From 52aeb26b8d83c26e00adaf70bbf5a3a828689fb2 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Thu, 12 Mar 2009 17:12:38 -0700 Subject: PR9947: move runtime cleanup out of the work queue The kernel lockdep checking found a possible deadlock if a forced rmmod tried to destroy _stp_work_queue at the same time that the work queue was unregistering tracepoints. An unlikely scenario, but still possible. Now the work queue will just issue a STP_REQUEST_EXIT down to usermode, and usermode will echo back an STP_EXIT that triggers the actual probe cleanup. This way the unregistrations are happening in exactly the same context as the registrations were. --- runtime/staprun/mainloop.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'runtime/staprun') diff --git a/runtime/staprun/mainloop.c b/runtime/staprun/mainloop.c index 29eb4f1f..db6ef6b7 100644 --- a/runtime/staprun/mainloop.c +++ b/runtime/staprun/mainloop.c @@ -477,6 +477,14 @@ int stp_main_loop(void) cleanup_and_exit(0); break; } + case STP_REQUEST_EXIT: + { + /* module asks us to start exiting, so send STP_EXIT */ + dbug(2, "got STP_REQUEST_EXIT\n"); + int32_t rc, btype = STP_EXIT; + rc = write(control_channel, &btype, sizeof(btype)); + break; + } case STP_START: { struct _stp_msg_start *t = (struct _stp_msg_start *)data; -- cgit From f0b8d2671fa56e0e1dcb4cc09fd6f7edf70f8fa3 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Fri, 20 Mar 2009 11:54:15 -0400 Subject: PR6930: staprun: supports error message to syslog Add an interface (eprintf) to output error messages to syslogd, because staprun has no stderr after detaching from console. --- runtime/staprun/common.c | 21 +++++++++++++++++++++ runtime/staprun/mainloop.c | 2 +- runtime/staprun/staprun.h | 18 +++++++++++------- 3 files changed, 33 insertions(+), 8 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index fd16b4b8..b8860248 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -344,3 +344,24 @@ int send_request(int type, void *data, int len) if (rc < 0) return rc; return (rc != len+4); } + +#include + +static int use_syslog = 0; + +void eprintf(const char *fmt, ...) +{ + va_list va; + va_start(va, fmt); + if (use_syslog) + vsyslog(LOG_ERR, fmt, va); + else + vfprintf(stderr, fmt, va); + va_end(va); +} + +void switch_syslog(const char *name) +{ + openlog(name, LOG_PID, LOG_DAEMON); + use_syslog = 1; +} diff --git a/runtime/staprun/mainloop.c b/runtime/staprun/mainloop.c index db6ef6b7..e91e6302 100644 --- a/runtime/staprun/mainloop.c +++ b/runtime/staprun/mainloop.c @@ -468,7 +468,7 @@ int stp_main_loop(void) } #endif case STP_OOB_DATA: - fputs((char *)data, stderr); + eprintf("%s", (char *)data); break; case STP_EXIT: { diff --git a/runtime/staprun/staprun.h b/runtime/staprun/staprun.h index 84cf63fc..4c43e3ee 100644 --- a/runtime/staprun/staprun.h +++ b/runtime/staprun/staprun.h @@ -33,31 +33,35 @@ #include #include #include +#include /* Include config.h to pick up dependency for --prefix usage. */ #include "config.h" -#define dbug(level, args...) {if (verbose>=level) {fprintf(stderr,"%s:%s:%d ",__name__,__FUNCTION__, __LINE__); fprintf(stderr,args);}} +extern void eprintf(const char *fmt, ...); +extern void switch_syslog(const char *name); + +#define dbug(level, args...) do {if (verbose>=level) {eprintf("%s:%s:%d ",__name__,__FUNCTION__, __LINE__); eprintf(args);}} while (0) extern char *__name__; /* print to stderr */ -#define err(args...) fprintf(stderr,args) +#define err(args...) eprintf(args) /* better perror() */ #define perr(args...) do { \ int _errno = errno; \ - fputs("ERROR: ", stderr); \ - fprintf(stderr, args); \ - fprintf(stderr, ": %s\n", strerror(_errno)); \ + eprintf("ERROR: "); \ + eprintf(args); \ + eprintf(": %s\n", strerror(_errno)); \ } while (0) /* Error messages. Use these for serious errors, not informational messages to stderr. */ -#define _err(args...) do {fprintf(stderr,"%s:%s:%d: ERROR: ",__name__, __FUNCTION__, __LINE__); fprintf(stderr,args);} while(0) +#define _err(args...) do {eprintf("%s:%s:%d: ERROR: ",__name__, __FUNCTION__, __LINE__); eprintf(args);} while(0) #define _perr(args...) do { \ int _errno = errno; \ _err(args); \ - fprintf(stderr, ": %s\n", strerror(_errno)); \ + eprintf(": %s\n", strerror(_errno)); \ } while (0) #define overflow_error() _err("Internal buffer overflow. Please file a bug report.\n") -- cgit From 54892f28a2747079fae4aa35b80598cbb993a4c3 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Fri, 20 Mar 2009 11:59:06 -0400 Subject: PR6930: stapio: run in background as a daemon Add '-D'(daemon mode) option to staprun/stapio for daemon mode. In this mode, stapio shows just its pid and detachs from console. Since it has no stdio, this mode requires -o option. stapio will exit when it receives SIGTERM or detects some error. --- runtime/staprun/common.c | 52 ++++++++++++++++++++++++++++++++++++++++++---- runtime/staprun/mainloop.c | 35 +++++++++++++++++++++++++++++++ runtime/staprun/staprun.h | 1 + 3 files changed, 84 insertions(+), 4 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index b8860248..a1b70d3b 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -27,6 +27,7 @@ int attach_mod; int delete_mod; int load_only; int need_uprobes; +int daemon_mode; /* module variables */ char *modname = NULL; @@ -35,6 +36,21 @@ char *modoptions[MAXMODOPTIONS]; int control_channel = -1; /* NB: fd==0 possible */ +static char path_buf[PATH_MAX]; +static char *get_abspath(char *path) +{ + int len; + if (path[0] == '/') + return path; + + len = strlen(getcwd(path_buf, PATH_MAX)); + if (len + 2 + strlen(path) >= PATH_MAX) + return NULL; + path_buf[len] = '/'; + strcpy(&path_buf[len + 1], path); + return path_buf; +} + void parse_args(int argc, char **argv) { int c; @@ -49,8 +65,9 @@ void parse_args(int argc, char **argv) delete_mod = 0; load_only = 0; need_uprobes = 0; + daemon_mode = 0; - while ((c = getopt(argc, argv, "ALuvb:t:dc:o:x:")) != EOF) { + while ((c = getopt(argc, argv, "ALuvb:t:dc:o:x:D")) != EOF) { switch (c) { case 'u': need_uprobes = 1; @@ -85,11 +102,20 @@ void parse_args(int argc, char **argv) case 'L': load_only = 1; break; + case 'D': + daemon_mode = 1; + break; default: usage(argv[0]); } } - + if (outfile_name) { + outfile_name = get_abspath(outfile_name); + if (outfile_name == NULL) { + err("File name is too long.\n"); + usage(argv[0]); + } + } if (attach_mod && load_only) { err("You can't specify the '-A' and '-L' options together.\n"); usage(argv[0]); @@ -118,12 +144,29 @@ void parse_args(int argc, char **argv) err("You can't specify the '-c' and '-x' options together.\n"); usage(argv[0]); } + + if (daemon_mode && load_only) { + err("You can't specify the '-D' and '-L' options together.\n"); + usage(argv[0]); + } + if (daemon_mode && delete_mod) { + err("You can't specify the '-D' and '-d' options together.\n"); + usage(argv[0]); + } + if (daemon_mode && target_cmd) { + err("You can't specify the '-D' and '-c' options together.\n"); + usage(argv[0]); + } + if (daemon_mode && outfile_name == NULL) { + err("You have to specify output FILE with '-D' option.\n"); + usage(argv[0]); + } } void usage(char *prog) { - err("\n%s [-v] [-c cmd ] [-x pid] [-u user]\n" - "\t[-A|-L] [-b bufsize] [-o FILE] MODULE [module-options]\n", prog); + err("\n%s [-v] [-c cmd ] [-x pid] [-u user] [-A|-L|-d]\n" + "\t[-b bufsize] [-o FILE [-D]] MODULE [module-options]\n", prog); err("-v Increase verbosity.\n"); err("-c cmd Command \'cmd\' will be run and staprun will\n"); err(" exit when it does. The '_stp_target' variable\n"); @@ -140,6 +183,7 @@ void usage(char *prog) err("-d Delete a module. Only detached or unused modules\n"); err(" the user has permission to access will be deleted. Use \"*\"\n"); err(" (quoted) to delete all unused modules.\n"); + err("-D Run in background. This requires '-o' option.\n"); err("MODULE can be either a module name or a module path. If a\n"); err("module name is used, it is looked for in the following\n"); err("directory: /lib/modules/`uname -r`/systemtap\n"); diff --git a/runtime/staprun/mainloop.c b/runtime/staprun/mainloop.c index e91e6302..b0d88073 100644 --- a/runtime/staprun/mainloop.c +++ b/runtime/staprun/mainloop.c @@ -318,6 +318,41 @@ int init_stapio(void) if (target_cmd) start_cmd(); + /* Run in background */ + if (daemon_mode) { + pid_t pid; + int ret; + dbug(2, "daemonizing stapio\n"); + + /* daemonize */ + ret = daemon(0, 1); /* don't close stdout at this time. */ + if (ret) { + err("Failed to daemonize stapio\n"); + return -1; + } + + /* change error messages to syslog. */ + switch_syslog("stapio"); + + /* show new pid */ + pid = getpid(); + fprintf(stdout, "%d\n", pid); + fflush(stdout); + + /* redirect all outputs to /dev/null */ + ret = open("/dev/null", O_RDWR); + if (ret < 0) { + err("Failed to open /dev/null\n"); + return -1; + } + close(STDIN_FILENO); + close(STDOUT_FILENO); + close(STDERR_FILENO); + dup2(ret, STDOUT_FILENO); + dup2(ret, STDERR_FILENO); + close(ret); + } + return 0; } diff --git a/runtime/staprun/staprun.h b/runtime/staprun/staprun.h index 4c43e3ee..b380cebd 100644 --- a/runtime/staprun/staprun.h +++ b/runtime/staprun/staprun.h @@ -157,6 +157,7 @@ extern int attach_mod; extern int delete_mod; extern int load_only; extern int need_uprobes; +extern int daemon_mode; /* getopt variables */ extern char *optarg; -- cgit From acd56c22068963ad48f39890f5307600ff7d5278 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Fri, 20 Mar 2009 12:11:30 -0400 Subject: PR6930: stapio: support file switching Add file-switching option(-S size[,N]) to stapio. This option has two arguments, 'size' and 'N', and requires -o option. - When the size of output file exceeds specified 'size'MB, staprun switches output file to the next file. For this purpose, all output file has a serial number as a suffix only when user specifies this option. - Using this option in bulk mode, the output file name will be 'FILE_cpuX.SERIAL'. - When the number of files exceeds specified N, staprun removes the oldest file. This argument can be omitted. --- runtime/staprun/common.c | 30 ++++++++++++++- runtime/staprun/mainloop.c | 15 ++------ runtime/staprun/relay.c | 69 +++++++++++++++++++++++++++++++++- runtime/staprun/relay_old.c | 92 ++++++++++++++++++++++++++++++++++++++++++++- runtime/staprun/staprun.h | 6 ++- 5 files changed, 195 insertions(+), 17 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index a1b70d3b..194488ef 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -28,6 +28,8 @@ int delete_mod; int load_only; int need_uprobes; int daemon_mode; +off_t fsize_max; +int fnum_max; /* module variables */ char *modname = NULL; @@ -54,6 +56,7 @@ static char *get_abspath(char *path) void parse_args(int argc, char **argv) { int c; + char *s; /* Initialize option variables. */ verbose = 0; @@ -66,8 +69,10 @@ void parse_args(int argc, char **argv) load_only = 0; need_uprobes = 0; daemon_mode = 0; + fsize_max = 0; + fnum_max = 0; - while ((c = getopt(argc, argv, "ALuvb:t:dc:o:x:D")) != EOF) { + while ((c = getopt(argc, argv, "ALuvb:t:dc:o:x:S:D")) != EOF) { switch (c) { case 'u': need_uprobes = 1; @@ -105,6 +110,16 @@ void parse_args(int argc, char **argv) case 'D': daemon_mode = 1; break; + case 'S': + fsize_max = strtoul(optarg, &s, 10); + fsize_max <<= 20; + if (s[0] == ',') + fnum_max = (int)strtoul(&s[1], &s, 10); + if (s[0] != '\0') { + err("Invalid file size option '%s'.\n", optarg); + usage(argv[0]); + } + break; default: usage(argv[0]); } @@ -161,12 +176,16 @@ void parse_args(int argc, char **argv) err("You have to specify output FILE with '-D' option.\n"); usage(argv[0]); } + if (outfile_name == NULL && fsize_max != 0) { + err("You have to specify output FILE with '-S' option.\n"); + usage(argv[0]); + } } void usage(char *prog) { err("\n%s [-v] [-c cmd ] [-x pid] [-u user] [-A|-L|-d]\n" - "\t[-b bufsize] [-o FILE [-D]] MODULE [module-options]\n", prog); + "\t[-b bufsize] [-o FILE [-D] [-S size[,N]]] MODULE [module-options]\n", prog); err("-v Increase verbosity.\n"); err("-c cmd Command \'cmd\' will be run and staprun will\n"); err(" exit when it does. The '_stp_target' variable\n"); @@ -184,6 +203,13 @@ void usage(char *prog) err(" the user has permission to access will be deleted. Use \"*\"\n"); err(" (quoted) to delete all unused modules.\n"); err("-D Run in background. This requires '-o' option.\n"); + err("-S size[,N] Switches output file to next file when the size\n"); + err(" of file reaches the specified size. The value\n"); + err(" should be an integer greater than 1 which is\n"); + err(" assumed to be the maximum file size in MB.\n"); + err(" When the number of output files reaches N, it\n"); + err(" switches to the first output file. You can omit\n"); + err(" the second argument.\n"); err("MODULE can be either a module name or a module path. If a\n"); err("module name is used, it is looked for in the following\n"); err("directory: /lib/modules/`uname -r`/systemtap\n"); diff --git a/runtime/staprun/mainloop.c b/runtime/staprun/mainloop.c index b0d88073..c80bbba4 100644 --- a/runtime/staprun/mainloop.c +++ b/runtime/staprun/mainloop.c @@ -489,18 +489,11 @@ int stp_main_loop(void) switch (type) { #ifdef STP_OLD_TRANSPORT case STP_REALTIME_DATA: - { - ssize_t bw = write(out_fd[0], data, nb); - if (bw >= 0 && bw != nb) { - nb = nb - bw; - bw = write(out_fd[0], data, nb); - } - if (bw != nb) { - _perr("write error (nb=%ld)", (long)nb); - cleanup_and_exit(0); - } - break; + if (write_realtime_data(data, nb)) { + _perr("write error (nb=%ld)", (long)nb); + cleanup_and_exit(0); } + break; #endif case STP_OOB_DATA: eprintf("%s", (char *)data); diff --git a/runtime/staprun/relay.c b/runtime/staprun/relay.c index 19621933..891913b0 100644 --- a/runtime/staprun/relay.c +++ b/runtime/staprun/relay.c @@ -44,6 +44,52 @@ static int ppoll(struct pollfd *fds, nfds_t nfds, } #endif +int make_outfile_name(char *buf, int max, int fnum, int cpu) +{ + if (bulkmode) { + /* special case: for testing we sometimes want to write to /dev/null */ + if (strcmp(outfile_name, "/dev/null") == 0) { + strcpy(buf, "/dev/null"); + } else { + if (snprintf_chk(buf, max, "%s_cpu%d.%d", + outfile_name, cpu, fnum)) + return -1; + } + } else { + /* stream mode */ + if (snprintf_chk(buf, max, "%s.%d", outfile_name, fnum)) + return -1; + } + return 0; +} + +static int open_outfile(int fnum, int cpu, int remove_file) +{ + char buf[PATH_MAX]; + if (!outfile_name) { + _err("-S is set without -o. Please file a bug report.\n"); + return -1; + } + + if (remove_file) { + /* remove oldest file */ + if (make_outfile_name(buf, PATH_MAX, fnum - fnum_max, cpu) < 0) + return -1; + remove(buf); /* don't care */ + } + + if (make_outfile_name(buf, PATH_MAX, fnum, cpu) < 0) + return -1; + out_fd[cpu] = open (buf, O_CREAT|O_TRUNC|O_WRONLY, 0666); + if (out_fd[cpu] < 0) { + perr("Couldn't open output file %s", buf); + return -1; + } + if (set_clexec(out_fd[cpu]) < 0) + return -1; + return 0; +} + /** * reader_thread - per-cpu channel buffer reader */ @@ -57,6 +103,9 @@ static void *reader_thread(void *data) struct timespec tim = {.tv_sec=0, .tv_nsec=200000000}, *timeout = &tim; sigset_t sigs; struct sigaction sa; + off_t wsize = 0; + int fnum = 0; + int remove_file = 0; sigemptyset(&sigs); sigaddset(&sigs,SIGUSR2); @@ -99,6 +148,19 @@ static void *reader_thread(void *data) } } while ((rc = read(relay_fd[cpu], buf, sizeof(buf))) > 0) { + wsize += rc; + /* Switching file */ + if (fsize_max && wsize > fsize_max) { + close(out_fd[cpu]); + fnum++; + if (fnum_max && fnum == fnum_max) + remove_file = 1; + if (open_outfile(fnum, cpu, remove_file) < 0) { + perr("Couldn't open file for cpu %d, exiting.", cpu); + return(NULL); + } + wsize = 0; + } if (write(out_fd[cpu], buf, rc) != rc) { perr("Couldn't write to output %d for cpu %d, exiting.", out_fd[cpu], cpu); return(NULL); @@ -163,7 +225,12 @@ int init_relayfs(void) return -1; } - if (bulkmode) { + if (fsize_max) { + /* switch file mode */ + for (i = 0; i < ncpus; i++) + if (open_outfile(0, i, 0) < 0) + return -1; + } else if (bulkmode) { for (i = 0; i < ncpus; i++) { if (outfile_name) { /* special case: for testing we sometimes want to write to /dev/null */ diff --git a/runtime/staprun/relay_old.c b/runtime/staprun/relay_old.c index bd746f19..25ba93bf 100644 --- a/runtime/staprun/relay_old.c +++ b/runtime/staprun/relay_old.c @@ -23,6 +23,14 @@ static int bulkmode = 0; unsigned subbuf_size = 0; unsigned n_subbufs = 0; +struct switchfile_ctrl_block { + off_t wsize; + int fnum; + int rmfile; +}; + +static struct switchfile_ctrl_block global_scb = {0, 0, 0}; + /* per-cpu buffer info */ static struct buf_status { @@ -70,6 +78,36 @@ void close_oldrelayfs(int detach) close_relayfs_files(i); } +static int open_oldoutfile(int fnum, int cpu, int remove_file) +{ + char buf[PATH_MAX]; + if (outfile_name) { + if (remove_file) { + /* remove oldest file */ + if (make_outfile_name(buf, PATH_MAX, fnum - fnum_max, + cpu) < 0) + return -1; + remove(buf); /* don't care */ + } + if (make_outfile_name(buf, PATH_MAX, fnum, cpu) < 0) + return -1; + } else if (bulkmode) { + if (sprintf_chk(buf, "stpd_cpu%d.%d", cpu, fnum)) + return -1; + } else { /* stream mode */ + out_fd[cpu] = STDOUT_FILENO; + return 0; + } + + out_fd[cpu] = open (buf, O_CREAT|O_TRUNC|O_WRONLY, 0666); + if (out_fd[cpu] < 0) { + perr("Couldn't open output file %s", buf); + return -1; + } + if (set_clexec(out_fd[cpu]) < 0) + return -1; + return 0; +} /** * open_relayfs_files - open and mmap buffer and open output file. * Returns -1 on unexpected failure, 0 if file not found, 1 on success. @@ -104,6 +142,11 @@ static int open_relayfs_files(int cpu, const char *relay_filebase, const char *p return -1; } + if (fsize_max) { + if (open_oldoutfile(0, cpu, 0) < 0) + goto err2; + goto opened; + } if (outfile_name) { /* special case: for testing we sometimes want to * write to /dev/null */ @@ -126,6 +169,7 @@ static int open_relayfs_files(int cpu, const char *relay_filebase, const char *p perr("Couldn't open output file %s", tmp); goto err2; } +opened: total_bufsize = subbuf_size * n_subbufs; relay_buffer[cpu] = mmap(NULL, total_bufsize, PROT_READ, @@ -155,7 +199,8 @@ err1: /** * process_subbufs - write ready subbufs to disk */ -static int process_subbufs(struct _stp_buf_info *info) +static int process_subbufs(struct _stp_buf_info *info, + struct switchfile_ctrl_block *scb) { unsigned subbufs_ready, start_subbuf, end_subbuf, subbuf_idx, i; int len, cpu = info->cpu; @@ -173,6 +218,18 @@ static int process_subbufs(struct _stp_buf_info *info) padding = *((unsigned *)subbuf_ptr); subbuf_ptr += sizeof(padding); len = (subbuf_size - sizeof(padding)) - padding; + scb->wsize += len; + if (fsize_max && scb->wsize > fsize_max) { + fclose(percpu_tmpfile[cpu]); + scb->fnum ++; + if (fnum_max && scb->fnum == fnum_max) + scb->rmfile = 1; + if (open_oldoutfile(scb->fnum, cpu, scb->rmfile) < 0) { + perr("Couldn't open file for cpu %d, exiting.", cpu); + exit(1); + } + scb->wsize = 0; + } if (len) { if (fwrite_unlocked (subbuf_ptr, len, 1, percpu_tmpfile[cpu]) != 1) { _perr("Couldn't write to output file for cpu %d, exiting:", cpu); @@ -196,6 +253,7 @@ static void *reader_thread(void *data) struct _stp_consumed_info consumed_info; unsigned subbufs_consumed; cpu_set_t cpu_mask; + struct switchfile_ctrl_block scb = {0, 0, 0}; CPU_ZERO(&cpu_mask); CPU_SET(cpu, &cpu_mask); @@ -217,7 +275,7 @@ static void *reader_thread(void *data) } rc = read(proc_fd[cpu], &status[cpu].info, sizeof(struct _stp_buf_info)); - subbufs_consumed = process_subbufs(&status[cpu].info); + subbufs_consumed = process_subbufs(&status[cpu].info, &scb); if (subbufs_consumed) { if (subbufs_consumed > status[cpu].max_backlog) status[cpu].max_backlog = subbufs_consumed; @@ -232,6 +290,33 @@ static void *reader_thread(void *data) } while (1); } +/** + * write_realtime_data - write realtime data packet to disk + */ +int write_realtime_data(void *data, ssize_t nb) +{ + ssize_t bw; + global_scb.wsize += nb; + if (fsize_max && global_scb.wsize > fsize_max) { + close(out_fd[0]); + global_scb.fnum++; + if (fnum_max && global_scb.fnum == fnum_max) + global_scb.rmfile = 1; + if (open_oldoutfile(global_scb.fnum, 0, + global_scb.rmfile) < 0) { + perr("Couldn't open file, exiting."); + return -1; + } + global_scb.wsize = 0; + } + bw = write(out_fd[0], data, nb); + if (bw >= 0 && bw != nb) { + nb = nb - bw; + bw = write(out_fd[0], data, nb); + } + return bw != nb; +} + /** * init_relayfs - create files and threads for relayfs processing * @@ -249,6 +334,9 @@ int init_oldrelayfs(void) bulkmode = 1; if (!bulkmode) { + if (fsize_max) + return open_oldoutfile(0, 0, 0); + if (outfile_name) { out_fd[0] = open (outfile_name, O_CREAT|O_TRUNC|O_WRONLY, 0666); if (out_fd[0] < 0 || set_clexec(out_fd[0]) < 0) { diff --git a/runtime/staprun/staprun.h b/runtime/staprun/staprun.h index b380cebd..6d0f9179 100644 --- a/runtime/staprun/staprun.h +++ b/runtime/staprun/staprun.h @@ -9,7 +9,7 @@ * * Copyright (C) 2005-2008 Red Hat Inc. */ - +#define _FILE_OFFSET_BITS 64 #include #include #include @@ -117,7 +117,9 @@ int init_relayfs(void); void close_relayfs(void); int init_oldrelayfs(void); void close_oldrelayfs(int); +int write_realtime_data(void *data, ssize_t nb); void setup_signals(void); +int make_outfile_name(char *buf, int max, int fnum, int cpu); /* staprun_funcs.c */ void setup_staprun_signals(void); const char *moderror(int err); @@ -158,6 +160,8 @@ extern int delete_mod; extern int load_only; extern int need_uprobes; extern int daemon_mode; +extern off_t fsize_max; +extern int fnum_max; /* getopt variables */ extern char *optarg; -- cgit From 04ae1b090781725631ba3477ff77721b012cdaba Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Fri, 20 Mar 2009 13:38:29 -0400 Subject: PR9821: staprun supports subset of strftime. Add strftime subset format support for output file name to systemtap. This format will be evaluated when opening a new output file. --- runtime/staprun/common.c | 119 +++++++++++++++++++++++++++++++++++++++++++- runtime/staprun/relay.c | 89 +++++++++++++++++++++++++++------ runtime/staprun/relay_old.c | 50 +++++++++++++------ runtime/staprun/staprun.h | 6 ++- 4 files changed, 232 insertions(+), 32 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index 194488ef..8200ec9d 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -53,6 +53,113 @@ static char *get_abspath(char *path) return path_buf; } +int stap_strfloctime(char *buf, size_t max, const char *fmt, time_t t) +{ + char *c = buf; + const char *c2 = fmt, *end = buf + max; + int ret, num; + struct tm tm; + if (buf == NULL || fmt == NULL || max <= 1) + return -EINVAL; + localtime_r(&t, &tm); + + while (*c2 != '\0'){ + if (c + 1 >= end) + return -EINVAL; + if (*c2 != '%') { + *c++ = *c2++; + continue; + } + c2++; + switch (*c2++) { + case '%': + *c++ = '%'; + break; + case 'Y': + num = tm.tm_year + 1900; + goto numbering; + case 'y': + num = tm.tm_year % 100; + goto numbering02; + case 'C': + num = ((tm.tm_year + 1900 - 1) / 100) + 1; + goto numbering; + case 'm': + num = tm.tm_mon + 1; + goto numbering02; + case 'd': + num = tm.tm_mday; + goto numbering02; + case 'e': + num = tm.tm_mday; + goto numbering; + case 'F': + ret = snprintf(c, end - c, "%d-%02d-%02d", + tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday); + if (ret < 0) return ret; + c += ret; + break; + case 'H': + num = tm.tm_hour; + goto numbering02; + case 'I': + num = tm.tm_hour % 12; + if (num == 0) num = 12; + goto numbering02; + case 'j': + ret = snprintf(c, end - c, "%03d", tm.tm_yday); + if (ret < 0) return ret; + c += ret; + break; + case 'k': + num = tm.tm_hour; + goto numbering; + case 'l': + num = tm.tm_hour % 12; + if (num == 0) num = 12; + goto numbering; + case 'M': + num = tm.tm_min; + goto numbering02; + case 'S': + num = tm.tm_sec; + goto numbering02; + case 'R': + ret = snprintf(c, end - c, "%02d:%02d", + tm.tm_hour, tm.tm_min); + if (ret < 0) return ret; + c += ret; + break; + case 'T': + ret = snprintf(c, end - c, "%02d:%02d:%02d", + tm.tm_hour, tm.tm_min, tm.tm_sec); + if (ret < 0) return ret; + c += ret; + break; + case 'u': + num = tm.tm_wday == 0 ? 7 : tm.tm_wday; + goto numbering; + case 'w': + num = tm.tm_wday; + goto numbering; + default: + return -EINVAL; + } + continue; +numbering: + ret = snprintf(c, end - c, "%d", num); + if (ret < 0) return ret; + c += ret; + continue; +numbering02: + ret = snprintf(c, end - c, "%02d", num); + if (ret < 0) return ret; + c += ret; + } + *c = '\0'; + return c - buf; +} + void parse_args(int argc, char **argv) { int c; @@ -125,11 +232,19 @@ void parse_args(int argc, char **argv) } } if (outfile_name) { + char tmp[PATH_MAX]; + int ret; outfile_name = get_abspath(outfile_name); if (outfile_name == NULL) { err("File name is too long.\n"); usage(argv[0]); } + ret = stap_strfloctime(tmp, PATH_MAX - 18, /* = _cpuNNN.SSSSSSSSSS */ + outfile_name, time(NULL)); + if (ret < 0) { + err("Filename format is invalid or too long.\n"); + usage(argv[0]); + } } if (attach_mod && load_only) { err("You can't specify the '-A' and '-L' options together.\n"); @@ -191,7 +306,9 @@ void usage(char *prog) err(" exit when it does. The '_stp_target' variable\n"); err(" will contain the pid for the command.\n"); err("-x pid Sets the '_stp_target' variable to pid.\n"); - err("-o FILE Send output to FILE.\n"); + err("-o FILE Send output to FILE. This supports a subset of\n"); + err(" strftime(3) (%%%%,%%C,%%Y,%%y,%%m,%%d,%%e,%%F,%%H,%%I\n"); + err(" %%j,%%k,%%l,%%M,%%S,%%R,%%T,%%u,%%w) for FILE.\n"); err("-b buffer size The systemtap module specifies a buffer size.\n"); err(" Setting one here will override that value. The\n"); err(" value should be an integer between 1 and 4095 \n"); diff --git a/runtime/staprun/relay.c b/runtime/staprun/relay.c index 891913b0..50f295b5 100644 --- a/runtime/staprun/relay.c +++ b/runtime/staprun/relay.c @@ -17,6 +17,9 @@ static pthread_t reader[NR_CPUS]; static int relay_fd[NR_CPUS]; static int bulkmode = 0; static volatile int stop_threads = 0; +static time_t *time_backlog[NR_CPUS]; +static int backlog_order=0; +#define BACKLOG_MASK ((1 << backlog_order) - 1) /* * ppoll exists in glibc >= 2.4 @@ -44,20 +47,52 @@ static int ppoll(struct pollfd *fds, nfds_t nfds, } #endif -int make_outfile_name(char *buf, int max, int fnum, int cpu) +int init_backlog(int cpu) { + int order = 0; + if (!fnum_max) + return 0; + while (fnum_max >> order) order++; + if (fnum_max == 1<<(order-1)) order--; + time_backlog[cpu] = (time_t *)calloc(1< Date: Wed, 25 Mar 2009 10:44:55 -0400 Subject: Fix for CVE-2009-0784: stapusr module-path checking race * runtime/staprun/staprun_funcs.c (check_path): Save fully canonicalized and checked module path for later loading. --- runtime/staprun/staprun_funcs.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'runtime/staprun') diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 5e7fa102..e94e5d13 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -269,6 +269,15 @@ check_path(void) return -1; } + /* Overwrite the modpath with the canonicalized one, to defeat + a possible race between path checking below and somewhat later + module loading. */ + modpath = strdup (module_realpath); + if (modpath == NULL) { + _perr("allocating memory failed"); + exit (1); + } + /* To make sure the user can't specify something like * /lib/modules/`uname -r`/systemtapmod.ko, put a '/' on the * end of staplib_dir_realpath. */ -- cgit From 5aa1f218c5ff8a459c324ac64ee7a9b8046e683d Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Thu, 2 Apr 2009 18:44:34 -0400 Subject: Fix a bug in file size limitation code. This fixes a bug in stapio, which checks written data size and switches new file when it exceeds a limit. The problem is that written-data-size counter ignores the first written-data size when switching files. So, actual file size always exceeds the limit. This changes stapio to initialize written-data-size counter with the size of the data which will be written in new file. --- runtime/staprun/relay.c | 2 +- runtime/staprun/relay_old.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/relay.c b/runtime/staprun/relay.c index 50f295b5..694cb27e 100644 --- a/runtime/staprun/relay.c +++ b/runtime/staprun/relay.c @@ -200,7 +200,7 @@ static void *reader_thread(void *data) perr("Couldn't open file for cpu %d, exiting.", cpu); return(NULL); } - wsize = 0; + wsize = rc; } if (write(out_fd[cpu], buf, rc) != rc) { perr("Couldn't write to output %d for cpu %d, exiting.", out_fd[cpu], cpu); diff --git a/runtime/staprun/relay_old.c b/runtime/staprun/relay_old.c index ef8fd0da..469a5831 100644 --- a/runtime/staprun/relay_old.c +++ b/runtime/staprun/relay_old.c @@ -241,7 +241,7 @@ static int process_subbufs(struct _stp_buf_info *info, perr("Couldn't open file for cpu %d, exiting.", cpu); exit(1); } - scb->wsize = 0; + scb->wsize = len; } if (len) { if (fwrite_unlocked (subbuf_ptr, len, 1, percpu_tmpfile[cpu]) != 1) { @@ -320,7 +320,7 @@ int write_realtime_data(void *data, ssize_t nb) perr("Couldn't open file, exiting."); return -1; } - global_scb.wsize = 0; + global_scb.wsize = nb; } bw = write(out_fd[0], data, nb); if (bw >= 0 && bw != nb) { -- cgit From b9e80fe13706ae1c820e565e9b26f00b5f5a8dca Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Thu, 2 Apr 2009 18:44:34 -0400 Subject: Fix strftime format bug This fixes bugs in strftime-subset function. This modifies %C, %l and %j to fit the output of date command. --- runtime/staprun/common.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index 8200ec9d..26b166c2 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -82,7 +82,7 @@ int stap_strfloctime(char *buf, size_t max, const char *fmt, time_t t) num = tm.tm_year % 100; goto numbering02; case 'C': - num = ((tm.tm_year + 1900 - 1) / 100) + 1; + num = ((tm.tm_year + 1900) / 100); goto numbering; case 'm': num = tm.tm_mon + 1; @@ -107,7 +107,7 @@ int stap_strfloctime(char *buf, size_t max, const char *fmt, time_t t) if (num == 0) num = 12; goto numbering02; case 'j': - ret = snprintf(c, end - c, "%03d", tm.tm_yday); + ret = snprintf(c, end - c, "%03d", tm.tm_yday + 1); if (ret < 0) return ret; c += ret; break; @@ -117,7 +117,10 @@ int stap_strfloctime(char *buf, size_t max, const char *fmt, time_t t) case 'l': num = tm.tm_hour % 12; if (num == 0) num = 12; - goto numbering; + ret = snprintf(c, end - c, "%2d", num); + if (ret < 0) return ret; + c += ret; + break; case 'M': num = tm.tm_min; goto numbering02; -- cgit From b516e13ac098181536ae7281a8263e8f5b3553eb Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Thu, 2 Apr 2009 18:59:03 -0700 Subject: Really fix run-stap this time, I promise! --- runtime/staprun/staprun_funcs.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index e94e5d13..49b37988 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -316,8 +316,21 @@ int check_permissions(void) int path_check = 0; /* If we're root, we can do anything. */ - if (getuid() == 0) + if (getuid() == 0) { + /* ... like overriding the real UID */ + const char *env_id = getenv("SYSTEMTAP_REAL_UID"); + if (env_id && setreuid(atoi(env_id), -1)) + err("WARNING: couldn't set staprun UID to '%s': %s", + env_id, strerror(errno)); + + /* ... or overriding the real GID */ + env_id = getenv("SYSTEMTAP_REAL_GID"); + if (env_id && setregid(atoi(env_id), -1)) + err("WARNING: couldn't set staprun GID to '%s': %s", + env_id, strerror(errno)); + return 1; + } /* Lookup the gid for group "stapdev" */ errno = 0; -- cgit From 1bcb8a30c3c138373c2b21a5d3820d132dacf162 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Fri, 3 Apr 2009 13:32:22 -0700 Subject: PR10032: Trigger cleanup after relay thread errors When the relay threads encounter an error, they now send SIGTERM to the rest of the process before the thread exit, so we get a clean shutdown. For EPIPE in particular, error messages are also suppressed. --- runtime/staprun/relay.c | 17 ++++++++++++----- runtime/staprun/relay_old.c | 18 +++++++++++++----- 2 files changed, 25 insertions(+), 10 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/relay.c b/runtime/staprun/relay.c index 694cb27e..b9796241 100644 --- a/runtime/staprun/relay.c +++ b/runtime/staprun/relay.c @@ -185,7 +185,7 @@ static void *reader_thread(void *data) dbug(3, "cpu=%d poll=%d errno=%d\n", cpu, rc, errno); if (errno != EINTR) { _perr("poll error"); - return(NULL); + goto error_out; } } while ((rc = read(relay_fd[cpu], buf, sizeof(buf))) > 0) { @@ -198,17 +198,24 @@ static void *reader_thread(void *data) remove_file = 1; if (open_outfile(fnum, cpu, remove_file) < 0) { perr("Couldn't open file for cpu %d, exiting.", cpu); - return(NULL); + goto error_out; } wsize = rc; } if (write(out_fd[cpu], buf, rc) != rc) { - perr("Couldn't write to output %d for cpu %d, exiting.", out_fd[cpu], cpu); - return(NULL); + if (errno != EPIPE) + perr("Couldn't write to output %d for cpu %d, exiting.", out_fd[cpu], cpu); + goto error_out; } } } while (!stop_threads); - dbug(3, "exiting thread %d\n", cpu); + dbug(3, "exiting thread for cpu %d\n", cpu); + return(NULL); + +error_out: + /* Signal the main thread that we need to quit */ + kill(getpid(), SIGTERM); + dbug(2, "exiting thread for cpu %d after error\n", cpu); return(NULL); } diff --git a/runtime/staprun/relay_old.c b/runtime/staprun/relay_old.c index 469a5831..33d2daf3 100644 --- a/runtime/staprun/relay_old.c +++ b/runtime/staprun/relay_old.c @@ -239,14 +239,15 @@ static int process_subbufs(struct _stp_buf_info *info, scb->rmfile = 1; if (open_oldoutfile(scb->fnum, cpu, scb->rmfile) < 0) { perr("Couldn't open file for cpu %d, exiting.", cpu); - exit(1); + return -1; } scb->wsize = len; } if (len) { if (fwrite_unlocked (subbuf_ptr, len, 1, percpu_tmpfile[cpu]) != 1) { - _perr("Couldn't write to output file for cpu %d, exiting:", cpu); - exit(1); + if (errno != EPIPE) + _perr("Couldn't write to output file for cpu %d, exiting:", cpu); + return -1; } } subbufs_consumed++; @@ -281,14 +282,17 @@ static void *reader_thread(void *data) if (rc < 0) { if (errno != EINTR) { _perr("poll error"); - exit(1); + break; } err("WARNING: poll warning: %s\n", strerror(errno)); rc = 0; } rc = read(proc_fd[cpu], &status[cpu].info, sizeof(struct _stp_buf_info)); - subbufs_consumed = process_subbufs(&status[cpu].info, &scb); + rc = process_subbufs(&status[cpu].info, &scb); + if (rc < 0) + break; + subbufs_consumed = rc; if (subbufs_consumed) { if (subbufs_consumed > status[cpu].max_backlog) status[cpu].max_backlog = subbufs_consumed; @@ -301,6 +305,10 @@ static void *reader_thread(void *data) if (status[cpu].info.flushing) pthread_exit(NULL); } while (1); + + /* Signal the main thread that we need to quit */ + kill(getpid(), SIGTERM); + pthread_exit(NULL); } /** -- cgit From 54f1da8faec0408630348f70d78fc0f8ca07f876 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu Date: Wed, 22 Apr 2009 13:16:25 -0400 Subject: PR 9821: Use genuine strftime in staprun/stapio * Makefile.am: Add -fno-builtin-strftime to stapio_CFLAGS. * Makefile.in: Ditto. * runtime/staprun/common.c (stap_strfloctime): Use strftime(3). (parse_args): Remove strftime format limitation message. * main.cxx (usage): Ditto. * stap.1.in: Ditto. * staprun.8.in: Ditto. --- runtime/staprun/common.c | 112 +++-------------------------------------------- 1 file changed, 7 insertions(+), 105 deletions(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index 26b166c2..c67ce340 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -55,112 +55,15 @@ static char *get_abspath(char *path) int stap_strfloctime(char *buf, size_t max, const char *fmt, time_t t) { - char *c = buf; - const char *c2 = fmt, *end = buf + max; - int ret, num; struct tm tm; + size_t ret; if (buf == NULL || fmt == NULL || max <= 1) return -EINVAL; localtime_r(&t, &tm); - - while (*c2 != '\0'){ - if (c + 1 >= end) - return -EINVAL; - if (*c2 != '%') { - *c++ = *c2++; - continue; - } - c2++; - switch (*c2++) { - case '%': - *c++ = '%'; - break; - case 'Y': - num = tm.tm_year + 1900; - goto numbering; - case 'y': - num = tm.tm_year % 100; - goto numbering02; - case 'C': - num = ((tm.tm_year + 1900) / 100); - goto numbering; - case 'm': - num = tm.tm_mon + 1; - goto numbering02; - case 'd': - num = tm.tm_mday; - goto numbering02; - case 'e': - num = tm.tm_mday; - goto numbering; - case 'F': - ret = snprintf(c, end - c, "%d-%02d-%02d", - tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday); - if (ret < 0) return ret; - c += ret; - break; - case 'H': - num = tm.tm_hour; - goto numbering02; - case 'I': - num = tm.tm_hour % 12; - if (num == 0) num = 12; - goto numbering02; - case 'j': - ret = snprintf(c, end - c, "%03d", tm.tm_yday + 1); - if (ret < 0) return ret; - c += ret; - break; - case 'k': - num = tm.tm_hour; - goto numbering; - case 'l': - num = tm.tm_hour % 12; - if (num == 0) num = 12; - ret = snprintf(c, end - c, "%2d", num); - if (ret < 0) return ret; - c += ret; - break; - case 'M': - num = tm.tm_min; - goto numbering02; - case 'S': - num = tm.tm_sec; - goto numbering02; - case 'R': - ret = snprintf(c, end - c, "%02d:%02d", - tm.tm_hour, tm.tm_min); - if (ret < 0) return ret; - c += ret; - break; - case 'T': - ret = snprintf(c, end - c, "%02d:%02d:%02d", - tm.tm_hour, tm.tm_min, tm.tm_sec); - if (ret < 0) return ret; - c += ret; - break; - case 'u': - num = tm.tm_wday == 0 ? 7 : tm.tm_wday; - goto numbering; - case 'w': - num = tm.tm_wday; - goto numbering; - default: - return -EINVAL; - } - continue; -numbering: - ret = snprintf(c, end - c, "%d", num); - if (ret < 0) return ret; - c += ret; - continue; -numbering02: - ret = snprintf(c, end - c, "%02d", num); - if (ret < 0) return ret; - c += ret; - } - *c = '\0'; - return c - buf; + ret = strftime(buf, max, fmt, &tm); + if (ret == 0) + return -EINVAL; + return (int)ret; } void parse_args(int argc, char **argv) @@ -309,9 +212,8 @@ void usage(char *prog) err(" exit when it does. The '_stp_target' variable\n"); err(" will contain the pid for the command.\n"); err("-x pid Sets the '_stp_target' variable to pid.\n"); - err("-o FILE Send output to FILE. This supports a subset of\n"); - err(" strftime(3) (%%%%,%%C,%%Y,%%y,%%m,%%d,%%e,%%F,%%H,%%I\n"); - err(" %%j,%%k,%%l,%%M,%%S,%%R,%%T,%%u,%%w) for FILE.\n"); + err("-o FILE Send output to FILE. This supports strftime(3)\n"); + err(" formats for FILE.\n"); err("-b buffer size The systemtap module specifies a buffer size.\n"); err(" Setting one here will override that value. The\n"); err(" value should be an integer between 1 and 4095 \n"); -- cgit From 2035bcd40b17832439df0a1eb28403b99a71b74f Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Mon, 4 May 2009 16:05:22 -0400 Subject: Module signing and verification using a separate file for the module signature. --- runtime/staprun/mainloop.c | 10 +- runtime/staprun/modverify.c | 389 ++++++++++++++++++++++++++++++++++++++++ runtime/staprun/modverify.h | 8 + runtime/staprun/staprun_funcs.c | 194 +++++++++++++------- 4 files changed, 532 insertions(+), 69 deletions(-) create mode 100644 runtime/staprun/modverify.c create mode 100644 runtime/staprun/modverify.h (limited to 'runtime/staprun') diff --git a/runtime/staprun/mainloop.c b/runtime/staprun/mainloop.c index c80bbba4..205fdf37 100644 --- a/runtime/staprun/mainloop.c +++ b/runtime/staprun/mainloop.c @@ -7,7 +7,7 @@ * Public License (GPL); either version 2, or (at your option) any * later version. * - * Copyright (C) 2005-2008 Red Hat Inc. + * Copyright (C) 2005-2009 Red Hat Inc. */ #include "staprun.h" @@ -395,10 +395,10 @@ void cleanup_and_exit(int detach) #define BUG9788_WORKAROUND #ifndef BUG9788_WORKAROUND dbug(2, "removing %s\n", modname); - if (execlp(staprun, basename (staprun), "-d", modname, NULL) < 0) { + if (execlp(staprun, basename (staprun), "-d", modpath, NULL) < 0) { if (errno == ENOEXEC) { char *cmd; - if (asprintf(&cmd, "%s -d '%s'", staprun, modname) > 0) + if (asprintf(&cmd, "%s -d '%s'", staprun, modpath) > 0) execl("/bin/sh", "sh", "-c", cmd, NULL); free(cmd); } @@ -427,10 +427,10 @@ void cleanup_and_exit(int detach) if (pid == 0) { /* child process */ /* Run the command. */ - if (execlp(staprun, basename (staprun), "-d", modname, NULL) < 0) { + if (execlp(staprun, basename (staprun), "-d", modpath, NULL) < 0) { if (errno == ENOEXEC) { char *cmd; - if (asprintf(&cmd, "%s -d '%s'", staprun, modname) > 0) + if (asprintf(&cmd, "%s -d '%s'", staprun, modpath) > 0) execl("/bin/sh", "sh", "-c", cmd, NULL); free(cmd); } diff --git a/runtime/staprun/modverify.c b/runtime/staprun/modverify.c new file mode 100644 index 00000000..2f3b96d5 --- /dev/null +++ b/runtime/staprun/modverify.c @@ -0,0 +1,389 @@ +/* + This program verifies the given file using the given signature, the named + certificate and public key in the given certificate database. + + Copyright (C) 2009 Red Hat Inc. + + This file is part of systemtap, and is free software. You can + redistribute it and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include + +#include +#include +#include +#include +#include +#include + +#include "nsscommon.h" +#include "modverify.h" + +#include + +/* Function: int check_cert_db_permissions (const char *cert_db_path); + * + * Check that the given certificate directory and its contents have + * the correct permissions. + * + * Returns 0 if there is an error, 1 otherwise. + */ +static int +check_db_file_permissions (const char *cert_db_file) { + struct stat info; + int rc; + + rc = stat (cert_db_file, & info); + if (rc) + { + fprintf (stderr, "Could not obtain information on certificate database file %s.\n", + cert_db_file); + perror (""); + return 0; + } + + rc = 1; /* ok */ + + /* The owner of the file must be root. */ + if (info.st_uid != 0) + { + fprintf (stderr, "Certificate database file %s must be owned by root.\n", + cert_db_file); + rc = 0; + } + + /* Check the access permissions of the file. */ + if ((info.st_mode & S_IRUSR) == 0) + fprintf (stderr, "Certificate database file %s should be readable by the owner.\n", cert_db_file); + if ((info.st_mode & S_IWUSR) == 0) + fprintf (stderr, "Certificate database file %s should be writeable by the owner.\n", cert_db_file); + if ((info.st_mode & S_IXUSR) != 0) + { + fprintf (stderr, "Certificate database file %s must not be executable by the owner.\n", cert_db_file); + rc = 0; + } + if ((info.st_mode & S_IRGRP) == 0) + { + fprintf (stderr, "Certificate database file %s should be readable by the group.\n", cert_db_file); + rc = 0; + } + if ((info.st_mode & S_IWGRP) != 0) + { + fprintf (stderr, "Certificate database file %s must not be writable by the group.\n", cert_db_file); + rc = 0; + } + if ((info.st_mode & S_IXGRP) != 0) + { + fprintf (stderr, "Certificate database file %s must not be executable by the group.\n", cert_db_file); + rc = 0; + } + if ((info.st_mode & S_IROTH) == 0) + { + fprintf (stderr, "Certificate database file %s should be readable by others.\n", cert_db_file); + rc = 0; + } + if ((info.st_mode & S_IWOTH) != 0) + { + fprintf (stderr, "Certificate database file %s must not be writable by others.\n", cert_db_file); + rc = 0; + } + if ((info.st_mode & S_IXOTH) != 0) + { + fprintf (stderr, "Certificate database file %s must not be executable by others.\n", cert_db_file); + rc = 0; + } + + return rc; +} + +/* Function: int check_cert_db_permissions (const char *cert_db_path); + * + * Check that the given certificate directory and its contents have + * the correct permissions. + * + * Returns 0 if there is an error, 1 otherwise. + */ +static int +check_cert_db_permissions (const char *cert_db_path) { + struct stat info; + char *fileName; + int rc; + + rc = stat (cert_db_path, & info); + if (rc) + { + fprintf (stderr, "Could not obtain information on certificate database directory %s.\n", + cert_db_path); + perror (""); + return 0; + } + + rc = 1; /* ok */ + + /* The owner of the database must be root. */ + if (info.st_uid != 0) + { + fprintf (stderr, "Certificate database directory %s must be owned by root.\n", cert_db_path); + rc = 0; + } + + /* Check the database directory access permissions */ + if ((info.st_mode & S_IRUSR) == 0) + fprintf (stderr, "Certificate database %s should be readable by the owner.\n", cert_db_path); + if ((info.st_mode & S_IWUSR) == 0) + fprintf (stderr, "Certificate database %s should be writeable by the owner.\n", cert_db_path); + if ((info.st_mode & S_IXUSR) == 0) + fprintf (stderr, "Certificate database %s should be searchable by the owner.\n", cert_db_path); + if ((info.st_mode & S_IRGRP) == 0) + fprintf (stderr, "Certificate database %s should be readable by the group.\n", cert_db_path); + if ((info.st_mode & S_IWGRP) != 0) + { + fprintf (stderr, "Certificate database %s must not be writable by the group.\n", cert_db_path); + rc = 0; + } + if ((info.st_mode & S_IXGRP) == 0) + fprintf (stderr, "Certificate database %s should be searchable by the group.\n", cert_db_path); + if ((info.st_mode & S_IROTH) == 0) + fprintf (stderr, "Certificate database %s should be readable by others.\n", cert_db_path); + if ((info.st_mode & S_IWOTH) != 0) + { + fprintf (stderr, "Certificate database %s must not be writable by others.\n", cert_db_path); + rc = 0; + } + if ((info.st_mode & S_IXOTH) == 0) + fprintf (stderr, "Certificate database %s should be searchable by others.\n", cert_db_path); + + /* Now check the permissions of the critical files. */ + fileName = PORT_Alloc (strlen (cert_db_path) + 11); + if (! fileName) + { + fprintf (stderr, "Unable to allocate memory for certificate database file names\n"); + return 0; + } + + sprintf (fileName, "%s/cert8.db", cert_db_path); + rc &= check_db_file_permissions (fileName); + sprintf (fileName, "%s/key3.db", cert_db_path); + rc &= check_db_file_permissions (fileName); + sprintf (fileName, "%s/secmod.db", cert_db_path); + rc &= check_db_file_permissions (fileName); + + PORT_Free (fileName); + + if (rc == 0) + fprintf (stderr, "Unable to use certificate database %s due to errors.\n", cert_db_path); + + return rc; +} + +static int +verify_it (const char *inputName, const char *signatureName, SECKEYPublicKey *pubKey) +{ + unsigned char buffer[4096]; + PRFileInfo info; + PRStatus prStatus; + PRInt32 numBytes; + PRFileDesc *local_file_fd; + VFYContext *vfy; + SECItem signature; + SECStatus secStatus; + + /* Get the size of the signature file. */ + prStatus = PR_GetFileInfo (signatureName, &info); + if (prStatus != PR_SUCCESS || info.type != PR_FILE_FILE || info.size < 0) + { + fprintf (stderr, "Unable to obtain information on the signature file %s.\n", signatureName); + nssError (); + return MODULE_UNTRUSTED; /* Not signed */ + } + + /* Open the signature file. */ + local_file_fd = PR_Open (signatureName, PR_RDONLY, 0); + if (local_file_fd == NULL) + { + fprintf (stderr, "Could not open the signature file %s\n.", signatureName); + nssError (); + return MODULE_CHECK_ERROR; + } + + /* Allocate space to read the signature file. */ + signature.data = PORT_Alloc (info.size); + if (! signature.data) + { + fprintf (stderr, "Unable to allocate memory for the signature in %s.\n", signatureName); + nssError (); + return MODULE_CHECK_ERROR; + } + + /* Read the signature. */ + numBytes = PR_Read (local_file_fd, signature.data, info.size); + if (numBytes == 0) /* EOF */ + { + fprintf (stderr, "EOF reading signature file %s.\n", signatureName); + return MODULE_CHECK_ERROR; + } + if (numBytes < 0) + { + fprintf (stderr, "Error reading signature file %s.\n", signatureName); + nssError (); + return MODULE_CHECK_ERROR; + } + if (numBytes != info.size) + { + fprintf (stderr, "Incomplete data while reading signature file %s.\n", signatureName); + return MODULE_CHECK_ERROR; + } + signature.len = info.size; + + /* Done with the signature file. */ + PR_Close (local_file_fd); + + /* Create a verification context. */ + vfy = VFY_CreateContextDirect (pubKey, & signature, SEC_OID_PKCS1_RSA_ENCRYPTION, + SEC_OID_UNKNOWN, NULL, NULL); + if (! vfy) + { + /* The key does not match the signature. This is not an error. It just means + we are currently trying the wrong certificate/key. i.e. the module + remains untrusted for now. */ + return MODULE_UNTRUSTED; + } + + /* Begin the verification process. */ + secStatus = VFY_Begin(vfy); + if (secStatus != SECSuccess) + { + fprintf (stderr, "Unable to initialize verification context while verifying %s using the signature in %s.\n", + inputName, signatureName); + nssError (); + return MODULE_CHECK_ERROR; + } + + /* Now read the data and add it to the signature. */ + local_file_fd = PR_Open (inputName, PR_RDONLY, 0); + if (local_file_fd == NULL) + { + fprintf (stderr, "Could not open module file %s.\n", inputName); + nssError (); + return MODULE_CHECK_ERROR; + } + + for (;;) + { + numBytes = PR_Read (local_file_fd, buffer, sizeof (buffer)); + if (numBytes == 0) + break; /* EOF */ + + if (numBytes < 0) + { + fprintf (stderr, "Error reading module file %s.\n", inputName); + nssError (); + return MODULE_CHECK_ERROR; + } + + /* Add the data to the signature. */ + secStatus = VFY_Update (vfy, buffer, numBytes); + if (secStatus != SECSuccess) + { + fprintf (stderr, "Error while verifying module file %s.\n", inputName); + nssError (); + return MODULE_CHECK_ERROR; + } + } + + PR_Close(local_file_fd); + + /* Complete the verification. */ + secStatus = VFY_End (vfy); + if (secStatus != SECSuccess) { + fprintf (stderr, "Unable to verify signed module %s. It may have been altered since it was created.\n", inputName); + nssError (); + return MODULE_ALTERED; + } + + return MODULE_OK; +} + +int verify_module (const char *module_name, const char *signature_name) +{ + const char *dbdir = SYSCONFDIR "/systemtap/staprun"; + SECKEYPublicKey *pubKey; + SECStatus secStatus; + CERTCertList *certList; + CERTCertListNode *certListNode; + CERTCertificate *cert; + PRStatus prStatus; + PRFileInfo info; + int rc = 0; + + /* Look for the certificate database. If it's not there, it's not an error, it + just means that the module can't be verified. */ + prStatus = PR_GetFileInfo (dbdir, &info); + if (prStatus != PR_SUCCESS || info.type != PR_FILE_DIRECTORY) + return MODULE_UNTRUSTED; + + /* Verify the permissions of the certificate database and its files. */ + if (! check_cert_db_permissions (dbdir)) + return MODULE_UNTRUSTED; + + /* Call the NSPR initialization routines. */ + PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + + /* Initialize NSS. */ + secStatus = NSS_Init (dbdir); + if (secStatus != SECSuccess) + { + fprintf (stderr, "Unable to initialize nss library using the database in %s.\n", + dbdir); + nssError (); + return MODULE_CHECK_ERROR; + } + + certList = PK11_ListCerts (PK11CertListAll, NULL); + if (certList == NULL) + { + fprintf (stderr, "Unable to find certificates in the certificate database in %s.\n", + dbdir); + nssError (); + return MODULE_UNTRUSTED; + } + + /* We need to look at each certificate in the database. */ + for (certListNode = CERT_LIST_HEAD (certList); + ! CERT_LIST_END (certListNode, certList); + certListNode = CERT_LIST_NEXT (certListNode)) + { + cert = certListNode->cert; + + pubKey = CERT_ExtractPublicKey (cert); + if (pubKey == NULL) + { + fprintf (stderr, "Unable to extract public key from the certificate with nickname %s from the certificate database in %s.\n", + cert->nickname, dbdir); + nssError (); + return MODULE_CHECK_ERROR; + } + + /* Verify the file. */ + rc = verify_it (module_name, signature_name, pubKey); + if (rc == MODULE_OK || rc == MODULE_ALTERED || rc == MODULE_CHECK_ERROR) + break; /* resolved or error */ + } + + /* Shutdown NSS and exit NSPR gracefully. */ + nssCleanup (); + + return rc; +} diff --git a/runtime/staprun/modverify.h b/runtime/staprun/modverify.h new file mode 100644 index 00000000..9abf62d4 --- /dev/null +++ b/runtime/staprun/modverify.h @@ -0,0 +1,8 @@ +int verify_module (const char *module_name, const char *signature_name); + +/* return codes for verify_module. */ +#define MODULE_OK 1 +#define MODULE_UNTRUSTED 0 +#define MODULE_CHECK_ERROR -1 +#define MODULE_ALTERED -2 + diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 49b37988..40af1678 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -7,14 +7,20 @@ * Public License (GPL); either version 2, or (at your option) any * later version. * - * Copyright (C) 2007-2008 Red Hat Inc. + * Copyright (C) 2007-2009 Red Hat Inc. */ +#include "config.h" #include "staprun.h" +#if HAVE_NSS +#include "modverify.h" +#endif + #include #include #include #include +#include extern long init_module(void *, unsigned long, const char *); @@ -199,6 +205,44 @@ int mountfs(void) return 0; } +#if HAVE_NSS +/* + * Modules which have been signed using a certificate and private key + * corresponding to a certificate and public key in the database in + * the '$sysconfdir/systemtap/staprun' directory may be loaded by + * anyone. + * + * Returns: -1 on errors, 0 on failure, 1 on success. + */ +static int +check_signature(void) +{ + char module_realpath[PATH_MAX]; + char signature_realpath[PATH_MAX]; + int rc; + + dbug(2, "checking signature for %s\n", modpath); + + /* Use realpath() to canonicalize the module path. */ + if (realpath(modpath, module_realpath) == NULL) { + perr("Unable to canonicalize module path \"%s\"", modpath); + return MODULE_CHECK_ERROR; + } + + /* Now add the .sgn suffix to get the signature file name. */ + if (strlen (module_realpath) > PATH_MAX - 4) { + err("Path \"%s\" is too long.", modpath); + return MODULE_CHECK_ERROR; + } + sprintf (signature_realpath, "%s.sgn", module_realpath); + + rc = verify_module (module_realpath, signature_realpath); + + dbug(2, "verify_module returns %d\n", rc); + + return rc; +} +#endif /* HAVE_NSS */ /* * Members of the 'stapusr' group can only use "blessed" modules - @@ -302,35 +346,23 @@ check_path(void) } /* - * Check the user's permissions. Is he allowed to run staprun (or is - * he limited to "blessed" modules)? + * Check the user's group membership. Is he allowed to run staprun (or is * - * Returns: -1 on errors, 0 on failure, 1 on success. + * o members of stapdev can do anything + * o members of stapusr can load modules from /lib/modules/KVER/systemtap + * + * Returns: -2 if neither group exists + * -1 for other errors + * 0 on failure + * 1 on success */ -int check_permissions(void) +static int +check_groups (void) { gid_t gid, gidlist[NGROUPS_MAX]; gid_t stapdev_gid, stapusr_gid; int i, ngids; struct group *stgr; - int path_check = 0; - - /* If we're root, we can do anything. */ - if (getuid() == 0) { - /* ... like overriding the real UID */ - const char *env_id = getenv("SYSTEMTAP_REAL_UID"); - if (env_id && setreuid(atoi(env_id), -1)) - err("WARNING: couldn't set staprun UID to '%s': %s", - env_id, strerror(errno)); - - /* ... or overriding the real GID */ - env_id = getenv("SYSTEMTAP_REAL_GID"); - if (env_id && setregid(atoi(env_id), -1)) - err("WARNING: couldn't set staprun GID to '%s': %s", - env_id, strerror(errno)); - - return 1; - } /* Lookup the gid for group "stapdev" */ errno = 0; @@ -354,55 +386,42 @@ int check_permissions(void) else stapusr_gid = stgr->gr_gid; - /* If neither group was found, just return an error. */ - if (stapdev_gid == (gid_t)-1 && stapusr_gid == (gid_t)-1) { - err("ERROR: You are trying to run stap as a normal user.\n" - "You should either be root, or be part of either " - "group \"stapdev\" or group \"stapusr\".\n" - "Your system doesn't seem to have either group.\n" - "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage\n"); - return -1; - } + /* If neither group was found, then return -2. */ + if (stapdev_gid == (gid_t)-1 && stapusr_gid == (gid_t)-1) + return -2; /* According to the getgroups() man page, getgroups() may not * return the effective gid, so try to match it first. */ gid = getegid(); if (gid == stapdev_gid) return 1; - else if (gid == stapusr_gid) - path_check = 1; - /* Get the list of the user's groups. */ - ngids = getgroups(NGROUPS_MAX, gidlist); - if (ngids < 0) { - perr("Unable to retrieve group list"); - return -1; - } - - for (i = 0; i < ngids; i++) { - /* If the user is a member of 'stapdev', then we're - * done, since he can use staprun without any - * restrictions. */ - if (gidlist[i] == stapdev_gid) - return 1; - - /* If the user is a member of 'stapusr', then we'll - * need to check the module path. However, we'll keep - * checking groups since it is possible the user is a - * member of both groups and we haven't seen the - * 'stapdev' group yet. */ - if (gidlist[i] == stapusr_gid) - path_check = 1; - } + if (gid != stapusr_gid) { + /* Get the list of the user's groups. */ + ngids = getgroups(NGROUPS_MAX, gidlist); + if (ngids < 0) { + perr("Unable to retrieve group list"); + return -1; + } - /* If path_check is 0, then the user isn't a member of either - * group. Error out. */ - if (path_check == 0) { - err("ERROR: You are trying to run stap as a normal user.\n" - "You must be a member of either group \"stapdev\" or group \"stapusr\".\n" - "Please contact your system administrator to get yourself membership to either of those groups.\n" - "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage.\n"); - return 0; + for (i = 0; i < ngids; i++) { + /* If the user is a member of 'stapdev', then we're + * done, since he can use staprun without any + * restrictions. */ + if (gidlist[i] == stapdev_gid) + return 1; + + /* If the user is a member of 'stapusr', then we'll + * need to check the module path. However, we'll keep + * checking groups since it is possible the user is a + * member of both groups and we haven't seen the + * 'stapdev' group yet. */ + if (gidlist[i] == stapusr_gid) + gid = stapusr_gid; + } + /* Not a member of stapusr? */ + if (gid != stapusr_gid) + return 0; } /* At this point the user is only a member of the 'stapusr' @@ -411,3 +430,50 @@ int check_permissions(void) * is in that directory. */ return check_path(); } + +/* + * Check the user's permissions. Is he allowed to run staprun (or is + * he limited to "blessed" modules)? + * + * There are several levels of possible permission: + * + * 1) root can do anything + * 2) members of stapdev can do anything + * 3) members of stapusr can load modules from /lib/modules/KVER/systemtap + * + * It is only an error if all 3 levels of checking fail + * + * Returns: -1 on errors, 0 on failure, 1 on success. + */ +int check_permissions(void) +{ + int check_groups_rc; + int check_signature_rc = 0; + +#if HAVE_NSS + /* Attempt to verify the module against its signature. Return failure + if the module has been tampered with (altered). */ + check_signature_rc = check_signature (); + if (check_signature_rc == MODULE_ALTERED) + return 0; +#endif + + /* If we're root, we can do anything. */ + if (getuid() == 0) + return 1; + + /* Check permissions for group membership. */ + check_groups_rc = check_groups (); + if (check_groups_rc == 1) + return 1; + + err("ERROR: You are trying to run stap as a normal user.\n" + "You should either be root, or be part of either " + "group \"stapdev\" or group \"stapusr\".\n"); + if (check_groups_rc == -2) { + err("Your system doesn't seem to have either group.\n"); + check_groups_rc = -1; + } + + return check_groups_rc; +} -- cgit From d781daa027b2ad6c78f4258734142c97eb40b777 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 5 May 2009 11:21:51 -0700 Subject: Add Vim modelines for new C/C++ sources --- runtime/staprun/modverify.c | 2 ++ runtime/staprun/modverify.h | 1 + 2 files changed, 3 insertions(+) (limited to 'runtime/staprun') diff --git a/runtime/staprun/modverify.c b/runtime/staprun/modverify.c index 2f3b96d5..b50a69f4 100644 --- a/runtime/staprun/modverify.c +++ b/runtime/staprun/modverify.c @@ -387,3 +387,5 @@ int verify_module (const char *module_name, const char *signature_name) return rc; } + +/* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ diff --git a/runtime/staprun/modverify.h b/runtime/staprun/modverify.h index 9abf62d4..49b90bfe 100644 --- a/runtime/staprun/modverify.h +++ b/runtime/staprun/modverify.h @@ -6,3 +6,4 @@ int verify_module (const char *module_name, const char *signature_name); #define MODULE_CHECK_ERROR -1 #define MODULE_ALTERED -2 +/* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ -- cgit From 67c7a9ac91ea3de5cadb7c90028365fdac1f530f Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Wed, 6 May 2009 13:52:52 -0400 Subject: Problems using server scripts when not on PATH. HAVE_NSS related compile time warning. --- runtime/staprun/staprun_funcs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'runtime/staprun') diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 40af1678..8da7e7e8 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -448,9 +448,9 @@ check_groups (void) int check_permissions(void) { int check_groups_rc; +#if HAVE_NSS int check_signature_rc = 0; -#if HAVE_NSS /* Attempt to verify the module against its signature. Return failure if the module has been tampered with (altered). */ check_signature_rc = check_signature (); -- cgit