examples: Have UFFD handler kill Firecracker should it die

If the UFFD handler exits abnormaly for some reason, have it take down
Firecracker as well by SIGKILL-ing it from a panic hook. For this,
reintroduce the "get peer creds" logic. We have to use SIGKILL because
Firecracker could be inside the handler for a KVM-originated page fault
that is not marked as interruptible, in which case all signals but
SIGKILL are ignored (happens for example during KVM_SET_MSRS when it
triggers the initialization of a gfn_to_pfn_cache for the kvm-clock
page, which uses GUP without FOLL_INTERRUPTIBLE).

While we're at it, add a hint to the generic "process not found" error
message to indicate that potentially Firecracker died, and that the
cause of this could be the UFFD handler crashing (for example, in #4601
the cause of the mystery hang is the UFFD handler crashing, but we were
stumped by what's going on for over half a year. Let's avoid that going
forward).

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

src/firecracker/examples/uffd/uffd_utils.rs

@@ -199,6 +199,19 @@ impl Runtime {
             panic!("mmap on backing file failed");
         }
 
+        let peer_creds = peer_process_credentials(&stream);
+
+        let default_panic_hook = std::panic::take_hook();
+        std::panic::set_hook(Box::new(move |panic_info| {
+            let r = unsafe { libc::kill(peer_creds.pid, libc::SIGKILL) };
+
+            if r != 0 {
+                eprintln!("Failed to kill Firecracker process from panic hook");
+            }
+
+            default_panic_hook(panic_info);
+        }));
+
         Self {
             stream,
             backing_file,
@@ -294,6 +307,28 @@ fn create_mem_regions(mappings: &Vec<GuestRegionUffdMapping>, page_size: usize)
     mem_regions
 }
 
+fn peer_process_credentials(stream: &UnixStream) -> libc::ucred {
+    let mut creds: libc::ucred = libc::ucred {
+        pid: 0,
+        gid: 0,
+        uid: 0,
+    };
+    let mut creds_size = size_of::<libc::ucred>() as u32;
+    let ret = unsafe {
+        libc::getsockopt(
+            stream.as_raw_fd(),
+            libc::SOL_SOCKET,
+            libc::SO_PEERCRED,
+            &mut creds as *mut _ as *mut _,
+            &mut creds_size as *mut libc::socklen_t,
+        )
+    };
+    if ret != 0 {
+        panic!("Failed to get peer process credentials");
+    }
+    creds
+}
+
 #[cfg(test)]
 mod tests {
     use std::mem::MaybeUninit;

tests/framework/microvm.py

@@ -310,6 +310,9 @@ def kill(self):
             if self.screen_pid:
                 os.kill(self.screen_pid, signal.SIGKILL)
         except:
+            LOG.error(
+                "Failed to kill Firecracker Process. Did it already die (or did the UFFD handler process die and take it down)?"
+            )
             LOG.error(self.log_data)
             raise