tor-auto/doxygen/procmon_8c_source.html

 /* Copyright (c) 2011-2021, The Tor Project, Inc. */

 /* See LICENSE for licensing information */


 /**

  * \file procmon.c

  * \brief Process-termination monitor functions

  **/


 #include "lib/evloop/procmon.h"


 #include "lib/log/log.h"

 #include "lib/log/util_bug.h"

 #include "lib/log/win32err.h"

 #include "lib/malloc/malloc.h"

 #include "lib/string/parse_int.h"


 #ifdef HAVE_SIGNAL_H

 #include <signal.h>

 #endif

 #ifdef HAVE_ERRNO_H

 #include <errno.h>

 #endif

 #ifdef HAVE_SYS_TIME_H

 #include <sys/time.h>

 #endif


 #ifdef _WIN32

 #include <winsock2.h>

 #include <windows.h>

 #endif


 #if (0 == SIZEOF_PID_T) && defined(_WIN32)

 /* Windows does not define pid_t sometimes, but _getpid() returns an int.

  * Everybody else needs to have a pid_t. */

 typedef int pid_t;

 #define PID_T_FORMAT "%d"

 #elif (SIZEOF_PID_T == SIZEOF_INT) || (SIZEOF_PID_T == SIZEOF_SHORT)

 #define PID_T_FORMAT "%d"

 #elif (SIZEOF_PID_T == SIZEOF_LONG)

 #define PID_T_FORMAT "%ld"

 #elif (SIZEOF_PID_T == 8)

 #define PID_T_FORMAT "%"PRId64

 #else

 #error Unknown: SIZEOF_PID_T

 #endif /* (0 == SIZEOF_PID_T) && defined(_WIN32) || ... */


 /* Define to 1 if process-termination monitors on this OS and Libevent

    version must poll for process termination themselves. */

 #define PROCMON_POLLS 1

 /* Currently we need to poll in some way on all systems. */


 #ifdef PROCMON_POLLS

 static void tor_process_monitor_poll_cb(periodic_timer_t *ev,

                                         void *procmon_);

 #endif


 /* This struct may contain pointers into the original process

  * specifier string, but it should *never* contain anything which

  * needs to be freed. */

 /* DOCDOC parsed_process_specifier_t */

 struct parsed_process_specifier_t {

   pid_t pid;

 };


 /** Parse the process specifier given in <b>process_spec</b> into

  * *<b>ppspec</b>.  Return 0 on success; return -1 and store an error

  * message into *<b>msg</b> on failure.  The caller must not free the

  * returned error message. */

 static int

 parse_process_specifier(const char *process_spec,

                         struct parsed_process_specifier_t *ppspec,

                         const char **msg)

 {

   long pid_l;

   int pid_ok = 0;

   char *pspec_next;


   /* If we're lucky, long will turn out to be large enough to hold a

    * PID everywhere that Tor runs. */

   pid_l = tor_parse_long(process_spec, 10, 1, LONG_MAX, &pid_ok, &pspec_next);


   /* Reserve room in the ‘process specifier’ for additional

    * (platform-specific) identifying information beyond the PID, to

    * make our process-existence checks a bit less racy in a future

    * version. */

   if ((*pspec_next != 0) && (*pspec_next != ' ') && (*pspec_next != ':')) {

     pid_ok = 0;

   }


   ppspec->pid = (pid_t)(pid_l);

   if (!pid_ok || (pid_l != (long)(ppspec->pid))) {

     *msg = "invalid PID";

     goto err;

   }


   return 0;

  err:

   return -1;

 }


 /* DOCDOC tor_process_monitor_t */

 struct tor_process_monitor_t {

   /** Log domain for warning messages. */

   log_domain_mask_t log_domain;


   /** All systems: The best we can do in general is poll for the

    * process's existence by PID periodically, and hope that the kernel

    * doesn't reassign the same PID to another process between our

    * polls. */

   pid_t pid;


 #ifdef _WIN32

   /** Windows-only: Should we poll hproc?  If false, poll pid

    * instead. */

   int poll_hproc;


   /** Windows-only: Get a handle to the process (if possible) and

    * periodically check whether the process we have a handle to has

    * ended. */

   HANDLE hproc;

   /* XXXX We should have Libevent watch hproc for us,

    * if/when some version of Libevent can be told to do so. */

 #endif /* defined(_WIN32) */


   /* XXXX On Linux, we can and should receive the 22nd

    * (space-delimited) field (‘starttime’) of /proc/$PID/stat from the

    * owning controller and store it, and poll once in a while to see

    * whether it has changed -- if so, the kernel has *definitely*

    * reassigned the owning controller's PID and we should exit.  On

    * FreeBSD, we can do the same trick using either the 8th

    * space-delimited field of /proc/$PID/status on the seven FBSD

    * systems whose admins have mounted procfs, or the start-time field

    * of the process-information structure returned by kvmgetprocs() on

    * any system.  The latter is ickier. */


   /* XXXX On FreeBSD (and possibly other kqueue systems), we can and

    * should arrange to receive EVFILT_PROC NOTE_EXIT notifications for

    * pid, so we don't have to do such a heavyweight poll operation in

    * order to avoid the PID-reassignment race condition.  (We would

    * still need to poll our own kqueue periodically until some version

    * of Libevent 2.x learns to receive these events for us.) */


   /** A Libevent event structure, to either poll for the process's

    * existence or receive a notification when the process ends. */

   periodic_timer_t *e;


   /** A callback to be called when the process ends. */

   tor_procmon_callback_t cb;

   void *cb_arg; /**< A user-specified pointer to be passed to cb. */

 };


 /** Verify that the process specifier given in <b>process_spec</b> is

  * syntactically valid.  Return 0 on success; return -1 and store an

  * error message into *<b>msg</b> on failure.  The caller must not

  * free the returned error message. */

 int

 tor_validate_process_specifier(const char *process_spec,

                                const char **msg)

 {

   struct parsed_process_specifier_t ppspec;


   tor_assert(msg != NULL);

   *msg = NULL;


   return parse_process_specifier(process_spec, &ppspec, msg);

 }


 /* We check this often for presence of owning controller process. */

 static const struct timeval poll_interval_tv = {15, 0}; // 15 seconds.


 /** Create a process-termination monitor for the process specifier

  * given in <b>process_spec</b>.  Return a newly allocated

  * tor_process_monitor_t on success; return NULL and store an error

  * message into *<b>msg</b> on failure.  The caller must not free

  * the returned error message.

  *

  * When the monitored process terminates, call

  * <b>cb</b>(<b>cb_arg</b>).

  */

 tor_process_monitor_t *

 tor_process_monitor_new(struct event_base *base,

                         const char *process_spec,

                         log_domain_mask_t log_domain,

                         tor_procmon_callback_t cb, void *cb_arg,

                         const char **msg)

 {

   tor_process_monitor_t *procmon = tor_malloc_zero(

                                        sizeof(tor_process_monitor_t));

   struct parsed_process_specifier_t ppspec;


   tor_assert(msg != NULL);

   *msg = NULL;


   if (procmon == NULL) {

     *msg = "out of memory";

     goto err;

   }


   procmon->log_domain = log_domain;


   if (parse_process_specifier(process_spec, &ppspec, msg))

     goto err;


   procmon->pid = ppspec.pid;


 #ifdef _WIN32

   procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,

                                FALSE,

                                procmon->pid);


   if (procmon->hproc != NULL) {

     procmon->poll_hproc = 1;

     log_info(procmon->log_domain, "Successfully opened handle to process "

              PID_T_FORMAT"; "

              "monitoring it.",

              procmon->pid);

   } else {

     /* If we couldn't get a handle to the process, we'll try again the

      * first time we poll. */

     log_info(procmon->log_domain, "Failed to open handle to process "

              PID_T_FORMAT"; will "

              "try again later.",

              procmon->pid);

   }

 #endif /* defined(_WIN32) */


   procmon->cb = cb;

   procmon->cb_arg = cb_arg;


 #ifdef PROCMON_POLLS

   procmon->e = periodic_timer_new(base,

                                   &poll_interval_tv,

                                   tor_process_monitor_poll_cb, procmon);

 #else /* !(defined(PROCMON_POLLS)) */

 #error OOPS?

 #endif /* defined(PROCMON_POLLS) */


   return procmon;

  err:

   tor_process_monitor_free(procmon);

   return NULL;

 }


 #ifdef PROCMON_POLLS

 /** Libevent callback to poll for the existence of the process

  * monitored by <b>procmon_</b>. */

 static void

 tor_process_monitor_poll_cb(periodic_timer_t *event, void *procmon_)

 {

   (void)event;

   tor_process_monitor_t *procmon = (tor_process_monitor_t *)(procmon_);

   int its_dead_jim;


   tor_assert(procmon != NULL);


 #ifdef _WIN32

   if (procmon->poll_hproc) {

     DWORD exit_code;

     if (!GetExitCodeProcess(procmon->hproc, &exit_code)) {

       char *errmsg = format_win32_error(GetLastError());

       log_warn(procmon->log_domain, "Error \"%s\" occurred while polling "

                "handle for monitored process "PID_T_FORMAT"; assuming "

                "it's dead.",

                errmsg, procmon->pid);

       tor_free(errmsg);

       its_dead_jim = 1;

     } else {

       its_dead_jim = (exit_code != STILL_ACTIVE);

     }

   } else {

     /* All we can do is try to open the process, and look at the error

      * code if it fails again. */

     procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,

                                  FALSE,

                                  procmon->pid);


     if (procmon->hproc != NULL) {

       log_info(procmon->log_domain, "Successfully opened handle to monitored "

                "process "PID_T_FORMAT".",

                procmon->pid);

       its_dead_jim = 0;

       procmon->poll_hproc = 1;

     } else {

       DWORD err_code = GetLastError();

       char *errmsg = format_win32_error(err_code);


       /* When I tested OpenProcess's error codes on Windows 7, I

        * received error code 5 (ERROR_ACCESS_DENIED) for PIDs of

        * existing processes that I could not open and error code 87

        * (ERROR_INVALID_PARAMETER) for PIDs that were not in use.

        * Since the nonexistent-process error code is sane, I'm going

        * to assume that all errors other than ERROR_INVALID_PARAMETER

        * mean that the process we are monitoring is still alive. */

       its_dead_jim = (err_code == ERROR_INVALID_PARAMETER);


       if (!its_dead_jim)

         log_info(procmon->log_domain, "Failed to open handle to monitored "

                  "process "PID_T_FORMAT", and error code %lu (%s) is not "

                  "'invalid parameter' -- assuming the process is still alive.",

                  procmon->pid,

                  err_code, errmsg);


       tor_free(errmsg);

     }

   }

 #else /* !defined(_WIN32) */

   /* Unix makes this part easy, if a bit racy. */

   its_dead_jim = kill(procmon->pid, 0);

   its_dead_jim = its_dead_jim && (errno == ESRCH);

 #endif /* defined(_WIN32) */


   tor_log(its_dead_jim ? LOG_NOTICE : LOG_INFO,

       procmon->log_domain, "Monitored process "PID_T_FORMAT" is %s.",

       procmon->pid,

       its_dead_jim ? "dead" : "still alive");


   if (its_dead_jim) {

     procmon->cb(procmon->cb_arg);

   }

 }

 #endif /* defined(PROCMON_POLLS) */


 /** Free the process-termination monitor <b>procmon</b>. */

 void

 tor_process_monitor_free_(tor_process_monitor_t *procmon)

 {

   if (procmon == NULL)

     return;


 #ifdef _WIN32

   if (procmon->hproc != NULL)

     CloseHandle(procmon->hproc);

 #endif


   if (procmon->e != NULL)

     periodic_timer_free(procmon->e);


   tor_free(procmon);

 }

periodic_timer_new
periodic_timer_t * periodic_timer_new(struct event_base *base, const struct timeval *tv, void(*cb)(periodic_timer_t *timer, void *data), void *data)
Definition: compat_libevent.c:249

tor_log
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590

log.h
Headers for log.c.

LOG_NOTICE
#define LOG_NOTICE
Definition: log.h:50

LOG_INFO
#define LOG_INFO
Definition: log.h:45

log_domain_mask_t
uint64_t log_domain_mask_t
Definition: logging_types.h:21

malloc.h
Headers for util_malloc.c.

tor_free
#define tor_free(p)
Definition: malloc.h:52

tor_parse_long
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59

parse_int.h
Header for parse_int.c.

tor_process_monitor_new
tor_process_monitor_t * tor_process_monitor_new(struct event_base *base, const char *process_spec, log_domain_mask_t log_domain, tor_procmon_callback_t cb, void *cb_arg, const char **msg)
Definition: procmon.c:181

tor_validate_process_specifier
int tor_validate_process_specifier(const char *process_spec, const char **msg)
Definition: procmon.c:157

parse_process_specifier
static int parse_process_specifier(const char *process_spec, struct parsed_process_specifier_t *ppspec, const char **msg)
Definition: procmon.c:70

tor_process_monitor_free_
void tor_process_monitor_free_(tor_process_monitor_t *procmon)
Definition: procmon.c:325

tor_process_monitor_poll_cb
static void tor_process_monitor_poll_cb(periodic_timer_t *ev, void *procmon_)
Definition: procmon.c:248

procmon.h
Headers for procmon.c.

parsed_process_specifier_t
Definition: procmon.c:61

periodic_timer_t
Definition: compat_libevent.c:226

timeval
Definition: compat_time.h:151

tor_process_monitor_t
Definition: procmon.c:102

tor_process_monitor_t::e
periodic_timer_t * e
Definition: procmon.c:145

tor_process_monitor_t::cb_arg
void * cb_arg
Definition: procmon.c:149

tor_process_monitor_t::cb
tor_procmon_callback_t cb
Definition: procmon.c:148

tor_process_monitor_t::pid
pid_t pid
Definition: procmon.c:110

tor_process_monitor_t::log_domain
log_domain_mask_t log_domain
Definition: procmon.c:104

util_bug.h
Macros to manage assertions, fatal and non-fatal.

tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102

win32err.h
Header for win32err.c.