1 // Copyright 2014 The Kyua Authors. 2 // All rights reserved. 3 // 4 // Redistribution and use in source and binary forms, with or without 5 // modification, are permitted provided that the following conditions are 6 // met: 7 // 8 // * Redistributions of source code must retain the above copyright 9 // notice, this list of conditions and the following disclaimer. 10 // * Redistributions in binary form must reproduce the above copyright 11 // notice, this list of conditions and the following disclaimer in the 12 // documentation and/or other materials provided with the distribution. 13 // * Neither the name of Google Inc. nor the names of its contributors 14 // may be used to endorse or promote products derived from this software 15 // without specific prior written permission. 16 // 17 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 29 #include "utils/process/operations.hpp" 30 31 extern "C" { 32 #include <sys/types.h> 33 #include <sys/wait.h> 34 35 #include <signal.h> 36 #include <unistd.h> 37 } 38 39 #include <cerrno> 40 #include <cstdlib> 41 #include <cstring> 42 #include <iostream> 43 44 #include "utils/format/macros.hpp" 45 #include "utils/fs/path.hpp" 46 #include "utils/logging/macros.hpp" 47 #include "utils/process/exceptions.hpp" 48 #include "utils/process/system.hpp" 49 #include "utils/process/status.hpp" 50 #include "utils/sanity.hpp" 51 #include "utils/signals/interrupts.hpp" 52 53 namespace fs = utils::fs; 54 namespace process = utils::process; 55 namespace signals = utils::signals; 56 57 58 /// Maximum number of arguments supported by exec. 59 /// 60 /// We need this limit to avoid having to allocate dynamic memory in the child 61 /// process to construct the arguments list, which would have side-effects in 62 /// the parent's memory if we use vfork(). 63 #define MAX_ARGS 128 64 65 66 namespace { 67 68 69 /// Exception-based, type-improved version of wait(2). 70 /// 71 /// \return The PID of the terminated process and its termination status. 72 /// 73 /// \throw process::system_error If the call to wait(2) fails. 74 static process::status 75 safe_wait(void) 76 { 77 LD("Waiting for any child process"); 78 int stat_loc; 79 const pid_t pid = ::wait(&stat_loc); 80 if (pid == -1) { 81 const int original_errno = errno; 82 throw process::system_error("Failed to wait for any child process", 83 original_errno); 84 } 85 return process::status(pid, stat_loc); 86 } 87 88 89 /// Exception-based, type-improved version of waitpid(2). 90 /// 91 /// \param pid The identifier of the process to wait for. 92 /// 93 /// \return The termination status of the process. 94 /// 95 /// \throw process::system_error If the call to waitpid(2) fails. 96 static process::status 97 safe_waitpid(const pid_t pid) 98 { 99 LD(F("Waiting for pid=%s") % pid); 100 int stat_loc; 101 if (process::detail::syscall_waitpid(pid, &stat_loc, 0) == -1) { 102 const int original_errno = errno; 103 throw process::system_error(F("Failed to wait for PID %s") % pid, 104 original_errno); 105 } 106 return process::status(pid, stat_loc); 107 } 108 109 110 } // anonymous namespace 111 112 113 /// Executes an external binary and replaces the current process. 114 /// 115 /// This function must not use any of the logging features so that the output 116 /// of the subprocess is not "polluted" by our own messages. 117 /// 118 /// This function must also not affect the global state of the current process 119 /// as otherwise we would not be able to use vfork(). Only state stored in the 120 /// stack can be touched. 121 /// 122 /// \param program The binary to execute. 123 /// \param args The arguments to pass to the binary, without the program name. 124 void 125 process::exec(const fs::path& program, const args_vector& args) throw() 126 { 127 try { 128 exec_unsafe(program, args); 129 } catch (const system_error& error) { 130 // Error message already printed by exec_unsafe. 131 std::abort(); 132 } 133 } 134 135 136 /// Executes an external binary and replaces the current process. 137 /// 138 /// This differs from process::exec() in that this function reports errors 139 /// caused by the exec(2) system call to let the caller decide how to handle 140 /// them. 141 /// 142 /// This function must not use any of the logging features so that the output 143 /// of the subprocess is not "polluted" by our own messages. 144 /// 145 /// This function must also not affect the global state of the current process 146 /// as otherwise we would not be able to use vfork(). Only state stored in the 147 /// stack can be touched. 148 /// 149 /// \param program The binary to execute. 150 /// \param args The arguments to pass to the binary, without the program name. 151 /// 152 /// \throw system_error If the exec(2) call fails. 153 void 154 process::exec_unsafe(const fs::path& program, const args_vector& args) 155 { 156 PRE(args.size() < MAX_ARGS); 157 int original_errno = 0; 158 try { 159 const char* argv[MAX_ARGS + 1]; 160 161 argv[0] = program.c_str(); 162 for (args_vector::size_type i = 0; i < args.size(); i++) 163 argv[1 + i] = args[i].c_str(); 164 argv[1 + args.size()] = NULL; 165 166 const int ret = ::execv(program.c_str(), 167 (char* const*)(unsigned long)(const void*)argv); 168 original_errno = errno; 169 INV(ret == -1); 170 std::cerr << "Failed to execute " << program << ": " 171 << std::strerror(original_errno) << "\n"; 172 } catch (const std::runtime_error& error) { 173 std::cerr << "Failed to execute " << program << ": " 174 << error.what() << "\n"; 175 std::abort(); 176 } catch (...) { 177 std::cerr << "Failed to execute " << program << "; got unexpected " 178 "exception during exec\n"; 179 std::abort(); 180 } 181 182 // We must do this here to prevent our exception from being caught by the 183 // generic handlers above. 184 INV(original_errno != 0); 185 throw system_error("Failed to execute " + program.str(), original_errno); 186 } 187 188 189 /// Forcibly kills a process group started by us. 190 /// 191 /// This function is safe to call from an signal handler context. 192 /// 193 /// Pretty much all of our subprocesses run in their own process group so that 194 /// we can terminate them and thier children should we need to. Because of 195 /// this, the very first thing our subprocesses do is create a new process group 196 /// for themselves. 197 /// 198 /// The implication of the above is that simply issuing a killpg() call on the 199 /// process group is racy: if the subprocess has not yet had a chance to prepare 200 /// its own process group, then we will not be killing anything. To solve this, 201 /// we must also kill() the process group leader itself, and we must do so after 202 /// the call to killpg(). Doing this is safe because: 1) the process group must 203 /// have the same ID as the PID of the process that created it; and 2) we have 204 /// not yet issued a wait() call so we still own the PID. 205 /// 206 /// The sideffect of doing what we do here is that the process group leader may 207 /// receive a signal twice. But we don't care because we are forcibly 208 /// terminating the process group and none of the processes can controlledly 209 /// react to SIGKILL. 210 /// 211 /// \param pgid PID or process group ID to terminate. 212 void 213 process::terminate_group(const int pgid) 214 { 215 (void)::killpg(pgid, SIGKILL); 216 (void)::kill(pgid, SIGKILL); 217 } 218 219 220 /// Terminates the current process reproducing the given status. 221 /// 222 /// The caller process is abruptly terminated. In particular, no output streams 223 /// are flushed, no destructors are called, and no atexit(2) handlers are run. 224 /// 225 /// \param status The status to "re-deliver" to the caller process. 226 void 227 process::terminate_self_with(const status& status) 228 { 229 if (status.exited()) { 230 ::_exit(status.exitstatus()); 231 } else { 232 INV(status.signaled()); 233 (void)::kill(::getpid(), status.termsig()); 234 UNREACHABLE_MSG(F("Signal %s terminated %s but did not terminate " 235 "ourselves") % status.termsig() % status.dead_pid()); 236 } 237 } 238 239 240 /// Blocks to wait for completion of a subprocess. 241 /// 242 /// \param pid Identifier of the process to wait for. 243 /// 244 /// \return The termination status of the child process that terminated. 245 /// 246 /// \throw process::system_error If the call to wait(2) fails. 247 process::status 248 process::wait(const int pid) 249 { 250 const process::status status = safe_waitpid(pid); 251 { 252 signals::interrupts_inhibiter inhibiter; 253 signals::remove_pid_to_kill(pid); 254 } 255 return status; 256 } 257 258 259 /// Blocks to wait for completion of any subprocess. 260 /// 261 /// \return The termination status of the child process that terminated. 262 /// 263 /// \throw process::system_error If the call to wait(2) fails. 264 process::status 265 process::wait_any(void) 266 { 267 const process::status status = safe_wait(); 268 { 269 signals::interrupts_inhibiter inhibiter; 270 signals::remove_pid_to_kill(status.dead_pid()); 271 } 272 return status; 273 } 274