1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "perfetto/ext/base/subprocess.h"
18
19 #include "perfetto/base/build_config.h"
20
21 #if PERFETTO_BUILDFLAG(PERFETTO_OS_LINUX) || \
22 PERFETTO_BUILDFLAG(PERFETTO_OS_ANDROID) || \
23 PERFETTO_BUILDFLAG(PERFETTO_OS_APPLE)
24
25 #include <fcntl.h>
26 #include <poll.h>
27 #include <signal.h>
28 #include <stdio.h>
29 #include <sys/resource.h>
30 #include <sys/types.h>
31 #include <sys/wait.h>
32 #include <unistd.h>
33
34 #include <algorithm>
35 #include <thread>
36 #include <tuple>
37
38 #if PERFETTO_BUILDFLAG(PERFETTO_OS_LINUX) || \
39 PERFETTO_BUILDFLAG(PERFETTO_OS_ANDROID)
40 #include <sys/prctl.h>
41 #endif
42
43 #include "perfetto/base/logging.h"
44 #include "perfetto/base/time.h"
45 #include "perfetto/ext/base/utils.h"
46
47 // In MacOS this is not defined in any header.
48 extern "C" char** environ;
49
50 namespace perfetto {
51 namespace base {
52
53 namespace {
54
55 struct ChildProcessArgs {
56 Subprocess::Args* create_args;
57 const char* exec_cmd = nullptr;
58 std::vector<char*> argv;
59 std::vector<char*> env;
60 int stdin_pipe_rd = -1;
61 int stdouterr_pipe_wr = -1;
62 };
63
64 // Don't add any dynamic allocation in this function. This will be invoked
65 // under a fork(), potentially in a state where the allocator lock is held.
ChildProcess(ChildProcessArgs * args)66 void __attribute__((noreturn)) ChildProcess(ChildProcessArgs* args) {
67 #if PERFETTO_BUILDFLAG(PERFETTO_OS_LINUX) || \
68 PERFETTO_BUILDFLAG(PERFETTO_OS_ANDROID)
69 // In no case we want a child process to outlive its parent process. This is
70 // relevant for tests, so that a test failure/crash doesn't leave child
71 // processes around that get reparented to init.
72 prctl(PR_SET_PDEATHSIG, SIGKILL);
73 #endif
74
75 auto die = [args](const char* err) __attribute__((noreturn)) {
76 base::ignore_result(write(args->stdouterr_pipe_wr, err, strlen(err)));
77 base::ignore_result(write(args->stdouterr_pipe_wr, "\n", 1));
78 // From https://www.gnu.org/software/libc/manual/html_node/Exit-Status.html
79 // "In particular, the value 128 is used to indicate failure to execute
80 // another program in a subprocess. This convention is not universally
81 // obeyed, but it is a good idea to follow it in your programs."
82 _exit(128);
83 };
84
85 if (args->create_args->posix_proc_group_id.has_value()) {
86 if (setpgid(0 /*self*/, args->create_args->posix_proc_group_id.value())) {
87 die("setpgid() failed");
88 }
89 }
90
91 auto set_fd_close_on_exec = [&die](int fd, bool close_on_exec) {
92 int flags = fcntl(fd, F_GETFD, 0);
93 if (flags < 0)
94 die("fcntl(F_GETFD) failed");
95 flags = close_on_exec ? (flags | FD_CLOEXEC) : (flags & ~FD_CLOEXEC);
96 if (fcntl(fd, F_SETFD, flags) < 0)
97 die("fcntl(F_SETFD) failed");
98 };
99
100 if (getppid() == 1)
101 die("terminating because parent process died");
102
103 switch (args->create_args->stdin_mode) {
104 case Subprocess::InputMode::kBuffer:
105 if (dup2(args->stdin_pipe_rd, STDIN_FILENO) == -1)
106 die("Failed to dup2(STDIN)");
107 close(args->stdin_pipe_rd);
108 break;
109 case Subprocess::InputMode::kDevNull:
110 if (dup2(open("/dev/null", O_RDONLY), STDIN_FILENO) == -1)
111 die("Failed to dup2(STDOUT)");
112 break;
113 }
114
115 switch (args->create_args->stdout_mode) {
116 case Subprocess::OutputMode::kInherit:
117 break;
118 case Subprocess::OutputMode::kDevNull: {
119 if (dup2(open("/dev/null", O_RDWR), STDOUT_FILENO) == -1)
120 die("Failed to dup2(STDOUT)");
121 break;
122 }
123 case Subprocess::OutputMode::kBuffer:
124 if (dup2(args->stdouterr_pipe_wr, STDOUT_FILENO) == -1)
125 die("Failed to dup2(STDOUT)");
126 break;
127 case Subprocess::OutputMode::kFd:
128 if (dup2(*args->create_args->out_fd, STDOUT_FILENO) == -1)
129 die("Failed to dup2(STDOUT)");
130 break;
131 }
132
133 switch (args->create_args->stderr_mode) {
134 case Subprocess::OutputMode::kInherit:
135 break;
136 case Subprocess::OutputMode::kDevNull: {
137 if (dup2(open("/dev/null", O_RDWR), STDERR_FILENO) == -1)
138 die("Failed to dup2(STDERR)");
139 break;
140 }
141 case Subprocess::OutputMode::kBuffer:
142 if (dup2(args->stdouterr_pipe_wr, STDERR_FILENO) == -1)
143 die("Failed to dup2(STDERR)");
144 break;
145 case Subprocess::OutputMode::kFd:
146 if (dup2(*args->create_args->out_fd, STDERR_FILENO) == -1)
147 die("Failed to dup2(STDERR)");
148 break;
149 }
150
151 // Close all FDs % stdin/out/err and the ones that the client explicitly
152 // asked to retain. The reason for this is twofold:
153 // 1. For exec-only (i.e. entrypoint == empty) cases: it avoids leaking FDs
154 // that didn't get marked as O_CLOEXEC by accident.
155 // 2. In fork() mode (entrypoint not empty) avoids retaining a dup of eventfds
156 // that would prevent the parent process to receive EOFs (tests usually use
157 // pipes as a synchronization mechanism between subprocesses).
158 const auto& preserve_fds = args->create_args->preserve_fds;
159 for (int i = 0; i < 512; i++) {
160 if (i != STDIN_FILENO && i != STDERR_FILENO && i != STDOUT_FILENO &&
161 i != args->stdouterr_pipe_wr &&
162 !std::count(preserve_fds.begin(), preserve_fds.end(), i)) {
163 close(i);
164 }
165 }
166
167 // Clears O_CLOEXEC from stdin/out/err and the |preserve_fds| list. These are
168 // the only FDs that we want to be preserved after the exec().
169 set_fd_close_on_exec(STDIN_FILENO, false);
170 set_fd_close_on_exec(STDOUT_FILENO, false);
171 set_fd_close_on_exec(STDERR_FILENO, false);
172
173 for (auto fd : preserve_fds)
174 set_fd_close_on_exec(fd, false);
175
176 // If the caller specified a std::function entrypoint, run that first.
177 if (args->create_args->posix_entrypoint_for_testing)
178 args->create_args->posix_entrypoint_for_testing();
179
180 // If the caller specified only an entrypoint, without any args, exit now.
181 // Otherwise proceed with the exec() below.
182 if (!args->exec_cmd)
183 _exit(0);
184
185 // If |args[0]| is a path use execv() (which takes a path), othewise use
186 // exevp(), which uses the shell and follows PATH.
187 if (strchr(args->exec_cmd, '/')) {
188 char** env = args->env.empty() ? environ : args->env.data();
189 execve(args->exec_cmd, args->argv.data(), env);
190 } else {
191 // There is no execvpe() on Mac.
192 if (!args->env.empty())
193 die("A full path is required for |exec_cmd| when setting |env|");
194 execvp(args->exec_cmd, args->argv.data());
195 }
196
197 // Reached only if execv fails.
198 die("execve() failed");
199 }
200
201 } // namespace
202
203 // static
204 const int Subprocess::kTimeoutSignal = SIGKILL;
205
Start()206 void Subprocess::Start() {
207 ChildProcessArgs proc_args;
208 proc_args.create_args = &args;
209
210 // Setup argv.
211 if (!args.exec_cmd.empty()) {
212 proc_args.exec_cmd = args.exec_cmd[0].c_str();
213 for (const std::string& arg : args.exec_cmd)
214 proc_args.argv.push_back(const_cast<char*>(arg.c_str()));
215 proc_args.argv.push_back(nullptr);
216
217 if (!args.posix_argv0_override_for_testing.empty()) {
218 proc_args.argv[0] =
219 const_cast<char*>(args.posix_argv0_override_for_testing.c_str());
220 }
221 }
222
223 // Setup env.
224 if (!args.env.empty()) {
225 for (const std::string& str : args.env)
226 proc_args.env.push_back(const_cast<char*>(str.c_str()));
227 proc_args.env.push_back(nullptr);
228 }
229
230 // Setup the pipes for stdin/err redirection.
231 if (args.stdin_mode == InputMode::kBuffer) {
232 s_->stdin_pipe = base::Pipe::Create(base::Pipe::kWrNonBlock);
233 proc_args.stdin_pipe_rd = *s_->stdin_pipe.rd;
234 }
235 s_->stdouterr_pipe = base::Pipe::Create(base::Pipe::kRdNonBlock);
236 proc_args.stdouterr_pipe_wr = *s_->stdouterr_pipe.wr;
237
238 // Spawn the child process that will exec().
239 s_->pid = fork();
240 PERFETTO_CHECK(s_->pid >= 0);
241 if (s_->pid == 0) {
242 // Close the parent-ends of the pipes.
243 s_->stdin_pipe.wr.reset();
244 s_->stdouterr_pipe.rd.reset();
245 ChildProcess(&proc_args);
246 // ChildProcess() doesn't return, not even in case of failures.
247 PERFETTO_FATAL("not reached");
248 }
249
250 s_->status = kRunning;
251
252 // Close the child-end of the pipes.
253 // Deliberately NOT closing the s_->stdin_pipe.rd. This is to avoid crashing
254 // with a SIGPIPE if the process exits without consuming its stdin, while
255 // the parent tries to write() on the other end of the stdin pipe.
256 s_->stdouterr_pipe.wr.reset();
257 proc_args.create_args->out_fd.reset();
258
259 // Spawn a thread that is blocked on waitpid() and writes the termination
260 // status onto a pipe. The problem here is that waipid() doesn't have a
261 // timeout option and can't be passed to poll(). The alternative would be
262 // using a SIGCHLD handler, but anecdotally signal handlers introduce more
263 // problems than what they solve.
264 s_->exit_status_pipe = base::Pipe::Create(base::Pipe::kRdNonBlock);
265
266 // Both ends of the pipe are closed after the thread.join().
267 int pid = s_->pid;
268 int exit_status_pipe_wr = s_->exit_status_pipe.wr.release();
269 auto* rusage = s_->rusage.get();
270 s_->waitpid_thread = std::thread([pid, exit_status_pipe_wr, rusage] {
271 int pid_stat = -1;
272 struct rusage usg {};
273 int wait_res = PERFETTO_EINTR(wait4(pid, &pid_stat, 0, &usg));
274 PERFETTO_CHECK(wait_res == pid);
275
276 auto tv_to_ms = [](const struct timeval& tv) {
277 return static_cast<uint32_t>(tv.tv_sec * 1000 + tv.tv_usec / 1000);
278 };
279 rusage->cpu_utime_ms = tv_to_ms(usg.ru_utime);
280 rusage->cpu_stime_ms = tv_to_ms(usg.ru_stime);
281 rusage->max_rss_kb = static_cast<uint32_t>(usg.ru_maxrss) / 1000;
282 rusage->min_page_faults = static_cast<uint32_t>(usg.ru_minflt);
283 rusage->maj_page_faults = static_cast<uint32_t>(usg.ru_majflt);
284 rusage->vol_ctx_switch = static_cast<uint32_t>(usg.ru_nvcsw);
285 rusage->invol_ctx_switch = static_cast<uint32_t>(usg.ru_nivcsw);
286
287 base::ignore_result(PERFETTO_EINTR(
288 write(exit_status_pipe_wr, &pid_stat, sizeof(pid_stat))));
289 PERFETTO_CHECK(close(exit_status_pipe_wr) == 0 || errno == EINTR);
290 });
291 }
292
Poll()293 Subprocess::Status Subprocess::Poll() {
294 if (s_->status != kRunning)
295 return s_->status; // Nothing to poll.
296 while (PollInternal(0 /* don't block*/)) {
297 }
298 return s_->status;
299 }
300
301 // |timeout_ms| semantic:
302 // -1: Block indefinitely.
303 // 0: Don't block, return immediately.
304 // >0: Block for at most X ms.
305 // Returns:
306 // True: Read at least one fd (so there might be more queued).
307 // False: if all fds reached quiescent (no data to read/write).
PollInternal(int poll_timeout_ms)308 bool Subprocess::PollInternal(int poll_timeout_ms) {
309 struct pollfd fds[3]{};
310 size_t num_fds = 0;
311 if (s_->exit_status_pipe.rd) {
312 fds[num_fds].fd = *s_->exit_status_pipe.rd;
313 fds[num_fds].events = POLLIN;
314 num_fds++;
315 }
316 if (s_->stdouterr_pipe.rd) {
317 fds[num_fds].fd = *s_->stdouterr_pipe.rd;
318 fds[num_fds].events = POLLIN;
319 num_fds++;
320 }
321 if (s_->stdin_pipe.wr) {
322 fds[num_fds].fd = *s_->stdin_pipe.wr;
323 fds[num_fds].events = POLLOUT;
324 num_fds++;
325 }
326
327 if (num_fds == 0)
328 return false;
329
330 auto nfds = static_cast<nfds_t>(num_fds);
331 int poll_res = PERFETTO_EINTR(poll(fds, nfds, poll_timeout_ms));
332 PERFETTO_CHECK(poll_res >= 0);
333
334 TryReadStdoutAndErr();
335 TryPushStdin();
336 TryReadExitStatus();
337
338 return poll_res > 0;
339 }
340
Wait(int timeout_ms)341 bool Subprocess::Wait(int timeout_ms) {
342 PERFETTO_CHECK(s_->status != kNotStarted);
343
344 // Break out of the loop only after both conditions are satisfied:
345 // - All stdout/stderr data has been read (if kBuffer).
346 // - The process exited.
347 // Note that the two events can happen arbitrary order. After the process
348 // exits, there might be still data in the pipe buffer, which we want to
349 // read fully.
350 //
351 // Instead, don't wait on the stdin to be fully written. The child process
352 // might exit prematurely (or crash). If that happens, we can end up in a
353 // state where the write(stdin_pipe_.wr) will never unblock.
354
355 const int64_t t_start = base::GetWallTimeMs().count();
356 while (s_->exit_status_pipe.rd || s_->stdouterr_pipe.rd) {
357 int poll_timeout_ms = -1; // Block until a FD is ready.
358 if (timeout_ms > 0) {
359 const int64_t now = GetWallTimeMs().count();
360 poll_timeout_ms = timeout_ms - static_cast<int>(now - t_start);
361 if (poll_timeout_ms <= 0)
362 return false;
363 }
364 PollInternal(poll_timeout_ms);
365 } // while(...)
366 return true;
367 }
368
TryReadExitStatus()369 void Subprocess::TryReadExitStatus() {
370 if (!s_->exit_status_pipe.rd)
371 return;
372
373 int pid_stat = -1;
374 int64_t rsize = PERFETTO_EINTR(
375 read(*s_->exit_status_pipe.rd, &pid_stat, sizeof(pid_stat)));
376 if (rsize < 0 && errno == EAGAIN)
377 return;
378
379 if (rsize > 0) {
380 PERFETTO_CHECK(rsize == sizeof(pid_stat));
381 } else if (rsize < 0) {
382 PERFETTO_PLOG("Subprocess read(s_->exit_status_pipe) failed");
383 }
384 s_->waitpid_thread.join();
385 s_->exit_status_pipe.rd.reset();
386
387 s_->status = kTerminated;
388 if (WIFEXITED(pid_stat)) {
389 s_->returncode = WEXITSTATUS(pid_stat);
390 } else if (WIFSIGNALED(pid_stat)) {
391 s_->returncode = 128 + WTERMSIG(pid_stat); // Follow bash convention.
392 } else {
393 PERFETTO_FATAL("waitpid() returned an unexpected value (0x%x)", pid_stat);
394 }
395 }
396
397 // If the stidn pipe is still open, push input data and close it at the end.
TryPushStdin()398 void Subprocess::TryPushStdin() {
399 if (!s_->stdin_pipe.wr)
400 return;
401
402 PERFETTO_DCHECK(args.input.empty() || s_->input_written < args.input.size());
403 if (!args.input.empty()) {
404 int64_t wsize =
405 PERFETTO_EINTR(write(*s_->stdin_pipe.wr, &args.input[s_->input_written],
406 args.input.size() - s_->input_written));
407 if (wsize < 0 && errno == EAGAIN)
408 return;
409
410 if (wsize >= 0) {
411 // Whether write() can return 0 is one of the greatest mysteries of UNIX.
412 // Just ignore it.
413 s_->input_written += static_cast<size_t>(wsize);
414 } else {
415 PERFETTO_PLOG("Subprocess write(stdin) failed");
416 s_->stdin_pipe.wr.reset();
417 }
418 }
419 PERFETTO_DCHECK(s_->input_written <= args.input.size());
420 if (s_->input_written == args.input.size())
421 s_->stdin_pipe.wr.reset(); // Close stdin.
422 }
423
TryReadStdoutAndErr()424 void Subprocess::TryReadStdoutAndErr() {
425 if (!s_->stdouterr_pipe.rd)
426 return;
427 char buf[4096];
428 int64_t rsize =
429 PERFETTO_EINTR(read(*s_->stdouterr_pipe.rd, buf, sizeof(buf)));
430 if (rsize < 0 && errno == EAGAIN)
431 return;
432
433 if (rsize > 0) {
434 s_->output.append(buf, static_cast<size_t>(rsize));
435 } else if (rsize == 0 /* EOF */) {
436 s_->stdouterr_pipe.rd.reset();
437 } else {
438 PERFETTO_PLOG("Subprocess read(stdout/err) failed");
439 s_->stdouterr_pipe.rd.reset();
440 }
441 }
442
KillAndWaitForTermination(int sig_num)443 void Subprocess::KillAndWaitForTermination(int sig_num) {
444 kill(s_->pid, sig_num ? sig_num : SIGKILL);
445 Wait();
446 // TryReadExitStatus must have joined the thread.
447 PERFETTO_DCHECK(!s_->waitpid_thread.joinable());
448 }
449
450 } // namespace base
451 } // namespace perfetto
452
453 #endif // PERFETTO_OS_LINUX || PERFETTO_OS_ANDROID || PERFETTO_OS_APPLE
454