From: Mathieu Desnoyers Date: Tue, 14 Aug 2012 21:10:59 +0000 (-0400) Subject: Fix UST SIGPIPE handling X-Git-Tag: v2.1.0-rc1~13 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=2c44f5b96c30c96daf1c4b988d7498b5ee5fc009;p=lttng-ust.git Fix UST SIGPIPE handling When the consumerd dies (from a SIGKILL), it may close all of its file descriptors rather abruptly. We ensured that the UST command threads have all signals blocked, and they use MSG_NOSIGNAL when sending messages to the sessiond over sockets. However, the consumer scheme uses a pipe(2) to transport the "wakeup" info from the application tracing site to the consumer daemon. It may send a SIGPIPE to the application in that case, which could kill the application, an unwanted side-effect. Block thread SIGPIPE around write() and wait for the signal to fix this. Signed-off-by: Mathieu Desnoyers Acked-by: Christian Babeux CC: David Goulet --- diff --git a/libringbuffer/frontend_internal.h b/libringbuffer/frontend_internal.h index 6d1a75bd..2d3b1071 100644 --- a/libringbuffer/frontend_internal.h +++ b/libringbuffer/frontend_internal.h @@ -32,6 +32,8 @@ */ #include +#include +#include #include #include "backend_types.h" @@ -397,7 +399,9 @@ void lib_ring_buffer_check_deliver(const struct lttng_ust_lib_ring_buffer_config int wakeup_fd = shm_get_wakeup_fd(handle, &buf->self._ref); if (wakeup_fd >= 0) { - int ret; + sigset_t sigpipe_set, pending_set, old_set; + int ret, sigpipe_was_pending = 0; + /* * Wake-up the other end by * writing a null byte in the @@ -416,13 +420,55 @@ void lib_ring_buffer_check_deliver(const struct lttng_ust_lib_ring_buffer_config * 2) check if there is data in * the buffer. * 3) wait on the pipe (poll). + * + * Discard the SIGPIPE from write(), not + * disturbing any SIGPIPE that might be + * already pending. If a bogus SIGPIPE + * is sent to the entire process + * concurrently by a malicious user, it + * may be simply discarded. + */ + ret = sigemptyset(&pending_set); + assert(!ret); + /* + * sigpending returns the mask + * of signals that are _both_ + * blocked for the thread _and_ + * pending for either the thread + * or the entire process. */ + ret = sigpending(&pending_set); + assert(!ret); + sigpipe_was_pending = sigismember(&pending_set, SIGPIPE); + /* + * If sigpipe was pending, it + * means it was already blocked, + * so no need to block it. + */ + if (!sigpipe_was_pending) { + ret = sigemptyset(&sigpipe_set); + assert(!ret); + ret = sigaddset(&sigpipe_set, SIGPIPE); + assert(!ret); + ret = pthread_sigmask(SIG_BLOCK, &sigpipe_set, &old_set); + assert(!ret); + } do { ret = write(wakeup_fd, "", 1); } while (ret == -1L && errno == EINTR); + if (ret == -1L && errno == EPIPE && !sigpipe_was_pending) { + struct timespec timeout = { 0, 0 }; + do { + ret = sigtimedwait(&sigpipe_set, NULL, + &timeout); + } while (ret == -1L && errno == EINTR); + } + if (!sigpipe_was_pending) { + ret = pthread_sigmask(SIG_SETMASK, &old_set, NULL); + assert(!ret); + } } } - } } }