[apple/security.git] / securityd / src / child.cpp

/*
 * Copyright (c) 2004,2007 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// child - track a single child process and its belongings
//
#include "child.h"
#include "dtrace.h"
#include <security_utilities/debugging.h>


//
// We use a static Mutex to coordinate checkin
//
Mutex ServerChild::mCheckinLock;


//
// Make and break ServerChildren
//
ServerChild::ServerChild()
	: mCheckinCond(mCheckinLock)
{
}


//
// If the ServerChild is destroyed, kill its process, nice or hard.
//
// In case you wonder about the tango below, it's making sure we
// get to "It's dead, Jim" with the minimum number of checkChildren()
// calls while still working correctly if this is the only thread alive.
//
//@@@ We *could* define a "soft shutdown" MIG message to send to all
//@@@ ServerChildren in this situation.
//
ServerChild::~ServerChild()
{
	mServicePort.deallocate();
	
	if (state() == alive) {
		this->kill(SIGTERM);		// shoot it once
		checkChildren();			// check for quick death
		if (state() == alive) {
			usleep(300000);			// give it some grace
			if (state() == alive) {	// could have been reaped by another thread
				checkChildren();	// check again
				if (state() == alive) {	// it... just... won't... die...
					this->kill(SIGKILL); // take THAT!
					checkChildren();
					if (state() == alive) // stuck zombie
						abandon();	// leave the body behind
				}
			}
		}
	}
}


//
// Parent action during fork: wait until ready or dead, then return
//
void ServerChild::parentAction()
{
	// wait for either checkin or (premature) death
	secinfo("serverchild", "%p (pid %d) waiting for checkin", this, pid());
	StLock<Mutex> _(mCheckinLock);
	while (!ready() && state() == alive)
		mCheckinCond.wait();

	// so what happened?
	if (state() == dead) {
		// our child died
		secinfo("serverchild", "%p (pid %d) died before checking in", this, pid());
	} else if (ready()) {
		// child has checked in and is ready for service
		secinfo("serverchild", "%p (pid %d) ready for service on port %d",
			this, pid(), mServicePort.port());
	} else
		assert(false);		// how did we ever get here?!
}


//
// Death action during fork: release the waiting creator thread, if any
//
void ServerChild::dying()
{
	secinfo("serverchild", "%p [%d] is dead; resuming parent thread (if any)", this, this->pid());
	mCheckinCond.signal();
}


void ServerChild::checkIn(Port servicePort, pid_t pid)
{
	if (ServerChild *child = Child::find<ServerChild>(pid)) {
		// Child was alive when last seen. Store service port and signal parent thread
		{
			StLock<Mutex> _(mCheckinLock);
			child->mServicePort = servicePort;
            // The macro END_IPCS deallocates this
            servicePort.modRefs(MACH_PORT_RIGHT_SEND, +1);    // retain send right
			secinfo("serverchild", "%p (pid %d) checking in; resuming parent thread",
				child, pid);
		}
		child->mCheckinCond.signal();
	} else {
		// Child has died; is wrong kind; or spurious checkin.
		// If it was a proper child, death notifications will wake up the parent thread
		secinfo("serverchild", "pid %d not in child set; checkin ignored", pid);
	}
}
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 2004,2007 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// child - track a single child process and its belongings
	27	//
	28	#include "child.h"
	29	#include "dtrace.h"
	30	#include <security_utilities/debugging.h>
	31
	32
	33	//
	34	// We use a static Mutex to coordinate checkin
	35	//
	36	Mutex ServerChild::mCheckinLock;
	37
	38
	39	//
	40	// Make and break ServerChildren
	41	//
	42	ServerChild::ServerChild()
	43	: mCheckinCond(mCheckinLock)
	44	{
	45	}
	46
	47
	48	//
	49	// If the ServerChild is destroyed, kill its process, nice or hard.
	50	//
	51	// In case you wonder about the tango below, it's making sure we
	52	// get to "It's dead, Jim" with the minimum number of checkChildren()
	53	// calls while still working correctly if this is the only thread alive.
	54	//
	55	//@@@ We could define a "soft shutdown" MIG message to send to all
	56	//@@@ ServerChildren in this situation.
	57	//
	58	ServerChild::~ServerChild()
	59	{
dbe77505	60	mServicePort.deallocate();
d8f41ccd A	61
	62	if (state() == alive) {
	63	this->kill(SIGTERM); // shoot it once
	64	checkChildren(); // check for quick death
	65	if (state() == alive) {
	66	usleep(300000); // give it some grace
	67	if (state() == alive) { // could have been reaped by another thread
	68	checkChildren(); // check again
	69	if (state() == alive) { // it... just... won't... die...
	70	this->kill(SIGKILL); // take THAT!
	71	checkChildren();
	72	if (state() == alive) // stuck zombie
	73	abandon(); // leave the body behind
	74	}
	75	}
	76	}
	77	}
	78	}
	79
	80
	81	//
	82	// Parent action during fork: wait until ready or dead, then return
	83	//
	84	void ServerChild::parentAction()
	85	{
	86	// wait for either checkin or (premature) death
fa7225c8	87	secinfo("serverchild", "%p (pid %d) waiting for checkin", this, pid());
d8f41ccd A	88	StLock<Mutex> _(mCheckinLock);
	89	while (!ready() && state() == alive)
	90	mCheckinCond.wait();
	91
	92	// so what happened?
	93	if (state() == dead) {
	94	// our child died
fa7225c8	95	secinfo("serverchild", "%p (pid %d) died before checking in", this, pid());
d8f41ccd A	96	} else if (ready()) {
d8f41ccd A	97	// child has checked in and is ready for service
fa7225c8	98	secinfo("serverchild", "%p (pid %d) ready for service on port %d",
d8f41ccd	99	this, pid(), mServicePort.port());
d8f41ccd A	100	} else
	101	assert(false); // how did we ever get here?!
	102	}
	103
	104
	105	//
	106	// Death action during fork: release the waiting creator thread, if any
	107	//
	108	void ServerChild::dying()
	109	{
fa7225c8	110	secinfo("serverchild", "%p [%d] is dead; resuming parent thread (if any)", this, this->pid());
d8f41ccd A	111	mCheckinCond.signal();
	112	}
	113
	114
	115	void ServerChild::checkIn(Port servicePort, pid_t pid)
	116	{
	117	if (ServerChild *child = Child::find<ServerChild>(pid)) {
	118	// Child was alive when last seen. Store service port and signal parent thread
	119	{
	120	StLock<Mutex> _(mCheckinLock);
	121	child->mServicePort = servicePort;
dbe77505 A	122	// The macro END_IPCS deallocates this
dbe77505 A	123	servicePort.modRefs(MACH_PORT_RIGHT_SEND, +1); // retain send right
fa7225c8	124	secinfo("serverchild", "%p (pid %d) checking in; resuming parent thread",
d8f41ccd A	125	child, pid);
d8f41ccd A	126	}
d8f41ccd A	127	child->mCheckinCond.signal();
	128	} else {
	129	// Child has died; is wrong kind; or spurious checkin.
	130	// If it was a proper child, death notifications will wake up the parent thread
fa7225c8	131	secinfo("serverchild", "pid %d not in child set; checkin ignored", pid);
d8f41ccd A	132	}
d8f41ccd A	133	}