IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The COREDUMP_EXE attribute is "optional", i.e. we continue to process the
crash even if we didn't acquire it. The coredump generation code assumed
that it is always available:
#5 endswith at ../src/fundamental/string-util-fundamental.c:41
[ endswith() is called with NULL here, and an assertion fails. ]
#6 submit_coredump at ../src/coredump/coredump.c:823
#7 process_socket at ../src/coredump/coredump.c:1038
#8 run at ../src/coredump/coredump.c:1413
We use the exe path for loop detection, and also (ultimately) pass it to
dwfl_core_file_report(). The latter seems to be fine will NULL, so let's just
change our code to look at COMM, which should be more reliable anyway.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2036517.
(cherry picked from commit c790632cab)
Parsing objects is risky as data could be malformed or malicious,
so avoid doing that from the main systemd-coredump process and
instead fork another process, and set it to avoid generating
core files itself.
This was broken in a subtle way: we'd get an ELF ref, but not the right one,
so no metadata note would be found.
Change the parsing function to return 1 when it finds something, so that
we can return early only when that happens.
Previously the mkdir_label() family of calls was implemented in
src/shared/mkdir-label.c but its functions partly declared ins
src/shared/label.h and partly in src/basic/mkdir.h (!!). That's weird
(and wrong).
Let's clean this up, and add a proper mkdir-label.h matching the .c
file.
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.
No code changes, just some splitting out of code.
Since 587f2a5e56, filename for
not-compressed coredump is missing from save_external_coredump, making
it write COREDUMP_FILENAME= (empty) in journal, making `coredumpctl`
report it missing but it is actually saved.
This fixes it.
Let's define two helpers strdupa_safe() + strndupa_safe() which do the
same as their non-safe counterparts, except that they abort if called
with allocations larger than ALLOCA_MAX.
This should ensure that all our alloca() based allocations are subject
to this limit.
afaics glibc offers three alloca() based APIs: alloca() itself,
strndupa() + strdupa(). With this we have now replacements for all of
them, that take the limit into account.
With the changes to limit that print 'Found module …' over and over, we were
hitting the journal field message limit, effectively truncating the info output.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488.
This option has coredumpctl look at all journals instead of only the
local ones. This allows coredumpctl to show information about remote
coredumps if the coredumps are made available in /var/lib/systemd/coredump
and the corresponding journals are made available in /var/log/journal.
This is already possible using the --directory option but --all makes it
more user friendly since users don't have to enter the journal directory
anymore as long as it's available under /var/log/journal.
coredumpctl could be used in a chroot where D-Bus isn't running. If
that's the case, we shouldn't consider it an error if we can't connect
to the D-Bus daemon so let's reduce the severity of the error we log
when we can't connect to D-Bus because the socket doesn't exist.
In general we almost never hit those asserts in production code, so users see
them very rarely, if ever. But either way, we just need something that users
can pass to the developers.
We have quite a few of those asserts, and some have fairly nice messages, but
many are like "WTF?" or "???" or "unexpected something". The error that is
printed includes the file location, and function name. In almost all functions
there's at most one assert, so the function name alone is enough to identify
the failure for a developer. So we don't get much extra from the message, and
we might just as well drop them.
Dropping them makes our code a tiny bit smaller, and most importantly, improves
development experience by making it easy to insert such an assert in the code
without thinking how to phrase the argument.
Observed as a crash on binaries built with gcc-master:
```
3 0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0,
elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157
4 0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=<optimized out>,
name=0x5573b901a620 "/a", start=<optimized out>, arg=0x7fffc688f790)
at ../systemd-stable-249.2/src/coredump/stacktrace.c:306
5 0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0,
callback=callback@entry=0x5573b8841eb0 <module_callback>, arg=arg@entry=0x7fffc688f790, offset=offset@entry=0)
at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86
6 0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850,
executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366
7 coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850,
ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848)
at ../systemd-stable-249.2/src/coredump/stacktrace.c:406
8 0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990,
input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827
9 0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041
10 run (argv=<optimized out>, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416
11 main (argc=-964101648, argv=<optimized out>) at ../systemd-stable-249.2/src/coredump/coredump.c:1422
```
Happens only on enabled elfutils symbolizer.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Let's make sure we signal out-of-band via an error message if a process
doesn't have a parent process whose PID we could return. Otherwise we'll
too likely hide errors, as we return an invalid PID 0, which in other
contexts has special meaning (i.e. usually "myself").
Replaces: #20153
This is based on work by @dtardon, but goes a different route, by
ensuring we propagate a proper error in this case.
This modernizes the function in question a bit in other ways, i.e.
renames stuff and makes the return parameter optional.
Most of our programs that take "verbs" make the "help" verb either
equivalent to passing the --help switch (or at least print a message
redirecting the user to that switch). Do so in coredumpctl too, in order
to minimize surprises.
When /var/lib/systemd/coredump/ is backed by a tmpfs, all disk usage
will be accounted under the systemd-coredump process cgroup memory
limit.
If MemoryMax is set, this might cause systemd-coredump to be terminated
by the kernel oom handler when writing large uncompressed core files,
even if the compressed core would fit within the limits.
Detect if a tmpfs is used, and if so check MemoryMax from the process
and slice cgroups, and do not write uncompressed core files that are
greater than half the available memory. If the limit is breached,
stop writing and compress the written chunk immediately, then delete
the uncompressed chunk to free more memory, and resume compressing
directly from STDIN.
Example debug log when this situation happens:
systemd-coredump[737455]: Setting max_size to limit writes to 51344896 bytes.
systemd-coredump[737455]: ZSTD compression finished (51344896 -> 3260 bytes, 0.0%)
systemd-coredump[737455]: ZSTD compression finished (1022786048 -> 47245 bytes, 0.0%)
systemd-coredump[737455]: Process 737445 (a.out) of user 1000 dumped core.
$ coredumpctl info |grep Command
Command Line: bash -c kill -SEGV $$ (before)
Command Line: bash -c "kill -SEGV \$\$" (road not taken, C quotes)
Command Line: bash -c $'kill -SEGV $$' (now, POSIX quotes)
Before we wouldn't use any quoting, making it impossible to figure how the
command line was split into arguments. We could use "normal" quotes, but this
has the disadvantage that the commandline *looks* like it could be pasted into
the terminal and executed, but this is not true: various non-printable
characters cannot be expressed in this quoting style. (This is not visible in
this example). Thus, "POSIX quotes" are used, which should allow any command
line to be expressed acurrately and pasted directly into a shell prompt to
reexecute.
I wonder if we should another field in the coredump entry that simply shows the
original cmdline with embedded NULs, in the original /proc/*/cmdline
format. This would allow clients to format the data as they see fit. But I
think we'd want to keep the serialized form anyway, for backwards compatibility.
With some versions of the compiler, the _cleanup_ attr makes it think
the variable might be freed/closed when uninitialized, even though it
cannot happen. The added cost is small enough to be worth the benefit,
and optimized builds will help reduce it even further.
Append 'package' and 'packageVersion' to the journal as discrete fields
COREDUMP_PKGMETA_PACKAGE and COREDUMP_PKGMETA_PACKAGEVERSION respectively,
and the full json blurb as COREDUMP_PKGMETA_JSON.
