content/browser/child_process_launcher.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/child_process_launcher.h"
   6
   7 #include <utility>  // For std::pair.
   8
   9 #include "base/bind.h"
  10 #include "base/command_line.h"
  11 #include "base/file_util.h"
  12 #include "base/logging.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/metrics/histogram.h"
  15 #include "base/process/process.h"
  16 #include "base/synchronization/lock.h"
  17 #include "base/threading/thread.h"
  18 #include "content/public/browser/browser_thread.h"
  19 #include "content/public/browser/content_browser_client.h"
  20 #include "content/public/common/content_descriptors.h"
  21 #include "content/public/common/content_switches.h"
  22 #include "content/public/common/result_codes.h"
  23
  24 #if defined(OS_WIN)
  25 #include "base/files/file_path.h"
  26 #include "content/common/sandbox_win.h"
  27 #include "content/public/common/sandbox_init.h"
  28 #include "content/public/common/sandboxed_process_launcher_delegate.h"
  29 #elif defined(OS_MACOSX)
  30 #include "content/browser/mach_broker_mac.h"
  31 #elif defined(OS_ANDROID)
  32 #include "base/android/jni_android.h"
  33 #include "content/browser/android/child_process_launcher_android.h"
  34 #elif defined(OS_POSIX)
  35 #include "base/memory/shared_memory.h"
  36 #include "base/memory/singleton.h"
  37 #include "content/browser/renderer_host/render_sandbox_host_linux.h"
  38 #include "content/browser/zygote_host/zygote_host_impl_linux.h"
  39 #include "content/common/child_process_sandbox_support_impl_linux.h"
  40 #endif
  41
  42 #if defined(OS_POSIX)
  43 #include "base/metrics/stats_table.h"
  44 #include "base/posix/global_descriptors.h"
  45 #endif
  46
  47 namespace content {
  48
  49 // Having the functionality of ChildProcessLauncher be in an internal
  50 // ref counted object allows us to automatically terminate the process when the
  51 // parent class destructs, while still holding on to state that we need.
  52 class ChildProcessLauncher::Context
  53     : public base::RefCountedThreadSafe<ChildProcessLauncher::Context> {
  54  public:
  55   Context()
  56       : client_(NULL),
  57         client_thread_id_(BrowserThread::UI),
  58         termination_status_(base::TERMINATION_STATUS_NORMAL_TERMINATION),
  59         exit_code_(RESULT_CODE_NORMAL_EXIT),
  60         starting_(true)
  61 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
  62         , zygote_(false)
  63 #endif
  64         {
  65 #if defined(OS_POSIX)
  66           terminate_child_on_shutdown_ = !CommandLine::ForCurrentProcess()->
  67               HasSwitch(switches::kChildCleanExit);
  68 #else
  69           terminate_child_on_shutdown_ = true;
  70 #endif
  71   }
  72
  73   void Launch(
  74 #if defined(OS_WIN)
  75       SandboxedProcessLauncherDelegate* delegate,
  76 #elif defined(OS_ANDROID)
  77       int ipcfd,
  78 #elif defined(OS_POSIX)
  79       bool use_zygote,
  80       const base::EnvironmentMap& environ,
  81       int ipcfd,
  82 #endif
  83       CommandLine* cmd_line,
  84       int child_process_id,
  85       Client* client) {
  86     client_ = client;
  87
  88     CHECK(BrowserThread::GetCurrentThreadIdentifier(&client_thread_id_));
  89
  90 #if defined(OS_ANDROID)
  91     // We need to close the client end of the IPC channel to reliably detect
  92     // child termination. We will close this fd after we create the child
  93     // process which is asynchronous on Android.
  94     ipcfd_ = ipcfd;
  95 #endif
  96     BrowserThread::PostTask(
  97         BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
  98         base::Bind(
  99             &Context::LaunchInternal,
 100             make_scoped_refptr(this),
 101             client_thread_id_,
 102             child_process_id,
 103 #if defined(OS_WIN)
 104             delegate,
 105 #elif defined(OS_ANDROID)
 106             ipcfd,
 107 #elif defined(OS_POSIX)
 108             use_zygote,
 109             environ,
 110             ipcfd,
 111 #endif
 112             cmd_line));
 113   }
 114
 115 #if defined(OS_ANDROID)
 116   static void OnChildProcessStarted(
 117       // |this_object| is NOT thread safe. Only use it to post a task back.
 118       scoped_refptr<Context> this_object,
 119       BrowserThread::ID client_thread_id,
 120       const base::TimeTicks begin_launch_time,
 121       base::ProcessHandle handle) {
 122     RecordHistograms(begin_launch_time);
 123     if (BrowserThread::CurrentlyOn(client_thread_id)) {
 124       // This is always invoked on the UI thread which is commonly the
 125       // |client_thread_id| so we can shortcut one PostTask.
 126       this_object->Notify(handle);
 127     } else {
 128       BrowserThread::PostTask(
 129           client_thread_id, FROM_HERE,
 130           base::Bind(
 131               &ChildProcessLauncher::Context::Notify,
 132               this_object,
 133               handle));
 134     }
 135   }
 136 #endif
 137
 138   void ResetClient() {
 139     // No need for locking as this function gets called on the same thread that
 140     // client_ would be used.
 141     CHECK(BrowserThread::CurrentlyOn(client_thread_id_));
 142     client_ = NULL;
 143   }
 144
 145   void set_terminate_child_on_shutdown(bool terminate_on_shutdown) {
 146     terminate_child_on_shutdown_ = terminate_on_shutdown;
 147   }
 148
 149  private:
 150   friend class base::RefCountedThreadSafe<ChildProcessLauncher::Context>;
 151   friend class ChildProcessLauncher;
 152
 153   ~Context() {
 154     Terminate();
 155   }
 156
 157   static void RecordHistograms(const base::TimeTicks begin_launch_time) {
 158     base::TimeDelta launch_time = base::TimeTicks::Now() - begin_launch_time;
 159     if (BrowserThread::CurrentlyOn(BrowserThread::PROCESS_LAUNCHER)) {
 160       RecordLaunchHistograms(launch_time);
 161     } else {
 162       BrowserThread::PostTask(
 163           BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
 164           base::Bind(&ChildProcessLauncher::Context::RecordLaunchHistograms,
 165                      launch_time));
 166     }
 167   }
 168
 169   static void RecordLaunchHistograms(const base::TimeDelta launch_time) {
 170     // Log the launch time, separating out the first one (which will likely be
 171     // slower due to the rest of the browser initializing at the same time).
 172     static bool done_first_launch = false;
 173     if (done_first_launch) {
 174       UMA_HISTOGRAM_TIMES("MPArch.ChildProcessLaunchSubsequent", launch_time);
 175     } else {
 176       UMA_HISTOGRAM_TIMES("MPArch.ChildProcessLaunchFirst", launch_time);
 177       done_first_launch = true;
 178     }
 179   }
 180
 181   static void LaunchInternal(
 182       // |this_object| is NOT thread safe. Only use it to post a task back.
 183       scoped_refptr<Context> this_object,
 184       BrowserThread::ID client_thread_id,
 185       int child_process_id,
 186 #if defined(OS_WIN)
 187       SandboxedProcessLauncherDelegate* delegate,
 188 #elif defined(OS_ANDROID)
 189       int ipcfd,
 190 #elif defined(OS_POSIX)
 191       bool use_zygote,
 192       const base::EnvironmentMap& env,
 193       int ipcfd,
 194 #endif
 195       CommandLine* cmd_line) {
 196     scoped_ptr<CommandLine> cmd_line_deleter(cmd_line);
 197     base::TimeTicks begin_launch_time = base::TimeTicks::Now();
 198
 199 #if defined(OS_WIN)
 200     scoped_ptr<SandboxedProcessLauncherDelegate> delegate_deleter(delegate);
 201     base::ProcessHandle handle = StartSandboxedProcess(delegate, cmd_line);
 202 #elif defined(OS_POSIX)
 203     std::string process_type =
 204         cmd_line->GetSwitchValueASCII(switches::kProcessType);
 205     std::vector<FileDescriptorInfo> files_to_register;
 206     files_to_register.push_back(
 207         FileDescriptorInfo(kPrimaryIPCChannel,
 208                            base::FileDescriptor(ipcfd, false)));
 209     base::StatsTable* stats_table = base::StatsTable::current();
 210     if (stats_table &&
 211         base::SharedMemory::IsHandleValid(
 212             stats_table->GetSharedMemoryHandle())) {
 213       files_to_register.push_back(
 214           FileDescriptorInfo(kStatsTableSharedMemFd,
 215                              stats_table->GetSharedMemoryHandle()));
 216     }
 217 #endif
 218
 219 #if defined(OS_ANDROID)
 220     // Android WebView runs in single process, ensure that we never get here
 221     // when running in single process mode.
 222     CHECK(!cmd_line->HasSwitch(switches::kSingleProcess));
 223
 224     GetContentClient()->browser()->
 225         GetAdditionalMappedFilesForChildProcess(*cmd_line, child_process_id,
 226                                                 &files_to_register);
 227
 228     StartChildProcess(cmd_line->argv(), files_to_register,
 229         base::Bind(&ChildProcessLauncher::Context::OnChildProcessStarted,
 230                    this_object, client_thread_id, begin_launch_time));
 231
 232 #elif defined(OS_POSIX)
 233     base::ProcessHandle handle = base::kNullProcessHandle;
 234     // We need to close the client end of the IPC channel to reliably detect
 235     // child termination.
 236     file_util::ScopedFD ipcfd_closer(&ipcfd);
 237
 238 #if !defined(OS_MACOSX)
 239     GetContentClient()->browser()->
 240         GetAdditionalMappedFilesForChildProcess(*cmd_line, child_process_id,
 241                                                 &files_to_register);
 242     if (use_zygote) {
 243       handle = ZygoteHostImpl::GetInstance()->ForkRequest(cmd_line->argv(),
 244                                                           files_to_register,
 245                                                           process_type);
 246     } else
 247     // Fall through to the normal posix case below when we're not zygoting.
 248 #endif  // !defined(OS_MACOSX)
 249     {
 250       // Convert FD mapping to FileHandleMappingVector
 251       base::FileHandleMappingVector fds_to_map;
 252       for (size_t i = 0; i < files_to_register.size(); ++i) {
 253         fds_to_map.push_back(std::make_pair(
 254             files_to_register[i].fd.fd,
 255             files_to_register[i].id +
 256                 base::GlobalDescriptors::kBaseDescriptor));
 257       }
 258
 259 #if !defined(OS_MACOSX)
 260       if (process_type == switches::kRendererProcess) {
 261         const int sandbox_fd =
 262             RenderSandboxHostLinux::GetInstance()->GetRendererSocket();
 263         fds_to_map.push_back(std::make_pair(
 264             sandbox_fd,
 265             GetSandboxFD()));
 266       }
 267 #endif  // defined(OS_MACOSX)
 268
 269       // Actually launch the app.
 270       base::LaunchOptions options;
 271       options.environ = env;
 272       options.fds_to_remap = &fds_to_map;
 273
 274 #if defined(OS_MACOSX)
 275       // Hold the MachBroker lock for the duration of LaunchProcess. The child
 276       // will send its task port to the parent almost immediately after startup.
 277       // The Mach message will be delivered to the parent, but updating the
 278       // record of the launch will wait until after the placeholder PID is
 279       // inserted below. This ensures that while the child process may send its
 280       // port to the parent prior to the parent leaving LaunchProcess, the
 281       // order in which the record in MachBroker is updated is correct.
 282       MachBroker* broker = MachBroker::GetInstance();
 283       broker->GetLock().Acquire();
 284
 285       // Make sure the MachBroker is running, and inform it to expect a
 286       // check-in from the new process.
 287       broker->EnsureRunning();
 288 #endif  // defined(OS_MACOSX)
 289
 290       bool launched = base::LaunchProcess(*cmd_line, options, &handle);
 291
 292 #if defined(OS_MACOSX)
 293       if (launched)
 294         broker->AddPlaceholderForPid(handle);
 295
 296       // After updating the broker, release the lock and let the child's
 297       // messasge be processed on the broker's thread.
 298       broker->GetLock().Release();
 299 #endif  // defined(OS_MACOSX)
 300
 301       if (!launched)
 302         handle = base::kNullProcessHandle;
 303     }
 304 #endif  // else defined(OS_POSIX)
 305 #if !defined(OS_ANDROID)
 306   if (handle)
 307     RecordHistograms(begin_launch_time);
 308   BrowserThread::PostTask(
 309       client_thread_id, FROM_HERE,
 310       base::Bind(
 311           &Context::Notify,
 312           this_object.get(),
 313 #if defined(OS_POSIX) && !defined(OS_MACOSX)
 314           use_zygote,
 315 #endif
 316           handle));
 317 #endif  // !defined(OS_ANDROID)
 318   }
 319
 320   void Notify(
 321 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
 322       bool zygote,
 323 #endif
 324       base::ProcessHandle handle) {
 325 #if defined(OS_ANDROID)
 326     // Finally close the ipcfd
 327     file_util::ScopedFD ipcfd_closer(&ipcfd_);
 328 #endif
 329     starting_ = false;
 330     process_.set_handle(handle);
 331     if (!handle)
 332       LOG(ERROR) << "Failed to launch child process";
 333
 334 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
 335     zygote_ = zygote;
 336 #endif
 337     if (client_) {
 338       client_->OnProcessLaunched();
 339     } else {
 340       Terminate();
 341     }
 342   }
 343
 344   void Terminate() {
 345     if (!process_.handle())
 346       return;
 347
 348     if (!terminate_child_on_shutdown_)
 349       return;
 350
 351     // On Posix, EnsureProcessTerminated can lead to 2 seconds of sleep!  So
 352     // don't this on the UI/IO threads.
 353     BrowserThread::PostTask(
 354         BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
 355         base::Bind(
 356             &Context::TerminateInternal,
 357 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
 358             zygote_,
 359 #endif
 360             process_.handle()));
 361     process_.set_handle(base::kNullProcessHandle);
 362   }
 363
 364   static void SetProcessBackgrounded(base::ProcessHandle handle,
 365                                      bool background) {
 366     base::Process process(handle);
 367     process.SetProcessBackgrounded(background);
 368   }
 369
 370   static void TerminateInternal(
 371 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
 372       bool zygote,
 373 #endif
 374       base::ProcessHandle handle) {
 375 #if defined(OS_ANDROID)
 376     VLOG(0) << "ChromeProcess: Stopping process with handle " << handle;
 377     StopChildProcess(handle);
 378 #else
 379     base::Process process(handle);
 380      // Client has gone away, so just kill the process.  Using exit code 0
 381     // means that UMA won't treat this as a crash.
 382     process.Terminate(RESULT_CODE_NORMAL_EXIT);
 383     // On POSIX, we must additionally reap the child.
 384 #if defined(OS_POSIX)
 385 #if !defined(OS_MACOSX)
 386     if (zygote) {
 387       // If the renderer was created via a zygote, we have to proxy the reaping
 388       // through the zygote process.
 389       ZygoteHostImpl::GetInstance()->EnsureProcessTerminated(handle);
 390     } else
 391 #endif  // !OS_MACOSX
 392     {
 393       base::EnsureProcessTerminated(handle);
 394     }
 395 #endif  // OS_POSIX
 396     process.Close();
 397 #endif  // defined(OS_ANDROID)
 398   }
 399
 400   Client* client_;
 401   BrowserThread::ID client_thread_id_;
 402   base::Process process_;
 403   base::TerminationStatus termination_status_;
 404   int exit_code_;
 405   bool starting_;
 406   // Controls whether the child process should be terminated on browser
 407   // shutdown. Default behavior is to terminate the child.
 408   bool terminate_child_on_shutdown_;
 409 #if defined(OS_ANDROID)
 410   // The fd to close after creating the process.
 411   int ipcfd_;
 412 #elif defined(OS_POSIX) && !defined(OS_MACOSX)
 413   bool zygote_;
 414 #endif
 415 };
 416
 417
 418 ChildProcessLauncher::ChildProcessLauncher(
 419 #if defined(OS_WIN)
 420     SandboxedProcessLauncherDelegate* delegate,
 421 #elif defined(OS_POSIX)
 422     bool use_zygote,
 423     const base::EnvironmentMap& environ,
 424     int ipcfd,
 425 #endif
 426     CommandLine* cmd_line,
 427     int child_process_id,
 428     Client* client) {
 429   context_ = new Context();
 430   context_->Launch(
 431 #if defined(OS_WIN)
 432       delegate,
 433 #elif defined(OS_ANDROID)
 434       ipcfd,
 435 #elif defined(OS_POSIX)
 436       use_zygote,
 437       environ,
 438       ipcfd,
 439 #endif
 440       cmd_line,
 441       child_process_id,
 442       client);
 443 }
 444
 445 ChildProcessLauncher::~ChildProcessLauncher() {
 446   context_->ResetClient();
 447 }
 448
 449 bool ChildProcessLauncher::IsStarting() {
 450   return context_->starting_;
 451 }
 452
 453 base::ProcessHandle ChildProcessLauncher::GetHandle() {
 454   DCHECK(!context_->starting_);
 455   return context_->process_.handle();
 456 }
 457
 458 base::TerminationStatus ChildProcessLauncher::GetChildTerminationStatus(
 459     bool known_dead,
 460     int* exit_code) {
 461   base::ProcessHandle handle = context_->process_.handle();
 462   if (handle == base::kNullProcessHandle) {
 463     // Process is already gone, so return the cached termination status.
 464     if (exit_code)
 465       *exit_code = context_->exit_code_;
 466     return context_->termination_status_;
 467   }
 468 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
 469   if (context_->zygote_) {
 470     context_->termination_status_ = ZygoteHostImpl::GetInstance()->
 471         GetTerminationStatus(handle, known_dead, &context_->exit_code_);
 472   } else if (known_dead) {
 473     context_->termination_status_ =
 474         base::GetKnownDeadTerminationStatus(handle, &context_->exit_code_);
 475   } else {
 476 #elif defined(OS_MACOSX)
 477   if (known_dead) {
 478     context_->termination_status_ =
 479         base::GetKnownDeadTerminationStatus(handle, &context_->exit_code_);
 480   } else {
 481 #elif defined(OS_ANDROID)
 482   if (IsChildProcessOomProtected(handle)) {
 483       context_->termination_status_ = base::TERMINATION_STATUS_OOM_PROTECTED;
 484   } else {
 485 #else
 486   {
 487 #endif
 488     context_->termination_status_ =
 489         base::GetTerminationStatus(handle, &context_->exit_code_);
 490   }
 491
 492   if (exit_code)
 493     *exit_code = context_->exit_code_;
 494
 495   // POSIX: If the process crashed, then the kernel closed the socket
 496   // for it and so the child has already died by the time we get
 497   // here. Since GetTerminationStatus called waitpid with WNOHANG,
 498   // it'll reap the process.  However, if GetTerminationStatus didn't
 499   // reap the child (because it was still running), we'll need to
 500   // Terminate via ProcessWatcher. So we can't close the handle here.
 501   if (context_->termination_status_ != base::TERMINATION_STATUS_STILL_RUNNING)
 502     context_->process_.Close();
 503
 504   return context_->termination_status_;
 505 }
 506
 507 void ChildProcessLauncher::SetProcessBackgrounded(bool background) {
 508   BrowserThread::PostTask(
 509       BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
 510       base::Bind(
 511           &ChildProcessLauncher::Context::SetProcessBackgrounded,
 512           GetHandle(), background));
 513 }
 514
 515 void ChildProcessLauncher::SetTerminateChildOnShutdown(
 516   bool terminate_on_shutdown) {
 517   if (context_.get())
 518     context_->set_terminate_child_on_shutdown(terminate_on_shutdown);
 519 }
 520
 521 }  // namespace content