2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * @brief Various functions to aid in debugging
21 * @copyright 2013 The FreeRADIUS server project
22 * @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
25 #include <freeradius-devel/libradius.h>
28 #if defined(HAVE_MALLOPT) && defined(HAVE_MALLOC_H)
33 * runtime backtrace functions are not POSIX but are included in
34 * glibc, OSX >= 10.5 and various BSDs
37 # include <execinfo.h>
40 #ifdef HAVE_SYS_PRCTL_H
41 # include <sys/prctl.h>
44 #ifdef HAVE_SYS_RESOURCE_H
45 # include <sys/resource.h>
49 # define PTHREAD_MUTEX_LOCK pthread_mutex_lock
50 # define PTHREAD_MUTEX_UNLOCK pthread_mutex_unlock
52 # define PTHREAD_MUTEX_LOCK(_x)
53 # define PTHREAD_MUTEX_UNLOCK(_x)
57 # define MAX_BT_FRAMES 128
58 # define MAX_BT_CBUFF 65536 //!< Should be a power of 2
60 # ifdef HAVE_PTHREAD_H
61 static pthread_mutex_t fr_debug_init = PTHREAD_MUTEX_INITIALIZER;
64 typedef struct fr_bt_info {
65 void *obj; //!< Memory address of the block of allocated memory.
66 void *frames[MAX_BT_FRAMES]; //!< Backtrace frame data
67 int count; //!< Number of frames stored
71 void *obj; //!< Pointer to the parent object, this is our needle
72 //!< when we iterate over the contents of the circular buffer.
73 fr_cbuff_t *cbuff; //!< Where we temporarily store the backtraces
77 static char panic_action[512]; //!< The command to execute when panicking.
78 static fr_fault_cb_t panic_cb = NULL; //!< Callback to execute whilst panicking, before the
80 static fr_fault_log_t fr_fault_log = NULL; //!< Function to use to process logging output.
81 static int fr_fault_log_fd = STDERR_FILENO; //!< Where to write debug output.
83 static int fr_debugger_present = -1; //!< Whether were attached to by a debugger.
85 #ifdef HAVE_SYS_RESOURCE_H
86 static struct rlimit core_limits;
89 /** Stub callback to see if the SIGTRAP handler is overriden
91 * @param signum signal raised.
93 static void _sigtrap_handler(UNUSED int signum)
95 fr_debugger_present = 0;
96 signal(SIGTRAP, SIG_DFL);
99 /** Break in debugger (if were running under a debugger)
101 * If the server is running under a debugger this will raise a
102 * SIGTRAP which will pause the running process.
104 * If the server is not running under debugger then this will do nothing.
106 void fr_debug_break(void)
108 if (fr_debugger_present == -1) {
109 fr_debugger_present = 0;
110 signal(SIGTRAP, _sigtrap_handler);
112 } else if (fr_debugger_present == 1) {
118 /** Generate a backtrace for an object during destruction
120 * If this is the first entry being inserted
122 static int _fr_do_bt(fr_bt_marker_t *marker)
126 if (!fr_assert(marker->obj) || !fr_assert(marker->cbuff)) {
130 bt = talloc_zero(marker->cbuff, fr_bt_info_t);
134 bt->count = backtrace(bt->frames, MAX_BT_FRAMES);
135 fr_cbuff_rp_insert(marker->cbuff, bt);
140 /** Print backtrace entry for a given object
142 * @param cbuff to search in.
143 * @param obj pointer to original object
145 void backtrace_print(fr_cbuff_t *cbuff, void *obj)
152 while ((p = fr_cbuff_rp_next(cbuff, NULL))) {
153 if ((p == obj) || !obj) {
155 frames = backtrace_symbols(p->frames, p->count);
157 fprintf(stderr, "Stacktrace for: %p\n", p);
158 for (i = 0; i < p->count; i++) {
159 fprintf(stderr, "%s\n", frames[i]);
162 /* We were only asked to look for one */
170 fprintf(stderr, "No backtrace available for %p", obj);
174 /** Inserts a backtrace marker into the provided context
176 * Allows for maximum laziness and will initialise a circular buffer if one has not already been created.
178 * Code augmentation should look something like:
180 // Create a static cbuffer pointer, the first call to backtrace_attach will initialise it
181 static fr_cbuff *my_obj_bt;
183 my_obj_t *alloc_my_obj(TALLOC_CTX *ctx) {
186 this = talloc(ctx, my_obj_t);
188 // Attach backtrace marker to object
189 backtrace_attach(&my_obj_bt, this);
195 * Then, later when a double free occurs:
197 (gdb) call backtrace_print(&my_obj_bt, <pointer to double freed memory>)
200 * which should print a limited backtrace to stderr. Note, this backtrace will not include any argument
201 * values, but should at least show the code path taken.
203 * @param cbuff this should be a pointer to a static *fr_cbuff.
204 * @param obj we want to generate a backtrace for.
206 fr_bt_marker_t *fr_backtrace_attach(fr_cbuff_t **cbuff, TALLOC_CTX *obj)
208 fr_bt_marker_t *marker;
210 if (*cbuff == NULL) {
211 PTHREAD_MUTEX_LOCK(&fr_debug_init);
212 /* Check again now we hold the mutex - eww*/
213 if (*cbuff == NULL) {
216 ctx = fr_autofree_ctx();
217 *cbuff = fr_cbuff_alloc(ctx, MAX_BT_CBUFF, true);
219 PTHREAD_MUTEX_UNLOCK(&fr_debug_init);
222 marker = talloc(obj, fr_bt_marker_t);
227 marker->obj = (void *) obj;
228 marker->cbuff = *cbuff;
230 talloc_set_destructor(marker, _fr_do_bt);
235 void backtrace_print(UNUSED fr_cbuff_t *cbuff, UNUSED void *obj)
237 fprintf(stderr, "Server built without fr_backtrace_* support, requires execinfo.h and possibly -lexecinfo\n");
239 fr_bt_marker_t *fr_backtrace_attach(UNUSED fr_cbuff_t **cbuff, UNUSED TALLOC_CTX *obj)
241 fprintf(stderr, "Server built without fr_backtrace_* support, requires execinfo.h and possibly -lexecinfo\n");
244 #endif /* ifdef HAVE_EXECINFO */
246 static int _panic_on_free(UNUSED char *foo)
249 return -1; /* this should make the free fail */
252 /** Insert memory into the context of another talloc memory chunk which
253 * causes a panic when freed.
255 * @param ctx TALLOC_CTX to monitor for frees.
257 void fr_panic_on_free(TALLOC_CTX *ctx)
261 ptr = talloc(ctx, char);
262 talloc_set_destructor(ptr, _panic_on_free);
265 /** Set the dumpable flag, also controls whether processes can PATTACH
267 * @param dumpable whether we should allow core dumping
269 #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
270 static int fr_set_dumpable_flag(bool dumpable)
272 if (prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0) < 0) {
273 fr_strerror_printf("Cannot re-enable core dumps: prctl(PR_SET_DUMPABLE) failed: %s",
281 static int fr_set_dumpable_flag(UNUSED bool dumpable)
283 fr_strerror_printf("Changing value of PR_DUMPABLE not supported on this system");
288 /** Get the processes dumpable flag
291 #if defined(HAVE_SYS_PRCTL_H) && defined(PR_GET_DUMPABLE)
292 static int fr_get_dumpable_flag(void)
296 ret = prctl(PR_GET_DUMPABLE);
298 fr_strerror_printf("Cannot get dumpable flag: %s", fr_syserror(errno));
303 * Linux is crazy and prctl sometimes returns 2 for disabled
305 if (ret != 1) return 0;
309 static int fr_get_dumpable_flag(void)
311 fr_strerror_printf("Getting value of PR_DUMPABLE not supported on this system");
317 /** Get the current maximum for core files
319 * Do this before anything else so as to ensure it's properly initialized.
321 int fr_set_dumpable_init(void)
323 #ifdef HAVE_SYS_RESOURCE_H
324 if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
325 fr_strerror_printf("Failed to get current core limit: %s", fr_syserror(errno));
332 /** Enable or disable core dumps
334 * @param allow_core_dumps whether to enable or disable core dumps.
336 int fr_set_dumpable(bool allow_core_dumps)
339 * If configured, turn core dumps off.
341 if (!allow_core_dumps) {
342 #ifdef HAVE_SYS_RESOURCE_H
343 struct rlimit no_core;
345 no_core.rlim_cur = 0;
346 no_core.rlim_max = 0;
348 if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
349 fr_strerror_printf("Failed disabling core dumps: %s", fr_syserror(errno));
357 if (fr_set_dumpable_flag(true) < 0) return -1;
360 * Reset the core dump limits to their original value.
362 #ifdef HAVE_SYS_RESOURCE_H
363 if (setrlimit(RLIMIT_CORE, &core_limits) < 0) {
364 fr_strerror_printf("Cannot update core dump limit: %s", fr_syserror(errno));
372 /** Check to see if panic_action file is world writeable
374 * @return 0 if file is OK, else -1.
376 static int fr_fault_check_permissions(void)
384 * Try and guess which part of the command is the binary, and check to see if
385 * it's world writeable, to try and save the admin from their own stupidity.
387 * @fixme we should do this properly and take into account single and double
390 if ((q = strchr(panic_action, ' '))) {
392 * need to use a static buffer, because mallocing memory in a signal handler
393 * is a bad idea and can result in deadlock.
395 len = snprintf(filename, sizeof(filename), "%.*s", (int)(q - panic_action), panic_action);
396 if (is_truncated(len, sizeof(filename))) {
397 fr_strerror_printf("Failed writing panic_action to temporary buffer (truncated)");
405 if (stat(p, &statbuf) == 0) {
407 if ((statbuf.st_mode & S_IWOTH) != 0) {
408 fr_strerror_printf("panic_action file \"%s\" is globally writable", p);
417 /** Prints a simple backtrace (if execinfo is available) and calls panic_action if set.
421 void fr_fault(int sig)
423 char cmd[sizeof(panic_action) + 20];
425 size_t left = sizeof(cmd), ret;
427 char const *p = panic_action;
433 * Makes the backtraces slightly cleaner
435 memset(cmd, 0, sizeof(cmd));
437 fr_fault_log("CAUGHT SIGNAL: %s\n", strsignal(sig));
440 * Check for administrator sanity.
442 if (fr_fault_check_permissions() < 0) {
443 fr_fault_log("Refusing to execute panic action: %s\n", fr_strerror());
448 * Run the callback if one was registered
450 if (panic_cb && (panic_cb(sig) < 0)) goto finish;
453 * Produce a simple backtrace - They've very basic but at least give us an
454 * idea of the area of the code we hit the issue in.
458 size_t frame_count, i;
459 void *stack[MAX_BT_FRAMES];
462 frame_count = backtrace(stack, MAX_BT_FRAMES);
464 fr_fault_log("Backtrace of last %zu frames:\n", frame_count);
467 * Only use backtrace_symbols() if we don't have a logging fd.
468 * If the server has experienced memory corruption, there's
469 * a high probability that calling backtrace_symbols() which
470 * mallocs more memory, will fail.
472 if (fr_fault_log_fd < 0) {
473 strings = backtrace_symbols(stack, frame_count);
474 for (i = 0; i < frame_count; i++) {
475 fr_fault_log("%s\n", strings[i]);
479 backtrace_symbols_fd(stack, frame_count, fr_fault_log_fd);
484 /* No panic action set... */
485 if (panic_action[0] == '\0') {
486 fr_fault_log("No panic action set\n");
490 /* Substitute %p for the current PID (useful for attaching a debugger) */
491 while ((q = strstr(p, "%p"))) {
492 out += ret = snprintf(out, left, "%.*s%d", (int) (q - p), p, (int) getpid());
495 fr_fault_log("Panic action too long");
501 if (strlen(p) >= left) goto oob;
502 strlcpy(out, p, left);
504 fr_fault_log("Calling: %s\n", cmd);
507 bool disable = false;
510 * Here we temporarily enable the dumpable flag so if GBD or LLDB
511 * is called in the panic_action, they can pattach tot he running
514 if (fr_get_dumpable_flag() == 0) {
515 if ((fr_set_dumpable_flag(true) < 0) || !fr_get_dumpable_flag()) {
516 fr_fault_log("Failed setting dumpable flag, pattach may not work: %s", fr_strerror());
520 fr_fault_log("Temporarily setting PR_DUMPABLE to 1");
526 * We only want to error out here, if dumpable was originally disabled
527 * and we managed to change the value to enabled, but failed
528 * setting it back to disabled.
531 fr_fault_log("Resetting PR_DUMPABLE to 0");
532 if (fr_set_dumpable_flag(false) < 0) {
533 fr_fault_log("Failed reseting dumpable flag to off: %s", fr_strerror());
534 fr_fault_log("Exiting due to insecure process state");
540 fr_fault_log("Panic action exited with %i", code);
544 if (sig == SIGUSR1) {
552 /** Work around debuggers which can't backtrace past the signal handler
554 * At least this provides us some information when we get talloc errors.
556 static void _fr_talloc_fault(char const *reason)
558 fr_fault_log("talloc abort: %s\n", reason);
563 /** Wrapper to pass talloc log output to our fr_fault_log function
566 static void _fr_talloc_log(char const *msg)
568 fr_fault_log("%s\n", msg);
571 /** Generate a talloc memory report for a context and print to stderr/stdout
573 * @param ctx to generate a report for, may be NULL in which case the root context is used.
575 int fr_log_talloc_report(TALLOC_CTX *ctx)
578 char const *null_ctx = NULL;
582 fd = dup(fr_fault_log_fd);
584 fr_strerror_printf("Couldn't write memory report, failed to dup log fd: %s", fr_syserror(errno));
587 log = fdopen(fd, "w");
590 fr_strerror_printf("Couldn't write memory report, fdopen failed: %s", fr_syserror(errno));
594 fprintf(log, "Current state of talloced memory:\n");
596 null_ctx = talloc_get_name(NULL);
600 talloc_report_full(NULL, log);
602 fprintf(log, "Context level %i", i++);
604 talloc_report_full(ctx, log);
605 } while ((ctx = talloc_parent(ctx)) && (talloc_get_name(ctx) != null_ctx)); /* Stop before we hit NULL ctx */
612 /** Signal handler to print out a talloc memory report
616 static void _fr_fault_mem_report(int sig)
618 fr_fault_log("CAUGHT SIGNAL: %s\n", strsignal(sig));
620 if (fr_log_talloc_report(NULL) < 0) fr_perror("memreport");
623 static int _fr_disable_null_tracking(UNUSED bool *p)
625 talloc_disable_null_tracking();
629 /** Registers signal handlers to execute panic_action on fatal signal
631 * May be called multiple time to change the panic_action/program.
633 * @param cmd to execute on fault. If present %p will be substituted
634 * for the parent PID before the command is executed, and %e
635 * will be substituted for the currently running program.
636 * @param program Name of program currently executing (argv[0]).
637 * @return 0 on success -1 on failure.
639 int fr_fault_setup(char const *cmd, char const *program)
641 static bool setup = false;
643 char *out = panic_action;
644 size_t left = sizeof(panic_action), ret;
650 /* Substitute %e for the current program */
651 while ((q = strstr(p, "%e"))) {
652 out += ret = snprintf(out, left, "%.*s%s", (int) (q - p), p, program ? program : "");
655 fr_strerror_printf("Panic action too long");
661 if (strlen(p) >= left) goto oob;
662 strlcpy(out, p, left);
664 *panic_action = '\0';
668 * Check for administrator sanity.
670 if (fr_fault_check_permissions() < 0) return -1;
672 /* Unsure what the side effects of changing the signal handler mid execution might be */
675 if (fr_set_signal(SIGSEGV, fr_fault) < 0) return -1;
678 if (fr_set_signal(SIGBUS, fr_fault) < 0) return -1;
681 if (fr_set_signal(SIGABRT, fr_fault) < 0) return -1;
683 * Use this instead of abort so we get a
684 * full backtrace with broken versions of LLDB
686 talloc_set_abort_fn(_fr_talloc_fault);
689 if (fr_set_signal(SIGFPE, fr_fault) < 0) return -1;
693 if (fr_set_signal(SIGUSR1, fr_fault) < 0) return -1;
697 if (fr_set_signal(SIGUSR2, _fr_fault_mem_report) < 0) return -1;
701 * Setup the default logger
703 if (!fr_fault_log) fr_fault_set_log_fn(NULL);
704 talloc_set_log_fn(_fr_talloc_log);
707 * Needed for memory reports
709 * Disable null tracking on exit, else valgrind complains
712 TALLOC_CTX *autofree;
715 talloc_enable_null_tracking();
717 autofree = talloc_autofree_context();
718 marker = talloc(autofree, bool);
719 talloc_set_destructor(marker, _fr_disable_null_tracking);
723 * If were using glibc malloc > 2.4 this scribbles over
724 * uninitialised and freed memory, to make memory issues easier
727 #if defined(HAVE_MALLOPT) && !defined(NDEBUG)
728 mallopt(M_PERTURB, 0x42);
729 mallopt(M_CHECK_ACTION, 3);
737 /** Set a callback to be called before fr_fault()
739 * @param func to execute. If callback returns < 0
740 * fr_fault will exit before running panic_action code.
742 void fr_fault_set_cb(fr_fault_cb_t func)
747 /** Default logger, logs output to stderr
750 static void CC_HINT(format (printf, 1, 2)) _fr_fault_log(char const *msg, ...)
755 vfprintf(stderr, msg, ap);
760 /** Set a file descriptor to log panic_action output to.
762 * @param func to call to output log messages.
764 void fr_fault_set_log_fn(fr_fault_log_t func)
766 fr_fault_log = func ? func : _fr_fault_log;
769 /** Set a file descriptor to log memory reports to.
771 * @param fd to write output to.
773 void fr_fault_set_log_fd(int fd)
775 fr_fault_log_fd = fd;
779 #ifdef WITH_VERIFY_PTR
782 * Verify a VALUE_PAIR
784 inline void fr_verify_vp(VALUE_PAIR const *vp)
786 (void) talloc_get_type_abort(vp, VALUE_PAIR);
788 if (vp->data.ptr) switch (vp->da->type) {
794 if (!talloc_get_type(vp->data.ptr, uint8_t)) {
795 fr_perror("Type check failed for attribute \"%s\"", vp->da->name);
796 (void) talloc_get_type_abort(vp->data.ptr, uint8_t);
799 len = talloc_array_length(vp->vp_octets);
800 if (vp->length > len) {
801 fr_perror("VALUE_PAIR length %zu does not equal uint8_t buffer length %zu", vp->length, len);
812 if (!talloc_get_type(vp->data.ptr, char)) {
813 fr_perror("Type check failed for attribute \"%s\"", vp->da->name);
814 (void) talloc_get_type_abort(vp->data.ptr, char);
817 len = (talloc_array_length(vp->vp_strvalue) - 1);
818 if (vp->length > len) {
819 fr_perror("VALUE_PAIR %s length %zu is too small for char buffer length %zu",
820 vp->da->name, vp->length, len);
824 if (vp->vp_strvalue[vp->length] != '\0') {
825 fr_perror("VALUE_PAIR %s buffer not \\0 terminated", vp->da->name);
840 void fr_verify_list(TALLOC_CTX *expected, VALUE_PAIR *vps)
846 for (vp = fr_cursor_init(&cursor, &vps);
848 vp = fr_cursor_next(&cursor)) {
851 parent = talloc_parent(vp);
852 if (expected && (parent != expected)) {
853 fr_perror("Expected VALUE_PAIR (%s) to be parented by %p (%s), "
854 "but parented by %p (%s)",
856 expected, talloc_get_name(expected),
857 parent, parent ? talloc_get_name(parent) : "NULL");
859 fr_log_talloc_report(expected);
860 if (parent) fr_log_talloc_report(parent);