int
VSUB_run(struct vsb *sb, vsub_func_f *func, void *priv, const char *name,
int maxlines)
{
int rv, p[2], sfd, status;
pid_t pid;
struct vlu *vlu;
struct vsub_priv sp;
sp.sb = sb;
sp.name = name;
sp.lines = 0;
sp.maxlines = maxlines;
if (pipe(p) < 0) {
VSB_printf(sb, "Starting %s: pipe() failed: %s",
name, strerror(errno));
return (-1);
}
assert(p[0] > STDERR_FILENO);
assert(p[1] > STDERR_FILENO);
if ((pid = fork()) < 0) {
VSB_printf(sb, "Starting %s: fork() failed: %s",
name, strerror(errno));
AZ(close(p[0]));
AZ(close(p[1]));
return (-1);
}
if (pid == 0) {
AZ(close(STDIN_FILENO));
assert(open("/dev/null", O_RDONLY) == STDIN_FILENO);
assert(dup2(p[1], STDOUT_FILENO) == STDOUT_FILENO);
assert(dup2(p[1], STDERR_FILENO) == STDERR_FILENO);
/* Close all other fds */
for (sfd = STDERR_FILENO + 1; sfd < 100; sfd++)
(void)close(sfd);
func(priv);
_exit(1);
}
AZ(close(p[1]));
vlu = VLU_New(&sp, vsub_vlu, 0);
while (!VLU_Fd(p[0], vlu))
continue;
AZ(close(p[0]));
VLU_Destroy(vlu);
if (sp.maxlines >= 0 && sp.lines > sp.maxlines)
VSB_printf(sb, "[%d lines truncated]\n",
sp.lines - sp.maxlines);
do {
rv = waitpid(pid, &status, 0);
if (rv < 0 && errno != EINTR) {
VSB_printf(sb, "Running %s: waitpid() failed: %s\n",
name, strerror(errno));
return (-1);
}
} while (rv < 0);
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
VSB_printf(sb, "Running %s failed", name);
if (WIFEXITED(status))
VSB_printf(sb, ", exit %d", WEXITSTATUS(status));
if (WIFSIGNALED(status))
VSB_printf(sb, ", signal %d", WTERMSIG(status));
if (WCOREDUMP(status))
VSB_printf(sb, ", core dumped");
VSB_printf(sb, "\n");
return (-1);
}
return (0);
}
static void
mgt_launch_child(struct cli *cli)
{
pid_t pid;
unsigned u;
char *p;
struct vev *e;
int i, j, k, cp[2];
struct sigaction sa;
if (child_state != CH_STOPPED && child_state != CH_DIED)
return;
if (!MAC_sockets_ready(cli)) {
child_state = CH_STOPPED;
if (cli != NULL) {
VCLI_SetResult(cli, CLIS_CANT);
return;
}
MGT_complain(C_ERR,
"Child start failed: could not open sockets");
return;
}
child_state = CH_STARTING;
/* Open pipe for mgr->child CLI */
AZ(pipe(cp));
heritage.cli_in = cp[0];
mgt_child_inherit(heritage.cli_in, "cli_in");
child_cli_out = cp[1];
/* Open pipe for child->mgr CLI */
AZ(pipe(cp));
heritage.cli_out = cp[1];
mgt_child_inherit(heritage.cli_out, "cli_out");
child_cli_in = cp[0];
/*
* Open pipe for child stdout/err
* NB: not inherited, because we dup2() it to stdout/stderr in child
*/
AZ(pipe(cp));
heritage.std_fd = cp[1];
child_output = cp[0];
AN(heritage.vsm);
mgt_SHM_Size_Adjust();
AN(heritage.vsm);
AN(heritage.param);
if ((pid = fork()) < 0) {
/* XXX */
perror("Could not fork child");
exit(1);
}
if (pid == 0) {
/* Redirect stdin/out/err */
AZ(close(STDIN_FILENO));
assert(open("/dev/null", O_RDONLY) == STDIN_FILENO);
assert(dup2(heritage.std_fd, STDOUT_FILENO) == STDOUT_FILENO);
assert(dup2(heritage.std_fd, STDERR_FILENO) == STDERR_FILENO);
/*
* Close all FDs the child shouldn't know about
*
* We cannot just close these filedescriptors, some random
* library routine might miss it later on and wantonly close
* a FD we use at that point in time. (See bug #1841).
* We close the FD and replace it with /dev/null instead,
* That prevents security leakage, and gives the library
* code a valid FD to close when it discovers the changed
* circumstances.
*/
closelog();
for (i = STDERR_FILENO + 1; i < CLOSE_FD_UP_TO; i++) {
if (vbit_test(fd_map, i))
continue;
if (close(i) == 0) {
k = open("/dev/null", O_RDONLY);
assert(k >= 0);
j = dup2(k, i);
assert(j == i);
AZ(close(k));
}
}
#ifdef HAVE_SETPROCTITLE
setproctitle("Varnish-Chld %s", heritage.name);
#endif
if (mgt_param.sigsegv_handler) {
memset(&sa, 0, sizeof sa);
sa.sa_sigaction = child_sigsegv_handler;
sa.sa_flags = SA_SIGINFO;
(void)sigaction(SIGSEGV, &sa, NULL);
(void)sigaction(SIGBUS, &sa, NULL);
(void)sigaction(SIGABRT, &sa, NULL);
}
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGTERM, SIG_DFL);
VJ_subproc(JAIL_SUBPROC_WORKER);
child_main();
exit(0);
}
assert(pid > 1);
MGT_complain(C_DEBUG, "Child (%jd) Started", (intmax_t)pid);
VSC_C_mgt->child_start = ++static_VSC_C_mgt.child_start;
/* Close stuff the child got */
closex(&heritage.std_fd);
mgt_child_inherit(heritage.cli_in, NULL);
closex(&heritage.cli_in);
mgt_child_inherit(heritage.cli_out, NULL);
closex(&heritage.cli_out);
child_std_vlu = VLU_New(NULL, child_line, 0);
AN(child_std_vlu);
AZ(ev_listen);
e = vev_new();
XXXAN(e);
e->fd = child_output;
e->fd_flags = EV_RD;
e->name = "Child listener";
e->callback = child_listener;
AZ(vev_add(mgt_evb, e));
ev_listen = e;
AZ(ev_poker);
if (mgt_param.ping_interval > 0) {
e = vev_new();
XXXAN(e);
e->timeout = mgt_param.ping_interval;
e->callback = child_poker;
e->name = "child poker";
AZ(vev_add(mgt_evb, e));
ev_poker = e;
}
mgt_cli_start_child(child_cli_in, child_cli_out);
child_pid = pid;
if (mgt_push_vcls_and_start(cli, &u, &p)) {
VCLI_SetResult(cli, u);
MGT_complain(C_ERR, "Child (%jd) Pushing vcls failed:\n%s",
(intmax_t)child_pid, p);
free(p);
child_state = CH_RUNNING;
mgt_stop_child();
} else
child_state = CH_RUNNING;
}
