procmon.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359
  1. /* Copyright (c) 2011-2016, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. /**
  4. * \file procmon.c
  5. * \brief Process-termination monitor functions
  6. **/
  7. #include "procmon.h"
  8. #include "util.h"
  9. #ifdef HAVE_EVENT2_EVENT_H
  10. #include <event2/event.h>
  11. #else
  12. #include <event.h>
  13. #endif
  14. #ifdef HAVE_SIGNAL_H
  15. #include <signal.h>
  16. #endif
  17. #ifdef HAVE_ERRNO_H
  18. #include <errno.h>
  19. #endif
  20. #ifdef _WIN32
  21. #include <windows.h>
  22. #endif
  23. #if (0 == SIZEOF_PID_T) && defined(_WIN32)
  24. /* Windows does not define pid_t sometimes, but _getpid() returns an int.
  25. * Everybody else needs to have a pid_t. */
  26. typedef int pid_t;
  27. #define PID_T_FORMAT "%d"
  28. #elif (SIZEOF_PID_T == SIZEOF_INT) || (SIZEOF_PID_T == SIZEOF_SHORT)
  29. #define PID_T_FORMAT "%d"
  30. #elif (SIZEOF_PID_T == SIZEOF_LONG)
  31. #define PID_T_FORMAT "%ld"
  32. #elif (SIZEOF_PID_T == SIZEOF_INT64_T)
  33. #define PID_T_FORMAT I64_FORMAT
  34. #else
  35. #error Unknown: SIZEOF_PID_T
  36. #endif
  37. /* Define to 1 if process-termination monitors on this OS and Libevent
  38. version must poll for process termination themselves. */
  39. #define PROCMON_POLLS 1
  40. /* Currently we need to poll in some way on all systems. */
  41. #ifdef PROCMON_POLLS
  42. static void tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
  43. void *procmon_);
  44. #endif
  45. /* This struct may contain pointers into the original process
  46. * specifier string, but it should *never* contain anything which
  47. * needs to be freed. */
  48. /* DOCDOC parsed_process_specifier_t */
  49. struct parsed_process_specifier_t {
  50. pid_t pid;
  51. };
  52. /** Parse the process specifier given in <b>process_spec</b> into
  53. * *<b>ppspec</b>. Return 0 on success; return -1 and store an error
  54. * message into *<b>msg</b> on failure. The caller must not free the
  55. * returned error message. */
  56. static int
  57. parse_process_specifier(const char *process_spec,
  58. struct parsed_process_specifier_t *ppspec,
  59. const char **msg)
  60. {
  61. long pid_l;
  62. int pid_ok = 0;
  63. char *pspec_next;
  64. /* If we're lucky, long will turn out to be large enough to hold a
  65. * PID everywhere that Tor runs. */
  66. pid_l = tor_parse_long(process_spec, 0, 1, LONG_MAX, &pid_ok, &pspec_next);
  67. /* Reserve room in the ‘process specifier’ for additional
  68. * (platform-specific) identifying information beyond the PID, to
  69. * make our process-existence checks a bit less racy in a future
  70. * version. */
  71. if ((*pspec_next != 0) && (*pspec_next != ' ') && (*pspec_next != ':')) {
  72. pid_ok = 0;
  73. }
  74. ppspec->pid = (pid_t)(pid_l);
  75. if (!pid_ok || (pid_l != (long)(ppspec->pid))) {
  76. *msg = "invalid PID";
  77. goto err;
  78. }
  79. return 0;
  80. err:
  81. return -1;
  82. }
  83. /* DOCDOC tor_process_monitor_t */
  84. struct tor_process_monitor_t {
  85. /** Log domain for warning messages. */
  86. log_domain_mask_t log_domain;
  87. /** All systems: The best we can do in general is poll for the
  88. * process's existence by PID periodically, and hope that the kernel
  89. * doesn't reassign the same PID to another process between our
  90. * polls. */
  91. pid_t pid;
  92. #ifdef _WIN32
  93. /** Windows-only: Should we poll hproc? If false, poll pid
  94. * instead. */
  95. int poll_hproc;
  96. /** Windows-only: Get a handle to the process (if possible) and
  97. * periodically check whether the process we have a handle to has
  98. * ended. */
  99. HANDLE hproc;
  100. /* XXXX We should have Libevent watch hproc for us,
  101. * if/when some version of Libevent can be told to do so. */
  102. #endif
  103. /* XXXX On Linux, we can and should receive the 22nd
  104. * (space-delimited) field (‘starttime’) of /proc/$PID/stat from the
  105. * owning controller and store it, and poll once in a while to see
  106. * whether it has changed -- if so, the kernel has *definitely*
  107. * reassigned the owning controller's PID and we should exit. On
  108. * FreeBSD, we can do the same trick using either the 8th
  109. * space-delimited field of /proc/$PID/status on the seven FBSD
  110. * systems whose admins have mounted procfs, or the start-time field
  111. * of the process-information structure returned by kvmgetprocs() on
  112. * any system. The latter is ickier. */
  113. /* XXXX On FreeBSD (and possibly other kqueue systems), we can and
  114. * should arrange to receive EVFILT_PROC NOTE_EXIT notifications for
  115. * pid, so we don't have to do such a heavyweight poll operation in
  116. * order to avoid the PID-reassignment race condition. (We would
  117. * still need to poll our own kqueue periodically until some version
  118. * of Libevent 2.x learns to receive these events for us.) */
  119. /** A Libevent event structure, to either poll for the process's
  120. * existence or receive a notification when the process ends. */
  121. struct event *e;
  122. /** A callback to be called when the process ends. */
  123. tor_procmon_callback_t cb;
  124. void *cb_arg; /**< A user-specified pointer to be passed to cb. */
  125. };
  126. /** Verify that the process specifier given in <b>process_spec</b> is
  127. * syntactically valid. Return 0 on success; return -1 and store an
  128. * error message into *<b>msg</b> on failure. The caller must not
  129. * free the returned error message. */
  130. int
  131. tor_validate_process_specifier(const char *process_spec,
  132. const char **msg)
  133. {
  134. struct parsed_process_specifier_t ppspec;
  135. tor_assert(msg != NULL);
  136. *msg = NULL;
  137. return parse_process_specifier(process_spec, &ppspec, msg);
  138. }
  139. /* XXXX we should use periodic_timer_new() for this stuff */
  140. #ifdef HAVE_EVENT2_EVENT_H
  141. #define PERIODIC_TIMER_FLAGS EV_PERSIST
  142. #else
  143. #define PERIODIC_TIMER_FLAGS (0)
  144. #endif
  145. /* DOCDOC poll_interval_tv */
  146. static struct timeval poll_interval_tv = {15, 0};
  147. /* Note: If you port this file to plain Libevent 2, you can make
  148. * poll_interval_tv const. It has to be non-const here because in
  149. * libevent 1.x, event_add expects a pointer to a non-const struct
  150. * timeval. */
  151. /** Create a process-termination monitor for the process specifier
  152. * given in <b>process_spec</b>. Return a newly allocated
  153. * tor_process_monitor_t on success; return NULL and store an error
  154. * message into *<b>msg</b> on failure. The caller must not free
  155. * the returned error message.
  156. *
  157. * When the monitored process terminates, call
  158. * <b>cb</b>(<b>cb_arg</b>).
  159. */
  160. tor_process_monitor_t *
  161. tor_process_monitor_new(struct event_base *base,
  162. const char *process_spec,
  163. log_domain_mask_t log_domain,
  164. tor_procmon_callback_t cb, void *cb_arg,
  165. const char **msg)
  166. {
  167. tor_process_monitor_t *procmon = tor_malloc_zero(
  168. sizeof(tor_process_monitor_t));
  169. struct parsed_process_specifier_t ppspec;
  170. tor_assert(msg != NULL);
  171. *msg = NULL;
  172. if (procmon == NULL) {
  173. *msg = "out of memory";
  174. goto err;
  175. }
  176. procmon->log_domain = log_domain;
  177. if (parse_process_specifier(process_spec, &ppspec, msg))
  178. goto err;
  179. procmon->pid = ppspec.pid;
  180. #ifdef _WIN32
  181. procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,
  182. FALSE,
  183. procmon->pid);
  184. if (procmon->hproc != NULL) {
  185. procmon->poll_hproc = 1;
  186. log_info(procmon->log_domain, "Successfully opened handle to process "
  187. PID_T_FORMAT"; "
  188. "monitoring it.",
  189. procmon->pid);
  190. } else {
  191. /* If we couldn't get a handle to the process, we'll try again the
  192. * first time we poll. */
  193. log_info(procmon->log_domain, "Failed to open handle to process "
  194. PID_T_FORMAT"; will "
  195. "try again later.",
  196. procmon->pid);
  197. }
  198. #endif
  199. procmon->cb = cb;
  200. procmon->cb_arg = cb_arg;
  201. #ifdef PROCMON_POLLS
  202. procmon->e = tor_event_new(base, -1 /* no FD */, PERIODIC_TIMER_FLAGS,
  203. tor_process_monitor_poll_cb, procmon);
  204. /* Note: If you port this file to plain Libevent 2, check that
  205. * procmon->e is non-NULL. We don't need to here because
  206. * tor_evtimer_new never returns NULL. */
  207. evtimer_add(procmon->e, &poll_interval_tv);
  208. #else
  209. #error OOPS?
  210. #endif
  211. return procmon;
  212. err:
  213. tor_process_monitor_free(procmon);
  214. return NULL;
  215. }
  216. #ifdef PROCMON_POLLS
  217. /** Libevent callback to poll for the existence of the process
  218. * monitored by <b>procmon_</b>. */
  219. static void
  220. tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
  221. void *procmon_)
  222. {
  223. tor_process_monitor_t *procmon = (tor_process_monitor_t *)(procmon_);
  224. int its_dead_jim;
  225. (void)unused1; (void)unused2;
  226. tor_assert(procmon != NULL);
  227. #ifdef _WIN32
  228. if (procmon->poll_hproc) {
  229. DWORD exit_code;
  230. if (!GetExitCodeProcess(procmon->hproc, &exit_code)) {
  231. char *errmsg = format_win32_error(GetLastError());
  232. log_warn(procmon->log_domain, "Error \"%s\" occurred while polling "
  233. "handle for monitored process "PID_T_FORMAT"; assuming "
  234. "it's dead.",
  235. errmsg, procmon->pid);
  236. tor_free(errmsg);
  237. its_dead_jim = 1;
  238. } else {
  239. its_dead_jim = (exit_code != STILL_ACTIVE);
  240. }
  241. } else {
  242. /* All we can do is try to open the process, and look at the error
  243. * code if it fails again. */
  244. procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,
  245. FALSE,
  246. procmon->pid);
  247. if (procmon->hproc != NULL) {
  248. log_info(procmon->log_domain, "Successfully opened handle to monitored "
  249. "process "PID_T_FORMAT".",
  250. procmon->pid);
  251. its_dead_jim = 0;
  252. procmon->poll_hproc = 1;
  253. } else {
  254. DWORD err_code = GetLastError();
  255. char *errmsg = format_win32_error(err_code);
  256. /* When I tested OpenProcess's error codes on Windows 7, I
  257. * received error code 5 (ERROR_ACCESS_DENIED) for PIDs of
  258. * existing processes that I could not open and error code 87
  259. * (ERROR_INVALID_PARAMETER) for PIDs that were not in use.
  260. * Since the nonexistent-process error code is sane, I'm going
  261. * to assume that all errors other than ERROR_INVALID_PARAMETER
  262. * mean that the process we are monitoring is still alive. */
  263. its_dead_jim = (err_code == ERROR_INVALID_PARAMETER);
  264. if (!its_dead_jim)
  265. log_info(procmon->log_domain, "Failed to open handle to monitored "
  266. "process "PID_T_FORMAT", and error code %lu (%s) is not "
  267. "'invalid parameter' -- assuming the process is still alive.",
  268. procmon->pid,
  269. err_code, errmsg);
  270. tor_free(errmsg);
  271. }
  272. }
  273. #else
  274. /* Unix makes this part easy, if a bit racy. */
  275. its_dead_jim = kill(procmon->pid, 0);
  276. its_dead_jim = its_dead_jim && (errno == ESRCH);
  277. #endif
  278. tor_log(its_dead_jim ? LOG_NOTICE : LOG_INFO,
  279. procmon->log_domain, "Monitored process "PID_T_FORMAT" is %s.",
  280. procmon->pid,
  281. its_dead_jim ? "dead" : "still alive");
  282. if (its_dead_jim) {
  283. procmon->cb(procmon->cb_arg);
  284. #ifndef HAVE_EVENT2_EVENT_H
  285. } else {
  286. evtimer_add(procmon->e, &poll_interval_tv);
  287. #endif
  288. }
  289. }
  290. #endif
  291. /** Free the process-termination monitor <b>procmon</b>. */
  292. void
  293. tor_process_monitor_free(tor_process_monitor_t *procmon)
  294. {
  295. if (procmon == NULL)
  296. return;
  297. #ifdef _WIN32
  298. if (procmon->hproc != NULL)
  299. CloseHandle(procmon->hproc);
  300. #endif
  301. if (procmon->e != NULL)
  302. tor_event_free(procmon->e);
  303. tor_free(procmon);
  304. }