| | varnish-cache/bin/varnishd/mgt/mgt_child.c |
|---|
| 0 |
|
/*- |
| 1 |
|
* Copyright (c) 2006 Verdens Gang AS |
| 2 |
|
* Copyright (c) 2006-2015 Varnish Software AS |
| 3 |
|
* All rights reserved. |
| 4 |
|
* |
| 5 |
|
* Author: Poul-Henning Kamp <phk@phk.freebsd.dk> |
| 6 |
|
* |
| 7 |
|
* SPDX-License-Identifier: BSD-2-Clause |
| 8 |
|
* |
| 9 |
|
* Redistribution and use in source and binary forms, with or without |
| 10 |
|
* modification, are permitted provided that the following conditions |
| 11 |
|
* are met: |
| 12 |
|
* 1. Redistributions of source code must retain the above copyright |
| 13 |
|
* notice, this list of conditions and the following disclaimer. |
| 14 |
|
* 2. Redistributions in binary form must reproduce the above copyright |
| 15 |
|
* notice, this list of conditions and the following disclaimer in the |
| 16 |
|
* documentation and/or other materials provided with the distribution. |
| 17 |
|
* |
| 18 |
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| 19 |
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 20 |
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 21 |
|
* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE |
| 22 |
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 23 |
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 24 |
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 25 |
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 26 |
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 27 |
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 28 |
|
* SUCH DAMAGE. |
| 29 |
|
* |
| 30 |
|
* The mechanics of handling the child process |
| 31 |
|
*/ |
| 32 |
|
|
| 33 |
|
#include "config.h" |
| 34 |
|
|
| 35 |
|
#include <sys/types.h> |
| 36 |
|
|
| 37 |
|
#include <poll.h> |
| 38 |
|
#include <stdarg.h> |
| 39 |
|
#include <stdio.h> |
| 40 |
|
#include <string.h> |
| 41 |
|
#include <syslog.h> |
| 42 |
|
#include <unistd.h> |
| 43 |
|
#include <sys/types.h> |
| 44 |
|
#include <sys/socket.h> |
| 45 |
|
#include <sys/time.h> |
| 46 |
|
#include <sys/resource.h> |
| 47 |
|
|
| 48 |
|
#include "mgt.h" |
| 49 |
|
#include "acceptor/cache_acceptor.h" |
| 50 |
|
#include "acceptor/mgt_acceptor.h" |
| 51 |
|
|
| 52 |
|
#include "vapi/vsig.h" |
| 53 |
|
|
| 54 |
|
#include "vbm.h" |
| 55 |
|
#include "vcli_serve.h" |
| 56 |
|
#include "vev.h" |
| 57 |
|
#include "vfil.h" |
| 58 |
|
#include "vlu.h" |
| 59 |
|
#include "vtim.h" |
| 60 |
|
|
| 61 |
|
#include "common/heritage.h" |
| 62 |
|
|
| 63 |
|
static pid_t child_pid = -1; |
| 64 |
|
|
| 65 |
|
static struct vbitmap *fd_map; |
| 66 |
|
|
| 67 |
|
static int child_cli_fd = -1; |
| 68 |
|
static int child_output = -1; |
| 69 |
|
|
| 70 |
|
static enum { |
| 71 |
|
CH_STOPPED = 0, |
| 72 |
|
CH_STARTING = 1, |
| 73 |
|
CH_RUNNING = 2, |
| 74 |
|
CH_STOPPING = 3, |
| 75 |
|
CH_DIED = 4 |
| 76 |
|
} child_state = CH_STOPPED; |
| 77 |
|
|
| 78 |
|
static const char * const ch_state[] = { |
| 79 |
|
[CH_STOPPED] = "stopped", |
| 80 |
|
[CH_STARTING] = "starting", |
| 81 |
|
[CH_RUNNING] = "running", |
| 82 |
|
[CH_STOPPING] = "stopping", |
| 83 |
|
[CH_DIED] = "died, (restarting)", |
| 84 |
|
}; |
| 85 |
|
|
| 86 |
|
static struct vev *ev_poker; |
| 87 |
|
static struct vev *ev_listen; |
| 88 |
|
static struct vlu *child_std_vlu; |
| 89 |
|
|
| 90 |
|
static struct vsb *child_panic = NULL; |
| 91 |
|
|
| 92 |
|
static void mgt_reap_child(void); |
| 93 |
|
static int kill_child(void); |
| 94 |
|
|
| 95 |
|
/*===================================================================== |
| 96 |
|
* Panic string evacuation and handling |
| 97 |
|
*/ |
| 98 |
|
|
| 99 |
|
static void |
| 100 |
13 |
mgt_panic_record(pid_t r) |
| 101 |
|
{ |
| 102 |
|
char time_str[30]; |
| 103 |
|
|
| 104 |
13 |
if (child_panic != NULL) |
| 105 |
0 |
VSB_destroy(&child_panic); |
| 106 |
13 |
child_panic = VSB_new_auto(); |
| 107 |
13 |
AN(child_panic); |
| 108 |
13 |
VTIM_format(VTIM_real(), time_str); |
| 109 |
26 |
VSB_printf(child_panic, "Child (%jd) Panic at: %s\n", |
| 110 |
13 |
(intmax_t)r, time_str); |
| 111 |
26 |
VSB_quote(child_panic, heritage.panic_str, |
| 112 |
13 |
strnlen(heritage.panic_str, heritage.panic_str_len), |
| 113 |
|
VSB_QUOTE_NONL); |
| 114 |
13 |
MGT_ComplainVSB(C_ERR, child_panic); |
| 115 |
13 |
} |
| 116 |
|
|
| 117 |
|
static void |
| 118 |
11 |
mgt_panic_clear(void) |
| 119 |
|
{ |
| 120 |
11 |
VSB_destroy(&child_panic); |
| 121 |
11 |
} |
| 122 |
|
|
| 123 |
|
static void |
| 124 |
955 |
cli_panic_show(struct cli *cli, const char * const *av, int json) |
| 125 |
|
{ |
| 126 |
955 |
if (!child_panic) { |
| 127 |
944 |
VCLI_SetResult(cli, CLIS_CANT); |
| 128 |
944 |
VCLI_Out(cli, |
| 129 |
|
"Child has not panicked or panic has been cleared"); |
| 130 |
944 |
return; |
| 131 |
|
} |
| 132 |
|
|
| 133 |
11 |
if (!json) { |
| 134 |
7 |
VCLI_Out(cli, "%s\n", VSB_data(child_panic)); |
| 135 |
7 |
return; |
| 136 |
|
} |
| 137 |
|
|
| 138 |
4 |
VCLI_JSON_begin(cli, 2, av); |
| 139 |
4 |
VCLI_Out(cli, ",\n"); |
| 140 |
4 |
VCLI_JSON_str(cli, VSB_data(child_panic)); |
| 141 |
4 |
VCLI_JSON_end(cli); |
| 142 |
955 |
} |
| 143 |
|
|
| 144 |
|
static void v_matchproto_(cli_func_t) |
| 145 |
951 |
mch_cli_panic_show(struct cli *cli, const char * const *av, void *priv) |
| 146 |
|
{ |
| 147 |
951 |
(void)priv; |
| 148 |
951 |
cli_panic_show(cli, av, 0); |
| 149 |
951 |
} |
| 150 |
|
|
| 151 |
|
static void v_matchproto_(cli_func_t) |
| 152 |
4 |
mch_cli_panic_show_json(struct cli *cli, const char * const *av, void *priv) |
| 153 |
|
{ |
| 154 |
4 |
(void)priv; |
| 155 |
4 |
cli_panic_show(cli, av, 1); |
| 156 |
4 |
} |
| 157 |
|
|
| 158 |
|
static void v_matchproto_(cli_func_t) |
| 159 |
14 |
mch_cli_panic_clear(struct cli *cli, const char * const *av, void *priv) |
| 160 |
|
{ |
| 161 |
14 |
(void)priv; |
| 162 |
|
|
| 163 |
14 |
if (av[2] != NULL && strcmp(av[2], "-z")) { |
| 164 |
0 |
VCLI_SetResult(cli, CLIS_PARAM); |
| 165 |
0 |
VCLI_Out(cli, "Unknown parameter \"%s\".", av[2]); |
| 166 |
0 |
return; |
| 167 |
2 |
} else if (av[2] != NULL) { |
| 168 |
2 |
VSC_C_mgt->child_panic = 0; |
| 169 |
2 |
if (child_panic == NULL) |
| 170 |
1 |
return; |
| 171 |
1 |
} |
| 172 |
13 |
if (child_panic == NULL) { |
| 173 |
2 |
VCLI_SetResult(cli, CLIS_CANT); |
| 174 |
2 |
VCLI_Out(cli, "No panic to clear"); |
| 175 |
2 |
return; |
| 176 |
|
} |
| 177 |
11 |
mgt_panic_clear(); |
| 178 |
14 |
} |
| 179 |
|
|
| 180 |
|
/*===================================================================== |
| 181 |
|
* Track the highest file descriptor the parent knows is being used. |
| 182 |
|
* |
| 183 |
|
* This allows the child process to clean/close only a small fraction |
| 184 |
|
* of the possible file descriptors after exec(2). |
| 185 |
|
* |
| 186 |
|
* This is likely to a bit on the low side, as libc and other libraries |
| 187 |
|
* has a tendency to cache file descriptors (syslog, resolver, etc.) |
| 188 |
|
* so we add a margin of 10 fds. |
| 189 |
|
* |
| 190 |
|
* For added safety, we check that we see no file descriptor open for |
| 191 |
|
* another margin above the limit for which we close by design |
| 192 |
|
*/ |
| 193 |
|
|
| 194 |
|
static int mgt_max_fd; |
| 195 |
|
|
| 196 |
|
#define CLOSE_FD_UP_TO (mgt_max_fd + 10) |
| 197 |
|
#define CHECK_FD_UP_TO (CLOSE_FD_UP_TO + 10) |
| 198 |
|
|
| 199 |
|
void |
| 200 |
9865 |
MCH_TrackHighFd(int fd) |
| 201 |
|
{ |
| 202 |
|
/* |
| 203 |
|
* Assert > 0, to catch bogus opens, we know where stdin goes |
| 204 |
|
* in the master process. |
| 205 |
|
*/ |
| 206 |
9865 |
assert(fd > 0); |
| 207 |
9865 |
mgt_max_fd = vmax(mgt_max_fd, fd); |
| 208 |
9865 |
} |
| 209 |
|
|
| 210 |
|
/*-------------------------------------------------------------------- |
| 211 |
|
* Keep track of which filedescriptors the child should inherit and |
| 212 |
|
* which should be closed after fork() |
| 213 |
|
*/ |
| 214 |
|
|
| 215 |
|
void |
| 216 |
5887 |
MCH_Fd_Inherit(int fd, const char *what) |
| 217 |
|
{ |
| 218 |
|
|
| 219 |
5887 |
assert(fd >= 0); |
| 220 |
|
// XXX why? |
| 221 |
5887 |
if (fd > 0) |
| 222 |
5887 |
MCH_TrackHighFd(fd); |
| 223 |
10797 |
if (fd_map == NULL) |
| 224 |
977 |
fd_map = vbit_new(128); |
| 225 |
5887 |
AN(fd_map); |
| 226 |
5887 |
if (what != NULL) |
| 227 |
3950 |
vbit_set(fd_map, fd); |
| 228 |
|
else |
| 229 |
1937 |
vbit_clr(fd_map, fd); |
| 230 |
5887 |
} |
| 231 |
|
|
| 232 |
|
/*===================================================================== |
| 233 |
|
* Listen to stdout+stderr from the child |
| 234 |
|
*/ |
| 235 |
|
|
| 236 |
|
static const char *whining_child = C_ERR; |
| 237 |
|
|
| 238 |
|
static int v_matchproto_(vlu_f) |
| 239 |
2668 |
child_line(void *priv, const char *p) |
| 240 |
|
{ |
| 241 |
2668 |
(void)priv; |
| 242 |
|
|
| 243 |
2668 |
MGT_Complain(whining_child, "Child (%jd) said %s", (intmax_t)child_pid, p); |
| 244 |
2668 |
return (0); |
| 245 |
|
} |
| 246 |
|
|
| 247 |
|
/*-------------------------------------------------------------------- |
| 248 |
|
* NB: Notice cleanup call from mgt_reap_child() |
| 249 |
|
*/ |
| 250 |
|
|
| 251 |
|
static int v_matchproto_(vev_cb_f) |
| 252 |
4229 |
child_listener(const struct vev *e, int what) |
| 253 |
|
{ |
| 254 |
|
|
| 255 |
4229 |
if ((what & ~VEV__RD) || VLU_Fd(child_std_vlu, child_output)) { |
| 256 |
9 |
ev_listen = NULL; |
| 257 |
9 |
if (e != NULL) |
| 258 |
9 |
mgt_reap_child(); |
| 259 |
2151 |
return (1); |
| 260 |
|
} |
| 261 |
2078 |
return (0); |
| 262 |
4229 |
} |
| 263 |
|
|
| 264 |
|
/*===================================================================== |
| 265 |
|
* Periodically poke the child, to see that it still lives |
| 266 |
|
*/ |
| 267 |
|
|
| 268 |
|
static int v_matchproto_(vev_cb_f) |
| 269 |
180 |
child_poker(const struct vev *e, int what) |
| 270 |
|
{ |
| 271 |
180 |
char *r = NULL; |
| 272 |
|
unsigned status; |
| 273 |
|
|
| 274 |
180 |
(void)e; |
| 275 |
180 |
(void)what; |
| 276 |
180 |
if (child_state != CH_RUNNING) |
| 277 |
0 |
return (1); |
| 278 |
180 |
if (child_pid < 0) |
| 279 |
0 |
return (0); |
| 280 |
180 |
if (mgt_cli_askchild(&status, &r, "ping\n") || strncmp("PONG ", r, 5)) { |
| 281 |
0 |
MGT_Complain(C_ERR, "Unexpected reply from ping: %u %s", |
| 282 |
0 |
status, r); |
| 283 |
0 |
if (status != CLIS_COMMS) |
| 284 |
0 |
MCH_Cli_Fail(); |
| 285 |
0 |
} |
| 286 |
180 |
free(r); |
| 287 |
180 |
return (0); |
| 288 |
180 |
} |
| 289 |
|
|
| 290 |
|
/*===================================================================== |
| 291 |
|
* Launch the child process |
| 292 |
|
*/ |
| 293 |
|
|
| 294 |
|
#define mgt_launch_err(cli, status, ...) do { \ |
| 295 |
|
MGT_Complain(C_ERR, __VA_ARGS__); \ |
| 296 |
|
if (cli == NULL) \ |
| 297 |
|
break; \ |
| 298 |
|
VCLI_Out(cli, __VA_ARGS__); \ |
| 299 |
|
VCLI_SetResult(cli, status); \ |
| 300 |
|
} while (0) |
| 301 |
|
|
| 302 |
|
static void |
| 303 |
962 |
mgt_launch_child(struct cli *cli) |
| 304 |
|
{ |
| 305 |
|
pid_t pid; |
| 306 |
|
unsigned u; |
| 307 |
|
char *p; |
| 308 |
|
struct vev *e; |
| 309 |
|
int i, cp[2]; |
| 310 |
|
struct rlimit rl[1]; |
| 311 |
|
vtim_dur dstart; |
| 312 |
|
int bstart; |
| 313 |
|
vtim_mono t0; |
| 314 |
|
|
| 315 |
962 |
if (child_state != CH_STOPPED && child_state != CH_DIED) |
| 316 |
0 |
return; |
| 317 |
|
|
| 318 |
962 |
child_state = CH_STARTING; |
| 319 |
|
|
| 320 |
|
/* Open pipe for mgt->child CLI */ |
| 321 |
962 |
AZ(socketpair(AF_UNIX, SOCK_STREAM, 0, cp)); |
| 322 |
962 |
heritage.cli_fd = cp[0]; |
| 323 |
962 |
assert(cp[0] > STDERR_FILENO); // See #2782 |
| 324 |
962 |
assert(cp[1] > STDERR_FILENO); |
| 325 |
962 |
MCH_Fd_Inherit(heritage.cli_fd, "cli_fd"); |
| 326 |
962 |
child_cli_fd = cp[1]; |
| 327 |
|
|
| 328 |
|
/* |
| 329 |
|
* Open pipe for child stdout/err |
| 330 |
|
* NB: not inherited, because we dup2() it to stdout/stderr in child |
| 331 |
|
*/ |
| 332 |
962 |
AZ(pipe(cp)); |
| 333 |
962 |
heritage.std_fd = cp[1]; |
| 334 |
962 |
child_output = cp[0]; |
| 335 |
|
|
| 336 |
962 |
mgt_SHM_ChildNew(); |
| 337 |
|
|
| 338 |
962 |
AN(heritage.param); |
| 339 |
962 |
AN(heritage.panic_str); |
| 340 |
962 |
VJ_master(JAIL_MASTER_SYSTEM); |
| 341 |
962 |
if ((pid = fork()) < 0) { |
| 342 |
0 |
VJ_master(JAIL_MASTER_LOW); |
| 343 |
0 |
perror("Could not fork child"); |
| 344 |
0 |
exit(1); // XXX Harsh ? |
| 345 |
|
} |
| 346 |
1904 |
if (pid == 0) { |
| 347 |
|
|
| 348 |
942 |
if (MGT_FEATURE(FEATURE_NO_COREDUMP)) { |
| 349 |
15 |
memset(rl, 0, sizeof *rl); |
| 350 |
15 |
rl->rlim_cur = 0; |
| 351 |
15 |
AZ(setrlimit(RLIMIT_CORE, rl)); |
| 352 |
15 |
} |
| 353 |
|
|
| 354 |
|
/* Redirect stdin/out/err */ |
| 355 |
942 |
VFIL_null_fd(STDIN_FILENO); |
| 356 |
942 |
assert(dup2(heritage.std_fd, STDOUT_FILENO) == STDOUT_FILENO); |
| 357 |
942 |
assert(dup2(heritage.std_fd, STDERR_FILENO) == STDERR_FILENO); |
| 358 |
|
|
| 359 |
942 |
setbuf(stdout, NULL); |
| 360 |
942 |
setbuf(stderr, NULL); |
| 361 |
942 |
printf("Child starts\n"); |
| 362 |
|
|
| 363 |
|
/* |
| 364 |
|
* Close all FDs the child shouldn't know about |
| 365 |
|
* |
| 366 |
|
* We cannot just close these filedescriptors, some random |
| 367 |
|
* library routine might miss it later on and wantonly close |
| 368 |
|
* a FD we use at that point in time. (See bug #1841). |
| 369 |
|
* We close the FD and replace it with /dev/null instead, |
| 370 |
|
* That prevents security leakage, and gives the library |
| 371 |
|
* code a valid FD to close when it discovers the changed |
| 372 |
|
* circumstances. |
| 373 |
|
*/ |
| 374 |
942 |
closelog(); |
| 375 |
|
|
| 376 |
21676 |
for (i = STDERR_FILENO + 1; i <= CLOSE_FD_UP_TO; i++) { |
| 377 |
20734 |
if (vbit_test(fd_map, i)) |
| 378 |
2837 |
continue; |
| 379 |
17897 |
if (close(i) == 0) |
| 380 |
8469 |
VFIL_null_fd(i); |
| 381 |
17897 |
} |
| 382 |
10362 |
for (i = CLOSE_FD_UP_TO + 1; i <= CHECK_FD_UP_TO; i++) { |
| 383 |
9420 |
assert(close(i) == -1); |
| 384 |
9420 |
assert(errno == EBADF); |
| 385 |
9420 |
} |
| 386 |
|
|
| 387 |
942 |
mgt_ProcTitle("Child"); |
| 388 |
|
|
| 389 |
942 |
heritage.cls = mgt_cls; |
| 390 |
942 |
heritage.ident = VSB_data(vident) + 1; |
| 391 |
|
|
| 392 |
942 |
vext_load(); |
| 393 |
|
|
| 394 |
942 |
STV_Init(); |
| 395 |
|
|
| 396 |
942 |
VJ_subproc(JAIL_SUBPROC_WORKER); |
| 397 |
|
|
| 398 |
|
/* |
| 399 |
|
* We pass these two params because child_main needs them |
| 400 |
|
* well before it has found its own param struct. |
| 401 |
|
*/ |
| 402 |
1884 |
child_main(mgt_param.sigsegv_handler, |
| 403 |
942 |
mgt_param.wthread_stacksize); |
| 404 |
|
|
| 405 |
|
/* |
| 406 |
|
* It would be natural to clean VSMW up here, but it is apt |
| 407 |
|
* to fail in some scenarios because of the fall-back |
| 408 |
|
* "rm -rf" in mgt_SHM_ChildDestroy() which is there to |
| 409 |
|
* catch the cases were we don't get here. |
| 410 |
|
*/ |
| 411 |
|
// VSMW_Destroy(&heritage.proc_vsmw); |
| 412 |
|
|
| 413 |
942 |
exit(0); |
| 414 |
|
} |
| 415 |
962 |
VJ_master(JAIL_MASTER_LOW); |
| 416 |
962 |
assert(pid > 1); |
| 417 |
962 |
MGT_Complain(C_DEBUG, "Child (%jd) Started", (intmax_t)pid); |
| 418 |
962 |
VSC_C_mgt->child_start++; |
| 419 |
|
|
| 420 |
|
/* Close stuff the child got */ |
| 421 |
962 |
closefd(&heritage.std_fd); |
| 422 |
|
|
| 423 |
962 |
MCH_Fd_Inherit(heritage.cli_fd, NULL); |
| 424 |
962 |
closefd(&heritage.cli_fd); |
| 425 |
|
|
| 426 |
962 |
child_std_vlu = VLU_New(child_line, NULL, 0); |
| 427 |
962 |
AN(child_std_vlu); |
| 428 |
|
|
| 429 |
|
/* Wait for cache/cache_cli.c::CLI_Run() to check in */ |
| 430 |
962 |
bstart = mgt_param.startup_timeout >= mgt_param.cli_timeout; |
| 431 |
962 |
dstart = bstart ? mgt_param.startup_timeout : mgt_param.cli_timeout; |
| 432 |
962 |
t0 = VTIM_mono(); |
| 433 |
962 |
u = mgt_cli_start_child(child_cli_fd, dstart); |
| 434 |
962 |
if (u != CLIS_OK) { |
| 435 |
11 |
assert(u == CLIS_COMMS); |
| 436 |
11 |
if (VTIM_mono() - t0 < dstart) |
| 437 |
7 |
mgt_launch_err(cli, u, "Child failed on launch "); |
| 438 |
|
else |
| 439 |
4 |
mgt_launch_err(cli, u, "Child failed on launch " |
| 440 |
|
"within %s_timeout=%.2fs%s", |
| 441 |
|
bstart ? "startup" : "cli", dstart, |
| 442 |
|
bstart ? "" : " (tip: set startup_timeout)"); |
| 443 |
11 |
child_pid = pid; |
| 444 |
11 |
(void)kill_child(); |
| 445 |
11 |
mgt_reap_child(); |
| 446 |
11 |
child_state = CH_STOPPED; |
| 447 |
11 |
return; |
| 448 |
|
} else { |
| 449 |
951 |
assert(u == CLIS_OK); |
| 450 |
951 |
fprintf(stderr, "Child launched OK\n"); |
| 451 |
|
} |
| 452 |
951 |
whining_child = C_INFO; |
| 453 |
|
|
| 454 |
951 |
AZ(ev_listen); |
| 455 |
951 |
e = VEV_Alloc(); |
| 456 |
951 |
XXXAN(e); |
| 457 |
951 |
e->fd = child_output; |
| 458 |
951 |
e->fd_flags = VEV__RD; |
| 459 |
951 |
e->name = "Child listener"; |
| 460 |
951 |
e->callback = child_listener; |
| 461 |
951 |
AZ(VEV_Start(mgt_evb, e)); |
| 462 |
951 |
ev_listen = e; |
| 463 |
951 |
AZ(ev_poker); |
| 464 |
951 |
if (mgt_param.ping_interval > 0) { |
| 465 |
951 |
e = VEV_Alloc(); |
| 466 |
951 |
XXXAN(e); |
| 467 |
951 |
e->timeout = mgt_param.ping_interval; |
| 468 |
951 |
e->callback = child_poker; |
| 469 |
951 |
e->name = "child poker"; |
| 470 |
951 |
AZ(VEV_Start(mgt_evb, e)); |
| 471 |
951 |
ev_poker = e; |
| 472 |
951 |
} |
| 473 |
|
|
| 474 |
951 |
child_pid = pid; |
| 475 |
|
|
| 476 |
951 |
if (mgt_push_vcls(cli, &u, &p)) { |
| 477 |
1 |
mgt_launch_err(cli, u, "Child (%jd) Pushing vcls failed:\n%s", |
| 478 |
|
(intmax_t)child_pid, p); |
| 479 |
1 |
free(p); |
| 480 |
1 |
MCH_Stop_Child(); |
| 481 |
1 |
return; |
| 482 |
|
} |
| 483 |
|
|
| 484 |
950 |
if (mgt_cli_askchild(&u, &p, "start\n")) { |
| 485 |
0 |
mgt_launch_err(cli, u, "Child (%jd) Acceptor start failed:\n%s", |
| 486 |
|
(intmax_t)child_pid, p); |
| 487 |
0 |
free(p); |
| 488 |
0 |
MCH_Stop_Child(); |
| 489 |
0 |
return; |
| 490 |
|
} |
| 491 |
|
|
| 492 |
950 |
free(p); |
| 493 |
950 |
child_state = CH_RUNNING; |
| 494 |
962 |
} |
| 495 |
|
|
| 496 |
|
/*===================================================================== |
| 497 |
|
* Cleanup when child dies. |
| 498 |
|
*/ |
| 499 |
|
|
| 500 |
|
static int |
| 501 |
14 |
kill_child(void) |
| 502 |
|
{ |
| 503 |
|
int i, error; |
| 504 |
|
|
| 505 |
14 |
VJ_master(JAIL_MASTER_KILL); |
| 506 |
14 |
i = kill(child_pid, SIGQUIT); |
| 507 |
14 |
error = errno; |
| 508 |
14 |
VJ_master(JAIL_MASTER_LOW); |
| 509 |
14 |
errno = error; |
| 510 |
14 |
return (i); |
| 511 |
|
} |
| 512 |
|
|
| 513 |
|
static void |
| 514 |
962 |
mgt_reap_child(void) |
| 515 |
|
{ |
| 516 |
|
int i; |
| 517 |
962 |
int status = 0xffff; |
| 518 |
|
struct vsb *vsb; |
| 519 |
962 |
pid_t r = 0; |
| 520 |
|
|
| 521 |
962 |
assert(child_pid != -1); |
| 522 |
|
|
| 523 |
|
/* |
| 524 |
|
* Close the CLI connections |
| 525 |
|
* This signals orderly shut down to child |
| 526 |
|
*/ |
| 527 |
962 |
mgt_cli_stop_child(); |
| 528 |
962 |
if (child_cli_fd >= 0) |
| 529 |
962 |
closefd(&child_cli_fd); |
| 530 |
|
|
| 531 |
|
/* Stop the poker */ |
| 532 |
973 |
if (ev_poker != NULL) { |
| 533 |
951 |
VEV_Stop(mgt_evb, ev_poker); |
| 534 |
951 |
free(ev_poker); |
| 535 |
951 |
ev_poker = NULL; |
| 536 |
951 |
} |
| 537 |
|
|
| 538 |
|
/* Stop the listener */ |
| 539 |
960 |
if (ev_listen != NULL) { |
| 540 |
942 |
VEV_Stop(mgt_evb, ev_listen); |
| 541 |
942 |
free(ev_listen); |
| 542 |
942 |
ev_listen = NULL; |
| 543 |
942 |
} |
| 544 |
|
|
| 545 |
|
/* Compose obituary */ |
| 546 |
962 |
vsb = VSB_new_auto(); |
| 547 |
962 |
XXXAN(vsb); |
| 548 |
|
|
| 549 |
962 |
(void)VFIL_nonblocking(child_output); |
| 550 |
|
/* Wait for child to die */ |
| 551 |
2152 |
for (i = 0; i < mgt_param.cli_timeout * 10; i++) { |
| 552 |
2151 |
(void)child_listener(NULL, VEV__RD); |
| 553 |
2151 |
r = waitpid(child_pid, &status, WNOHANG); |
| 554 |
2151 |
if (r == child_pid) |
| 555 |
961 |
break; |
| 556 |
1190 |
VTIM_sleep(0.1); |
| 557 |
1190 |
} |
| 558 |
1921 |
if (r == 0) { |
| 559 |
2 |
VSB_printf(vsb, "Child (%jd) not dying (waitpid = %jd)," |
| 560 |
1 |
" killing\n", (intmax_t)child_pid, (intmax_t)r); |
| 561 |
|
|
| 562 |
|
/* Kick it Jim... */ |
| 563 |
1 |
(void)kill_child(); |
| 564 |
1 |
r = waitpid(child_pid, &status, 0); |
| 565 |
1 |
} |
| 566 |
2 |
if (r != child_pid) |
| 567 |
0 |
fprintf(stderr, "WAIT 0x%jd\n", (intmax_t)r); |
| 568 |
962 |
assert(r == child_pid); |
| 569 |
|
|
| 570 |
1924 |
VSB_printf(vsb, "Child (%jd) %s", (intmax_t)r, |
| 571 |
962 |
status ? "died" : "ended"); |
| 572 |
962 |
if (WIFEXITED(status) && WEXITSTATUS(status)) { |
| 573 |
7 |
VSB_printf(vsb, " status=%d", WEXITSTATUS(status)); |
| 574 |
7 |
exit_status |= 0x20; |
| 575 |
7 |
if (WEXITSTATUS(status) == 1) |
| 576 |
0 |
VSC_C_mgt->child_exit++; |
| 577 |
|
else |
| 578 |
7 |
VSC_C_mgt->child_stop++; |
| 579 |
7 |
} |
| 580 |
962 |
if (WIFSIGNALED(status)) { |
| 581 |
15 |
VSB_printf(vsb, " signal=%d", WTERMSIG(status)); |
| 582 |
15 |
exit_status |= 0x40; |
| 583 |
15 |
VSC_C_mgt->child_died++; |
| 584 |
15 |
} |
| 585 |
|
#ifdef WCOREDUMP |
| 586 |
28 |
if (WCOREDUMP(status)) { |
| 587 |
2 |
VSB_cat(vsb, " (core dumped)"); |
| 588 |
2 |
if (!MGT_FEATURE(FEATURE_NO_COREDUMP)) |
| 589 |
2 |
exit_status |= 0x80; |
| 590 |
2 |
VSC_C_mgt->child_dump++; |
| 591 |
2 |
} |
| 592 |
|
#endif |
| 593 |
13 |
MGT_ComplainVSB(status ? C_ERR : C_INFO, vsb); |
| 594 |
13 |
VSB_destroy(&vsb); |
| 595 |
|
|
| 596 |
|
/* Dispose of shared memory but evacuate panic messages first */ |
| 597 |
13 |
if (heritage.panic_str[0] != '\0') { |
| 598 |
13 |
mgt_panic_record(r); |
| 599 |
13 |
VSC_C_mgt->child_panic++; |
| 600 |
13 |
} |
| 601 |
|
|
| 602 |
17 |
mgt_SHM_ChildDestroy(); |
| 603 |
|
|
| 604 |
17 |
if (child_state == CH_RUNNING) |
| 605 |
9 |
child_state = CH_DIED; |
| 606 |
|
|
| 607 |
|
/* Pick up any stuff lingering on stdout/stderr */ |
| 608 |
962 |
(void)child_listener(NULL, VEV__RD); |
| 609 |
962 |
closefd(&child_output); |
| 610 |
962 |
VLU_Destroy(&child_std_vlu); |
| 611 |
|
|
| 612 |
962 |
child_pid = -1; |
| 613 |
|
|
| 614 |
962 |
MGT_Complain(C_DEBUG, "Child cleanup complete"); |
| 615 |
|
|
| 616 |
|
/* XXX number of retries? interval? */ |
| 617 |
962 |
for (i = 0; i < 3; i++) { |
| 618 |
962 |
if (VCA_reopen_sockets() == 0) |
| 619 |
962 |
break; |
| 620 |
|
/* error already logged */ |
| 621 |
0 |
(void)sleep(1); |
| 622 |
0 |
} |
| 623 |
962 |
if (i == 3) { |
| 624 |
|
/* We failed to reopen our listening sockets. No choice |
| 625 |
|
* but to exit. */ |
| 626 |
0 |
MGT_Complain(C_ERR, |
| 627 |
|
"Could not reopen listening sockets. Exiting."); |
| 628 |
0 |
exit(1); |
| 629 |
|
} |
| 630 |
|
|
| 631 |
962 |
if (child_state == CH_DIED && mgt_param.auto_restart) |
| 632 |
0 |
mgt_launch_child(NULL); |
| 633 |
962 |
else if (child_state == CH_DIED) |
| 634 |
9 |
child_state = CH_STOPPED; |
| 635 |
953 |
else if (child_state == CH_STOPPING) |
| 636 |
942 |
child_state = CH_STOPPED; |
| 637 |
962 |
} |
| 638 |
|
|
| 639 |
|
/*===================================================================== |
| 640 |
|
* If CLI communications with the child process fails, there is nothing |
| 641 |
|
* for us to do but to drag it behind the barn and get it over with. |
| 642 |
|
* |
| 643 |
|
* The typical case is where the child process fails to return a reply |
| 644 |
|
* before the cli_timeout expires. This invalidates the CLI pipes for |
| 645 |
|
* all future use, as we don't know if the child was just slow and the |
| 646 |
|
* result gets piped later on, or if the child is catatonic. |
| 647 |
|
*/ |
| 648 |
|
|
| 649 |
|
void |
| 650 |
2 |
MCH_Cli_Fail(void) |
| 651 |
|
{ |
| 652 |
|
|
| 653 |
2 |
if (child_state != CH_RUNNING && child_state != CH_STARTING) |
| 654 |
0 |
return; |
| 655 |
2 |
if (child_pid < 0) |
| 656 |
0 |
return; |
| 657 |
2 |
if (kill_child() == 0) |
| 658 |
2 |
MGT_Complain(C_ERR, "Child (%jd) not responding to CLI," |
| 659 |
2 |
" killed it.", (intmax_t)child_pid); |
| 660 |
|
else |
| 661 |
0 |
MGT_Complain(C_ERR, "Failed to kill child with PID %jd: %s", |
| 662 |
0 |
(intmax_t)child_pid, VAS_errtxt(errno)); |
| 663 |
2 |
} |
| 664 |
|
|
| 665 |
|
/*===================================================================== |
| 666 |
|
* Controlled stop of child process |
| 667 |
|
* |
| 668 |
|
* Reaping the child asks for orderly shutdown |
| 669 |
|
*/ |
| 670 |
|
|
| 671 |
|
void |
| 672 |
1893 |
MCH_Stop_Child(void) |
| 673 |
|
{ |
| 674 |
|
|
| 675 |
1893 |
if (child_state != CH_RUNNING && child_state != CH_STARTING) |
| 676 |
951 |
return; |
| 677 |
|
|
| 678 |
942 |
child_state = CH_STOPPING; |
| 679 |
|
|
| 680 |
942 |
MGT_Complain(C_DEBUG, "Stopping Child"); |
| 681 |
|
|
| 682 |
942 |
mgt_reap_child(); |
| 683 |
1893 |
} |
| 684 |
|
|
| 685 |
|
/*===================================================================== |
| 686 |
|
*/ |
| 687 |
|
|
| 688 |
|
int |
| 689 |
9 |
MCH_Start_Child(void) |
| 690 |
|
{ |
| 691 |
9 |
mgt_launch_child(NULL); |
| 692 |
9 |
if (child_state != CH_RUNNING) |
| 693 |
8 |
return (2); |
| 694 |
1 |
return (0); |
| 695 |
9 |
} |
| 696 |
|
|
| 697 |
|
/*==================================================================== |
| 698 |
|
* Query if the child is running |
| 699 |
|
*/ |
| 700 |
|
|
| 701 |
|
int |
| 702 |
15019 |
MCH_Running(void) |
| 703 |
|
{ |
| 704 |
|
|
| 705 |
15019 |
return (child_pid > 0); |
| 706 |
|
} |
| 707 |
|
|
| 708 |
|
/*===================================================================== |
| 709 |
|
* CLI commands |
| 710 |
|
*/ |
| 711 |
|
|
| 712 |
|
static void v_matchproto_(cli_func_t) |
| 713 |
2 |
mch_pid(struct cli *cli, const char * const *av, void *priv) |
| 714 |
|
{ |
| 715 |
|
|
| 716 |
2 |
(void)av; |
| 717 |
2 |
(void)priv; |
| 718 |
2 |
VCLI_Out(cli, "Master: %10jd\n", (intmax_t)getpid()); |
| 719 |
2 |
if (!MCH_Running()) |
| 720 |
1 |
return; |
| 721 |
1 |
VCLI_Out(cli, "Worker: %10jd\n", (intmax_t)child_pid); |
| 722 |
2 |
} |
| 723 |
|
|
| 724 |
|
static void v_matchproto_(cli_func_t) |
| 725 |
2 |
mch_pid_json(struct cli *cli, const char * const *av, void *priv) |
| 726 |
|
{ |
| 727 |
|
|
| 728 |
2 |
(void)priv; |
| 729 |
2 |
VCLI_JSON_begin(cli, 2, av); |
| 730 |
2 |
VCLI_Out(cli, ",\n {\"master\": %jd", (intmax_t)getpid()); |
| 731 |
2 |
if (MCH_Running()) |
| 732 |
1 |
VCLI_Out(cli, ", \"worker\": %jd", (intmax_t)child_pid); |
| 733 |
2 |
VCLI_Out(cli, "}"); |
| 734 |
2 |
VCLI_JSON_end(cli); |
| 735 |
2 |
} |
| 736 |
|
|
| 737 |
|
static void v_matchproto_(cli_func_t) |
| 738 |
958 |
mch_cli_server_start(struct cli *cli, const char * const *av, void *priv) |
| 739 |
|
{ |
| 740 |
|
const char *err; |
| 741 |
|
|
| 742 |
958 |
(void)av; |
| 743 |
958 |
(void)priv; |
| 744 |
958 |
if (child_state == CH_STOPPED) { |
| 745 |
954 |
err = mgt_has_vcl(); |
| 746 |
954 |
if (err == NULL) { |
| 747 |
953 |
mgt_launch_child(cli); |
| 748 |
953 |
} else { |
| 749 |
1 |
VCLI_SetResult(cli, CLIS_CANT); |
| 750 |
1 |
VCLI_Out(cli, "%s", err); |
| 751 |
|
} |
| 752 |
954 |
} else { |
| 753 |
4 |
VCLI_SetResult(cli, CLIS_CANT); |
| 754 |
4 |
VCLI_Out(cli, "Child in state %s", ch_state[child_state]); |
| 755 |
|
} |
| 756 |
958 |
} |
| 757 |
|
|
| 758 |
|
static void v_matchproto_(cli_func_t) |
| 759 |
1008 |
mch_cli_server_stop(struct cli *cli, const char * const *av, void *priv) |
| 760 |
|
{ |
| 761 |
|
|
| 762 |
1008 |
(void)av; |
| 763 |
1008 |
(void)priv; |
| 764 |
1008 |
if (child_state == CH_RUNNING) { |
| 765 |
938 |
MCH_Stop_Child(); |
| 766 |
938 |
} else { |
| 767 |
70 |
VCLI_SetResult(cli, CLIS_CANT); |
| 768 |
70 |
VCLI_Out(cli, "Child in state %s", ch_state[child_state]); |
| 769 |
|
} |
| 770 |
1008 |
} |
| 771 |
|
|
| 772 |
|
static void v_matchproto_(cli_func_t) |
| 773 |
1950 |
mch_cli_server_status(struct cli *cli, const char * const *av, void *priv) |
| 774 |
|
{ |
| 775 |
1950 |
(void)av; |
| 776 |
1950 |
(void)priv; |
| 777 |
1950 |
VCLI_Out(cli, "Child in state %s", ch_state[child_state]); |
| 778 |
1950 |
} |
| 779 |
|
|
| 780 |
|
static void v_matchproto_(cli_func_t) |
| 781 |
8 |
mch_cli_server_status_json(struct cli *cli, const char * const *av, void *priv) |
| 782 |
|
{ |
| 783 |
8 |
(void)priv; |
| 784 |
8 |
VCLI_JSON_begin(cli, 2, av); |
| 785 |
8 |
VCLI_Out(cli, ", "); |
| 786 |
8 |
VCLI_JSON_str(cli, ch_state[child_state]); |
| 787 |
8 |
VCLI_JSON_end(cli); |
| 788 |
8 |
} |
| 789 |
|
|
| 790 |
|
static struct cli_proto cli_mch[] = { |
| 791 |
|
{ CLICMD_SERVER_STATUS, "", mch_cli_server_status, |
| 792 |
|
mch_cli_server_status_json }, |
| 793 |
|
{ CLICMD_SERVER_START, "", mch_cli_server_start }, |
| 794 |
|
{ CLICMD_SERVER_STOP, "", mch_cli_server_stop }, |
| 795 |
|
{ CLICMD_PANIC_SHOW, "", mch_cli_panic_show, |
| 796 |
|
mch_cli_panic_show_json }, |
| 797 |
|
{ CLICMD_PANIC_CLEAR, "", mch_cli_panic_clear }, |
| 798 |
|
{ CLICMD_PID, "", mch_pid, mch_pid_json }, |
| 799 |
|
{ NULL } |
| 800 |
|
}; |
| 801 |
|
|
| 802 |
|
/*===================================================================== |
| 803 |
|
* This thread is the master thread in the management process. |
| 804 |
|
* The relatively simple task is to start and stop the child process |
| 805 |
|
* and to reincarnate it in case of trouble. |
| 806 |
|
*/ |
| 807 |
|
|
| 808 |
|
void |
| 809 |
962 |
MCH_Init(void) |
| 810 |
|
{ |
| 811 |
|
|
| 812 |
962 |
VCLS_AddFunc(mgt_cls, MCF_AUTH, cli_mch); |
| 813 |
962 |
} |