[PROF-11745] Allow crashtracker to be enabled/disabled + reconfigured (#1066)

# What does this PR do?

This PR adds the following new APIs to the crashtracker:
* `ddog_crasht_enable`
* `ddog_crasht_disable`
* `ddog_crasht_reconfigure`

# Motivation

Prior to #1000, it was possible to:

* reconfigure the crashtracker by calling init again
* stop the crashtracker

Both features were removed as it could cause issues with signal handlers and chaining.

But, we still need to be able to update the configuration as for instance the following can change at run-time for Ruby and need to be updated:
    
* Endpoint
* Tags

This PR restores some of the behavior removed in #1000, without the unsafety of touching signal handlers:

* `enable`/`disable` just skip the crashtracker signal handling code, but never uninstall it
* `reconfigure` does the same as `init` BUT without touching the signal handlers

# Additional Notes

This PR supercedes #1017 .

# How to test the change?

I've validated this branch with DataDog/dd-trace-rb#4577 on the Ruby side, and I'm able to get a green test suite for the Ruby crashtracker.

---------

Co-authored-by: Daniel Schwartz-Narbonne <[email protected]>

Author: ivoanjo

datadog-crashtracker-ffi/src/collector/mod.rs

@@ -14,6 +14,40 @@ use ddcommon_ffi::{wrap_with_void_ffi_result, Slice, VoidResult};
 use function_name::named;
 pub use spans::*;
 
+#[no_mangle]
+#[must_use]
+/// Disables the crashtracker.
+/// Note that this does not restore the old signal handlers, but rather turns crash-tracking into a
+/// no-op, and then chains the old handlers.  This means that handlers registered after the
+/// crashtracker will continue to work as expected.
+///
+/// # Preconditions
+///   None
+/// # Safety
+///   None
+/// # Atomicity
+///   This function is atomic and idempotent.  Calling it multiple times is allowed.
+pub unsafe extern "C" fn ddog_crasht_disable() -> VoidResult {
+    datadog_crashtracker::disable();
+    VoidResult::Ok(true)
+}
+
+#[no_mangle]
+#[must_use]
+/// Enables the crashtracker, if it had been previously disabled.
+/// If crashtracking has not been initialized, this function will have no effect.
+///
+/// # Preconditions
+///   None
+/// # Safety
+///   None
+/// # Atomicity
+///   This function is atomic and idempotent.  Calling it multiple times is allowed.
+pub unsafe extern "C" fn ddog_crasht_enable() -> VoidResult {
+    datadog_crashtracker::enable();
+    VoidResult::Ok(true)
+}
+
 #[no_mangle]
 #[must_use]
 #[named]
@@ -75,6 +109,34 @@ pub unsafe extern "C" fn ddog_crasht_init(
     })
 }
 
+#[no_mangle]
+#[must_use]
+#[named]
+/// Reconfigure the crashtracker and re-enables it.
+/// If the crashtracker has not been initialized, this function will have no effect.
+///
+/// # Preconditions
+///   None.
+/// # Safety
+///   Crash-tracking functions are not reentrant.
+///   No other crash-handler functions should be called concurrently.
+/// # Atomicity
+///   This function is not atomic. A crash during its execution may lead to
+///   unexpected crash-handling behaviour.
+pub unsafe extern "C" fn ddog_crasht_reconfigure(
+    config: Config,
+    receiver_config: ReceiverConfig,
+    metadata: Metadata,
+) -> VoidResult {
+    wrap_with_void_ffi_result!({
+        datadog_crashtracker::reconfigure(
+            config.try_into()?,
+            receiver_config.try_into()?,
+            metadata.try_into()?,
+        )?;
+    })
+}
+
 #[no_mangle]
 #[must_use]
 #[named]

datadog-crashtracker/src/collector/api.rs

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 #![cfg(unix)]
 
-use super::receiver_manager::Receiver;
+use super::{crash_handler::enable, receiver_manager::Receiver};
 use crate::{
     clear_spans, clear_traces, collector::signal_handler_manager::register_crash_handlers,
     crash_info::Metadata, reset_counters, shared::configuration::CrashtrackerReceiverConfig,
@@ -68,6 +68,29 @@ pub fn init(
     update_config(config.clone())?;
     Receiver::update_stored_config(receiver_config);
     register_crash_handlers(&config)?;
+    enable();
+    Ok(())
+}
+
+/// Reconfigure the crash-tracking infrastructure.
+///
+/// PRECONDITIONS:
+///     None.
+/// SAFETY:
+///     Crash-tracking functions are not reentrant.
+///     No other crash-handler functions should be called concurrently.
+/// ATOMICITY:
+///     This function is not atomic. A crash during its execution may lead to
+///     unexpected crash-handling behaviour.
+pub fn reconfigure(
+    config: CrashtrackerConfiguration,
+    receiver_config: CrashtrackerReceiverConfig,
+    metadata: Metadata,
+) -> anyhow::Result<()> {
+    update_metadata(metadata)?;
+    update_config(config.clone())?;
+    Receiver::update_stored_config(receiver_config);
+    enable();
     Ok(())
 }
 

datadog-crashtracker/src/collector/crash_handler.rs

@@ -15,7 +15,7 @@ use nix::sys::signal;
 use std::io::Write;
 use std::ptr;
 use std::sync::atomic::Ordering::SeqCst;
-use std::sync::atomic::{AtomicPtr, AtomicU64};
+use std::sync::atomic::{AtomicBool, AtomicPtr, AtomicU64};
 use std::time::Instant;
 
 // Note that this file makes use the following async-signal safe functions in a signal handler.
@@ -100,10 +100,44 @@ pub(crate) extern "C" fn handle_posix_sigaction(
     unsafe { chain_signal_handler(signum, sig_info, ucontext) };
 }
 
+static ENABLED: AtomicBool = AtomicBool::new(true);
+
+/// Disables the crashtracker.
+/// Note that this does not restore the old signal handlers, but rather turns crash-tracking into a
+/// no-op, and then chains the old handlers.  This means that handlers registered after the
+/// crashtracker will continue to work as expected.
+///
+/// # Preconditions
+///   None
+/// # Safety
+///   None
+/// # Atomicity
+///   This function is atomic and idempotent.  Calling it multiple times is allowed.
+pub fn disable() {
+    ENABLED.store(false, SeqCst);
+}
+
+/// Enables the crashtracker, if had been previously disabled.
+/// If crashtracking has not been initialized, this function will have no effect.
+///
+/// # Preconditions
+///   None
+/// # Safety
+///   None
+/// # Atomicity
+///   This function is atomic and idempotent.  Calling it multiple times is allowed.
+pub fn enable() {
+    ENABLED.store(true, SeqCst);
+}
+
 fn handle_posix_signal_impl(
     sig_info: *const siginfo_t,
     ucontext: *const ucontext_t,
 ) -> anyhow::Result<()> {
+    if !ENABLED.load(SeqCst) {
+        return Ok(());
+    }
+
     // If this is a SIGSEGV signal, it could be called due to a stack overflow. In that case, since
     // this signal allocates to the stack and cannot guarantee it is running without SA_NODEFER, it
     // is possible that we will re-emit the signal. Contemporary unices handle this just fine (no

datadog-crashtracker/src/collector/mod.rs

@@ -18,5 +18,5 @@ pub use additional_tags::{
 };
 pub use api::*;
 pub use counters::{begin_op, end_op, reset_counters, OpTypes};
-pub use crash_handler::{update_config, update_metadata};
+pub use crash_handler::{disable, enable, update_config, update_metadata};
 pub use spans::{clear_spans, clear_traces, insert_span, insert_trace, remove_span, remove_trace};

datadog-crashtracker/src/lib.rs

@@ -63,9 +63,9 @@ mod shared;
 #[cfg(all(unix, feature = "collector"))]
 pub use collector::{
     begin_op, clear_additional_tags, clear_spans, clear_traces, consume_and_emit_additional_tags,
-    default_signals, end_op, init, insert_additional_tag, insert_span, insert_trace, on_fork,
-    remove_additional_tag, remove_span, remove_trace, reset_counters, update_config,
-    update_metadata, OpTypes, DEFAULT_SYMBOLS,
+    default_signals, disable, enable, end_op, init, insert_additional_tag, insert_span,
+    insert_trace, on_fork, reconfigure, remove_additional_tag, remove_span, remove_trace,
+    reset_counters, update_config, update_metadata, OpTypes, DEFAULT_SYMBOLS,
 };
 
 #[cfg(all(windows, feature = "collector_windows"))]