Blob Blame History Raw
From 6724ba03fea310439c02f97d9429b921d12275c5 Mon Sep 17 00:00:00 2001
From: Matej Habrnal <mhabrnal@redhat.com>
Date: Thu, 19 May 2016 12:10:42 +0200
Subject: [PATCH] ccpp: unify log message of ignored crashes

ABRT will ignore crashes in executables for which absolute path matches one of
specified patterns.

Example of log messages in case of ignoring crashes:
- Crash's path is listed in 'IgnoredPath' in CCpp.conf
    Process 16431 (will_segfault) of user 0 killed by SIGSEGV - ignoring
    (listed in 'IgnoredPaths')

- Repeating crash
    Process 16219 (will_segfault) of user 1000 killed by SIGSEGV -
    ignoring (repeated crash)

- abrt-ccpp-hook crash
    Process 16223 (abrt-hook-ccpp) of user 1000 killed by SIGSEGV -
    ignoring (avoid recursion)

- abrt crash
    Process 16228 (abrt_test) of user 1000 killed by SIGSEGV -
    ignoring ('DebugLevel' == 0)

- not supported signal
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (unsupported signal)

- abrtd is not running
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (abrtd is not running)

- low free space
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (low free space)

- failed to parse /proc/$PID/status Uid
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (Failed to parse /proc/16229/status (Uid))

- failed to parse /proc/$PID/status Gid
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (Failed to parse /proc/16229/status (Gid))

- failed to get executable
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (Can't read /proc/16229/exe link)

- core size limit is bogus
    Process 16229 (crash) of user 1000 killed by signal 99 - ignoring
    (RLIMIT_CORE 'foo' is bogus)

I the case the crash is not ignored the log msg is following:
    Process 21768 (will_segfault) of user 1000 killed by SIGSEGV -
    dumping core

Related to: #1337186

Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
---
 src/hooks/abrt-hook-ccpp.c | 211 ++++++++++++++++++++++++++++-----------------
 1 file changed, 133 insertions(+), 78 deletions(-)

diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 2c05c78..dc4dec6 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -695,7 +695,7 @@ static int test_configuration(bool setting_SaveFullCore, bool setting_CreateCore
     return 0;
 }
 
-static void error_msg_not_process_crash(const char *pid_str, const char *process_str,
+static void error_msg_process_crash(const char *pid_str, const char *process_str,
         long unsigned uid, int signal_no, const char *signame, const char *message, ...)
 {
     va_list p;
@@ -706,10 +706,10 @@ static void error_msg_not_process_crash(const char *pid_str, const char *process
     char *process_name = (process_str) ?  xasprintf(" (%s)", process_str) : xstrdup("");
 
     if (signame)
-        error_msg("Process %s (%s) of user %lu killed by SIG%s - %s", pid_str,
+        error_msg("Process %s%s of user %lu killed by SIG%s - %s", pid_str,
                         process_name, uid, signame, message_full);
     else
-        error_msg("Process %s (%s) of user %lu killed by signal %d - %s", pid_str,
+        error_msg("Process %s%s of user %lu killed by signal %d - %s", pid_str,
                         process_name, uid, signal_no, message_full);
 
     free(process_name);
@@ -718,6 +718,20 @@ static void error_msg_not_process_crash(const char *pid_str, const char *process
     return;
 }
 
+static void error_msg_ignore_crash(const char *pid_str, const char *process_str,
+        long unsigned uid, int signal_no, const char *signame, const char *message, ...)
+{
+    va_list p;
+    va_start(p, message);
+    char *message_full = xvasprintf(message, p);
+    va_end(p);
+
+    error_msg_process_crash(pid_str, process_str, uid, signal_no, signame, "ignoring (%s)", message_full);
+
+    free(message_full);
+    return;
+}
+
 int main(int argc, char** argv)
 {
     int err = 1;
@@ -798,24 +812,35 @@ int main(int argc, char** argv)
         }
     }
 
-    errno = 0;
     const char* signal_str = argv[1];
     int signal_no = xatoi_positive(signal_str);
     const char *signame = NULL;
     bool signal_is_fatal_bool = signal_is_fatal(signal_no, &signame);
+
+    const char *pid_str = argv[3];
+    /* xatoi_positive() handles errors */
+    uid_t uid = xatoi_positive(argv[4]);
+
+    errno = 0;
     off_t ulimit_c = strtoull(argv[2], NULL, 10);
+    if (errno)
+    {
+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,
+                signame, "RLIMIT_CORE '%s' is bogus", argv[2]);
+        xfunc_die();
+    }
+
     if (ulimit_c < 0) /* unlimited? */
     {
         /* set to max possible >0 value */
         ulimit_c = ~((off_t)1 << (sizeof(off_t)*8-1));
     }
-    const char *pid_str = argv[3];
-    pid_t local_pid = xatoi_positive(argv[3]);
-    uid_t uid = xatoi_positive(argv[4]);
-    if (errno || local_pid <= 0)
-    {
-        perror_msg_and_die("PID '%s' or limit '%s' is bogus", argv[3], argv[2]);
-    }
+
+    const char *global_pid_str = argv[8];
+    pid_t pid = xatoi_positive(argv[8]);
+
+    user_pwd = get_cwd(pid); /* may be NULL on error */
+    log_notice("user_pwd:'%s'", user_pwd);
 
     {
         char *s = xmalloc_fopen_fgetline_fclose(VAR_RUN"/abrt/saved_core_pattern");
@@ -825,8 +850,6 @@ int main(int argc, char** argv)
         else
             free(s);
     }
-    const char *global_pid_str = argv[8];
-    pid_t pid = xatoi_positive(argv[8]);
 
     pid_t tid = 0;
     if (argv[9])
@@ -836,56 +859,24 @@ int main(int argc, char** argv)
 
     char path[PATH_MAX];
 
-    int src_fd_binary = -1;
-    char *executable = get_executable(pid, setting_SaveBinaryImage ? &src_fd_binary : NULL);
-    if (executable == NULL)
-    {
-        error_msg_not_process_crash(pid_str, NULL, (long unsigned)uid, signal_no,
-                signame, "ignoring (can't read /proc/PID/exe link)");
-
-        xfunc_die();
-    }
-
-    if (strstr(executable, "/abrt-hook-ccpp"))
-    {
-        error_msg_and_die("PID %lu is '%s', not dumping it to avoid recursion",
-                        (long)pid, executable);
-    }
-
-    const char *last_slash = strrchr(executable, '/');
-    if (is_path_ignored(setting_ignored_paths, executable))
-    {
-        error_msg_not_process_crash(pid_str, last_slash + 1, (long unsigned)uid, signal_no,
-                signame, "ignoring (listed in 'IgnoredPaths')");
-
-        return 0;
-    }
-
-    /* dumping core for user, if allowed */
-    if (setting_allowed_users || setting_allowed_groups)
-    {
-        if (setting_allowed_users && is_user_allowed(uid, setting_allowed_users))
-            log_debug("User %lu is listed in 'AllowedUsers'", (long unsigned)uid);
-        else if (setting_allowed_groups && is_user_in_allowed_group(uid, setting_allowed_groups))
-            log_debug("User %lu is member of group listed in 'AllowedGroups'", (long unsigned)uid);
-        else
-        {
-            error_msg_not_process_crash(pid_str, last_slash + 1, (long unsigned)uid, signal_no,
-                signame, "ignoring (not allowed in 'AllowedUsers' nor 'AllowedGroups')");
-
-            xfunc_die();
-        }
-    }
-
-    user_pwd = get_cwd(pid);
-    log_notice("user_pwd:'%s'", user_pwd);
-
     sprintf(path, "/proc/%lu/status", (long)pid);
     char *proc_pid_status = xmalloc_xopen_read_close(path, /*maxsz:*/ NULL);
 
     uid_t fsuid = uid;
     uid_t tmp_fsuid = get_fsuid(proc_pid_status);
+    if (tmp_fsuid < 0)
+    {
+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,
+                signame, "Failed to parse /proc/%lu/status (Uid)", (long)pid);
+        xfunc_die();
+    }
     const int fsgid = get_fsgid(proc_pid_status);
+    if (fsgid < 0)
+    {
+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,
+                signame, "Failed to parse /proc/%lu/status (Gid)", (long)pid);
+        xfunc_die();
+    }
 
     int suid_policy = dump_suid_policy();
     if (tmp_fsuid != uid)
@@ -901,8 +892,7 @@ int main(int argc, char** argv)
         }
     }
 
-    /* If PrivateReports is on, root owns all problem directories */
-    const uid_t dduid = g_settings_privatereports ? 0 : fsuid;
+    snprintf(path, sizeof(path), "%s/last-ccpp", g_settings_dump_location);
 
     /* Open a fd to compat coredump, if requested and is possible */
     int user_core_fd = -1;
@@ -910,18 +900,72 @@ int main(int argc, char** argv)
         /* note: checks "user_pwd == NULL" inside; updates core_basename */
         user_core_fd = open_user_core(uid, fsuid, fsgid, pid, &argv[1]);
 
+    int src_fd_binary = -1;
+    char *executable = get_executable(pid, setting_SaveBinaryImage ? &src_fd_binary : NULL);
     if (executable == NULL)
     {
         /* readlink on /proc/$PID/exe failed, don't create abrt dump dir */
-        error_msg("Can't read /proc/%lu/exe link", (long)pid);
+        error_msg_ignore_crash(pid_str, NULL, (long unsigned)uid, signal_no,
+                signame, "Can't read /proc/%lu/exe link", (long)pid);
+
+        xfunc_die();
+    }
+
+    const char *last_slash = strrchr(executable, '/');
+    /* if the last_slash was found, skip it */
+    if (last_slash) ++last_slash;
+
+    if (is_path_ignored(setting_ignored_paths, executable))
+    {
+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "listed in 'IgnoredPaths'");
+
+        return 0;
+    }
+
+    if (strstr(executable, "/abrt-hook-ccpp"))
+    {
+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "avoid recursion");
+
+        xfunc_die();
+    }
+
+    /* Check /var/tmp/abrt/last-ccpp marker, do not dump repeated crashes
+     * if they happen too often. Else, write new marker value.
+     */
+    if (check_recent_crash_file(path, executable))
+    {
+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "repeated crash");
+
+        /* It is a repeating crash */
         return create_user_core(user_core_fd, pid, ulimit_c);
     }
 
+    const bool abrt_crash = (last_slash && (strncmp(last_slash, "abrt", 4) == 0));
+    if (abrt_crash && g_settings_debug_level == 0)
+    {
+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "'DebugLevel' == 0");
+
+        goto finito;
+    }
+
+    /* unsupported signal */
     if (!signal_is_fatal_bool)
+    {
+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "unsupported signal");
+
         return create_user_core(user_core_fd, pid, ulimit_c); // not a signal we care about
+    }
 
     if (!daemon_is_ok())
     {
+        error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "abrtd is not running");
+
         /* not an error, exit with exit code 0 */
         log("abrtd is not running. If it crashed, "
             "/proc/sys/kernel/core_pattern contains a stale value, "
@@ -930,32 +974,40 @@ int main(int argc, char** argv)
         return create_user_core(user_core_fd, pid, ulimit_c);
     }
 
+    /* dumping core for user, if allowed */
+    if (setting_allowed_users || setting_allowed_groups)
+    {
+        if (setting_allowed_users && is_user_allowed(uid, setting_allowed_users))
+            log_debug("User %lu is listed in 'AllowedUsers'", (long unsigned)uid);
+        else if (setting_allowed_groups && is_user_in_allowed_group(uid, setting_allowed_groups))
+            log_debug("User %lu is member of group listed in 'AllowedGroups'", (long unsigned)uid);
+        else
+        {
+            error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                signame, "not allowed in 'AllowedUsers' nor 'AllowedGroups'");
+
+            xfunc_die();
+        }
+    }
+
+    /* low free space */
     if (g_settings_nMaxCrashReportsSize > 0)
     {
         /* If free space is less than 1/4 of MaxCrashReportsSize... */
         if (low_free_space(g_settings_nMaxCrashReportsSize, g_settings_dump_location))
+        {
+            error_msg_ignore_crash(pid_str, last_slash, (long unsigned)uid, signal_no,
+                                    signame, "low free space");
             return create_user_core(user_core_fd, pid, ulimit_c);
+        }
     }
 
-    /* Check /var/tmp/abrt/last-ccpp marker, do not dump repeated crashes
-     * if they happen too often. Else, write new marker value.
-     */
-    snprintf(path, sizeof(path), "%s/last-ccpp", g_settings_dump_location);
-    if (check_recent_crash_file(path, executable))
-    {
-        /* It is a repeating crash */
-        return create_user_core(user_core_fd, pid, ulimit_c);
-    }
+    /* processing crash - inform user about it */
+    error_msg_process_crash(pid_str, last_slash, (long unsigned)uid,
+                signal_no, signame, "dumping core");
 
-    if (last_slash && strncmp(++last_slash, "abrt", 4) == 0)
+    if (abrt_crash)
     {
-        if (g_settings_debug_level == 0)
-        {
-            log_warning("Ignoring crash of %s (SIG%s).",
-                        executable, signame ? signame : signal_str);
-            goto finito;
-        }
-
         /* If abrtd/abrt-foo crashes, we don't want to create a _directory_,
          * since that can make new copy of abrtd to process it,
          * and maybe crash again...
@@ -974,7 +1026,7 @@ int main(int argc, char** argv)
              * but it does not log file name */
             error_msg_and_die("Error saving '%s'", path);
         }
-        log("Saved core dump of pid %lu (%s) to %s (%llu bytes)", (long)pid, executable, path, (long long)core_size);
+        log_notice("Saved core dump of pid %lu (%s) to %s (%llu bytes)", (long)pid, executable, path, (long long)core_size);
         err = 0;
         goto finito;
     }
@@ -986,6 +1038,9 @@ int main(int argc, char** argv)
         return create_user_core(user_core_fd, pid, ulimit_c);
     }
 
+    /* If PrivateReports is on, root owns all problem directories */
+    const uid_t dduid = g_settings_privatereports ? 0 : fsuid;
+
     /* use dduid (either fsuid or 0) instead of uid, so we don't expose any
      * sensitive information of suided app in /var/tmp/abrt
      *
-- 
1.8.3.1