]> git.proxmox.com Git - swtpm.git/blob - src/swtpm/daemonize.c
projects / swtpm.git / blob
? search:


bce735f3c56428631f114bd4db0b3647eeaa0feb
[swtpm.git] / src / swtpm / daemonize.c
1 /*
2 * daemonize.c -- Utility functions for race-free daemonization
3 *
4 * (c) Two Sigma Open Source, LLC 2021.
5 *
6 * Author: Nicolas Williams <nico@twosigma.com>
7 *
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions are
12 * met:
13 *
14 * Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 *
17 * Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * Neither the names of the IBM Corporation nor the names of its
22 * contributors may be used to endorse or promote products derived from
23 * this software without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 #include "config.h"
39
40 #include "daemonize.h"
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <sys/wait.h>
44 #include <fcntl.h>
45 #include <errno.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <unistd.h>
50
51 /*
52 * daemon(3) is racy because it fork()s and exits in the parent before the
53 * child can get ready to provide its services.
54 *
55 * Not every daemon can set up services before calling daemon(3), as some
56 * APIs are not fork-safe and must be called in the child-side of the
57 * daemon(3)'s fork() calls.
58 *
59 * Even if a daemon can set up services before calling daemon(3), it will not
60 * be able to write the correct PID into a pidfile until after daemon(3)
61 * returns.
62 *
63 * E.g.,
64 *
65 * #!/bin/bash
66 *
67 * # Start a service:
68 * some-serviced --daemon --pid=... ...
69 *
70 * # Call it:
71 * call-some-service ping || echo "oops, we won the race but lost the game"
72 *
73 * To address this we split daemon(3) into two functions, daemonize_prep() and
74 * daemonize_finish(). A daemon program should call daemonize_prep() early
75 * when it knows it will have to daemonize (e.g., because of a --daemon
76 * command-line option), then it should do all the setup required to start
77 * providing its services, then it should call daemonize_finish().
78 *
79 * These two functions do all that daemon(3) does, but in two phases so that
80 * the original process that calls daemonize_prep() does not exit until the
81 * service is ready.
82 *
83 * daemonize_prep() calls fork(), setsid(), and then forks again, and returns
84 * in the grandchild, but exits in the original and middle processes when the
85 * grandchild calls daemonize_finish().
86 *
87 * How to use this:
88 *
89 * if (daemonize) {
90 * pid_t old_pid, new_pid;
91 *
92 * old_pid = getpid();
93 * if (daemonize_prep() == -1)
94 * err(1, "Failed to daemonize");
95 *
96 * // We're now in a grandchild, but the original parent should still be
97 * // waiting.
98 * new_pid = getpid();
99 * assert(old_pid != new_pid);
100 * }
101 *
102 * // setup sockets, listen() on them, etc...
103 * my_setup_service_and_listen_on_sockets();
104 *
105 * // Tell the waiting parent and grandparent that we're ready:
106 * // (doing this even if daemonize_prep() wasn't called is ok)
107 * daemonize_finish();
108 *
109 * // daemonize_finish() did not fork() again:
110 * assert(new_pid == getpid());
111 *
112 * Note: the processes that exit will use _exit(). The process that
113 * daemonize_prep() returns to should be able to use exit().
114 */
115
116 static int devnullfd = -1;
117 static int pfd = -1;
118
119 static int
120 wait_or_die_like_it(pid_t pid)
121 {
122 int status;
123
124 while (waitpid(pid, &status, 0) == -1) {
125 if (errno == EINTR)
126 continue;
127 /* XXX Should just use err(3). */
128 fprintf(stderr, "waitpid() failed: %s\n", strerror(errno));
129 fflush(stderr);
130 _exit(1);
131 }
132 if (WIFSIGNALED(status)) {
133 /*
134 * Child died in a fire; die like it so the parent sees the same exit
135 * status.
136 */
137 kill(getpid(), WTERMSIG(status));
138 }
139 if (!WIFEXITED(status)) {
140 /* If fire doesn't kill us, _exit(). */
141 _exit(1);
142 }
143 /* Child exited willingly. */
144 return WEXITSTATUS(status);
145 }
146
147 /*
148 * Prepare to daemonize. When ready, the caller should call
149 * daemonize_finish().
150 *
151 * This arranges for the parent to exit when and only when the child is ready
152 * to service clients.
153 *
154 * This forks a grandchild and returns in the grandchild
155 * but exits in the parent and grandparent, but only once the child calls
156 * daemonize_finish() (or exits/dies, whichever comes first).
157 *
158 * Because the parent side of the fork() calls _exit(), the child can exit().
159 *
160 * Returns -1 on error (sets errno), 0 on success.
161 */
162 int
163 daemonize_prep(void)
164 {
165 ssize_t bytes;
166 char buf;
167 int save_errno = errno;
168 int pfds[2] = { -1, -1 };
169 pid_t pid;
170
171 /*
172 * Be idempotent. If called twice because, e.g., --daemon is given twice,
173 * do nothing the second time.
174 */
175 if (pfd != -1)
176 return 0;
177
178 /* Grand parent process. */
179 fflush(stdout);
180 fflush(stderr);
181 pid = fork();
182 if (pid == (pid_t)-1) {
183 fprintf(stderr, "Failed to daemonize: Failed to fork: %s\n",
184 strerror(errno));
185 return -1;
186 }
187
188 if (pid != 0) {
189 /*
190 * Grand parent process: exit when the grandchild is ready or die in
191 * the same way.
192 */
193 _exit(wait_or_die_like_it(pid));
194 }
195
196 /* Intermediate process. Detach from tty, fork() again. */
197 if (setsid() == -1) {
198 fprintf(stderr, "Failed to daemonize: Failed to detach from tty: %s\n",
199 strerror(errno));
200 _exit(1);
201 }
202
203 /* Set things up so the grandchild can finish daemonizing. */
204 devnullfd = open("/dev/null", O_RDWR);
205 if (devnullfd == -1) {
206 fprintf(stderr, "Failed to daemonize: Could not open /dev/null: %s\n",
207 strerror(errno));
208 _exit(1);
209 }
210 if (pipe(pfds) == -1) {
211 fprintf(stderr, "Failed to daemonize: Could not make a pipe: %s\n",
212 strerror(errno));
213 _exit(1);
214 }
215 pfd = pfds[1];
216
217 /* Fork the grandchild so it cannot get a controlling tty by accident. */
218 pid = fork();
219 if (pid == (pid_t)-1) {
220 fprintf(stderr, "Failed to daemonize: Could not fork: %s\n",
221 strerror(errno));
222 _exit(1);
223 }
224 if (pid != 0) {
225 /*
226 * Middle process.
227 *
228 * Wait for ready notification from the child, then _exit()
229 * accordingly.
230 */
231 (void) close(pfds[1]);
232 do {
233 bytes = read(pfds[0], &buf, sizeof(buf));
234 } while (bytes == -1 && errno == EINTR);
235 if (bytes < 0) {
236 fprintf(stderr, "Failed to daemonize: "
237 "Error reading from pipe: %s\n", strerror(errno));
238 /* Let init reap the grandchild. */
239 _exit(1);
240 }
241 if (bytes == 0) {
242 /* Die like the grandchild. */
243 _exit(wait_or_die_like_it(pid));
244 }
245 /* Ready! */
246 _exit(0);
247 }
248
249 /*
250 * We're on the grandchild side now, and we'll return with the expectation
251 * that the caller will call daemonize_finish(). The parent, which will
252 * continue executing this function, will _exit() when the child indicates
253 * that it is ready.
254 */
255 (void) close(pfds[0]);
256 errno = save_errno;
257 return 0;
258 }
259
260 /*
261 * Indicate that the service is now ready.
262 *
263 * Will cause the ancestor processes waiting in daemonize_prep() to _exit().
264 */
265 void
266 daemonize_finish(void)
267 {
268 ssize_t bytes;
269 int save_errno = errno;
270
271 /* pfds[1] will be > -1 IFF daemonize_prep() was called */
272 if (pfd == -1) {
273 return;
274 }
275
276 if (chdir("/") == -1) {
277 fprintf(stderr, "Failed to change directory to /: %s\n",
278 strerror(errno));
279 fflush(stderr);
280 exit(1);
281 }
282 if (dup2(devnullfd, STDOUT_FILENO) == -1) {
283 fprintf(stderr, "Failed to redirect output stream to /dev/null: %s\n",
284 strerror(errno));
285 fflush(stderr);
286 exit(1);
287 }
288 if (dup2(devnullfd, STDERR_FILENO) == -1) {
289 fprintf(stderr, "Failed to redirect error stream to /dev/null: %s\n",
290 strerror(errno));
291 fflush(stderr);
292 exit(1);
293 }
294 (void) close(devnullfd);
295 devnullfd = -1;
296
297 do {
298 bytes = write(pfd, "", sizeof(""));
299 } while (bytes == -1 && errno == EINTR);
300 if (bytes <= 0) {
301 /* There's no point writing to stderr now that it goes to /dev/null */
302 exit(1);
303 }
304 (void) close(pfd);
305 pfd = -1;
306 errno = save_errno;
307 }
Software TPM used for PVE's Virtual Machines