From 6724ba03fea310439c02f97d9429b921d12275c5 Mon Sep 17 00:00:00 2001

From: Matej Habrnal <mhabrnal@redhat.com>

Date: Thu, 19 May 2016 12:10:42 +0200

Subject: [PATCH] ccpp: unify log message of ignored crashes

ABRT will ignore crashes in executables for which absolute path matches one of

specified patterns.

Example of log messages in case of ignoring crashes:

- Crash's path is listed in 'IgnoredPath' in CCpp.conf

    Process 16431 (will_segfault) of user 0 killed by SIGSEGV - ignoring

    (listed in 'IgnoredPaths')

- Repeating crash

    Process 16219 (will_segfault) of user 1000 killed by SIGSEGV -

    ignoring (repeated crash)

- abrt-ccpp-hook crash

    Process 16223 (abrt-hook-ccpp) of user 1000 killed by SIGSEGV -

    ignoring (avoid recursion)

- abrt crash

    Process 16228 (abrt_test) of user 1000 killed by SIGSEGV -

    ignoring ('DebugLevel' == 0)

- not supported signal

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (unsupported signal)

- abrtd is not running

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (abrtd is not running)

- low free space

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (low free space)

- failed to parse /proc/$PID/status Uid

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (Failed to parse /proc/16229/status (Uid))

- failed to parse /proc/$PID/status Gid

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (Failed to parse /proc/16229/status (Gid))

- failed to get executable

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (Can't read /proc/16229/exe link)

- core size limit is bogus

    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring

    (RLIMIT_CORE 'foo' is bogus)

I the case the crash is not ignored the log msg is following:

    Process 21768 (will_segfault) of user 1000 killed by SIGSEGV -

    dumping core

Related to: #1337186

Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>

---

 src/hooks/abrt-hook-ccpp.c | 211 ++++++++++++++++++++++++++++-----------------

 1 file changed, 133 insertions(+), 78 deletions(-)

diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c

index 2c05c78..dc4dec6 100644

--- a/src/hooks/abrt-hook-ccpp.c

+++ b/src/hooks/abrt-hook-ccpp.c

@@ -695,7 +695,7 @@ static int test_configuration(bool setting_SaveFullCore, bool setting_CreateCore

     return 0;

 }

-static void error_msg_not_process_crash(const char *pid_str, const char *process_str,

+static void error_msg_process_crash(const char *pid_str, const char *process_str,

         long unsigned uid, int signal_no, const char *signame, const char *message, ...)

 {

     va_list p;

@@ -706,10 +706,10 @@ static void error_msg_not_process_crash(const char *pid_str, const char *process

     char *process_name = (process_str) ?  xasprintf(" (%s)", process_str) : xstrdup("");

     if (signame)

-        error_msg("Process %s (%s) of user %lu killed by SIG%s - %s", pid_str,

+        error_msg("Process %s%s of user %lu killed by SIG%s - %s", pid_str,

                         process_name, uid, signame, message_full);

     else

-        error_msg("Process %s (%s) of user %lu killed by signal %d - %s", pid_str,

+        error_msg("Process %s%s of user %lu killed by signal %d - %s", pid_str,

                         process_name, uid, signal_no, message_full);

     free(process_name);

@@ -718,6 +718,20 @@ static void error_msg_not_process_crash(const char *pid_str, const char *process

     return;

 }

+static void error_msg_ignore_crash(const char *pid_str, const char *process_str,

+        long unsigned uid, int signal_no, const char *signame, const char *message, ...)

+{

+    va_list p;

+    va_start(p, message);

+    char *message_full = xvasprintf(message, p);

+    va_end(p);

+

+    error_msg_process_crash(pid_str, process_str, uid, signal_no, signame, "ignoring (%s)", message_full);

+

+    free(message_full);

+    return;

+}

+

 int main(int argc, char** argv)

 {

     int err = 1;

@@ -798,24 +812,35 @@ int main(int argc, char** argv)

         }

     }

-    errno = 0;

     const char* signal_str = argv[1];

     int signal_no = xatoi_positive(signal_str);

     const char *signame = NULL;

     bool signal_is_fatal_bool = signal_is_fatal(signal_no, &signame);

+

+    const char *pid_str = argv[3];

+    /* xatoi_positive() handles errors */

+    uid_t uid = xatoi_positive(argv[4]);

+

+    errno = 0;

     off_t ulimit_c = strtoull(argv[2], NULL, 10);

+    if (errno)

+    {

+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,

+                signame, "RLIMIT_CORE '%s' is bogus", argv[2]);

+        xfunc_die();

+    }

+

     if (ulimit_c < 0) /* unlimited? */

     {

         /* set to max possible >0 value */

         ulimit_c = ~((off_t)1 << (sizeof(off_t)*8-1));

     }

-    const char *pid_str = argv[3];

-    pid_t local_pid = xatoi_positive(argv[3]);

-    uid_t uid = xatoi_positive(argv[4]);

-    if (errno || local_pid <= 0)

-    {

-        perror_msg_and_die("PID '%s' or limit '%s' is bogus", argv[3], argv[2]);

-    }

+

+    const char *global_pid_str = argv[8];

+    pid_t pid = xatoi_positive(argv[8]);

+

+    user_pwd = get_cwd(pid); /* may be NULL on error */

+    log_notice("user_pwd:'%s'", user_pwd);

     {

         char *s = xmalloc_fopen_fgetline_fclose(VAR_RUN"/abrt/saved_core_pattern");

@@ -825,8 +850,6 @@ int main(int argc, char** argv)

         else

             free(s);

     }

-    const char *global_pid_str = argv[8];

-    pid_t pid = xatoi_positive(argv[8]);

     pid_t tid = 0;

     if (argv[9])

@@ -836,56 +859,24 @@ int main(int argc, char** argv)

     char path[PATH_MAX];

-    int src_fd_binary = -1;

-    char *executable = get_executable(pid, setting_SaveBinaryImage ? &src_fd_binary : NULL);

-    if (executable == NULL)

-    {

-        error_msg_not_process_crash(pid_str, NULL, (long unsigned)uid, signal_no,

-                signame, "ignoring (can't read /proc/PID/exe link)");

-

-        xfunc_die();

-    }

-

-    if (strstr(executable, "/abrt-hook-ccpp"))

-    {

-        error_msg_and_die("PID %lu is '%s', not dumping it to avoid recursion",

-                        (long)pid, executable);

-    }

-

-    const char *last_slash = strrchr(executable, '/');

-    if (is_path_ignored(setting_ignored_paths, executable))

-    {

-        error_msg_not_process_crash(pid_str, last_slash + 1, (long unsigned)uid, signal_no,

-                signame, "ignoring (listed in 'IgnoredPaths')");

-

-        return 0;

-    }

-

-    /* dumping core for user, if allowed */

-    if (setting_allowed_users || setting_allowed_groups)

-    {

-        if (setting_allowed_users && is_user_allowed(uid, setting_allowed_users))

-            log_debug("User %lu is listed in 'AllowedUsers'", (long unsigned)uid);

-        else if (setting_allowed_groups && is_user_in_allowed_group(uid, setting_allowed_groups))

-            log_debug("User %lu is member of group listed in 'AllowedGroups'", (long unsigned)uid);

-        else

-        {

-            error_msg_not_process_crash(pid_str, last_slash + 1, (long unsigned)uid, signal_no,

-                signame, "ignoring (not allowed in 'AllowedUsers' nor 'AllowedGroups')");

-

-            xfunc_die();

-        }

-    }

-

-    user_pwd = get_cwd(pid);

-    log_notice("user_pwd:'%s'", user_pwd);

-

     sprintf(path, "/proc/%lu/status", (long)pid);

     char *proc_pid_status = xmalloc_xopen_read_close(path, /*maxsz:*/ NULL);

     uid_t fsuid = uid;

     uid_t tmp_fsuid = get_fsuid(proc_pid_status);

+    if (tmp_fsuid < 0)

+    {

+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,

+                signame, "Failed to parse /proc/%lu/status (Uid)", (long)pid);

+        xfunc_die();

+    }

     const int fsgid = get_fsgid(proc_pid_status);

+    if (fsgid < 0)

+    {

+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,

+                signame, "Failed to parse /proc/%lu/status (Gid)", (long)pid);

+        xfunc_die();

+    }

     int suid_policy = dump_suid_policy();

     if (tmp_fsuid != uid)

@@ -901,8 +892,7 @@ int main(int argc, char** argv)

         }

     }

-    /* If PrivateReports is on, root owns all problem directories */

-    const uid_t dduid = g_settings_privatereports ? 0 : fsuid;

+    snprintf(path, sizeof(path), "%s/last-ccpp", g_settings_dump_location);

     /* Open a fd to compat coredump, if requested and is possible */

     int user_core_fd = -1;

@@ -910,18 +900,72 @@ int main(int argc, char** argv)

         /* note: checks "user_pwd == NULL" inside; updates core_basename */

         user_core_fd = open_user_core(uid, fsuid, fsgid, pid, &argv[1]);

+    int src_fd_binary = -1;

+    char *executable = get_executable(pid, setting_SaveBinaryImage ? &src_fd_binary : NULL);

     if (executable == NULL)

     {

         /* readlink on /proc/$PID/exe failed, don't create abrt dump dir */

-        error_msg("Can't read /proc/%lu/exe link", (long)pid);

+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,

+                signame, "Can't read /proc/%lu/exe link", (long)pid);

+

+        xfunc_die();

+    }

+

+    const char *last_slash = strrchr(executable, '/');

+    /* if the last_slash was found, skip it */

+    if (last_slash) ++last_slash;

+

+    if (is_path_ignored(setting_ignored_paths, executable))

+    {

+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "listed in 'IgnoredPaths'");

+

+        return 0;

+    }

+

+    if (strstr(executable, "/abrt-hook-ccpp"))

+    {

+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "avoid recursion");

+

+        xfunc_die();

+    }

+

+    /* Check /var/tmp/abrt/last-ccpp marker, do not dump repeated crashes

+     * if they happen too often. Else, write new marker value.

+     */

+    if (check_recent_crash_file(path, executable))

+    {

+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "repeated crash");

+

+        /* It is a repeating crash */

         return create_user_core(user_core_fd, pid, ulimit_c);

     }

+    const bool abrt_crash = (last_slash && (strncmp(last_slash, "abrt", 4) == 0));

+    if (abrt_crash && g_settings_debug_level == 0)

+    {

+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "'DebugLevel' == 0");

+

+        goto finito;

+    }

+

+    /* unsupported signal */

     if (!signal_is_fatal_bool)

+    {

+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "unsupported signal");

+

         return create_user_core(user_core_fd, pid, ulimit_c); // not a signal we care about

+    }

     if (!daemon_is_ok())

     {

+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "abrtd is not running");

+

         /* not an error, exit with exit code 0 */

         log("abrtd is not running. If it crashed, "

             "/proc/sys/kernel/core_pattern contains a stale value, "

@@ -930,32 +974,40 @@ int main(int argc, char** argv)

         return create_user_core(user_core_fd, pid, ulimit_c);

     }

+    /* dumping core for user, if allowed */

+    if (setting_allowed_users || setting_allowed_groups)

+    {

+        if (setting_allowed_users && is_user_allowed(uid, setting_allowed_users))

+            log_debug("User %lu is listed in 'AllowedUsers'", (long unsigned)uid);

+        else if (setting_allowed_groups && is_user_in_allowed_group(uid, setting_allowed_groups))

+            log_debug("User %lu is member of group listed in 'AllowedGroups'", (long unsigned)uid);

+        else

+        {

+            error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                signame, "not allowed in 'AllowedUsers' nor 'AllowedGroups'");

+

+            xfunc_die();

+        }

+    }

+

+    /* low free space */

     if (g_settings_nMaxCrashReportsSize > 0)

     {

         /* If free space is less than 1/4 of MaxCrashReportsSize... */

         if (low_free_space(g_settings_nMaxCrashReportsSize, g_settings_dump_location))

+        {

+            error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,

+                                    signame, "low free space");

             return create_user_core(user_core_fd, pid, ulimit_c);

+        }

     }

-    /* Check /var/tmp/abrt/last-ccpp marker, do not dump repeated crashes

-     * if they happen too often. Else, write new marker value.

-     */

-    snprintf(path, sizeof(path), "%s/last-ccpp", g_settings_dump_location);

-    if (check_recent_crash_file(path, executable))

-    {

-        /* It is a repeating crash */

-        return create_user_core(user_core_fd, pid, ulimit_c);

-    }

+    /* processing crash - inform user about it */

+    error_msg_process_crash(pid_str, last_slash, (long unsigned)uid,

+                signal_no, signame, "dumping core");

-    if (last_slash && strncmp(++last_slash, "abrt", 4) == 0)

+    if (abrt_crash)

     {

-        if (g_settings_debug_level == 0)

-        {

-            log_warning("Ignoring crash of %s (SIG%s).",

-                        executable, signame ? signame : signal_str);

-            goto finito;

-        }

-

         /* If abrtd/abrt-foo crashes, we don't want to create a _directory_,

          * since that can make new copy of abrtd to process it,

          * and maybe crash again...

@@ -974,7 +1026,7 @@ int main(int argc, char** argv)

              * but it does not log file name */

             error_msg_and_die("Error saving '%s'", path);

         }

-        log("Saved core dump of pid %lu (%s) to %s (%llu bytes)", (long)pid, executable, path, (long long)core_size);

+        log_notice("Saved core dump of pid %lu (%s) to %s (%llu bytes)", (long)pid, executable, path, (long long)core_size);

         err = 0;

         goto finito;

     }

@@ -986,6 +1038,9 @@ int main(int argc, char** argv)

         return create_user_core(user_core_fd, pid, ulimit_c);

     }

+    /* If PrivateReports is on, root owns all problem directories */

+    const uid_t dduid = g_settings_privatereports ? 0 : fsuid;

+

     /* use dduid (either fsuid or 0) instead of uid, so we don't expose any

      * sensitive information of suided app in /var/tmp/abrt

      *

-- 

1.8.3.1