[refactor] More post-NSS WebCrypto cleanups (utility functions).
[chromium-blink-merge.git] / content / browser / child_process_launcher.cc
blob5a88d768449122e4abd6e468c181f59f0de91551
1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/child_process_launcher.h"
7 #include "base/bind.h"
8 #include "base/command_line.h"
9 #include "base/files/file_util.h"
10 #include "base/i18n/icu_util.h"
11 #include "base/logging.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/metrics/histogram.h"
14 #include "base/process/process.h"
15 #include "base/profiler/scoped_tracker.h"
16 #include "base/synchronization/lock.h"
17 #include "base/threading/thread.h"
18 #include "content/public/browser/content_browser_client.h"
19 #include "content/public/common/content_descriptors.h"
20 #include "content/public/common/content_switches.h"
21 #include "content/public/common/result_codes.h"
22 #include "content/public/common/sandboxed_process_launcher_delegate.h"
24 #if defined(OS_WIN)
25 #include "base/files/file_path.h"
26 #include "content/common/sandbox_win.h"
27 #include "content/public/common/sandbox_init.h"
28 #elif defined(OS_MACOSX)
29 #include "content/browser/bootstrap_sandbox_manager_mac.h"
30 #include "content/browser/browser_io_surface_manager_mac.h"
31 #include "content/browser/mach_broker_mac.h"
32 #include "sandbox/mac/bootstrap_sandbox.h"
33 #include "sandbox/mac/pre_exec_delegate.h"
34 #elif defined(OS_ANDROID)
35 #include "base/android/jni_android.h"
36 #include "content/browser/android/child_process_launcher_android.h"
37 #elif defined(OS_POSIX)
38 #include "base/memory/singleton.h"
39 #include "content/browser/renderer_host/render_sandbox_host_linux.h"
40 #include "content/browser/zygote_host/zygote_host_impl_linux.h"
41 #include "content/common/child_process_sandbox_support_impl_linux.h"
42 #endif
44 #if defined(OS_POSIX)
45 #include "base/posix/global_descriptors.h"
46 #include "content/browser/file_descriptor_info_impl.h"
47 #include "gin/v8_initializer.h"
48 #endif
50 namespace content {
52 namespace {
54 typedef base::Callback<void(bool,
55 #if defined(OS_ANDROID)
56 base::ScopedFD,
57 #endif
58 base::Process)> NotifyCallback;
60 void RecordHistogramsOnLauncherThread(base::TimeDelta launch_time) {
61 DCHECK_CURRENTLY_ON(BrowserThread::PROCESS_LAUNCHER);
62 // Log the launch time, separating out the first one (which will likely be
63 // slower due to the rest of the browser initializing at the same time).
64 static bool done_first_launch = false;
65 if (done_first_launch) {
66 UMA_HISTOGRAM_TIMES("MPArch.ChildProcessLaunchSubsequent", launch_time);
67 } else {
68 UMA_HISTOGRAM_TIMES("MPArch.ChildProcessLaunchFirst", launch_time);
69 done_first_launch = true;
73 #if defined(OS_ANDROID)
74 // TODO(sievers): Remove this by defining better what happens on what
75 // thread in the corresponding Java code.
76 void OnChildProcessStartedAndroid(const NotifyCallback& callback,
77 BrowserThread::ID client_thread_id,
78 const base::TimeTicks begin_launch_time,
79 base::ScopedFD ipcfd,
80 base::ProcessHandle handle) {
81 // This can be called on the launcher thread or UI thread.
82 base::TimeDelta launch_time = base::TimeTicks::Now() - begin_launch_time;
83 BrowserThread::PostTask(
84 BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
85 base::Bind(&RecordHistogramsOnLauncherThread, launch_time));
87 base::Closure callback_on_client_thread(
88 base::Bind(callback, false, base::Passed(&ipcfd),
89 base::Passed(base::Process(handle))));
90 if (BrowserThread::CurrentlyOn(client_thread_id)) {
91 callback_on_client_thread.Run();
92 } else {
93 BrowserThread::PostTask(
94 client_thread_id, FROM_HERE, callback_on_client_thread);
97 #endif
99 void LaunchOnLauncherThread(const NotifyCallback& callback,
100 BrowserThread::ID client_thread_id,
101 int child_process_id,
102 SandboxedProcessLauncherDelegate* delegate,
103 #if defined(OS_ANDROID)
104 base::ScopedFD ipcfd,
105 #endif
106 base::CommandLine* cmd_line) {
107 DCHECK_CURRENTLY_ON(BrowserThread::PROCESS_LAUNCHER);
108 scoped_ptr<SandboxedProcessLauncherDelegate> delegate_deleter(delegate);
109 #if defined(OS_WIN)
110 bool use_zygote = false;
111 bool launch_elevated = delegate->ShouldLaunchElevated();
112 #elif defined(OS_MACOSX)
113 bool use_zygote = false;
114 base::EnvironmentMap env = delegate->GetEnvironment();
115 base::ScopedFD ipcfd = delegate->TakeIpcFd();
116 #elif defined(OS_POSIX) && !defined(OS_ANDROID)
117 bool use_zygote = delegate->ShouldUseZygote();
118 base::EnvironmentMap env = delegate->GetEnvironment();
119 base::ScopedFD ipcfd = delegate->TakeIpcFd();
120 #endif
121 scoped_ptr<base::CommandLine> cmd_line_deleter(cmd_line);
122 base::TimeTicks begin_launch_time = base::TimeTicks::Now();
124 base::Process process;
125 #if defined(OS_WIN)
126 if (launch_elevated) {
127 base::LaunchOptions options;
128 options.start_hidden = true;
129 process = base::LaunchElevatedProcess(*cmd_line, options);
130 } else {
131 process = StartSandboxedProcess(delegate, cmd_line);
133 #elif defined(OS_POSIX)
134 std::string process_type =
135 cmd_line->GetSwitchValueASCII(switches::kProcessType);
136 scoped_ptr<FileDescriptorInfo> files_to_register(
137 FileDescriptorInfoImpl::Create());
139 #if defined(OS_ANDROID)
140 files_to_register->Share(kPrimaryIPCChannel, ipcfd.get());
141 #else
142 files_to_register->Transfer(kPrimaryIPCChannel, ipcfd.Pass());
143 #endif
144 #endif
146 #if defined(OS_POSIX) && !defined(OS_MACOSX)
147 std::map<int, base::MemoryMappedFile::Region> regions;
148 GetContentClient()->browser()->GetAdditionalMappedFilesForChildProcess(
149 *cmd_line, child_process_id, files_to_register.get()
150 #if defined(OS_ANDROID)
151 , &regions
152 #endif
154 #if defined(V8_USE_EXTERNAL_STARTUP_DATA)
155 base::PlatformFile natives_pf =
156 gin::V8Initializer::GetOpenNativesFileForChildProcesses(
157 &regions[kV8NativesDataDescriptor]);
158 DCHECK_GE(natives_pf, 0);
159 files_to_register->Share(kV8NativesDataDescriptor, natives_pf);
161 base::MemoryMappedFile::Region snapshot_region;
162 base::PlatformFile snapshot_pf =
163 gin::V8Initializer::GetOpenSnapshotFileForChildProcesses(
164 &snapshot_region);
165 // Failure to load the V8 snapshot is not necessarily an error. V8 can start
166 // up (slower) without the snapshot.
167 if (snapshot_pf != -1) {
168 files_to_register->Share(kV8SnapshotDataDescriptor, snapshot_pf);
169 regions.insert(std::make_pair(kV8SnapshotDataDescriptor, snapshot_region));
172 if (process_type != switches::kZygoteProcess) {
173 cmd_line->AppendSwitch(::switches::kV8NativesPassedByFD);
174 if (snapshot_pf != -1) {
175 cmd_line->AppendSwitch(::switches::kV8SnapshotPassedByFD);
178 #endif // defined(V8_USE_EXTERNAL_STARTUP_DATA)
179 #endif // defined(OS_POSIX) && !defined(OS_MACOSX)
181 #if defined(OS_ANDROID)
182 files_to_register->Share(
183 kAndroidICUDataDescriptor,
184 base::i18n::GetIcuDataFileHandle(&regions[kAndroidICUDataDescriptor]));
186 // Android WebView runs in single process, ensure that we never get here
187 // when running in single process mode.
188 CHECK(!cmd_line->HasSwitch(switches::kSingleProcess));
190 StartChildProcess(
191 cmd_line->argv(), child_process_id, files_to_register.Pass(), regions,
192 base::Bind(&OnChildProcessStartedAndroid, callback, client_thread_id,
193 begin_launch_time, base::Passed(&ipcfd)));
195 #elif defined(OS_POSIX)
196 // We need to close the client end of the IPC channel to reliably detect
197 // child termination.
199 #if !defined(OS_MACOSX)
200 if (use_zygote) {
201 base::ProcessHandle handle = ZygoteHostImpl::GetInstance()->ForkRequest(
202 cmd_line->argv(), files_to_register.Pass(), process_type);
203 process = base::Process(handle);
204 } else
205 // Fall through to the normal posix case below when we're not zygoting.
206 #endif // !defined(OS_MACOSX)
208 // Convert FD mapping to FileHandleMappingVector
209 base::FileHandleMappingVector fds_to_map =
210 files_to_register->GetMappingWithIDAdjustment(
211 base::GlobalDescriptors::kBaseDescriptor);
213 #if !defined(OS_MACOSX)
214 if (process_type == switches::kRendererProcess) {
215 const int sandbox_fd =
216 RenderSandboxHostLinux::GetInstance()->GetRendererSocket();
217 fds_to_map.push_back(std::make_pair(
218 sandbox_fd,
219 GetSandboxFD()));
221 #endif // defined(OS_MACOSX)
223 // Actually launch the app.
224 base::LaunchOptions options;
225 options.environ = env;
226 options.fds_to_remap = &fds_to_map;
228 #if defined(OS_MACOSX)
229 // Hold the MachBroker lock for the duration of LaunchProcess. The child
230 // will send its task port to the parent almost immediately after startup.
231 // The Mach message will be delivered to the parent, but updating the
232 // record of the launch will wait until after the placeholder PID is
233 // inserted below. This ensures that while the child process may send its
234 // port to the parent prior to the parent leaving LaunchProcess, the
235 // order in which the record in MachBroker is updated is correct.
236 MachBroker* broker = MachBroker::GetInstance();
237 broker->GetLock().Acquire();
239 // Make sure the MachBroker is running, and inform it to expect a
240 // check-in from the new process.
241 broker->EnsureRunning();
243 // Make sure the IOSurfaceManager service is running.
244 BrowserIOSurfaceManager::GetInstance()->EnsureRunning();
246 const SandboxType sandbox_type = delegate->GetSandboxType();
247 scoped_ptr<sandbox::PreExecDelegate> pre_exec_delegate;
248 if (BootstrapSandboxManager::ShouldEnable()) {
249 BootstrapSandboxManager* sandbox_manager =
250 BootstrapSandboxManager::GetInstance();
251 if (sandbox_manager->EnabledForSandbox(sandbox_type)) {
252 pre_exec_delegate =
253 sandbox_manager->sandbox()->NewClient(sandbox_type).Pass();
256 options.pre_exec_delegate = pre_exec_delegate.get();
257 #endif // defined(OS_MACOSX)
259 process = base::LaunchProcess(*cmd_line, options);
261 #if defined(OS_MACOSX)
262 if (process.IsValid()) {
263 broker->AddPlaceholderForPid(process.Pid(), child_process_id);
264 } else {
265 if (pre_exec_delegate) {
266 BootstrapSandboxManager::GetInstance()->sandbox()->RevokeToken(
267 pre_exec_delegate->sandbox_token());
271 // After updating the broker, release the lock and let the child's
272 // messasge be processed on the broker's thread.
273 broker->GetLock().Release();
274 #endif // defined(OS_MACOSX)
276 #endif // else defined(OS_POSIX)
277 #if !defined(OS_ANDROID)
278 if (process.IsValid()) {
279 RecordHistogramsOnLauncherThread(base::TimeTicks::Now() -
280 begin_launch_time);
282 BrowserThread::PostTask(client_thread_id, FROM_HERE,
283 base::Bind(callback,
284 use_zygote,
285 base::Passed(&process)));
286 #endif // !defined(OS_ANDROID)
289 void TerminateOnLauncherThread(bool zygote, base::Process process) {
290 DCHECK_CURRENTLY_ON(BrowserThread::PROCESS_LAUNCHER);
291 #if defined(OS_ANDROID)
292 VLOG(1) << "ChromeProcess: Stopping process with handle "
293 << process.Handle();
294 StopChildProcess(process.Handle());
295 #else
296 // Client has gone away, so just kill the process. Using exit code 0
297 // means that UMA won't treat this as a crash.
298 process.Terminate(RESULT_CODE_NORMAL_EXIT, false);
299 // On POSIX, we must additionally reap the child.
300 #if defined(OS_POSIX)
301 #if !defined(OS_MACOSX)
302 if (zygote) {
303 // If the renderer was created via a zygote, we have to proxy the reaping
304 // through the zygote process.
305 ZygoteHostImpl::GetInstance()->EnsureProcessTerminated(process.Handle());
306 } else
307 #endif // !OS_MACOSX
308 base::EnsureProcessTerminated(process.Pass());
309 #endif // OS_POSIX
310 #endif // defined(OS_ANDROID)
313 void SetProcessBackgroundedOnLauncherThread(base::Process process,
314 bool background) {
315 DCHECK_CURRENTLY_ON(BrowserThread::PROCESS_LAUNCHER);
316 #if defined(OS_MACOSX)
317 MachBroker* broker = MachBroker::GetInstance();
318 mach_port_t task_port = broker->TaskForPid(process.Pid());
319 if (task_port != TASK_NULL) {
320 process.SetProcessBackgrounded(task_port, background);
322 #else
323 process.SetProcessBackgrounded(background);
324 #endif // defined(OS_MACOSX)
325 #if defined(OS_ANDROID)
326 SetChildProcessInForeground(process.Handle(), !background);
327 #endif
330 } // anonymous namespace
332 ChildProcessLauncher::ChildProcessLauncher(
333 SandboxedProcessLauncherDelegate* delegate,
334 base::CommandLine* cmd_line,
335 int child_process_id,
336 Client* client,
337 bool terminate_on_shutdown)
338 : client_(client),
339 termination_status_(base::TERMINATION_STATUS_NORMAL_TERMINATION),
340 exit_code_(RESULT_CODE_NORMAL_EXIT),
341 zygote_(false),
342 starting_(true),
343 #if defined(ADDRESS_SANITIZER) || defined(LEAK_SANITIZER) || \
344 defined(MEMORY_SANITIZER) || defined(THREAD_SANITIZER) || \
345 defined(UNDEFINED_SANITIZER)
346 terminate_child_on_shutdown_(false),
347 #else
348 terminate_child_on_shutdown_(terminate_on_shutdown),
349 #endif
350 weak_factory_(this) {
351 DCHECK(CalledOnValidThread());
352 CHECK(BrowserThread::GetCurrentThreadIdentifier(&client_thread_id_));
353 Launch(delegate, cmd_line, child_process_id);
356 ChildProcessLauncher::~ChildProcessLauncher() {
357 DCHECK(CalledOnValidThread());
358 if (process_.IsValid() && terminate_child_on_shutdown_) {
359 // On Posix, EnsureProcessTerminated can lead to 2 seconds of sleep! So
360 // don't this on the UI/IO threads.
361 BrowserThread::PostTask(BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
362 base::Bind(&TerminateOnLauncherThread, zygote_,
363 base::Passed(&process_)));
367 void ChildProcessLauncher::Launch(
368 SandboxedProcessLauncherDelegate* delegate,
369 base::CommandLine* cmd_line,
370 int child_process_id) {
371 DCHECK(CalledOnValidThread());
373 #if defined(OS_ANDROID)
374 // Android only supports renderer, sandboxed utility and gpu.
375 std::string process_type =
376 cmd_line->GetSwitchValueASCII(switches::kProcessType);
377 CHECK(process_type == switches::kGpuProcess ||
378 process_type == switches::kRendererProcess ||
379 #if defined(ENABLE_PLUGINS)
380 process_type == switches::kPpapiPluginProcess ||
381 #endif
382 process_type == switches::kUtilityProcess)
383 << "Unsupported process type: " << process_type;
385 // Non-sandboxed utility or renderer process are currently not supported.
386 DCHECK(process_type == switches::kGpuProcess ||
387 !cmd_line->HasSwitch(switches::kNoSandbox));
389 // We need to close the client end of the IPC channel to reliably detect
390 // child termination. We will close this fd after we create the child
391 // process which is asynchronous on Android.
392 base::ScopedFD ipcfd(delegate->TakeIpcFd().release());
393 #endif
394 NotifyCallback reply_callback(base::Bind(&ChildProcessLauncher::DidLaunch,
395 weak_factory_.GetWeakPtr(),
396 terminate_child_on_shutdown_));
397 BrowserThread::PostTask(
398 BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
399 base::Bind(&LaunchOnLauncherThread, reply_callback, client_thread_id_,
400 child_process_id, delegate,
401 #if defined(OS_ANDROID)
402 base::Passed(&ipcfd),
403 #endif
404 cmd_line));
407 void ChildProcessLauncher::UpdateTerminationStatus(bool known_dead) {
408 DCHECK(CalledOnValidThread());
409 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
410 if (zygote_) {
411 termination_status_ = ZygoteHostImpl::GetInstance()->
412 GetTerminationStatus(process_.Handle(), known_dead, &exit_code_);
413 } else if (known_dead) {
414 termination_status_ =
415 base::GetKnownDeadTerminationStatus(process_.Handle(), &exit_code_);
416 } else {
417 #elif defined(OS_MACOSX)
418 if (known_dead) {
419 termination_status_ =
420 base::GetKnownDeadTerminationStatus(process_.Handle(), &exit_code_);
421 } else {
422 #elif defined(OS_ANDROID)
423 if (IsChildProcessOomProtected(process_.Handle())) {
424 termination_status_ = base::TERMINATION_STATUS_OOM_PROTECTED;
425 } else {
426 #else
428 #endif
429 termination_status_ =
430 base::GetTerminationStatus(process_.Handle(), &exit_code_);
434 void ChildProcessLauncher::SetProcessBackgrounded(bool background) {
435 DCHECK(CalledOnValidThread());
436 base::Process to_pass = process_.Duplicate();
437 BrowserThread::PostTask(BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
438 base::Bind(&SetProcessBackgroundedOnLauncherThread,
439 base::Passed(&to_pass), background));
442 void ChildProcessLauncher::DidLaunch(
443 base::WeakPtr<ChildProcessLauncher> instance,
444 bool terminate_on_shutdown,
445 bool zygote,
446 #if defined(OS_ANDROID)
447 base::ScopedFD ipcfd,
448 #endif
449 base::Process process) {
450 if (!process.IsValid())
451 LOG(ERROR) << "Failed to launch child process";
453 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/465841
454 // is fixed.
455 tracked_objects::ScopedTracker tracking_profile1(
456 FROM_HERE_WITH_EXPLICIT_FUNCTION(
457 "465841 ChildProcessLauncher::Context::Notify::Start"));
459 if (instance.get()) {
460 instance->Notify(zygote,
461 #if defined(OS_ANDROID)
462 ipcfd.Pass(),
463 #endif
464 process.Pass());
465 } else {
466 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/465841
467 // is fixed.
468 tracked_objects::ScopedTracker tracking_profile4(
469 FROM_HERE_WITH_EXPLICIT_FUNCTION(
470 "465841 ChildProcessLauncher::Context::Notify::ProcessTerminate"));
471 if (process.IsValid() && terminate_on_shutdown) {
472 // On Posix, EnsureProcessTerminated can lead to 2 seconds of sleep! So
473 // don't this on the UI/IO threads.
474 BrowserThread::PostTask(BrowserThread::PROCESS_LAUNCHER, FROM_HERE,
475 base::Bind(&TerminateOnLauncherThread, zygote,
476 base::Passed(&process)));
481 void ChildProcessLauncher::Notify(
482 bool zygote,
483 #if defined(OS_ANDROID)
484 base::ScopedFD ipcfd,
485 #endif
486 base::Process process) {
487 DCHECK(CalledOnValidThread());
488 starting_ = false;
489 process_ = process.Pass();
491 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID)
492 zygote_ = zygote;
493 #endif
494 if (process_.IsValid()) {
495 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/465841
496 // is fixed.
497 tracked_objects::ScopedTracker tracking_profile2(
498 FROM_HERE_WITH_EXPLICIT_FUNCTION(
499 "465841 ChildProcessLauncher::Context::Notify::ProcessLaunched"));
500 client_->OnProcessLaunched();
501 } else {
502 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/465841
503 // is fixed.
504 tracked_objects::ScopedTracker tracking_profile3(
505 FROM_HERE_WITH_EXPLICIT_FUNCTION(
506 "465841 ChildProcessLauncher::Context::Notify::ProcessFailed"));
507 termination_status_ = base::TERMINATION_STATUS_LAUNCH_FAILED;
508 client_->OnProcessLaunchFailed();
512 bool ChildProcessLauncher::IsStarting() {
513 // TODO(crbug.com/469248): This fails in some tests.
514 // DCHECK(CalledOnValidThread());
515 return starting_;
518 const base::Process& ChildProcessLauncher::GetProcess() const {
519 // TODO(crbug.com/469248): This fails in some tests.
520 // DCHECK(CalledOnValidThread());
521 return process_;
524 base::TerminationStatus ChildProcessLauncher::GetChildTerminationStatus(
525 bool known_dead,
526 int* exit_code) {
527 DCHECK(CalledOnValidThread());
528 if (!process_.IsValid()) {
529 // Process is already gone, so return the cached termination status.
530 if (exit_code)
531 *exit_code = exit_code_;
532 return termination_status_;
535 UpdateTerminationStatus(known_dead);
536 if (exit_code)
537 *exit_code = exit_code_;
539 // POSIX: If the process crashed, then the kernel closed the socket
540 // for it and so the child has already died by the time we get
541 // here. Since GetTerminationStatus called waitpid with WNOHANG,
542 // it'll reap the process. However, if GetTerminationStatus didn't
543 // reap the child (because it was still running), we'll need to
544 // Terminate via ProcessWatcher. So we can't close the handle here.
545 if (termination_status_ != base::TERMINATION_STATUS_STILL_RUNNING)
546 process_.Close();
548 return termination_status_;
551 ChildProcessLauncher::Client* ChildProcessLauncher::ReplaceClientForTest(
552 Client* client) {
553 Client* ret = client_;
554 client_ = client;
555 return ret;
558 } // namespace content