1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/process/launch.h" 6 7 #include <dirent.h> 8 #include <errno.h> 9 #include <fcntl.h> 10 #include <signal.h> 11 #include <stdlib.h> 12 #include <sys/resource.h> 13 #include <sys/time.h> 14 #include <sys/types.h> 15 #include <sys/wait.h> 16 #include <unistd.h> 17 18 #include <iterator> 19 #include <limits> 20 #include <set> 21 22 #include "base/allocator/type_profiler_control.h" 23 #include "base/command_line.h" 24 #include "base/compiler_specific.h" 25 #include "base/debug/debugger.h" 26 #include "base/debug/stack_trace.h" 27 #include "base/file_util.h" 28 #include "base/files/dir_reader_posix.h" 29 #include "base/logging.h" 30 #include "base/memory/scoped_ptr.h" 31 #include "base/posix/eintr_wrapper.h" 32 #include "base/process/kill.h" 33 #include "base/process/process_metrics.h" 34 #include "base/strings/stringprintf.h" 35 #include "base/synchronization/waitable_event.h" 36 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" 37 #include "base/threading/platform_thread.h" 38 #include "base/threading/thread_restrictions.h" 39 40 #if defined(OS_CHROMEOS) 41 #include <sys/ioctl.h> 42 #endif 43 44 #if defined(OS_FREEBSD) 45 #include <sys/event.h> 46 #include <sys/ucontext.h> 47 #endif 48 49 #if defined(OS_MACOSX) 50 #include <crt_externs.h> 51 #include <sys/event.h> 52 #else 53 extern char** environ; 54 #endif 55 56 namespace base { 57 58 namespace { 59 60 // Get the process's "environment" (i.e. the thing that setenv/getenv 61 // work with). 62 char** GetEnvironment() { 63 #if defined(OS_MACOSX) 64 return *_NSGetEnviron(); 65 #else 66 return environ; 67 #endif 68 } 69 70 // Set the process's "environment" (i.e. the thing that setenv/getenv 71 // work with). 72 void SetEnvironment(char** env) { 73 #if defined(OS_MACOSX) 74 *_NSGetEnviron() = env; 75 #else 76 environ = env; 77 #endif 78 } 79 80 // Set the calling thread's signal mask to new_sigmask and return 81 // the previous signal mask. 82 sigset_t SetSignalMask(const sigset_t& new_sigmask) { 83 sigset_t old_sigmask; 84 #if defined(OS_ANDROID) 85 // POSIX says pthread_sigmask() must be used in multi-threaded processes, 86 // but Android's pthread_sigmask() was broken until 4.1: 87 // https://code.google.com/p/android/issues/detail?id=15337 88 // http://stackoverflow.com/questions/13777109/pthread-sigmask-on-android-not-working 89 RAW_CHECK(sigprocmask(SIG_SETMASK, &new_sigmask, &old_sigmask) == 0); 90 #else 91 RAW_CHECK(pthread_sigmask(SIG_SETMASK, &new_sigmask, &old_sigmask) == 0); 92 #endif 93 return old_sigmask; 94 } 95 96 #if !defined(OS_LINUX) || \ 97 (!defined(__i386__) && !defined(__x86_64__) && !defined(__arm__)) 98 void ResetChildSignalHandlersToDefaults() { 99 // The previous signal handlers are likely to be meaningless in the child's 100 // context so we reset them to the defaults for now. http://crbug.com/44953 101 // These signal handlers are set up at least in browser_main_posix.cc: 102 // BrowserMainPartsPosix::PreEarlyInitialization and stack_trace_posix.cc: 103 // EnableInProcessStackDumping. 104 signal(SIGHUP, SIG_DFL); 105 signal(SIGINT, SIG_DFL); 106 signal(SIGILL, SIG_DFL); 107 signal(SIGABRT, SIG_DFL); 108 signal(SIGFPE, SIG_DFL); 109 signal(SIGBUS, SIG_DFL); 110 signal(SIGSEGV, SIG_DFL); 111 signal(SIGSYS, SIG_DFL); 112 signal(SIGTERM, SIG_DFL); 113 } 114 115 #else 116 117 // TODO(jln): remove the Linux special case once kernels are fixed. 118 119 // Internally the kernel makes sigset_t an array of long large enough to have 120 // one bit per signal. 121 typedef uint64_t kernel_sigset_t; 122 123 // This is what struct sigaction looks like to the kernel at least on X86 and 124 // ARM. MIPS, for instance, is very different. 125 struct kernel_sigaction { 126 void* k_sa_handler; // For this usage it only needs to be a generic pointer. 127 unsigned long k_sa_flags; 128 void* k_sa_restorer; // For this usage it only needs to be a generic pointer. 129 kernel_sigset_t k_sa_mask; 130 }; 131 132 // glibc's sigaction() will prevent access to sa_restorer, so we need to roll 133 // our own. 134 int sys_rt_sigaction(int sig, const struct kernel_sigaction* act, 135 struct kernel_sigaction* oact) { 136 return syscall(SYS_rt_sigaction, sig, act, oact, sizeof(kernel_sigset_t)); 137 } 138 139 // This function is intended to be used in between fork() and execve() and will 140 // reset all signal handlers to the default. 141 // The motivation for going through all of them is that sa_restorer can leak 142 // from parents and help defeat ASLR on buggy kernels. We reset it to NULL. 143 // See crbug.com/177956. 144 void ResetChildSignalHandlersToDefaults(void) { 145 for (int signum = 1; ; ++signum) { 146 struct kernel_sigaction act = {0}; 147 int sigaction_get_ret = sys_rt_sigaction(signum, NULL, &act); 148 if (sigaction_get_ret && errno == EINVAL) { 149 #if !defined(NDEBUG) 150 // Linux supports 32 real-time signals from 33 to 64. 151 // If the number of signals in the Linux kernel changes, someone should 152 // look at this code. 153 const int kNumberOfSignals = 64; 154 RAW_CHECK(signum == kNumberOfSignals + 1); 155 #endif // !defined(NDEBUG) 156 break; 157 } 158 // All other failures are fatal. 159 if (sigaction_get_ret) { 160 RAW_LOG(FATAL, "sigaction (get) failed."); 161 } 162 163 // The kernel won't allow to re-set SIGKILL or SIGSTOP. 164 if (signum != SIGSTOP && signum != SIGKILL) { 165 act.k_sa_handler = reinterpret_cast<void*>(SIG_DFL); 166 act.k_sa_restorer = NULL; 167 if (sys_rt_sigaction(signum, &act, NULL)) { 168 RAW_LOG(FATAL, "sigaction (set) failed."); 169 } 170 } 171 #if !defined(NDEBUG) 172 // Now ask the kernel again and check that no restorer will leak. 173 if (sys_rt_sigaction(signum, NULL, &act) || act.k_sa_restorer) { 174 RAW_LOG(FATAL, "Cound not fix sa_restorer."); 175 } 176 #endif // !defined(NDEBUG) 177 } 178 } 179 #endif // !defined(OS_LINUX) || 180 // (!defined(__i386__) && !defined(__x86_64__) && !defined(__arm__)) 181 182 } // anonymous namespace 183 184 // A class to handle auto-closing of DIR*'s. 185 class ScopedDIRClose { 186 public: 187 inline void operator()(DIR* x) const { 188 if (x) { 189 closedir(x); 190 } 191 } 192 }; 193 typedef scoped_ptr_malloc<DIR, ScopedDIRClose> ScopedDIR; 194 195 #if defined(OS_LINUX) 196 static const char kFDDir[] = "/proc/self/fd"; 197 #elif defined(OS_MACOSX) 198 static const char kFDDir[] = "/dev/fd"; 199 #elif defined(OS_SOLARIS) 200 static const char kFDDir[] = "/dev/fd"; 201 #elif defined(OS_FREEBSD) 202 static const char kFDDir[] = "/dev/fd"; 203 #elif defined(OS_OPENBSD) 204 static const char kFDDir[] = "/dev/fd"; 205 #elif defined(OS_ANDROID) 206 static const char kFDDir[] = "/proc/self/fd"; 207 #endif 208 209 void CloseSuperfluousFds(const base::InjectiveMultimap& saved_mapping) { 210 // DANGER: no calls to malloc are allowed from now on: 211 // http://crbug.com/36678 212 213 // Get the maximum number of FDs possible. 214 size_t max_fds = GetMaxFds(); 215 216 DirReaderPosix fd_dir(kFDDir); 217 if (!fd_dir.IsValid()) { 218 // Fallback case: Try every possible fd. 219 for (size_t i = 0; i < max_fds; ++i) { 220 const int fd = static_cast<int>(i); 221 if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) 222 continue; 223 InjectiveMultimap::const_iterator j; 224 for (j = saved_mapping.begin(); j != saved_mapping.end(); j++) { 225 if (fd == j->dest) 226 break; 227 } 228 if (j != saved_mapping.end()) 229 continue; 230 231 // Since we're just trying to close anything we can find, 232 // ignore any error return values of close(). 233 ignore_result(HANDLE_EINTR(close(fd))); 234 } 235 return; 236 } 237 238 const int dir_fd = fd_dir.fd(); 239 240 for ( ; fd_dir.Next(); ) { 241 // Skip . and .. entries. 242 if (fd_dir.name()[0] == '.') 243 continue; 244 245 char *endptr; 246 errno = 0; 247 const long int fd = strtol(fd_dir.name(), &endptr, 10); 248 if (fd_dir.name()[0] == 0 || *endptr || fd < 0 || errno) 249 continue; 250 if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) 251 continue; 252 InjectiveMultimap::const_iterator i; 253 for (i = saved_mapping.begin(); i != saved_mapping.end(); i++) { 254 if (fd == i->dest) 255 break; 256 } 257 if (i != saved_mapping.end()) 258 continue; 259 if (fd == dir_fd) 260 continue; 261 262 // When running under Valgrind, Valgrind opens several FDs for its 263 // own use and will complain if we try to close them. All of 264 // these FDs are >= |max_fds|, so we can check against that here 265 // before closing. See https://bugs.kde.org/show_bug.cgi?id=191758 266 if (fd < static_cast<int>(max_fds)) { 267 int ret = HANDLE_EINTR(close(fd)); 268 DPCHECK(ret == 0); 269 } 270 } 271 } 272 273 char** AlterEnvironment(const EnvironmentVector& changes, 274 const char* const* const env) { 275 unsigned count = 0; 276 unsigned size = 0; 277 278 // First assume that all of the current environment will be included. 279 for (unsigned i = 0; env[i]; i++) { 280 const char *const pair = env[i]; 281 count++; 282 size += strlen(pair) + 1 /* terminating NUL */; 283 } 284 285 for (EnvironmentVector::const_iterator j = changes.begin(); 286 j != changes.end(); 287 ++j) { 288 bool found = false; 289 const char *pair; 290 291 for (unsigned i = 0; env[i]; i++) { 292 pair = env[i]; 293 const char *const equals = strchr(pair, '='); 294 if (!equals) 295 continue; 296 const unsigned keylen = equals - pair; 297 if (keylen == j->first.size() && 298 memcmp(pair, j->first.data(), keylen) == 0) { 299 found = true; 300 break; 301 } 302 } 303 304 // if found, we'll either be deleting or replacing this element. 305 if (found) { 306 count--; 307 size -= strlen(pair) + 1; 308 if (j->second.size()) 309 found = false; 310 } 311 312 // if !found, then we have a new element to add. 313 if (!found && !j->second.empty()) { 314 count++; 315 size += j->first.size() + 1 /* '=' */ + j->second.size() + 1 /* NUL */; 316 } 317 } 318 319 count++; // for the final NULL 320 uint8_t *buffer = new uint8_t[sizeof(char*) * count + size]; 321 char **const ret = reinterpret_cast<char**>(buffer); 322 unsigned k = 0; 323 char *scratch = reinterpret_cast<char*>(buffer + sizeof(char*) * count); 324 325 for (unsigned i = 0; env[i]; i++) { 326 const char *const pair = env[i]; 327 const char *const equals = strchr(pair, '='); 328 if (!equals) { 329 const unsigned len = strlen(pair); 330 ret[k++] = scratch; 331 memcpy(scratch, pair, len + 1); 332 scratch += len + 1; 333 continue; 334 } 335 const unsigned keylen = equals - pair; 336 bool handled = false; 337 for (EnvironmentVector::const_iterator 338 j = changes.begin(); j != changes.end(); j++) { 339 if (j->first.size() == keylen && 340 memcmp(j->first.data(), pair, keylen) == 0) { 341 if (!j->second.empty()) { 342 ret[k++] = scratch; 343 memcpy(scratch, pair, keylen + 1); 344 scratch += keylen + 1; 345 memcpy(scratch, j->second.c_str(), j->second.size() + 1); 346 scratch += j->second.size() + 1; 347 } 348 handled = true; 349 break; 350 } 351 } 352 353 if (!handled) { 354 const unsigned len = strlen(pair); 355 ret[k++] = scratch; 356 memcpy(scratch, pair, len + 1); 357 scratch += len + 1; 358 } 359 } 360 361 // Now handle new elements 362 for (EnvironmentVector::const_iterator 363 j = changes.begin(); j != changes.end(); j++) { 364 if (j->second.empty()) 365 continue; 366 367 bool found = false; 368 for (unsigned i = 0; env[i]; i++) { 369 const char *const pair = env[i]; 370 const char *const equals = strchr(pair, '='); 371 if (!equals) 372 continue; 373 const unsigned keylen = equals - pair; 374 if (keylen == j->first.size() && 375 memcmp(pair, j->first.data(), keylen) == 0) { 376 found = true; 377 break; 378 } 379 } 380 381 if (!found) { 382 ret[k++] = scratch; 383 memcpy(scratch, j->first.data(), j->first.size()); 384 scratch += j->first.size(); 385 *scratch++ = '='; 386 memcpy(scratch, j->second.c_str(), j->second.size() + 1); 387 scratch += j->second.size() + 1; 388 } 389 } 390 391 ret[k] = NULL; 392 return ret; 393 } 394 395 bool LaunchProcess(const std::vector<std::string>& argv, 396 const LaunchOptions& options, 397 ProcessHandle* process_handle) { 398 size_t fd_shuffle_size = 0; 399 if (options.fds_to_remap) { 400 fd_shuffle_size = options.fds_to_remap->size(); 401 } 402 403 InjectiveMultimap fd_shuffle1; 404 InjectiveMultimap fd_shuffle2; 405 fd_shuffle1.reserve(fd_shuffle_size); 406 fd_shuffle2.reserve(fd_shuffle_size); 407 408 scoped_ptr<char*[]> argv_cstr(new char*[argv.size() + 1]); 409 scoped_ptr<char*[]> new_environ; 410 if (options.environ) 411 new_environ.reset(AlterEnvironment(*options.environ, GetEnvironment())); 412 413 sigset_t full_sigset; 414 sigfillset(&full_sigset); 415 const sigset_t orig_sigmask = SetSignalMask(full_sigset); 416 417 pid_t pid; 418 #if defined(OS_LINUX) 419 if (options.clone_flags) { 420 // Signal handling in this function assumes the creation of a new 421 // process, so we check that a thread is not being created by mistake 422 // and that signal handling follows the process-creation rules. 423 RAW_CHECK( 424 !(options.clone_flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM))); 425 pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0); 426 } else 427 #endif 428 { 429 pid = fork(); 430 } 431 432 // Always restore the original signal mask in the parent. 433 if (pid != 0) { 434 SetSignalMask(orig_sigmask); 435 } 436 437 if (pid < 0) { 438 DPLOG(ERROR) << "fork"; 439 return false; 440 } else if (pid == 0) { 441 // Child process 442 443 // DANGER: fork() rule: in the child, if you don't end up doing exec*(), 444 // you call _exit() instead of exit(). This is because _exit() does not 445 // call any previously-registered (in the parent) exit handlers, which 446 // might do things like block waiting for threads that don't even exist 447 // in the child. 448 449 // If a child process uses the readline library, the process block forever. 450 // In BSD like OSes including OS X it is safe to assign /dev/null as stdin. 451 // See http://crbug.com/56596. 452 int null_fd = HANDLE_EINTR(open("/dev/null", O_RDONLY)); 453 if (null_fd < 0) { 454 RAW_LOG(ERROR, "Failed to open /dev/null"); 455 _exit(127); 456 } 457 458 file_util::ScopedFD null_fd_closer(&null_fd); 459 int new_fd = HANDLE_EINTR(dup2(null_fd, STDIN_FILENO)); 460 if (new_fd != STDIN_FILENO) { 461 RAW_LOG(ERROR, "Failed to dup /dev/null for stdin"); 462 _exit(127); 463 } 464 465 if (options.new_process_group) { 466 // Instead of inheriting the process group ID of the parent, the child 467 // starts off a new process group with pgid equal to its process ID. 468 if (setpgid(0, 0) < 0) { 469 RAW_LOG(ERROR, "setpgid failed"); 470 _exit(127); 471 } 472 } 473 474 // Stop type-profiler. 475 // The profiler should be stopped between fork and exec since it inserts 476 // locks at new/delete expressions. See http://crbug.com/36678. 477 base::type_profiler::Controller::Stop(); 478 479 if (options.maximize_rlimits) { 480 // Some resource limits need to be maximal in this child. 481 std::set<int>::const_iterator resource; 482 for (resource = options.maximize_rlimits->begin(); 483 resource != options.maximize_rlimits->end(); 484 ++resource) { 485 struct rlimit limit; 486 if (getrlimit(*resource, &limit) < 0) { 487 RAW_LOG(WARNING, "getrlimit failed"); 488 } else if (limit.rlim_cur < limit.rlim_max) { 489 limit.rlim_cur = limit.rlim_max; 490 if (setrlimit(*resource, &limit) < 0) { 491 RAW_LOG(WARNING, "setrlimit failed"); 492 } 493 } 494 } 495 } 496 497 #if defined(OS_MACOSX) 498 RestoreDefaultExceptionHandler(); 499 #endif // defined(OS_MACOSX) 500 501 ResetChildSignalHandlersToDefaults(); 502 SetSignalMask(orig_sigmask); 503 504 #if 0 505 // When debugging it can be helpful to check that we really aren't making 506 // any hidden calls to malloc. 507 void *malloc_thunk = 508 reinterpret_cast<void*>(reinterpret_cast<intptr_t>(malloc) & ~4095); 509 mprotect(malloc_thunk, 4096, PROT_READ | PROT_WRITE | PROT_EXEC); 510 memset(reinterpret_cast<void*>(malloc), 0xff, 8); 511 #endif // 0 512 513 // DANGER: no calls to malloc are allowed from now on: 514 // http://crbug.com/36678 515 516 #if defined(OS_CHROMEOS) 517 if (options.ctrl_terminal_fd >= 0) { 518 // Set process' controlling terminal. 519 if (HANDLE_EINTR(setsid()) != -1) { 520 if (HANDLE_EINTR( 521 ioctl(options.ctrl_terminal_fd, TIOCSCTTY, NULL)) == -1) { 522 RAW_LOG(WARNING, "ioctl(TIOCSCTTY), ctrl terminal not set"); 523 } 524 } else { 525 RAW_LOG(WARNING, "setsid failed, ctrl terminal not set"); 526 } 527 } 528 #endif // defined(OS_CHROMEOS) 529 530 if (options.fds_to_remap) { 531 for (FileHandleMappingVector::const_iterator 532 it = options.fds_to_remap->begin(); 533 it != options.fds_to_remap->end(); ++it) { 534 fd_shuffle1.push_back(InjectionArc(it->first, it->second, false)); 535 fd_shuffle2.push_back(InjectionArc(it->first, it->second, false)); 536 } 537 } 538 539 if (options.environ) 540 SetEnvironment(new_environ.get()); 541 542 // fd_shuffle1 is mutated by this call because it cannot malloc. 543 if (!ShuffleFileDescriptors(&fd_shuffle1)) 544 _exit(127); 545 546 CloseSuperfluousFds(fd_shuffle2); 547 548 for (size_t i = 0; i < argv.size(); i++) 549 argv_cstr[i] = const_cast<char*>(argv[i].c_str()); 550 argv_cstr[argv.size()] = NULL; 551 execvp(argv_cstr[0], argv_cstr.get()); 552 553 RAW_LOG(ERROR, "LaunchProcess: failed to execvp:"); 554 RAW_LOG(ERROR, argv_cstr[0]); 555 _exit(127); 556 } else { 557 // Parent process 558 if (options.wait) { 559 // While this isn't strictly disk IO, waiting for another process to 560 // finish is the sort of thing ThreadRestrictions is trying to prevent. 561 base::ThreadRestrictions::AssertIOAllowed(); 562 pid_t ret = HANDLE_EINTR(waitpid(pid, 0, 0)); 563 DPCHECK(ret > 0); 564 } 565 566 if (process_handle) 567 *process_handle = pid; 568 } 569 570 return true; 571 } 572 573 574 bool LaunchProcess(const CommandLine& cmdline, 575 const LaunchOptions& options, 576 ProcessHandle* process_handle) { 577 return LaunchProcess(cmdline.argv(), options, process_handle); 578 } 579 580 void RaiseProcessToHighPriority() { 581 // On POSIX, we don't actually do anything here. We could try to nice() or 582 // setpriority() or sched_getscheduler, but these all require extra rights. 583 } 584 585 // Return value used by GetAppOutputInternal to encapsulate the various exit 586 // scenarios from the function. 587 enum GetAppOutputInternalResult { 588 EXECUTE_FAILURE, 589 EXECUTE_SUCCESS, 590 GOT_MAX_OUTPUT, 591 }; 592 593 // Executes the application specified by |argv| and wait for it to exit. Stores 594 // the output (stdout) in |output|. If |do_search_path| is set, it searches the 595 // path for the application; in that case, |envp| must be null, and it will use 596 // the current environment. If |do_search_path| is false, |argv[0]| should fully 597 // specify the path of the application, and |envp| will be used as the 598 // environment. Redirects stderr to /dev/null. 599 // If we successfully start the application and get all requested output, we 600 // return GOT_MAX_OUTPUT, or if there is a problem starting or exiting 601 // the application we return RUN_FAILURE. Otherwise we return EXECUTE_SUCCESS. 602 // The GOT_MAX_OUTPUT return value exists so a caller that asks for limited 603 // output can treat this as a success, despite having an exit code of SIG_PIPE 604 // due to us closing the output pipe. 605 // In the case of EXECUTE_SUCCESS, the application exit code will be returned 606 // in |*exit_code|, which should be checked to determine if the application 607 // ran successfully. 608 static GetAppOutputInternalResult GetAppOutputInternal( 609 const std::vector<std::string>& argv, 610 char* const envp[], 611 std::string* output, 612 size_t max_output, 613 bool do_search_path, 614 int* exit_code) { 615 // Doing a blocking wait for another command to finish counts as IO. 616 base::ThreadRestrictions::AssertIOAllowed(); 617 // exit_code must be supplied so calling function can determine success. 618 DCHECK(exit_code); 619 *exit_code = EXIT_FAILURE; 620 621 int pipe_fd[2]; 622 pid_t pid; 623 InjectiveMultimap fd_shuffle1, fd_shuffle2; 624 scoped_ptr<char*[]> argv_cstr(new char*[argv.size() + 1]); 625 626 fd_shuffle1.reserve(3); 627 fd_shuffle2.reserve(3); 628 629 // Either |do_search_path| should be false or |envp| should be null, but not 630 // both. 631 DCHECK(!do_search_path ^ !envp); 632 633 if (pipe(pipe_fd) < 0) 634 return EXECUTE_FAILURE; 635 636 switch (pid = fork()) { 637 case -1: // error 638 close(pipe_fd[0]); 639 close(pipe_fd[1]); 640 return EXECUTE_FAILURE; 641 case 0: // child 642 { 643 #if defined(OS_MACOSX) 644 RestoreDefaultExceptionHandler(); 645 #endif 646 // DANGER: no calls to malloc are allowed from now on: 647 // http://crbug.com/36678 648 649 // Obscure fork() rule: in the child, if you don't end up doing exec*(), 650 // you call _exit() instead of exit(). This is because _exit() does not 651 // call any previously-registered (in the parent) exit handlers, which 652 // might do things like block waiting for threads that don't even exist 653 // in the child. 654 int dev_null = open("/dev/null", O_WRONLY); 655 if (dev_null < 0) 656 _exit(127); 657 658 // Stop type-profiler. 659 // The profiler should be stopped between fork and exec since it inserts 660 // locks at new/delete expressions. See http://crbug.com/36678. 661 base::type_profiler::Controller::Stop(); 662 663 fd_shuffle1.push_back(InjectionArc(pipe_fd[1], STDOUT_FILENO, true)); 664 fd_shuffle1.push_back(InjectionArc(dev_null, STDERR_FILENO, true)); 665 fd_shuffle1.push_back(InjectionArc(dev_null, STDIN_FILENO, true)); 666 // Adding another element here? Remeber to increase the argument to 667 // reserve(), above. 668 669 std::copy(fd_shuffle1.begin(), fd_shuffle1.end(), 670 std::back_inserter(fd_shuffle2)); 671 672 if (!ShuffleFileDescriptors(&fd_shuffle1)) 673 _exit(127); 674 675 CloseSuperfluousFds(fd_shuffle2); 676 677 for (size_t i = 0; i < argv.size(); i++) 678 argv_cstr[i] = const_cast<char*>(argv[i].c_str()); 679 argv_cstr[argv.size()] = NULL; 680 if (do_search_path) 681 execvp(argv_cstr[0], argv_cstr.get()); 682 else 683 execve(argv_cstr[0], argv_cstr.get(), envp); 684 _exit(127); 685 } 686 default: // parent 687 { 688 // Close our writing end of pipe now. Otherwise later read would not 689 // be able to detect end of child's output (in theory we could still 690 // write to the pipe). 691 close(pipe_fd[1]); 692 693 output->clear(); 694 char buffer[256]; 695 size_t output_buf_left = max_output; 696 ssize_t bytes_read = 1; // A lie to properly handle |max_output == 0| 697 // case in the logic below. 698 699 while (output_buf_left > 0) { 700 bytes_read = HANDLE_EINTR(read(pipe_fd[0], buffer, 701 std::min(output_buf_left, sizeof(buffer)))); 702 if (bytes_read <= 0) 703 break; 704 output->append(buffer, bytes_read); 705 output_buf_left -= static_cast<size_t>(bytes_read); 706 } 707 close(pipe_fd[0]); 708 709 // Always wait for exit code (even if we know we'll declare 710 // GOT_MAX_OUTPUT). 711 bool success = WaitForExitCode(pid, exit_code); 712 713 // If we stopped because we read as much as we wanted, we return 714 // GOT_MAX_OUTPUT (because the child may exit due to |SIGPIPE|). 715 if (!output_buf_left && bytes_read > 0) 716 return GOT_MAX_OUTPUT; 717 else if (success) 718 return EXECUTE_SUCCESS; 719 return EXECUTE_FAILURE; 720 } 721 } 722 } 723 724 bool GetAppOutput(const CommandLine& cl, std::string* output) { 725 return GetAppOutput(cl.argv(), output); 726 } 727 728 bool GetAppOutput(const std::vector<std::string>& argv, std::string* output) { 729 // Run |execve()| with the current environment and store "unlimited" data. 730 int exit_code; 731 GetAppOutputInternalResult result = GetAppOutputInternal( 732 argv, NULL, output, std::numeric_limits<std::size_t>::max(), true, 733 &exit_code); 734 return result == EXECUTE_SUCCESS && exit_code == EXIT_SUCCESS; 735 } 736 737 // TODO(viettrungluu): Conceivably, we should have a timeout as well, so we 738 // don't hang if what we're calling hangs. 739 bool GetAppOutputRestricted(const CommandLine& cl, 740 std::string* output, size_t max_output) { 741 // Run |execve()| with the empty environment. 742 char* const empty_environ = NULL; 743 int exit_code; 744 GetAppOutputInternalResult result = GetAppOutputInternal( 745 cl.argv(), &empty_environ, output, max_output, false, &exit_code); 746 return result == GOT_MAX_OUTPUT || (result == EXECUTE_SUCCESS && 747 exit_code == EXIT_SUCCESS); 748 } 749 750 bool GetAppOutputWithExitCode(const CommandLine& cl, 751 std::string* output, 752 int* exit_code) { 753 // Run |execve()| with the current environment and store "unlimited" data. 754 GetAppOutputInternalResult result = GetAppOutputInternal( 755 cl.argv(), NULL, output, std::numeric_limits<std::size_t>::max(), true, 756 exit_code); 757 return result == EXECUTE_SUCCESS; 758 } 759 760 } // namespace base 761
