2012-03-02 17:59:36 +05:30
|
|
|
/*
|
2002-02-02 04:17:29 +05:30
|
|
|
* pgrep/pkill -- utilities to filter the process table
|
|
|
|
|
*
|
2023-02-07 15:39:48 +05:30
|
|
|
* Copyright © 2009-2023 Craig Small <csmall@dropbear.xyz>
|
|
|
|
|
* Copyright © 2013-2023 Jim Warner <james.warner@comcast.net>
|
|
|
|
|
* Copyright © 2011-2012 Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
* Copyright © 2012 Roberto Polli <rpolli@babel.it>
|
|
|
|
|
* Copyright © 2002-2007 Albert Cahalan
|
|
|
|
|
* Copyright © 2000 Kjetil Torgrim Homme <kjetilho@ifi.uio.no>
|
|
|
|
|
*
|
2002-02-02 04:17:29 +05:30
|
|
|
*
|
2012-03-02 17:59:36 +05:30
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-12-15 06:00:17 +05:30
|
|
|
*
|
2012-03-02 17:59:36 +05:30
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2002-02-02 04:17:29 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2002-10-23 13:23:16 +05:30
|
|
|
#include <limits.h>
|
2002-02-02 04:17:29 +05:30
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/types.h>
|
2006-06-21 11:15:16 +05:30
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <fcntl.h>
|
2002-02-02 04:17:29 +05:30
|
|
|
#include <signal.h>
|
|
|
|
|
#include <pwd.h>
|
|
|
|
|
#include <grp.h>
|
|
|
|
|
#include <regex.h>
|
|
|
|
|
#include <errno.h>
|
2011-09-27 01:33:43 +05:30
|
|
|
#include <getopt.h>
|
2020-04-25 08:45:06 +05:30
|
|
|
#include <stdbool.h>
|
2020-05-17 18:30:27 +05:30
|
|
|
#include <time.h>
|
2002-02-02 04:17:29 +05:30
|
|
|
|
2022-11-03 22:54:53 +05:30
|
|
|
#ifdef ENABLE_PIDWAIT
|
2020-02-24 08:32:59 +05:30
|
|
|
#include <sys/epoll.h>
|
2022-11-03 22:54:53 +05:30
|
|
|
#ifndef HAVE_PIDFD_OPEN
|
2020-02-24 08:32:59 +05:30
|
|
|
#include <sys/syscall.h>
|
2022-11-03 22:54:53 +05:30
|
|
|
#endif /* !HAVE_PIDFD_OPEN */
|
2020-02-24 08:32:59 +05:30
|
|
|
#endif
|
|
|
|
|
|
2012-02-12 00:32:16 +05:30
|
|
|
/* EXIT_SUCCESS is 0 */
|
|
|
|
|
/* EXIT_FAILURE is 1 */
|
2011-10-10 00:59:26 +05:30
|
|
|
#define EXIT_USAGE 2
|
|
|
|
|
#define EXIT_FATAL 3
|
|
|
|
|
#define XALLOC_EXIT_CODE EXIT_FATAL
|
|
|
|
|
|
2011-10-09 04:59:43 +05:30
|
|
|
#include "c.h"
|
2012-03-23 18:02:24 +05:30
|
|
|
#include "fileutils.h"
|
2011-10-09 04:59:43 +05:30
|
|
|
#include "nls.h"
|
2015-06-29 17:22:51 +05:30
|
|
|
#include "signals.h"
|
2011-10-10 00:59:26 +05:30
|
|
|
#include "xalloc.h"
|
2020-06-30 10:30:00 +05:30
|
|
|
|
2022-08-29 14:32:44 +05:30
|
|
|
#include "misc.h"
|
|
|
|
|
#include "pids.h"
|
2015-09-26 03:49:32 +05:30
|
|
|
|
|
|
|
|
enum pids_item Items[] = {
|
2016-07-21 10:30:00 +05:30
|
|
|
PIDS_ID_PID,
|
|
|
|
|
PIDS_ID_PPID,
|
|
|
|
|
PIDS_ID_PGRP,
|
|
|
|
|
PIDS_ID_EUID,
|
|
|
|
|
PIDS_ID_RUID,
|
|
|
|
|
PIDS_ID_RGID,
|
|
|
|
|
PIDS_ID_SESSION,
|
|
|
|
|
PIDS_ID_TGID,
|
2022-02-26 11:30:00 +05:30
|
|
|
PIDS_TICS_BEGAN,
|
2016-07-21 10:30:00 +05:30
|
|
|
PIDS_TTY_NAME,
|
|
|
|
|
PIDS_CMD,
|
2019-01-04 04:04:14 +05:30
|
|
|
PIDS_CMDLINE,
|
2020-05-17 18:30:27 +05:30
|
|
|
PIDS_STATE,
|
2021-10-26 15:26:19 +05:30
|
|
|
PIDS_TIME_ELAPSED,
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
PIDS_CGROUP_V,
|
|
|
|
|
PIDS_SIGCATCH
|
2015-09-26 03:49:32 +05:30
|
|
|
};
|
|
|
|
|
enum rel_items {
|
2015-10-04 21:30:00 +05:30
|
|
|
EU_PID, EU_PPID, EU_PGRP, EU_EUID, EU_RUID, EU_RGID, EU_SESSION,
|
2021-10-26 15:26:19 +05:30
|
|
|
EU_TGID, EU_STARTTIME, EU_TTYNAME, EU_CMD, EU_CMDLINE, EU_STA, EU_ELAPSED,
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
EU_CGROUP, EU_SIGCATCH
|
2015-09-26 03:49:32 +05:30
|
|
|
};
|
1970-01-01 05:30:00 +05:30
|
|
|
#define grow_size(x) do { \
|
|
|
|
|
if ((x) < 0 || (size_t)(x) >= INT_MAX / 5 / sizeof(struct el)) \
|
|
|
|
|
xerrx(EXIT_FAILURE, _("integer overflow")); \
|
|
|
|
|
(x) = (x) * 5 / 4 + 4; \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
2020-02-24 08:32:59 +05:30
|
|
|
static enum {
|
|
|
|
|
PGREP = 0,
|
|
|
|
|
PKILL,
|
2021-02-15 15:40:06 +05:30
|
|
|
#ifdef ENABLE_PIDWAIT
|
|
|
|
|
PIDWAIT,
|
2020-02-24 08:32:59 +05:30
|
|
|
#endif
|
|
|
|
|
} prog_mode;
|
2002-02-02 04:17:29 +05:30
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
struct el {
|
2015-06-29 17:22:51 +05:30
|
|
|
long num;
|
|
|
|
|
char * str;
|
2002-02-02 04:17:29 +05:30
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* User supplied arguments */
|
|
|
|
|
|
|
|
|
|
static int opt_full = 0;
|
|
|
|
|
static int opt_long = 0;
|
2012-08-18 05:50:27 +05:30
|
|
|
static int opt_longlong = 0;
|
2002-10-23 13:23:16 +05:30
|
|
|
static int opt_oldest = 0;
|
2020-05-17 18:30:27 +05:30
|
|
|
static int opt_older = 0;
|
2002-02-02 04:17:29 +05:30
|
|
|
static int opt_newest = 0;
|
|
|
|
|
static int opt_negate = 0;
|
|
|
|
|
static int opt_exact = 0;
|
2009-11-24 15:30:45 +05:30
|
|
|
static int opt_count = 0;
|
2002-02-02 04:17:29 +05:30
|
|
|
static int opt_signal = SIGTERM;
|
2006-06-25 01:42:29 +05:30
|
|
|
static int opt_lock = 0;
|
2006-06-19 02:25:02 +05:30
|
|
|
static int opt_case = 0;
|
2012-01-21 17:54:02 +05:30
|
|
|
static int opt_echo = 0;
|
2013-03-18 16:28:47 +05:30
|
|
|
static int opt_threads = 0;
|
2013-04-13 00:10:27 +05:30
|
|
|
static pid_t opt_ns_pid = 0;
|
2020-04-25 08:45:06 +05:30
|
|
|
static bool use_sigqueue = false;
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
static bool require_handler = false;
|
2020-04-25 08:45:06 +05:30
|
|
|
static union sigval sigval = {0};
|
2002-02-02 04:17:29 +05:30
|
|
|
|
2002-10-12 09:55:57 +05:30
|
|
|
static const char *opt_delim = "\n";
|
2012-01-21 17:54:02 +05:30
|
|
|
static struct el *opt_pgrp = NULL;
|
|
|
|
|
static struct el *opt_rgid = NULL;
|
|
|
|
|
static struct el *opt_pid = NULL;
|
|
|
|
|
static struct el *opt_ppid = NULL;
|
2022-08-10 18:37:38 +05:30
|
|
|
static struct el *opt_ignore_ancestors = NULL;
|
2012-01-21 17:54:02 +05:30
|
|
|
static struct el *opt_sid = NULL;
|
|
|
|
|
static struct el *opt_term = NULL;
|
|
|
|
|
static struct el *opt_euid = NULL;
|
|
|
|
|
static struct el *opt_ruid = NULL;
|
2013-04-13 00:10:27 +05:30
|
|
|
static struct el *opt_nslist = NULL;
|
2021-10-26 15:26:19 +05:30
|
|
|
static struct el *opt_cgroup = NULL;
|
2002-02-02 04:17:29 +05:30
|
|
|
static char *opt_pattern = NULL;
|
2006-06-21 11:15:16 +05:30
|
|
|
static char *opt_pidfile = NULL;
|
2019-01-04 04:04:14 +05:30
|
|
|
static char *opt_runstates = NULL;
|
2002-02-02 04:17:29 +05:30
|
|
|
|
2013-04-13 00:10:27 +05:30
|
|
|
/* by default, all namespaces will be checked */
|
|
|
|
|
static int ns_flags = 0x3f;
|
|
|
|
|
|
2011-09-27 01:33:43 +05:30
|
|
|
static int __attribute__ ((__noreturn__)) usage(int opt)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
int err = (opt == '?');
|
|
|
|
|
FILE *fp = err ? stderr : stdout;
|
|
|
|
|
|
|
|
|
|
fputs(USAGE_HEADER, fp);
|
|
|
|
|
fprintf(fp, _(" %s [options] <pattern>\n"), program_invocation_short_name);
|
|
|
|
|
fputs(USAGE_OPTIONS, fp);
|
2020-02-24 08:32:59 +05:30
|
|
|
switch (prog_mode) {
|
|
|
|
|
case PGREP:
|
2015-06-29 17:22:51 +05:30
|
|
|
fputs(_(" -d, --delimiter <string> specify output delimiter\n"),fp);
|
|
|
|
|
fputs(_(" -l, --list-name list PID and process name\n"),fp);
|
|
|
|
|
fputs(_(" -a, --list-full list PID and full command line\n"),fp);
|
|
|
|
|
fputs(_(" -v, --inverse negates the matching\n"),fp);
|
|
|
|
|
fputs(_(" -w, --lightweight list all TID\n"), fp);
|
2020-02-24 08:32:59 +05:30
|
|
|
break;
|
|
|
|
|
case PKILL:
|
2023-03-01 12:05:14 +05:30
|
|
|
fputs(_(" -<sig> signal to send (either number or name)\n"), fp);
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
fputs(_(" -H, --require-handler match only if signal handler is present\n"), fp);
|
2020-04-25 08:45:06 +05:30
|
|
|
fputs(_(" -q, --queue <value> integer value to be sent with the signal\n"), fp);
|
2015-06-29 17:22:51 +05:30
|
|
|
fputs(_(" -e, --echo display what is killed\n"), fp);
|
2022-11-01 06:16:18 +05:30
|
|
|
break;
|
2021-02-15 15:40:06 +05:30
|
|
|
#ifdef ENABLE_PIDWAIT
|
|
|
|
|
case PIDWAIT:
|
2020-02-24 08:32:59 +05:30
|
|
|
fputs(_(" -e, --echo display PIDs before waiting\n"), fp);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
fputs(_(" -c, --count count of matching processes\n"), fp);
|
|
|
|
|
fputs(_(" -f, --full use full process name to match\n"), fp);
|
|
|
|
|
fputs(_(" -g, --pgroup <PGID,...> match listed process group IDs\n"), fp);
|
|
|
|
|
fputs(_(" -G, --group <GID,...> match real group IDs\n"), fp);
|
|
|
|
|
fputs(_(" -i, --ignore-case match case insensitively\n"), fp);
|
|
|
|
|
fputs(_(" -n, --newest select most recently started\n"), fp);
|
|
|
|
|
fputs(_(" -o, --oldest select least recently started\n"), fp);
|
2020-05-17 18:30:27 +05:30
|
|
|
fputs(_(" -O, --older <seconds> select where older than seconds\n"), fp);
|
2015-06-29 17:22:51 +05:30
|
|
|
fputs(_(" -P, --parent <PPID,...> match only child processes of the given parent\n"), fp);
|
|
|
|
|
fputs(_(" -s, --session <SID,...> match session IDs\n"), fp);
|
2023-03-01 12:05:14 +05:30
|
|
|
fputs(_(" --signal <sig> signal to send (either number or name)\n"), fp);
|
2015-06-29 17:22:51 +05:30
|
|
|
fputs(_(" -t, --terminal <tty,...> match by controlling terminal\n"), fp);
|
|
|
|
|
fputs(_(" -u, --euid <ID,...> match by effective IDs\n"), fp);
|
|
|
|
|
fputs(_(" -U, --uid <ID,...> match by real IDs\n"), fp);
|
|
|
|
|
fputs(_(" -x, --exact match exactly with the command name\n"), fp);
|
|
|
|
|
fputs(_(" -F, --pidfile <file> read PIDs from file\n"), fp);
|
|
|
|
|
fputs(_(" -L, --logpidfile fail if PID file is not locked\n"), fp);
|
2020-04-25 08:45:06 +05:30
|
|
|
fputs(_(" -r, --runstates <state> match runstates [D,S,Z,...]\n"), fp);
|
2022-08-10 18:37:38 +05:30
|
|
|
fputs(_(" -A, --ignore-ancestors exclude our ancestors from results\n"), fp);
|
2021-10-26 15:26:19 +05:30
|
|
|
fputs(_(" --cgroup <grp,...> match by cgroup v2 names\n"), fp);
|
2015-06-29 17:22:51 +05:30
|
|
|
fputs(_(" --ns <PID> match the processes that belong to the same\n"
|
2018-04-11 10:30:00 +05:30
|
|
|
" namespace as <pid>\n"), fp);
|
2015-06-29 17:22:51 +05:30
|
|
|
fputs(_(" --nslist <ns,...> list which namespaces will be considered for\n"
|
|
|
|
|
" the --ns option.\n"
|
|
|
|
|
" Available namespaces: ipc, mnt, net, pid, user, uts\n"), fp);
|
|
|
|
|
fputs(USAGE_SEPARATOR, fp);
|
|
|
|
|
fputs(USAGE_HELP, fp);
|
|
|
|
|
fputs(USAGE_VERSION, fp);
|
|
|
|
|
fprintf(fp, USAGE_MAN_TAIL("pgrep(1)"));
|
|
|
|
|
|
|
|
|
|
exit(fp == stderr ? EXIT_USAGE : EXIT_SUCCESS);
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2022-08-10 18:37:38 +05:30
|
|
|
static struct el *get_our_ancestors(void)
|
|
|
|
|
{
|
|
|
|
|
#define PIDS_GETINT(e) PIDS_VAL(EU_##e, s_int, stack, info)
|
|
|
|
|
struct el *list = NULL;
|
|
|
|
|
int i = 0;
|
|
|
|
|
int size = 0;
|
|
|
|
|
int done = 0;
|
|
|
|
|
pid_t search_pid = getpid();
|
|
|
|
|
struct pids_stack *stack;
|
|
|
|
|
|
|
|
|
|
while (!done) {
|
2022-08-31 14:29:47 +05:30
|
|
|
struct pids_info *info = NULL;
|
|
|
|
|
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
if (procps_pids_new(&info, Items, 16) < 0)
|
2022-08-31 14:29:47 +05:30
|
|
|
xerrx(EXIT_FATAL, _("Unable to create pid info structure"));
|
2022-08-10 18:37:38 +05:30
|
|
|
|
|
|
|
|
if (i == size) {
|
|
|
|
|
grow_size(size);
|
|
|
|
|
list = xrealloc(list, (1 + size) * sizeof(*list));
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-31 14:29:47 +05:30
|
|
|
done = 1;
|
2022-08-10 18:37:38 +05:30
|
|
|
while ((stack = procps_pids_get(info, PIDS_FETCH_TASKS_ONLY))) {
|
|
|
|
|
if (PIDS_GETINT(PID) == search_pid) {
|
|
|
|
|
list[++i].num = PIDS_GETINT(PPID);
|
|
|
|
|
search_pid = list[i].num;
|
2022-08-31 14:29:47 +05:30
|
|
|
done = 0;
|
2022-08-10 18:37:38 +05:30
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-31 14:29:47 +05:30
|
|
|
|
|
|
|
|
procps_pids_unref(&info);
|
2022-08-10 18:37:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (i == 0) {
|
|
|
|
|
free(list);
|
|
|
|
|
list = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
list[0].num = i;
|
|
|
|
|
}
|
|
|
|
|
return list;
|
|
|
|
|
#undef PIDS_GETINT
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static struct el *split_list (const char *restrict str, int (*convert)(const char *, struct el *))
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
char *copy;
|
|
|
|
|
char *ptr;
|
|
|
|
|
char *sep_pos;
|
|
|
|
|
int i = 0;
|
|
|
|
|
int size = 0;
|
|
|
|
|
struct el *list = NULL;
|
|
|
|
|
|
|
|
|
|
if (str[0] == '\0')
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
copy = xstrdup (str);
|
|
|
|
|
ptr = copy;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
if (i == size) {
|
1970-01-01 05:30:00 +05:30
|
|
|
grow_size(size);
|
2015-06-29 17:22:51 +05:30
|
|
|
/* add 1 because slot zero is a count */
|
|
|
|
|
list = xrealloc (list, (1 + size) * sizeof *list);
|
|
|
|
|
}
|
|
|
|
|
sep_pos = strchr (ptr, ',');
|
|
|
|
|
if (sep_pos)
|
|
|
|
|
*sep_pos = 0;
|
|
|
|
|
/* Use ++i instead of i++ because slot zero is a count */
|
|
|
|
|
if (list && !convert (ptr, &list[++i]))
|
|
|
|
|
exit (EXIT_USAGE);
|
|
|
|
|
if (sep_pos)
|
|
|
|
|
ptr = sep_pos + 1;
|
|
|
|
|
} while (sep_pos);
|
|
|
|
|
|
|
|
|
|
free (copy);
|
|
|
|
|
if (!i) {
|
|
|
|
|
free (list);
|
|
|
|
|
list = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
list[0].num = i;
|
|
|
|
|
}
|
|
|
|
|
return list;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2012-02-12 00:32:16 +05:30
|
|
|
/* strict_atol returns a Boolean: TRUE if the input string
|
|
|
|
|
* contains a plain number, FALSE if there are any non-digits. */
|
2006-06-21 09:48:02 +05:30
|
|
|
static int strict_atol (const char *restrict str, long *restrict value)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
1970-01-01 05:30:00 +05:30
|
|
|
long res = 0;
|
|
|
|
|
long sign = 1;
|
2015-06-29 17:22:51 +05:30
|
|
|
|
|
|
|
|
if (*str == '+')
|
|
|
|
|
++str;
|
|
|
|
|
else if (*str == '-') {
|
|
|
|
|
++str;
|
|
|
|
|
sign = -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for ( ; *str; ++str) {
|
|
|
|
|
if (! isdigit (*str))
|
2021-10-26 05:08:10 +05:30
|
|
|
return 0;
|
|
|
|
|
if (res >= LONG_MAX / 10)
|
|
|
|
|
return 0;
|
2015-06-29 17:22:51 +05:30
|
|
|
res *= 10;
|
2021-10-26 05:08:10 +05:30
|
|
|
if (res >= LONG_MAX - (*str - '0'))
|
|
|
|
|
return 0;
|
2015-06-29 17:22:51 +05:30
|
|
|
res += *str - '0';
|
|
|
|
|
}
|
|
|
|
|
*value = sign * res;
|
|
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2006-06-21 11:15:16 +05:30
|
|
|
#include <sys/file.h>
|
|
|
|
|
|
2012-02-12 00:32:16 +05:30
|
|
|
/* We try a read lock. The daemon should have a write lock.
|
|
|
|
|
* Seen using flock: FreeBSD code */
|
2006-06-23 08:48:12 +05:30
|
|
|
static int has_flock(int fd)
|
|
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
return flock(fd, LOCK_SH|LOCK_NB)==-1 && errno==EWOULDBLOCK;
|
2006-06-23 08:48:12 +05:30
|
|
|
}
|
|
|
|
|
|
2012-02-12 00:32:16 +05:30
|
|
|
/* We try a read lock. The daemon should have a write lock.
|
|
|
|
|
* Seen using fcntl: libslack */
|
2006-06-23 08:48:12 +05:30
|
|
|
static int has_fcntl(int fd)
|
|
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
struct flock f; /* seriously, struct flock is for a fnctl lock! */
|
|
|
|
|
f.l_type = F_RDLCK;
|
|
|
|
|
f.l_whence = SEEK_SET;
|
|
|
|
|
f.l_start = 0;
|
|
|
|
|
f.l_len = 0;
|
|
|
|
|
return fcntl(fd,F_SETLK,&f)==-1 && (errno==EACCES || errno==EAGAIN);
|
2006-06-23 08:48:12 +05:30
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static struct el *read_pidfile(void)
|
2006-06-21 11:15:16 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
char buf[12];
|
|
|
|
|
int fd;
|
|
|
|
|
struct stat sbuf;
|
|
|
|
|
char *endp;
|
|
|
|
|
int n, pid;
|
|
|
|
|
struct el *list = NULL;
|
|
|
|
|
|
|
|
|
|
fd = open(opt_pidfile, O_RDONLY|O_NOCTTY|O_NONBLOCK);
|
|
|
|
|
if(fd<0)
|
|
|
|
|
goto just_ret;
|
|
|
|
|
if(fstat(fd,&sbuf) || !S_ISREG(sbuf.st_mode) || sbuf.st_size<1)
|
|
|
|
|
goto out;
|
|
|
|
|
/* type of lock, if any, is not standardized on Linux */
|
|
|
|
|
if(opt_lock && !has_flock(fd) && !has_fcntl(fd))
|
|
|
|
|
goto out;
|
|
|
|
|
memset(buf,'\0',sizeof buf);
|
1970-01-01 05:30:00 +05:30
|
|
|
n = read(fd,buf,sizeof buf-1);
|
2015-06-29 17:22:51 +05:30
|
|
|
if (n<1)
|
|
|
|
|
goto out;
|
1970-01-01 05:30:00 +05:30
|
|
|
pid = strtoul(buf,&endp,10);
|
|
|
|
|
if(endp<=buf || pid<1 )
|
2015-06-29 17:22:51 +05:30
|
|
|
goto out;
|
|
|
|
|
if(*endp && !isspace(*endp))
|
|
|
|
|
goto out;
|
|
|
|
|
list = xmalloc(2 * sizeof *list);
|
|
|
|
|
list[0].num = 1;
|
|
|
|
|
list[1].num = pid;
|
2006-06-21 11:15:16 +05:30
|
|
|
out:
|
2015-06-29 17:22:51 +05:30
|
|
|
close(fd);
|
2011-10-07 02:28:26 +05:30
|
|
|
just_ret:
|
2015-06-29 17:22:51 +05:30
|
|
|
return list;
|
2006-06-21 11:15:16 +05:30
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int conv_uid (const char *restrict name, struct el *restrict e)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
struct passwd *pwd;
|
|
|
|
|
|
|
|
|
|
if (strict_atol (name, &e->num))
|
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
|
|
pwd = getpwnam (name);
|
|
|
|
|
if (pwd == NULL) {
|
|
|
|
|
xwarnx(_("invalid user name: %s"), name);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2021-10-26 05:08:10 +05:30
|
|
|
e->num = pwd->pw_uid;
|
2015-06-29 17:22:51 +05:30
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int conv_gid (const char *restrict name, struct el *restrict e)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
struct group *grp;
|
|
|
|
|
|
|
|
|
|
if (strict_atol (name, &e->num))
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
grp = getgrnam (name);
|
|
|
|
|
if (grp == NULL) {
|
|
|
|
|
xwarnx(_("invalid group name: %s"), name);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2021-10-26 05:08:10 +05:30
|
|
|
e->num = grp->gr_gid;
|
2015-06-29 17:22:51 +05:30
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int conv_pgrp (const char *restrict name, struct el *restrict e)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
if (! strict_atol (name, &e->num)) {
|
|
|
|
|
xwarnx(_("invalid process group: %s"), name);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (e->num == 0)
|
|
|
|
|
e->num = getpgrp ();
|
|
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int conv_sid (const char *restrict name, struct el *restrict e)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
if (! strict_atol (name, &e->num)) {
|
|
|
|
|
xwarnx(_("invalid session id: %s"), name);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (e->num == 0)
|
|
|
|
|
e->num = getsid (0);
|
|
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int conv_num (const char *restrict name, struct el *restrict e)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
if (! strict_atol (name, &e->num)) {
|
|
|
|
|
xwarnx(_("not a number: %s"), name);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int conv_str (const char *restrict name, struct el *restrict e)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
e->str = xstrdup (name);
|
|
|
|
|
return 1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-04-13 00:10:27 +05:30
|
|
|
static int conv_ns (const char *restrict name, struct el *restrict e)
|
|
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
int rc = conv_str(name, e);
|
|
|
|
|
int id;
|
2013-04-13 00:10:27 +05:30
|
|
|
|
2015-06-29 17:22:51 +05:30
|
|
|
ns_flags = 0;
|
2015-09-03 18:02:19 +05:30
|
|
|
id = procps_ns_get_id(name);
|
2016-04-27 18:20:25 +05:30
|
|
|
if (id < 0)
|
2015-06-29 17:22:51 +05:30
|
|
|
return 0;
|
|
|
|
|
ns_flags |= (1 << id);
|
2013-04-13 00:10:27 +05:30
|
|
|
|
2015-06-29 17:22:51 +05:30
|
|
|
return rc;
|
2013-04-13 00:10:27 +05:30
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int match_numlist (long value, const struct el *restrict list)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
int found = 0;
|
1970-01-01 05:30:00 +05:30
|
|
|
if (list != NULL) {
|
2015-06-29 17:22:51 +05:30
|
|
|
int i;
|
|
|
|
|
for (i = list[0].num; i > 0; i--) {
|
1970-01-01 05:30:00 +05:30
|
|
|
if (list[i].num == value) {
|
2015-06-29 17:22:51 +05:30
|
|
|
found = 1;
|
1970-01-01 05:30:00 +05:30
|
|
|
break;
|
|
|
|
|
}
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return found;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
static unsigned long long unhex (const char *restrict in)
|
|
|
|
|
{
|
|
|
|
|
unsigned long long ret;
|
|
|
|
|
char *rem;
|
|
|
|
|
errno = 0;
|
|
|
|
|
ret = strtoull(in, &rem, 16);
|
|
|
|
|
if (errno || *rem != '\0') {
|
|
|
|
|
xwarnx(_("not a hex string: %s"), in);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int match_signal_handler (const char *restrict sigcgt, const int signal)
|
|
|
|
|
{
|
|
|
|
|
return sigcgt && (((1UL << (signal - 1)) & unhex(sigcgt)) != 0);
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static int match_strlist (const char *restrict value, const struct el *restrict list)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
int found = 0;
|
1970-01-01 05:30:00 +05:30
|
|
|
if (list != NULL) {
|
2015-06-29 17:22:51 +05:30
|
|
|
int i;
|
|
|
|
|
for (i = list[0].num; i > 0; i--) {
|
1970-01-01 05:30:00 +05:30
|
|
|
if (! strcmp (list[i].str, value)) {
|
2015-06-29 17:22:51 +05:30
|
|
|
found = 1;
|
1970-01-01 05:30:00 +05:30
|
|
|
break;
|
|
|
|
|
}
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return found;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2015-09-26 03:49:32 +05:30
|
|
|
static int match_ns (const int pid,
|
2021-01-19 11:30:00 +05:30
|
|
|
const struct procps_ns *match_ns)
|
2013-04-13 00:10:27 +05:30
|
|
|
{
|
2021-01-19 11:30:00 +05:30
|
|
|
struct procps_ns proc_ns;
|
2015-06-29 17:22:51 +05:30
|
|
|
int found = 1;
|
|
|
|
|
int i;
|
2013-04-13 00:10:27 +05:30
|
|
|
|
2015-09-26 03:49:32 +05:30
|
|
|
if (procps_ns_read_pid(pid, &proc_ns) < 0)
|
|
|
|
|
xerrx(EXIT_FATAL,
|
|
|
|
|
_("Unable to read process namespace information"));
|
|
|
|
|
for (i = 0; i < PROCPS_NS_COUNT; i++) {
|
2015-06-29 17:22:51 +05:30
|
|
|
if (ns_flags & (1 << i)) {
|
1970-01-01 05:30:00 +05:30
|
|
|
if (proc_ns.ns[i] != match_ns->ns[i]) {
|
2015-06-29 17:22:51 +05:30
|
|
|
found = 0;
|
1970-01-01 05:30:00 +05:30
|
|
|
break;
|
|
|
|
|
}
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return found;
|
2013-04-13 00:10:27 +05:30
|
|
|
}
|
|
|
|
|
|
2021-10-26 15:26:19 +05:30
|
|
|
static int cgroup_cmp(const char *restrict cgroup,
|
|
|
|
|
const char *restrict path)
|
|
|
|
|
{
|
|
|
|
|
if (cgroup == NULL || path == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
// Cgroup v2 have 0::
|
|
|
|
|
if (strncmp("0::", cgroup, 3) == 0) {
|
|
|
|
|
return strcmp(cgroup+3, path);
|
|
|
|
|
} //might try for cgroup v1 later
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int match_cgroup_list(char **values,
|
|
|
|
|
const struct el *restrict list)
|
|
|
|
|
{
|
|
|
|
|
if (list != NULL && values != NULL) {
|
|
|
|
|
int i, j;
|
|
|
|
|
for (i = list[0].num; i > 0; i--) {
|
|
|
|
|
for (j=0; values[j] && values[j][0]; j++) {
|
|
|
|
|
if (! cgroup_cmp (values[j], list[i].str)) {
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static void output_numlist (const struct el *restrict list, int num)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
int i;
|
|
|
|
|
const char *delim = opt_delim;
|
|
|
|
|
for (i = 0; i < num; i++) {
|
|
|
|
|
if(i+1==num)
|
|
|
|
|
delim = "\n";
|
|
|
|
|
printf ("%ld%s", list[i].num, delim);
|
|
|
|
|
}
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static void output_strlist (const struct el *restrict list, int num)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2012-02-12 00:32:16 +05:30
|
|
|
/* FIXME: escape codes */
|
2015-06-29 17:22:51 +05:30
|
|
|
int i;
|
|
|
|
|
const char *delim = opt_delim;
|
|
|
|
|
for (i = 0; i < num; i++) {
|
|
|
|
|
if(i+1==num)
|
|
|
|
|
delim = "\n";
|
|
|
|
|
printf ("%lu %s%s", list[i].num, list[i].str, delim);
|
|
|
|
|
}
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2006-06-21 09:48:02 +05:30
|
|
|
static regex_t * do_regcomp (void)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
regex_t *preg = NULL;
|
|
|
|
|
|
|
|
|
|
if (opt_pattern) {
|
|
|
|
|
char *re;
|
|
|
|
|
char errbuf[256];
|
|
|
|
|
int re_err;
|
|
|
|
|
|
|
|
|
|
preg = xmalloc (sizeof (regex_t));
|
|
|
|
|
if (opt_exact) {
|
|
|
|
|
re = xmalloc (strlen (opt_pattern) + 5);
|
|
|
|
|
sprintf (re, "^(%s)$", opt_pattern);
|
|
|
|
|
} else {
|
|
|
|
|
re = opt_pattern;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
re_err = regcomp (preg, re, REG_EXTENDED | REG_NOSUB | opt_case);
|
|
|
|
|
|
|
|
|
|
if (opt_exact) free(re);
|
|
|
|
|
|
|
|
|
|
if (re_err) {
|
|
|
|
|
regerror (re_err, preg, errbuf, sizeof(errbuf));
|
2021-11-02 11:49:37 +05:30
|
|
|
xerrx(EXIT_USAGE, _("regex error: %s"), errbuf);
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return preg;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2020-01-05 09:49:41 +05:30
|
|
|
/*
|
|
|
|
|
* SC_ARG_MAX used to return the maximum size a command line can be
|
|
|
|
|
* however changes to the kernel mean this can be bigger than we can
|
|
|
|
|
* alloc. Clamp it to 128kB like xargs and friends do
|
|
|
|
|
* Should also not be smaller than POSIX_ARG_MAX which is 4096
|
|
|
|
|
*/
|
|
|
|
|
static size_t get_arg_max(void)
|
|
|
|
|
{
|
|
|
|
|
#define MIN_ARG_SIZE 4096u
|
|
|
|
|
#define MAX_ARG_SIZE (128u * 1024u)
|
|
|
|
|
|
|
|
|
|
size_t val = sysconf(_SC_ARG_MAX);
|
|
|
|
|
|
|
|
|
|
if (val < MIN_ARG_SIZE)
|
|
|
|
|
val = MIN_ARG_SIZE;
|
|
|
|
|
if (val > MAX_ARG_SIZE)
|
|
|
|
|
val = MAX_ARG_SIZE;
|
|
|
|
|
|
|
|
|
|
return val;
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-21 17:54:02 +05:30
|
|
|
static struct el * select_procs (int *num)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2016-08-05 10:30:00 +05:30
|
|
|
#define PIDS_GETINT(e) PIDS_VAL(EU_ ## e, s_int, stack, info)
|
2016-08-08 20:40:10 +05:30
|
|
|
#define PIDS_GETUNT(e) PIDS_VAL(EU_ ## e, u_int, stack, info)
|
2016-08-05 10:30:00 +05:30
|
|
|
#define PIDS_GETULL(e) PIDS_VAL(EU_ ## e, ull_int, stack, info)
|
|
|
|
|
#define PIDS_GETSTR(e) PIDS_VAL(EU_ ## e, str, stack, info)
|
2019-01-04 04:04:14 +05:30
|
|
|
#define PIDS_GETSCH(e) PIDS_VAL(EU_ ## e, s_ch, stack, info)
|
2021-10-26 15:26:19 +05:30
|
|
|
#define PIDS_GETSTV(e) PIDS_VAL(EU_ ## e, strv, stack, info)
|
2022-02-26 11:30:00 +05:30
|
|
|
#define PIDS_GETFLT(e) PIDS_VAL(EU_ ## e, real, stack, info)
|
2016-07-21 10:30:00 +05:30
|
|
|
struct pids_info *info=NULL;
|
2021-01-19 11:30:00 +05:30
|
|
|
struct procps_ns nsp;
|
2015-09-26 03:49:32 +05:30
|
|
|
struct pids_stack *stack;
|
2015-06-29 17:22:51 +05:30
|
|
|
unsigned long long saved_start_time; /* for new/old support */
|
2015-10-04 21:30:00 +05:30
|
|
|
int saved_pid = 0; /* for new/old support */
|
2015-06-29 17:22:51 +05:30
|
|
|
int matches = 0;
|
|
|
|
|
int size = 0;
|
|
|
|
|
regex_t *preg;
|
|
|
|
|
pid_t myself = getpid();
|
|
|
|
|
struct el *list = NULL;
|
2020-01-05 09:49:41 +05:30
|
|
|
long cmdlen = get_arg_max() * sizeof(char);
|
2019-09-21 12:28:30 +05:30
|
|
|
char *cmdline = xmalloc(cmdlen);
|
|
|
|
|
char *cmdsearch = xmalloc(cmdlen);
|
|
|
|
|
char *cmdoutput = xmalloc(cmdlen);
|
2015-09-26 03:49:32 +05:30
|
|
|
char *task_cmdline;
|
2016-05-14 10:30:00 +05:30
|
|
|
enum pids_fetch_type which;
|
2015-06-29 17:22:51 +05:30
|
|
|
|
|
|
|
|
preg = do_regcomp();
|
|
|
|
|
|
|
|
|
|
if (opt_newest) saved_start_time = 0ULL;
|
|
|
|
|
else saved_start_time = ~0ULL;
|
|
|
|
|
|
|
|
|
|
if (opt_newest) saved_pid = 0;
|
|
|
|
|
if (opt_oldest) saved_pid = INT_MAX;
|
2015-09-26 03:49:32 +05:30
|
|
|
if (opt_ns_pid && procps_ns_read_pid(opt_ns_pid, &nsp) < 0) {
|
|
|
|
|
xerrx(EXIT_FATAL,
|
|
|
|
|
_("Error reading reference namespace information\n"));
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
if (procps_pids_new(&info, Items, 16) < 0)
|
2015-09-26 03:49:32 +05:30
|
|
|
xerrx(EXIT_FATAL,
|
|
|
|
|
_("Unable to create pid info structure"));
|
2016-07-21 10:30:00 +05:30
|
|
|
which = PIDS_FETCH_TASKS_ONLY;
|
2021-02-16 01:18:51 +05:30
|
|
|
// pkill and pidwait don't support -w, but this is checked in getopt
|
2020-12-22 08:55:56 +05:30
|
|
|
if (opt_threads)
|
2016-07-21 10:30:00 +05:30
|
|
|
which = PIDS_FETCH_THREADS_TOO;
|
2015-09-26 03:49:32 +05:30
|
|
|
|
2016-05-14 10:30:00 +05:30
|
|
|
while ((stack = procps_pids_get(info, which))) {
|
2015-06-29 17:22:51 +05:30
|
|
|
int match = 1;
|
|
|
|
|
|
2015-10-04 21:30:00 +05:30
|
|
|
if (PIDS_GETINT(PID) == myself)
|
2015-06-29 17:22:51 +05:30
|
|
|
continue;
|
2022-08-10 18:37:38 +05:30
|
|
|
else if (opt_ignore_ancestors && match_numlist(PIDS_GETINT(PID), opt_ignore_ancestors))
|
|
|
|
|
continue;
|
2015-09-26 03:49:32 +05:30
|
|
|
else if (opt_newest && PIDS_GETULL(STARTTIME) < saved_start_time)
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2015-09-26 03:49:32 +05:30
|
|
|
else if (opt_oldest && PIDS_GETULL(STARTTIME) > saved_start_time)
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2015-09-26 03:49:32 +05:30
|
|
|
else if (opt_ppid && ! match_numlist(PIDS_GETINT(PPID), opt_ppid))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2015-09-26 03:49:32 +05:30
|
|
|
else if (opt_pid && ! match_numlist (PIDS_GETINT(TGID), opt_pid))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2015-09-26 03:49:32 +05:30
|
|
|
else if (opt_pgrp && ! match_numlist (PIDS_GETINT(PGRP), opt_pgrp))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2016-08-08 20:40:10 +05:30
|
|
|
else if (opt_euid && ! match_numlist (PIDS_GETUNT(EUID), opt_euid))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2016-08-08 20:40:10 +05:30
|
|
|
else if (opt_ruid && ! match_numlist (PIDS_GETUNT(RUID), opt_ruid))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2016-08-08 20:40:10 +05:30
|
|
|
else if (opt_rgid && ! match_numlist (PIDS_GETUNT(RGID), opt_rgid))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2015-09-26 03:49:32 +05:30
|
|
|
else if (opt_sid && ! match_numlist (PIDS_GETINT(SESSION), opt_sid))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2015-10-04 21:30:00 +05:30
|
|
|
else if (opt_ns_pid && ! match_ns (PIDS_GETINT(PID), &nsp))
|
2015-06-29 17:22:51 +05:30
|
|
|
match = 0;
|
2022-02-26 11:30:00 +05:30
|
|
|
else if (opt_older && (int)PIDS_GETFLT(ELAPSED) < opt_older)
|
2020-05-17 18:30:27 +05:30
|
|
|
match = 0;
|
2023-01-25 15:04:21 +05:30
|
|
|
else if (opt_term && ! match_strlist(PIDS_GETSTR(TTYNAME), opt_term))
|
|
|
|
|
match = 0;
|
2020-05-17 18:30:27 +05:30
|
|
|
else if (opt_runstates && ! strchr(opt_runstates, PIDS_GETSCH(STA)))
|
2019-01-04 04:04:14 +05:30
|
|
|
match = 0;
|
2021-10-26 15:26:19 +05:30
|
|
|
else if (opt_cgroup && ! match_cgroup_list (PIDS_GETSTV(CGROUP), opt_cgroup))
|
|
|
|
|
match = 0;
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
else if (require_handler && ! match_signal_handler (PIDS_GETSTR(SIGCATCH), opt_signal))
|
|
|
|
|
match = 0;
|
2015-06-29 17:22:51 +05:30
|
|
|
|
2015-09-26 10:04:51 +05:30
|
|
|
task_cmdline = PIDS_GETSTR(CMDLINE);
|
2015-10-04 21:30:00 +05:30
|
|
|
|
2015-06-29 17:22:51 +05:30
|
|
|
if (opt_long || opt_longlong || (match && opt_pattern)) {
|
2015-10-04 21:30:00 +05:30
|
|
|
if (opt_longlong)
|
2019-09-21 12:28:30 +05:30
|
|
|
strncpy (cmdoutput, task_cmdline, cmdlen -1);
|
2015-06-29 17:22:51 +05:30
|
|
|
else
|
2019-09-21 12:28:30 +05:30
|
|
|
strncpy (cmdoutput, PIDS_GETSTR(CMD), cmdlen -1);
|
|
|
|
|
cmdoutput[cmdlen - 1] = '\0';
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (match && opt_pattern) {
|
2015-10-04 21:30:00 +05:30
|
|
|
if (opt_full)
|
2019-09-21 12:28:30 +05:30
|
|
|
strncpy (cmdsearch, task_cmdline, cmdlen -1);
|
2015-06-29 17:22:51 +05:30
|
|
|
else
|
2019-09-21 12:28:30 +05:30
|
|
|
strncpy (cmdsearch, PIDS_GETSTR(CMD), cmdlen -1);
|
|
|
|
|
cmdsearch[cmdlen - 1] = '\0';
|
2015-06-29 17:22:51 +05:30
|
|
|
|
|
|
|
|
if (regexec (preg, cmdsearch, 0, NULL, 0) != 0)
|
|
|
|
|
match = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (match ^ opt_negate) { /* Exclusive OR is neat */
|
|
|
|
|
if (opt_newest) {
|
2015-09-26 03:49:32 +05:30
|
|
|
if (saved_start_time == PIDS_GETULL(STARTTIME) &&
|
2015-10-04 21:30:00 +05:30
|
|
|
saved_pid > PIDS_GETINT(PID))
|
2015-06-29 17:22:51 +05:30
|
|
|
continue;
|
2015-09-26 03:49:32 +05:30
|
|
|
saved_start_time = PIDS_GETULL(STARTTIME);
|
2015-10-04 21:30:00 +05:30
|
|
|
saved_pid = PIDS_GETINT(PID);
|
2015-06-29 17:22:51 +05:30
|
|
|
matches = 0;
|
|
|
|
|
}
|
|
|
|
|
if (opt_oldest) {
|
2015-09-26 03:49:32 +05:30
|
|
|
if (saved_start_time == PIDS_GETULL(STARTTIME) &&
|
2015-10-04 21:30:00 +05:30
|
|
|
saved_pid < PIDS_GETINT(PID))
|
2015-06-29 17:22:51 +05:30
|
|
|
continue;
|
2015-09-26 03:49:32 +05:30
|
|
|
saved_start_time = PIDS_GETULL(STARTTIME);
|
2015-10-04 21:30:00 +05:30
|
|
|
saved_pid = PIDS_GETINT(PID);
|
2015-06-29 17:22:51 +05:30
|
|
|
matches = 0;
|
|
|
|
|
}
|
|
|
|
|
if (matches == size) {
|
1970-01-01 05:30:00 +05:30
|
|
|
grow_size(size);
|
2015-06-29 17:22:51 +05:30
|
|
|
list = xrealloc(list, size * sizeof *list);
|
|
|
|
|
}
|
|
|
|
|
if (list && (opt_long || opt_longlong || opt_echo)) {
|
2015-10-04 21:30:00 +05:30
|
|
|
list[matches].num = PIDS_GETINT(PID);
|
2015-06-29 17:22:51 +05:30
|
|
|
list[matches++].str = xstrdup (cmdoutput);
|
|
|
|
|
} else if (list) {
|
2015-10-04 21:30:00 +05:30
|
|
|
list[matches++].num = PIDS_GETINT(PID);
|
2015-06-29 17:22:51 +05:30
|
|
|
} else {
|
2015-09-26 03:49:32 +05:30
|
|
|
xerrx(EXIT_FATAL, _("internal error"));
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-05-14 10:30:00 +05:30
|
|
|
procps_pids_unref(&info);
|
2019-09-21 12:28:30 +05:30
|
|
|
free(cmdline);
|
|
|
|
|
free(cmdsearch);
|
|
|
|
|
free(cmdoutput);
|
2015-09-26 03:49:32 +05:30
|
|
|
|
2020-12-22 10:44:56 +05:30
|
|
|
if (preg) {
|
|
|
|
|
regfree(preg);
|
|
|
|
|
free(preg);
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-29 17:22:51 +05:30
|
|
|
*num = matches;
|
2017-01-26 11:22:23 +05:30
|
|
|
|
2018-04-11 10:30:00 +05:30
|
|
|
if ((!matches) && (!opt_full) && opt_pattern && (strlen(opt_pattern) > 15))
|
2017-01-26 11:22:23 +05:30
|
|
|
xwarnx(_("pattern that searches for process name longer than 15 characters will result in zero matches\n"
|
|
|
|
|
"Try `%s -f' option to match against the complete command line."),
|
|
|
|
|
program_invocation_short_name);
|
2015-06-29 17:22:51 +05:30
|
|
|
return list;
|
2015-10-04 21:30:00 +05:30
|
|
|
#undef PIDS_GETINT
|
2016-08-08 20:40:10 +05:30
|
|
|
#undef PIDS_GETUNT
|
2015-10-04 21:30:00 +05:30
|
|
|
#undef PIDS_GETULL
|
|
|
|
|
#undef PIDS_GETSTR
|
2021-10-26 15:26:19 +05:30
|
|
|
#undef PIDS_GETSTV
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
|
|
|
|
|
2012-11-02 23:20:52 +05:30
|
|
|
static int signal_option(int *argc, char **argv)
|
2012-02-12 00:32:54 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
int sig;
|
|
|
|
|
int i;
|
|
|
|
|
for (i = 1; i < *argc; i++) {
|
|
|
|
|
if (argv[i][0] == '-') {
|
|
|
|
|
sig = signal_name_to_number(argv[i] + 1);
|
|
|
|
|
if (-1 < sig) {
|
|
|
|
|
memmove(argv + i, argv + i + 1,
|
|
|
|
|
sizeof(char *) * (*argc - i));
|
|
|
|
|
(*argc)--;
|
|
|
|
|
return sig;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
2012-02-12 00:32:54 +05:30
|
|
|
}
|
2002-02-02 04:17:29 +05:30
|
|
|
|
2021-02-15 15:40:06 +05:30
|
|
|
#if defined(ENABLE_PIDWAIT) && !defined(HAVE_PIDFD_OPEN)
|
2020-02-24 08:32:59 +05:30
|
|
|
static int pidfd_open (pid_t pid, unsigned int flags)
|
|
|
|
|
{
|
|
|
|
|
return syscall(__NR_pidfd_open, pid, flags);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-06-21 09:48:02 +05:30
|
|
|
static void parse_opts (int argc, char **argv)
|
2002-11-26 02:42:25 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
char opts[64] = "";
|
|
|
|
|
int opt;
|
|
|
|
|
int criteria_count = 0;
|
|
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
SIGNAL_OPTION = CHAR_MAX + 1,
|
|
|
|
|
NS_OPTION,
|
|
|
|
|
NSLIST_OPTION,
|
2021-10-26 15:26:19 +05:30
|
|
|
CGROUP_OPTION,
|
2015-06-29 17:22:51 +05:30
|
|
|
};
|
|
|
|
|
static const struct option longopts[] = {
|
|
|
|
|
{"signal", required_argument, NULL, SIGNAL_OPTION},
|
2022-08-10 18:37:38 +05:30
|
|
|
{"ignore-ancestors", no_argument, NULL, 'A'},
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
{"require-handler", no_argument, NULL, 'H'},
|
2015-06-29 17:22:51 +05:30
|
|
|
{"count", no_argument, NULL, 'c'},
|
2021-10-26 15:26:19 +05:30
|
|
|
{"cgroup", required_argument, NULL, CGROUP_OPTION},
|
2015-06-29 17:22:51 +05:30
|
|
|
{"delimiter", required_argument, NULL, 'd'},
|
|
|
|
|
{"list-name", no_argument, NULL, 'l'},
|
|
|
|
|
{"list-full", no_argument, NULL, 'a'},
|
|
|
|
|
{"full", no_argument, NULL, 'f'},
|
|
|
|
|
{"pgroup", required_argument, NULL, 'g'},
|
|
|
|
|
{"group", required_argument, NULL, 'G'},
|
|
|
|
|
{"ignore-case", no_argument, NULL, 'i'},
|
|
|
|
|
{"newest", no_argument, NULL, 'n'},
|
|
|
|
|
{"oldest", no_argument, NULL, 'o'},
|
2020-05-17 18:30:27 +05:30
|
|
|
{"older", required_argument, NULL, 'O'},
|
2015-06-29 17:22:51 +05:30
|
|
|
{"parent", required_argument, NULL, 'P'},
|
|
|
|
|
{"session", required_argument, NULL, 's'},
|
|
|
|
|
{"terminal", required_argument, NULL, 't'},
|
|
|
|
|
{"euid", required_argument, NULL, 'u'},
|
|
|
|
|
{"uid", required_argument, NULL, 'U'},
|
|
|
|
|
{"inverse", no_argument, NULL, 'v'},
|
|
|
|
|
{"lightweight", no_argument, NULL, 'w'},
|
|
|
|
|
{"exact", no_argument, NULL, 'x'},
|
|
|
|
|
{"pidfile", required_argument, NULL, 'F'},
|
|
|
|
|
{"logpidfile", no_argument, NULL, 'L'},
|
|
|
|
|
{"echo", no_argument, NULL, 'e'},
|
|
|
|
|
{"ns", required_argument, NULL, NS_OPTION},
|
|
|
|
|
{"nslist", required_argument, NULL, NSLIST_OPTION},
|
2020-04-25 08:45:06 +05:30
|
|
|
{"queue", required_argument, NULL, 'q'},
|
|
|
|
|
{"runstates", required_argument, NULL, 'r'},
|
2015-06-29 17:22:51 +05:30
|
|
|
{"help", no_argument, NULL, 'h'},
|
|
|
|
|
{"version", no_argument, NULL, 'V'},
|
|
|
|
|
{NULL, 0, NULL, 0}
|
|
|
|
|
};
|
|
|
|
|
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
|
2021-02-15 15:40:06 +05:30
|
|
|
#ifdef ENABLE_PIDWAIT
|
2021-04-05 10:10:00 +05:30
|
|
|
if (strcmp (program_invocation_short_name, "pidwait") == 0 ||
|
|
|
|
|
strcmp (program_invocation_short_name, "lt-pidwait") == 0) {
|
2021-02-16 01:18:51 +05:30
|
|
|
prog_mode = PIDWAIT;
|
2020-02-24 08:32:59 +05:30
|
|
|
strcat (opts, "e");
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
2021-04-05 10:10:00 +05:30
|
|
|
if (strcmp (program_invocation_short_name, "pkill") == 0 ||
|
|
|
|
|
strcmp (program_invocation_short_name, "lt-pkill") == 0) {
|
2023-03-01 12:05:14 +05:30
|
|
|
int sig;
|
2020-02-24 08:32:59 +05:30
|
|
|
prog_mode = PKILL;
|
2023-03-01 12:05:14 +05:30
|
|
|
sig = signal_option(&argc, argv);
|
|
|
|
|
if (-1 < sig)
|
|
|
|
|
opt_signal = sig;
|
2020-04-25 08:45:06 +05:30
|
|
|
strcat (opts, "eq:");
|
2015-06-29 17:22:51 +05:30
|
|
|
} else {
|
|
|
|
|
strcat (opts, "lad:vw");
|
2020-02-24 08:32:59 +05:30
|
|
|
prog_mode = PGREP;
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
|
|
|
|
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
strcat (opts, "LF:cfinoxP:O:AHg:s:u:U:G:t:r:?Vh");
|
2015-06-29 17:22:51 +05:30
|
|
|
|
|
|
|
|
while ((opt = getopt_long (argc, argv, opts, longopts, NULL)) != -1) {
|
|
|
|
|
switch (opt) {
|
|
|
|
|
case SIGNAL_OPTION:
|
|
|
|
|
opt_signal = signal_name_to_number (optarg);
|
2023-03-01 12:05:14 +05:30
|
|
|
if (opt_signal == -1) {
|
|
|
|
|
if (isdigit (optarg[0]))
|
|
|
|
|
opt_signal = atoi (optarg);
|
|
|
|
|
else {
|
|
|
|
|
fprintf(stderr, _("Unknown signal \"%s\"."), optarg);
|
|
|
|
|
usage('?');
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-29 17:22:51 +05:30
|
|
|
break;
|
|
|
|
|
case 'e':
|
|
|
|
|
opt_echo = 1;
|
|
|
|
|
break;
|
|
|
|
|
/* case 'D': / * FreeBSD: print info about non-matches for debugging * /
|
|
|
|
|
* break; */
|
|
|
|
|
case 'F': /* FreeBSD: the arg is a file containing a PID to match */
|
|
|
|
|
opt_pidfile = xstrdup (optarg);
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 'G': /* Solaris: match rgid/rgroup */
|
|
|
|
|
opt_rgid = split_list (optarg, conv_gid);
|
|
|
|
|
if (opt_rgid == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
/* case 'I': / * FreeBSD: require confirmation before killing * /
|
|
|
|
|
* break; */
|
|
|
|
|
/* case 'J': / * Solaris: match by project ID (name or number) * /
|
|
|
|
|
* break; */
|
|
|
|
|
case 'L': /* FreeBSD: fail if pidfile (see -F) not locked */
|
|
|
|
|
opt_lock++;
|
|
|
|
|
break;
|
|
|
|
|
/* case 'M': / * FreeBSD: specify core (OS crash dump) file * /
|
|
|
|
|
* break; */
|
|
|
|
|
/* case 'N': / * FreeBSD: specify alternate namelist file (for us, System.map -- but we don't need it) * /
|
|
|
|
|
* break; */
|
|
|
|
|
case 'P': /* Solaris: match by PPID */
|
|
|
|
|
opt_ppid = split_list (optarg, conv_num);
|
|
|
|
|
if (opt_ppid == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
/* case 'S': / * FreeBSD: don't ignore the built-in kernel tasks * /
|
|
|
|
|
* break; */
|
|
|
|
|
/* case 'T': / * Solaris: match by "task ID" (probably not a Linux task) * /
|
|
|
|
|
* break; */
|
|
|
|
|
case 'U': /* Solaris: match by ruid/rgroup */
|
|
|
|
|
opt_ruid = split_list (optarg, conv_uid);
|
|
|
|
|
if (opt_ruid == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 'V':
|
|
|
|
|
printf(PROCPS_NG_VERSION);
|
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
|
/* case 'c': / * Solaris: match by contract ID * /
|
|
|
|
|
* break; */
|
|
|
|
|
case 'c':
|
|
|
|
|
opt_count = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'd': /* Solaris: change the delimiter */
|
|
|
|
|
opt_delim = xstrdup (optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 'f': /* Solaris: match full process name (as in "ps -f") */
|
|
|
|
|
opt_full = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'g': /* Solaris: match pgrp */
|
|
|
|
|
opt_pgrp = split_list (optarg, conv_pgrp);
|
|
|
|
|
if (opt_pgrp == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 'i': /* FreeBSD: ignore case. OpenBSD: withdrawn. See -I. This sucks. */
|
|
|
|
|
if (opt_case)
|
|
|
|
|
usage (opt);
|
|
|
|
|
opt_case = REG_ICASE;
|
|
|
|
|
break;
|
|
|
|
|
/* case 'j': / * FreeBSD: restricted to the given jail ID * /
|
|
|
|
|
* break; */
|
|
|
|
|
case 'l': /* Solaris: long output format (pgrep only) Should require -f for beyond argv[0] maybe? */
|
|
|
|
|
opt_long = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'a':
|
|
|
|
|
opt_longlong = 1;
|
|
|
|
|
break;
|
2022-08-10 18:37:38 +05:30
|
|
|
case 'A':
|
|
|
|
|
opt_ignore_ancestors = get_our_ancestors();
|
|
|
|
|
break;
|
2015-06-29 17:22:51 +05:30
|
|
|
case 'n': /* Solaris: match only the newest */
|
|
|
|
|
if (opt_oldest|opt_negate|opt_newest)
|
|
|
|
|
usage ('?');
|
|
|
|
|
opt_newest = 1;
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 'o': /* Solaris: match only the oldest */
|
|
|
|
|
if (opt_oldest|opt_negate|opt_newest)
|
|
|
|
|
usage ('?');
|
|
|
|
|
opt_oldest = 1;
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
2020-05-17 18:30:27 +05:30
|
|
|
case 'O':
|
|
|
|
|
opt_older = atoi (optarg);
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
2015-06-29 17:22:51 +05:30
|
|
|
case 's': /* Solaris: match by session ID -- zero means self */
|
|
|
|
|
opt_sid = split_list (optarg, conv_sid);
|
|
|
|
|
if (opt_sid == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 't': /* Solaris: match by tty */
|
|
|
|
|
opt_term = split_list (optarg, conv_str);
|
|
|
|
|
if (opt_term == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 'u': /* Solaris: match by euid/egroup */
|
|
|
|
|
opt_euid = split_list (optarg, conv_uid);
|
|
|
|
|
if (opt_euid == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
|
|
|
|
case 'v': /* Solaris: as in grep, invert the matching (uh... applied after selection I think) */
|
|
|
|
|
if (opt_oldest|opt_negate|opt_newest)
|
|
|
|
|
usage ('?');
|
|
|
|
|
opt_negate = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'w': // Linux: show threads (lightweight process) too
|
|
|
|
|
opt_threads = 1;
|
|
|
|
|
break;
|
|
|
|
|
/* OpenBSD -x, being broken, does a plain string */
|
|
|
|
|
case 'x': /* Solaris: use ^(regexp)$ in place of regexp (FreeBSD too) */
|
|
|
|
|
opt_exact = 1;
|
|
|
|
|
break;
|
|
|
|
|
/* case 'z': / * Solaris: match by zone ID * /
|
|
|
|
|
* break; */
|
|
|
|
|
case NS_OPTION:
|
|
|
|
|
opt_ns_pid = atoi(optarg);
|
2018-04-11 10:30:00 +05:30
|
|
|
if (opt_ns_pid == 0)
|
2019-01-04 04:04:14 +05:30
|
|
|
case 'r': /* match by runstate */
|
|
|
|
|
opt_runstates = xstrdup (optarg);
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
2015-06-29 17:22:51 +05:30
|
|
|
case NSLIST_OPTION:
|
|
|
|
|
opt_nslist = split_list (optarg, conv_ns);
|
|
|
|
|
if (opt_nslist == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
break;
|
2020-04-25 08:45:06 +05:30
|
|
|
case 'q':
|
|
|
|
|
sigval.sival_int = atoi(optarg);
|
|
|
|
|
use_sigqueue = true;
|
|
|
|
|
break;
|
2021-10-26 15:26:19 +05:30
|
|
|
case CGROUP_OPTION:
|
|
|
|
|
opt_cgroup = split_list (optarg, conv_str);
|
|
|
|
|
if (opt_cgroup == NULL)
|
|
|
|
|
usage ('?');
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Signed-off-by: Chris Down <chris@chrisdown.name>
2022-11-01 05:47:21 +05:30
|
|
|
case 'H':
|
|
|
|
|
require_handler = true;
|
|
|
|
|
++criteria_count;
|
|
|
|
|
break;
|
2015-06-29 17:22:51 +05:30
|
|
|
case 'h':
|
|
|
|
|
case '?':
|
|
|
|
|
usage (opt);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(opt_lock && !opt_pidfile)
|
|
|
|
|
xerrx(EXIT_USAGE, _("-L without -F makes no sense\n"
|
|
|
|
|
"Try `%s --help' for more information."),
|
|
|
|
|
program_invocation_short_name);
|
|
|
|
|
|
|
|
|
|
if(opt_pidfile){
|
|
|
|
|
opt_pid = read_pidfile();
|
|
|
|
|
if(!opt_pid)
|
|
|
|
|
xerrx(EXIT_FAILURE, _("pidfile not valid\n"
|
|
|
|
|
"Try `%s --help' for more information."),
|
|
|
|
|
program_invocation_short_name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (argc - optind == 1)
|
|
|
|
|
opt_pattern = argv[optind];
|
2016-09-11 06:10:47 +05:30
|
|
|
|
2015-06-29 17:22:51 +05:30
|
|
|
else if (argc - optind > 1)
|
|
|
|
|
xerrx(EXIT_USAGE, _("only one pattern can be provided\n"
|
|
|
|
|
"Try `%s --help' for more information."),
|
|
|
|
|
program_invocation_short_name);
|
|
|
|
|
else if (criteria_count == 0)
|
|
|
|
|
xerrx(EXIT_USAGE, _("no matching criteria specified\n"
|
|
|
|
|
"Try `%s --help' for more information."),
|
|
|
|
|
program_invocation_short_name);
|
2002-11-26 02:42:25 +05:30
|
|
|
}
|
|
|
|
|
|
2020-04-25 08:45:06 +05:30
|
|
|
inline static int execute_kill(pid_t pid, int sig_num)
|
|
|
|
|
{
|
|
|
|
|
if (use_sigqueue)
|
|
|
|
|
return sigqueue(pid, sig_num, sigval);
|
|
|
|
|
else
|
|
|
|
|
return kill(pid, sig_num);
|
|
|
|
|
}
|
2002-11-26 02:42:25 +05:30
|
|
|
|
2011-10-12 02:50:36 +05:30
|
|
|
int main (int argc, char **argv)
|
2002-02-02 04:17:29 +05:30
|
|
|
{
|
2015-06-29 17:22:51 +05:30
|
|
|
struct el *procs;
|
|
|
|
|
int num;
|
2020-02-24 08:32:59 +05:30
|
|
|
int i;
|
|
|
|
|
int kill_count = 0;
|
2021-02-15 15:40:06 +05:30
|
|
|
#ifdef ENABLE_PIDWAIT
|
2020-02-24 08:32:59 +05:30
|
|
|
int poll_count = 0;
|
|
|
|
|
int wait_count = 0;
|
|
|
|
|
int epollfd = epoll_create(1);
|
|
|
|
|
struct epoll_event ev, events[32];
|
|
|
|
|
#endif
|
2002-02-02 04:17:29 +05:30
|
|
|
|
2013-02-20 23:01:48 +05:30
|
|
|
#ifdef HAVE_PROGRAM_INVOCATION_NAME
|
2015-06-29 17:22:51 +05:30
|
|
|
program_invocation_name = program_invocation_short_name;
|
2013-02-20 23:01:48 +05:30
|
|
|
#endif
|
2015-06-29 17:22:51 +05:30
|
|
|
setlocale (LC_ALL, "");
|
|
|
|
|
bindtextdomain(PACKAGE, LOCALEDIR);
|
|
|
|
|
textdomain(PACKAGE);
|
|
|
|
|
atexit(close_stdout);
|
|
|
|
|
|
|
|
|
|
parse_opts (argc, argv);
|
|
|
|
|
|
|
|
|
|
procs = select_procs (&num);
|
2020-02-24 08:32:59 +05:30
|
|
|
switch (prog_mode) {
|
|
|
|
|
case PGREP:
|
|
|
|
|
if (opt_count) {
|
|
|
|
|
fprintf(stdout, "%d\n", num);
|
|
|
|
|
} else {
|
|
|
|
|
if (opt_long || opt_longlong)
|
|
|
|
|
output_strlist (procs,num);
|
|
|
|
|
else
|
|
|
|
|
output_numlist (procs,num);
|
|
|
|
|
}
|
|
|
|
|
return !num;
|
|
|
|
|
case PKILL:
|
2015-06-29 17:22:51 +05:30
|
|
|
for (i = 0; i < num; i++) {
|
2020-04-25 08:45:06 +05:30
|
|
|
if (execute_kill (procs[i].num, opt_signal) != -1) {
|
2015-06-29 17:22:51 +05:30
|
|
|
if (opt_echo)
|
|
|
|
|
printf(_("%s killed (pid %lu)\n"), procs[i].str, procs[i].num);
|
2017-02-04 06:14:01 +05:30
|
|
|
kill_count++;
|
2015-06-29 17:22:51 +05:30
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (errno==ESRCH)
|
|
|
|
|
/* gone now, which is OK */
|
|
|
|
|
continue;
|
|
|
|
|
xwarn(_("killing pid %ld failed"), procs[i].num);
|
|
|
|
|
}
|
|
|
|
|
if (opt_count)
|
|
|
|
|
fprintf(stdout, "%d\n", num);
|
2017-02-04 06:14:01 +05:30
|
|
|
return !kill_count;
|
2021-02-15 15:40:06 +05:30
|
|
|
#ifdef ENABLE_PIDWAIT
|
|
|
|
|
case PIDWAIT:
|
2020-02-24 08:32:59 +05:30
|
|
|
if (opt_count)
|
2015-06-29 17:22:51 +05:30
|
|
|
fprintf(stdout, "%d\n", num);
|
2020-02-24 08:32:59 +05:30
|
|
|
|
|
|
|
|
for (i = 0; i < num; i++) {
|
|
|
|
|
if (opt_echo)
|
|
|
|
|
printf(_("waiting for %s (pid %lu)\n"), procs[i].str, procs[i].num);
|
|
|
|
|
int pidfd = pidfd_open(procs[i].num, 0);
|
|
|
|
|
if (pidfd == -1) {
|
2022-07-18 16:21:41 +05:30
|
|
|
if (errno == ENOSYS)
|
|
|
|
|
xerrx(EXIT_FAILURE, _("pidfd_open() not implemented in Linux < 5.3"));
|
2020-02-24 08:32:59 +05:30
|
|
|
/* ignore ESRCH, same as pkill */
|
|
|
|
|
if (errno != ESRCH)
|
|
|
|
|
xwarn(_("opening pid %ld failed"), procs[i].num);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
ev.events = EPOLLIN | EPOLLET;
|
|
|
|
|
ev.data.fd = pidfd;
|
|
|
|
|
if (epoll_ctl(epollfd, EPOLL_CTL_ADD, pidfd, &ev) != -1)
|
|
|
|
|
poll_count++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (wait_count < poll_count) {
|
|
|
|
|
int ew = epoll_wait(epollfd, events, sizeof(events)/sizeof(events[0]), -1);
|
|
|
|
|
if (ew == -1) {
|
|
|
|
|
if (errno == EINTR)
|
|
|
|
|
continue;
|
|
|
|
|
xwarn(_("epoll_wait failed"));
|
|
|
|
|
}
|
|
|
|
|
wait_count += ew;
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
2020-02-24 08:32:59 +05:30
|
|
|
|
|
|
|
|
return !wait_count;
|
|
|
|
|
#endif
|
2015-06-29 17:22:51 +05:30
|
|
|
}
|
2020-02-24 08:32:59 +05:30
|
|
|
/* Not sure if it is possible to get here */
|
|
|
|
|
return -1;
|
2002-02-02 04:17:29 +05:30
|
|
|
}
|
