log/diag: Support diagnostic stacktraces on SIGSEGV

configure.ac

@@ -1786,6 +1786,20 @@
     ;;
     esac
 
+    AC_ARG_ENABLE(libunwind,
+	        AS_HELP_STRING([--enable-libunwind],[Enable Libunwind support for diagnostic stacktraces]),
+	        [ enable_libunwind="$enableval"],
+	        [ enable_libunwind="no"])
+
+    if test "$enable_libunwind" = "yes"; then
+        AC_CHECK_LIB(unwind,unw_backtrace,,LIBUNW="no")
+        if test "$LIBUNW" = "no"; then
+            echo
+            echo "   libunwind library and development headers not found"
+            echo "   stacktrace on SIGSEGV not possible"
+            echo
+        fi;
+    fi;
 
     AC_ARG_ENABLE(ebpf,
 	        AS_HELP_STRING([--enable-ebpf],[Enable eBPF support]),

doc/userguide/configuration/suricata-yaml.rst

@@ -1501,7 +1501,7 @@ configuration (console, file, syslog) if not otherwise set.
           line option <cmdline-option-v>`.
 
 The ``default-log-level`` set in the configuration value can be
-overriden by the ``SC_LOG_LEVEL`` environment variable.
+overridden by the ``SC_LOG_LEVEL`` environment variable.
 
 Default Log Format
 ~~~~~~~~~~~~~~~~~~
@@ -2229,6 +2229,18 @@ inspected for possible presence of Teredo.
 Advanced Options
 ----------------
 
+sigsegv
+~~~~~~~
+Diagnostic stacktraces when a SIGSEGV occurs are available when Suricata is configured with
+``--enable-libunwind`` and the ``libunwind`` library is available.
+
+::
+
+    logging:
+        # Requires --enable-libunwind. Display a brief diagnostic message with the
+        # offending stacktrace when enabled _and_ configured.
+        sigsegv-stacktrace: on
+
 luajit
 ~~~~~~
 

src/suricata.c

@@ -290,6 +290,53 @@ static void SignalHandlerSigterm(/*@unused@*/ int sig)
 {
     sigterm_count = 1;
 }
+#ifndef OS_WIN32
+#if HAVE_LIBUNWIND
+#define UNW_LOCAL_ONLY
+#include <libunwind.h>
+static void SignalHandlerSigsegv(int sig_num, siginfo_t *info, void *context)
+{
+    char msg[SC_LOG_MAX_LOG_MSG_LEN];
+    unw_cursor_t cursor;
+    int r;
+    if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
+        fprintf(stderr, "unable to obtain stack trace: unw_init_local: %s\n", unw_strerror(r));
+        // Abort here!  Clearly nothing is going to work.
+        abort();
+    }
+
+    char *temp = msg;
+    int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:");
+    temp += cw;
+    r = 1;
+    while (r > 0) {
+        if (unw_is_signal_frame(&cursor) == 0) {
+            unw_word_t off;
+            char name[256];
+            if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
+                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
+            } else {
+                cw = snprintf(
+                        temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
+            }
+            temp += cw;
+        }
+
+        r = unw_step(&cursor);
+        if (r > 0) {
+            cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
+            temp += cw;
+        }
+    }
+    SCLogError(SC_ERR_SIGSEGV, "%s", msg);
+
+    // Die to death, previously this was calling exit which meant that sending SIGSEGV didn't core
+    // dump.
+    abort();
+}
+#undef UNW_LOCAL_ONLY
+#endif /* HAVE_LIBUNWIND */
+#endif /* !OS_WIN32 */
 #endif
 
 #ifndef OS_WIN32
@@ -1947,6 +1994,18 @@ static int InitSignalHandler(SCInstance *suri)
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
     UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
+#if HAVE_LIBUNWIND
+    int enabled;
+    if (ConfGetBool("logging.sigsegv-stacktrace", &enabled) == 1) {
+        if (enabled) {
+            struct sigaction stacktrace_action;
+            memset(&stacktrace_action, 0, sizeof(stacktrace_action));
+            stacktrace_action.sa_sigaction = SignalHandlerSigsegv;
+            stacktrace_action.sa_flags = SA_SIGINFO;
+            sigaction(SIGSEGV, &stacktrace_action, NULL);
+        }
+    }
+#endif
 #endif
 #ifndef OS_WIN32
     UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);

src/util-error.c

@@ -379,6 +379,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE(SC_ERR_RULE_INVALID_UTF8);
         CASE_CODE(SC_ERR_HASHING_DISABLED);
         CASE_CODE(SC_WARN_THRESH_CONFIG);
+        CASE_CODE(SC_ERR_SIGSEGV);
 
         CASE_CODE (SC_ERR_MAX);
     }

src/util-error.h

@@ -369,6 +369,7 @@ typedef enum {
     SC_ERR_RULE_INVALID_UTF8,
     SC_ERR_HASHING_DISABLED,
     SC_WARN_THRESH_CONFIG,
+    SC_ERR_SIGSEGV,
 
     SC_ERR_MAX
 } SCError;

suricata.yaml.in

@@ -555,6 +555,10 @@ logging:
   # This value is overridden by the SC_LOG_OP_FILTER env var.
   default-output-filter:
 
+  # Requires --enable-libunwind. Display a brief diagnostic message with the
+  # offending stacktrace when enabled _and_ configured.
+  #sigsegv-stacktrace: off
+
   # Define your logging outputs.  If none are defined, or they are all
   # disabled you will get the default: console output.
   outputs: