| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/browser/child_process_launcher.h" |
| |
| #include <utility> // For std::pair. |
| |
| #include "base/bind.h" |
| #include "base/command_line.h" |
| #include "base/file_util.h" |
| #include "base/logging.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/metrics/histogram.h" |
| #include "base/process/process.h" |
| #include "base/synchronization/lock.h" |
| #include "base/threading/thread.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "content/public/browser/content_browser_client.h" |
| #include "content/public/common/content_descriptors.h" |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/result_codes.h" |
| |
| #if defined(OS_WIN) |
| #include "base/files/file_path.h" |
| #include "content/common/sandbox_win.h" |
| #include "content/public/common/sandbox_init.h" |
| #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #elif defined(OS_MACOSX) |
| #include "content/browser/mach_broker_mac.h" |
| #elif defined(OS_ANDROID) |
| #include "base/android/jni_android.h" |
| #include "content/browser/android/child_process_launcher_android.h" |
| #elif defined(OS_POSIX) |
| #include "base/memory/shared_memory.h" |
| #include "base/memory/singleton.h" |
| #include "content/browser/renderer_host/render_sandbox_host_linux.h" |
| #include "content/browser/zygote_host/zygote_host_impl_linux.h" |
| #include "content/common/child_process_sandbox_support_impl_linux.h" |
| #endif |
| |
| #if defined(OS_POSIX) |
| #include "base/metrics/stats_table.h" |
| #include "base/posix/global_descriptors.h" |
| #endif |
| |
| namespace content { |
| |
| // Having the functionality of ChildProcessLauncher be in an internal |
| // ref counted object allows us to automatically terminate the process when the |
| // parent class destructs, while still holding on to state that we need. |
| class ChildProcessLauncher::Context |
| : public base::RefCountedThreadSafe<ChildProcessLauncher::Context> { |
| public: |
| Context() |
| : client_(NULL), |
| client_thread_id_(BrowserThread::UI), |
| termination_status_(base::TERMINATION_STATUS_NORMAL_TERMINATION), |
| exit_code_(RESULT_CODE_NORMAL_EXIT), |
| starting_(true) |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| , zygote_(false) |
| #endif |
| { |
| #if defined(OS_POSIX) |
| terminate_child_on_shutdown_ = !CommandLine::ForCurrentProcess()-> |
| HasSwitch(switches::kChildCleanExit); |
| #else |
| terminate_child_on_shutdown_ = true; |
| #endif |
| } |
| |
| void Launch( |
| #if defined(OS_WIN) |
| SandboxedProcessLauncherDelegate* delegate, |
| #elif defined(OS_ANDROID) |
| int ipcfd, |
| #elif defined(OS_POSIX) |
| bool use_zygote, |
| const base::EnvironmentMap& environ, |
| int ipcfd, |
| #endif |
| CommandLine* cmd_line, |
| int child_process_id, |
| Client* client) { |
| client_ = client; |
| |
| CHECK(BrowserThread::GetCurrentThreadIdentifier(&client_thread_id_)); |
| |
| #if defined(OS_ANDROID) |
| // We need to close the client end of the IPC channel to reliably detect |
| // child termination. We will close this fd after we create the child |
| // process which is asynchronous on Android. |
| ipcfd_ = ipcfd; |
| #endif |
| BrowserThread::PostTask( |
| BrowserThread::PROCESS_LAUNCHER, FROM_HERE, |
| base::Bind( |
| &Context::LaunchInternal, |
| make_scoped_refptr(this), |
| client_thread_id_, |
| child_process_id, |
| #if defined(OS_WIN) |
| delegate, |
| #elif defined(OS_ANDROID) |
| ipcfd, |
| #elif defined(OS_POSIX) |
| use_zygote, |
| environ, |
| ipcfd, |
| #endif |
| cmd_line)); |
| } |
| |
| #if defined(OS_ANDROID) |
| static void OnChildProcessStarted( |
| // |this_object| is NOT thread safe. Only use it to post a task back. |
| scoped_refptr<Context> this_object, |
| BrowserThread::ID client_thread_id, |
| const base::TimeTicks begin_launch_time, |
| base::ProcessHandle handle) { |
| RecordHistograms(begin_launch_time); |
| if (BrowserThread::CurrentlyOn(client_thread_id)) { |
| // This is always invoked on the UI thread which is commonly the |
| // |client_thread_id| so we can shortcut one PostTask. |
| this_object->Notify(handle); |
| } else { |
| BrowserThread::PostTask( |
| client_thread_id, FROM_HERE, |
| base::Bind( |
| &ChildProcessLauncher::Context::Notify, |
| this_object, |
| handle)); |
| } |
| } |
| #endif |
| |
| void ResetClient() { |
| // No need for locking as this function gets called on the same thread that |
| // client_ would be used. |
| CHECK(BrowserThread::CurrentlyOn(client_thread_id_)); |
| client_ = NULL; |
| } |
| |
| void set_terminate_child_on_shutdown(bool terminate_on_shutdown) { |
| terminate_child_on_shutdown_ = terminate_on_shutdown; |
| } |
| |
| private: |
| friend class base::RefCountedThreadSafe<ChildProcessLauncher::Context>; |
| friend class ChildProcessLauncher; |
| |
| ~Context() { |
| Terminate(); |
| } |
| |
| static void RecordHistograms(const base::TimeTicks begin_launch_time) { |
| base::TimeDelta launch_time = base::TimeTicks::Now() - begin_launch_time; |
| if (BrowserThread::CurrentlyOn(BrowserThread::PROCESS_LAUNCHER)) { |
| RecordLaunchHistograms(launch_time); |
| } else { |
| BrowserThread::PostTask( |
| BrowserThread::PROCESS_LAUNCHER, FROM_HERE, |
| base::Bind(&ChildProcessLauncher::Context::RecordLaunchHistograms, |
| launch_time)); |
| } |
| } |
| |
| static void RecordLaunchHistograms(const base::TimeDelta launch_time) { |
| // Log the launch time, separating out the first one (which will likely be |
| // slower due to the rest of the browser initializing at the same time). |
| static bool done_first_launch = false; |
| if (done_first_launch) { |
| UMA_HISTOGRAM_TIMES("MPArch.ChildProcessLaunchSubsequent", launch_time); |
| } else { |
| UMA_HISTOGRAM_TIMES("MPArch.ChildProcessLaunchFirst", launch_time); |
| done_first_launch = true; |
| } |
| } |
| |
| static void LaunchInternal( |
| // |this_object| is NOT thread safe. Only use it to post a task back. |
| scoped_refptr<Context> this_object, |
| BrowserThread::ID client_thread_id, |
| int child_process_id, |
| #if defined(OS_WIN) |
| SandboxedProcessLauncherDelegate* delegate, |
| #elif defined(OS_ANDROID) |
| int ipcfd, |
| #elif defined(OS_POSIX) |
| bool use_zygote, |
| const base::EnvironmentMap& env, |
| int ipcfd, |
| #endif |
| CommandLine* cmd_line) { |
| scoped_ptr<CommandLine> cmd_line_deleter(cmd_line); |
| base::TimeTicks begin_launch_time = base::TimeTicks::Now(); |
| |
| #if defined(OS_WIN) |
| scoped_ptr<SandboxedProcessLauncherDelegate> delegate_deleter(delegate); |
| base::ProcessHandle handle = StartSandboxedProcess(delegate, cmd_line); |
| #elif defined(OS_POSIX) |
| std::string process_type = |
| cmd_line->GetSwitchValueASCII(switches::kProcessType); |
| std::vector<FileDescriptorInfo> files_to_register; |
| files_to_register.push_back( |
| FileDescriptorInfo(kPrimaryIPCChannel, |
| base::FileDescriptor(ipcfd, false))); |
| base::StatsTable* stats_table = base::StatsTable::current(); |
| if (stats_table && |
| base::SharedMemory::IsHandleValid( |
| stats_table->GetSharedMemoryHandle())) { |
| files_to_register.push_back( |
| FileDescriptorInfo(kStatsTableSharedMemFd, |
| stats_table->GetSharedMemoryHandle())); |
| } |
| #endif |
| |
| #if defined(OS_ANDROID) |
| // Android WebView runs in single process, ensure that we never get here |
| // when running in single process mode. |
| CHECK(!cmd_line->HasSwitch(switches::kSingleProcess)); |
| |
| GetContentClient()->browser()-> |
| GetAdditionalMappedFilesForChildProcess(*cmd_line, child_process_id, |
| &files_to_register); |
| |
| StartChildProcess(cmd_line->argv(), files_to_register, |
| base::Bind(&ChildProcessLauncher::Context::OnChildProcessStarted, |
| this_object, client_thread_id, begin_launch_time)); |
| |
| #elif defined(OS_POSIX) |
| base::ProcessHandle handle = base::kNullProcessHandle; |
| // We need to close the client end of the IPC channel to reliably detect |
| // child termination. |
| file_util::ScopedFD ipcfd_closer(&ipcfd); |
| |
| #if !defined(OS_MACOSX) |
| GetContentClient()->browser()-> |
| GetAdditionalMappedFilesForChildProcess(*cmd_line, child_process_id, |
| &files_to_register); |
| if (use_zygote) { |
| handle = ZygoteHostImpl::GetInstance()->ForkRequest(cmd_line->argv(), |
| files_to_register, |
| process_type); |
| } else |
| // Fall through to the normal posix case below when we're not zygoting. |
| #endif // !defined(OS_MACOSX) |
| { |
| // Convert FD mapping to FileHandleMappingVector |
| base::FileHandleMappingVector fds_to_map; |
| for (size_t i = 0; i < files_to_register.size(); ++i) { |
| fds_to_map.push_back(std::make_pair( |
| files_to_register[i].fd.fd, |
| files_to_register[i].id + |
| base::GlobalDescriptors::kBaseDescriptor)); |
| } |
| |
| #if !defined(OS_MACOSX) |
| if (process_type == switches::kRendererProcess) { |
| const int sandbox_fd = |
| RenderSandboxHostLinux::GetInstance()->GetRendererSocket(); |
| fds_to_map.push_back(std::make_pair( |
| sandbox_fd, |
| GetSandboxFD())); |
| } |
| #endif // defined(OS_MACOSX) |
| |
| // Actually launch the app. |
| base::LaunchOptions options; |
| options.environ = env; |
| options.fds_to_remap = &fds_to_map; |
| |
| #if defined(OS_MACOSX) |
| // Hold the MachBroker lock for the duration of LaunchProcess. The child |
| // will send its task port to the parent almost immediately after startup. |
| // The Mach message will be delivered to the parent, but updating the |
| // record of the launch will wait until after the placeholder PID is |
| // inserted below. This ensures that while the child process may send its |
| // port to the parent prior to the parent leaving LaunchProcess, the |
| // order in which the record in MachBroker is updated is correct. |
| MachBroker* broker = MachBroker::GetInstance(); |
| broker->GetLock().Acquire(); |
| |
| // Make sure the MachBroker is running, and inform it to expect a |
| // check-in from the new process. |
| broker->EnsureRunning(); |
| #endif // defined(OS_MACOSX) |
| |
| bool launched = base::LaunchProcess(*cmd_line, options, &handle); |
| |
| #if defined(OS_MACOSX) |
| if (launched) |
| broker->AddPlaceholderForPid(handle); |
| |
| // After updating the broker, release the lock and let the child's |
| // messasge be processed on the broker's thread. |
| broker->GetLock().Release(); |
| #endif // defined(OS_MACOSX) |
| |
| if (!launched) |
| handle = base::kNullProcessHandle; |
| } |
| #endif // else defined(OS_POSIX) |
| #if !defined(OS_ANDROID) |
| if (handle) |
| RecordHistograms(begin_launch_time); |
| BrowserThread::PostTask( |
| client_thread_id, FROM_HERE, |
| base::Bind( |
| &Context::Notify, |
| this_object.get(), |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) |
| use_zygote, |
| #endif |
| handle)); |
| #endif // !defined(OS_ANDROID) |
| } |
| |
| void Notify( |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| bool zygote, |
| #endif |
| base::ProcessHandle handle) { |
| #if defined(OS_ANDROID) |
| // Finally close the ipcfd |
| file_util::ScopedFD ipcfd_closer(&ipcfd_); |
| #endif |
| starting_ = false; |
| process_.set_handle(handle); |
| if (!handle) |
| LOG(ERROR) << "Failed to launch child process"; |
| |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| zygote_ = zygote; |
| #endif |
| if (client_) { |
| client_->OnProcessLaunched(); |
| } else { |
| Terminate(); |
| } |
| } |
| |
| void Terminate() { |
| if (!process_.handle()) |
| return; |
| |
| if (!terminate_child_on_shutdown_) |
| return; |
| |
| // On Posix, EnsureProcessTerminated can lead to 2 seconds of sleep! So |
| // don't this on the UI/IO threads. |
| BrowserThread::PostTask( |
| BrowserThread::PROCESS_LAUNCHER, FROM_HERE, |
| base::Bind( |
| &Context::TerminateInternal, |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| zygote_, |
| #endif |
| process_.handle())); |
| process_.set_handle(base::kNullProcessHandle); |
| } |
| |
| static void SetProcessBackgrounded(base::ProcessHandle handle, |
| bool background) { |
| base::Process process(handle); |
| process.SetProcessBackgrounded(background); |
| } |
| |
| static void TerminateInternal( |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| bool zygote, |
| #endif |
| base::ProcessHandle handle) { |
| #if defined(OS_ANDROID) |
| VLOG(0) << "ChromeProcess: Stopping process with handle " << handle; |
| StopChildProcess(handle); |
| #else |
| base::Process process(handle); |
| // Client has gone away, so just kill the process. Using exit code 0 |
| // means that UMA won't treat this as a crash. |
| process.Terminate(RESULT_CODE_NORMAL_EXIT); |
| // On POSIX, we must additionally reap the child. |
| #if defined(OS_POSIX) |
| #if !defined(OS_MACOSX) |
| if (zygote) { |
| // If the renderer was created via a zygote, we have to proxy the reaping |
| // through the zygote process. |
| ZygoteHostImpl::GetInstance()->EnsureProcessTerminated(handle); |
| } else |
| #endif // !OS_MACOSX |
| { |
| base::EnsureProcessTerminated(handle); |
| } |
| #endif // OS_POSIX |
| process.Close(); |
| #endif // defined(OS_ANDROID) |
| } |
| |
| Client* client_; |
| BrowserThread::ID client_thread_id_; |
| base::Process process_; |
| base::TerminationStatus termination_status_; |
| int exit_code_; |
| bool starting_; |
| // Controls whether the child process should be terminated on browser |
| // shutdown. Default behavior is to terminate the child. |
| bool terminate_child_on_shutdown_; |
| #if defined(OS_ANDROID) |
| // The fd to close after creating the process. |
| int ipcfd_; |
| #elif defined(OS_POSIX) && !defined(OS_MACOSX) |
| bool zygote_; |
| #endif |
| }; |
| |
| |
| ChildProcessLauncher::ChildProcessLauncher( |
| #if defined(OS_WIN) |
| SandboxedProcessLauncherDelegate* delegate, |
| #elif defined(OS_POSIX) |
| bool use_zygote, |
| const base::EnvironmentMap& environ, |
| int ipcfd, |
| #endif |
| CommandLine* cmd_line, |
| int child_process_id, |
| Client* client) { |
| context_ = new Context(); |
| context_->Launch( |
| #if defined(OS_WIN) |
| delegate, |
| #elif defined(OS_ANDROID) |
| ipcfd, |
| #elif defined(OS_POSIX) |
| use_zygote, |
| environ, |
| ipcfd, |
| #endif |
| cmd_line, |
| child_process_id, |
| client); |
| } |
| |
| ChildProcessLauncher::~ChildProcessLauncher() { |
| context_->ResetClient(); |
| } |
| |
| bool ChildProcessLauncher::IsStarting() { |
| return context_->starting_; |
| } |
| |
| base::ProcessHandle ChildProcessLauncher::GetHandle() { |
| DCHECK(!context_->starting_); |
| return context_->process_.handle(); |
| } |
| |
| base::TerminationStatus ChildProcessLauncher::GetChildTerminationStatus( |
| bool known_dead, |
| int* exit_code) { |
| base::ProcessHandle handle = context_->process_.handle(); |
| if (handle == base::kNullProcessHandle) { |
| // Process is already gone, so return the cached termination status. |
| if (exit_code) |
| *exit_code = context_->exit_code_; |
| return context_->termination_status_; |
| } |
| #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| if (context_->zygote_) { |
| context_->termination_status_ = ZygoteHostImpl::GetInstance()-> |
| GetTerminationStatus(handle, known_dead, &context_->exit_code_); |
| } else if (known_dead) { |
| context_->termination_status_ = |
| base::GetKnownDeadTerminationStatus(handle, &context_->exit_code_); |
| } else { |
| #elif defined(OS_MACOSX) |
| if (known_dead) { |
| context_->termination_status_ = |
| base::GetKnownDeadTerminationStatus(handle, &context_->exit_code_); |
| } else { |
| #elif defined(OS_ANDROID) |
| if (IsChildProcessOomProtected(handle)) { |
| context_->termination_status_ = base::TERMINATION_STATUS_OOM_PROTECTED; |
| } else { |
| #else |
| { |
| #endif |
| context_->termination_status_ = |
| base::GetTerminationStatus(handle, &context_->exit_code_); |
| } |
| |
| if (exit_code) |
| *exit_code = context_->exit_code_; |
| |
| // POSIX: If the process crashed, then the kernel closed the socket |
| // for it and so the child has already died by the time we get |
| // here. Since GetTerminationStatus called waitpid with WNOHANG, |
| // it'll reap the process. However, if GetTerminationStatus didn't |
| // reap the child (because it was still running), we'll need to |
| // Terminate via ProcessWatcher. So we can't close the handle here. |
| if (context_->termination_status_ != base::TERMINATION_STATUS_STILL_RUNNING) |
| context_->process_.Close(); |
| |
| return context_->termination_status_; |
| } |
| |
| void ChildProcessLauncher::SetProcessBackgrounded(bool background) { |
| BrowserThread::PostTask( |
| BrowserThread::PROCESS_LAUNCHER, FROM_HERE, |
| base::Bind( |
| &ChildProcessLauncher::Context::SetProcessBackgrounded, |
| GetHandle(), background)); |
| } |
| |
| void ChildProcessLauncher::SetTerminateChildOnShutdown( |
| bool terminate_on_shutdown) { |
| if (context_.get()) |
| context_->set_terminate_child_on_shutdown(terminate_on_shutdown); |
| } |
| |
| } // namespace content |