tor

process_unix.c (18846B)

---

/* Copyright (c) 2003, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
* \file process_unix.c
* \brief Module for working with Unix processes.
**/

#define PROCESS_UNIX_PRIVATE
#include "lib/intmath/cmp.h"
#include "lib/buf/buffers.h"
#include "lib/net/buffers_net.h"
#include "lib/container/smartlist.h"
#include "lib/evloop/compat_libevent.h"
#include "lib/log/log.h"
#include "lib/log/util_bug.h"
#include "lib/process/process.h"
#include "lib/process/process_unix.h"
#include "lib/process/waitpid.h"
#include "lib/process/env.h"

#include <stdio.h>

#ifdef HAVE_STRING_H
#include <string.h>
#endif

#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif

#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif

#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif

#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
#include <sys/prctl.h>
#endif

#if HAVE_SIGNAL_H
#include <signal.h>
#endif

#ifndef _WIN32

#include "lib/fdio/fdio.h"

/** Internal state for Unix handles. */
struct process_unix_handle_t {
 /** Unix File Descriptor. */
 int fd;

 /** Have we reached end of file? */
 bool reached_eof;

 /** Event structure for libevent. */
 struct event *event;

 /** Are we writing? */
 bool is_writing;
};

/** Internal state for our Unix process. */
struct process_unix_t {
 /** Standard in handle. */
 process_unix_handle_t stdin_handle;

 /** Standard out handle. */
 process_unix_handle_t stdout_handle;

 /** Standard error handle. */
 process_unix_handle_t stderr_handle;

 /** The process identifier of our process. */
 pid_t pid;

 /** Waitpid Callback structure. */
 waitpid_callback_t *waitpid;
};

/** Returns a newly allocated <b>process_unix_t</b>. */
process_unix_t *
process_unix_new(void)
{
 process_unix_t *unix_process;
 unix_process = tor_malloc_zero(sizeof(process_unix_t));

 unix_process->stdin_handle.fd = -1;
 unix_process->stderr_handle.fd = -1;
 unix_process->stdout_handle.fd = -1;

 return unix_process;
}

/** Deallocates the given <b>unix_process</b>. */
void
process_unix_free_(process_unix_t *unix_process)
{
 if (! unix_process)
   return;

 /* Clean up our waitpid callback. */
 clear_waitpid_callback(unix_process->waitpid);

 /* FIXME(ahf): Refactor waitpid code? */
 unix_process->waitpid = NULL;

 /* Close all our file descriptors. */
 process_unix_close_file_descriptors(unix_process);

 tor_event_free(unix_process->stdout_handle.event);
 tor_event_free(unix_process->stderr_handle.event);
 tor_event_free(unix_process->stdin_handle.event);

 tor_free(unix_process);
}

/** Executes the given process as a child process of Tor.  This function is
* responsible for setting up the child process and run it. This includes
* setting up pipes for interprocess communication, initialize the waitpid
* callbacks, and finally run fork() followed by execve(). Returns
* <b>PROCESS_STATUS_RUNNING</b> upon success. */
process_status_t
process_unix_exec(process_t *process)
{
 process_unix_t *unix_process;
 pid_t pid;
 int stdin_pipe[2];
 int stdout_pipe[2];
 int stderr_pipe[2];
 int retval;

 unix_process = process_get_unix_process(process);

 /* Create standard in pipe. */
 retval = tor_pipe_cloexec(stdin_pipe);

 if (-1 == retval) {
   log_warn(LD_PROCESS,
            "Unable to create pipe for stdin "
            "communication with process: %s",
            strerror(errno));

   return PROCESS_STATUS_ERROR;
 }

 /* Create standard out pipe. */
 retval = tor_pipe_cloexec(stdout_pipe);

 if (-1 == retval) {
   log_warn(LD_PROCESS,
            "Unable to create pipe for stdout "
            "communication with process: %s",
            strerror(errno));

   /** Cleanup standard in pipe. */
   close(stdin_pipe[0]);
   close(stdin_pipe[1]);

   return PROCESS_STATUS_ERROR;
 }

 /* Create standard error pipe. */
 retval = tor_pipe_cloexec(stderr_pipe);

 if (-1 == retval) {
   log_warn(LD_PROCESS,
            "Unable to create pipe for stderr "
            "communication with process: %s",
            strerror(errno));

   /** Cleanup standard in pipe. */
   close(stdin_pipe[0]);
   close(stdin_pipe[1]);

   /** Cleanup standard out pipe. */
   close(stdout_pipe[0]);
   close(stdout_pipe[1]);

   return PROCESS_STATUS_ERROR;
 }

 pid = fork();

 if (0 == pid) {
   /* This code is running in the child process context. */

#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
   /* Attempt to have the kernel issue a SIGTERM if the parent
    * goes away. Certain attributes of the binary being execve()ed
    * will clear this during the execve() call, but it's better
    * than nothing.
    */
   prctl(PR_SET_PDEATHSIG, SIGTERM);
#endif /* defined(HAVE_SYS_PRCTL_H) && defined(__linux__) */

   /* Link process stdout to the write end of the pipe. */
   retval = dup2(stdout_pipe[1], STDOUT_FILENO);
   if (-1 == retval)
     goto error;

   /* Link process stderr to the write end of the pipe. */
   retval = dup2(stderr_pipe[1], STDERR_FILENO);
   if (-1 == retval)
     goto error;

   /* Link process stdin to the read end of the pipe */
   retval = dup2(stdin_pipe[0], STDIN_FILENO);
   if (-1 == retval)
     goto error;

   /* Close our pipes now after they have been dup2()'ed. */
   close(stderr_pipe[0]);
   close(stderr_pipe[1]);
   close(stdout_pipe[0]);
   close(stdout_pipe[1]);
   close(stdin_pipe[0]);
   close(stdin_pipe[1]);

   /* Note that we don't close all FDs from here, which we used to do, because
    * all our open are CLOEXEC. With a very large maximum number of FDs, the
    * loop was taking a long time: #40990 */

   /* Create the argv value for our new process. */
   char **argv = process_get_argv(process);

   /* Create the env value for our new process. */
   process_environment_t *env = process_get_environment(process);

   /* Call the requested program. */
   execve(argv[0], argv, env->unixoid_environment_block);

   /* If we made it here it is because execve failed :-( */
   tor_free(argv);
   process_environment_free(env);

error:
   fprintf(stderr, "Error from child process: %s", strerror(errno));
   _exit(1);
 }

 /* We are in the parent process. */
 if (-1 == pid) {
   log_warn(LD_PROCESS,
            "Failed to create child process: %s", strerror(errno));

   /** Cleanup standard in pipe. */
   close(stdin_pipe[0]);
   close(stdin_pipe[1]);

   /** Cleanup standard out pipe. */
   close(stdout_pipe[0]);
   close(stdout_pipe[1]);

   /** Cleanup standard error pipe. */
   close(stderr_pipe[0]);
   close(stderr_pipe[1]);

   return PROCESS_STATUS_ERROR;
 }

 /* Register our PID. */
 unix_process->pid = pid;

 /* Setup waitpid callbacks. */
 unix_process->waitpid = set_waitpid_callback(pid,
                                              process_unix_waitpid_callback,
                                              process);

 /* Handle standard out. */
 unix_process->stdout_handle.fd = stdout_pipe[0];
 retval = close(stdout_pipe[1]);

 if (-1 == retval) {
   log_warn(LD_PROCESS, "Failed to close write end of standard out pipe: %s",
            strerror(errno));
 }

 /* Handle standard error. */
 unix_process->stderr_handle.fd = stderr_pipe[0];
 retval = close(stderr_pipe[1]);

 if (-1 == retval) {
   log_warn(LD_PROCESS,
            "Failed to close write end of standard error pipe: %s",
            strerror(errno));
 }

 /* Handle standard in. */
 unix_process->stdin_handle.fd = stdin_pipe[1];
 retval = close(stdin_pipe[0]);

 if (-1 == retval) {
   log_warn(LD_PROCESS, "Failed to close read end of standard in pipe: %s",
            strerror(errno));
 }

 /* Setup our handles. */
 process_unix_setup_handle(process,
                           &unix_process->stdout_handle,
                           EV_READ|EV_PERSIST,
                           stdout_read_callback);

 process_unix_setup_handle(process,
                           &unix_process->stderr_handle,
                           EV_READ|EV_PERSIST,
                           stderr_read_callback);

 process_unix_setup_handle(process,
                           &unix_process->stdin_handle,
                           EV_WRITE|EV_PERSIST,
                           stdin_write_callback);

 /* Start reading from standard out and standard error. */
 process_unix_start_reading(&unix_process->stdout_handle);
 process_unix_start_reading(&unix_process->stderr_handle);

 return PROCESS_STATUS_RUNNING;
}

/** Terminate the given process. Returns true on success, otherwise false. */
bool
process_unix_terminate(process_t *process)
{
 tor_assert(process);

 process_unix_t *unix_process = process_get_unix_process(process);

 /* All running processes should have a waitpid. */
 if (BUG(unix_process->waitpid == NULL))
   return false;

 bool success = true;

 /* Send a SIGTERM to our child process. */
 int ret;

 ret = kill(unix_process->pid, SIGTERM);

 if (ret == -1) {
   log_warn(LD_PROCESS, "Unable to terminate process: %s",
            strerror(errno));
   success = false;
 }

 /* Close all our FD's. */
 if (! process_unix_close_file_descriptors(unix_process))
   success = false;

 return success;
}

/** Returns the unique process identifier for the given <b>process</b>. */
process_pid_t
process_unix_get_pid(process_t *process)
{
 tor_assert(process);

 process_unix_t *unix_process = process_get_unix_process(process);
 return (process_pid_t)unix_process->pid;
}

/** Write the given <b>buffer</b> as input to the given <b>process</b>'s
* standard input. Returns the number of bytes written. */
int
process_unix_write(process_t *process, buf_t *buffer)
{
 tor_assert(process);
 tor_assert(buffer);

 process_unix_t *unix_process = process_get_unix_process(process);

 size_t buffer_flush_len = buf_datalen(buffer);
 const size_t max_to_write = MIN(PROCESS_MAX_WRITE, buffer_flush_len);

 /* If we have data to write (when buffer_flush_len > 0) and we are not
  * currently getting file descriptor events from the kernel, we tell the
  * kernel to start notifying us about when we can write to our file
  * descriptor and return. */
 if (buffer_flush_len > 0 && ! unix_process->stdin_handle.is_writing) {
   process_unix_start_writing(&unix_process->stdin_handle);
   return 0;
 }

 /* We don't have any data to write, but the kernel is currently notifying us
  * about whether we are able to write or not. Tell the kernel to stop
  * notifying us until we have data to write. */
 if (buffer_flush_len == 0 && unix_process->stdin_handle.is_writing) {
   process_unix_stop_writing(&unix_process->stdin_handle);
   return 0;
 }

 /* We have data to write and the kernel have told us to write it. */
 return buf_flush_to_pipe(buffer,
                          process_get_unix_process(process)->stdin_handle.fd,
                          max_to_write);
}

/** Read data from the given process's standard output and put it into
* <b>buffer</b>. Returns the number of bytes read. */
int
process_unix_read_stdout(process_t *process, buf_t *buffer)
{
 tor_assert(process);
 tor_assert(buffer);

 process_unix_t *unix_process = process_get_unix_process(process);

 return process_unix_read_handle(process,
                                 &unix_process->stdout_handle,
                                 buffer);
}

/** Read data from the given process's standard error and put it into
* <b>buffer</b>. Returns the number of bytes read. */
int
process_unix_read_stderr(process_t *process, buf_t *buffer)
{
 tor_assert(process);
 tor_assert(buffer);

 process_unix_t *unix_process = process_get_unix_process(process);

 return process_unix_read_handle(process,
                                 &unix_process->stderr_handle,
                                 buffer);
}

/** This function is called whenever libevent thinks we have data that could be
* read from the child process's standard output. We notify the Process
* subsystem, which is then responsible for calling back to us for doing the
* actual reading of the data. */
STATIC void
stdout_read_callback(evutil_socket_t fd, short event, void *data)
{
 (void)fd;
 (void)event;

 process_t *process = data;
 tor_assert(process);

 process_notify_event_stdout(process);
}

/** This function is called whenever libevent thinks we have data that could be
* read from the child process's standard error. We notify the Process
* subsystem, which is then responsible for calling back to us for doing the
* actual reading of the data. */
STATIC void
stderr_read_callback(evutil_socket_t fd, short event, void *data)
{
 (void)fd;
 (void)event;

 process_t *process = data;
 tor_assert(process);

 process_notify_event_stderr(process);
}

/** This function is called whenever libevent thinks we have data that could be
* written the child process's standard input. We notify the Process subsystem,
* which is then responsible for calling back to us for doing the actual write
* of the data. */
STATIC void
stdin_write_callback(evutil_socket_t fd, short event, void *data)
{
 (void)fd;
 (void)event;

 process_t *process = data;
 tor_assert(process);

 process_notify_event_stdin(process);
}

/** This function tells libevent that we are interested in receiving read
* events from the given <b>handle</b>. */
STATIC void
process_unix_start_reading(process_unix_handle_t *handle)
{
 tor_assert(handle);

 if (event_add(handle->event, NULL))
   log_warn(LD_PROCESS,
            "Unable to add libevent event for handle.");
}

/** This function tells libevent that we are no longer interested in receiving
* read events from the given <b>handle</b>. */
STATIC void
process_unix_stop_reading(process_unix_handle_t *handle)
{
 tor_assert(handle);

 if (handle->event == NULL)
   return;

 if (event_del(handle->event))
   log_warn(LD_PROCESS,
            "Unable to delete libevent event for handle.");
}

/** This function tells libevent that we are interested in receiving write
* events from the given <b>handle</b>. */
STATIC void
process_unix_start_writing(process_unix_handle_t *handle)
{
 tor_assert(handle);

 if (event_add(handle->event, NULL))
   log_warn(LD_PROCESS,
            "Unable to add libevent event for handle.");

 handle->is_writing = true;
}

/** This function tells libevent that we are no longer interested in receiving
* write events from the given <b>handle</b>. */
STATIC void
process_unix_stop_writing(process_unix_handle_t *handle)
{
 tor_assert(handle);

 if (handle->event == NULL)
   return;

 if (event_del(handle->event))
   log_warn(LD_PROCESS,
            "Unable to delete libevent event for handle.");

 handle->is_writing = false;
}

/** This function is called when the waitpid system have detected that our
* process have terminated. We disable the waitpid system and notify the
* Process subsystem that we have terminated. */
STATIC void
process_unix_waitpid_callback(int status, void *data)
{
 tor_assert(data);

 process_t *process = data;
 process_unix_t *unix_process = process_get_unix_process(process);

 /* Remove our waitpid callback. */
 clear_waitpid_callback(unix_process->waitpid);
 unix_process->waitpid = NULL;

 /* Notify our process. */
 process_notify_event_exit(process, status);

 /* Make sure you don't modify the process after we have called
  * process_notify_event_exit() on it, to allow users to process_free() it in
  * the exit callback. */
}

/** This function sets the file descriptor in the <b>handle</b> as non-blocking
* and configures the libevent event structure based on the given <b>flags</b>
* to ensure that <b>callback</b> is called whenever we have events on the
* given <b>handle</b>. */
STATIC void
process_unix_setup_handle(process_t *process,
                         process_unix_handle_t *handle,
                         short flags,
                         event_callback_fn callback)
{
 tor_assert(process);
 tor_assert(handle);
 tor_assert(callback);

 /* Put our file descriptor into non-blocking mode. */
 if (fcntl(handle->fd, F_SETFL, O_NONBLOCK) < 0) {
   log_warn(LD_PROCESS, "Unable mark Unix handle as non-blocking: %s",
            strerror(errno));
 }

 /* Setup libevent event. */
 handle->event = tor_event_new(tor_libevent_get_base(),
                               handle->fd,
                               flags,
                               callback,
                               process);
}

/** This function reads data from the given <b>handle</b> and puts it into
* <b>buffer</b>. Returns the number of bytes read this way. */
STATIC int
process_unix_read_handle(process_t *process,
                        process_unix_handle_t *handle,
                        buf_t *buffer)
{
 tor_assert(process);
 tor_assert(handle);
 tor_assert(buffer);

 int ret = 0;
 int eof = 0;
 int error = 0;

 ret = buf_read_from_pipe(buffer,
                          handle->fd,
                          PROCESS_MAX_READ,
                          &eof,
                          &error);

 if (error)
   log_warn(LD_PROCESS,
            "Unable to read data: %s", strerror(error));

 if (eof) {
   handle->reached_eof = true;
   process_unix_stop_reading(handle);
 }

 return ret;
}

/** Close the standard in, out, and error handles of the given
* <b>unix_process</b>. */
STATIC bool
process_unix_close_file_descriptors(process_unix_t *unix_process)
{
 tor_assert(unix_process);

 int ret;
 bool success = true;

 /* Stop reading and writing before we close() our
  * file descriptors. */
 if (! unix_process->stdout_handle.reached_eof)
   process_unix_stop_reading(&unix_process->stdout_handle);

 if (! unix_process->stderr_handle.reached_eof)
   process_unix_stop_reading(&unix_process->stderr_handle);

 if (unix_process->stdin_handle.is_writing)
   process_unix_stop_writing(&unix_process->stdin_handle);

 if (unix_process->stdin_handle.fd != -1) {
   ret = close(unix_process->stdin_handle.fd);
   if (ret == -1) {
     log_warn(LD_PROCESS, "Unable to close standard in");
     success = false;
   }

   unix_process->stdin_handle.fd = -1;
 }

 if (unix_process->stdout_handle.fd != -1) {
   ret = close(unix_process->stdout_handle.fd);
   if (ret == -1) {
     log_warn(LD_PROCESS, "Unable to close standard out");
     success = false;
   }

   unix_process->stdout_handle.fd = -1;
 }

 if (unix_process->stderr_handle.fd != -1) {
   ret = close(unix_process->stderr_handle.fd);
   if (ret == -1) {
     log_warn(LD_PROCESS, "Unable to close standard error");
     success = false;
   }

   unix_process->stderr_handle.fd = -1;
 }

 return success;
}

#endif /* !defined(_WIN32) */