procmon.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357
  1. /* Copyright (c) 2011-2015, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file procmon.c
  5. * \brief Process-termination monitor functions
  6. **/
  7. #include "procmon.h"
  8. #include "util.h"
  9. #ifdef HAVE_EVENT2_EVENT_H
  10. #include <event2/event.h>
  11. #else
  12. #include <event.h>
  13. #endif
  14. #ifdef HAVE_SIGNAL_H
  15. #include <signal.h>
  16. #endif
  17. #ifdef HAVE_ERRNO_H
  18. #include <errno.h>
  19. #endif
  20. #ifdef _WIN32
  21. #include <windows.h>
  22. #endif
  23. #if (0 == SIZEOF_PID_T) && defined(_WIN32)
  24. /* Windows does not define pid_t sometimes, but _getpid() returns an int.
  25. * Everybody else needs to have a pid_t. */
  26. typedef int pid_t;
  27. #define PID_T_FORMAT "%d"
  28. #elif (SIZEOF_PID_T == SIZEOF_INT) || (SIZEOF_PID_T == SIZEOF_SHORT)
  29. #define PID_T_FORMAT "%d"
  30. #elif (SIZEOF_PID_T == SIZEOF_LONG)
  31. #define PID_T_FORMAT "%ld"
  32. #elif (SIZEOF_PID_T == SIZEOF_INT64_T)
  33. #define PID_T_FORMAT I64_FORMAT
  34. #else
  35. #error Unknown: SIZEOF_PID_T
  36. #endif
  37. /* Define to 1 if process-termination monitors on this OS and Libevent
  38. version must poll for process termination themselves. */
  39. #define PROCMON_POLLS 1
  40. /* Currently we need to poll in some way on all systems. */
  41. #ifdef PROCMON_POLLS
  42. static void tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
  43. void *procmon_);
  44. #endif
  45. /* This struct may contain pointers into the original process
  46. * specifier string, but it should *never* contain anything which
  47. * needs to be freed. */
  48. /* DOCDOC parsed_process_specifier_t */
  49. struct parsed_process_specifier_t {
  50. pid_t pid;
  51. };
  52. /** Parse the process specifier given in <b>process_spec</b> into
  53. * *<b>ppspec</b>. Return 0 on success; return -1 and store an error
  54. * message into *<b>msg</b> on failure. The caller must not free the
  55. * returned error message. */
  56. static int
  57. parse_process_specifier(const char *process_spec,
  58. struct parsed_process_specifier_t *ppspec,
  59. const char **msg)
  60. {
  61. long pid_l;
  62. int pid_ok = 0;
  63. char *pspec_next;
  64. /* If we're lucky, long will turn out to be large enough to hold a
  65. * PID everywhere that Tor runs. */
  66. pid_l = tor_parse_long(process_spec, 0, 1, LONG_MAX, &pid_ok, &pspec_next);
  67. /* Reserve room in the ‘process specifier’ for additional
  68. * (platform-specific) identifying information beyond the PID, to
  69. * make our process-existence checks a bit less racy in a future
  70. * version. */
  71. if ((*pspec_next != 0) && (*pspec_next != ' ') && (*pspec_next != ':')) {
  72. pid_ok = 0;
  73. }
  74. ppspec->pid = (pid_t)(pid_l);
  75. if (!pid_ok || (pid_l != (long)(ppspec->pid))) {
  76. *msg = "invalid PID";
  77. goto err;
  78. }
  79. return 0;
  80. err:
  81. return -1;
  82. }
  83. /* DOCDOC tor_process_monitor_t */
  84. struct tor_process_monitor_t {
  85. /** Log domain for warning messages. */
  86. log_domain_mask_t log_domain;
  87. /** All systems: The best we can do in general is poll for the
  88. * process's existence by PID periodically, and hope that the kernel
  89. * doesn't reassign the same PID to another process between our
  90. * polls. */
  91. pid_t pid;
  92. #ifdef _WIN32
  93. /** Windows-only: Should we poll hproc? If false, poll pid
  94. * instead. */
  95. int poll_hproc;
  96. /** Windows-only: Get a handle to the process (if possible) and
  97. * periodically check whether the process we have a handle to has
  98. * ended. */
  99. HANDLE hproc;
  100. /* XXX023 We can and should have Libevent watch hproc for us,
  101. * if/when some version of Libevent 2.x can be told to do so. */
  102. #endif
  103. /* XXX023 On Linux, we can and should receive the 22nd
  104. * (space-delimited) field (‘starttime’) of /proc/$PID/stat from the
  105. * owning controller and store it, and poll once in a while to see
  106. * whether it has changed -- if so, the kernel has *definitely*
  107. * reassigned the owning controller's PID and we should exit. On
  108. * FreeBSD, we can do the same trick using either the 8th
  109. * space-delimited field of /proc/$PID/status on the seven FBSD
  110. * systems whose admins have mounted procfs, or the start-time field
  111. * of the process-information structure returned by kvmgetprocs() on
  112. * any system. The latter is ickier. */
  113. /* XXX023 On FreeBSD (and possibly other kqueue systems), we can and
  114. * should arrange to receive EVFILT_PROC NOTE_EXIT notifications for
  115. * pid, so we don't have to do such a heavyweight poll operation in
  116. * order to avoid the PID-reassignment race condition. (We would
  117. * still need to poll our own kqueue periodically until some version
  118. * of Libevent 2.x learns to receive these events for us.) */
  119. /** A Libevent event structure, to either poll for the process's
  120. * existence or receive a notification when the process ends. */
  121. struct event *e;
  122. /** A callback to be called when the process ends. */
  123. tor_procmon_callback_t cb;
  124. void *cb_arg; /**< A user-specified pointer to be passed to cb. */
  125. };
  126. /** Verify that the process specifier given in <b>process_spec</b> is
  127. * syntactically valid. Return 0 on success; return -1 and store an
  128. * error message into *<b>msg</b> on failure. The caller must not
  129. * free the returned error message. */
  130. int
  131. tor_validate_process_specifier(const char *process_spec,
  132. const char **msg)
  133. {
  134. struct parsed_process_specifier_t ppspec;
  135. tor_assert(msg != NULL);
  136. *msg = NULL;
  137. return parse_process_specifier(process_spec, &ppspec, msg);
  138. }
  139. /* XXXX we should use periodic_timer_new() for this stuff */
  140. #ifdef HAVE_EVENT2_EVENT_H
  141. #define PERIODIC_TIMER_FLAGS EV_PERSIST
  142. #else
  143. #define PERIODIC_TIMER_FLAGS (0)
  144. #endif
  145. /* DOCDOC poll_interval_tv */
  146. static struct timeval poll_interval_tv = {15, 0};
  147. /* Note: If you port this file to plain Libevent 2, you can make
  148. * poll_interval_tv const. It has to be non-const here because in
  149. * libevent 1.x, event_add expects a pointer to a non-const struct
  150. * timeval. */
  151. /** Create a process-termination monitor for the process specifier
  152. * given in <b>process_spec</b>. Return a newly allocated
  153. * tor_process_monitor_t on success; return NULL and store an error
  154. * message into *<b>msg</b> on failure. The caller must not free
  155. * the returned error message.
  156. *
  157. * When the monitored process terminates, call
  158. * <b>cb</b>(<b>cb_arg</b>).
  159. */
  160. tor_process_monitor_t *
  161. tor_process_monitor_new(struct event_base *base,
  162. const char *process_spec,
  163. log_domain_mask_t log_domain,
  164. tor_procmon_callback_t cb, void *cb_arg,
  165. const char **msg)
  166. {
  167. tor_process_monitor_t *procmon = tor_malloc(sizeof(tor_process_monitor_t));
  168. struct parsed_process_specifier_t ppspec;
  169. tor_assert(msg != NULL);
  170. *msg = NULL;
  171. if (procmon == NULL) {
  172. *msg = "out of memory";
  173. goto err;
  174. }
  175. procmon->log_domain = log_domain;
  176. if (parse_process_specifier(process_spec, &ppspec, msg))
  177. goto err;
  178. procmon->pid = ppspec.pid;
  179. #ifdef _WIN32
  180. procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,
  181. FALSE,
  182. procmon->pid);
  183. if (procmon->hproc != NULL) {
  184. procmon->poll_hproc = 1;
  185. log_info(procmon->log_domain, "Successfully opened handle to process "
  186. PID_T_FORMAT"; "
  187. "monitoring it.",
  188. procmon->pid);
  189. } else {
  190. /* If we couldn't get a handle to the process, we'll try again the
  191. * first time we poll. */
  192. log_info(procmon->log_domain, "Failed to open handle to process "
  193. PID_T_FORMAT"; will "
  194. "try again later.",
  195. procmon->pid);
  196. }
  197. #endif
  198. procmon->cb = cb;
  199. procmon->cb_arg = cb_arg;
  200. #ifdef PROCMON_POLLS
  201. procmon->e = tor_event_new(base, -1 /* no FD */, PERIODIC_TIMER_FLAGS,
  202. tor_process_monitor_poll_cb, procmon);
  203. /* Note: If you port this file to plain Libevent 2, check that
  204. * procmon->e is non-NULL. We don't need to here because
  205. * tor_evtimer_new never returns NULL. */
  206. evtimer_add(procmon->e, &poll_interval_tv);
  207. #else
  208. #error OOPS?
  209. #endif
  210. return procmon;
  211. err:
  212. tor_process_monitor_free(procmon);
  213. return NULL;
  214. }
  215. #ifdef PROCMON_POLLS
  216. /** Libevent callback to poll for the existence of the process
  217. * monitored by <b>procmon_</b>. */
  218. static void
  219. tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
  220. void *procmon_)
  221. {
  222. tor_process_monitor_t *procmon = (tor_process_monitor_t *)(procmon_);
  223. int its_dead_jim;
  224. (void)unused1; (void)unused2;
  225. tor_assert(procmon != NULL);
  226. #ifdef _WIN32
  227. if (procmon->poll_hproc) {
  228. DWORD exit_code;
  229. if (!GetExitCodeProcess(procmon->hproc, &exit_code)) {
  230. char *errmsg = format_win32_error(GetLastError());
  231. log_warn(procmon->log_domain, "Error \"%s\" occurred while polling "
  232. "handle for monitored process "PID_T_FORMAT"; assuming "
  233. "it's dead.",
  234. errmsg, procmon->pid);
  235. tor_free(errmsg);
  236. its_dead_jim = 1;
  237. } else {
  238. its_dead_jim = (exit_code != STILL_ACTIVE);
  239. }
  240. } else {
  241. /* All we can do is try to open the process, and look at the error
  242. * code if it fails again. */
  243. procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,
  244. FALSE,
  245. procmon->pid);
  246. if (procmon->hproc != NULL) {
  247. log_info(procmon->log_domain, "Successfully opened handle to monitored "
  248. "process "PID_T_FORMAT".",
  249. procmon->pid);
  250. its_dead_jim = 0;
  251. procmon->poll_hproc = 1;
  252. } else {
  253. DWORD err_code = GetLastError();
  254. char *errmsg = format_win32_error(err_code);
  255. /* When I tested OpenProcess's error codes on Windows 7, I
  256. * received error code 5 (ERROR_ACCESS_DENIED) for PIDs of
  257. * existing processes that I could not open and error code 87
  258. * (ERROR_INVALID_PARAMETER) for PIDs that were not in use.
  259. * Since the nonexistent-process error code is sane, I'm going
  260. * to assume that all errors other than ERROR_INVALID_PARAMETER
  261. * mean that the process we are monitoring is still alive. */
  262. its_dead_jim = (err_code == ERROR_INVALID_PARAMETER);
  263. if (!its_dead_jim)
  264. log_info(procmon->log_domain, "Failed to open handle to monitored "
  265. "process "PID_T_FORMAT", and error code %lu (%s) is not "
  266. "'invalid parameter' -- assuming the process is still alive.",
  267. procmon->pid,
  268. err_code, errmsg);
  269. tor_free(errmsg);
  270. }
  271. }
  272. #else
  273. /* Unix makes this part easy, if a bit racy. */
  274. its_dead_jim = kill(procmon->pid, 0);
  275. its_dead_jim = its_dead_jim && (errno == ESRCH);
  276. #endif
  277. tor_log(its_dead_jim ? LOG_NOTICE : LOG_INFO,
  278. procmon->log_domain, "Monitored process "PID_T_FORMAT" is %s.",
  279. procmon->pid,
  280. its_dead_jim ? "dead" : "still alive");
  281. if (its_dead_jim) {
  282. procmon->cb(procmon->cb_arg);
  283. #ifndef HAVE_EVENT2_EVENT_H
  284. } else {
  285. evtimer_add(procmon->e, &poll_interval_tv);
  286. #endif
  287. }
  288. }
  289. #endif
  290. /** Free the process-termination monitor <b>procmon</b>. */
  291. void
  292. tor_process_monitor_free(tor_process_monitor_t *procmon)
  293. {
  294. if (procmon == NULL)
  295. return;
  296. #ifdef _WIN32
  297. if (procmon->hproc != NULL)
  298. CloseHandle(procmon->hproc);
  299. #endif
  300. if (procmon->e != NULL)
  301. tor_event_free(procmon->e);
  302. tor_free(procmon);
  303. }