2014-09-02 16:21:46 -04:00
|
|
|
|
// Copyright 2014 The Crashpad Authors. All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
2014-12-19 16:42:34 -05:00
|
|
|
|
#include "util/posix/close_multiple.h"
|
2014-09-02 16:21:46 -04:00
|
|
|
|
|
|
|
|
|
#include <dirent.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fcntl.h>
|
2014-09-05 12:39:09 -04:00
|
|
|
|
#include <limits.h>
|
2016-10-27 17:02:48 -04:00
|
|
|
|
#include <stdio.h>
|
2014-09-02 16:21:46 -04:00
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
#include <algorithm>
|
2016-04-25 12:13:07 -07:00
|
|
|
|
#include <memory>
|
2014-09-02 16:21:46 -04:00
|
|
|
|
|
2016-10-27 17:02:48 -04:00
|
|
|
|
#include "base/files/scoped_file.h"
|
2014-09-02 16:21:46 -04:00
|
|
|
|
#include "base/logging.h"
|
|
|
|
|
#include "base/posix/eintr_wrapper.h"
|
|
|
|
|
#include "build/build_config.h"
|
2015-09-14 14:51:05 -07:00
|
|
|
|
#include "util/misc/implicit_cast.h"
|
2014-09-02 16:21:46 -04:00
|
|
|
|
#include "util/numeric/safe_assignment.h"
|
|
|
|
|
|
2016-10-27 17:02:48 -04:00
|
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-09-02 16:21:46 -04:00
|
|
|
|
// Everything in this file is expected to execute between fork() and exec(),
|
|
|
|
|
// so everything called here must be acceptable in this context. However,
|
|
|
|
|
// logging code that is not expected to execute under normal circumstances is
|
|
|
|
|
// currently permitted.
|
|
|
|
|
|
|
|
|
|
namespace crashpad {
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
|
|
// This function attempts to close |fd| or mark it as close-on-exec. On systems
|
|
|
|
|
// where close-on-exec is attempted, a failure to mark it close-on-exec will be
|
|
|
|
|
// followed by an attempt to close it. |ebadf_ok| should be set to |true| if
|
|
|
|
|
// the caller is attempting to close the file descriptor “blind,” that is,
|
|
|
|
|
// without knowledge that it is or is not a valid file descriptor.
|
|
|
|
|
void CloseNowOrOnExec(int fd, bool ebadf_ok) {
|
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
|
// Try to set close-on-exec, to avoid attempting to close a guarded FD with
|
|
|
|
|
// a close guard set.
|
|
|
|
|
rv = fcntl(fd, F_SETFD, FD_CLOEXEC);
|
|
|
|
|
if (rv != -1 || (ebadf_ok && errno == EBADF)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
PLOG(WARNING) << "fcntl";
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
rv = IGNORE_EINTR(close(fd));
|
|
|
|
|
if (rv != 0 && !(ebadf_ok && errno == EBADF)) {
|
|
|
|
|
PLOG(WARNING) << "close";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct ScopedDIRCloser {
|
|
|
|
|
void operator()(DIR* dir) const {
|
|
|
|
|
if (dir) {
|
|
|
|
|
if (closedir(dir) < 0) {
|
|
|
|
|
PLOG(ERROR) << "closedir";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2016-04-25 12:13:07 -07:00
|
|
|
|
using ScopedDIR = std::unique_ptr<DIR, ScopedDIRCloser>;
|
2014-09-02 16:21:46 -04:00
|
|
|
|
|
|
|
|
|
// This function implements CloseMultipleNowOrOnExec() using an operating
|
|
|
|
|
// system-specific FD directory to determine which file descriptors are open.
|
|
|
|
|
// This is an advantage over looping over all possible file descriptors, because
|
|
|
|
|
// no attempt needs to be made to close file descriptors that are not open.
|
2014-09-03 18:24:29 -04:00
|
|
|
|
bool CloseMultipleNowOrOnExecUsingFDDir(int fd, int preserve_fd) {
|
2014-09-02 16:21:46 -04:00
|
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
|
const char kFDDir[] = "/dev/fd";
|
2016-10-31 11:23:00 -04:00
|
|
|
|
#elif defined(OS_LINUX) || defined(OS_ANDROID)
|
2014-09-02 16:21:46 -04:00
|
|
|
|
const char kFDDir[] = "/proc/self/fd";
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
DIR* dir = opendir(kFDDir);
|
|
|
|
|
if (!dir) {
|
|
|
|
|
PLOG(WARNING) << "opendir";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ScopedDIR dir_owner(dir);
|
|
|
|
|
|
|
|
|
|
int dir_fd = dirfd(dir);
|
|
|
|
|
if (dir_fd == -1) {
|
|
|
|
|
PLOG(WARNING) << "dirfd";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dirent* result;
|
2016-10-27 17:02:48 -04:00
|
|
|
|
#if defined(OS_LINUX)
|
|
|
|
|
// readdir_r() is deprecated as of glibc 2.24. See
|
|
|
|
|
// https://sourceware.org/bugzilla/show_bug.cgi?id=19056 and
|
|
|
|
|
// https://git.kernel.org/cgit/docs/man-pages/man-pages.git/commit?id=0c52f6d623636a61eacd0f7b7a3bb942793a2a05.
|
|
|
|
|
const char kReaddirName[] = "readdir";
|
|
|
|
|
while ((errno = 0, result = readdir(dir)) != nullptr)
|
|
|
|
|
#else
|
|
|
|
|
const char kReaddirName[] = "readdir_r";
|
|
|
|
|
dirent entry;
|
|
|
|
|
while ((errno = readdir_r(dir, &entry, &result)) == 0 && result != nullptr)
|
|
|
|
|
#endif
|
|
|
|
|
{
|
2014-09-02 16:21:46 -04:00
|
|
|
|
const char* entry_name = &(*result->d_name);
|
|
|
|
|
if (strcmp(entry_name, ".") == 0 || strcmp(entry_name, "..") == 0) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char* end;
|
|
|
|
|
long entry_fd_long = strtol(entry_name, &end, 10);
|
|
|
|
|
if (entry_name[0] == '\0' || *end) {
|
|
|
|
|
LOG(ERROR) << "unexpected entry " << entry_name;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int entry_fd;
|
|
|
|
|
if (!AssignIfInRange(&entry_fd, entry_fd_long)) {
|
|
|
|
|
LOG(ERROR) << "out-of-range fd " << entry_name;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-03 18:24:29 -04:00
|
|
|
|
if (entry_fd >= fd && entry_fd != preserve_fd && entry_fd != dir_fd) {
|
2014-09-02 16:21:46 -04:00
|
|
|
|
CloseNowOrOnExec(entry_fd, false);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-27 17:02:48 -04:00
|
|
|
|
if (errno != 0) {
|
|
|
|
|
PLOG(WARNING) << kReaddirName;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-02 16:21:46 -04:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2014-09-03 18:24:29 -04:00
|
|
|
|
void CloseMultipleNowOrOnExec(int fd, int preserve_fd) {
|
|
|
|
|
if (CloseMultipleNowOrOnExecUsingFDDir(fd, preserve_fd)) {
|
|
|
|
|
return;
|
2014-09-02 16:21:46 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Fallback: close every file descriptor starting at |fd| and ending at the
|
|
|
|
|
// system’s file descriptor limit. Check a few values and use the highest as
|
|
|
|
|
// the limit, because these may be based on the file descriptor limit set by
|
|
|
|
|
// setrlimit(), and higher-numbered file descriptors may have been opened
|
2016-10-27 17:02:48 -04:00
|
|
|
|
// prior to the limit being lowered. On both macOS and Linux glibc, both
|
|
|
|
|
// sysconf() and getdtablesize() return the current RLIMIT_NOFILE value, not
|
|
|
|
|
// the maximum possible file descriptor. For macOS, see 10.11.5
|
|
|
|
|
// Libc-1082.50.1/gen/FreeBSD/sysconf.c sysconf() and 10.11.6
|
|
|
|
|
// xnu-3248.60.10/bsd/kern/kern_descrip.c getdtablesize(). For Linux glibc,
|
|
|
|
|
// see glibc-2.24/sysdeps/posix/sysconf.c __sysconf() and
|
2016-10-31 11:23:00 -04:00
|
|
|
|
// glibc-2.24/sysdeps/posix/getdtsz.c __getdtablesize(). For Android, see
|
|
|
|
|
// 7.0.0 bionic/libc/bionic/sysconf.cpp sysconf() and
|
|
|
|
|
// bionic/libc/bionic/ndk_cruft.cpp getdtablesize().
|
2016-10-27 17:02:48 -04:00
|
|
|
|
int max_fd = implicit_cast<int>(sysconf(_SC_OPEN_MAX));
|
2016-10-31 11:23:00 -04:00
|
|
|
|
|
|
|
|
|
#if !defined(OS_ANDROID)
|
|
|
|
|
// getdtablesize() was removed effective Android 5.0.0 (API 21). Since it
|
|
|
|
|
// returns the same thing as the sysconf() above, just skip it. See
|
|
|
|
|
// https://android.googlesource.com/platform/bionic/+/462abab12b074c62c0999859e65d5a32ebb41951.
|
2014-09-02 16:21:46 -04:00
|
|
|
|
max_fd = std::max(max_fd, getdtablesize());
|
2016-10-31 11:23:00 -04:00
|
|
|
|
#endif
|
2014-09-02 16:21:46 -04:00
|
|
|
|
|
2017-03-23 11:56:15 -04:00
|
|
|
|
#if !(defined(OS_LINUX) || defined(OS_ANDROID)) || defined(OPEN_MAX)
|
2016-10-27 17:02:48 -04:00
|
|
|
|
// Linux does not provide OPEN_MAX. See
|
|
|
|
|
// https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/include/linux/limits.h?id=77293034696e3e0b6c8b8fc1f96be091104b3d2b.
|
|
|
|
|
max_fd = std::max(max_fd, OPEN_MAX);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
// Consult a sysctl to determine the system-wide limit on the maximum number
|
|
|
|
|
// of open files per process. Note that it is possible to change this limit
|
|
|
|
|
// while the system is running, but it’s still a better upper bound than the
|
|
|
|
|
// current RLIMIT_NOFILE value.
|
|
|
|
|
|
|
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
|
// See 10.11.6 xnu-3248.60.10/bsd/kern/kern_resource.c maxfilesperproc,
|
|
|
|
|
// referenced by dosetrlimit().
|
|
|
|
|
int oid[] = {CTL_KERN, KERN_MAXFILESPERPROC};
|
|
|
|
|
int maxfilesperproc;
|
|
|
|
|
size_t maxfilesperproc_size = sizeof(maxfilesperproc);
|
|
|
|
|
if (sysctl(oid,
|
|
|
|
|
arraysize(oid),
|
|
|
|
|
&maxfilesperproc,
|
|
|
|
|
&maxfilesperproc_size,
|
|
|
|
|
nullptr,
|
|
|
|
|
0) == 0) {
|
|
|
|
|
max_fd = std::max(max_fd, maxfilesperproc);
|
|
|
|
|
} else {
|
|
|
|
|
PLOG(WARNING) << "sysctl";
|
|
|
|
|
}
|
2016-10-31 11:23:00 -04:00
|
|
|
|
#elif defined(OS_LINUX) || defined(OS_ANDROID)
|
2016-10-27 17:02:48 -04:00
|
|
|
|
// See linux-4.4.27/fs/file.c sysctl_nr_open, referenced by kernel/sys.c
|
|
|
|
|
// do_prlimit() and kernel/sysctl.c fs_table. Inability to open this file is
|
|
|
|
|
// not considered an error, because /proc may not be available or usable.
|
|
|
|
|
{
|
2017-02-28 16:15:25 -05:00
|
|
|
|
base::ScopedFILE nr_open_file(fopen("/proc/sys/fs/nr_open", "re"));
|
2016-10-27 17:02:48 -04:00
|
|
|
|
if (nr_open_file.get() != nullptr) {
|
|
|
|
|
int nr_open;
|
|
|
|
|
if (fscanf(nr_open_file.get(), "%d\n", &nr_open) == 1 &&
|
|
|
|
|
feof(nr_open_file.get())) {
|
|
|
|
|
max_fd = std::max(max_fd, nr_open);
|
|
|
|
|
} else {
|
|
|
|
|
LOG(WARNING) << "/proc/sys/fs/nr_open format error";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-09-02 16:21:46 -04:00
|
|
|
|
for (int entry_fd = fd; entry_fd < max_fd; ++entry_fd) {
|
2014-09-03 18:24:29 -04:00
|
|
|
|
if (entry_fd != preserve_fd) {
|
|
|
|
|
CloseNowOrOnExec(entry_fd, true);
|
|
|
|
|
}
|
2014-09-02 16:21:46 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace crashpad
|