[Git][NTPsec/ntpsec][master] 7 commits: libisc: turn on backtrace with --enable-debug-gdb.

Gary E. Miller gitlab at mg.gitlab.com
Fri Jun 2 01:27:49 UTC 2017


Gary E. Miller pushed to branch master at NTPsec / ntpsec


Commits:
55ff4a67 by Gary E. Miller at 2017-06-01T16:22:27-07:00
libisc: turn on backtrace with --enable-debug-gdb.

Might as well hook them together as they both need the symbol table.
We'll if it needs changing when people use it.

- - - - -
08eb14f4 by Gary E. Miller at 2017-06-01T16:27:04-07:00
libisc: change an implicit cast to explicit.

- - - - -
88d4948d by Gary E. Miller at 2017-06-01T16:29:41-07:00
libisc: remove a redundant #ifdef

- - - - -
f079978c by Gary E. Miller at 2017-06-01T16:52:02-07:00
libisc: BACKTRACE_UNWIND now compiles.

No idea if it works, yet.

- - - - -
b2577fff by Gary E. Miller at 2017-06-01T17:03:50-07:00
libisc: fix one warning, document another.

Unlikely getgpb() ever gets used since backtrace() and Unwind are
now more available.

- - - - -
5de857f3 by Gary E. Miller at 2017-06-01T18:17:48-07:00
seccomp: add backtrace to seccomp SIGSYS.

- - - - -
9d335068 by Gary E. Miller at 2017-06-01T18:27:10-07:00
ntpd: 2nd try to fix droproot group.

- - - - -


5 changed files:

- devel/ifdex-ignores
- libisc/backtrace.c
- ntpd/ntp_sandbox.c
- ntpd/ntpd.c
- wscript


Changes:

=====================================
devel/ifdex-ignores
=====================================
--- a/devel/ifdex-ignores
+++ b/devel/ifdex-ignores
@@ -37,7 +37,7 @@ NTPD_PRIO		# Priority to set the daemon to
 # Fine-grained debugging and tracing, not presently settable from waf
 DEBUG
 ISC_LIST_CHECKINIT	# Debugging flag
-ISC_PLATFORM_USEBACKTRACE	# Use the ISC backtrace code on assertions
+USEBACKTRACE	        # Use backtrace code, set by --enable-debug-gdb
 ISC_UTIL_TRACEON	# Enables trace code in ISC service routines.
 DEBUG_PARSELIB		# Enable debugging in the parse library.
 NTP_DEBUG_LISTS		# Debug list handling


=====================================
libisc/backtrace.c
=====================================
--- a/libisc/backtrace.c
+++ b/libisc/backtrace.c
@@ -10,22 +10,20 @@
 
 #include <string.h>
 #include <stdlib.h>
-#ifdef HAVE_BACKTRACE_SYMBOLS_FD
-#include <execinfo.h>
-#endif
 
 #include "isc/backtrace.h"
 #include "isc/result.h"
 #include "isc/util.h"
 
-#ifdef ISC_PLATFORM_USEBACKTRACE
+#ifdef USEBACKTRACE
 /*
  * Getting a back trace of a running process is tricky and highly platform
  * dependent.  Our current approach is as follows:
  * 1. If the system library supports the "backtrace()" function, use it.
  *    OS X support this starting at with SDK 10.5.  glibc since version 2.1
  * 2. Otherwise, if unwind.h exists then use the __Unwind_Backtrace() function.
- *    This function is available on Linux and  OS X.
+ *    This function is available on Linux and OS X.  It is defined in the
+ *    Linux Standard Base from at least version 4.1
  * 3. Otherwise, if the architecture x86 or x86_64, try to unwind the stack
  *    frame following frame pointers.  This assumes the executable binary
  *    compiled with frame pointers; this is not always true for x86_64 (rather,
@@ -44,11 +42,13 @@
 #else
 #define BACKTRACE_DISABLED
 #endif  /* HAVE_BACKTRACE_SYMBOLS_FD */
-#else	/* !ISC_PLATFORM_USEBACKTRACE */
+#else	/* !USEBACKTRACE */
 #define BACKTRACE_DISABLED
-#endif	/* ISC_PLATFORM_USEBACKTRACE */
+#endif	/* USEBACKTRACE */
 
 #ifdef BACKTRACE_LIBC
+#include <execinfo.h>
+
 isc_result_t
 isc_backtrace_gettrace(void **addrs, int maxaddrs, int *nframes) {
 	int n;
@@ -68,7 +68,7 @@ isc_backtrace_gettrace(void **addrs, int maxaddrs, int *nframes) {
 	if (n < 2)
 		return (ISC_R_NOTFOUND);
 	n--;
-	memmove(addrs, &addrs[1], sizeof(void *) * n);
+	memmove(addrs, &addrs[1], sizeof(void *) * (size_t)n);
 	*nframes = n;
 	return (ISC_R_SUCCESS);
 }
@@ -82,8 +82,8 @@ typedef struct {
 	int count;
 } trace_arg_t;
 
-static int
-btcallback(void *uc, void *opq) {
+static _Unwind_Reason_Code
+btcallback(struct _Unwind_Context *uc, void *opq) {
 	trace_arg_t *arg = (trace_arg_t *)opq;
 
 	if (arg->skip_count > 0)
@@ -117,8 +117,9 @@ isc_backtrace_gettrace(void **addrs, int maxaddrs, int *nframes) {
 #elif defined(BACKTRACE_X86STACK)
 #ifdef __x86_64__
 static unsigned long
-getrbp() {
+getrbp(void) {
 	__asm("movq %rbp, %rax\n");
+        /* much trickery with __asm()'ed return variable */
 }
 #endif
 


=====================================
ntpd/ntp_sandbox.c
=====================================
--- a/ntpd/ntp_sandbox.c
+++ b/ntpd/ntp_sandbox.c
@@ -34,6 +34,10 @@ static priv_set_t *highprivs = NULL;
 
 #ifdef HAVE_SECCOMP_H
 # include <seccomp.h>
+# ifdef HAVE_BACKTRACE_SYMBOLS_FD
+#  include <execinfo.h>
+# endif
+static void catchTrap(int sig, siginfo_t *, void *);
 #endif
 
 #ifdef ENABLE_DROPROOT
@@ -48,9 +52,6 @@ static struct passwd *pw;
 #include "ntp_syslog.h"
 #include "ntp_stdlib.h"
 
-#ifdef HAVE_SECCOMP_H
-static void catchTrap(int sig, siginfo_t *, void *);
-#endif
 
 bool sandbox(const bool droproot,
 	     char *user, const char *group,
@@ -446,7 +447,31 @@ static void catchTrap(int sig, siginfo_t *si, void *u)
 	UNUSED_ARG(sig);	/* signal number */
 	UNUSED_ARG(u);	        /* unused ucontext_t */
 	msyslog(LOG_ERR, "ERROR: SIGSYS: got a trap.\n");
-	msyslog(LOG_ERR, "ERROR: Bad syscall %d\n", si->si_syscall);
+	if ( si->si_syscall ) {
+	    msyslog(LOG_ERR, "ERROR: SIGSYS/seccomp bad syscall %d/%#x\n",
+		    si->si_syscall, si->si_arch);
+        }
+#ifdef HAVE_BACKTRACE_SYMBOLS_FD
+        {
+#define BT_BUF_SIZE 100
+
+           int j, nptrs;
+           void *buffer[BT_BUF_SIZE];
+           char **strings;
+
+           nptrs = backtrace(buffer, BT_BUF_SIZE);
+           strings = backtrace_symbols(buffer, nptrs);
+	   msyslog(LOG_ERR, "Stack trace:\n");
+           if (strings) {
+               /* skip trace of this shim function */
+	       for (j = 1; j < nptrs; j++)
+		   msyslog(LOG_ERR, "  %s\n", strings[j]);
+
+	       free(strings);
+           }
+        }
+#endif /* HAVE_BACKTRACE_SYMBOLS_FD */
+
 	exit(1);
 }
 #endif /* HAVE_SECCOMP_H */


=====================================
ntpd/ntpd.c
=====================================
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -362,7 +362,7 @@ parse_cmdline_opts(
 			gp = strrchr(user, ':');
 			if (gp) {
 				*gp++ = '\0'; /* get rid of the ':' */
-				group = gp;
+				group = estrdup(gp);
 			} else {
                                 group  = NULL;
                         }


=====================================
wscript
=====================================
--- a/wscript
+++ b/wscript
@@ -335,6 +335,7 @@ def configure(ctx):
     # CFLAGS to override our computed CFLAGS
     if ctx.options.enable_debug_gdb:
         ctx.env.CFLAGS = ["-g"] + ctx.env.CFLAGS
+        ctx.define("USEBACKTRACE", "1", quote=False)
     else:
         # not gdb debugging
         cc_test_flags += [



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/33bc854ecb014d3d125832ec062ec390990be517...9d335068a42b306797808489ab8149575e28ea86

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/33bc854ecb014d3d125832ec062ec390990be517...9d335068a42b306797808489ab8149575e28ea86
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170602/b06db40f/attachment.html>


More information about the vc mailing list