crashpad/util/posix/close_multiple.cc
Mark Mentovai f735d050c4 Port the util library to Linux
With this change, it is possible to build crashpad_util on Linux. I
built with clang 3.8.1 and GCC 6.2.0.

 - For per-OS “exception code” metrics, Android and Linux are broken out
   distinctly.
 - Because Linux provides no standard UUID generator, base::RandBytes()
   is used to generate random UUIDs for the InitializeWithNew() form.
 - Multiple fixes for CloseMultipleNowOrOnExec():
    - readdir_r() is deprecated in glibc 2.24. Use readdir() on Linux.
    - Linux does not have OPEN_MAX. Use the fs.nr_open sysctl (via
      /proc/sys) to determine the maximum (currently-configured)
      possible number of file descriptors per process.
    - Use the {CTL_KERN, KERN_MAXFILESPERPROC} sysctl on Mac to
      determine the maximum (currently-configured) possible number of
      file descriptors per process. This is an improvement over using
      OPEN_MAX, which is still consulted.
 - ThreadLogMessages’ use of DCHECK_EQ() needs an address-of operator on
   function pointers to avoid confusing GCC.

One problem remains:

 - util/misc/pdb_structures.h produces -Wmultichar errors. -Wmultichar
   is enabled by default with GCC (but not clang). It is impossible to
   disable this warning with #pragma GCC diagnostic ignored. See
   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53431

This has not been tested beyond building the crashpad_util target.

BUG=crashpad:30

Change-Id: I02e7a05da512ca312806d825b3fc9b2c5bf1a990
Reviewed-on: https://chromium-review.googlesource.com/404009
Reviewed-by: Robert Sesek <rsesek@chromium.org>
2016-10-31 15:20:59 +00:00

227 lines
7.2 KiB
C++
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Copyright 2014 The Crashpad Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "util/posix/close_multiple.h"
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <algorithm>
#include <memory>
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
#include "build/build_config.h"
#include "util/misc/implicit_cast.h"
#include "util/numeric/safe_assignment.h"
#if defined(OS_MACOSX)
#include <sys/sysctl.h>
#endif
// Everything in this file is expected to execute between fork() and exec(),
// so everything called here must be acceptable in this context. However,
// logging code that is not expected to execute under normal circumstances is
// currently permitted.
namespace crashpad {
namespace {
// This function attempts to close |fd| or mark it as close-on-exec. On systems
// where close-on-exec is attempted, a failure to mark it close-on-exec will be
// followed by an attempt to close it. |ebadf_ok| should be set to |true| if
// the caller is attempting to close the file descriptor “blind,” that is,
// without knowledge that it is or is not a valid file descriptor.
void CloseNowOrOnExec(int fd, bool ebadf_ok) {
int rv;
#if defined(OS_MACOSX)
// Try to set close-on-exec, to avoid attempting to close a guarded FD with
// a close guard set.
rv = fcntl(fd, F_SETFD, FD_CLOEXEC);
if (rv != -1 || (ebadf_ok && errno == EBADF)) {
return;
}
PLOG(WARNING) << "fcntl";
#endif
rv = IGNORE_EINTR(close(fd));
if (rv != 0 && !(ebadf_ok && errno == EBADF)) {
PLOG(WARNING) << "close";
}
}
struct ScopedDIRCloser {
void operator()(DIR* dir) const {
if (dir) {
if (closedir(dir) < 0) {
PLOG(ERROR) << "closedir";
}
}
}
};
using ScopedDIR = std::unique_ptr<DIR, ScopedDIRCloser>;
// This function implements CloseMultipleNowOrOnExec() using an operating
// system-specific FD directory to determine which file descriptors are open.
// This is an advantage over looping over all possible file descriptors, because
// no attempt needs to be made to close file descriptors that are not open.
bool CloseMultipleNowOrOnExecUsingFDDir(int fd, int preserve_fd) {
#if defined(OS_MACOSX)
const char kFDDir[] = "/dev/fd";
#elif defined(OS_LINUX)
const char kFDDir[] = "/proc/self/fd";
#endif
DIR* dir = opendir(kFDDir);
if (!dir) {
PLOG(WARNING) << "opendir";
return false;
}
ScopedDIR dir_owner(dir);
int dir_fd = dirfd(dir);
if (dir_fd == -1) {
PLOG(WARNING) << "dirfd";
return false;
}
dirent* result;
#if defined(OS_LINUX)
// readdir_r() is deprecated as of glibc 2.24. See
// https://sourceware.org/bugzilla/show_bug.cgi?id=19056 and
// https://git.kernel.org/cgit/docs/man-pages/man-pages.git/commit?id=0c52f6d623636a61eacd0f7b7a3bb942793a2a05.
const char kReaddirName[] = "readdir";
while ((errno = 0, result = readdir(dir)) != nullptr)
#else
const char kReaddirName[] = "readdir_r";
dirent entry;
while ((errno = readdir_r(dir, &entry, &result)) == 0 && result != nullptr)
#endif
{
const char* entry_name = &(*result->d_name);
if (strcmp(entry_name, ".") == 0 || strcmp(entry_name, "..") == 0) {
continue;
}
char* end;
long entry_fd_long = strtol(entry_name, &end, 10);
if (entry_name[0] == '\0' || *end) {
LOG(ERROR) << "unexpected entry " << entry_name;
return false;
}
int entry_fd;
if (!AssignIfInRange(&entry_fd, entry_fd_long)) {
LOG(ERROR) << "out-of-range fd " << entry_name;
return false;
}
if (entry_fd >= fd && entry_fd != preserve_fd && entry_fd != dir_fd) {
CloseNowOrOnExec(entry_fd, false);
}
}
if (errno != 0) {
PLOG(WARNING) << kReaddirName;
return false;
}
return true;
}
} // namespace
void CloseMultipleNowOrOnExec(int fd, int preserve_fd) {
if (CloseMultipleNowOrOnExecUsingFDDir(fd, preserve_fd)) {
return;
}
// Fallback: close every file descriptor starting at |fd| and ending at the
// systems file descriptor limit. Check a few values and use the highest as
// the limit, because these may be based on the file descriptor limit set by
// setrlimit(), and higher-numbered file descriptors may have been opened
// prior to the limit being lowered. On both macOS and Linux glibc, both
// sysconf() and getdtablesize() return the current RLIMIT_NOFILE value, not
// the maximum possible file descriptor. For macOS, see 10.11.5
// Libc-1082.50.1/gen/FreeBSD/sysconf.c sysconf() and 10.11.6
// xnu-3248.60.10/bsd/kern/kern_descrip.c getdtablesize(). For Linux glibc,
// see glibc-2.24/sysdeps/posix/sysconf.c __sysconf() and
// glibc-2.24/sysdeps/posix/getdtsz.c __getdtablesize().
int max_fd = implicit_cast<int>(sysconf(_SC_OPEN_MAX));
max_fd = std::max(max_fd, getdtablesize());
#if !defined(OS_LINUX) || defined(OPEN_MAX)
// Linux does not provide OPEN_MAX. See
// https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/include/linux/limits.h?id=77293034696e3e0b6c8b8fc1f96be091104b3d2b.
max_fd = std::max(max_fd, OPEN_MAX);
#endif
// Consult a sysctl to determine the system-wide limit on the maximum number
// of open files per process. Note that it is possible to change this limit
// while the system is running, but its still a better upper bound than the
// current RLIMIT_NOFILE value.
#if defined(OS_MACOSX)
// See 10.11.6 xnu-3248.60.10/bsd/kern/kern_resource.c maxfilesperproc,
// referenced by dosetrlimit().
int oid[] = {CTL_KERN, KERN_MAXFILESPERPROC};
int maxfilesperproc;
size_t maxfilesperproc_size = sizeof(maxfilesperproc);
if (sysctl(oid,
arraysize(oid),
&maxfilesperproc,
&maxfilesperproc_size,
nullptr,
0) == 0) {
max_fd = std::max(max_fd, maxfilesperproc);
} else {
PLOG(WARNING) << "sysctl";
}
#elif defined(OS_LINUX)
// See linux-4.4.27/fs/file.c sysctl_nr_open, referenced by kernel/sys.c
// do_prlimit() and kernel/sysctl.c fs_table. Inability to open this file is
// not considered an error, because /proc may not be available or usable.
{
base::ScopedFILE nr_open_file(fopen("/proc/sys/fs/nr_open", "r"));
if (nr_open_file.get() != nullptr) {
int nr_open;
if (fscanf(nr_open_file.get(), "%d\n", &nr_open) == 1 &&
feof(nr_open_file.get())) {
max_fd = std::max(max_fd, nr_open);
} else {
LOG(WARNING) << "/proc/sys/fs/nr_open format error";
}
}
}
#endif
for (int entry_fd = fd; entry_fd < max_fd; ++entry_fd) {
if (entry_fd != preserve_fd) {
CloseNowOrOnExec(entry_fd, true);
}
}
}
} // namespace crashpad