1 /*
   2  * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * Copyright (c) 2012, 2016 SAP SE. All rights reserved.
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This code is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License version 2 only, as
   8  * published by the Free Software Foundation.
   9  *
  10  * This code is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * version 2 for more details (a copy is included in the LICENSE file that
  14  * accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License version
  17  * 2 along with this work; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  19  *
  20  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  21  * or visit www.oracle.com if you need additional information or have any
  22  * questions.
  23  *
  24  */
  25 
  26 #include "precompiled.hpp"
  27 #include "runtime/interfaceSupport.hpp"
  28 #include "runtime/os.inline.hpp"
  29 #include "services/attachListener.hpp"
  30 #include "services/dtraceAttacher.hpp"
  31 
  32 #include <unistd.h>
  33 #include <signal.h>
  34 #include <sys/types.h>
  35 #include <sys/socket.h>
  36 #include <sys/un.h>
  37 #include <sys/stat.h>
  38 
  39 #ifndef UNIX_PATH_MAX
  40 #define UNIX_PATH_MAX   sizeof(((struct sockaddr_un *)0)->sun_path)
  41 #endif
  42 
  43 // The attach mechanism on AIX  uses a UNIX domain socket. An attach listener
  44 // thread is created at startup or is created on-demand via a signal from
  45 // the client tool. The attach listener creates a socket and binds it to a file
  46 // in the filesystem. The attach listener then acts as a simple (single-
  47 // threaded) server - it waits for a client to connect, reads the request,
  48 // executes it, and returns the response to the client via the socket
  49 // connection.
  50 //
  51 // As the socket is a UNIX domain socket it means that only clients on the
  52 // local machine can connect. In addition there are two other aspects to
  53 // the security:
  54 // 1. The well known file that the socket is bound to has permission 400
  55 // 2. When a client connect, the SO_PEERID socket option is used to
  56 //    obtain the credentials of client. We check that the effective uid
  57 //    of the client matches this process.
  58 
  59 // forward reference
  60 class AixAttachOperation;
  61 
  62 class AixAttachListener: AllStatic {
  63  private:
  64   // the path to which we bind the UNIX domain socket
  65   static char _path[UNIX_PATH_MAX];
  66   static bool _has_path;
  67   // Shutdown marker to prevent accept blocking during clean-up.
  68   static bool _shutdown;
  69 
  70   // the file descriptor for the listening socket
  71   static int _listener;
  72 
  73   static void set_path(char* path) {
  74     if (path == NULL) {
  75       _has_path = false;
  76     } else {
  77       strncpy(_path, path, UNIX_PATH_MAX);
  78       _path[UNIX_PATH_MAX-1] = '\0';
  79       _has_path = true;
  80     }
  81   }
  82 
  83   static void set_listener(int s)               { _listener = s; }
  84 
  85   // reads a request from the given connected socket
  86   static AixAttachOperation* read_request(int s);
  87 
  88  public:
  89   enum {
  90     ATTACH_PROTOCOL_VER = 1                     // protocol version
  91   };
  92   enum {
  93     ATTACH_ERROR_BADVERSION     = 101           // error codes
  94   };
  95 
  96   // initialize the listener, returns 0 if okay
  97   static int init();
  98 
  99   static char* path()                   { return _path; }
 100   static bool has_path()                { return _has_path; }
 101   static int listener()                 { return _listener; }
 102   // Shutdown marker to prevent accept blocking during clean-up
 103   static void set_shutdown(bool shutdown) { _shutdown = shutdown; }
 104   static bool is_shutdown()     { return _shutdown; }
 105 
 106   // write the given buffer to a socket
 107   static int write_fully(int s, char* buf, int len);
 108 
 109   static AixAttachOperation* dequeue();
 110 };
 111 
 112 class AixAttachOperation: public AttachOperation {
 113  private:
 114   // the connection to the client
 115   int _socket;
 116 
 117  public:
 118   void complete(jint res, bufferedStream* st);
 119 
 120   void set_socket(int s)                                { _socket = s; }
 121   int socket() const                                    { return _socket; }
 122 
 123   AixAttachOperation(char* name) : AttachOperation(name) {
 124     set_socket(-1);
 125   }
 126 };
 127 
 128 // statics
 129 char AixAttachListener::_path[UNIX_PATH_MAX];
 130 bool AixAttachListener::_has_path;
 131 int AixAttachListener::_listener = -1;
 132 // Shutdown marker to prevent accept blocking during clean-up
 133 bool AixAttachListener::_shutdown = false;
 134 
 135 // Supporting class to help split a buffer into individual components
 136 class ArgumentIterator : public StackObj {
 137  private:
 138   char* _pos;
 139   char* _end;
 140  public:
 141   ArgumentIterator(char* arg_buffer, size_t arg_size) {
 142     _pos = arg_buffer;
 143     _end = _pos + arg_size - 1;
 144   }
 145   char* next() {
 146     if (*_pos == '\0') {
 147       if (_pos < _end) {
 148         _pos += 1;
 149       }
 150 
 151       return NULL;
 152     }
 153     char* res = _pos;
 154     char* next_pos = strchr(_pos, '\0');
 155     if (next_pos < _end)  {
 156       next_pos++;
 157     }
 158     _pos = next_pos;
 159     return res;
 160   }
 161 };
 162 
 163 // On AIX if sockets block until all data has been transmitted
 164 // successfully in some communication domains a socket "close" may
 165 // never complete. We have to take care that after the socket shutdown
 166 // the listener never enters accept state.
 167 
 168 // atexit hook to stop listener and unlink the file that it is
 169 // bound too.
 170 
 171 // Some modifications to the listener logic to prevent deadlocks on exit.
 172 // 1. We Shutdown the socket here instead. AixAttachOperation::complete() is not the right place
 173 //    since more than one agent in a sequence in JPLIS live tests wouldn't work (Listener thread
 174 //    would be dead after the first operation completion).
 175 // 2. close(s) may never return if the listener thread is in socket accept(). Unlinking the file
 176 //    should be sufficient for cleanup.
 177 extern "C" {
 178   static void listener_cleanup() {
 179     static int cleanup_done;
 180     if (!cleanup_done) {
 181       cleanup_done = 1;
 182       AixAttachListener::set_shutdown(true);
 183       int s = AixAttachListener::listener();
 184       if (s != -1) {
 185         ::shutdown(s, 2);
 186       }
 187       if (AixAttachListener::has_path()) {
 188         ::unlink(AixAttachListener::path());
 189       }
 190     }
 191   }
 192 }
 193 
 194 // Initialization - create a listener socket and bind it to a file
 195 
 196 int AixAttachListener::init() {
 197   char path[UNIX_PATH_MAX];          // socket file
 198   char initial_path[UNIX_PATH_MAX];  // socket file during setup
 199   int listener;                      // listener socket (file descriptor)
 200 
 201   // register function to cleanup
 202   ::atexit(listener_cleanup);
 203 
 204   int n = snprintf(path, UNIX_PATH_MAX, "%s/.java_pid%d",
 205                    os::get_temp_directory(), os::current_process_id());
 206   if (n < (int)UNIX_PATH_MAX) {
 207     n = snprintf(initial_path, UNIX_PATH_MAX, "%s.tmp", path);
 208   }
 209   if (n >= (int)UNIX_PATH_MAX) {
 210     return -1;
 211   }
 212 
 213   // create the listener socket
 214   listener = ::socket(PF_UNIX, SOCK_STREAM, 0);
 215   if (listener == -1) {
 216     return -1;
 217   }
 218 
 219   // bind socket
 220   struct sockaddr_un addr;
 221   memset((void *)&addr, 0, sizeof(addr));
 222   addr.sun_family = AF_UNIX;
 223   strcpy(addr.sun_path, initial_path);
 224   ::unlink(initial_path);
 225   // We must call bind with the actual socketaddr length. This is obligatory for AS400.
 226   int res = ::bind(listener, (struct sockaddr*)&addr, SUN_LEN(&addr));
 227   if (res == -1) {
 228     ::close(listener);
 229     return -1;
 230   }
 231 
 232   // put in listen mode, set permissions, and rename into place
 233   res = ::listen(listener, 5);
 234   if (res == 0) {
 235       RESTARTABLE(::chmod(initial_path, (S_IREAD|S_IWRITE) & ~(S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)), res);
 236       if (res == 0) {
 237           res = ::rename(initial_path, path);
 238       }
 239   }
 240   if (res == -1) {
 241     ::close(listener);
 242     ::unlink(initial_path);
 243     return -1;
 244   }
 245   set_path(path);
 246   set_listener(listener);
 247   set_shutdown(false);
 248 
 249   return 0;
 250 }
 251 
 252 // Given a socket that is connected to a peer we read the request and
 253 // create an AttachOperation. As the socket is blocking there is potential
 254 // for a denial-of-service if the peer does not response. However this happens
 255 // after the peer credentials have been checked and in the worst case it just
 256 // means that the attach listener thread is blocked.
 257 //
 258 AixAttachOperation* AixAttachListener::read_request(int s) {
 259   char ver_str[8];
 260   sprintf(ver_str, "%d", ATTACH_PROTOCOL_VER);
 261 
 262   // The request is a sequence of strings so we first figure out the
 263   // expected count and the maximum possible length of the request.
 264   // The request is:
 265   //   <ver>0<cmd>0<arg>0<arg>0<arg>0
 266   // where <ver> is the protocol version (1), <cmd> is the command
 267   // name ("load", "datadump", ...), and <arg> is an argument
 268   int expected_str_count = 2 + AttachOperation::arg_count_max;
 269   const int max_len = (sizeof(ver_str) + 1) + (AttachOperation::name_length_max + 1) +
 270     AttachOperation::arg_count_max*(AttachOperation::arg_length_max + 1);
 271 
 272   char buf[max_len];
 273   int str_count = 0;
 274 
 275   // Read until all (expected) strings have been read, the buffer is
 276   // full, or EOF.
 277 
 278   int off = 0;
 279   int left = max_len;
 280 
 281   do {
 282     int n;
 283     // Don't block on interrupts because this will
 284     // hang in the clean-up when shutting down.
 285     n = read(s, buf+off, left);
 286     if (n == -1) {
 287       return NULL;      // reset by peer or other error
 288     }
 289     if (n == 0) {       // end of file reached
 290       break;
 291     }
 292     for (int i=0; i<n; i++) {
 293       if (buf[off+i] == 0) {
 294         // EOS found
 295         str_count++;
 296 
 297         // The first string is <ver> so check it now to
 298         // check for protocol mis-match
 299         if (str_count == 1) {
 300           if ((strlen(buf) != strlen(ver_str)) ||
 301               (atoi(buf) != ATTACH_PROTOCOL_VER)) {
 302             char msg[32];
 303             sprintf(msg, "%d\n", ATTACH_ERROR_BADVERSION);
 304             write_fully(s, msg, strlen(msg));
 305             return NULL;
 306           }
 307         }
 308       }
 309     }
 310     off += n;
 311     left -= n;
 312   } while (left > 0 && str_count < expected_str_count);
 313 
 314   if (str_count != expected_str_count) {
 315     return NULL;        // incomplete request
 316   }
 317 
 318   // parse request
 319 
 320   ArgumentIterator args(buf, (max_len)-left);
 321 
 322   // version already checked
 323   char* v = args.next();
 324 
 325   char* name = args.next();
 326   if (name == NULL || strlen(name) > AttachOperation::name_length_max) {
 327     return NULL;
 328   }
 329 
 330   AixAttachOperation* op = new AixAttachOperation(name);
 331 
 332   for (int i=0; i<AttachOperation::arg_count_max; i++) {
 333     char* arg = args.next();
 334     if (arg == NULL) {
 335       op->set_arg(i, NULL);
 336     } else {
 337       if (strlen(arg) > AttachOperation::arg_length_max) {
 338         delete op;
 339         return NULL;
 340       }
 341       op->set_arg(i, arg);
 342     }
 343   }
 344 
 345   op->set_socket(s);
 346   return op;
 347 }
 348 
 349 
 350 // Dequeue an operation
 351 //
 352 // In the Aix implementation there is only a single operation and clients
 353 // cannot queue commands (except at the socket level).
 354 //
 355 AixAttachOperation* AixAttachListener::dequeue() {
 356   for (;;) {
 357     int s;
 358 
 359     // wait for client to connect
 360     struct sockaddr addr;
 361     socklen_t len = sizeof(addr);
 362     memset(&addr, 0, len);
 363     // We must prevent accept blocking on the socket if it has been shut down.
 364     // Therefore we allow interrups and check whether we have been shut down already.
 365     if (AixAttachListener::is_shutdown()) {
 366       return NULL;
 367     }
 368     s=::accept(listener(), &addr, &len);
 369     if (s == -1) {
 370       return NULL;      // log a warning?
 371     }
 372 
 373     // Added timeouts for read and write.  If we get no request within the
 374     // next AttachListenerTimeout milliseconds we just finish the connection.
 375     struct timeval tv;
 376     tv.tv_sec = 0;
 377     tv.tv_usec = AttachListenerTimeout * 1000;
 378     ::setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, (char*)&tv, sizeof(tv));
 379     ::setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, (char*)&tv, sizeof(tv));
 380 
 381     // get the credentials of the peer and check the effective uid/guid
 382     // - check with jeff on this.
 383     struct peercred_struct cred_info;
 384     socklen_t optlen = sizeof(cred_info);
 385     if (::getsockopt(s, SOL_SOCKET, SO_PEERID, (void*)&cred_info, &optlen) == -1) {
 386       ::close(s);
 387       continue;
 388     }
 389     uid_t euid = geteuid();
 390     gid_t egid = getegid();
 391 
 392     if (cred_info.euid != euid || cred_info.egid != egid) {
 393       ::close(s);
 394       continue;
 395     }
 396 
 397     // peer credential look okay so we read the request
 398     AixAttachOperation* op = read_request(s);
 399     if (op == NULL) {
 400       ::close(s);
 401       continue;
 402     } else {
 403       return op;
 404     }
 405   }
 406 }
 407 
 408 // write the given buffer to the socket
 409 int AixAttachListener::write_fully(int s, char* buf, int len) {
 410   do {
 411     int n = ::write(s, buf, len);
 412     if (n == -1) {
 413       if (errno != EINTR) return -1;
 414     } else {
 415       buf += n;
 416       len -= n;
 417     }
 418   }
 419   while (len > 0);
 420   return 0;
 421 }
 422 
 423 // Complete an operation by sending the operation result and any result
 424 // output to the client. At this time the socket is in blocking mode so
 425 // potentially we can block if there is a lot of data and the client is
 426 // non-responsive. For most operations this is a non-issue because the
 427 // default send buffer is sufficient to buffer everything. In the future
 428 // if there are operations that involves a very big reply then it the
 429 // socket could be made non-blocking and a timeout could be used.
 430 
 431 void AixAttachOperation::complete(jint result, bufferedStream* st) {
 432   JavaThread* thread = JavaThread::current();
 433   ThreadBlockInVM tbivm(thread);
 434 
 435   thread->set_suspend_equivalent();
 436   // cleared by handle_special_suspend_equivalent_condition() or
 437   // java_suspend_self() via check_and_wait_while_suspended()
 438 
 439   // write operation result
 440   char msg[32];
 441   sprintf(msg, "%d\n", result);
 442   int rc = AixAttachListener::write_fully(this->socket(), msg, strlen(msg));
 443 
 444   // write any result data
 445   if (rc == 0) {
 446     // Shutdown the socket in the cleanup function to enable more than
 447     // one agent attach in a sequence (see comments to listener_cleanup()).
 448     AixAttachListener::write_fully(this->socket(), (char*) st->base(), st->size());
 449   }
 450 
 451   // done
 452   ::close(this->socket());
 453 
 454   // were we externally suspended while we were waiting?
 455   thread->check_and_wait_while_suspended();
 456 
 457   delete this;
 458 }
 459 
 460 
 461 // AttachListener functions
 462 
 463 AttachOperation* AttachListener::dequeue() {
 464   JavaThread* thread = JavaThread::current();
 465   ThreadBlockInVM tbivm(thread);
 466 
 467   thread->set_suspend_equivalent();
 468   // cleared by handle_special_suspend_equivalent_condition() or
 469   // java_suspend_self() via check_and_wait_while_suspended()
 470 
 471   AttachOperation* op = AixAttachListener::dequeue();
 472 
 473   // were we externally suspended while we were waiting?
 474   thread->check_and_wait_while_suspended();
 475 
 476   return op;
 477 }
 478 
 479 // Performs initialization at vm startup
 480 // For AIX we remove any stale .java_pid file which could cause
 481 // an attaching process to think we are ready to receive on the
 482 // domain socket before we are properly initialized
 483 
 484 void AttachListener::vm_start() {
 485   char fn[UNIX_PATH_MAX];
 486   struct stat64 st;
 487   int ret;
 488 
 489   int n = snprintf(fn, UNIX_PATH_MAX, "%s/.java_pid%d",
 490            os::get_temp_directory(), os::current_process_id());
 491   assert(n < (int)UNIX_PATH_MAX, "java_pid file name buffer overflow");
 492 
 493   RESTARTABLE(::stat64(fn, &st), ret);
 494   if (ret == 0) {
 495     ret = ::unlink(fn);
 496     if (ret == -1) {
 497       log_debug(attach)("Failed to remove stale attach pid file at %s", fn);
 498     }
 499   }
 500 }
 501 
 502 int AttachListener::pd_init() {
 503   JavaThread* thread = JavaThread::current();
 504   ThreadBlockInVM tbivm(thread);
 505 
 506   thread->set_suspend_equivalent();
 507   // cleared by handle_special_suspend_equivalent_condition() or
 508   // java_suspend_self() via check_and_wait_while_suspended()
 509 
 510   int ret_code = AixAttachListener::init();
 511 
 512   // were we externally suspended while we were waiting?
 513   thread->check_and_wait_while_suspended();
 514 
 515   return ret_code;
 516 }
 517 
 518 // Attach Listener is started lazily except in the case when
 519 // +ReduseSignalUsage is used
 520 bool AttachListener::init_at_startup() {
 521   if (ReduceSignalUsage) {
 522     return true;
 523   } else {
 524     return false;
 525   }
 526 }
 527 
 528 // If the file .attach_pid<pid> exists in the working directory
 529 // or /tmp then this is the trigger to start the attach mechanism
 530 bool AttachListener::is_init_trigger() {
 531   if (init_at_startup() || is_initialized()) {
 532     return false;               // initialized at startup or already initialized
 533   }
 534   char fn[PATH_MAX+1];
 535   sprintf(fn, ".attach_pid%d", os::current_process_id());
 536   int ret;
 537   struct stat64 st;
 538   RESTARTABLE(::stat64(fn, &st), ret);
 539   if (ret == -1) {
 540     log_trace(attach)("Failed to find attach file: %s, trying alternate", fn);
 541     snprintf(fn, sizeof(fn), "%s/.attach_pid%d",
 542              os::get_temp_directory(), os::current_process_id());
 543     RESTARTABLE(::stat64(fn, &st), ret);
 544     if (ret == -1) {
 545       log_debug(attach)("Failed to find attach file: %s", fn);
 546     }
 547   }
 548   if (ret == 0) {
 549     // simple check to avoid starting the attach mechanism when
 550     // a bogus user creates the file
 551     if (st.st_uid == geteuid()) {
 552       init();
 553       log_trace(attach)("Attach trigerred by %s", fn);
 554       return true;
 555     } else {
 556       log_debug(attach)("File %s has wrong user id %d (vs %d). Attach is not triggered", fn, st.st_uid, geteuid());
 557     }
 558   }
 559   return false;
 560 }
 561 
 562 // if VM aborts then remove listener
 563 void AttachListener::abort() {
 564   listener_cleanup();
 565 }
 566 
 567 void AttachListener::pd_data_dump() {
 568   os::signal_notify(SIGQUIT);
 569 }
 570 
 571 AttachOperationFunctionInfo* AttachListener::pd_find_operation(const char* n) {
 572   return NULL;
 573 }
 574 
 575 jint AttachListener::pd_set_flag(AttachOperation* op, outputStream* out) {
 576   out->print_cr("flag '%s' cannot be changed", op->arg(0));
 577   return JNI_ERR;
 578 }
 579 
 580 void AttachListener::pd_detachall() {
 581   // Cleanup server socket to detach clients.
 582   listener_cleanup();
 583 }