1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "update_engine/common/subprocess.h"
18 
19 #include <fcntl.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <unistd.h>
23 
24 #include <memory>
25 #include <string>
26 #include <vector>
27 
28 #include <base/bind.h>
29 #include <base/logging.h>
30 #include <base/posix/eintr_wrapper.h>
31 #include <base/strings/string_util.h>
32 #include <base/strings/stringprintf.h>
33 #include <brillo/process.h>
34 #include <brillo/secure_blob.h>
35 
36 #include "update_engine/common/utils.h"
37 
38 using brillo::MessageLoop;
39 using std::string;
40 using std::unique_ptr;
41 using std::vector;
42 
43 namespace chromeos_update_engine {
44 
45 namespace {
46 
SetupChild(const std::map<string,string> & env,uint32_t flags)47 bool SetupChild(const std::map<string, string>& env, uint32_t flags) {
48   // Setup the environment variables.
49   clearenv();
50   for (const auto& key_value : env) {
51     setenv(key_value.first.c_str(), key_value.second.c_str(), 0);
52   }
53 
54   if ((flags & Subprocess::kRedirectStderrToStdout) != 0) {
55     if (HANDLE_EINTR(dup2(STDOUT_FILENO, STDERR_FILENO)) != STDERR_FILENO)
56       return false;
57   }
58 
59   int fd = HANDLE_EINTR(open("/dev/null", O_RDONLY));
60   if (fd < 0)
61     return false;
62   if (HANDLE_EINTR(dup2(fd, STDIN_FILENO)) != STDIN_FILENO)
63     return false;
64   IGNORE_EINTR(close(fd));
65 
66   return true;
67 }
68 
69 // Helper function to launch a process with the given Subprocess::Flags.
70 // This function only sets up and starts the process according to the |flags|.
71 // The caller is responsible for watching the termination of the subprocess.
72 // Return whether the process was successfully launched and fills in the |proc|
73 // Process.
LaunchProcess(const vector<string> & cmd,uint32_t flags,const vector<int> & output_pipes,brillo::Process * proc)74 bool LaunchProcess(const vector<string>& cmd,
75                    uint32_t flags,
76                    const vector<int>& output_pipes,
77                    brillo::Process* proc) {
78   for (const string& arg : cmd)
79     proc->AddArg(arg);
80   proc->SetSearchPath((flags & Subprocess::kSearchPath) != 0);
81 
82   // Create an environment for the child process with just the required PATHs.
83   std::map<string, string> env;
84   for (const char* key : {"LD_LIBRARY_PATH", "PATH"}) {
85     const char* value = getenv(key);
86     if (value)
87       env.emplace(key, value);
88   }
89 
90   for (const int fd : output_pipes) {
91     proc->RedirectUsingPipe(fd, false);
92   }
93   proc->SetCloseUnusedFileDescriptors(true);
94   proc->RedirectUsingPipe(STDOUT_FILENO, false);
95   proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags));
96 
97   return proc->Start();
98 }
99 
100 }  // namespace
101 
Init(brillo::AsynchronousSignalHandlerInterface * async_signal_handler)102 void Subprocess::Init(
103       brillo::AsynchronousSignalHandlerInterface* async_signal_handler) {
104   if (subprocess_singleton_ == this)
105     return;
106   CHECK(subprocess_singleton_ == nullptr);
107   subprocess_singleton_ = this;
108 
109   process_reaper_.Register(async_signal_handler);
110 }
111 
~Subprocess()112 Subprocess::~Subprocess() {
113   if (subprocess_singleton_ == this)
114     subprocess_singleton_ = nullptr;
115 }
116 
OnStdoutReady(SubprocessRecord * record)117 void Subprocess::OnStdoutReady(SubprocessRecord* record) {
118   char buf[1024];
119   size_t bytes_read;
120   do {
121     bytes_read = 0;
122     bool eof;
123     bool ok = utils::ReadAll(
124         record->stdout_fd, buf, arraysize(buf), &bytes_read, &eof);
125     record->stdout.append(buf, bytes_read);
126     if (!ok || eof) {
127       // There was either an error or an EOF condition, so we are done watching
128       // the file descriptor.
129       MessageLoop::current()->CancelTask(record->stdout_task_id);
130       record->stdout_task_id = MessageLoop::kTaskIdNull;
131       return;
132     }
133   } while (bytes_read);
134 }
135 
ChildExitedCallback(const siginfo_t & info)136 void Subprocess::ChildExitedCallback(const siginfo_t& info) {
137   auto pid_record = subprocess_records_.find(info.si_pid);
138   if (pid_record == subprocess_records_.end())
139     return;
140   SubprocessRecord* record = pid_record->second.get();
141 
142   // Make sure we read any remaining process output and then close the pipe.
143   OnStdoutReady(record);
144 
145   MessageLoop::current()->CancelTask(record->stdout_task_id);
146   record->stdout_task_id = MessageLoop::kTaskIdNull;
147 
148   // Don't print any log if the subprocess exited with exit code 0.
149   if (info.si_code != CLD_EXITED) {
150     LOG(INFO) << "Subprocess terminated with si_code " << info.si_code;
151   } else if (info.si_status != 0) {
152     LOG(INFO) << "Subprocess exited with si_status: " << info.si_status;
153   }
154 
155   if (!record->stdout.empty()) {
156     LOG(INFO) << "Subprocess output:\n" << record->stdout;
157   }
158   if (!record->callback.is_null()) {
159     record->callback.Run(info.si_status, record->stdout);
160   }
161   // Release and close all the pipes after calling the callback so our
162   // redirected pipes are still alive. Releasing the process first makes
163   // Reset(0) not attempt to kill the process, which is already a zombie at this
164   // point.
165   record->proc.Release();
166   record->proc.Reset(0);
167 
168   subprocess_records_.erase(pid_record);
169 }
170 
Exec(const vector<string> & cmd,const ExecCallback & callback)171 pid_t Subprocess::Exec(const vector<string>& cmd,
172                        const ExecCallback& callback) {
173   return ExecFlags(cmd, kRedirectStderrToStdout, {}, callback);
174 }
175 
ExecFlags(const vector<string> & cmd,uint32_t flags,const vector<int> & output_pipes,const ExecCallback & callback)176 pid_t Subprocess::ExecFlags(const vector<string>& cmd,
177                             uint32_t flags,
178                             const vector<int>& output_pipes,
179                             const ExecCallback& callback) {
180   unique_ptr<SubprocessRecord> record(new SubprocessRecord(callback));
181 
182   if (!LaunchProcess(cmd, flags, output_pipes, &record->proc)) {
183     LOG(ERROR) << "Failed to launch subprocess";
184     return 0;
185   }
186 
187   pid_t pid = record->proc.pid();
188   CHECK(process_reaper_.WatchForChild(FROM_HERE, pid, base::Bind(
189       &Subprocess::ChildExitedCallback,
190       base::Unretained(this))));
191 
192   record->stdout_fd = record->proc.GetPipe(STDOUT_FILENO);
193   // Capture the subprocess output. Make our end of the pipe non-blocking.
194   int fd_flags = fcntl(record->stdout_fd, F_GETFL, 0) | O_NONBLOCK;
195   if (HANDLE_EINTR(fcntl(record->stdout_fd, F_SETFL, fd_flags)) < 0) {
196     LOG(ERROR) << "Unable to set non-blocking I/O mode on fd "
197                << record->stdout_fd << ".";
198   }
199 
200   record->stdout_task_id = MessageLoop::current()->WatchFileDescriptor(
201       FROM_HERE,
202       record->stdout_fd,
203       MessageLoop::WatchMode::kWatchRead,
204       true,
205       base::Bind(&Subprocess::OnStdoutReady, record.get()));
206 
207   subprocess_records_[pid] = std::move(record);
208   return pid;
209 }
210 
KillExec(pid_t pid)211 void Subprocess::KillExec(pid_t pid) {
212   auto pid_record = subprocess_records_.find(pid);
213   if (pid_record == subprocess_records_.end())
214     return;
215   pid_record->second->callback.Reset();
216   // We don't care about output/return code, so we use SIGKILL here to ensure it
217   // will be killed, SIGTERM might lead to leaked subprocess.
218   if (kill(pid, SIGKILL) != 0) {
219     PLOG(WARNING) << "Error sending SIGKILL to " << pid;
220   }
221   // Release the pid now so we don't try to kill it if Subprocess is destroyed
222   // before the corresponding ChildExitedCallback() is called.
223   pid_record->second->proc.Release();
224 }
225 
GetPipeFd(pid_t pid,int fd) const226 int Subprocess::GetPipeFd(pid_t pid, int fd) const {
227   auto pid_record = subprocess_records_.find(pid);
228   if (pid_record == subprocess_records_.end())
229     return -1;
230   return pid_record->second->proc.GetPipe(fd);
231 }
232 
SynchronousExec(const vector<string> & cmd,int * return_code,string * stdout)233 bool Subprocess::SynchronousExec(const vector<string>& cmd,
234                                  int* return_code,
235                                  string* stdout) {
236   // The default for SynchronousExec is to use kSearchPath since the code relies
237   // on that.
238   return SynchronousExecFlags(
239       cmd,
240       kRedirectStderrToStdout | kSearchPath,
241       return_code,
242       stdout);
243 }
244 
SynchronousExecFlags(const vector<string> & cmd,uint32_t flags,int * return_code,string * stdout)245 bool Subprocess::SynchronousExecFlags(const vector<string>& cmd,
246                                       uint32_t flags,
247                                       int* return_code,
248                                       string* stdout) {
249   brillo::ProcessImpl proc;
250   // It doesn't make sense to redirect some pipes in the synchronous case
251   // because we won't be reading on our end, so we don't expose the output_pipes
252   // in this case.
253   if (!LaunchProcess(cmd, flags, {}, &proc)) {
254     LOG(ERROR) << "Failed to launch subprocess";
255     return false;
256   }
257 
258   if (stdout) {
259     stdout->clear();
260   }
261 
262   int fd = proc.GetPipe(STDOUT_FILENO);
263   vector<char> buffer(32 * 1024);
264   while (true) {
265     int rc = HANDLE_EINTR(read(fd, buffer.data(), buffer.size()));
266     if (rc < 0) {
267       PLOG(ERROR) << "Reading from child's output";
268       break;
269     } else if (rc == 0) {
270       break;
271     } else {
272       if (stdout)
273         stdout->append(buffer.data(), rc);
274     }
275   }
276   // At this point, the subprocess already closed the output, so we only need to
277   // wait for it to finish.
278   int proc_return_code = proc.Wait();
279   if (return_code)
280     *return_code = proc_return_code;
281   return proc_return_code != brillo::Process::kErrorExitStatus;
282 }
283 
SubprocessInFlight()284 bool Subprocess::SubprocessInFlight() {
285   for (const auto& pid_record : subprocess_records_) {
286     if (!pid_record.second->callback.is_null())
287       return true;
288   }
289   return false;
290 }
291 
292 Subprocess* Subprocess::subprocess_singleton_ = nullptr;
293 
294 }  // namespace chromeos_update_engine
295