1 /* 2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "logging/log.hpp" 27 #include "memory/allocation.inline.hpp" 28 #include "runtime/interfaceSupport.inline.hpp" 29 #include "runtime/os.inline.hpp" 30 #include "services/attachListener.hpp" 31 #include "services/dtraceAttacher.hpp" 32 33 #include <unistd.h> 34 #include <signal.h> 35 #include <sys/types.h> 36 #include <sys/socket.h> 37 #include <sys/un.h> 38 #include <sys/stat.h> 39 40 #ifndef UNIX_PATH_MAX 41 #define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)0)->sun_path) 42 #endif 43 44 // The attach mechanism on Linux uses a UNIX domain socket. An attach listener 45 // thread is created at startup or is created on-demand via a signal from 46 // the client tool. The attach listener creates a socket and binds it to a file 47 // in the filesystem. The attach listener then acts as a simple (single- 48 // threaded) server - it waits for a client to connect, reads the request, 49 // executes it, and returns the response to the client via the socket 50 // connection. 51 // 52 // As the socket is a UNIX domain socket it means that only clients on the 53 // local machine can connect. In addition there are two other aspects to 54 // the security: 55 // 1. The well known file that the socket is bound to has permission 400 56 // 2. When a client connect, the SO_PEERCRED socket option is used to 57 // obtain the credentials of client. We check that the effective uid 58 // of the client matches this process. 59 60 // forward reference 61 class LinuxAttachOperation; 62 63 class LinuxAttachListener: AllStatic { 64 private: 65 // the path to which we bind the UNIX domain socket 66 static char _path[UNIX_PATH_MAX]; 67 static bool _has_path; 68 69 // the file descriptor for the listening socket 70 static int _listener; 71 72 static void set_path(char* path) { 73 if (path == NULL) { 74 _has_path = false; 75 } else { 76 strncpy(_path, path, UNIX_PATH_MAX); 77 _path[UNIX_PATH_MAX-1] = '\0'; 78 _has_path = true; 79 } 80 } 81 82 static void set_listener(int s) { _listener = s; } 83 84 // reads a request from the given connected socket 85 static LinuxAttachOperation* read_request(int s); 86 87 public: 88 enum { 89 ATTACH_PROTOCOL_VER = 1 // protocol version 90 }; 91 enum { 92 ATTACH_ERROR_BADVERSION = 101 // error codes 93 }; 94 95 // initialize the listener, returns 0 if okay 96 static int init(); 97 98 static char* path() { return _path; } 99 static bool has_path() { return _has_path; } 100 static int listener() { return _listener; } 101 102 // write the given buffer to a socket 103 static int write_fully(int s, char* buf, int len); 104 105 static LinuxAttachOperation* dequeue(); 106 }; 107 108 class LinuxAttachOperation: public AttachOperation { 109 private: 110 // the connection to the client 111 int _socket; 112 113 public: 114 void complete(jint res, bufferedStream* st); 115 116 void set_socket(int s) { _socket = s; } 117 int socket() const { return _socket; } 118 119 LinuxAttachOperation(char* name) : AttachOperation(name) { 120 set_socket(-1); 121 } 122 }; 123 124 // statics 125 char LinuxAttachListener::_path[UNIX_PATH_MAX]; 126 bool LinuxAttachListener::_has_path; 127 int LinuxAttachListener::_listener = -1; 128 129 // Supporting class to help split a buffer into individual components 130 class ArgumentIterator : public StackObj { 131 private: 132 char* _pos; 133 char* _end; 134 public: 135 ArgumentIterator(char* arg_buffer, size_t arg_size) { 136 _pos = arg_buffer; 137 _end = _pos + arg_size - 1; 138 } 139 char* next() { 140 if (*_pos == '\0') { 141 return NULL; 142 } 143 char* res = _pos; 144 char* next_pos = strchr(_pos, '\0'); 145 if (next_pos < _end) { 146 next_pos++; 147 } 148 _pos = next_pos; 149 return res; 150 } 151 }; 152 153 154 // atexit hook to stop listener and unlink the file that it is 155 // bound too. 156 extern "C" { 157 static void listener_cleanup() { 158 static int cleanup_done; 159 if (!cleanup_done) { 160 cleanup_done = 1; 161 int s = LinuxAttachListener::listener(); 162 if (s != -1) { 163 ::close(s); 164 } 165 if (LinuxAttachListener::has_path()) { 166 ::unlink(LinuxAttachListener::path()); 167 } 168 } 169 } 170 } 171 172 // Initialization - create a listener socket and bind it to a file 173 174 int LinuxAttachListener::init() { 175 char path[UNIX_PATH_MAX]; // socket file 176 char initial_path[UNIX_PATH_MAX]; // socket file during setup 177 int listener; // listener socket (file descriptor) 178 179 // register function to cleanup 180 ::atexit(listener_cleanup); 181 182 int n = snprintf(path, UNIX_PATH_MAX, "%s/.java_pid%d", 183 os::get_temp_directory(), os::current_process_id()); 184 if (n < (int)UNIX_PATH_MAX) { 185 n = snprintf(initial_path, UNIX_PATH_MAX, "%s.tmp", path); 186 } 187 if (n >= (int)UNIX_PATH_MAX) { 188 return -1; 189 } 190 191 // create the listener socket 192 listener = ::socket(PF_UNIX, SOCK_STREAM, 0); 193 if (listener == -1) { 194 return -1; 195 } 196 197 // bind socket 198 struct sockaddr_un addr; 199 addr.sun_family = AF_UNIX; 200 strcpy(addr.sun_path, initial_path); 201 ::unlink(initial_path); 202 int res = ::bind(listener, (struct sockaddr*)&addr, sizeof(addr)); 203 if (res == -1) { 204 ::close(listener); 205 return -1; 206 } 207 208 // put in listen mode, set permissions, and rename into place 209 res = ::listen(listener, 5); 210 if (res == 0) { 211 RESTARTABLE(::chmod(initial_path, S_IREAD|S_IWRITE), res); 212 if (res == 0) { 213 res = ::rename(initial_path, path); 214 } 215 } 216 if (res == -1) { 217 ::close(listener); 218 ::unlink(initial_path); 219 return -1; 220 } 221 set_path(path); 222 set_listener(listener); 223 224 return 0; 225 } 226 227 // Given a socket that is connected to a peer we read the request and 228 // create an AttachOperation. As the socket is blocking there is potential 229 // for a denial-of-service if the peer does not response. However this happens 230 // after the peer credentials have been checked and in the worst case it just 231 // means that the attach listener thread is blocked. 232 // 233 LinuxAttachOperation* LinuxAttachListener::read_request(int s) { 234 char ver_str[8]; 235 sprintf(ver_str, "%d", ATTACH_PROTOCOL_VER); 236 237 // The request is a sequence of strings so we first figure out the 238 // expected count and the maximum possible length of the request. 239 // The request is: 240 // <ver>0<cmd>0<arg>0<arg>0<arg>0 241 // where <ver> is the protocol version (1), <cmd> is the command 242 // name ("load", "datadump", ...), and <arg> is an argument 243 int expected_str_count = 2 + AttachOperation::arg_count_max; 244 const int max_len = (sizeof(ver_str) + 1) + (AttachOperation::name_length_max + 1) + 245 AttachOperation::arg_count_max*(AttachOperation::arg_length_max + 1); 246 247 char buf[max_len]; 248 int str_count = 0; 249 250 // Read until all (expected) strings have been read, the buffer is 251 // full, or EOF. 252 253 int off = 0; 254 int left = max_len; 255 256 do { 257 int n; 258 RESTARTABLE(read(s, buf+off, left), n); 259 assert(n <= left, "buffer was too small, impossible!"); 260 buf[max_len - 1] = '\0'; 261 if (n == -1) { 262 return NULL; // reset by peer or other error 263 } 264 if (n == 0) { 265 break; 266 } 267 for (int i=0; i<n; i++) { 268 if (buf[off+i] == 0) { 269 // EOS found 270 str_count++; 271 272 // The first string is <ver> so check it now to 273 // check for protocol mis-match 274 if (str_count == 1) { 275 if ((strlen(buf) != strlen(ver_str)) || 276 (atoi(buf) != ATTACH_PROTOCOL_VER)) { 277 char msg[32]; 278 sprintf(msg, "%d\n", ATTACH_ERROR_BADVERSION); 279 write_fully(s, msg, strlen(msg)); 280 return NULL; 281 } 282 } 283 } 284 } 285 off += n; 286 left -= n; 287 } while (left > 0 && str_count < expected_str_count); 288 289 if (str_count != expected_str_count) { 290 return NULL; // incomplete request 291 } 292 293 // parse request 294 295 ArgumentIterator args(buf, (max_len)-left); 296 297 // version already checked 298 char* v = args.next(); 299 300 char* name = args.next(); 301 if (name == NULL || strlen(name) > AttachOperation::name_length_max) { 302 return NULL; 303 } 304 305 LinuxAttachOperation* op = new LinuxAttachOperation(name); 306 307 for (int i=0; i<AttachOperation::arg_count_max; i++) { 308 char* arg = args.next(); 309 if (arg == NULL) { 310 op->set_arg(i, NULL); 311 } else { 312 if (strlen(arg) > AttachOperation::arg_length_max) { 313 delete op; 314 return NULL; 315 } 316 op->set_arg(i, arg); 317 } 318 } 319 320 op->set_socket(s); 321 return op; 322 } 323 324 325 // Dequeue an operation 326 // 327 // In the Linux implementation there is only a single operation and clients 328 // cannot queue commands (except at the socket level). 329 // 330 LinuxAttachOperation* LinuxAttachListener::dequeue() { 331 for (;;) { 332 int s; 333 334 // wait for client to connect 335 struct sockaddr addr; 336 socklen_t len = sizeof(addr); 337 RESTARTABLE(::accept(listener(), &addr, &len), s); 338 if (s == -1) { 339 return NULL; // log a warning? 340 } 341 342 // get the credentials of the peer and check the effective uid/guid 343 // - check with jeff on this. 344 struct ucred cred_info; 345 socklen_t optlen = sizeof(cred_info); 346 if (::getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void*)&cred_info, &optlen) == -1) { 347 ::close(s); 348 continue; 349 } 350 uid_t euid = geteuid(); 351 gid_t egid = getegid(); 352 353 if (cred_info.uid != euid || cred_info.gid != egid) { 354 ::close(s); 355 continue; 356 } 357 358 // peer credential look okay so we read the request 359 LinuxAttachOperation* op = read_request(s); 360 if (op == NULL) { 361 ::close(s); 362 continue; 363 } else { 364 return op; 365 } 366 } 367 } 368 369 // write the given buffer to the socket 370 int LinuxAttachListener::write_fully(int s, char* buf, int len) { 371 do { 372 int n = ::write(s, buf, len); 373 if (n == -1) { 374 if (errno != EINTR) return -1; 375 } else { 376 buf += n; 377 len -= n; 378 } 379 } 380 while (len > 0); 381 return 0; 382 } 383 384 // Complete an operation by sending the operation result and any result 385 // output to the client. At this time the socket is in blocking mode so 386 // potentially we can block if there is a lot of data and the client is 387 // non-responsive. For most operations this is a non-issue because the 388 // default send buffer is sufficient to buffer everything. In the future 389 // if there are operations that involves a very big reply then it the 390 // socket could be made non-blocking and a timeout could be used. 391 392 void LinuxAttachOperation::complete(jint result, bufferedStream* st) { 393 JavaThread* thread = JavaThread::current(); 394 ThreadBlockInVM tbivm(thread); 395 396 thread->set_suspend_equivalent(); 397 // cleared by handle_special_suspend_equivalent_condition() or 398 // java_suspend_self() via check_and_wait_while_suspended() 399 400 // write operation result 401 char msg[32]; 402 sprintf(msg, "%d\n", result); 403 int rc = LinuxAttachListener::write_fully(this->socket(), msg, strlen(msg)); 404 405 // write any result data 406 if (rc == 0) { 407 LinuxAttachListener::write_fully(this->socket(), (char*) st->base(), st->size()); 408 ::shutdown(this->socket(), 2); 409 } 410 411 // done 412 ::close(this->socket()); 413 414 // were we externally suspended while we were waiting? 415 thread->check_and_wait_while_suspended(); 416 417 delete this; 418 } 419 420 421 // AttachListener functions 422 423 AttachOperation* AttachListener::dequeue() { 424 JavaThread* thread = JavaThread::current(); 425 ThreadBlockInVM tbivm(thread); 426 427 thread->set_suspend_equivalent(); 428 // cleared by handle_special_suspend_equivalent_condition() or 429 // java_suspend_self() via check_and_wait_while_suspended() 430 431 AttachOperation* op = LinuxAttachListener::dequeue(); 432 433 // were we externally suspended while we were waiting? 434 thread->check_and_wait_while_suspended(); 435 436 return op; 437 } 438 439 440 // Performs initialization at vm startup 441 // For Linux we remove any stale .java_pid file which could cause 442 // an attaching process to think we are ready to receive on the 443 // domain socket before we are properly initialized 444 445 void AttachListener::vm_start() { 446 char fn[UNIX_PATH_MAX]; 447 struct stat64 st; 448 int ret; 449 450 int n = snprintf(fn, UNIX_PATH_MAX, "%s/.java_pid%d", 451 os::get_temp_directory(), os::current_process_id()); 452 assert(n < (int)UNIX_PATH_MAX, "java_pid file name buffer overflow"); 453 454 RESTARTABLE(::stat64(fn, &st), ret); 455 if (ret == 0) { 456 ret = ::unlink(fn); 457 if (ret == -1) { 458 log_debug(attach)("Failed to remove stale attach pid file at %s", fn); 459 } 460 } 461 } 462 463 int AttachListener::pd_init() { 464 JavaThread* thread = JavaThread::current(); 465 ThreadBlockInVM tbivm(thread); 466 467 thread->set_suspend_equivalent(); 468 // cleared by handle_special_suspend_equivalent_condition() or 469 // java_suspend_self() via check_and_wait_while_suspended() 470 471 int ret_code = LinuxAttachListener::init(); 472 473 // were we externally suspended while we were waiting? 474 thread->check_and_wait_while_suspended(); 475 476 return ret_code; 477 } 478 479 // Attach Listener is started lazily except in the case when 480 // +ReduseSignalUsage is used 481 bool AttachListener::init_at_startup() { 482 if (ReduceSignalUsage) { 483 return true; 484 } else { 485 return false; 486 } 487 } 488 489 // If the file .attach_pid<pid> exists in the working directory 490 // or /tmp then this is the trigger to start the attach mechanism 491 bool AttachListener::is_init_trigger() { 492 if (init_at_startup() || is_initialized()) { 493 return false; // initialized at startup or already initialized 494 } 495 char fn[PATH_MAX+1]; 496 sprintf(fn, ".attach_pid%d", os::current_process_id()); 497 int ret; 498 struct stat64 st; 499 RESTARTABLE(::stat64(fn, &st), ret); 500 if (ret == -1) { 501 log_trace(attach)("Failed to find attach file: %s, trying alternate", fn); 502 snprintf(fn, sizeof(fn), "%s/.attach_pid%d", 503 os::get_temp_directory(), os::current_process_id()); 504 RESTARTABLE(::stat64(fn, &st), ret); 505 if (ret == -1) { 506 log_debug(attach)("Failed to find attach file: %s", fn); 507 } 508 } 509 if (ret == 0) { 510 // simple check to avoid starting the attach mechanism when 511 // a bogus user creates the file 512 if (st.st_uid == geteuid()) { 513 init(); 514 log_trace(attach)("Attach trigerred by %s", fn); 515 return true; 516 } else { 517 log_debug(attach)("File %s has wrong user id %d (vs %d). Attach is not trigerred", fn, st.st_uid, geteuid()); 518 } 519 } 520 return false; 521 } 522 523 // if VM aborts then remove listener 524 void AttachListener::abort() { 525 listener_cleanup(); 526 } 527 528 void AttachListener::pd_data_dump() { 529 os::signal_notify(SIGQUIT); 530 } 531 532 AttachOperationFunctionInfo* AttachListener::pd_find_operation(const char* n) { 533 return NULL; 534 } 535 536 jint AttachListener::pd_set_flag(AttachOperation* op, outputStream* out) { 537 out->print_cr("flag '%s' cannot be changed", op->arg(0)); 538 return JNI_ERR; 539 } 540 541 void AttachListener::pd_detachall() { 542 // do nothing for now 543 }