[lttng-dev] [RFC PATCH LTTng-UST] Fix UST SIGPIPE handling
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue Aug 14 16:15:31 EDT 2012
When the consumerd dies (from a SIGKILL), it may close all of its file
descriptors rather abruptly.
We ensured that the UST command threads have all signals blocked, and
they use MSG_NOSIGNAL when sending messages to the sessiond over
sockets.
However, the consumer scheme uses a pipe(2) to transport the "wakeup"
info from the application tracing site to the consumer daemon. It may
send a SIGPIPE to the application in that case, which could kill the
application, an unwanted side-effect.
Block thread SIGPIPE around write() and wait for the signal to fix this.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
diff --git a/libringbuffer/frontend_internal.h b/libringbuffer/frontend_internal.h
index 6d1a75b..020b785 100644
--- a/libringbuffer/frontend_internal.h
+++ b/libringbuffer/frontend_internal.h
@@ -32,6 +32,8 @@
*/
#include <urcu/compiler.h>
+#include <signal.h>
+#include <pthread.h>
#include <lttng/ringbuffer-config.h>
#include "backend_types.h"
@@ -397,7 +399,9 @@ void lib_ring_buffer_check_deliver(const struct lttng_ust_lib_ring_buffer_config
int wakeup_fd = shm_get_wakeup_fd(handle, &buf->self._ref);
if (wakeup_fd >= 0) {
- int ret;
+ sigset_t sigpipe_set, pending_set, old_set;
+ int ret, sigpipe_was_pending = 0;
+
/*
* Wake-up the other end by
* writing a null byte in the
@@ -416,13 +420,56 @@ void lib_ring_buffer_check_deliver(const struct lttng_ust_lib_ring_buffer_config
* 2) check if there is data in
* the buffer.
* 3) wait on the pipe (poll).
+ *
+ * Discard the SIGPIPE from write(), not
+ * disturbing any SIGPIPE that might be
+ * already pending. If a bogus SIGPIPE
+ * is sent to the entire process
+ * concurrently by a malicious user, it
+ * may be simply discarded.
+ */
+ ret = sigemptyset(&pending_set);
+ assert(!ret);
+ /*
+ * sigpending returns the mask
+ * of signals that are _both_
+ * blocked for the thread _and_
+ * pending for either the thread
+ * or the entire process.
*/
+ ret = sigpending(&pending_set);
+ assert(!ret);
+ sigpipe_was_pending = sigismember(&pending_set, SIGPIPE);
+ /*
+ * if the sigpipe was pending,
+ * it means it was already
+ * blocked, so no need to block
+ * it.
+ */
+ if (!sigpipe_was_pending) {
+ ret = sigemptyset(&sigpipe_set);
+ assert(!ret);
+ ret = sigaddset(&sigpipe_set, SIGPIPE);
+ assert(!ret);
+ ret = pthread_sigmask(SIG_BLOCK, &sigpipe_set, &old_set);
+ assert(!ret);
+ }
do {
ret = write(wakeup_fd, "", 1);
} while (ret == -1L && errno == EINTR);
+ if (ret == -1L && errno == EPIPE && !sigpipe_was_pending) {
+ struct timespec timeout = { 0, 0 };
+ do {
+ ret = sigtimedwait(&sigpipe_set, NULL,
+ &timeout);
+ } while (ret == -1L && errno == EINTR);
+ }
+ if (!sigpipe_was_pending) {
+ ret = pthread_sigmask(SIG_SETMASK, &old_set, NULL);
+ assert(!ret);
+ }
}
}
-
}
}
}
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list