git: a2464ee12761 - main - bsdinstall: Add a new runconsoles helper binary
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 03 Oct 2022 16:09:41 UTC
The branch main has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=a2464ee12761660f50d0b6f59f233949ebcacc87 commit a2464ee12761660f50d0b6f59f233949ebcacc87 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2022-10-03 16:09:16 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2022-10-03 16:09:16 +0000 bsdinstall: Add a new runconsoles helper binary This helper binary will run a given command on every on console, as defined by /etc/ttys (except for ttyv*, where only ttyv0 will be used). If one of the command processes exits, the rest will be killed. This will be used by a future change to start the installer on multiple consoles. Reviewed by: brooks, imp, gjb Differential Revision: https://reviews.freebsd.org/D36804 --- tools/build/mk/OptionalObsoleteFiles.inc | 1 + usr.sbin/bsdinstall/Makefile | 2 +- usr.sbin/bsdinstall/runconsoles/Makefile | 9 + usr.sbin/bsdinstall/runconsoles/child.c | 386 +++++++++++++++ usr.sbin/bsdinstall/runconsoles/child.h | 30 ++ usr.sbin/bsdinstall/runconsoles/common.c | 56 +++ usr.sbin/bsdinstall/runconsoles/common.h | 110 +++++ usr.sbin/bsdinstall/runconsoles/runconsoles.c | 647 ++++++++++++++++++++++++++ 8 files changed, 1240 insertions(+), 1 deletion(-) diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc index 4145859f21cd..484089d47203 100644 --- a/tools/build/mk/OptionalObsoleteFiles.inc +++ b/tools/build/mk/OptionalObsoleteFiles.inc @@ -470,6 +470,7 @@ OLD_FILES+=usr/libexec/bsdinstall/netconfig_ipv4 OLD_FILES+=usr/libexec/bsdinstall/netconfig_ipv6 OLD_FILES+=usr/libexec/bsdinstall/partedit OLD_FILES+=usr/libexec/bsdinstall/rootpass +OLD_FILES+=usr/libexec/bsdinstall/runconsoles OLD_FILES+=usr/libexec/bsdinstall/script OLD_FILES+=usr/libexec/bsdinstall/scriptedpart OLD_FILES+=usr/libexec/bsdinstall/services diff --git a/usr.sbin/bsdinstall/Makefile b/usr.sbin/bsdinstall/Makefile index 761051a5f48f..d09bef110518 100644 --- a/usr.sbin/bsdinstall/Makefile +++ b/usr.sbin/bsdinstall/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ OSNAME?= FreeBSD -SUBDIR= distextract distfetch partedit scripts +SUBDIR= distextract distfetch partedit runconsoles scripts SUBDIR_PARALLEL= SCRIPTS= bsdinstall MAN= bsdinstall.8 diff --git a/usr.sbin/bsdinstall/runconsoles/Makefile b/usr.sbin/bsdinstall/runconsoles/Makefile new file mode 100644 index 000000000000..49666c6b8d80 --- /dev/null +++ b/usr.sbin/bsdinstall/runconsoles/Makefile @@ -0,0 +1,9 @@ +BINDIR= ${LIBEXECDIR}/bsdinstall +PROG= runconsoles +MAN= + +SRCS= child.c \ + common.c \ + runconsoles.c + +.include <bsd.prog.mk> diff --git a/usr.sbin/bsdinstall/runconsoles/child.c b/usr.sbin/bsdinstall/runconsoles/child.c new file mode 100644 index 000000000000..45b62e0c8841 --- /dev/null +++ b/usr.sbin/bsdinstall/runconsoles/child.c @@ -0,0 +1,386 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2022 Jessica Clarke <jrtc27@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/param.h> +#include <sys/errno.h> +#include <sys/procctl.h> +#include <sys/queue.h> +#include <sys/resource.h> +#include <sys/sysctl.h> +#include <sys/wait.h> + +#include <err.h> +#include <errno.h> +#include <fcntl.h> +#include <signal.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sysexits.h> +#include <termios.h> +#include <ttyent.h> +#include <unistd.h> + +#include "common.h" +#include "child.h" + +/* -1: not started, 0: reaped */ +static volatile pid_t grandchild_pid = -1; +static volatile int grandchild_status; + +static struct pipe_barrier wait_grandchild_barrier; +static struct pipe_barrier wait_all_descendants_barrier; + +static void +kill_descendants(int sig) +{ + struct procctl_reaper_kill rk; + + rk.rk_sig = sig; + rk.rk_flags = 0; + procctl(P_PID, getpid(), PROC_REAP_KILL, &rk); +} + +static void +sigalrm_handler(int sig __unused) +{ + int saved_errno; + + saved_errno = errno; + kill_descendants(SIGKILL); + errno = saved_errno; +} + +static void +wait_all_descendants(void) +{ + sigset_t set, oset; + + err_set_exit(NULL); + + /* + * We may be run in a context where SIGALRM is blocked; temporarily + * unblock so we can SIGKILL. Similarly, SIGCHLD may be blocked, but if + * we're waiting on the pipe we need to make sure it's not. + */ + sigemptyset(&set); + sigaddset(&set, SIGALRM); + sigaddset(&set, SIGCHLD); + sigprocmask(SIG_UNBLOCK, &set, &oset); + alarm(KILL_TIMEOUT); + pipe_barrier_wait(&wait_all_descendants_barrier); + alarm(0); + sigprocmask(SIG_SETMASK, &oset, NULL); +} + +static void +sigchld_handler(int sig __unused) +{ + int status, saved_errno; + pid_t pid; + + saved_errno = errno; + + while ((void)(pid = waitpid(-1, &status, WNOHANG)), + pid != -1 && pid != 0) { + /* NB: No need to check grandchild_pid due to the pid checks */ + if (pid == grandchild_pid) { + grandchild_status = status; + grandchild_pid = 0; + pipe_barrier_ready(&wait_grandchild_barrier); + } + } + + /* + * Another process calling kill(..., SIGCHLD) could cause us to get + * here before we've spawned the grandchild; only ready when we have no + * children if the grandchild has been reaped. + */ + if (pid == -1 && errno == ECHILD && grandchild_pid == 0) + pipe_barrier_ready(&wait_all_descendants_barrier); + + errno = saved_errno; +} + +static void +exit_signal_handler(int sig) +{ + int saved_errno; + + /* + * If we get killed before we've started the grandchild then just exit + * with that signal, otherwise kill all our descendants with that + * signal and let the main program pick up the grandchild's death. + */ + if (grandchild_pid == -1) { + reproduce_signal_death(sig); + exit(EXIT_FAILURE); + } + + saved_errno = errno; + kill_descendants(sig); + errno = saved_errno; +} + +static void +kill_wait_all_descendants(int sig) +{ + kill_descendants(sig); + wait_all_descendants(); +} + +static void +kill_wait_all_descendants_err_exit(int eval __unused) +{ + kill_wait_all_descendants(SIGTERM); +} + +static void __dead2 +grandchild_run(const char **argv, const sigset_t *oset) +{ + sig_t orig; + + /* Restore signals */ + orig = signal(SIGALRM, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGALRM"); + orig = signal(SIGCHLD, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGCHLD"); + orig = signal(SIGTERM, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGTERM"); + orig = signal(SIGINT, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGINT"); + orig = signal(SIGQUIT, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGQUIT"); + orig = signal(SIGPIPE, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGPIPE"); + orig = signal(SIGTTOU, SIG_DFL); + if (orig == SIG_ERR) + err(EX_OSERR, "could not restore SIGTTOU"); + + /* Now safe to unmask signals */ + sigprocmask(SIG_SETMASK, oset, NULL); + + /* Only run with stdin/stdout/stderr */ + closefrom(3); + + /* Ready to execute the requested program */ + execvp(argv[0], __DECONST(char * const *, argv)); + err(EX_OSERR, "cannot execvp %s", argv[0]); +} + +static int +wait_grandchild_descendants(void) +{ + pipe_barrier_wait(&wait_grandchild_barrier); + + /* + * Once the grandchild itself has exited, kill any lingering + * descendants and wait until we've reaped them all. + */ + kill_wait_all_descendants(SIGTERM); + + if (grandchild_pid != 0) + errx(EX_SOFTWARE, "failed to reap grandchild"); + + return (grandchild_status); +} + +void +child_leader_run(const char *name, int fd, bool new_session, const char **argv, + const sigset_t *oset, struct pipe_barrier *start_children_barrier) +{ + struct pipe_barrier start_grandchild_barrier; + pid_t pid, sid, pgid; + struct sigaction sa; + int error, status; + sigset_t set; + + setproctitle("%s [%s]", getprogname(), name); + + error = procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL); + if (error != 0) + err(EX_OSERR, "could not acquire reaper status"); + + /* + * Set up our own signal handlers for everything the parent overrides + * other than SIGPIPE and SIGTTOU which we leave as ignored, since we + * also use pipe-based synchronisation and want to be able to print + * errors. + */ + sa.sa_flags = SA_RESTART; + sa.sa_handler = sigchld_handler; + sigfillset(&sa.sa_mask); + error = sigaction(SIGCHLD, &sa, NULL); + if (error != 0) + err(EX_OSERR, "could not enable SIGCHLD handler"); + sa.sa_handler = sigalrm_handler; + error = sigaction(SIGALRM, &sa, NULL); + if (error != 0) + err(EX_OSERR, "could not enable SIGALRM handler"); + sa.sa_handler = exit_signal_handler; + error = sigaction(SIGTERM, &sa, NULL); + if (error != 0) + err(EX_OSERR, "could not enable SIGTERM handler"); + error = sigaction(SIGINT, &sa, NULL); + if (error != 0) + err(EX_OSERR, "could not enable SIGINT handler"); + error = sigaction(SIGQUIT, &sa, NULL); + if (error != 0) + err(EX_OSERR, "could not enable SIGQUIT handler"); + + /* + * Now safe to unmask signals. Note that creating the barriers used by + * the SIGCHLD handler with signals unmasked is safe since they won't + * be used if the grandchild hasn't been forked (and reaped), which + * comes later. + */ + sigprocmask(SIG_SETMASK, oset, NULL); + + error = pipe_barrier_init(&start_grandchild_barrier); + if (error != 0) + err(EX_OSERR, "could not create start grandchild barrier"); + + error = pipe_barrier_init(&wait_grandchild_barrier); + if (error != 0) + err(EX_OSERR, "could not create wait grandchild barrier"); + + error = pipe_barrier_init(&wait_all_descendants_barrier); + if (error != 0) + err(EX_OSERR, "could not create wait all descendants barrier"); + + /* + * Create a new session if this is on a different terminal to + * the current one, otherwise just create a new process group to keep + * things as similar as possible between the two cases. + */ + if (new_session) { + sid = setsid(); + pgid = sid; + if (sid == -1) + err(EX_OSERR, "could not create session"); + } else { + sid = -1; + pgid = getpid(); + error = setpgid(0, pgid); + if (error == -1) + err(EX_OSERR, "could not create process group"); + } + + /* Wait until parent is ready for us to start */ + pipe_barrier_destroy_ready(start_children_barrier); + pipe_barrier_wait(start_children_barrier); + + /* + * Use the console for stdin/stdout/stderr. + * + * NB: dup2(2) is a no-op if the two fds are equal, and the call to + * closefrom(2) later in the grandchild will close the fd if it isn't + * one of stdin/stdout/stderr already. This means we do not need to + * handle that special case differently. + */ + error = dup2(fd, STDIN_FILENO); + if (error == -1) + err(EX_IOERR, "could not dup %s to stdin", name); + error = dup2(fd, STDOUT_FILENO); + if (error == -1) + err(EX_IOERR, "could not dup %s to stdout", name); + error = dup2(fd, STDERR_FILENO); + if (error == -1) + err(EX_IOERR, "could not dup %s to stderr", name); + + /* + * If we created a new session, make the console our controlling + * terminal. Either way, also make this the foreground process group. + */ + if (new_session) { + error = tcsetsid(STDIN_FILENO, sid); + if (error != 0) + err(EX_IOERR, "could not set session for %s", name); + } else { + error = tcsetpgrp(STDIN_FILENO, pgid); + if (error != 0) + err(EX_IOERR, "could not set process group for %s", + name); + } + + /* + * Temporarily block signals again; forking, setting grandchild_pid and + * calling err_set_exit need to all be atomic for similar reasons as + * the parent when forking us. + */ + sigfillset(&set); + sigprocmask(SIG_BLOCK, &set, NULL); + pid = fork(); + if (pid == -1) + err(EX_OSERR, "could not fork"); + + if (pid == 0) { + /* + * We need to destroy the ready ends so we don't block these + * child leader-only self-pipes, and might as well destroy the + * wait ends too given we're not going to use them. + */ + pipe_barrier_destroy(&wait_grandchild_barrier); + pipe_barrier_destroy(&wait_all_descendants_barrier); + + /* Wait until the parent has put us in a new process group */ + pipe_barrier_destroy_ready(&start_grandchild_barrier); + pipe_barrier_wait(&start_grandchild_barrier); + grandchild_run(argv, oset); + } + + grandchild_pid = pid; + + /* + * Now the grandchild exists make sure to clean it up, and any of its + * descendants, on exit. + */ + err_set_exit(kill_wait_all_descendants_err_exit); + + sigprocmask(SIG_SETMASK, oset, NULL); + + /* Start the grandchild and wait for it and its descendants to exit */ + pipe_barrier_ready(&start_grandchild_barrier); + + status = wait_grandchild_descendants(); + + if (WIFSIGNALED(status)) + reproduce_signal_death(WTERMSIG(status)); + + if (WIFEXITED(status)) + exit(WEXITSTATUS(status)); + + exit(EXIT_FAILURE); +} diff --git a/usr.sbin/bsdinstall/runconsoles/child.h b/usr.sbin/bsdinstall/runconsoles/child.h new file mode 100644 index 000000000000..40d6b9d6cbf1 --- /dev/null +++ b/usr.sbin/bsdinstall/runconsoles/child.h @@ -0,0 +1,30 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2022 Jessica Clarke <jrtc27@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +void child_leader_run(const char *name, int fd, bool new_session, + const char **argv, const sigset_t *oset, + struct pipe_barrier *start_barrier) __dead2; diff --git a/usr.sbin/bsdinstall/runconsoles/common.c b/usr.sbin/bsdinstall/runconsoles/common.c new file mode 100644 index 000000000000..843cee70ba82 --- /dev/null +++ b/usr.sbin/bsdinstall/runconsoles/common.c @@ -0,0 +1,56 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2022 Jessica Clarke <jrtc27@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/param.h> +#include <sys/resource.h> + +#include <err.h> +#include <errno.h> +#include <signal.h> +#include <sysexits.h> +#include <unistd.h> + +#include "common.h" + +void +reproduce_signal_death(int sig) +{ + struct rlimit rl; + + if (signal(sig, SIG_DFL) == SIG_ERR) + err(EX_OSERR, + "cannot set action to reproduce signal %d", + sig); + rl.rlim_cur = 0; + rl.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rl) == -1) + err(EX_OSERR, + "cannot disable core dumps to reproduce signal %d", + sig); + kill(getpid(), sig); +} + diff --git a/usr.sbin/bsdinstall/runconsoles/common.h b/usr.sbin/bsdinstall/runconsoles/common.h new file mode 100644 index 000000000000..5c3623f15cba --- /dev/null +++ b/usr.sbin/bsdinstall/runconsoles/common.h @@ -0,0 +1,110 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2022 Jessica Clarke <jrtc27@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define KILL_TIMEOUT 10 + +/* + * NB: Most of these do not need to be volatile, but a handful are used in + * signal handler contexts, so for simplicity we make them all volatile rather + * than duplicate the implementation. + */ +struct pipe_barrier { + volatile int fds[2]; +}; + +static __inline int +pipe_barrier_init(struct pipe_barrier *p) +{ + int error, fds[2], i; + + error = pipe(fds); + if (error != 0) + return (error); + + for (i = 0; i < 2; ++i) + p->fds[i] = fds[i]; + + return (0); +} + +static __inline void +pipe_barrier_wait(struct pipe_barrier *p) +{ + ssize_t ret; + char temp; + int fd; + + fd = p->fds[0]; + p->fds[0] = -1; + do { + ret = read(fd, &temp, 1); + } while (ret == -1 && errno == EINTR); + close(fd); +} + +static __inline void +pipe_barrier_ready(struct pipe_barrier *p) +{ + int fd; + + fd = p->fds[1]; + p->fds[1] = -1; + close(fd); +} + +static __inline void +pipe_barrier_destroy_impl(struct pipe_barrier *p, int i) +{ + int fd; + + fd = p->fds[i]; + if (fd != -1) { + p->fds[i] = -1; + close(fd); + } +} + +static __inline void +pipe_barrier_destroy_wait(struct pipe_barrier *p) +{ + pipe_barrier_destroy_impl(p, 0); +} + +static __inline void +pipe_barrier_destroy_ready(struct pipe_barrier *p) +{ + pipe_barrier_destroy_impl(p, 1); +} + +static __inline void +pipe_barrier_destroy(struct pipe_barrier *p) +{ + pipe_barrier_destroy_wait(p); + pipe_barrier_destroy_ready(p); +} + +void reproduce_signal_death(int sig); diff --git a/usr.sbin/bsdinstall/runconsoles/runconsoles.c b/usr.sbin/bsdinstall/runconsoles/runconsoles.c new file mode 100644 index 000000000000..7051bb5a8ed0 --- /dev/null +++ b/usr.sbin/bsdinstall/runconsoles/runconsoles.c @@ -0,0 +1,647 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2022 Jessica Clarke <jrtc27@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * We create the following process hierarchy: + * + * runconsoles utility + * |-- runconsoles [ttyX] + * | `-- utility primary + * |-- runconsoles [ttyY] + * | `-- utility secondary + * ... + * `-- runconsoles [ttyZ] + * `-- utility secondary + * + * Whilst the intermediate processes might seem unnecessary, they are important + * so we can ensure the session leader stays around until the actual program + * being run and all its children have exited when killing them (and, in the + * case of our controlling terminal, that nothing in our current session goes + * on to write to it before then), giving them a chance to clean up the + * terminal (important if a dialog box is showing). + * + * Each of the intermediate processes acquires reaper status, allowing it to + * kill its descendants, not just a single process group, and wait until all + * have finished, not just its immediate child. + */ + +#include <sys/param.h> +#include <sys/errno.h> +#include <sys/queue.h> +#include <sys/resource.h> +#include <sys/sysctl.h> +#include <sys/wait.h> + +#include <err.h> +#include <errno.h> +#include <fcntl.h> +#include <getopt.h> +#include <signal.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sysexits.h> +#include <termios.h> +#include <ttyent.h> +#include <unistd.h> + +#include "common.h" +#include "child.h" + +struct consinfo { + const char *name; + STAILQ_ENTRY(consinfo) link; + int fd; + /* -1: not started, 0: reaped */ + volatile pid_t pid; + volatile int exitstatus; +}; + +STAILQ_HEAD(consinfo_list, consinfo); + +static struct consinfo_list consinfos; +static struct consinfo *primary_consinfo; +static struct consinfo *controlling_consinfo; + +static struct consinfo * volatile first_sigchld_consinfo; + +static struct pipe_barrier wait_first_child_barrier; +static struct pipe_barrier wait_all_children_barrier; + +static const char primary[] = "primary"; +static const char secondary[] = "secondary"; + +static const struct option longopts[] = { + { "help", no_argument, NULL, 'h' }, + { NULL, 0, NULL, 0 } +}; + +static void +kill_consoles(int sig) +{ + struct consinfo *consinfo; + sigset_t set, oset; + + /* Temporarily block signals so PID reading and killing are atomic */ + sigfillset(&set); + sigprocmask(SIG_BLOCK, &set, &oset); + STAILQ_FOREACH(consinfo, &consinfos, link) { + if (consinfo->pid != -1 && consinfo->pid != 0) + kill(consinfo->pid, sig); + } + sigprocmask(SIG_SETMASK, &oset, NULL); +} + +static void +sigalrm_handler(int code __unused) +{ + int saved_errno; + + saved_errno = errno; + kill_consoles(SIGKILL); + errno = saved_errno; +} + +static void +wait_all_consoles(void) +{ + sigset_t set, oset; + int error; + + err_set_exit(NULL); + + /* + * We may be run in a context where SIGALRM is blocked; temporarily + * unblock so we can SIGKILL. Similarly, SIGCHLD may be blocked, but if + * we're waiting on the pipe we need to make sure it's not. + */ + sigemptyset(&set); + sigaddset(&set, SIGALRM); + sigaddset(&set, SIGCHLD); + sigprocmask(SIG_UNBLOCK, &set, &oset); + alarm(KILL_TIMEOUT); + pipe_barrier_wait(&wait_all_children_barrier); + alarm(0); + sigprocmask(SIG_SETMASK, &oset, NULL); + + if (controlling_consinfo != NULL) { + error = tcsetpgrp(controlling_consinfo->fd, + getpgrp()); + if (error != 0) + err(EX_OSERR, "could not give up control of %s", + controlling_consinfo->name); + } +} + +static void +kill_wait_all_consoles(int sig) +{ + kill_consoles(sig); + wait_all_consoles(); +} + +static void +kill_wait_all_consoles_err_exit(int eval __unused) +{ + kill_wait_all_consoles(SIGTERM); +} + +static void __dead2 +exit_signal_handler(int code) +{ + struct consinfo *consinfo; + bool started_console; + + started_console = false; + STAILQ_FOREACH(consinfo, &consinfos, link) { + if (consinfo->pid != -1) { + started_console = true; + break; + } + } + + /* + * If we haven't yet started a console, don't wait for them, since + * we'll never get a SIGCHLD that will wake us up. + */ + if (started_console) + kill_wait_all_consoles(SIGTERM); + + reproduce_signal_death(code); + exit(EXIT_FAILURE); +} + +static void +sigchld_handler_reaped_one(pid_t pid, int status) +{ + struct consinfo *consinfo, *child_consinfo; + bool others; + + child_consinfo = NULL; + others = false; + STAILQ_FOREACH(consinfo, &consinfos, link) { + /* + * NB: No need to check consinfo->pid as the caller is + * responsible for passing a valid PID + */ + if (consinfo->pid == pid) + child_consinfo = consinfo; + else if (consinfo->pid != -1 && consinfo->pid != 0) + others = true; + } + + if (child_consinfo == NULL) + return; + + child_consinfo->pid = 0; + child_consinfo->exitstatus = status; + + if (first_sigchld_consinfo == NULL) { + first_sigchld_consinfo = child_consinfo; + pipe_barrier_ready(&wait_first_child_barrier); + } + + if (others) + return; + + pipe_barrier_ready(&wait_all_children_barrier); +} + +static void +sigchld_handler(int code __unused) +{ + int status, saved_errno; + pid_t pid; + + saved_errno = errno; + while ((void)(pid = waitpid(-1, &status, WNOHANG)), + pid != -1 && pid != 0) + sigchld_handler_reaped_one(pid, status); + errno = saved_errno; +} + +static const char * +read_primary_console(void) +{ + char *buf, *p, *cons; + size_t len; + int error; + + /* + * NB: Format is "cons,...cons,/cons,...cons,", with the list before + * the / being the set of configured consoles, and the list after being + * the list of available consoles. + */ + error = sysctlbyname("kern.console", NULL, &len, NULL, 0); + if (error == -1) + err(EX_OSERR, "could not read kern.console length"); + buf = malloc(len); + if (buf == NULL) + err(EX_OSERR, "could not allocate kern.console buffer"); + error = sysctlbyname("kern.console", buf, &len, NULL, 0); + if (error == -1) + err(EX_OSERR, "could not read kern.console"); + + /* Truncate at / to get just the configured consoles */ + p = strchr(buf, '/'); + if (p == NULL) + errx(EX_OSERR, "kern.console malformed: no / found"); + *p = '\0'; + + /* + * Truncate at , to get just the first configured console, the primary + * ("high level") one. + */ + p = strchr(buf, ','); + if (p != NULL) + *p = '\0'; + + if (*buf != '\0') + cons = strdup(buf); + else + cons = NULL; + + free(buf); + + return (cons); +} + +static void +read_consoles(void) +{ + const char *primary_console; + struct consinfo *consinfo; + int fd, error, flags; + struct ttyent *tty; + char *dev, *name; + pid_t pgrp; + *** 343 LINES SKIPPED ***