// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40285824): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif // On Linux, when the user tries to launch a second copy of chrome, we check // for a socket in the user's profile directory. If the socket file is open we // send a message to the first chrome browser process with the current // directory and second process command line flags. The second process then // exits. // // Because many networked filesystem implementations do not support unix domain // sockets, we create the socket in a temporary directory and create a symlink // in the profile. This temporary directory is no longer bound to the profile, // and may disappear across a reboot or login to a separate session. To bind // them, we store a unique cookie in the profile directory, which must also be // present in the remote directory to connect. The cookie is checked both before // and after the connection. /tmp is sticky, and different Chrome sessions use // different cookies. Thus, a matching cookie before and after means the // connection was to a directory with a valid cookie. // // We also have a lock file, which is a symlink to a non-existent destination. // The destination is a string containing the hostname and process id of // chrome's browser process, eg. "SingletonLock -> example.com-9156". When the // first copy of chrome exits it will delete the lock file on shutdown, so that // a different instance on a different host may then use the profile directory. // // If writing to the socket fails, the hostname in the lock is checked to see if // another instance is running a different host using a shared filesystem (nfs, // etc.) If the hostname differs an error is displayed and the second process // exits. Otherwise the first process (if any) is killed and the second process // starts as normal. // // When the second process sends the current directory and command line flags to // the first process, it waits for an ACK message back from the first process // for a certain time. If there is no ACK message back in time, then the first // process will be considered as hung for some reason. The second process then // retrieves the process id from the symbol link and kills it by sending // SIGKILL. Then the second process starts as normal. #include "chrome/browser/process_singleton.h" #include <errno.h> #include <fcntl.h> #include <signal.h> #include <stddef.h> #include <string.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/un.h> #include <unistd.h> #include <cstring> #include <memory> #include <set> #include <string> #include <type_traits> #include "base/base_paths.h" #include "base/command_line.h" #include "base/containers/unique_ptr_adapters.h" #include "base/files/file_descriptor_watcher_posix.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/location.h" #include "base/logging.h" #include "base/memory/raw_ptr.h" #include "base/memory/ref_counted.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" #include "base/path_service.h" #include "base/posix/eintr_wrapper.h" #include "base/posix/safe_strerror.h" #include "base/rand_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/sys_string_conversions.h" #include "base/strings/utf_string_conversions.h" #include "base/task/sequenced_task_runner_helpers.h" #include "base/task/single_thread_task_runner.h" #include "base/threading/platform_thread.h" #include "base/time/time.h" #include "base/timer/timer.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "chrome/browser/process_singleton_internal.h" #include "chrome/common/chrome_constants.h" #include "chrome/common/process_singleton_lock_posix.h" #include "chrome/grit/branded_strings.h" #include "chrome/grit/generated_resources.h" #include "content/public/browser/browser_task_traits.h" #include "content/public/browser/browser_thread.h" #include "net/base/network_interfaces.h" #include "ui/base/l10n/l10n_util.h" #include "ui/base/resource/scoped_startup_resource_bundle.h" #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) #include "chrome/browser/ui/process_singleton_dialog_linux.h" #endif BrowserThread; namespace { #if BUILDFLAG(IS_MAC) // In order to allow longer paths for the singleton socket's filesystem node, // provide an "oversized" sockaddr_un-equivalent with a larger sun_path member. // sockaddr_un in the SDK has sun_path[104], which is too confined for the // singleton socket's path. The kernel will accept a sockaddr structure up to // SOCK_MAXADDRLEN (255) bytes long. This structure makes all of that space // available, effectively allowing sun_path[253]. Although shorter than // PATH_MAX (1024), this will hopefully be long enough. Many systems support an // extension like this, but it's not entirely portable. In this case, the OS // vendor has said that the behavior is stable. Learn more at SetupSockAddr. struct SockaddrUn { decltype(sockaddr_un::sun_len) sun_len; decltype(sockaddr_un::sun_family) sun_family; std::remove_extent_t<decltype(sockaddr_un::sun_path)> sun_path[SOCK_MAXADDRLEN - offsetof(sockaddr_un, sun_path)]; }; #else // On other platforms without a demonstrated need for paths longer than // sockaddr_un::sun_path, just do the portable thing. SockaddrUn; #endif // Timeout for the current browser process to respond. 20 seconds should be // enough. const int kTimeoutInSeconds = …; // Number of retries to notify the browser. 20 retries over 20 seconds = 1 try // per second. const int kRetryAttempts = …; const char kStartToken[] = …; const char kACKToken[] = …; const char kShutdownToken[] = …; const char kTokenDelimiter = …; const int kMaxMessageLength = …; const int kMaxACKMessageLength = …; bool g_disable_prompt = …; bool g_skip_is_chrome_process_check = …; bool g_user_opted_unlock_in_use_profile = …; // Set the close-on-exec bit on a file descriptor. // Returns 0 on success, -1 on failure. int SetCloseOnExec(int fd) { … } // Close a socket and check return value. void CloseSocket(int fd) { … } // Write a message to a socket fd. bool WriteToSocket(int fd, const char *message, size_t length) { … } struct timeval TimeDeltaToTimeVal(const base::TimeDelta& delta) { … } // Wait a socket for read for a certain timeout. // Returns -1 if error occurred, 0 if timeout reached, > 0 if the socket is // ready for read. int WaitSocketForRead(int fd, const base::TimeDelta& timeout) { … } // Read a message from a socket fd, with an optional timeout. // If |timeout| <= 0 then read immediately. // Return number of bytes actually read, or -1 on error. ssize_t ReadFromSocket(int fd, char* buf, size_t bufsize, const base::TimeDelta& timeout) { … } // Set up a sockaddr appropriate for messaging. bool SetupSockAddr(const std::string& path, SockaddrUn* addr, socklen_t* socklen) { … } // Set up a socket appropriate for messaging. int SetupSocketOnly() { … } // Set up a socket and sockaddr appropriate for messaging. void SetupSocket(const std::string& path, int* sock, SockaddrUn* addr, socklen_t* socklen) { … } // Read a symbolic link, return empty string if given path is not a symbol link. base::FilePath ReadLink(const base::FilePath& path) { … } // Unlink a path. Return true on success. bool UnlinkPath(const base::FilePath& path) { … } // Create a symlink. Returns true on success. bool SymlinkPath(const base::FilePath& target, const base::FilePath& path) { … } // Returns true if the user opted to unlock the profile. bool DisplayProfileInUseError(const base::FilePath& lock_path, const std::string& hostname, int pid) { … } bool IsChromeProcess(pid_t pid) { … } // A helper class to hold onto a socket. class ScopedSocket { … }; // Returns a random string for uniquifying profile connections. std::string GenerateCookie() { … } bool CheckCookie(const base::FilePath& path, const base::FilePath& cookie) { … } bool ConnectSocket(ScopedSocket* socket, const base::FilePath& socket_path, const base::FilePath& cookie_path) { … } #if BUILDFLAG(IS_MAC) bool ReplaceOldSingletonLock(const base::FilePath& symlink_content, const base::FilePath& lock_path) { // Try taking an flock(2) on the file. Failure means the lock is taken so we // should quit. base::ScopedFD lock_fd(HANDLE_EINTR( open(lock_path.value().c_str(), O_RDWR | O_CREAT | O_SYMLINK, 0644))); if (!lock_fd.is_valid()) { PLOG(ERROR) << "Could not open singleton lock"; return false; } int rc = HANDLE_EINTR(flock(lock_fd.get(), LOCK_EX | LOCK_NB)); if (rc == -1) { if (errno == EWOULDBLOCK) { LOG(ERROR) << "Singleton lock held by old process."; } else { PLOG(ERROR) << "Error locking singleton lock"; } return false; } // Successfully taking the lock means we can replace it with the a new symlink // lock. We never flock() the lock file from now on. I.e. we assume that an // old version of Chrome will not run with the same user data dir after this // version has run. if (!base::DeleteFile(lock_path)) { PLOG(ERROR) << "Could not delete old singleton lock."; return false; } return SymlinkPath(symlink_content, lock_path); } #endif // BUILDFLAG(IS_MAC) } // namespace /////////////////////////////////////////////////////////////////////////////// // ProcessSingleton::LinuxWatcher // A helper class for a Linux specific implementation of the process singleton. // This class sets up a listener on the singleton socket and handles parsing // messages that come in on the singleton socket. class ProcessSingleton::LinuxWatcher : public base::RefCountedThreadSafe<ProcessSingleton::LinuxWatcher, BrowserThread::DeleteOnIOThread> { … }; void ProcessSingleton::LinuxWatcher::OnSocketCanReadWithoutBlocking( int socket) { … } void ProcessSingleton::LinuxWatcher::StartListening(int socket) { … } void ProcessSingleton::LinuxWatcher::HandleMessage( const std::string& current_dir, const std::vector<std::string>& argv, SocketReader* reader) { … } void ProcessSingleton::LinuxWatcher::RemoveSocketReader(SocketReader* reader) { … } /////////////////////////////////////////////////////////////////////////////// // ProcessSingleton::LinuxWatcher::SocketReader // void ProcessSingleton::LinuxWatcher::SocketReader:: OnSocketCanReadWithoutBlocking() { … } void ProcessSingleton::LinuxWatcher::SocketReader::FinishWithACK( const char *message, size_t length) { … } /////////////////////////////////////////////////////////////////////////////// // ProcessSingleton // ProcessSingleton::ProcessSingleton( const base::FilePath& user_data_dir, const NotificationCallback& notification_callback) : … { … } ProcessSingleton::~ProcessSingleton() { … } ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcess() { … } ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcessWithTimeout( const base::CommandLine& cmd_line, int retry_attempts, const base::TimeDelta& timeout, bool kill_unresponsive) { … } ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcessOrCreate() { … } ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcessWithTimeoutOrCreate( const base::CommandLine& command_line, int retry_attempts, const base::TimeDelta& timeout) { … } void ProcessSingleton::OverrideCurrentPidForTesting(base::ProcessId pid) { … } void ProcessSingleton::OverrideKillCallbackForTesting( const base::RepeatingCallback<void(int)>& callback) { … } // static void ProcessSingleton::DisablePromptForTesting() { … } // static void ProcessSingleton::SkipIsChromeProcessCheckForTesting(bool skip) { … } // static void ProcessSingleton::SetUserOptedUnlockInUseProfileForTesting( bool set_unlock) { … } bool ProcessSingleton::Create() { … } void ProcessSingleton::StartWatching() { … } void ProcessSingleton::Cleanup() { … } bool ProcessSingleton::IsSameChromeInstance(pid_t pid) { … } bool ProcessSingleton::KillProcessByLockPath(bool is_connected_to_socket) { … } void ProcessSingleton::KillProcess(int pid) { … }
Codebase Browser
chromium