1 /* 2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. 3 * Copyright (c) 2012, 2016 SAP SE. All rights reserved. 4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 * 6 * This code is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 only, as 8 * published by the Free Software Foundation. 9 * 10 * This code is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 * version 2 for more details (a copy is included in the LICENSE file that 14 * accompanied this code). 15 * 16 * You should have received a copy of the GNU General Public License version 17 * 2 along with this work; if not, write to the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 * 20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 21 * or visit www.oracle.com if you need additional information or have any 22 * questions. 23 * 24 */ 25 26 #include "precompiled.hpp" 27 #include "runtime/interfaceSupport.hpp" 28 #include "runtime/os.inline.hpp" 29 #include "services/attachListener.hpp" 30 #include "services/dtraceAttacher.hpp" 31 32 #include <unistd.h> 33 #include <signal.h> 34 #include <sys/types.h> 35 #include <sys/socket.h> 36 #include <sys/un.h> 37 #include <sys/stat.h> 38 39 #ifndef UNIX_PATH_MAX 40 #define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)0)->sun_path) 41 #endif 42 43 // The attach mechanism on AIX uses a UNIX domain socket. An attach listener 44 // thread is created at startup or is created on-demand via a signal from 45 // the client tool. The attach listener creates a socket and binds it to a file 46 // in the filesystem. The attach listener then acts as a simple (single- 47 // threaded) server - it waits for a client to connect, reads the request, 48 // executes it, and returns the response to the client via the socket 49 // connection. 50 // 51 // As the socket is a UNIX domain socket it means that only clients on the 52 // local machine can connect. In addition there are two other aspects to 53 // the security: 54 // 1. The well known file that the socket is bound to has permission 400 55 // 2. When a client connect, the SO_PEERID socket option is used to 56 // obtain the credentials of client. We check that the effective uid 57 // of the client matches this process. 58 59 // forward reference 60 class AixAttachOperation; 61 62 class AixAttachListener: AllStatic { 63 private: 64 // the path to which we bind the UNIX domain socket 65 static char _path[UNIX_PATH_MAX]; 66 static bool _has_path; 67 // Shutdown marker to prevent accept blocking during clean-up. 68 static bool _shutdown; 69 70 // the file descriptor for the listening socket 71 static int _listener; 72 73 static void set_path(char* path) { 74 if (path == NULL) { 75 _has_path = false; 76 } else { 77 strncpy(_path, path, UNIX_PATH_MAX); 78 _path[UNIX_PATH_MAX-1] = '\0'; 79 _has_path = true; 80 } 81 } 82 83 static void set_listener(int s) { _listener = s; } 84 85 // reads a request from the given connected socket 86 static AixAttachOperation* read_request(int s); 87 88 public: 89 enum { 90 ATTACH_PROTOCOL_VER = 1 // protocol version 91 }; 92 enum { 93 ATTACH_ERROR_BADVERSION = 101 // error codes 94 }; 95 96 // initialize the listener, returns 0 if okay 97 static int init(); 98 99 static char* path() { return _path; } 100 static bool has_path() { return _has_path; } 101 static int listener() { return _listener; } 102 // Shutdown marker to prevent accept blocking during clean-up 103 static void set_shutdown(bool shutdown) { _shutdown = shutdown; } 104 static bool is_shutdown() { return _shutdown; } 105 106 // write the given buffer to a socket 107 static int write_fully(int s, char* buf, int len); 108 109 static AixAttachOperation* dequeue(); 110 }; 111 112 class AixAttachOperation: public AttachOperation { 113 private: 114 // the connection to the client 115 int _socket; 116 117 public: 118 void complete(jint res, bufferedStream* st); 119 120 void set_socket(int s) { _socket = s; } 121 int socket() const { return _socket; } 122 123 AixAttachOperation(char* name) : AttachOperation(name) { 124 set_socket(-1); 125 } 126 }; 127 128 // statics 129 char AixAttachListener::_path[UNIX_PATH_MAX]; 130 bool AixAttachListener::_has_path; 131 int AixAttachListener::_listener = -1; 132 // Shutdown marker to prevent accept blocking during clean-up 133 bool AixAttachListener::_shutdown = false; 134 135 // Supporting class to help split a buffer into individual components 136 class ArgumentIterator : public StackObj { 137 private: 138 char* _pos; 139 char* _end; 140 public: 141 ArgumentIterator(char* arg_buffer, size_t arg_size) { 142 _pos = arg_buffer; 143 _end = _pos + arg_size - 1; 144 } 145 char* next() { 146 if (*_pos == '\0') { 147 if (_pos < _end) { 148 _pos += 1; 149 } 150 151 return NULL; 152 } 153 char* res = _pos; 154 char* next_pos = strchr(_pos, '\0'); 155 if (next_pos < _end) { 156 next_pos++; 157 } 158 _pos = next_pos; 159 return res; 160 } 161 }; 162 163 // On AIX if sockets block until all data has been transmitted 164 // successfully in some communication domains a socket "close" may 165 // never complete. We have to take care that after the socket shutdown 166 // the listener never enters accept state. 167 168 // atexit hook to stop listener and unlink the file that it is 169 // bound too. 170 171 // Some modifications to the listener logic to prevent deadlocks on exit. 172 // 1. We Shutdown the socket here instead. AixAttachOperation::complete() is not the right place 173 // since more than one agent in a sequence in JPLIS live tests wouldn't work (Listener thread 174 // would be dead after the first operation completion). 175 // 2. close(s) may never return if the listener thread is in socket accept(). Unlinking the file 176 // should be sufficient for cleanup. 177 extern "C" { 178 static void listener_cleanup() { 179 static int cleanup_done; 180 if (!cleanup_done) { 181 cleanup_done = 1; 182 AixAttachListener::set_shutdown(true); 183 int s = AixAttachListener::listener(); 184 if (s != -1) { 185 ::shutdown(s, 2); 186 } 187 if (AixAttachListener::has_path()) { 188 ::unlink(AixAttachListener::path()); 189 } 190 } 191 } 192 } 193 194 // Initialization - create a listener socket and bind it to a file 195 196 int AixAttachListener::init() { 197 char path[UNIX_PATH_MAX]; // socket file 198 char initial_path[UNIX_PATH_MAX]; // socket file during setup 199 int listener; // listener socket (file descriptor) 200 201 // register function to cleanup 202 ::atexit(listener_cleanup); 203 204 int n = snprintf(path, UNIX_PATH_MAX, "%s/.java_pid%d", 205 os::get_temp_directory(), os::current_process_id()); 206 if (n < (int)UNIX_PATH_MAX) { 207 n = snprintf(initial_path, UNIX_PATH_MAX, "%s.tmp", path); 208 } 209 if (n >= (int)UNIX_PATH_MAX) { 210 return -1; 211 } 212 213 // create the listener socket 214 listener = ::socket(PF_UNIX, SOCK_STREAM, 0); 215 if (listener == -1) { 216 return -1; 217 } 218 219 // bind socket 220 struct sockaddr_un addr; 221 memset((void *)&addr, 0, sizeof(addr)); 222 addr.sun_family = AF_UNIX; 223 strcpy(addr.sun_path, initial_path); 224 ::unlink(initial_path); 225 // We must call bind with the actual socketaddr length. This is obligatory for AS400. 226 int res = ::bind(listener, (struct sockaddr*)&addr, SUN_LEN(&addr)); 227 if (res == -1) { 228 ::close(listener); 229 return -1; 230 } 231 232 // put in listen mode, set permissions, and rename into place 233 res = ::listen(listener, 5); 234 if (res == 0) { 235 RESTARTABLE(::chmod(initial_path, (S_IREAD|S_IWRITE) & ~(S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)), res); 236 if (res == 0) { 237 res = ::rename(initial_path, path); 238 } 239 } 240 if (res == -1) { 241 ::close(listener); 242 ::unlink(initial_path); 243 return -1; 244 } 245 set_path(path); 246 set_listener(listener); 247 set_shutdown(false); 248 249 return 0; 250 } 251 252 // Given a socket that is connected to a peer we read the request and 253 // create an AttachOperation. As the socket is blocking there is potential 254 // for a denial-of-service if the peer does not response. However this happens 255 // after the peer credentials have been checked and in the worst case it just 256 // means that the attach listener thread is blocked. 257 // 258 AixAttachOperation* AixAttachListener::read_request(int s) { 259 char ver_str[8]; 260 sprintf(ver_str, "%d", ATTACH_PROTOCOL_VER); 261 262 // The request is a sequence of strings so we first figure out the 263 // expected count and the maximum possible length of the request. 264 // The request is: 265 // <ver>0<cmd>0<arg>0<arg>0<arg>0 266 // where <ver> is the protocol version (1), <cmd> is the command 267 // name ("load", "datadump", ...), and <arg> is an argument 268 int expected_str_count = 2 + AttachOperation::arg_count_max; 269 const int max_len = (sizeof(ver_str) + 1) + (AttachOperation::name_length_max + 1) + 270 AttachOperation::arg_count_max*(AttachOperation::arg_length_max + 1); 271 272 char buf[max_len]; 273 int str_count = 0; 274 275 // Read until all (expected) strings have been read, the buffer is 276 // full, or EOF. 277 278 int off = 0; 279 int left = max_len; 280 281 do { 282 int n; 283 // Don't block on interrupts because this will 284 // hang in the clean-up when shutting down. 285 n = read(s, buf+off, left); 286 if (n == -1) { 287 return NULL; // reset by peer or other error 288 } 289 if (n == 0) { // end of file reached 290 break; 291 } 292 for (int i=0; i<n; i++) { 293 if (buf[off+i] == 0) { 294 // EOS found 295 str_count++; 296 297 // The first string is <ver> so check it now to 298 // check for protocol mis-match 299 if (str_count == 1) { 300 if ((strlen(buf) != strlen(ver_str)) || 301 (atoi(buf) != ATTACH_PROTOCOL_VER)) { 302 char msg[32]; 303 sprintf(msg, "%d\n", ATTACH_ERROR_BADVERSION); 304 write_fully(s, msg, strlen(msg)); 305 return NULL; 306 } 307 } 308 } 309 } 310 off += n; 311 left -= n; 312 } while (left > 0 && str_count < expected_str_count); 313 314 if (str_count != expected_str_count) { 315 return NULL; // incomplete request 316 } 317 318 // parse request 319 320 ArgumentIterator args(buf, (max_len)-left); 321 322 // version already checked 323 char* v = args.next(); 324 325 char* name = args.next(); 326 if (name == NULL || strlen(name) > AttachOperation::name_length_max) { 327 return NULL; 328 } 329 330 AixAttachOperation* op = new AixAttachOperation(name); 331 332 for (int i=0; i<AttachOperation::arg_count_max; i++) { 333 char* arg = args.next(); 334 if (arg == NULL) { 335 op->set_arg(i, NULL); 336 } else { 337 if (strlen(arg) > AttachOperation::arg_length_max) { 338 delete op; 339 return NULL; 340 } 341 op->set_arg(i, arg); 342 } 343 } 344 345 op->set_socket(s); 346 return op; 347 } 348 349 350 // Dequeue an operation 351 // 352 // In the Aix implementation there is only a single operation and clients 353 // cannot queue commands (except at the socket level). 354 // 355 AixAttachOperation* AixAttachListener::dequeue() { 356 for (;;) { 357 int s; 358 359 // wait for client to connect 360 struct sockaddr addr; 361 socklen_t len = sizeof(addr); 362 memset(&addr, 0, len); 363 // We must prevent accept blocking on the socket if it has been shut down. 364 // Therefore we allow interrups and check whether we have been shut down already. 365 if (AixAttachListener::is_shutdown()) { 366 return NULL; 367 } 368 s=::accept(listener(), &addr, &len); 369 if (s == -1) { 370 return NULL; // log a warning? 371 } 372 373 // Added timeouts for read and write. If we get no request within the 374 // next AttachListenerTimeout milliseconds we just finish the connection. 375 struct timeval tv; 376 tv.tv_sec = 0; 377 tv.tv_usec = AttachListenerTimeout * 1000; 378 ::setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, (char*)&tv, sizeof(tv)); 379 ::setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, (char*)&tv, sizeof(tv)); 380 381 // get the credentials of the peer and check the effective uid/guid 382 // - check with jeff on this. 383 struct peercred_struct cred_info; 384 socklen_t optlen = sizeof(cred_info); 385 if (::getsockopt(s, SOL_SOCKET, SO_PEERID, (void*)&cred_info, &optlen) == -1) { 386 ::close(s); 387 continue; 388 } 389 uid_t euid = geteuid(); 390 gid_t egid = getegid(); 391 392 if (cred_info.euid != euid || cred_info.egid != egid) { 393 ::close(s); 394 continue; 395 } 396 397 // peer credential look okay so we read the request 398 AixAttachOperation* op = read_request(s); 399 if (op == NULL) { 400 ::close(s); 401 continue; 402 } else { 403 return op; 404 } 405 } 406 } 407 408 // write the given buffer to the socket 409 int AixAttachListener::write_fully(int s, char* buf, int len) { 410 do { 411 int n = ::write(s, buf, len); 412 if (n == -1) { 413 if (errno != EINTR) return -1; 414 } else { 415 buf += n; 416 len -= n; 417 } 418 } 419 while (len > 0); 420 return 0; 421 } 422 423 // Complete an operation by sending the operation result and any result 424 // output to the client. At this time the socket is in blocking mode so 425 // potentially we can block if there is a lot of data and the client is 426 // non-responsive. For most operations this is a non-issue because the 427 // default send buffer is sufficient to buffer everything. In the future 428 // if there are operations that involves a very big reply then it the 429 // socket could be made non-blocking and a timeout could be used. 430 431 void AixAttachOperation::complete(jint result, bufferedStream* st) { 432 JavaThread* thread = JavaThread::current(); 433 ThreadBlockInVM tbivm(thread); 434 435 thread->set_suspend_equivalent(); 436 // cleared by handle_special_suspend_equivalent_condition() or 437 // java_suspend_self() via check_and_wait_while_suspended() 438 439 // write operation result 440 char msg[32]; 441 sprintf(msg, "%d\n", result); 442 int rc = AixAttachListener::write_fully(this->socket(), msg, strlen(msg)); 443 444 // write any result data 445 if (rc == 0) { 446 // Shutdown the socket in the cleanup function to enable more than 447 // one agent attach in a sequence (see comments to listener_cleanup()). 448 AixAttachListener::write_fully(this->socket(), (char*) st->base(), st->size()); 449 } 450 451 // done 452 ::close(this->socket()); 453 454 // were we externally suspended while we were waiting? 455 thread->check_and_wait_while_suspended(); 456 457 delete this; 458 } 459 460 461 // AttachListener functions 462 463 AttachOperation* AttachListener::dequeue() { 464 JavaThread* thread = JavaThread::current(); 465 ThreadBlockInVM tbivm(thread); 466 467 thread->set_suspend_equivalent(); 468 // cleared by handle_special_suspend_equivalent_condition() or 469 // java_suspend_self() via check_and_wait_while_suspended() 470 471 AttachOperation* op = AixAttachListener::dequeue(); 472 473 // were we externally suspended while we were waiting? 474 thread->check_and_wait_while_suspended(); 475 476 return op; 477 } 478 479 // Performs initialization at vm startup 480 // For AIX we remove any stale .java_pid file which could cause 481 // an attaching process to think we are ready to receive on the 482 // domain socket before we are properly initialized 483 484 void AttachListener::vm_start() { 485 char fn[UNIX_PATH_MAX]; 486 struct stat64 st; 487 int ret; 488 489 int n = snprintf(fn, UNIX_PATH_MAX, "%s/.java_pid%d", 490 os::get_temp_directory(), os::current_process_id()); 491 assert(n < (int)UNIX_PATH_MAX, "java_pid file name buffer overflow"); 492 493 RESTARTABLE(::stat64(fn, &st), ret); 494 if (ret == 0) { 495 ret = ::unlink(fn); 496 if (ret == -1) { 497 log_debug(attach)("Failed to remove stale attach pid file at %s", fn); 498 } 499 } 500 } 501 502 int AttachListener::pd_init() { 503 JavaThread* thread = JavaThread::current(); 504 ThreadBlockInVM tbivm(thread); 505 506 thread->set_suspend_equivalent(); 507 // cleared by handle_special_suspend_equivalent_condition() or 508 // java_suspend_self() via check_and_wait_while_suspended() 509 510 int ret_code = AixAttachListener::init(); 511 512 // were we externally suspended while we were waiting? 513 thread->check_and_wait_while_suspended(); 514 515 return ret_code; 516 } 517 518 // Attach Listener is started lazily except in the case when 519 // +ReduseSignalUsage is used 520 bool AttachListener::init_at_startup() { 521 if (ReduceSignalUsage) { 522 return true; 523 } else { 524 return false; 525 } 526 } 527 528 // If the file .attach_pid<pid> exists in the working directory 529 // or /tmp then this is the trigger to start the attach mechanism 530 bool AttachListener::is_init_trigger() { 531 if (init_at_startup() || is_initialized()) { 532 return false; // initialized at startup or already initialized 533 } 534 char fn[PATH_MAX+1]; 535 sprintf(fn, ".attach_pid%d", os::current_process_id()); 536 int ret; 537 struct stat64 st; 538 RESTARTABLE(::stat64(fn, &st), ret); 539 if (ret == -1) { 540 log_trace(attach)("Failed to find attach file: %s, trying alternate", fn); 541 snprintf(fn, sizeof(fn), "%s/.attach_pid%d", 542 os::get_temp_directory(), os::current_process_id()); 543 RESTARTABLE(::stat64(fn, &st), ret); 544 if (ret == -1) { 545 log_debug(attach)("Failed to find attach file: %s", fn); 546 } 547 } 548 if (ret == 0) { 549 // simple check to avoid starting the attach mechanism when 550 // a bogus user creates the file 551 if (st.st_uid == geteuid()) { 552 init(); 553 log_trace(attach)("Attach trigerred by %s", fn); 554 return true; 555 } else { 556 log_debug(attach)("File %s has wrong user id %d (vs %d). Attach is not triggered", fn, st.st_uid, geteuid()); 557 } 558 } 559 return false; 560 } 561 562 // if VM aborts then remove listener 563 void AttachListener::abort() { 564 listener_cleanup(); 565 } 566 567 void AttachListener::pd_data_dump() { 568 os::signal_notify(SIGQUIT); 569 } 570 571 AttachOperationFunctionInfo* AttachListener::pd_find_operation(const char* n) { 572 return NULL; 573 } 574 575 jint AttachListener::pd_set_flag(AttachOperation* op, outputStream* out) { 576 out->print_cr("flag '%s' cannot be changed", op->arg(0)); 577 return JNI_ERR; 578 } 579 580 void AttachListener::pd_detachall() { 581 // Cleanup server socket to detach clients. 582 listener_cleanup(); 583 }