// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/first_run/upgrade_util_win.h"
#include <objbase.h>
#include <windows.h>
#include <psapi.h>
#include <shellapi.h>
#include <wrl/client.h>
#include <algorithm>
#include <ios>
#include <string>
#include "base/base_paths.h"
#include "base/check.h"
#include "base/command_line.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/functional/bind.h"
#include "base/logging.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_refptr.h"
#include "base/metrics/histogram_functions.h"
#include "base/path_service.h"
#include "base/process/launch.h"
#include "base/process/process_handle.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/synchronization/waitable_event.h"
#include "base/system/sys_info.h"
#include "base/task/sequenced_task_runner.h"
#include "base/task/task_traits.h"
#include "base/task/thread_pool.h"
#include "base/time/time.h"
#include "base/timer/elapsed_timer.h"
#include "base/trace_event/trace_event.h"
#include "base/values.h"
#include "base/win/registry.h"
#include "base/win/windows_version.h"
#include "build/branding_buildflags.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chrome_process_singleton.h"
#include "chrome/browser/first_run/upgrade_util.h"
#include "chrome/browser/shell_integration.h"
#include "chrome/browser/win/browser_util.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/pref_names.h"
#include "chrome/install_static/install_util.h"
#include "chrome/installer/util/app_command.h"
#include "chrome/installer/util/per_install_values.h"
#include "chrome/installer/util/util_constants.h"
#include "components/prefs/pref_service.h"
#include "third_party/abseil-cpp/absl/cleanup/cleanup.h"
#include "ui/base/ui_base_switches.h"
#if BUILDFLAG(GOOGLE_CHROME_BRANDING)
#include "chrome/updater/app/server/win/updater_legacy_idl.h"
#endif
namespace {
bool GetNewerChromeFile(base::FilePath* path) {
if (!base::PathService::Get(base::DIR_EXE, path))
return false;
*path = path->Append(installer::kChromeNewExe);
return true;
}
#if BUILDFLAG(GOOGLE_CHROME_BRANDING)
// Holds the result of the IPC to CoCreate the process launcher.
struct CreateProcessLauncherResult
: public base::RefCountedThreadSafe<CreateProcessLauncherResult> {
Microsoft::WRL::ComPtr<IStream> stream;
base::WaitableEvent completion_event;
private:
friend class base::RefCountedThreadSafe<CreateProcessLauncherResult>;
virtual ~CreateProcessLauncherResult() = default;
};
// CoCreates the `ProcessLauncher` class, and if successful, marshals the
// resulting interface into `result->stream`. Signals `result->completion_event`
// on successful or failed completion.
void CreateAndMarshalProcessLauncher(
scoped_refptr<CreateProcessLauncherResult> result) {
const absl::Cleanup signal_completion_event = [&result] {
result->completion_event.Signal();
};
Microsoft::WRL::ComPtr<IUnknown> unknown;
{
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename CoCreateInstance");
const HRESULT hr =
::CoCreateInstance(__uuidof(ProcessLauncherClass), nullptr, CLSCTX_ALL,
IID_PPV_ARGS(&unknown));
if (FAILED(hr)) {
TRACE_EVENT_INSTANT1(
"startup", "InvokeGoogleUpdateForRename CoCreateInstance failed",
TRACE_EVENT_SCOPE_THREAD, "hr", hr);
LOG(ERROR) << "CoCreate ProcessLauncherClass failed; hr = " << std::hex
<< hr;
return;
}
}
const HRESULT hr = ::CoMarshalInterThreadInterfaceInStream(
__uuidof(IUnknown), unknown.Get(), &result->stream);
if (FAILED(hr)) {
TRACE_EVENT_INSTANT1("startup",
"InvokeGoogleUpdateForRename "
"CoMarshalInterThreadInterfaceInStream failed",
TRACE_EVENT_SCOPE_THREAD, "hr", hr);
LOG(ERROR) << "CoMarshalInterThreadInterfaceInStream "
"ProcessLauncherClass failed; hr = "
<< std::hex << hr;
}
}
// CoCreates the Google Update `ProcessLauncherClass` in a `ThreadPool` thread
// with a timeout, if the `ThreadPool` is operational. The starting value for
// the timeout is 15 seconds. If the CoCreate times out, the timeout is
// increased by 15 seconds at each failed attempt and persisted for the next
// attempt.
//
// If the `ThreadPool` is not operational, the CoCreate is done
// without a timeout.
Microsoft::WRL::ComPtr<IUnknown> CreateProcessLauncher() {
constexpr int kDefaultTimeoutIncrementSeconds = 15;
constexpr base::TimeDelta kMaxTimeAfterSystemStartup = base::Seconds(150);
auto result = base::MakeRefCounted<CreateProcessLauncherResult>();
if (base::ThreadPool::CreateCOMSTATaskRunner(
{base::MayBlock(), base::TaskPriority::USER_BLOCKING})
->PostTask(FROM_HERE, base::BindOnce(&CreateAndMarshalProcessLauncher,
result))) {
installer::PerInstallValue creation_timeout(
L"ProcessLauncherCreationTimeout");
const base::TimeDelta timeout = base::Seconds(
creation_timeout.Get()
.value_or(base::Value(kDefaultTimeoutIncrementSeconds))
.GetIfInt()
.value_or(kDefaultTimeoutIncrementSeconds));
const base::ElapsedTimer timer;
const bool is_at_startup =
base::SysInfo::Uptime() <= kMaxTimeAfterSystemStartup;
if (!result->completion_event.TimedWait(timeout)) {
base::UmaHistogramMediumTimes(
is_at_startup
? "Startup.CreateProcessLauncher2.TimedWaitFailedAtStartup"
: "Startup.CreateProcessLauncher2.TimedWaitFailed",
timer.Elapsed());
creation_timeout.Set(base::Value(static_cast<int>(timeout.InSeconds()) +
kDefaultTimeoutIncrementSeconds));
TRACE_EVENT_INSTANT0(
"startup", "InvokeGoogleUpdateForRename CoCreateInstance timed out",
TRACE_EVENT_SCOPE_THREAD);
LOG(ERROR) << "CoCreate ProcessLauncherClass timed out";
return {};
}
if (!result->stream) {
return {};
}
base::UmaHistogramMediumTimes(
is_at_startup
? "Startup.CreateProcessLauncher2.TimedWaitSucceededAtStartup"
: "Startup.CreateProcessLauncher2.TimedWaitSucceeded",
timer.Elapsed());
Microsoft::WRL::ComPtr<IUnknown> unknown;
const HRESULT hr =
::CoUnmarshalInterface(result->stream.Get(), __uuidof(IUnknown),
IID_PPV_ARGS_Helper(&unknown));
if (FAILED(hr)) {
TRACE_EVENT_INSTANT1(
"startup", "InvokeGoogleUpdateForRename CoUnmarshalInterface failed",
TRACE_EVENT_SCOPE_THREAD, "hr", hr);
LOG(ERROR) << "CoUnmarshalInterface ProcessLauncherClass failed; hr = "
<< std::hex << hr;
return {};
}
return unknown;
}
// The task could not be posted to the task runner, so CoCreate without a
// timeout. This could happen in shutdown, where the `ThreadPool` is not
// operational.
{
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename CoCreateInstance");
Microsoft::WRL::ComPtr<IUnknown> unknown;
const HRESULT hr =
::CoCreateInstance(__uuidof(ProcessLauncherClass), nullptr, CLSCTX_ALL,
IID_PPV_ARGS(&unknown));
if (FAILED(hr)) {
TRACE_EVENT_INSTANT1(
"startup", "InvokeGoogleUpdateForRename CoCreateInstance failed",
TRACE_EVENT_SCOPE_THREAD, "hr", hr);
LOG(ERROR) << "CoCreate ProcessLauncherClass failed; hr = " << std::hex
<< hr;
return {};
}
return unknown;
}
}
#endif // BUILDFLAG(GOOGLE_CHROME_BRANDING)
bool InvokeGoogleUpdateForRename() {
#if BUILDFLAG(GOOGLE_CHROME_BRANDING)
// This has been identified as very slow on some startups. Detailed trace
// events below try to shine a light on each steps. crbug.com/1252004
TRACE_EVENT0("startup", "upgrade_util::InvokeGoogleUpdateForRename");
Microsoft::WRL::ComPtr<IUnknown> unknown = CreateProcessLauncher();
if (!unknown) {
return false;
}
// Chrome queries for the SxS IIDs first, with a fallback to the legacy IID,
// to make sure that marshaling loads the proxy/stub from the correct (HKLM)
// hive.
Microsoft::WRL::ComPtr<IProcessLauncher> ipl;
{
HRESULT hr = unknown.CopyTo(__uuidof(IProcessLauncherSystem),
IID_PPV_ARGS_Helper(&ipl));
if (FAILED(hr)) {
hr = unknown.As(&ipl);
}
if (FAILED(hr)) {
TRACE_EVENT0("startup",
"InvokeGoogleUpdateForRename QueryInterface failed");
LOG(ERROR) << "QueryInterface failed; hr = " << std::hex << hr;
return false;
}
}
ULONG_PTR process_handle = 0;
{
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename LaunchCmdElevated");
HRESULT hr = ipl->LaunchCmdElevated(
install_static::GetAppGuid(), installer::kCmdRenameChromeExe,
::GetCurrentProcessId(), &process_handle);
if (FAILED(hr)) {
TRACE_EVENT0("startup",
"InvokeGoogleUpdateForRename LaunchCmdElevated failed");
LOG(ERROR) << "IProcessLauncher::LaunchCmdElevated failed; hr = "
<< std::hex << hr;
return false;
}
}
base::Process rename_process(
reinterpret_cast<base::ProcessHandle>(process_handle));
int exit_code;
{
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename WaitForExit");
if (!rename_process.WaitForExit(&exit_code)) {
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename WaitForExit failed");
PLOG(ERROR) << "WaitForExit of rename process failed";
return false;
}
}
if (exit_code != installer::RENAME_SUCCESSFUL) {
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename !RENAME_SUCCESSFUL");
LOG(ERROR) << "Rename process failed with exit code " << exit_code;
return false;
}
TRACE_EVENT0("startup", "InvokeGoogleUpdateForRename RENAME_SUCCESSFUL");
return true;
#else // BUILDFLAG(GOOGLE_CHROME_BRANDING)
return false;
#endif // BUILDFLAG(GOOGLE_CHROME_BRANDING)
}
} // namespace
namespace upgrade_util {
bool RelaunchChromeBrowserImpl(const base::CommandLine& command_line) {
TRACE_EVENT0("startup", "upgrade_util::RelaunchChromeBrowserImpl");
base::FilePath chrome_exe;
if (!base::PathService::Get(base::FILE_EXE, &chrome_exe)) {
NOTREACHED_IN_MIGRATION();
return false;
}
// Explicitly make sure to relaunch chrome.exe rather than old_chrome.exe.
// This can happen when old_chrome.exe is launched by a user.
base::CommandLine chrome_exe_command_line = command_line;
chrome_exe_command_line.SetProgram(
chrome_exe.DirName().Append(installer::kChromeExe));
// Set the working directory to the exe's directory. This avoids a handle to
// the version directory being kept open in the relaunched child process.
base::LaunchOptions launch_options;
launch_options.current_directory = chrome_exe.DirName();
// Give the new process the right to bring its windows to the foreground.
launch_options.grant_foreground_privilege = true;
return base::LaunchProcess(chrome_exe_command_line, launch_options).IsValid();
}
bool IsUpdatePendingRestart() {
TRACE_EVENT0("startup", "upgrade_util::IsUpdatePendingRestart");
base::FilePath new_chrome_exe;
if (!GetNewerChromeFile(&new_chrome_exe))
return false;
return base::PathExists(new_chrome_exe);
}
bool SwapNewChromeExeIfPresent() {
if (!IsUpdatePendingRestart())
return false;
TRACE_EVENT0("startup", "upgrade_util::SwapNewChromeExeIfPresent");
// Renaming the chrome executable requires the process singleton to avoid
// any race condition.
CHECK(ChromeProcessSingleton::IsSingletonInstance());
// If this is a system-level install, ask Google Update to launch an elevated
// process to rename Chrome executables.
if (install_static::IsSystemInstall())
return InvokeGoogleUpdateForRename();
// If this is a user-level install, directly launch a process to rename Chrome
// executables. Obtain the command to launch the process from the registry.
installer::AppCommand rename_cmd(installer::kCmdRenameChromeExe, {});
if (!rename_cmd.Initialize(HKEY_CURRENT_USER))
return false;
base::LaunchOptions options;
options.wait = true;
options.start_hidden = true;
::SetLastError(ERROR_SUCCESS);
base::Process process =
base::LaunchProcess(rename_cmd.command_line(), options);
if (!process.IsValid()) {
PLOG(ERROR) << "Launch rename process failed";
return false;
}
DWORD exit_code;
if (!::GetExitCodeProcess(process.Handle(), &exit_code)) {
PLOG(ERROR) << "GetExitCodeProcess of rename process failed";
return false;
}
if (exit_code != installer::RENAME_SUCCESSFUL) {
LOG(ERROR) << "Rename process failed with exit code " << exit_code;
return false;
}
return true;
}
bool IsRunningOldChrome() {
TRACE_EVENT0("startup", "upgrade_util::IsRunningOldChrome");
// This figures out the actual file name that the section containing the
// mapped exe refers to. This is used instead of GetModuleFileName because the
// .exe may have been renamed out from under us while we've been running which
// GetModuleFileName won't notice.
wchar_t mapped_file_name[MAX_PATH * 2] = {};
if (!::GetMappedFileName(::GetCurrentProcess(),
reinterpret_cast<void*>(::GetModuleHandle(NULL)),
mapped_file_name, std::size(mapped_file_name))) {
return false;
}
base::FilePath file_name(base::FilePath(mapped_file_name).BaseName());
return base::FilePath::CompareEqualIgnoreCase(file_name.value(),
installer::kChromeOldExe);
}
bool DoUpgradeTasks(const base::CommandLine& command_line) {
TRACE_EVENT0("startup", "upgrade_util::DoUpgradeTasks");
// If there is no other instance already running then check if there is a
// pending update and complete it by performing the swap and then relaunch.
// Upgrade tasks require the process singleton to avoid any race condition.
CHECK(ChromeProcessSingleton::IsSingletonInstance());
bool did_swap = false;
if (!browser_util::IsBrowserAlreadyRunning())
did_swap = SwapNewChromeExeIfPresent();
// We don't need to relaunch if we didn't swap and we aren't running stale
// binaries.
if (!did_swap && !IsRunningOldChrome()) {
return false;
}
// At this point the chrome.exe has been swapped with the new one.
if (!RelaunchChromeBrowser(command_line)) {
// The relaunch failed. Feel free to panic now.
DUMP_WILL_BE_NOTREACHED();
}
return true;
}
} // namespace upgrade_util
Codebase Browser
chromium