passenger 4.0.0.rc4 → 4.0.0.rc6

data/ext/common/Utils/ScopeGuard.h

@@ -27,11 +27,14 @@
 
 #include <boost/noncopyable.hpp>
 #include <boost/function.hpp>
+#include <boost/thread.hpp>
+#include <oxt/system_calls.hpp>
 #include <cstdio>
 
 namespace Passenger {
 
 using namespace boost;
+using namespace oxt;
 
 
 #ifndef _PASSENGER_SAFELY_CLOSE_DEFINED_
@@ -48,17 +51,25 @@ using namespace boost;
 class ScopeGuard: public noncopyable {
 private:
 	function<void ()> func;
+	bool interruptable;
 	
 public:
 	ScopeGuard() { }
 	
-	ScopeGuard(const function<void ()> &func) {
+	ScopeGuard(const function<void ()> &func, bool interruptable = false) {
 		this->func = func;
+		this->interruptable = interruptable;
 	}
 	
 	~ScopeGuard() {
 		if (func) {
-			func();
+			if (interruptable) {
+				func();
+			} else {
+				this_thread::disable_interruption di;
+				this_thread::disable_syscall_interruption dsi;
+				func();
+			}
 		}
 	}
 	
@@ -69,7 +80,13 @@ public:
 	void runNow() {
 		function<void ()> oldFunc = func;
 		func = function<void()>();
-		oldFunc();
+		if (interruptable) {
+			oldFunc();
+		} else {
+			this_thread::disable_interruption di;
+			this_thread::disable_syscall_interruption dsi;
+			oldFunc();
+		}
 	}
 };
 

data/ext/common/Utils/StrIntUtils.h

@@ -30,6 +30,7 @@
 #include <sstream>
 #include <cstddef>
 #include <ctime>
+#include <oxt/macros.hpp>
 #include <StaticString.h>
 
 namespace Passenger {
@@ -74,8 +75,12 @@ bool startsWith(const StaticString &str, const StaticString &substr);
  * @param sep The separator to use.
  * @param output The vector to write the output to.
  */
-void split(const StaticString &str, char sep, vector<string> &output);
-void split(const StaticString &str, char sep, vector<StaticString> &output);
+void split(const StaticString & restrict_ref str,
+	char sep,
+	vector<string> & restrict_ref output);
+void split(const StaticString & restrict_ref str,
+	char sep,
+	vector<StaticString> & restrict_ref output);
 
 /**
  * Split the given string using the given separator. Includes the
@@ -85,8 +90,12 @@ void split(const StaticString &str, char sep, vector<StaticString> &output);
  * @param sep The separator to use.
  * @param output The vector to write the output to.
  */
-void splitIncludeSep(const StaticString &str, char sep, vector<string> &output);
-void splitIncludeSep(const StaticString &str, char sep, vector<StaticString> &output);
+void splitIncludeSep(const StaticString & restrict_ref str,
+	char sep,
+	vector<string> & restrict_ref output);
+void splitIncludeSep(const StaticString & restrict_ref str,
+	char sep,
+	vector<StaticString> & restrict_ref output);
 
 /**
  * Look for 'toFind' inside 'str', replace it with 'replaceWith' and return the result.
@@ -146,7 +155,7 @@ string toHex(const StaticString &data);
  * Convert the given binary data to hexadecimal. This form accepts an
  * output buffer which must be at least <tt>data.size() * 2</tt> bytes large.
  */
-void toHex(const StaticString &data, char *output, bool upperCase = false);
+void toHex(const StaticString & restrict_ref data, char * restrict output, bool upperCase = false);
 
 /**
  * Convert the given integer to some other radix, placing

data/ext/common/agents/Base.cpp

@@ -60,6 +60,7 @@
 #include <Constants.h>
 #include <Exceptions.h>
 #include <Logging.h>
+#include <ResourceLocator.h>
 #include <Utils.h>
 #include <Utils/StrIntUtils.h>
 #ifdef __linux__
@@ -101,12 +102,17 @@ static unsigned int alternativeStackSize;
 static volatile unsigned int abortHandlerCalled = 0;
 static unsigned int randomSeed = 0;
 static const char *argv0 = NULL;
-static const char *backtraceSanitizerPath = NULL;
-static bool backtraceSanitizerUseShell = false;
+static const char *backtraceSanitizerCommand = NULL;
 static bool backtraceSanitizerPassProgramInfo = true;
 static DiagnosticsDumper customDiagnosticsDumper = NULL;
 static void *customDiagnosticsDumperUserData;
 
+// We preallocate a few pipes during startup which we will close in the
+// crash handler. This way we can be sure that when the crash handler
+// calls pipe() it won't fail with "Too many files".
+static int emergencyPipe1[2] = { -1, -1 };
+static int emergencyPipe2[2] = { -1, -1 };
+
 // If assert() failed, its information is stored here.
 static struct {
 	const char *filename;
@@ -143,17 +149,6 @@ hasEnvOption(const char *name, bool defaultValue = false) {
 	}
 }
 
-// Async-signal safe way to fork().
-// http://sourceware.org/bugzilla/show_bug.cgi?id=4737
-static pid_t
-asyncFork() {
-	#if defined(__linux__)
-		return (pid_t) syscall(SYS_fork);
-	#else
-		return fork();
-	#endif
-}
-
 // No idea whether strlen() is async signal safe, but let's not risk it
 // and write our own version instead that's guaranteed to be safe.
 static size_t
@@ -361,7 +356,7 @@ appendSignalReason(char *buf, siginfo_t *info) {
 	return buf;
 }
 
-static void
+static int
 runInSubprocessWithTimeLimit(AbortHandlerState &state, Callback callback, void *userData, int timeLimit) {
 	char *end;
 	pid_t child;
@@ -370,11 +365,11 @@ runInSubprocessWithTimeLimit(AbortHandlerState &state, Callback callback, void *
 	if (pipe(p) == -1) {
 		e = errno;
 		end = state.messageBuf;
-		end = appendText(end, "Could not dump diagnostics: pipe() failed with errno=");
+		end = appendText(end, "Could not create subprocess: pipe() failed with errno=");
 		end = appendULL(end, e);
 		end = appendText(end, "\n");
 		write(STDERR_FILENO, state.messageBuf, end - state.messageBuf);
-		return;
+		return -1;
 	}
 
 	child = asyncFork();
@@ -382,18 +377,21 @@ runInSubprocessWithTimeLimit(AbortHandlerState &state, Callback callback, void *
 		close(p[0]);
 		callback(state, userData);
 		_exit(0);
+		return -1;
 
 	} else if (child == -1) {
 		e = errno;
 		close(p[0]);
 		close(p[1]);
 		end = state.messageBuf;
-		end = appendText(end, "Could not dump diagnostics: fork() failed with errno=");
+		end = appendText(end, "Could not create subprocess: fork() failed with errno=");
 		end = appendULL(end, e);
 		end = appendText(end, "\n");
 		write(STDERR_FILENO, state.messageBuf, end - state.messageBuf);
+		return -1;
 
 	} else {
+		int status;
 		close(p[1]);
 
 		// We give the child process a time limit. If it doesn't succeed in
@@ -404,10 +402,91 @@ runInSubprocessWithTimeLimit(AbortHandlerState &state, Callback callback, void *
 		fd.events = POLLIN | POLLHUP | POLLERR;
 		if (poll(&fd, 1, timeLimit) <= 0) {
 			kill(child, SIGKILL);
-			safePrintErr("Could not dump diagnostics: child process did not exit in time\n");
+			safePrintErr("Could not run child process: it did not exit in time\n");
 		}
 		close(p[0]);
-		waitpid(child, NULL, 0);
+		if (waitpid(child, &status, 0) == child) {
+			return status;
+		} else {
+			return -1;
+		}
+	}
+}
+
+static void
+dumpFileDescriptorInfoWithLsof(AbortHandlerState &state, void *userData) {
+	char *end;
+
+	end = state.messageBuf;
+	end = appendULL(end, state.pid);
+	*end = '\0';
+
+	closeAllFileDescriptors(2);
+
+	execlp("lsof", "lsof", "-p", state.messageBuf, "-nP", (const char * const) 0);
+
+	end = state.messageBuf;
+	end = appendText(end, "ERROR: cannot execute command 'lsof': errno=");
+	end = appendULL(end, errno);
+	end = appendText(end, "\n");
+	write(STDERR_FILENO, state.messageBuf, end - state.messageBuf);
+	_exit(1);
+}
+
+static void
+dumpFileDescriptorInfoWithLs(AbortHandlerState &state, char *end) {
+	pid_t pid;
+	int status;
+
+	pid = asyncFork();
+	if (pid == 0) {
+		closeAllFileDescriptors(2);
+		// The '-v' is for natural sorting on Linux. On BSD -v means something else but it's harmless.
+		execlp("ls", "ls", "-lv", state.messageBuf, (const char * const) 0);
+		_exit(1);
+	} else if (pid == -1) {
+		safePrintErr("ERROR: Could not fork a process to dump file descriptor information!\n");
+	} else if (waitpid(pid, &status, 0) != pid || status != 0) {
+		safePrintErr("ERROR: Could not run 'ls' to dump file descriptor information!\n");
+	}
+}
+
+static void
+dumpFileDescriptorInfo(AbortHandlerState &state) {
+	char *messageBuf = state.messageBuf;
+	char *end;
+	struct stat buf;
+	int status;
+
+	end = messageBuf;
+	end = appendText(end, state.messagePrefix);
+	end = appendText(end, " ] Open files and file descriptors:\n");
+	write(STDERR_FILENO, messageBuf, end - messageBuf);
+
+	status = runInSubprocessWithTimeLimit(state, dumpFileDescriptorInfoWithLsof, NULL, 4000);
+
+	if (status != 0) {
+		safePrintErr("Falling back to another mechanism for dumping file descriptors.\n");
+
+		end = messageBuf;
+		end = appendText(end, "/proc/");
+		end = appendULL(end, state.pid);
+		end = appendText(end, "/fd");
+		*end = '\0';
+		if (stat(messageBuf, &buf) == 0) {
+			dumpFileDescriptorInfoWithLs(state, end + 1);
+		} else {
+			end = messageBuf;
+			end = appendText(end, "/dev/fd");
+			*end = '\0';
+			if (stat(messageBuf, &buf) == 0) {
+				dumpFileDescriptorInfoWithLs(state, end + 1);
+			} else {
+				end = messageBuf;
+				end = appendText(end, "ERROR: No other file descriptor dumping mechanism on current platform detected.\n");
+				write(STDERR_FILENO, messageBuf, end - messageBuf);
+			}
+		}
 	}
 }
 
@@ -421,6 +500,7 @@ dumpWithCrashWatch(AbortHandlerState &state) {
 	
 	pid_t child = asyncFork();
 	if (child == 0) {
+		closeAllFileDescriptors(2);
 		execlp("crash-watch", "crash-watch", "--dump", pidStr, (char * const) 0);
 		if (errno == ENOENT) {
 			safePrintErr("Crash-watch is not installed. Please install it with 'gem install crash-watch' "
@@ -463,7 +543,7 @@ dumpWithCrashWatch(AbortHandlerState &state) {
 		end = appendText(end, " frames:\n");
 		write(STDERR_FILENO, state.messageBuf, end - state.messageBuf);
 
-		if (backtraceSanitizerPath != NULL) {
+		if (backtraceSanitizerCommand != NULL) {
 			int p[2];
 			if (pipe(p) == -1) {
 				int e = errno;
@@ -482,34 +562,28 @@ dumpWithCrashWatch(AbortHandlerState &state) {
 				const char *pidStr = end = state.messageBuf;
 				end = appendULL(end, (unsigned long long) state.pid);
 				*end = '\0';
+				end++;
 
 				close(p[1]);
 				dup2(p[0], STDIN_FILENO);
-				if (backtraceSanitizerUseShell) {
-					end = state.messageBuf;
-					end = appendText(end, backtraceSanitizerPath);
-					if (backtraceSanitizerPassProgramInfo) {
-						end = appendText(end, " \"");
-						end = appendText(end, argv0);
-						end = appendText(end, "\" ");
-						end = appendText(end, pidStr);
-					}
-					*end = '\0';
-					execlp("/bin/sh", "/bin/sh", "-c",
-						state.messageBuf, (const char * const) 0);
-				} else {
-					if (backtraceSanitizerPassProgramInfo) {
-						execlp(backtraceSanitizerPath, backtraceSanitizerPath, argv0,
-						pidStr, (const char * const) 0);
-					} else {
-						execlp(backtraceSanitizerPath, backtraceSanitizerPath,
-							(const char * const) 0);
-					}
+				closeAllFileDescriptors(2);
+				
+				char *command = end;
+				end = appendText(end, "exec ");
+				end = appendText(end, backtraceSanitizerCommand);
+				if (backtraceSanitizerPassProgramInfo) {
+					end = appendText(end, " \"");
+					end = appendText(end, argv0);
+					end = appendText(end, "\" ");
+					end = appendText(end, pidStr);
 				}
+				*end = '\0';
+				end++;
+				execlp("/bin/sh", "/bin/sh", "-c", command, (const char * const) 0);
 
 				end = state.messageBuf;
 				end = appendText(end, "ERROR: cannot execute '");
-				end = appendText(end, backtraceSanitizerPath);
+				end = appendText(end, backtraceSanitizerCommand);
 				end = appendText(end, "' for sanitizing the backtrace, trying 'cat'...\n");
 				write(STDERR_FILENO, state.messageBuf, end - state.messageBuf);
 				execlp("cat", "cat", (const char * const) 0);
@@ -539,7 +613,7 @@ dumpWithCrashWatch(AbortHandlerState &state) {
 				if (waitpid(pid, &status, 0) == -1 || status != 0) {
 					end = state.messageBuf;
 					end = appendText(end, "ERROR: cannot execute '");
-					end = appendText(end, backtraceSanitizerPath);
+					end = appendText(end, backtraceSanitizerCommand);
 					end = appendText(end, "' for sanitizing the backtrace, writing to stderr directly...\n");
 					write(STDERR_FILENO, state.messageBuf, end - state.messageBuf);
 					backtrace_symbols_fd(backtraceStore, frames, STDERR_FILENO);
@@ -563,27 +637,49 @@ dumpDiagnostics(AbortHandlerState &state) {
 	char *messageBuf = state.messageBuf;
 	char *end;
 	pid_t pid;
+	int status;
+
+	end = messageBuf;
+	end = appendText(end, state.messagePrefix);
+	end = appendText(end, " ] Date, uname and ulimits:\n");
+	write(STDERR_FILENO, messageBuf, end - messageBuf);
 
 	// Dump human-readable time string and string.
 	pid = asyncFork();
 	if (pid == 0) {
+		closeAllFileDescriptors(2);
 		execlp("date", "date", (const char * const) 0);
 		_exit(1);
 	} else if (pid == -1) {
 		safePrintErr("ERROR: Could not fork a process to dump the time!\n");
-	} else {
-		waitpid(pid, NULL, 0);
+	} else if (waitpid(pid, &status, 0) != pid || status != 0) {
+		safePrintErr("ERROR: Could not run 'date'!\n");
 	}
 
 	// Dump system uname.
 	pid = asyncFork();
 	if (pid == 0) {
+		closeAllFileDescriptors(2);
 		execlp("uname", "uname", "-mprsv", (const char * const) 0);
 		_exit(1);
 	} else if (pid == -1) {
 		safePrintErr("ERROR: Could not fork a process to dump the uname!\n");
-	} else {
-		waitpid(pid, NULL, 0);
+	} else if (waitpid(pid, &status, 0) != pid || status != 0) {
+		safePrintErr("ERROR: Could not run 'uname -mprsv'!\n");
+	}
+
+	// Dump ulimit.
+	pid = asyncFork();
+	if (pid == 0) {
+		closeAllFileDescriptors(2);
+		execlp("ulimit", "ulimit", "-a", (const char * const) 0);
+		// On Linux 'ulimit' is a shell builtin, not a command.
+		execlp("/bin/sh", "/bin/sh", "-c", "ulimit -a", (const char * const) 0);
+		_exit(1);
+	} else if (pid == -1) {
+		safePrintErr("ERROR: Could not fork a process to dump the ulimit!\n");
+	} else if (waitpid(pid, &status, 0) != pid || status != 0) {
+		safePrintErr("ERROR: Could not run 'ulimit -a'!\n");
 	}
 
 	end = messageBuf;
@@ -638,6 +734,9 @@ dumpDiagnostics(AbortHandlerState &state) {
 		safePrintErr("--------------------------------------\n");
 	}
 
+	dumpFileDescriptorInfo(state);
+	safePrintErr("--------------------------------------\n");
+
 	if (shouldDumpWithCrashWatch) {
 		end = messageBuf;
 		end = appendText(end, state.messagePrefix);
@@ -753,6 +852,13 @@ abortHandler(int signo, siginfo_t *info, void *ctx) {
 		return;
 	}
 
+	close(emergencyPipe1[0]);
+	close(emergencyPipe1[1]);
+	close(emergencyPipe2[0]);
+	close(emergencyPipe2[1]);
+	emergencyPipe1[0] = emergencyPipe1[1] = -1;
+	emergencyPipe2[0] = emergencyPipe2[1] = -1;
+
 	/* We want to dump the entire crash log to both stderr and a log file.
 	 * We use 'tee' for this.
 	 */
@@ -798,6 +904,7 @@ abortHandler(int signo, siginfo_t *info, void *ctx) {
 
 		child = asyncFork();
 		if (child == 0) {
+			closeAllFileDescriptors(2);
 			#ifdef __APPLE__
 				execlp("osascript", "osascript", "-e", "beep 2", (const char * const) 0);
 				safePrintErr("Cannot execute 'osascript' command\n");
@@ -1338,6 +1445,8 @@ initializeAgent(int argc, char *argv[], const char *processName) {
 		shouldDumpWithCrashWatch = hasEnvOption("PASSENGER_DUMP_WITH_CRASH_WATCH", true);
 		beepOnAbort  = hasEnvOption("PASSENGER_BEEP_ON_ABORT", false);
 		stopOnAbort = hasEnvOption("PASSENGER_STOP_ON_ABORT", false);
+		pipe(emergencyPipe1);
+		pipe(emergencyPipe2);
 		installAbortHandler();
 	}
 	oxt::initialize();
@@ -1380,12 +1489,14 @@ initializeAgent(int argc, char *argv[], const char *processName) {
 		#ifdef __linux__
 			if (options.has("passenger_root")) {
 				ResourceLocator locator(options.get("passenger_root", true));
-				backtraceSanitizerPath = strdup((locator.getHelperScriptsDir() + "/backtrace-sanitizer.rb").c_str());
+				string ruby = options.get("default_ruby", false, DEFAULT_RUBY);
+				string path = ruby + " \"" + locator.getHelperScriptsDir() +
+					"/backtrace-sanitizer.rb\"";
+				backtraceSanitizerCommand = strdup(path.c_str());
 			}
 		#endif
-		if (backtraceSanitizerPath == NULL) {
-			backtraceSanitizerPath = "c++filt -n";
-			backtraceSanitizerUseShell = true;
+		if (backtraceSanitizerCommand == NULL) {
+			backtraceSanitizerCommand = "c++filt -n";
 			backtraceSanitizerPassProgramInfo = false;
 		}