Make unix signal-handler signal-safe

Other changes: - Re-enable the signal handler in release-builds. - Disable backtrace printing by default since it's not signal-safe. - Add `MULLVAD_BACKTRACE_ON_FAULT` env variable to enable backtracing. - Remove the alternate signal stack. The reasons for this are: - Setting up an alt-stack in a safe way is not trivial, our previous attempt was unsound in the presence of stack overflows. It can be done safely with mmap, but would require careful review. - The alt-stack is thread-local, meaning it would need to be initialized on a per-thread basis. We would need to hook into tokio and std::thread::spawn to be able to get good coverage, and even then there would no good way to ensure that *all* threads have an alternate stack, except that... - Rust (by default) allocates an alternate stack for every thread. Unfortunately, the prescence of Go code in our linked binary disables this feature. IMO, we should strive towards not having any Go code linked into the daemon for this reason.
mullvad · Nov 26, 2024 · 853c849 · 853c849
1 parent 4577aea
commit 853c849
Show file tree

Hide file tree

Showing 4 changed files with 287 additions and 129 deletions.
diff --git a/README.md b/README.md
@@ -177,6 +177,13 @@ See [this](Release.md) for instructions on how to make a new release.
   interface UDS socket to users in the specified group. This means that only users in that group can
   use the CLI and GUI. By default, everyone has access to the socket.
 
+* `MULLVAD_BACKTRACE_ON_FAULT` - When enabled, if the daemon encounters a fault (e.g. `SIGSEGV`),
+  it will log a backtrace to stdout, and to `daemon.log`. By default, this is disabled in
+  release-builds and enabled in debug-builds. Set variable to `1` or `0` to explicitly enable or
+  disable this feature. Logging the backtrace cause heap allocation. Allocation is not signal safe,
+  but here it runs in the signal handler. This in technically undefined behavior and therefore
+  disabled by default. This usually works, but enable at your own risk.
+
 ### Development builds only
 
 * `MULLVAD_API_HOST` - Set the hostname to use in API requests. E.g. `api.mullvad.net`.

diff --git a/mullvad-daemon/src/exception_logging/mod.rs b/mullvad-daemon/src/exception_logging/mod.rs
@@ -8,4 +8,4 @@ pub use win::enable;
 mod unix;
 
 #[cfg(unix)]
-pub use unix::enable;
+pub use unix::{enable, set_log_file};