From: Michael Jeanson Date: Tue, 12 Feb 2019 15:40:48 +0000 (-0500) Subject: Add userspace vuid/vgid contexts X-Git-Tag: v2.12.0-rc1~15 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=fca2f1916cd9f22f410d8f22b9a0720c978c2025;p=lttng-ust.git Add userspace vuid/vgid contexts Add a context for each available namespaced user and group IDs * vuid : real user ID * veuid : effective user ID * vsuid : saved set-user ID These are the IDs as seen in the current user namespace, see user_namespaces(7) and credentials(7) for details on each type. Signed-off-by: Michael Jeanson Signed-off-by: Mathieu Desnoyers --- diff --git a/doc/man/lttng-ust.3.txt b/doc/man/lttng-ust.3.txt index 9865547e..1bd4d1e0 100644 --- a/doc/man/lttng-ust.3.txt +++ b/doc/man/lttng-ust.3.txt @@ -826,6 +826,32 @@ The following man:namespaces(7) context fields are supported by LTTng-UST: Hostname and NIS domain name namespace: inode number of the current UTS namespace in the proc filesystem. +The following man:credentials(7) context fields are supported by LTTng-UST: + +`vuid`:: + Virtual real user ID: real user ID as seen from the point of view of + the current man:user_namespaces(7). + +`vgid`:: + Virtual real group ID: real group ID as seen from the point of view of + the current man:user_namespaces(7). + +`veuid`:: + Virtual effective user ID: effective user ID as seen from the point of + view of the current man:user_namespaces(7). + +`vegid`:: + Virtual effective group ID: effective group ID as seen from the point of + view of the current man:user_namespaces(7). + +`vsuid`:: + Virtual saved set-user ID: saved set-user ID as seen from the point of + view of the current man:user_namespaces(7). + +`vsgid`:: + Virtual saved set-group ID: saved set-group ID as seen from the point of + view of the current man:user_namespaces(7). + [[state-dump]] LTTng-UST state dump diff --git a/include/lttng/ust-abi.h b/include/lttng/ust-abi.h index d299b7de..5c934daf 100644 --- a/include/lttng/ust-abi.h +++ b/include/lttng/ust-abi.h @@ -152,6 +152,12 @@ enum lttng_ust_context_type { LTTNG_UST_CONTEXT_PID_NS = 12, LTTNG_UST_CONTEXT_USER_NS = 13, LTTNG_UST_CONTEXT_UTS_NS = 14, + LTTNG_UST_CONTEXT_VUID = 15, + LTTNG_UST_CONTEXT_VEUID = 16, + LTTNG_UST_CONTEXT_VSUID = 17, + LTTNG_UST_CONTEXT_VGID = 18, + LTTNG_UST_CONTEXT_VEGID = 19, + LTTNG_UST_CONTEXT_VSGID = 20, }; struct lttng_ust_perf_counter_ctx { diff --git a/include/lttng/ust-events.h b/include/lttng/ust-events.h index c0ec3860..89309682 100644 --- a/include/lttng/ust-events.h +++ b/include/lttng/ust-events.h @@ -686,6 +686,12 @@ int lttng_add_net_ns_to_ctx(struct lttng_ctx **ctx); int lttng_add_pid_ns_to_ctx(struct lttng_ctx **ctx); int lttng_add_user_ns_to_ctx(struct lttng_ctx **ctx); int lttng_add_uts_ns_to_ctx(struct lttng_ctx **ctx); +int lttng_add_vuid_to_ctx(struct lttng_ctx **ctx); +int lttng_add_veuid_to_ctx(struct lttng_ctx **ctx); +int lttng_add_vsuid_to_ctx(struct lttng_ctx **ctx); +int lttng_add_vgid_to_ctx(struct lttng_ctx **ctx); +int lttng_add_vegid_to_ctx(struct lttng_ctx **ctx); +int lttng_add_vsgid_to_ctx(struct lttng_ctx **ctx); void lttng_context_vtid_reset(void); void lttng_context_vpid_reset(void); void lttng_context_procname_reset(void); @@ -696,6 +702,12 @@ void lttng_context_net_ns_reset(void); void lttng_context_pid_ns_reset(void); void lttng_context_user_ns_reset(void); void lttng_context_uts_ns_reset(void); +void lttng_context_vuid_reset(void); +void lttng_context_veuid_reset(void); +void lttng_context_vsuid_reset(void); +void lttng_context_vgid_reset(void); +void lttng_context_vegid_reset(void); +void lttng_context_vsgid_reset(void); #ifdef LTTNG_UST_HAVE_PERF_EVENT int lttng_add_perf_counter_to_ctx(uint32_t type, diff --git a/include/lttng/ust.h b/include/lttng/ust.h index 0b2a8979..7befe83c 100644 --- a/include/lttng/ust.h +++ b/include/lttng/ust.h @@ -34,6 +34,14 @@ extern void ust_after_fork_parent(sigset_t *restore_sigset); extern void ust_after_fork_child(sigset_t *restore_sigset); extern void ust_after_setns(void); extern void ust_after_unshare(void); +extern void ust_after_setuid(void); +extern void ust_after_setgid(void); +extern void ust_after_seteuid(void); +extern void ust_after_setegid(void); +extern void ust_after_setreuid(void); +extern void ust_after_setregid(void); +extern void ust_after_setresuid(void); +extern void ust_after_setresgid(void); #ifdef __cplusplus } diff --git a/liblttng-ust-fork/ustfork.c b/liblttng-ust-fork/ustfork.c index 25f9d4cc..983ed04f 100644 --- a/liblttng-ust-fork/ustfork.c +++ b/liblttng-ust-fork/ustfork.c @@ -89,6 +89,156 @@ int daemon(int nochdir, int noclose) return retval; } +int setuid(uid_t uid) +{ + static int (*plibc_func)(uid_t uid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setuid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setuid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setuid */ + retval = plibc_func(uid); + saved_errno = errno; + + ust_after_setuid(); + + errno = saved_errno; + return retval; +} + +int setgid(gid_t gid) +{ + static int (*plibc_func)(gid_t gid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setgid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setgid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setgid */ + retval = plibc_func(gid); + saved_errno = errno; + + ust_after_setgid(); + + errno = saved_errno; + return retval; +} + +int seteuid(uid_t euid) +{ + static int (*plibc_func)(uid_t euid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "seteuid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"seteuid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real seteuid */ + retval = plibc_func(euid); + saved_errno = errno; + + ust_after_seteuid(); + + errno = saved_errno; + return retval; +} + +int setegid(gid_t egid) +{ + static int (*plibc_func)(gid_t egid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setegid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setegid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setegid */ + retval = plibc_func(egid); + saved_errno = errno; + + ust_after_setegid(); + + errno = saved_errno; + return retval; +} + +int setreuid(uid_t ruid, uid_t euid) +{ + static int (*plibc_func)(uid_t ruid, uid_t euid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setreuid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setreuid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setreuid */ + retval = plibc_func(ruid, euid); + saved_errno = errno; + + ust_after_setreuid(); + + errno = saved_errno; + return retval; +} + +int setregid(gid_t rgid, gid_t egid) +{ + static int (*plibc_func)(gid_t rgid, gid_t egid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setregid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setregid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setregid */ + retval = plibc_func(rgid, egid); + saved_errno = errno; + + ust_after_setregid(); + + errno = saved_errno; + return retval; +} + #ifdef __linux__ struct user_desc; @@ -210,6 +360,56 @@ int unshare(int flags) return retval; } +int setresuid(uid_t ruid, uid_t euid, uid_t suid) +{ + static int (*plibc_func)(uid_t ruid, uid_t euid, uid_t suid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setresuid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setresuid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setresuid */ + retval = plibc_func(ruid, euid, suid); + saved_errno = errno; + + ust_after_setresuid(); + + errno = saved_errno; + return retval; +} + +int setresgid(gid_t rgid, gid_t egid, gid_t sgid) +{ + static int (*plibc_func)(gid_t rgid, gid_t egid, gid_t sgid) = NULL; + int retval; + int saved_errno; + + if (plibc_func == NULL) { + plibc_func = dlsym(RTLD_NEXT, "setresgid"); + if (plibc_func == NULL) { + fprintf(stderr, "libustfork: unable to find \"setresgid\" symbol\n"); + errno = ENOSYS; + return -1; + } + } + + /* Do the real setresgid */ + retval = plibc_func(rgid, egid, sgid); + saved_errno = errno; + + ust_after_setresgid(); + + errno = saved_errno; + return retval; +} + #elif defined (__FreeBSD__) pid_t rfork(int flags) diff --git a/liblttng-ust/Makefile.am b/liblttng-ust/Makefile.am index 1f167218..abb7a8dc 100644 --- a/liblttng-ust/Makefile.am +++ b/liblttng-ust/Makefile.am @@ -40,6 +40,12 @@ liblttng_ust_runtime_la_SOURCES = \ lttng-context-pid-ns.c \ lttng-context-user-ns.c \ lttng-context-uts-ns.c \ + lttng-context-vuid.c \ + lttng-context-veuid.c \ + lttng-context-vsuid.c \ + lttng-context-vgid.c \ + lttng-context-vegid.c \ + lttng-context-vsgid.c \ lttng-context.c \ lttng-events.c \ lttng-filter.c \ @@ -69,7 +75,8 @@ liblttng_ust_runtime_la_SOURCES = \ getenv.h \ string-utils.c \ string-utils.h \ - ns.h + ns.h \ + creds.h if HAVE_PERF_EVENT liblttng_ust_runtime_la_SOURCES += \ diff --git a/liblttng-ust/creds.h b/liblttng-ust/creds.h new file mode 100644 index 00000000..b29319e0 --- /dev/null +++ b/liblttng-ust/creds.h @@ -0,0 +1,29 @@ +#ifndef _LTTNG_CREDS_H +#define _LTTNG_CREDS_H + +/* + * Copyright (c) 2019 - Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +/* + * This is used in the kernel as an invalid value. + */ + +#define INVALID_UID (uid_t) -1 +#define INVALID_GID (gid_t) -1 + +#endif /* _LTTNG_CREDS_H */ diff --git a/liblttng-ust/lttng-context-vegid.c b/liblttng-ust/lttng-context-vegid.c new file mode 100644 index 00000000..70855688 --- /dev/null +++ b/liblttng-ust/lttng-context-vegid.c @@ -0,0 +1,127 @@ +/* + * lttng-context-vegid.c + * + * LTTng UST namespaced effective group ID context. + * + * Copyright (C) 2009-2012 Mathieu Desnoyers + * 2019 Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#define _LGPL_SOURCE +#include +#include +#include +#include +#include +#include +#include "creds.h" + + +/* + * At the kernel level, user IDs and group IDs are a per-thread attribute. + * However, POSIX requires that all threads in a process share the same + * credentials. The NPTL threading implementation handles the POSIX + * requirements by providing wrapper functions for the various system calls + * that change process UIDs and GIDs. These wrapper functions (including those + * for setreuid() and setregid()) employ a signal-based technique to ensure + * that when one thread changes credentials, all of the other threads in the + * process also change their credentials. + */ + +/* + * We cache the result to ensure we don't trigger a system call for + * each event. User / group IDs are global to the process. + */ +static gid_t cached_vegid = INVALID_GID; + +static +gid_t get_vegid(void) +{ + gid_t vegid; + + vegid = CMM_LOAD_SHARED(cached_vegid); + + if (caa_unlikely(vegid == INVALID_GID)) { + vegid = getegid(); + CMM_STORE_SHARED(cached_vegid, vegid); + } + + return vegid; +} + +/* + * The vegid can change on setuid, setreuid, setresuid and seteuid. + */ +void lttng_context_vegid_reset(void) +{ + CMM_STORE_SHARED(cached_vegid, INVALID_GID); +} + +static +size_t vegid_get_size(struct lttng_ctx_field *field, size_t offset) +{ + size_t size = 0; + + size += lib_ring_buffer_align(offset, lttng_alignof(gid_t)); + size += sizeof(gid_t); + return size; +} + +static +void vegid_record(struct lttng_ctx_field *field, + struct lttng_ust_lib_ring_buffer_ctx *ctx, + struct lttng_channel *chan) +{ + gid_t vegid; + + vegid = get_vegid(); + lib_ring_buffer_align_ctx(ctx, lttng_alignof(vegid)); + chan->ops->event_write(ctx, &vegid, sizeof(vegid)); +} + +static +void vegid_get_value(struct lttng_ctx_field *field, + struct lttng_ctx_value *value) +{ + value->u.s64 = get_vegid(); +} + +int lttng_add_vegid_to_ctx(struct lttng_ctx **ctx) +{ + struct lttng_ctx_field *field; + + field = lttng_append_context(ctx); + if (!field) + return -ENOMEM; + if (lttng_find_context(*ctx, "vegid")) { + lttng_remove_context_field(ctx, field); + return -EEXIST; + } + field->event_field.name = "vegid"; + field->event_field.type.atype = atype_integer; + field->event_field.type.u.basic.integer.size = sizeof(gid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.alignment = lttng_alignof(gid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.signedness = lttng_is_signed_type(gid_t); + field->event_field.type.u.basic.integer.reverse_byte_order = 0; + field->event_field.type.u.basic.integer.base = 10; + field->event_field.type.u.basic.integer.encoding = lttng_encode_none; + field->get_size = vegid_get_size; + field->record = vegid_record; + field->get_value = vegid_get_value; + lttng_context_update(*ctx); + return 0; +} diff --git a/liblttng-ust/lttng-context-veuid.c b/liblttng-ust/lttng-context-veuid.c new file mode 100644 index 00000000..b627a974 --- /dev/null +++ b/liblttng-ust/lttng-context-veuid.c @@ -0,0 +1,127 @@ +/* + * lttng-context-veuid.c + * + * LTTng UST namespaced effective user ID context. + * + * Copyright (C) 2009-2012 Mathieu Desnoyers + * 2019 Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#define _LGPL_SOURCE +#include +#include +#include +#include +#include +#include +#include "creds.h" + + +/* + * At the kernel level, user IDs and group IDs are a per-thread attribute. + * However, POSIX requires that all threads in a process share the same + * credentials. The NPTL threading implementation handles the POSIX + * requirements by providing wrapper functions for the various system calls + * that change process UIDs and GIDs. These wrapper functions (including those + * for setreuid() and setregid()) employ a signal-based technique to ensure + * that when one thread changes credentials, all of the other threads in the + * process also change their credentials. + */ + +/* + * We cache the result to ensure we don't trigger a system call for + * each event. User / group IDs are global to the process. + */ +static uid_t cached_veuid = INVALID_UID; + +static +uid_t get_veuid(void) +{ + uid_t veuid; + + veuid = CMM_LOAD_SHARED(cached_veuid); + + if (caa_unlikely(veuid == INVALID_UID)) { + veuid = geteuid(); + CMM_STORE_SHARED(cached_veuid, veuid); + } + + return veuid; +} + +/* + * The veuid can change on setuid, setreuid, setresuid and seteuid. + */ +void lttng_context_veuid_reset(void) +{ + CMM_STORE_SHARED(cached_veuid, INVALID_UID); +} + +static +size_t veuid_get_size(struct lttng_ctx_field *field, size_t offset) +{ + size_t size = 0; + + size += lib_ring_buffer_align(offset, lttng_alignof(uid_t)); + size += sizeof(uid_t); + return size; +} + +static +void veuid_record(struct lttng_ctx_field *field, + struct lttng_ust_lib_ring_buffer_ctx *ctx, + struct lttng_channel *chan) +{ + uid_t veuid; + + veuid = get_veuid(); + lib_ring_buffer_align_ctx(ctx, lttng_alignof(veuid)); + chan->ops->event_write(ctx, &veuid, sizeof(veuid)); +} + +static +void veuid_get_value(struct lttng_ctx_field *field, + struct lttng_ctx_value *value) +{ + value->u.s64 = get_veuid(); +} + +int lttng_add_veuid_to_ctx(struct lttng_ctx **ctx) +{ + struct lttng_ctx_field *field; + + field = lttng_append_context(ctx); + if (!field) + return -ENOMEM; + if (lttng_find_context(*ctx, "veuid")) { + lttng_remove_context_field(ctx, field); + return -EEXIST; + } + field->event_field.name = "veuid"; + field->event_field.type.atype = atype_integer; + field->event_field.type.u.basic.integer.size = sizeof(uid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.alignment = lttng_alignof(uid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.signedness = lttng_is_signed_type(uid_t); + field->event_field.type.u.basic.integer.reverse_byte_order = 0; + field->event_field.type.u.basic.integer.base = 10; + field->event_field.type.u.basic.integer.encoding = lttng_encode_none; + field->get_size = veuid_get_size; + field->record = veuid_record; + field->get_value = veuid_get_value; + lttng_context_update(*ctx); + return 0; +} diff --git a/liblttng-ust/lttng-context-vgid.c b/liblttng-ust/lttng-context-vgid.c new file mode 100644 index 00000000..7ffaf683 --- /dev/null +++ b/liblttng-ust/lttng-context-vgid.c @@ -0,0 +1,127 @@ +/* + * lttng-context-vgid.c + * + * LTTng UST namespaced real group ID context. + * + * Copyright (C) 2009-2012 Mathieu Desnoyers + * 2019 Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#define _LGPL_SOURCE +#include +#include +#include +#include +#include +#include +#include "creds.h" + + +/* + * At the kernel level, user IDs and group IDs are a per-thread attribute. + * However, POSIX requires that all threads in a process share the same + * credentials. The NPTL threading implementation handles the POSIX + * requirements by providing wrapper functions for the various system calls + * that change process UIDs and GIDs. These wrapper functions (including those + * for setreuid() and setregid()) employ a signal-based technique to ensure + * that when one thread changes credentials, all of the other threads in the + * process also change their credentials. + */ + +/* + * We cache the result to ensure we don't trigger a system call for + * each event. User / group IDs are global to the process. + */ +static gid_t cached_vgid = INVALID_GID; + +static +gid_t get_vgid(void) +{ + gid_t vgid; + + vgid = CMM_LOAD_SHARED(cached_vgid); + + if (caa_unlikely(cached_vgid == (gid_t) -1)) { + vgid = getgid(); + CMM_STORE_SHARED(cached_vgid, vgid); + } + + return vgid; +} + +/* + * The vgid can change on setuid, setreuid and setresuid. + */ +void lttng_context_vgid_reset(void) +{ + CMM_STORE_SHARED(cached_vgid, INVALID_GID); +} + +static +size_t vgid_get_size(struct lttng_ctx_field *field, size_t offset) +{ + size_t size = 0; + + size += lib_ring_buffer_align(offset, lttng_alignof(gid_t)); + size += sizeof(gid_t); + return size; +} + +static +void vgid_record(struct lttng_ctx_field *field, + struct lttng_ust_lib_ring_buffer_ctx *ctx, + struct lttng_channel *chan) +{ + gid_t vgid; + + vgid = get_vgid(); + lib_ring_buffer_align_ctx(ctx, lttng_alignof(vgid)); + chan->ops->event_write(ctx, &vgid, sizeof(vgid)); +} + +static +void vgid_get_value(struct lttng_ctx_field *field, + struct lttng_ctx_value *value) +{ + value->u.s64 = get_vgid(); +} + +int lttng_add_vgid_to_ctx(struct lttng_ctx **ctx) +{ + struct lttng_ctx_field *field; + + field = lttng_append_context(ctx); + if (!field) + return -ENOMEM; + if (lttng_find_context(*ctx, "vgid")) { + lttng_remove_context_field(ctx, field); + return -EEXIST; + } + field->event_field.name = "vgid"; + field->event_field.type.atype = atype_integer; + field->event_field.type.u.basic.integer.size = sizeof(gid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.alignment = lttng_alignof(gid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.signedness = lttng_is_signed_type(gid_t); + field->event_field.type.u.basic.integer.reverse_byte_order = 0; + field->event_field.type.u.basic.integer.base = 10; + field->event_field.type.u.basic.integer.encoding = lttng_encode_none; + field->get_size = vgid_get_size; + field->record = vgid_record; + field->get_value = vgid_get_value; + lttng_context_update(*ctx); + return 0; +} diff --git a/liblttng-ust/lttng-context-vsgid.c b/liblttng-ust/lttng-context-vsgid.c new file mode 100644 index 00000000..437b01e4 --- /dev/null +++ b/liblttng-ust/lttng-context-vsgid.c @@ -0,0 +1,132 @@ +/* + * lttng-context-vsgid.c + * + * LTTng UST namespaced saved set-group ID context. + * + * Copyright (C) 2009-2012 Mathieu Desnoyers + * 2019 Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#define _GNU_SOURCE +#define _LGPL_SOURCE +#include +#include +#include +#include +#include +#include +#include "creds.h" + + +/* + * At the kernel level, user IDs and group IDs are a per-thread attribute. + * However, POSIX requires that all threads in a process share the same + * credentials. The NPTL threading implementation handles the POSIX + * requirements by providing wrapper functions for the various system calls + * that change process UIDs and GIDs. These wrapper functions (including those + * for setreuid() and setregid()) employ a signal-based technique to ensure + * that when one thread changes credentials, all of the other threads in the + * process also change their credentials. + */ + +/* + * We cache the result to ensure we don't trigger a system call for + * each event. User / group IDs are global to the process. + */ +static gid_t cached_vsgid = INVALID_GID; + +static +gid_t get_vsgid(void) +{ + gid_t vsgid; + + vsgid = CMM_LOAD_SHARED(cached_vsgid); + + if (caa_unlikely(vsgid == INVALID_GID)) { + gid_t gid, egid, sgid; + + if (getresgid(&gid, &egid, &sgid) == 0) { + vsgid = sgid; + CMM_STORE_SHARED(cached_vsgid, vsgid); + } + } + + return vsgid; +} + +/* + * The vsgid can change on setuid, setreuid and setresuid. + */ +void lttng_context_vsgid_reset(void) +{ + CMM_STORE_SHARED(cached_vsgid, INVALID_GID); +} + +static +size_t vsgid_get_size(struct lttng_ctx_field *field, size_t offset) +{ + size_t size = 0; + + size += lib_ring_buffer_align(offset, lttng_alignof(gid_t)); + size += sizeof(gid_t); + return size; +} + +static +void vsgid_record(struct lttng_ctx_field *field, + struct lttng_ust_lib_ring_buffer_ctx *ctx, + struct lttng_channel *chan) +{ + gid_t vsgid; + + vsgid = get_vsgid(); + lib_ring_buffer_align_ctx(ctx, lttng_alignof(vsgid)); + chan->ops->event_write(ctx, &vsgid, sizeof(vsgid)); +} + +static +void vsgid_get_value(struct lttng_ctx_field *field, + struct lttng_ctx_value *value) +{ + value->u.s64 = get_vsgid(); +} + +int lttng_add_vsgid_to_ctx(struct lttng_ctx **ctx) +{ + struct lttng_ctx_field *field; + + field = lttng_append_context(ctx); + if (!field) + return -ENOMEM; + if (lttng_find_context(*ctx, "vsgid")) { + lttng_remove_context_field(ctx, field); + return -EEXIST; + } + field->event_field.name = "vsgid"; + field->event_field.type.atype = atype_integer; + field->event_field.type.u.basic.integer.size = sizeof(gid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.alignment = lttng_alignof(gid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.signedness = lttng_is_signed_type(gid_t); + field->event_field.type.u.basic.integer.reverse_byte_order = 0; + field->event_field.type.u.basic.integer.base = 10; + field->event_field.type.u.basic.integer.encoding = lttng_encode_none; + field->get_size = vsgid_get_size; + field->record = vsgid_record; + field->get_value = vsgid_get_value; + lttng_context_update(*ctx); + return 0; +} diff --git a/liblttng-ust/lttng-context-vsuid.c b/liblttng-ust/lttng-context-vsuid.c new file mode 100644 index 00000000..56f3d073 --- /dev/null +++ b/liblttng-ust/lttng-context-vsuid.c @@ -0,0 +1,132 @@ +/* + * lttng-context-vsuid.c + * + * LTTng UST namespaced saved set-user ID context. + * + * Copyright (C) 2009-2012 Mathieu Desnoyers + * 2019 Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#define _GNU_SOURCE +#define _LGPL_SOURCE +#include +#include +#include +#include +#include +#include +#include "creds.h" + + +/* + * At the kernel level, user IDs and group IDs are a per-thread attribute. + * However, POSIX requires that all threads in a process share the same + * credentials. The NPTL threading implementation handles the POSIX + * requirements by providing wrapper functions for the various system calls + * that change process UIDs and GIDs. These wrapper functions (including those + * for setreuid() and setregid()) employ a signal-based technique to ensure + * that when one thread changes credentials, all of the other threads in the + * process also change their credentials. + */ + +/* + * We cache the result to ensure we don't trigger a system call for + * each event. User / group IDs are global to the process. + */ +static uid_t cached_vsuid = INVALID_UID; + +static +uid_t get_vsuid(void) +{ + uid_t vsuid; + + vsuid = CMM_LOAD_SHARED(cached_vsuid); + + if (caa_unlikely(vsuid == INVALID_UID)) { + uid_t uid, euid, suid; + + if (getresuid(&uid, &euid, &suid) == 0) { + vsuid = suid; + CMM_STORE_SHARED(cached_vsuid, vsuid); + } + } + + return vsuid; +} + +/* + * The vsuid can change on setuid, setreuid and setresuid. + */ +void lttng_context_vsuid_reset(void) +{ + CMM_STORE_SHARED(cached_vsuid, INVALID_UID); +} + +static +size_t vsuid_get_size(struct lttng_ctx_field *field, size_t offset) +{ + size_t size = 0; + + size += lib_ring_buffer_align(offset, lttng_alignof(uid_t)); + size += sizeof(uid_t); + return size; +} + +static +void vsuid_record(struct lttng_ctx_field *field, + struct lttng_ust_lib_ring_buffer_ctx *ctx, + struct lttng_channel *chan) +{ + uid_t vsuid; + + vsuid = get_vsuid(); + lib_ring_buffer_align_ctx(ctx, lttng_alignof(vsuid)); + chan->ops->event_write(ctx, &vsuid, sizeof(vsuid)); +} + +static +void vsuid_get_value(struct lttng_ctx_field *field, + struct lttng_ctx_value *value) +{ + value->u.s64 = get_vsuid(); +} + +int lttng_add_vsuid_to_ctx(struct lttng_ctx **ctx) +{ + struct lttng_ctx_field *field; + + field = lttng_append_context(ctx); + if (!field) + return -ENOMEM; + if (lttng_find_context(*ctx, "vsuid")) { + lttng_remove_context_field(ctx, field); + return -EEXIST; + } + field->event_field.name = "vsuid"; + field->event_field.type.atype = atype_integer; + field->event_field.type.u.basic.integer.size = sizeof(uid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.alignment = lttng_alignof(uid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.signedness = lttng_is_signed_type(uid_t); + field->event_field.type.u.basic.integer.reverse_byte_order = 0; + field->event_field.type.u.basic.integer.base = 10; + field->event_field.type.u.basic.integer.encoding = lttng_encode_none; + field->get_size = vsuid_get_size; + field->record = vsuid_record; + field->get_value = vsuid_get_value; + lttng_context_update(*ctx); + return 0; +} diff --git a/liblttng-ust/lttng-context-vuid.c b/liblttng-ust/lttng-context-vuid.c new file mode 100644 index 00000000..54167519 --- /dev/null +++ b/liblttng-ust/lttng-context-vuid.c @@ -0,0 +1,127 @@ +/* + * lttng-context-vuid.c + * + * LTTng UST namespaced real user ID context. + * + * Copyright (C) 2009-2012 Mathieu Desnoyers + * 2019 Michael Jeanson + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; only + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#define _LGPL_SOURCE +#include +#include +#include +#include +#include +#include +#include "creds.h" + + +/* + * At the kernel level, user IDs and group IDs are a per-thread attribute. + * However, POSIX requires that all threads in a process share the same + * credentials. The NPTL threading implementation handles the POSIX + * requirements by providing wrapper functions for the various system calls + * that change process UIDs and GIDs. These wrapper functions (including those + * for setreuid() and setregid()) employ a signal-based technique to ensure + * that when one thread changes credentials, all of the other threads in the + * process also change their credentials. + */ + +/* + * We cache the result to ensure we don't trigger a system call for + * each event. User / group IDs are global to the process. + */ +static uid_t cached_vuid = INVALID_UID; + +static +uid_t get_vuid(void) +{ + uid_t vuid; + + vuid = CMM_LOAD_SHARED(cached_vuid); + + if (caa_unlikely(vuid == INVALID_UID)) { + vuid = getuid(); + CMM_STORE_SHARED(cached_vuid, vuid); + } + + return vuid; +} + +/* + * The vuid can change on setuid, setreuid and setresuid. + */ +void lttng_context_vuid_reset(void) +{ + CMM_STORE_SHARED(cached_vuid, INVALID_UID); +} + +static +size_t vuid_get_size(struct lttng_ctx_field *field, size_t offset) +{ + size_t size = 0; + + size += lib_ring_buffer_align(offset, lttng_alignof(uid_t)); + size += sizeof(uid_t); + return size; +} + +static +void vuid_record(struct lttng_ctx_field *field, + struct lttng_ust_lib_ring_buffer_ctx *ctx, + struct lttng_channel *chan) +{ + uid_t vuid; + + vuid = get_vuid(); + lib_ring_buffer_align_ctx(ctx, lttng_alignof(vuid)); + chan->ops->event_write(ctx, &vuid, sizeof(vuid)); +} + +static +void vuid_get_value(struct lttng_ctx_field *field, + struct lttng_ctx_value *value) +{ + value->u.s64 = get_vuid(); +} + +int lttng_add_vuid_to_ctx(struct lttng_ctx **ctx) +{ + struct lttng_ctx_field *field; + + field = lttng_append_context(ctx); + if (!field) + return -ENOMEM; + if (lttng_find_context(*ctx, "vuid")) { + lttng_remove_context_field(ctx, field); + return -EEXIST; + } + field->event_field.name = "vuid"; + field->event_field.type.atype = atype_integer; + field->event_field.type.u.basic.integer.size = sizeof(uid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.alignment = lttng_alignof(uid_t) * CHAR_BIT; + field->event_field.type.u.basic.integer.signedness = lttng_is_signed_type(uid_t); + field->event_field.type.u.basic.integer.reverse_byte_order = 0; + field->event_field.type.u.basic.integer.base = 10; + field->event_field.type.u.basic.integer.encoding = lttng_encode_none; + field->get_size = vuid_get_size; + field->record = vuid_record; + field->get_value = vuid_get_value; + lttng_context_update(*ctx); + return 0; +} diff --git a/liblttng-ust/lttng-context.c b/liblttng-ust/lttng-context.c index ad6c38f0..e408defc 100644 --- a/liblttng-ust/lttng-context.c +++ b/liblttng-ust/lttng-context.c @@ -407,6 +407,36 @@ int lttng_session_context_init(struct lttng_ctx **ctx) WARN("Cannot add context lttng_add_uts_ns_to_ctx"); goto error; } + ret = lttng_add_vuid_to_ctx(ctx); + if (ret) { + WARN("Cannot add context lttng_add_vuid_to_ctx"); + goto error; + } + ret = lttng_add_veuid_to_ctx(ctx); + if (ret) { + WARN("Cannot add context lttng_add_veuid_to_ctx"); + goto error; + } + ret = lttng_add_vsuid_to_ctx(ctx); + if (ret) { + WARN("Cannot add context lttng_add_vsuid_to_ctx"); + goto error; + } + ret = lttng_add_vgid_to_ctx(ctx); + if (ret) { + WARN("Cannot add context lttng_add_vgid_to_ctx"); + goto error; + } + ret = lttng_add_vegid_to_ctx(ctx); + if (ret) { + WARN("Cannot add context lttng_add_vegid_to_ctx"); + goto error; + } + ret = lttng_add_vsgid_to_ctx(ctx); + if (ret) { + WARN("Cannot add context lttng_add_vsgid_to_ctx"); + goto error; + } lttng_context_update(*ctx); return 0; diff --git a/liblttng-ust/lttng-events.c b/liblttng-ust/lttng-events.c index 855f8d87..047759b7 100644 --- a/liblttng-ust/lttng-events.c +++ b/liblttng-ust/lttng-events.c @@ -1126,6 +1126,18 @@ int lttng_attach_context(struct lttng_ust_context *context_param, return lttng_add_user_ns_to_ctx(ctx); case LTTNG_UST_CONTEXT_UTS_NS: return lttng_add_uts_ns_to_ctx(ctx); + case LTTNG_UST_CONTEXT_VUID: + return lttng_add_vuid_to_ctx(ctx); + case LTTNG_UST_CONTEXT_VEUID: + return lttng_add_veuid_to_ctx(ctx); + case LTTNG_UST_CONTEXT_VSUID: + return lttng_add_vsuid_to_ctx(ctx); + case LTTNG_UST_CONTEXT_VGID: + return lttng_add_vgid_to_ctx(ctx); + case LTTNG_UST_CONTEXT_VEGID: + return lttng_add_vegid_to_ctx(ctx); + case LTTNG_UST_CONTEXT_VSGID: + return lttng_add_vsgid_to_ctx(ctx); default: return -EINVAL; } diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c index 5a2aacdf..79f0f28a 100644 --- a/liblttng-ust/lttng-ust-comm.c +++ b/liblttng-ust/lttng-ust-comm.c @@ -2050,6 +2050,22 @@ void ust_context_ns_reset(void) lttng_context_uts_ns_reset(); } +static +void ust_context_vuids_reset(void) +{ + lttng_context_vuid_reset(); + lttng_context_veuid_reset(); + lttng_context_vsuid_reset(); +} + +static +void ust_context_vgids_reset(void) +{ + lttng_context_vgid_reset(); + lttng_context_vegid_reset(); + lttng_context_vsgid_reset(); +} + /* * We exclude the worker threads across fork and clone (except * CLONE_VM), because these system calls only keep the forking thread @@ -2133,6 +2149,8 @@ void ust_after_fork_child(sigset_t *restore_sigset) lttng_context_vtid_reset(); lttng_context_procname_reset(); ust_context_ns_reset(); + ust_context_vuids_reset(); + ust_context_vgids_reset(); DBG("process %d", getpid()); /* Release urcu mutexes */ urcu_bp_after_fork_child(); @@ -2145,11 +2163,55 @@ void ust_after_fork_child(sigset_t *restore_sigset) void ust_after_setns(void) { ust_context_ns_reset(); + ust_context_vuids_reset(); + ust_context_vgids_reset(); } void ust_after_unshare(void) { ust_context_ns_reset(); + ust_context_vuids_reset(); + ust_context_vgids_reset(); +} + +void ust_after_setuid(void) +{ + ust_context_vuids_reset(); +} + +void ust_after_seteuid(void) +{ + ust_context_vuids_reset(); +} + +void ust_after_setreuid(void) +{ + ust_context_vuids_reset(); +} + +void ust_after_setresuid(void) +{ + ust_context_vuids_reset(); +} + +void ust_after_setgid(void) +{ + ust_context_vgids_reset(); +} + +void ust_after_setegid(void) +{ + ust_context_vgids_reset(); +} + +void ust_after_setregid(void) +{ + ust_context_vgids_reset(); +} + +void ust_after_setresgid(void) +{ + ust_context_vgids_reset(); } void lttng_ust_sockinfo_session_enabled(void *owner)