]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ | |
2 | ||
3 | #include <errno.h> | |
4 | #include <stdio.h> | |
5 | #include <stdio_ext.h> | |
6 | #include <sys/prctl.h> | |
7 | #include <sys/xattr.h> | |
8 | #include <unistd.h> | |
9 | ||
10 | #if HAVE_ELFUTILS | |
11 | #include <dwarf.h> | |
12 | #include <elfutils/libdwfl.h> | |
13 | #endif | |
14 | ||
15 | #include "sd-daemon.h" | |
16 | #include "sd-journal.h" | |
17 | #include "sd-login.h" | |
18 | #include "sd-messages.h" | |
19 | ||
20 | #include "acl-util.h" | |
21 | #include "alloc-util.h" | |
22 | #include "capability-util.h" | |
23 | #include "cgroup-util.h" | |
24 | #include "compress.h" | |
25 | #include "conf-parser.h" | |
26 | #include "copy.h" | |
27 | #include "coredump-vacuum.h" | |
28 | #include "dirent-util.h" | |
29 | #include "escape.h" | |
30 | #include "fd-util.h" | |
31 | #include "fileio.h" | |
32 | #include "fs-util.h" | |
33 | #include "io-util.h" | |
34 | #include "journal-importer.h" | |
35 | #include "log.h" | |
36 | #include "macro.h" | |
37 | #include "missing.h" | |
38 | #include "mkdir.h" | |
39 | #include "parse-util.h" | |
40 | #include "process-util.h" | |
41 | #include "signal-util.h" | |
42 | #include "socket-util.h" | |
43 | #include "special.h" | |
44 | #include "stacktrace.h" | |
45 | #include "string-table.h" | |
46 | #include "string-util.h" | |
47 | #include "strv.h" | |
48 | #include "user-util.h" | |
49 | #include "util.h" | |
50 | ||
51 | /* The maximum size up to which we process coredumps */ | |
52 | #define PROCESS_SIZE_MAX ((uint64_t) (2LLU*1024LLU*1024LLU*1024LLU)) | |
53 | ||
54 | /* The maximum size up to which we leave the coredump around on disk */ | |
55 | #define EXTERNAL_SIZE_MAX PROCESS_SIZE_MAX | |
56 | ||
57 | /* The maximum size up to which we store the coredump in the journal */ | |
58 | #define JOURNAL_SIZE_MAX ((size_t) (767LU*1024LU*1024LU)) | |
59 | ||
60 | /* Make sure to not make this larger than the maximum journal entry | |
61 | * size. See DATA_SIZE_MAX in journald-native.c. */ | |
62 | assert_cc(JOURNAL_SIZE_MAX <= DATA_SIZE_MAX); | |
63 | ||
64 | enum { | |
65 | /* We use this as array indexes for a couple of special fields we use for | |
66 | * naming coredump files, and attaching xattrs, and for indexing argv[]. | |
67 | ||
68 | * Our pattern for man:systectl(1) kernel.core_pattern is such that the | |
69 | * kernel passes fields until CONTEXT_RLIMIT as arguments in argv[]. After | |
70 | * that it gets complicated: the kernel passes "comm" as one or more fields | |
71 | * starting at index CONTEXT_COMM (in other words, full "comm" is under index | |
72 | * CONTEXT_COMM when it does not contain spaces, which is the common | |
73 | * case). This mapping is not reversible, so we prefer to retrieve "comm" | |
74 | * from /proc. We only fall back to argv[CONTEXT_COMM...] when that fails. | |
75 | * | |
76 | * In the internal context[] array, fields before CONTEXT_COMM are the | |
77 | * strings from argv[], so they should not be freed. The strings at indices | |
78 | * CONTEXT_COMM and higher are allocated by us and should be freed at the | |
79 | * end. | |
80 | */ | |
81 | CONTEXT_PID, | |
82 | CONTEXT_UID, | |
83 | CONTEXT_GID, | |
84 | CONTEXT_SIGNAL, | |
85 | CONTEXT_TIMESTAMP, | |
86 | CONTEXT_RLIMIT, | |
87 | CONTEXT_HOSTNAME, | |
88 | CONTEXT_COMM, | |
89 | CONTEXT_EXE, | |
90 | CONTEXT_UNIT, | |
91 | _CONTEXT_MAX | |
92 | }; | |
93 | ||
94 | typedef enum CoredumpStorage { | |
95 | COREDUMP_STORAGE_NONE, | |
96 | COREDUMP_STORAGE_EXTERNAL, | |
97 | COREDUMP_STORAGE_JOURNAL, | |
98 | _COREDUMP_STORAGE_MAX, | |
99 | _COREDUMP_STORAGE_INVALID = -1 | |
100 | } CoredumpStorage; | |
101 | ||
102 | static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = { | |
103 | [COREDUMP_STORAGE_NONE] = "none", | |
104 | [COREDUMP_STORAGE_EXTERNAL] = "external", | |
105 | [COREDUMP_STORAGE_JOURNAL] = "journal", | |
106 | }; | |
107 | ||
108 | DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage); | |
109 | static DEFINE_CONFIG_PARSE_ENUM(config_parse_coredump_storage, coredump_storage, CoredumpStorage, "Failed to parse storage setting"); | |
110 | ||
111 | static CoredumpStorage arg_storage = COREDUMP_STORAGE_EXTERNAL; | |
112 | static bool arg_compress = true; | |
113 | static uint64_t arg_process_size_max = PROCESS_SIZE_MAX; | |
114 | static uint64_t arg_external_size_max = EXTERNAL_SIZE_MAX; | |
115 | static uint64_t arg_journal_size_max = JOURNAL_SIZE_MAX; | |
116 | static uint64_t arg_keep_free = (uint64_t) -1; | |
117 | static uint64_t arg_max_use = (uint64_t) -1; | |
118 | ||
119 | static int parse_config(void) { | |
120 | static const ConfigTableItem items[] = { | |
121 | { "Coredump", "Storage", config_parse_coredump_storage, 0, &arg_storage }, | |
122 | { "Coredump", "Compress", config_parse_bool, 0, &arg_compress }, | |
123 | { "Coredump", "ProcessSizeMax", config_parse_iec_uint64, 0, &arg_process_size_max }, | |
124 | { "Coredump", "ExternalSizeMax", config_parse_iec_uint64, 0, &arg_external_size_max }, | |
125 | { "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max }, | |
126 | { "Coredump", "KeepFree", config_parse_iec_uint64, 0, &arg_keep_free }, | |
127 | { "Coredump", "MaxUse", config_parse_iec_uint64, 0, &arg_max_use }, | |
128 | {} | |
129 | }; | |
130 | ||
131 | return config_parse_many_nulstr(PKGSYSCONFDIR "/coredump.conf", | |
132 | CONF_PATHS_NULSTR("systemd/coredump.conf.d"), | |
133 | "Coredump\0", | |
134 | config_item_table_lookup, items, | |
135 | CONFIG_PARSE_WARN, NULL); | |
136 | } | |
137 | ||
138 | static inline uint64_t storage_size_max(void) { | |
139 | if (arg_storage == COREDUMP_STORAGE_EXTERNAL) | |
140 | return arg_external_size_max; | |
141 | if (arg_storage == COREDUMP_STORAGE_JOURNAL) | |
142 | return arg_journal_size_max; | |
143 | assert(arg_storage == COREDUMP_STORAGE_NONE); | |
144 | return 0; | |
145 | } | |
146 | ||
147 | static int fix_acl(int fd, uid_t uid) { | |
148 | ||
149 | #if HAVE_ACL | |
150 | _cleanup_(acl_freep) acl_t acl = NULL; | |
151 | acl_entry_t entry; | |
152 | acl_permset_t permset; | |
153 | int r; | |
154 | ||
155 | assert(fd >= 0); | |
156 | ||
157 | if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) | |
158 | return 0; | |
159 | ||
160 | /* Make sure normal users can read (but not write or delete) | |
161 | * their own coredumps */ | |
162 | ||
163 | acl = acl_get_fd(fd); | |
164 | if (!acl) | |
165 | return log_error_errno(errno, "Failed to get ACL: %m"); | |
166 | ||
167 | if (acl_create_entry(&acl, &entry) < 0 || | |
168 | acl_set_tag_type(entry, ACL_USER) < 0 || | |
169 | acl_set_qualifier(entry, &uid) < 0) | |
170 | return log_error_errno(errno, "Failed to patch ACL: %m"); | |
171 | ||
172 | if (acl_get_permset(entry, &permset) < 0 || | |
173 | acl_add_perm(permset, ACL_READ) < 0) | |
174 | return log_warning_errno(errno, "Failed to patch ACL: %m"); | |
175 | ||
176 | r = calc_acl_mask_if_needed(&acl); | |
177 | if (r < 0) | |
178 | return log_warning_errno(r, "Failed to patch ACL: %m"); | |
179 | ||
180 | if (acl_set_fd(fd, acl) < 0) | |
181 | return log_error_errno(errno, "Failed to apply ACL: %m"); | |
182 | #endif | |
183 | ||
184 | return 0; | |
185 | } | |
186 | ||
187 | static int fix_xattr(int fd, const char *context[_CONTEXT_MAX]) { | |
188 | ||
189 | static const char * const xattrs[_CONTEXT_MAX] = { | |
190 | [CONTEXT_PID] = "user.coredump.pid", | |
191 | [CONTEXT_UID] = "user.coredump.uid", | |
192 | [CONTEXT_GID] = "user.coredump.gid", | |
193 | [CONTEXT_SIGNAL] = "user.coredump.signal", | |
194 | [CONTEXT_TIMESTAMP] = "user.coredump.timestamp", | |
195 | [CONTEXT_RLIMIT] = "user.coredump.rlimit", | |
196 | [CONTEXT_HOSTNAME] = "user.coredump.hostname", | |
197 | [CONTEXT_COMM] = "user.coredump.comm", | |
198 | [CONTEXT_EXE] = "user.coredump.exe", | |
199 | }; | |
200 | ||
201 | int r = 0; | |
202 | unsigned i; | |
203 | ||
204 | assert(fd >= 0); | |
205 | ||
206 | /* Attach some metadata to coredumps via extended | |
207 | * attributes. Just because we can. */ | |
208 | ||
209 | for (i = 0; i < _CONTEXT_MAX; i++) { | |
210 | int k; | |
211 | ||
212 | if (isempty(context[i]) || !xattrs[i]) | |
213 | continue; | |
214 | ||
215 | k = fsetxattr(fd, xattrs[i], context[i], strlen(context[i]), XATTR_CREATE); | |
216 | if (k < 0 && r == 0) | |
217 | r = -errno; | |
218 | } | |
219 | ||
220 | return r; | |
221 | } | |
222 | ||
223 | #define filename_escape(s) xescape((s), "./ ") | |
224 | ||
225 | static inline const char *coredump_tmpfile_name(const char *s) { | |
226 | return s ? s : "(unnamed temporary file)"; | |
227 | } | |
228 | ||
229 | static int fix_permissions( | |
230 | int fd, | |
231 | const char *filename, | |
232 | const char *target, | |
233 | const char *context[_CONTEXT_MAX], | |
234 | uid_t uid) { | |
235 | ||
236 | int r; | |
237 | ||
238 | assert(fd >= 0); | |
239 | assert(target); | |
240 | assert(context); | |
241 | ||
242 | /* Ignore errors on these */ | |
243 | (void) fchmod(fd, 0640); | |
244 | (void) fix_acl(fd, uid); | |
245 | (void) fix_xattr(fd, context); | |
246 | ||
247 | if (fsync(fd) < 0) | |
248 | return log_error_errno(errno, "Failed to sync coredump %s: %m", coredump_tmpfile_name(filename)); | |
249 | ||
250 | (void) fsync_directory_of_file(fd); | |
251 | ||
252 | r = link_tmpfile(fd, filename, target); | |
253 | if (r < 0) | |
254 | return log_error_errno(r, "Failed to move coredump %s into place: %m", target); | |
255 | ||
256 | return 0; | |
257 | } | |
258 | ||
259 | static int maybe_remove_external_coredump(const char *filename, uint64_t size) { | |
260 | ||
261 | /* Returns 1 if might remove, 0 if will not remove, < 0 on error. */ | |
262 | ||
263 | if (arg_storage == COREDUMP_STORAGE_EXTERNAL && | |
264 | size <= arg_external_size_max) | |
265 | return 0; | |
266 | ||
267 | if (!filename) | |
268 | return 1; | |
269 | ||
270 | if (unlink(filename) < 0 && errno != ENOENT) | |
271 | return log_error_errno(errno, "Failed to unlink %s: %m", filename); | |
272 | ||
273 | return 1; | |
274 | } | |
275 | ||
276 | static int make_filename(const char *context[_CONTEXT_MAX], char **ret) { | |
277 | _cleanup_free_ char *c = NULL, *u = NULL, *p = NULL, *t = NULL; | |
278 | sd_id128_t boot = {}; | |
279 | int r; | |
280 | ||
281 | assert(context); | |
282 | ||
283 | c = filename_escape(context[CONTEXT_COMM]); | |
284 | if (!c) | |
285 | return -ENOMEM; | |
286 | ||
287 | u = filename_escape(context[CONTEXT_UID]); | |
288 | if (!u) | |
289 | return -ENOMEM; | |
290 | ||
291 | r = sd_id128_get_boot(&boot); | |
292 | if (r < 0) | |
293 | return r; | |
294 | ||
295 | p = filename_escape(context[CONTEXT_PID]); | |
296 | if (!p) | |
297 | return -ENOMEM; | |
298 | ||
299 | t = filename_escape(context[CONTEXT_TIMESTAMP]); | |
300 | if (!t) | |
301 | return -ENOMEM; | |
302 | ||
303 | if (asprintf(ret, | |
304 | "/var/lib/systemd/coredump/core.%s.%s." SD_ID128_FORMAT_STR ".%s.%s000000", | |
305 | c, | |
306 | u, | |
307 | SD_ID128_FORMAT_VAL(boot), | |
308 | p, | |
309 | t) < 0) | |
310 | return -ENOMEM; | |
311 | ||
312 | return 0; | |
313 | } | |
314 | ||
315 | static int save_external_coredump( | |
316 | const char *context[_CONTEXT_MAX], | |
317 | int input_fd, | |
318 | char **ret_filename, | |
319 | int *ret_node_fd, | |
320 | int *ret_data_fd, | |
321 | uint64_t *ret_size, | |
322 | bool *ret_truncated) { | |
323 | ||
324 | _cleanup_free_ char *fn = NULL, *tmp = NULL; | |
325 | _cleanup_close_ int fd = -1; | |
326 | uint64_t rlimit, process_limit, max_size; | |
327 | struct stat st; | |
328 | uid_t uid; | |
329 | int r; | |
330 | ||
331 | assert(context); | |
332 | assert(ret_filename); | |
333 | assert(ret_node_fd); | |
334 | assert(ret_data_fd); | |
335 | assert(ret_size); | |
336 | ||
337 | r = parse_uid(context[CONTEXT_UID], &uid); | |
338 | if (r < 0) | |
339 | return log_error_errno(r, "Failed to parse UID: %m"); | |
340 | ||
341 | r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit); | |
342 | if (r < 0) | |
343 | return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]); | |
344 | if (rlimit < page_size()) { | |
345 | /* Is coredumping disabled? Then don't bother saving/processing the coredump. | |
346 | * Anything below PAGE_SIZE cannot give a readable coredump (the kernel uses | |
347 | * ELF_EXEC_PAGESIZE which is not easily accessible, but is usually the same as PAGE_SIZE. */ | |
348 | log_info("Resource limits disable core dumping for process %s (%s).", | |
349 | context[CONTEXT_PID], context[CONTEXT_COMM]); | |
350 | return -EBADSLT; | |
351 | } | |
352 | ||
353 | process_limit = MAX(arg_process_size_max, storage_size_max()); | |
354 | if (process_limit == 0) { | |
355 | log_debug("Limits for coredump processing and storage are both 0, not dumping core."); | |
356 | return -EBADSLT; | |
357 | } | |
358 | ||
359 | /* Never store more than the process configured, or than we actually shall keep or process */ | |
360 | max_size = MIN(rlimit, process_limit); | |
361 | ||
362 | r = make_filename(context, &fn); | |
363 | if (r < 0) | |
364 | return log_error_errno(r, "Failed to determine coredump file name: %m"); | |
365 | ||
366 | mkdir_p_label("/var/lib/systemd/coredump", 0755); | |
367 | ||
368 | fd = open_tmpfile_linkable(fn, O_RDWR|O_CLOEXEC, &tmp); | |
369 | if (fd < 0) | |
370 | return log_error_errno(fd, "Failed to create temporary file for coredump %s: %m", fn); | |
371 | ||
372 | r = copy_bytes(input_fd, fd, max_size, 0); | |
373 | if (r < 0) { | |
374 | log_error_errno(r, "Cannot store coredump of %s (%s): %m", context[CONTEXT_PID], context[CONTEXT_COMM]); | |
375 | goto fail; | |
376 | } | |
377 | *ret_truncated = r == 1; | |
378 | if (*ret_truncated) | |
379 | log_struct(LOG_INFO, | |
380 | LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size), | |
381 | "SIZE_LIMIT=%zu", max_size, | |
382 | "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); | |
383 | ||
384 | if (fstat(fd, &st) < 0) { | |
385 | log_error_errno(errno, "Failed to fstat core file %s: %m", coredump_tmpfile_name(tmp)); | |
386 | goto fail; | |
387 | } | |
388 | ||
389 | if (lseek(fd, 0, SEEK_SET) == (off_t) -1) { | |
390 | log_error_errno(errno, "Failed to seek on %s: %m", coredump_tmpfile_name(tmp)); | |
391 | goto fail; | |
392 | } | |
393 | ||
394 | #if HAVE_XZ || HAVE_LZ4 | |
395 | /* If we will remove the coredump anyway, do not compress. */ | |
396 | if (arg_compress && !maybe_remove_external_coredump(NULL, st.st_size)) { | |
397 | ||
398 | _cleanup_free_ char *fn_compressed = NULL, *tmp_compressed = NULL; | |
399 | _cleanup_close_ int fd_compressed = -1; | |
400 | ||
401 | fn_compressed = strappend(fn, COMPRESSED_EXT); | |
402 | if (!fn_compressed) { | |
403 | log_oom(); | |
404 | goto uncompressed; | |
405 | } | |
406 | ||
407 | fd_compressed = open_tmpfile_linkable(fn_compressed, O_RDWR|O_CLOEXEC, &tmp_compressed); | |
408 | if (fd_compressed < 0) { | |
409 | log_error_errno(fd_compressed, "Failed to create temporary file for coredump %s: %m", fn_compressed); | |
410 | goto uncompressed; | |
411 | } | |
412 | ||
413 | r = compress_stream(fd, fd_compressed, -1); | |
414 | if (r < 0) { | |
415 | log_error_errno(r, "Failed to compress %s: %m", coredump_tmpfile_name(tmp_compressed)); | |
416 | goto fail_compressed; | |
417 | } | |
418 | ||
419 | r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); | |
420 | if (r < 0) | |
421 | goto fail_compressed; | |
422 | ||
423 | /* OK, this worked, we can get rid of the uncompressed version now */ | |
424 | if (tmp) | |
425 | unlink_noerrno(tmp); | |
426 | ||
427 | *ret_filename = TAKE_PTR(fn_compressed); /* compressed */ | |
428 | *ret_node_fd = TAKE_FD(fd_compressed); /* compressed */ | |
429 | *ret_data_fd = TAKE_FD(fd); /* uncompressed */ | |
430 | *ret_size = (uint64_t) st.st_size; /* uncompressed */ | |
431 | ||
432 | return 0; | |
433 | ||
434 | fail_compressed: | |
435 | if (tmp_compressed) | |
436 | (void) unlink(tmp_compressed); | |
437 | } | |
438 | ||
439 | uncompressed: | |
440 | #endif | |
441 | ||
442 | r = fix_permissions(fd, tmp, fn, context, uid); | |
443 | if (r < 0) | |
444 | goto fail; | |
445 | ||
446 | *ret_filename = TAKE_PTR(fn); | |
447 | *ret_data_fd = TAKE_FD(fd); | |
448 | *ret_node_fd = -1; | |
449 | *ret_size = (uint64_t) st.st_size; | |
450 | ||
451 | return 0; | |
452 | ||
453 | fail: | |
454 | if (tmp) | |
455 | (void) unlink(tmp); | |
456 | return r; | |
457 | } | |
458 | ||
459 | static int allocate_journal_field(int fd, size_t size, char **ret, size_t *ret_size) { | |
460 | _cleanup_free_ char *field = NULL; | |
461 | ssize_t n; | |
462 | ||
463 | assert(fd >= 0); | |
464 | assert(ret); | |
465 | assert(ret_size); | |
466 | ||
467 | if (lseek(fd, 0, SEEK_SET) == (off_t) -1) | |
468 | return log_warning_errno(errno, "Failed to seek: %m"); | |
469 | ||
470 | field = malloc(9 + size); | |
471 | if (!field) { | |
472 | log_warning("Failed to allocate memory for coredump, coredump will not be stored."); | |
473 | return -ENOMEM; | |
474 | } | |
475 | ||
476 | memcpy(field, "COREDUMP=", 9); | |
477 | ||
478 | n = read(fd, field + 9, size); | |
479 | if (n < 0) | |
480 | return log_error_errno((int) n, "Failed to read core data: %m"); | |
481 | if ((size_t) n < size) { | |
482 | log_error("Core data too short."); | |
483 | return -EIO; | |
484 | } | |
485 | ||
486 | *ret = TAKE_PTR(field); | |
487 | *ret_size = size + 9; | |
488 | ||
489 | return 0; | |
490 | } | |
491 | ||
492 | /* Joins /proc/[pid]/fd/ and /proc/[pid]/fdinfo/ into the following lines: | |
493 | * 0:/dev/pts/23 | |
494 | * pos: 0 | |
495 | * flags: 0100002 | |
496 | * | |
497 | * 1:/dev/pts/23 | |
498 | * pos: 0 | |
499 | * flags: 0100002 | |
500 | * | |
501 | * 2:/dev/pts/23 | |
502 | * pos: 0 | |
503 | * flags: 0100002 | |
504 | * EOF | |
505 | */ | |
506 | static int compose_open_fds(pid_t pid, char **open_fds) { | |
507 | _cleanup_closedir_ DIR *proc_fd_dir = NULL; | |
508 | _cleanup_close_ int proc_fdinfo_fd = -1; | |
509 | _cleanup_free_ char *buffer = NULL; | |
510 | _cleanup_fclose_ FILE *stream = NULL; | |
511 | const char *fddelim = "", *path; | |
512 | struct dirent *dent = NULL; | |
513 | size_t size = 0; | |
514 | int r = 0; | |
515 | ||
516 | assert(pid >= 0); | |
517 | assert(open_fds != NULL); | |
518 | ||
519 | path = procfs_file_alloca(pid, "fd"); | |
520 | proc_fd_dir = opendir(path); | |
521 | if (!proc_fd_dir) | |
522 | return -errno; | |
523 | ||
524 | proc_fdinfo_fd = openat(dirfd(proc_fd_dir), "../fdinfo", O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC|O_PATH); | |
525 | if (proc_fdinfo_fd < 0) | |
526 | return -errno; | |
527 | ||
528 | stream = open_memstream(&buffer, &size); | |
529 | if (!stream) | |
530 | return -ENOMEM; | |
531 | ||
532 | (void) __fsetlocking(stream, FSETLOCKING_BYCALLER); | |
533 | ||
534 | FOREACH_DIRENT(dent, proc_fd_dir, return -errno) { | |
535 | _cleanup_fclose_ FILE *fdinfo = NULL; | |
536 | _cleanup_free_ char *fdname = NULL; | |
537 | char line[LINE_MAX]; | |
538 | int fd; | |
539 | ||
540 | r = readlinkat_malloc(dirfd(proc_fd_dir), dent->d_name, &fdname); | |
541 | if (r < 0) | |
542 | return r; | |
543 | ||
544 | fprintf(stream, "%s%s:%s\n", fddelim, dent->d_name, fdname); | |
545 | fddelim = "\n"; | |
546 | ||
547 | /* Use the directory entry from /proc/[pid]/fd with /proc/[pid]/fdinfo */ | |
548 | fd = openat(proc_fdinfo_fd, dent->d_name, O_NOFOLLOW|O_CLOEXEC|O_RDONLY); | |
549 | if (fd < 0) | |
550 | continue; | |
551 | ||
552 | fdinfo = fdopen(fd, "re"); | |
553 | if (!fdinfo) { | |
554 | safe_close(fd); | |
555 | continue; | |
556 | } | |
557 | ||
558 | FOREACH_LINE(line, fdinfo, break) { | |
559 | fputs(line, stream); | |
560 | if (!endswith(line, "\n")) | |
561 | fputc('\n', stream); | |
562 | } | |
563 | } | |
564 | ||
565 | errno = 0; | |
566 | stream = safe_fclose(stream); | |
567 | ||
568 | if (errno > 0) | |
569 | return -errno; | |
570 | ||
571 | *open_fds = TAKE_PTR(buffer); | |
572 | ||
573 | return 0; | |
574 | } | |
575 | ||
576 | static int get_process_ns(pid_t pid, const char *namespace, ino_t *ns) { | |
577 | const char *p; | |
578 | struct stat stbuf; | |
579 | _cleanup_close_ int proc_ns_dir_fd; | |
580 | ||
581 | p = procfs_file_alloca(pid, "ns"); | |
582 | ||
583 | proc_ns_dir_fd = open(p, O_DIRECTORY | O_CLOEXEC | O_RDONLY); | |
584 | if (proc_ns_dir_fd < 0) | |
585 | return -errno; | |
586 | ||
587 | if (fstatat(proc_ns_dir_fd, namespace, &stbuf, /* flags */0) < 0) | |
588 | return -errno; | |
589 | ||
590 | *ns = stbuf.st_ino; | |
591 | return 0; | |
592 | } | |
593 | ||
594 | static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) { | |
595 | pid_t cpid = pid, ppid = 0; | |
596 | ino_t proc_mntns; | |
597 | int r = 0; | |
598 | ||
599 | r = get_process_ns(pid, "mnt", &proc_mntns); | |
600 | if (r < 0) | |
601 | return r; | |
602 | ||
603 | for (;;) { | |
604 | ino_t parent_mntns; | |
605 | ||
606 | r = get_process_ppid(cpid, &ppid); | |
607 | if (r < 0) | |
608 | return r; | |
609 | ||
610 | r = get_process_ns(ppid, "mnt", &parent_mntns); | |
611 | if (r < 0) | |
612 | return r; | |
613 | ||
614 | if (proc_mntns != parent_mntns) | |
615 | break; | |
616 | ||
617 | if (ppid == 1) | |
618 | return -ENOENT; | |
619 | ||
620 | cpid = ppid; | |
621 | } | |
622 | ||
623 | *container_pid = ppid; | |
624 | return 0; | |
625 | } | |
626 | ||
627 | /* Returns 1 if the parent was found. | |
628 | * Returns 0 if there is not a process we can call the pid's | |
629 | * container parent (the pid's process isn't 'containerized'). | |
630 | * Returns a negative number on errors. | |
631 | */ | |
632 | static int get_process_container_parent_cmdline(pid_t pid, char** cmdline) { | |
633 | int r = 0; | |
634 | pid_t container_pid; | |
635 | const char *proc_root_path; | |
636 | struct stat root_stat, proc_root_stat; | |
637 | ||
638 | /* To compare inodes of / and /proc/[pid]/root */ | |
639 | if (stat("/", &root_stat) < 0) | |
640 | return -errno; | |
641 | ||
642 | proc_root_path = procfs_file_alloca(pid, "root"); | |
643 | if (stat(proc_root_path, &proc_root_stat) < 0) | |
644 | return -errno; | |
645 | ||
646 | /* The process uses system root. */ | |
647 | if (proc_root_stat.st_ino == root_stat.st_ino) { | |
648 | *cmdline = NULL; | |
649 | return 0; | |
650 | } | |
651 | ||
652 | r = get_mount_namespace_leader(pid, &container_pid); | |
653 | if (r < 0) | |
654 | return r; | |
655 | ||
656 | r = get_process_cmdline(container_pid, 0, false, cmdline); | |
657 | if (r < 0) | |
658 | return r; | |
659 | ||
660 | return 1; | |
661 | } | |
662 | ||
663 | static int change_uid_gid(const char *context[]) { | |
664 | uid_t uid; | |
665 | gid_t gid; | |
666 | int r; | |
667 | ||
668 | r = parse_uid(context[CONTEXT_UID], &uid); | |
669 | if (r < 0) | |
670 | return r; | |
671 | ||
672 | if (uid <= SYSTEM_UID_MAX) { | |
673 | const char *user = "systemd-coredump"; | |
674 | ||
675 | r = get_user_creds(&user, &uid, &gid, NULL, NULL); | |
676 | if (r < 0) { | |
677 | log_warning_errno(r, "Cannot resolve %s user. Proceeding to dump core as root: %m", user); | |
678 | uid = gid = 0; | |
679 | } | |
680 | } else { | |
681 | r = parse_gid(context[CONTEXT_GID], &gid); | |
682 | if (r < 0) | |
683 | return r; | |
684 | } | |
685 | ||
686 | return drop_privileges(uid, gid, 0); | |
687 | } | |
688 | ||
689 | static bool is_journald_crash(const char *context[_CONTEXT_MAX]) { | |
690 | assert(context); | |
691 | ||
692 | return streq_ptr(context[CONTEXT_UNIT], SPECIAL_JOURNALD_SERVICE); | |
693 | } | |
694 | ||
695 | static bool is_pid1_crash(const char *context[_CONTEXT_MAX]) { | |
696 | assert(context); | |
697 | ||
698 | return streq_ptr(context[CONTEXT_UNIT], SPECIAL_INIT_SCOPE) || | |
699 | streq_ptr(context[CONTEXT_PID], "1"); | |
700 | } | |
701 | ||
702 | #define SUBMIT_COREDUMP_FIELDS 4 | |
703 | ||
704 | static int submit_coredump( | |
705 | const char *context[_CONTEXT_MAX], | |
706 | struct iovec *iovec, | |
707 | size_t n_iovec_allocated, | |
708 | size_t n_iovec, | |
709 | int input_fd) { | |
710 | ||
711 | _cleanup_close_ int coredump_fd = -1, coredump_node_fd = -1; | |
712 | _cleanup_free_ char *core_message = NULL, *filename = NULL, *coredump_data = NULL; | |
713 | uint64_t coredump_size = UINT64_MAX; | |
714 | bool truncated = false, journald_crash; | |
715 | int r; | |
716 | ||
717 | assert(context); | |
718 | assert(iovec); | |
719 | assert(n_iovec_allocated >= n_iovec + SUBMIT_COREDUMP_FIELDS); | |
720 | assert(input_fd >= 0); | |
721 | ||
722 | journald_crash = is_journald_crash(context); | |
723 | ||
724 | /* Vacuum before we write anything again */ | |
725 | (void) coredump_vacuum(-1, arg_keep_free, arg_max_use); | |
726 | ||
727 | /* Always stream the coredump to disk, if that's possible */ | |
728 | r = save_external_coredump(context, input_fd, | |
729 | &filename, &coredump_node_fd, &coredump_fd, &coredump_size, &truncated); | |
730 | if (r < 0) | |
731 | /* Skip whole core dumping part */ | |
732 | goto log; | |
733 | ||
734 | /* If we don't want to keep the coredump on disk, remove it now, as later on we will lack the privileges for | |
735 | * it. However, we keep the fd to it, so that we can still process it and log it. */ | |
736 | r = maybe_remove_external_coredump(filename, coredump_size); | |
737 | if (r < 0) | |
738 | return r; | |
739 | if (r == 0) { | |
740 | const char *coredump_filename; | |
741 | ||
742 | coredump_filename = strjoina("COREDUMP_FILENAME=", filename); | |
743 | iovec[n_iovec++] = IOVEC_MAKE_STRING(coredump_filename); | |
744 | } else if (arg_storage == COREDUMP_STORAGE_EXTERNAL) | |
745 | log_info("The core will not be stored: size %"PRIu64" is greater than %"PRIu64" (the configured maximum)", | |
746 | coredump_size, arg_external_size_max); | |
747 | ||
748 | /* Vacuum again, but exclude the coredump we just created */ | |
749 | (void) coredump_vacuum(coredump_node_fd >= 0 ? coredump_node_fd : coredump_fd, arg_keep_free, arg_max_use); | |
750 | ||
751 | /* Now, let's drop privileges to become the user who owns the segfaulted process and allocate the coredump | |
752 | * memory under the user's uid. This also ensures that the credentials journald will see are the ones of the | |
753 | * coredumping user, thus making sure the user gets access to the core dump. Let's also get rid of all | |
754 | * capabilities, if we run as root, we won't need them anymore. */ | |
755 | r = change_uid_gid(context); | |
756 | if (r < 0) | |
757 | return log_error_errno(r, "Failed to drop privileges: %m"); | |
758 | ||
759 | #if HAVE_ELFUTILS | |
760 | /* Try to get a strack trace if we can */ | |
761 | if (coredump_size <= arg_process_size_max) { | |
762 | _cleanup_free_ char *stacktrace = NULL; | |
763 | ||
764 | r = coredump_make_stack_trace(coredump_fd, context[CONTEXT_EXE], &stacktrace); | |
765 | if (r >= 0) | |
766 | core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], | |
767 | " (", context[CONTEXT_COMM], ") of user ", | |
768 | context[CONTEXT_UID], " dumped core.", | |
769 | journald_crash ? "\nCoredump diverted to " : "", | |
770 | journald_crash ? filename : "", | |
771 | "\n\n", stacktrace); | |
772 | else if (r == -EINVAL) | |
773 | log_warning("Failed to generate stack trace: %s", dwfl_errmsg(dwfl_errno())); | |
774 | else | |
775 | log_warning_errno(r, "Failed to generate stack trace: %m"); | |
776 | } else | |
777 | log_debug("Not generating stack trace: core size %"PRIu64" is greater than %"PRIu64" (the configured maximum)", | |
778 | coredump_size, arg_process_size_max); | |
779 | ||
780 | if (!core_message) | |
781 | #endif | |
782 | log: | |
783 | core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], | |
784 | " (", context[CONTEXT_COMM], ") of user ", | |
785 | context[CONTEXT_UID], " dumped core.", | |
786 | journald_crash ? "\nCoredump diverted to " : NULL, | |
787 | journald_crash ? filename : NULL); | |
788 | if (!core_message) | |
789 | return log_oom(); | |
790 | ||
791 | if (journald_crash) { | |
792 | /* We cannot log to the journal, so just print the MESSAGE. | |
793 | * The target was set previously to something safe. */ | |
794 | log_dispatch(LOG_ERR, 0, core_message); | |
795 | return 0; | |
796 | } | |
797 | ||
798 | iovec[n_iovec++] = IOVEC_MAKE_STRING(core_message); | |
799 | ||
800 | if (truncated) | |
801 | iovec[n_iovec++] = IOVEC_MAKE_STRING("COREDUMP_TRUNCATED=1"); | |
802 | ||
803 | /* Optionally store the entire coredump in the journal */ | |
804 | if (arg_storage == COREDUMP_STORAGE_JOURNAL) { | |
805 | if (coredump_size <= arg_journal_size_max) { | |
806 | size_t sz = 0; | |
807 | ||
808 | /* Store the coredump itself in the journal */ | |
809 | ||
810 | r = allocate_journal_field(coredump_fd, (size_t) coredump_size, &coredump_data, &sz); | |
811 | if (r >= 0) | |
812 | iovec[n_iovec++] = IOVEC_MAKE(coredump_data, sz); | |
813 | else | |
814 | log_warning_errno(r, "Failed to attach the core to the journal entry: %m"); | |
815 | } else | |
816 | log_info("The core will not be stored: size %"PRIu64" is greater than %"PRIu64" (the configured maximum)", | |
817 | coredump_size, arg_journal_size_max); | |
818 | } | |
819 | ||
820 | assert(n_iovec <= n_iovec_allocated); | |
821 | ||
822 | r = sd_journal_sendv(iovec, n_iovec); | |
823 | if (r < 0) | |
824 | return log_error_errno(r, "Failed to log coredump: %m"); | |
825 | ||
826 | return 0; | |
827 | } | |
828 | ||
829 | static void map_context_fields(const struct iovec *iovec, const char* context[]) { | |
830 | ||
831 | static const char * const context_field_names[] = { | |
832 | [CONTEXT_PID] = "COREDUMP_PID=", | |
833 | [CONTEXT_UID] = "COREDUMP_UID=", | |
834 | [CONTEXT_GID] = "COREDUMP_GID=", | |
835 | [CONTEXT_SIGNAL] = "COREDUMP_SIGNAL=", | |
836 | [CONTEXT_TIMESTAMP] = "COREDUMP_TIMESTAMP=", | |
837 | [CONTEXT_RLIMIT] = "COREDUMP_RLIMIT=", | |
838 | [CONTEXT_HOSTNAME] = "COREDUMP_HOSTNAME=", | |
839 | [CONTEXT_COMM] = "COREDUMP_COMM=", | |
840 | [CONTEXT_EXE] = "COREDUMP_EXE=", | |
841 | }; | |
842 | ||
843 | unsigned i; | |
844 | ||
845 | assert(iovec); | |
846 | assert(context); | |
847 | ||
848 | for (i = 0; i < ELEMENTSOF(context_field_names); i++) { | |
849 | char *p; | |
850 | ||
851 | if (!context_field_names[i]) | |
852 | continue; | |
853 | ||
854 | p = memory_startswith(iovec->iov_base, iovec->iov_len, context_field_names[i]); | |
855 | if (!p) | |
856 | continue; | |
857 | ||
858 | /* Note that these strings are NUL terminated, because we made sure that a trailing NUL byte is in the | |
859 | * buffer, though not included in the iov_len count. (see below) */ | |
860 | context[i] = p; | |
861 | break; | |
862 | } | |
863 | } | |
864 | ||
865 | static int process_socket(int fd) { | |
866 | _cleanup_close_ int coredump_fd = -1; | |
867 | struct iovec *iovec = NULL; | |
868 | size_t n_iovec = 0, n_allocated = 0, i, k; | |
869 | const char *context[_CONTEXT_MAX] = {}; | |
870 | int r; | |
871 | ||
872 | assert(fd >= 0); | |
873 | ||
874 | log_set_target(LOG_TARGET_AUTO); | |
875 | log_parse_environment(); | |
876 | log_open(); | |
877 | ||
878 | log_debug("Processing coredump received on stdin..."); | |
879 | ||
880 | for (;;) { | |
881 | union { | |
882 | struct cmsghdr cmsghdr; | |
883 | uint8_t buf[CMSG_SPACE(sizeof(int))]; | |
884 | } control = {}; | |
885 | struct msghdr mh = { | |
886 | .msg_control = &control, | |
887 | .msg_controllen = sizeof(control), | |
888 | .msg_iovlen = 1, | |
889 | }; | |
890 | ssize_t n; | |
891 | ssize_t l; | |
892 | ||
893 | if (!GREEDY_REALLOC(iovec, n_allocated, n_iovec + SUBMIT_COREDUMP_FIELDS)) { | |
894 | r = log_oom(); | |
895 | goto finish; | |
896 | } | |
897 | ||
898 | l = next_datagram_size_fd(fd); | |
899 | if (l < 0) { | |
900 | r = log_error_errno(l, "Failed to determine datagram size to read: %m"); | |
901 | goto finish; | |
902 | } | |
903 | ||
904 | assert(l >= 0); | |
905 | ||
906 | iovec[n_iovec].iov_len = l; | |
907 | iovec[n_iovec].iov_base = malloc(l + 1); | |
908 | if (!iovec[n_iovec].iov_base) { | |
909 | r = log_oom(); | |
910 | goto finish; | |
911 | } | |
912 | ||
913 | mh.msg_iov = iovec + n_iovec; | |
914 | ||
915 | n = recvmsg(fd, &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC); | |
916 | if (n < 0) { | |
917 | free(iovec[n_iovec].iov_base); | |
918 | r = log_error_errno(errno, "Failed to receive datagram: %m"); | |
919 | goto finish; | |
920 | } | |
921 | ||
922 | if (n == 0) { | |
923 | struct cmsghdr *cmsg, *found = NULL; | |
924 | /* The final zero-length datagram carries the file descriptor and tells us that we're done. */ | |
925 | ||
926 | free(iovec[n_iovec].iov_base); | |
927 | ||
928 | CMSG_FOREACH(cmsg, &mh) { | |
929 | if (cmsg->cmsg_level == SOL_SOCKET && | |
930 | cmsg->cmsg_type == SCM_RIGHTS && | |
931 | cmsg->cmsg_len == CMSG_LEN(sizeof(int))) { | |
932 | assert(!found); | |
933 | found = cmsg; | |
934 | } | |
935 | } | |
936 | ||
937 | if (!found) { | |
938 | log_error("Coredump file descriptor missing."); | |
939 | r = -EBADMSG; | |
940 | goto finish; | |
941 | } | |
942 | ||
943 | assert(coredump_fd < 0); | |
944 | coredump_fd = *(int*) CMSG_DATA(found); | |
945 | break; | |
946 | } | |
947 | ||
948 | /* Add trailing NUL byte, in case these are strings */ | |
949 | ((char*) iovec[n_iovec].iov_base)[n] = 0; | |
950 | iovec[n_iovec].iov_len = (size_t) n; | |
951 | ||
952 | cmsg_close_all(&mh); | |
953 | map_context_fields(iovec + n_iovec, context); | |
954 | n_iovec++; | |
955 | } | |
956 | ||
957 | if (!GREEDY_REALLOC(iovec, n_allocated, n_iovec + SUBMIT_COREDUMP_FIELDS)) { | |
958 | r = log_oom(); | |
959 | goto finish; | |
960 | } | |
961 | ||
962 | /* Make sure we got all data we really need */ | |
963 | assert(context[CONTEXT_PID]); | |
964 | assert(context[CONTEXT_UID]); | |
965 | assert(context[CONTEXT_GID]); | |
966 | assert(context[CONTEXT_SIGNAL]); | |
967 | assert(context[CONTEXT_TIMESTAMP]); | |
968 | assert(context[CONTEXT_RLIMIT]); | |
969 | assert(context[CONTEXT_HOSTNAME]); | |
970 | assert(context[CONTEXT_COMM]); | |
971 | assert(coredump_fd >= 0); | |
972 | ||
973 | /* Small quirk: the journal fields contain the timestamp padded with six zeroes, so that the kernel-supplied 1s | |
974 | * granularity timestamps becomes 1µs granularity, i.e. the granularity systemd usually operates in. Since we | |
975 | * are reconstructing the original kernel context, we chop this off again, here. */ | |
976 | k = strlen(context[CONTEXT_TIMESTAMP]); | |
977 | if (k > 6) | |
978 | context[CONTEXT_TIMESTAMP] = strndupa(context[CONTEXT_TIMESTAMP], k - 6); | |
979 | ||
980 | r = submit_coredump(context, iovec, n_allocated, n_iovec, coredump_fd); | |
981 | ||
982 | finish: | |
983 | for (i = 0; i < n_iovec; i++) | |
984 | free(iovec[i].iov_base); | |
985 | free(iovec); | |
986 | ||
987 | return r; | |
988 | } | |
989 | ||
990 | static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd) { | |
991 | ||
992 | static const union sockaddr_union sa = { | |
993 | .un.sun_family = AF_UNIX, | |
994 | .un.sun_path = "/run/systemd/coredump", | |
995 | }; | |
996 | _cleanup_close_ int fd = -1; | |
997 | size_t i; | |
998 | int r; | |
999 | ||
1000 | assert(iovec || n_iovec <= 0); | |
1001 | assert(input_fd >= 0); | |
1002 | ||
1003 | fd = socket(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0); | |
1004 | if (fd < 0) | |
1005 | return log_error_errno(errno, "Failed to create coredump socket: %m"); | |
1006 | ||
1007 | if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) | |
1008 | return log_error_errno(errno, "Failed to connect to coredump service: %m"); | |
1009 | ||
1010 | for (i = 0; i < n_iovec; i++) { | |
1011 | struct msghdr mh = { | |
1012 | .msg_iov = (struct iovec*) iovec + i, | |
1013 | .msg_iovlen = 1, | |
1014 | }; | |
1015 | struct iovec copy[2]; | |
1016 | ||
1017 | for (;;) { | |
1018 | if (sendmsg(fd, &mh, MSG_NOSIGNAL) >= 0) | |
1019 | break; | |
1020 | ||
1021 | if (errno == EMSGSIZE && mh.msg_iov[0].iov_len > 0) { | |
1022 | /* This field didn't fit? That's a pity. Given that this is just metadata, | |
1023 | * let's truncate the field at half, and try again. We append three dots, in | |
1024 | * order to show that this is truncated. */ | |
1025 | ||
1026 | if (mh.msg_iov != copy) { | |
1027 | /* We don't want to modify the caller's iovec, hence let's create our | |
1028 | * own array, consisting of two new iovecs, where the first is a | |
1029 | * (truncated) copy of what we want to send, and the second one | |
1030 | * contains the trailing dots. */ | |
1031 | copy[0] = iovec[i]; | |
1032 | copy[1] = (struct iovec) { | |
1033 | .iov_base = (char[]) { '.', '.', '.' }, | |
1034 | .iov_len = 3, | |
1035 | }; | |
1036 | ||
1037 | mh.msg_iov = copy; | |
1038 | mh.msg_iovlen = 2; | |
1039 | } | |
1040 | ||
1041 | copy[0].iov_len /= 2; /* halve it, and try again */ | |
1042 | continue; | |
1043 | } | |
1044 | ||
1045 | return log_error_errno(errno, "Failed to send coredump datagram: %m"); | |
1046 | } | |
1047 | } | |
1048 | ||
1049 | r = send_one_fd(fd, input_fd, 0); | |
1050 | if (r < 0) | |
1051 | return log_error_errno(r, "Failed to send coredump fd: %m"); | |
1052 | ||
1053 | return 0; | |
1054 | } | |
1055 | ||
1056 | static char* set_iovec_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) { | |
1057 | char *x; | |
1058 | ||
1059 | x = strappend(field, value); | |
1060 | if (x) | |
1061 | iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x); | |
1062 | return x; | |
1063 | } | |
1064 | ||
1065 | static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const char *field, char *value) { | |
1066 | char *x; | |
1067 | ||
1068 | x = set_iovec_field(iovec, n_iovec, field, value); | |
1069 | free(value); | |
1070 | return x; | |
1071 | } | |
1072 | ||
1073 | static int gather_pid_metadata( | |
1074 | char* context[_CONTEXT_MAX], | |
1075 | char **comm_fallback, | |
1076 | struct iovec *iovec, size_t *n_iovec) { | |
1077 | ||
1078 | /* We need 27 empty slots in iovec! | |
1079 | * | |
1080 | * Note that if we fail on oom later on, we do not roll-back changes to the iovec structure. (It remains valid, | |
1081 | * with the first n_iovec fields initialized.) */ | |
1082 | ||
1083 | uid_t owner_uid; | |
1084 | pid_t pid; | |
1085 | char *t; | |
1086 | const char *p; | |
1087 | int r, signo; | |
1088 | ||
1089 | r = parse_pid(context[CONTEXT_PID], &pid); | |
1090 | if (r < 0) | |
1091 | return log_error_errno(r, "Failed to parse PID \"%s\": %m", context[CONTEXT_PID]); | |
1092 | ||
1093 | r = get_process_comm(pid, &context[CONTEXT_COMM]); | |
1094 | if (r < 0) { | |
1095 | log_warning_errno(r, "Failed to get COMM, falling back to the command line: %m"); | |
1096 | context[CONTEXT_COMM] = strv_join(comm_fallback, " "); | |
1097 | if (!context[CONTEXT_COMM]) | |
1098 | return log_oom(); | |
1099 | } | |
1100 | ||
1101 | r = get_process_exe(pid, &context[CONTEXT_EXE]); | |
1102 | if (r < 0) | |
1103 | log_warning_errno(r, "Failed to get EXE, ignoring: %m"); | |
1104 | ||
1105 | if (cg_pid_get_unit(pid, &context[CONTEXT_UNIT]) >= 0) { | |
1106 | if (!is_journald_crash((const char**) context)) { | |
1107 | /* OK, now we know it's not the journal, hence we can make use of it now. */ | |
1108 | log_set_target(LOG_TARGET_JOURNAL_OR_KMSG); | |
1109 | log_open(); | |
1110 | } | |
1111 | ||
1112 | /* If this is PID 1 disable coredump collection, we'll unlikely be able to process it later on. */ | |
1113 | if (is_pid1_crash((const char**) context)) { | |
1114 | log_notice("Due to PID 1 having crashed coredump collection will now be turned off."); | |
1115 | disable_coredumps(); | |
1116 | } | |
1117 | ||
1118 | set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]); | |
1119 | } | |
1120 | ||
1121 | if (cg_pid_get_user_unit(pid, &t) >= 0) | |
1122 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t); | |
1123 | ||
1124 | /* The next few are mandatory */ | |
1125 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID])) | |
1126 | return log_oom(); | |
1127 | ||
1128 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID])) | |
1129 | return log_oom(); | |
1130 | ||
1131 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID])) | |
1132 | return log_oom(); | |
1133 | ||
1134 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL])) | |
1135 | return log_oom(); | |
1136 | ||
1137 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT])) | |
1138 | return log_oom(); | |
1139 | ||
1140 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME])) | |
1141 | return log_oom(); | |
1142 | ||
1143 | if (!set_iovec_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM])) | |
1144 | return log_oom(); | |
1145 | ||
1146 | if (context[CONTEXT_EXE] && | |
1147 | !set_iovec_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE])) | |
1148 | return log_oom(); | |
1149 | ||
1150 | if (sd_pid_get_session(pid, &t) >= 0) | |
1151 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_SESSION=", t); | |
1152 | ||
1153 | if (sd_pid_get_owner_uid(pid, &owner_uid) >= 0) { | |
1154 | r = asprintf(&t, "COREDUMP_OWNER_UID=" UID_FMT, owner_uid); | |
1155 | if (r > 0) | |
1156 | iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t); | |
1157 | } | |
1158 | ||
1159 | if (sd_pid_get_slice(pid, &t) >= 0) | |
1160 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_SLICE=", t); | |
1161 | ||
1162 | if (get_process_cmdline(pid, 0, false, &t) >= 0) | |
1163 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_CMDLINE=", t); | |
1164 | ||
1165 | if (cg_pid_get_path_shifted(pid, NULL, &t) >= 0) | |
1166 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_CGROUP=", t); | |
1167 | ||
1168 | if (compose_open_fds(pid, &t) >= 0) | |
1169 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_OPEN_FDS=", t); | |
1170 | ||
1171 | p = procfs_file_alloca(pid, "status"); | |
1172 | if (read_full_file(p, &t, NULL) >= 0) | |
1173 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_STATUS=", t); | |
1174 | ||
1175 | p = procfs_file_alloca(pid, "maps"); | |
1176 | if (read_full_file(p, &t, NULL) >= 0) | |
1177 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_MAPS=", t); | |
1178 | ||
1179 | p = procfs_file_alloca(pid, "limits"); | |
1180 | if (read_full_file(p, &t, NULL) >= 0) | |
1181 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_LIMITS=", t); | |
1182 | ||
1183 | p = procfs_file_alloca(pid, "cgroup"); | |
1184 | if (read_full_file(p, &t, NULL) >=0) | |
1185 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_CGROUP=", t); | |
1186 | ||
1187 | p = procfs_file_alloca(pid, "mountinfo"); | |
1188 | if (read_full_file(p, &t, NULL) >=0) | |
1189 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_PROC_MOUNTINFO=", t); | |
1190 | ||
1191 | if (get_process_cwd(pid, &t) >= 0) | |
1192 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_CWD=", t); | |
1193 | ||
1194 | if (get_process_root(pid, &t) >= 0) { | |
1195 | bool proc_self_root_is_slash; | |
1196 | ||
1197 | proc_self_root_is_slash = strcmp(t, "/") == 0; | |
1198 | ||
1199 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_ROOT=", t); | |
1200 | ||
1201 | /* If the process' root is "/", then there is a chance it has | |
1202 | * mounted own root and hence being containerized. */ | |
1203 | if (proc_self_root_is_slash && get_process_container_parent_cmdline(pid, &t) > 0) | |
1204 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_CONTAINER_CMDLINE=", t); | |
1205 | } | |
1206 | ||
1207 | if (get_process_environ(pid, &t) >= 0) | |
1208 | set_iovec_field_free(iovec, n_iovec, "COREDUMP_ENVIRON=", t); | |
1209 | ||
1210 | t = strjoin("COREDUMP_TIMESTAMP=", context[CONTEXT_TIMESTAMP], "000000"); | |
1211 | if (t) | |
1212 | iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t); | |
1213 | ||
1214 | if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo)) | |
1215 | set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo)); | |
1216 | ||
1217 | return 0; /* we successfully acquired all metadata */ | |
1218 | } | |
1219 | ||
1220 | static int process_kernel(int argc, char* argv[]) { | |
1221 | ||
1222 | char* context[_CONTEXT_MAX] = {}; | |
1223 | struct iovec iovec[29 + SUBMIT_COREDUMP_FIELDS]; | |
1224 | size_t i, n_iovec, n_to_free = 0; | |
1225 | int r; | |
1226 | ||
1227 | log_debug("Processing coredump received from the kernel..."); | |
1228 | ||
1229 | if (argc < CONTEXT_COMM + 1) { | |
1230 | log_error("Not enough arguments passed by the kernel (%i, expected %i).", argc - 1, CONTEXT_COMM + 1 - 1); | |
1231 | return -EINVAL; | |
1232 | } | |
1233 | ||
1234 | context[CONTEXT_PID] = argv[1 + CONTEXT_PID]; | |
1235 | context[CONTEXT_UID] = argv[1 + CONTEXT_UID]; | |
1236 | context[CONTEXT_GID] = argv[1 + CONTEXT_GID]; | |
1237 | context[CONTEXT_SIGNAL] = argv[1 + CONTEXT_SIGNAL]; | |
1238 | context[CONTEXT_TIMESTAMP] = argv[1 + CONTEXT_TIMESTAMP]; | |
1239 | context[CONTEXT_RLIMIT] = argv[1 + CONTEXT_RLIMIT]; | |
1240 | context[CONTEXT_HOSTNAME] = argv[1 + CONTEXT_HOSTNAME]; | |
1241 | ||
1242 | r = gather_pid_metadata(context, argv + 1 + CONTEXT_COMM, iovec, &n_to_free); | |
1243 | if (r < 0) | |
1244 | goto finish; | |
1245 | ||
1246 | n_iovec = n_to_free; | |
1247 | ||
1248 | iovec[n_iovec++] = IOVEC_MAKE_STRING("MESSAGE_ID=" SD_MESSAGE_COREDUMP_STR); | |
1249 | ||
1250 | assert_cc(2 == LOG_CRIT); | |
1251 | iovec[n_iovec++] = IOVEC_MAKE_STRING("PRIORITY=2"); | |
1252 | ||
1253 | assert(n_iovec <= ELEMENTSOF(iovec)); | |
1254 | ||
1255 | if (is_journald_crash((const char**) context) || is_pid1_crash((const char**) context)) | |
1256 | r = submit_coredump((const char**) context, | |
1257 | iovec, ELEMENTSOF(iovec), n_iovec, | |
1258 | STDIN_FILENO); | |
1259 | else | |
1260 | r = send_iovec(iovec, n_iovec, STDIN_FILENO); | |
1261 | ||
1262 | finish: | |
1263 | for (i = 0; i < n_to_free; i++) | |
1264 | free(iovec[i].iov_base); | |
1265 | ||
1266 | /* Those fields are allocated by gather_pid_metadata */ | |
1267 | free(context[CONTEXT_COMM]); | |
1268 | free(context[CONTEXT_EXE]); | |
1269 | free(context[CONTEXT_UNIT]); | |
1270 | ||
1271 | return r; | |
1272 | } | |
1273 | ||
1274 | static int process_backtrace(int argc, char *argv[]) { | |
1275 | char *context[_CONTEXT_MAX] = {}; | |
1276 | _cleanup_free_ char *message = NULL; | |
1277 | _cleanup_free_ struct iovec *iovec = NULL; | |
1278 | size_t n_iovec, n_allocated, n_to_free = 0, i; | |
1279 | int r; | |
1280 | JournalImporter importer = { | |
1281 | .fd = STDIN_FILENO, | |
1282 | }; | |
1283 | ||
1284 | log_debug("Processing backtrace on stdin..."); | |
1285 | ||
1286 | if (argc < CONTEXT_COMM + 1) { | |
1287 | log_error("Not enough arguments passed (%i, expected %i).", argc - 1, CONTEXT_COMM + 1 - 1); | |
1288 | return -EINVAL; | |
1289 | } | |
1290 | ||
1291 | context[CONTEXT_PID] = argv[2 + CONTEXT_PID]; | |
1292 | context[CONTEXT_UID] = argv[2 + CONTEXT_UID]; | |
1293 | context[CONTEXT_GID] = argv[2 + CONTEXT_GID]; | |
1294 | context[CONTEXT_SIGNAL] = argv[2 + CONTEXT_SIGNAL]; | |
1295 | context[CONTEXT_TIMESTAMP] = argv[2 + CONTEXT_TIMESTAMP]; | |
1296 | context[CONTEXT_RLIMIT] = argv[2 + CONTEXT_RLIMIT]; | |
1297 | context[CONTEXT_HOSTNAME] = argv[2 + CONTEXT_HOSTNAME]; | |
1298 | ||
1299 | n_allocated = 34 + COREDUMP_STORAGE_EXTERNAL; | |
1300 | /* 26 metadata, 2 static, +unknown input, 4 storage, rounded up */ | |
1301 | iovec = new(struct iovec, n_allocated); | |
1302 | if (!iovec) | |
1303 | return log_oom(); | |
1304 | ||
1305 | r = gather_pid_metadata(context, argv + 2 + CONTEXT_COMM, iovec, &n_to_free); | |
1306 | if (r < 0) | |
1307 | goto finish; | |
1308 | if (r > 0) { | |
1309 | /* This was a special crash, and has already been processed. */ | |
1310 | r = 0; | |
1311 | goto finish; | |
1312 | } | |
1313 | n_iovec = n_to_free; | |
1314 | ||
1315 | for (;;) { | |
1316 | r = journal_importer_process_data(&importer); | |
1317 | if (r < 0) { | |
1318 | log_error_errno(r, "Failed to parse journal entry on stdin: %m"); | |
1319 | goto finish; | |
1320 | } | |
1321 | if (r == 1 || /* complete entry */ | |
1322 | journal_importer_eof(&importer)) /* end of data */ | |
1323 | break; | |
1324 | } | |
1325 | ||
1326 | if (!GREEDY_REALLOC(iovec, n_allocated, n_iovec + importer.iovw.count + 2)) | |
1327 | return log_oom(); | |
1328 | ||
1329 | if (journal_importer_eof(&importer)) { | |
1330 | log_warning("Did not receive a full journal entry on stdin, ignoring message sent by reporter"); | |
1331 | ||
1332 | message = strjoin("MESSAGE=Process ", context[CONTEXT_PID], | |
1333 | " (", context[CONTEXT_COMM], ")" | |
1334 | " of user ", context[CONTEXT_UID], | |
1335 | " failed with ", context[CONTEXT_SIGNAL]); | |
1336 | if (!message) { | |
1337 | r = log_oom(); | |
1338 | goto finish; | |
1339 | } | |
1340 | iovec[n_iovec++] = IOVEC_MAKE_STRING(message); | |
1341 | } else { | |
1342 | for (i = 0; i < importer.iovw.count; i++) | |
1343 | iovec[n_iovec++] = importer.iovw.iovec[i]; | |
1344 | } | |
1345 | ||
1346 | iovec[n_iovec++] = IOVEC_MAKE_STRING("MESSAGE_ID=" SD_MESSAGE_BACKTRACE_STR); | |
1347 | assert_cc(2 == LOG_CRIT); | |
1348 | iovec[n_iovec++] = IOVEC_MAKE_STRING("PRIORITY=2"); | |
1349 | ||
1350 | assert(n_iovec <= n_allocated); | |
1351 | ||
1352 | r = sd_journal_sendv(iovec, n_iovec); | |
1353 | if (r < 0) | |
1354 | log_error_errno(r, "Failed to log backtrace: %m"); | |
1355 | ||
1356 | finish: | |
1357 | for (i = 0; i < n_to_free; i++) | |
1358 | free(iovec[i].iov_base); | |
1359 | ||
1360 | /* Those fields are allocated by gather_pid_metadata */ | |
1361 | free(context[CONTEXT_COMM]); | |
1362 | free(context[CONTEXT_EXE]); | |
1363 | free(context[CONTEXT_UNIT]); | |
1364 | ||
1365 | return r; | |
1366 | } | |
1367 | ||
1368 | int main(int argc, char *argv[]) { | |
1369 | int r; | |
1370 | ||
1371 | /* First, log to a safe place, since we don't know what crashed and it might | |
1372 | * be journald which we'd rather not log to then. */ | |
1373 | ||
1374 | log_set_target(LOG_TARGET_KMSG); | |
1375 | log_open(); | |
1376 | ||
1377 | /* Make sure we never enter a loop */ | |
1378 | (void) prctl(PR_SET_DUMPABLE, 0); | |
1379 | ||
1380 | /* Ignore all parse errors */ | |
1381 | (void) parse_config(); | |
1382 | ||
1383 | log_debug("Selected storage '%s'.", coredump_storage_to_string(arg_storage)); | |
1384 | log_debug("Selected compression %s.", yes_no(arg_compress)); | |
1385 | ||
1386 | r = sd_listen_fds(false); | |
1387 | if (r < 0) { | |
1388 | log_error_errno(r, "Failed to determine number of file descriptor: %m"); | |
1389 | goto finish; | |
1390 | } | |
1391 | ||
1392 | /* If we got an fd passed, we are running in coredumpd mode. Otherwise we | |
1393 | * are invoked from the kernel as coredump handler. */ | |
1394 | if (r == 0) { | |
1395 | if (streq_ptr(argv[1], "--backtrace")) | |
1396 | r = process_backtrace(argc, argv); | |
1397 | else | |
1398 | r = process_kernel(argc, argv); | |
1399 | } else if (r == 1) | |
1400 | r = process_socket(SD_LISTEN_FDS_START); | |
1401 | else { | |
1402 | log_error("Received unexpected number of file descriptors."); | |
1403 | r = -EINVAL; | |
1404 | } | |
1405 | ||
1406 | finish: | |
1407 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
1408 | } |