// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "base/process/launch.h" #include <dirent.h> #include <errno.h> #include <fcntl.h> #include <sched.h> #include <setjmp.h> #include <signal.h> #include <stddef.h> #include <stdint.h> #include <stdlib.h> #include <sys/resource.h> #include <sys/syscall.h> #include <sys/time.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #include <iterator> #include <limits> #include <memory> #include <set> #include "base/command_line.h" #include "base/compiler_specific.h" #include "base/debug/debugger.h" #include "base/debug/stack_trace.h" #include "base/files/dir_reader_posix.h" #include "base/files/file_util.h" #include "base/files/scoped_file.h" #include "base/logging.h" #include "base/memory/raw_ptr_exclusion.h" #include "base/process/environment_internal.h" #include "base/process/process.h" #include "base/process/process_metrics.h" #include "base/synchronization/waitable_event.h" #include "base/threading/platform_thread.h" #include "base/threading/platform_thread_internal_posix.h" #include "base/threading/scoped_blocking_call.h" #include "base/trace_event/base_tracing.h" #include "build/build_config.h" #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_AIX) #include <sys/prctl.h> #endif #if BUILDFLAG(IS_CHROMEOS) #include <sys/ioctl.h> #endif #if BUILDFLAG(IS_FREEBSD) #include <sys/event.h> #include <sys/ucontext.h> #endif #if BUILDFLAG(IS_MAC) #error "macOS should use launch_mac.cc" #endif extern char** environ; namespace base { namespace { // Get the process's "environment" (i.e. the thing that setenv/getenv // work with). char** GetEnvironment() { … } // Set the process's "environment" (i.e. the thing that setenv/getenv // work with). void SetEnvironment(char** env) { … } // Set the calling thread's signal mask to new_sigmask and return // the previous signal mask. sigset_t SetSignalMask(const sigset_t& new_sigmask) { … } #if (!BUILDFLAG(IS_LINUX) && !BUILDFLAG(IS_AIX) && !BUILDFLAG(IS_CHROMEOS)) || \ (!defined(__i386__) && !defined(__x86_64__) && !defined(__arm__)) void ResetChildSignalHandlersToDefaults() { // The previous signal handlers are likely to be meaningless in the child's // context so we reset them to the defaults for now. http://crbug.com/44953 // These signal handlers are set up at least in browser_main_posix.cc: // BrowserMainPartsPosix::PreEarlyInitialization and stack_trace_posix.cc: // EnableInProcessStackDumping. signal(SIGHUP, SIG_DFL); signal(SIGINT, SIG_DFL); signal(SIGILL, SIG_DFL); signal(SIGABRT, SIG_DFL); signal(SIGFPE, SIG_DFL); signal(SIGBUS, SIG_DFL); signal(SIGSEGV, SIG_DFL); signal(SIGSYS, SIG_DFL); signal(SIGTERM, SIG_DFL); } #else // TODO(jln): remove the Linux special case once kernels are fixed. // Internally the kernel makes sigset_t an array of long large enough to have // one bit per signal. kernel_sigset_t; // This is what struct sigaction looks like to the kernel at least on X86 and // ARM. MIPS, for instance, is very different. // For that reason `k_sa_handler` and `k_sa_restorer` can't be raw_ptr<>. struct kernel_sigaction { … }; // glibc's sigaction() will prevent access to sa_restorer, so we need to roll // our own. long sys_rt_sigaction(int sig, const struct kernel_sigaction* act, struct kernel_sigaction* oact) { … } // This function is intended to be used in between fork() and execve() and will // reset all signal handlers to the default. // The motivation for going through all of them is that sa_restorer can leak // from parents and help defeat ASLR on buggy kernels. We reset it to null. // See crbug.com/177956. void ResetChildSignalHandlersToDefaults(void) { … } #endif // !BUILDFLAG(IS_LINUX) || // (!defined(__i386__) && !defined(__x86_64__) && !defined(__arm__)) } // anonymous namespace // Functor for |ScopedDIR| (below). struct ScopedDIRClose { … }; // Automatically closes |DIR*|s. ScopedDIR; #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_AIX) static const char kFDDir[] = …; #elif BUILDFLAG(IS_SOLARIS) static const char kFDDir[] = "/dev/fd"; #elif BUILDFLAG(IS_FREEBSD) static const char kFDDir[] = "/dev/fd"; #elif BUILDFLAG(IS_OPENBSD) static const char kFDDir[] = "/dev/fd"; #elif BUILDFLAG(IS_ANDROID) static const char kFDDir[] = "/proc/self/fd"; #endif void CloseSuperfluousFds(const base::InjectiveMultimap& saved_mapping) { … } Process LaunchProcess(const CommandLine& cmdline, const LaunchOptions& options) { … } Process LaunchProcess(const std::vector<std::string>& argv, const LaunchOptions& options) { … } void RaiseProcessToHighPriority() { … } // Executes the application specified by |argv| and wait for it to exit. Stores // the output (stdout) in |output|. If |do_search_path| is set, it searches the // path for the application; in that case, |envp| must be null, and it will use // the current environment. If |do_search_path| is false, |argv[0]| should fully // specify the path of the application, and |envp| will be used as the // environment. If |include_stderr| is true, includes stderr otherwise redirects // it to /dev/null. // The return value of the function indicates success or failure. In the case of // success, the application exit code will be returned in |*exit_code|, which // should be checked to determine if the application ran successfully. static bool GetAppOutputInternal( const std::vector<std::string>& argv, char* const envp[], bool include_stderr, std::string* output, bool do_search_path, int* exit_code) { … } bool GetAppOutput(const CommandLine& cl, std::string* output) { … } bool GetAppOutput(const std::vector<std::string>& argv, std::string* output) { … } bool GetAppOutputAndError(const CommandLine& cl, std::string* output) { … } bool GetAppOutputAndError(const std::vector<std::string>& argv, std::string* output) { … } bool GetAppOutputWithExitCode(const CommandLine& cl, std::string* output, int* exit_code) { … } #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_AIX) namespace { // This function runs on the stack specified on the clone call. It uses longjmp // to switch back to the original stack so the child can return from sys_clone. int CloneHelper(void* arg) { … } // This function is noinline to ensure that stack_buf is below the stack pointer // that is saved when setjmp is called below. This is needed because when // compiled with FORTIFY_SOURCE, glibc's longjmp checks that the stack is moved // upwards. See crbug.com/442912 for more details. #if defined(ADDRESS_SANITIZER) // Disable AddressSanitizer instrumentation for this function to make sure // |stack_buf| is allocated on thread stack instead of ASan's fake stack. // Under ASan longjmp() will attempt to clean up the area between the old and // new stack pointers and print a warning that may confuse the user. NOINLINE __attribute__((no_sanitize_address)) pid_t CloneAndLongjmpInChild(int flags, pid_t* ptid, pid_t* ctid, jmp_buf* env) { #else NOINLINE pid_t CloneAndLongjmpInChild(int flags, pid_t* ptid, pid_t* ctid, jmp_buf* env) { … } } // anonymous namespace pid_t ForkWithFlags(int flags, pid_t* ptid, pid_t* ctid) { … } #endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_AIX) } // namespace base
Codebase Browser
chromium