successfully with net idx %d (fd: %d)",
184 msg.u.relayd_sock.type == LTTNG_STREAM_CONTROL ? "control" : "data",
185 relayd->net_seq_idx, fd);
186
187 /*
188 * Add relayd socket pair to consumer data hashtable. If object already
189 * exists or on error, the function gracefully returns.
190 */
191 consumer_add_relayd(relayd);
192
193 goto end_nosignal;
194 }
195 case LTTNG_CONSUMER_ADD_CHANNEL:
196 {
197 struct lttng_consumer_channel *new_channel;
198 int fds[1];
199 size_t nb_fd = 1;
200
201 DBG("UST Consumer adding channel");
202
203 /* block */
204 if (lttng_consumer_poll_socket(consumer_sockpoll) < 0) {
205 rcu_read_unlock();
206 return -EINTR;
207 }
208 ret = lttcomm_recv_fds_unix_sock(sock, fds, nb_fd);
209 if (ret != sizeof(fds)) {
210 lttng_consumer_send_error(ctx, CONSUMERD_ERROR_RECV_FD);
211 rcu_read_unlock();
212 return ret;
213 }
214
215 DBG("consumer_add_channel %d", msg.u.channel.channel_key);
216
217 new_channel = consumer_allocate_channel(msg.u.channel.channel_key,
218 fds[0], -1,
219 msg.u.channel.mmap_len,
220 msg.u.channel.max_sb_size);
221 if (new_channel == NULL) {
222 lttng_consumer_send_error(ctx, CONSUMERD_OUTFD_ERROR);
223 goto end_nosignal;
224 }
225 if (ctx->on_recv_channel != NULL) {
226 ret = ctx->on_recv_channel(new_channel);
227 if (ret == 0) {
228 consumer_add_channel(new_channel);
229 } else if (ret < 0) {
230 goto end_nosignal;
231 }
232 } else {
233 consumer_add_channel(new_channel);
234 }
235 goto end_nosignal;
236 }
237 case LTTNG_CONSUMER_ADD_STREAM:
238 {
239 struct lttng_consumer_stream *new_stream;
240 int fds[2];
241 size_t nb_fd = 2;
242 struct consumer_relayd_sock_pair *relayd = NULL;
243
244 DBG("UST Consumer adding stream");
245
246 /* block */
247 if (lttng_consumer_poll_socket(consumer_sockpoll) < 0) {
248 rcu_read_unlock();
249 return -EINTR;
250 }
251 ret = lttcomm_recv_fds_unix_sock(sock, fds, nb_fd);
252 if (ret != sizeof(fds)) {
253 lttng_consumer_send_error(ctx, CONSUMERD_ERROR_RECV_FD);
254 rcu_read_unlock();
255 return ret;
256 }
257
258 DBG("consumer_add_stream chan %d stream %d",
259 msg.u.stream.channel_key,
260 msg.u.stream.stream_key);
261
262 assert(msg.u.stream.output == LTTNG_EVENT_MMAP);
263 new_stream = consumer_allocate_stream(msg.u.stream.channel_key,
264 msg.u.stream.stream_key,
265 fds[0], fds[1],
266 msg.u.stream.state,
267 msg.u.stream.mmap_len,
268 msg.u.stream.output,
269 msg.u.stream.path_name,
270 msg.u.stream.uid,
271 msg.u.stream.gid,
272 msg.u.stream.net_index,
273 msg.u.stream.metadata_flag);
274 if (new_stream == NULL) {
275 lttng_consumer_send_error(ctx, CONSUMERD_OUTFD_ERROR);
276 goto end_nosignal;
277 }
278
279 /* The stream is not metadata. Get relayd reference if exists. */
280 relayd = consumer_find_relayd(msg.u.stream.net_index);
281 if (relayd != NULL) {
282 pthread_mutex_lock(&relayd->ctrl_sock_mutex);
283 /* Add stream on the relayd */
284 ret = relayd_add_stream(&relayd->control_sock,
285 msg.u.stream.name, msg.u.stream.path_name,
286 &new_stream->relayd_stream_id);
287 pthread_mutex_unlock(&relayd->ctrl_sock_mutex);
288 if (ret < 0) {
289 goto end_nosignal;
290 }
291 } else if (msg.u.stream.net_index != -1) {
292 ERR("Network sequence index %d unknown. Not adding stream.",
293 msg.u.stream.net_index);
294 free(new_stream);
295 goto end_nosignal;
296 }
297
298 if (ctx->on_recv_stream != NULL) {
299 ret = ctx->on_recv_stream(new_stream);
300 if (ret == 0) {
301 consumer_add_stream(new_stream);
302 } else if (ret < 0) {
303 goto end_nosignal;
304 }
305 } else {
306 consumer_add_stream(new_stream);
307 }
308
309 DBG("UST consumer_add_stream %s (%d,%d) with relayd id %" PRIu64,
310 msg.u.stream.path_name, fds[0], fds[1],
311 new_stream->relayd_stream_id);
312 break;
313 }
314 case LTTNG_CONSUMER_DESTROY_RELAYD:
315 {
316 struct consumer_relayd_sock_pair *relayd;
317
318 DBG("UST consumer destroying relayd %" PRIu64,
319 msg.u.destroy_relayd.net_seq_idx);
320
321 /* Get relayd reference if exists. */
322 relayd = consumer_find_relayd(msg.u.destroy_relayd.net_seq_idx);
323 if (relayd == NULL) {
324 ERR("Unable to find relayd %" PRIu64, msg.u.destroy_relayd.net_seq_idx);
325 goto end_nosignal;
326 }
327
328 /* Set destroy flag for this object */
329 uatomic_set(&relayd->destroy_flag, 1);
330
331 /* Destroy the relayd if refcount is 0 else set the destroy flag. */
332 if (uatomic_read(&relayd->refcount) == 0) {
333 consumer_destroy_relayd(relayd);
334 }
335 goto end_nosignal;
336 }
337 case LTTNG_CONSUMER_UPDATE_STREAM:
338 {
339 rcu_read_unlock();
340 return -ENOSYS;
341 #if 0
342 if (ctx->on_update_stream != NULL) {
343 ret = ctx->on_update_stream(msg.u.stream.stream_key, msg.u.stream.state);
344 if (ret == 0) {
345 consumer_change_stream_state(msg.u.stream.stream_key, msg.u.stream.state);
346 } else if (ret < 0) {
347 goto end;
348 }
349 } else {
350 consumer_change_stream_state(msg.u.stream.stream_key,
351 msg.u.stream.state);
352 }
353 break;
354 #endif
355 }
356 default:
357 break;
358 }
359
360 /*
361 * Wake-up the other end by writing a null byte in the pipe (non-blocking).
362 * Important note: Because writing into the pipe is non-blocking (and
363 * therefore we allow dropping wakeup data, as long as there is wakeup data
364 * present in the pipe buffer to wake up the other end), the other end
365 * should perform the following sequence for waiting:
366 *
367 * 1) empty the pipe (reads).
368 * 2) perform update operation.
369 * 3) wait on the pipe (poll).
370 */
371 do {
372 ret = write(ctx->consumer_poll_pipe[1], "", 1);
373 } while (ret < 0 && errno == EINTR);
374 end_nosignal:
375 rcu_read_unlock();
376 return 0;
377 }
378
379 int lttng_ustconsumer_allocate_channel(struct lttng_consumer_channel *chan)
380 {
381 struct lttng_ust_object_data obj;
382
383 obj.handle = -1;
384 obj.shm_fd = chan->shm_fd;
385 obj.wait_fd = chan->wait_fd;
386 obj.memory_map_size = chan->mmap_len;
387 chan->handle = ustctl_map_channel(&obj);
388 if (!chan->handle) {
389 return -ENOMEM;
390 }
391 chan->wait_fd_is_copy = 1;
392 chan->shm_fd = -1;
393
394 return 0;
395 }
396
397 void lttng_ustconsumer_on_stream_hangup(struct lttng_consumer_stream *stream)
398 {
399 ustctl_flush_buffer(stream->chan->handle, stream->buf, 0);
400 stream->hangup_flush_done = 1;
401 }
402
403 void lttng_ustconsumer_del_channel(struct lttng_consumer_channel *chan)
404 {
405 ustctl_unmap_channel(chan->handle);
406 }
407
408 int lttng_ustconsumer_allocate_stream(struct lttng_consumer_stream *stream)
409 {
410 struct lttng_ust_object_data obj;
411 int ret;
412
413 obj.handle = -1;
414 obj.shm_fd = stream->shm_fd;
415 obj.wait_fd = stream->wait_fd;
416 obj.memory_map_size = stream->mmap_len;
417 ret = ustctl_add_stream(stream->chan->handle, &obj);
418 if (ret)
419 return ret;
420 stream->buf = ustctl_open_stream_read(stream->chan->handle, stream->cpu);
421 if (!stream->buf)
422 return -EBUSY;
423 /* ustctl_open_stream_read has closed the shm fd. */
424 stream->wait_fd_is_copy = 1;
425 stream->shm_fd = -1;
426
427 stream->mmap_base = ustctl_get_mmap_base(stream->chan->handle, stream->buf);
428 if (!stream->mmap_base) {
429 return -EINVAL;
430 }
431
432 return 0;
433 }
434
435 void lttng_ustconsumer_del_stream(struct lttng_consumer_stream *stream)
436 {
437 ustctl_close_stream_read(stream->chan->handle, stream->buf);
438 }
439
440
441 int lttng_ustconsumer_read_subbuffer(struct lttng_consumer_stream *stream,
442 struct lttng_consumer_local_data *ctx)
443 {
444 unsigned long len;
445 int err;
446 long ret = 0;
447 struct lttng_ust_shm_handle *handle;
448 struct lttng_ust_lib_ring_buffer *buf;
449 char dummy;
450 ssize_t readlen;
451
452 DBG("In read_subbuffer (wait_fd: %d, stream key: %d)",
453 stream->wait_fd, stream->key);
454
455 /* We can consume the 1 byte written into the wait_fd by UST */
456 if (!stream->hangup_flush_done) {
457 do {
458 readlen = read(stream->wait_fd, &dummy, 1);
459 } while (readlen == -1 && errno == EINTR);
460 if (readlen == -1) {
461 ret = readlen;
462 goto end;
463 }
464 }
465
466 buf = stream->buf;
467 handle = stream->chan->handle;
468 /* Get the next subbuffer */
469 err = ustctl_get_next_subbuf(handle, buf);
470 if (err != 0) {
471 ret = -ret; /* ustctl_get_next_subbuf returns negative, caller expect positive. */
472 /*
473 * This is a debug message even for single-threaded consumer,
474 * because poll() have more relaxed criterions than get subbuf,
475 * so get_subbuf may fail for short race windows where poll()
476 * would issue wakeups.
477 */
478 DBG("Reserving sub buffer failed (everything is normal, "
479 "it is due to concurrency)");
480 goto end;
481 }
482 assert(stream->output == LTTNG_EVENT_MMAP);
483 /* read the used subbuffer size */
484 err = ustctl_get_padded_subbuf_size(handle, buf, &len);
485 assert(err == 0);
486 /* write the subbuffer to the tracefile */
487 ret = lttng_consumer_on_read_subbuffer_mmap(ctx, stream, len);
488 if (ret != len) {
489 /*
490 * display the error but continue processing to try
491 * to release the subbuffer
492 */
493 ERR("Error writing to tracefile (expected: %ld, got: %ld)", ret, len);
494 }
495 err = ustctl_put_next_subbuf(handle, buf);
496 assert(err == 0);
497 end:
498 return ret;
499 }
500
501 int lttng_ustconsumer_on_recv_stream(struct lttng_consumer_stream *stream)
502 {
503 int ret;
504
505 /* Opening the tracefile in write mode */
506 if (stream->path_name != NULL && stream->net_seq_idx == -1) {
507 ret = run_as_open(stream->path_name,
508 O_WRONLY|O_CREAT|O_TRUNC,
509 S_IRWXU|S_IRWXG|S_IRWXO,
510 stream->uid, stream->gid);
511 if (ret < 0) {
512 ERR("Opening %s", stream->path_name);
513 PERROR("open");
514 goto error;
515 }
516 stream->out_fd = ret;
517 }
518
519 /* we return 0 to let the library handle the FD internally */
520 return 0;
521
522 error:
523 return ret;
524 }
LTTng 2.0 tools and control repository
This page took 0.038896 seconds and 4 git commands to generate.