1/* 2 * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25#include "precompiled.hpp" 26#include "runtime/interfaceSupport.hpp" 27#include "runtime/os.inline.hpp" 28#include "services/attachListener.hpp" 29#include "services/dtraceAttacher.hpp" 30 31#include <unistd.h> 32#include <signal.h> 33#include <sys/types.h> 34#include <sys/socket.h> 35#include <sys/un.h> 36#include <sys/stat.h> 37 38#ifndef UNIX_PATH_MAX 39#define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)0)->sun_path) 40#endif 41 42// The attach mechanism on Linux uses a UNIX domain socket. An attach listener 43// thread is created at startup or is created on-demand via a signal from 44// the client tool. The attach listener creates a socket and binds it to a file 45// in the filesystem. The attach listener then acts as a simple (single- 46// threaded) server - it waits for a client to connect, reads the request, 47// executes it, and returns the response to the client via the socket 48// connection. 49// 50// As the socket is a UNIX domain socket it means that only clients on the 51// local machine can connect. In addition there are two other aspects to 52// the security: 53// 1. The well known file that the socket is bound to has permission 400 54// 2. When a client connect, the SO_PEERCRED socket option is used to 55// obtain the credentials of client. We check that the effective uid 56// of the client matches this process. 57 58// forward reference 59class LinuxAttachOperation; 60 61class LinuxAttachListener: AllStatic { 62 private: 63 // the path to which we bind the UNIX domain socket 64 static char _path[UNIX_PATH_MAX]; 65 static bool _has_path; 66 67 // the file descriptor for the listening socket 68 static int _listener; 69 70 static void set_path(char* path) { 71 if (path == NULL) { 72 _has_path = false; 73 } else { 74 strncpy(_path, path, UNIX_PATH_MAX); 75 _path[UNIX_PATH_MAX-1] = '\0'; 76 _has_path = true; 77 } 78 } 79 80 static void set_listener(int s) { _listener = s; } 81 82 // reads a request from the given connected socket 83 static LinuxAttachOperation* read_request(int s); 84 85 public: 86 enum { 87 ATTACH_PROTOCOL_VER = 1 // protocol version 88 }; 89 enum { 90 ATTACH_ERROR_BADVERSION = 101 // error codes 91 }; 92 93 // initialize the listener, returns 0 if okay 94 static int init(); 95 96 static char* path() { return _path; } 97 static bool has_path() { return _has_path; } 98 static int listener() { return _listener; } 99 100 // write the given buffer to a socket 101 static int write_fully(int s, char* buf, int len); 102 103 static LinuxAttachOperation* dequeue(); 104}; 105 106class LinuxAttachOperation: public AttachOperation { 107 private: 108 // the connection to the client 109 int _socket; 110 111 public: 112 void complete(jint res, bufferedStream* st); 113 114 void set_socket(int s) { _socket = s; } 115 int socket() const { return _socket; } 116 117 LinuxAttachOperation(char* name) : AttachOperation(name) { 118 set_socket(-1); 119 } 120}; 121 122// statics 123char LinuxAttachListener::_path[UNIX_PATH_MAX]; 124bool LinuxAttachListener::_has_path; 125int LinuxAttachListener::_listener = -1; 126 127// Supporting class to help split a buffer into individual components 128class ArgumentIterator : public StackObj { 129 private: 130 char* _pos; 131 char* _end; 132 public: 133 ArgumentIterator(char* arg_buffer, size_t arg_size) { 134 _pos = arg_buffer; 135 _end = _pos + arg_size - 1; 136 } 137 char* next() { 138 if (*_pos == '\0') { 139 return NULL; 140 } 141 char* res = _pos; 142 char* next_pos = strchr(_pos, '\0'); 143 if (next_pos < _end) { 144 next_pos++; 145 } 146 _pos = next_pos; 147 return res; 148 } 149}; 150 151 152// atexit hook to stop listener and unlink the file that it is 153// bound too. 154extern "C" { 155 static void listener_cleanup() { 156 static int cleanup_done; 157 if (!cleanup_done) { 158 cleanup_done = 1; 159 int s = LinuxAttachListener::listener(); 160 if (s != -1) { 161 ::close(s); 162 } 163 if (LinuxAttachListener::has_path()) { 164 ::unlink(LinuxAttachListener::path()); 165 } 166 } 167 } 168} 169 170// Initialization - create a listener socket and bind it to a file 171 172int LinuxAttachListener::init() { 173 char path[UNIX_PATH_MAX]; // socket file 174 char initial_path[UNIX_PATH_MAX]; // socket file during setup 175 int listener; // listener socket (file descriptor) 176 177 // register function to cleanup 178 ::atexit(listener_cleanup); 179 180 int n = snprintf(path, UNIX_PATH_MAX, "%s/.java_pid%d", 181 os::get_temp_directory(), os::current_process_id()); 182 if (n < (int)UNIX_PATH_MAX) { 183 n = snprintf(initial_path, UNIX_PATH_MAX, "%s.tmp", path); 184 } 185 if (n >= (int)UNIX_PATH_MAX) { 186 return -1; 187 } 188 189 // create the listener socket 190 listener = ::socket(PF_UNIX, SOCK_STREAM, 0); 191 if (listener == -1) { 192 return -1; 193 } 194 195 // bind socket 196 struct sockaddr_un addr; 197 addr.sun_family = AF_UNIX; 198 strcpy(addr.sun_path, initial_path); 199 ::unlink(initial_path); 200 int res = ::bind(listener, (struct sockaddr*)&addr, sizeof(addr)); 201 if (res == -1) { 202 ::close(listener); 203 return -1; 204 } 205 206 // put in listen mode, set permissions, and rename into place 207 res = ::listen(listener, 5); 208 if (res == 0) { 209 RESTARTABLE(::chmod(initial_path, S_IREAD|S_IWRITE), res); 210 if (res == 0) { 211 res = ::rename(initial_path, path); 212 } 213 } 214 if (res == -1) { 215 ::close(listener); 216 ::unlink(initial_path); 217 return -1; 218 } 219 set_path(path); 220 set_listener(listener); 221 222 return 0; 223} 224 225// Given a socket that is connected to a peer we read the request and 226// create an AttachOperation. As the socket is blocking there is potential 227// for a denial-of-service if the peer does not response. However this happens 228// after the peer credentials have been checked and in the worst case it just 229// means that the attach listener thread is blocked. 230// 231LinuxAttachOperation* LinuxAttachListener::read_request(int s) { 232 char ver_str[8]; 233 sprintf(ver_str, "%d", ATTACH_PROTOCOL_VER); 234 235 // The request is a sequence of strings so we first figure out the 236 // expected count and the maximum possible length of the request. 237 // The request is: 238 // <ver>0<cmd>0<arg>0<arg>0<arg>0 239 // where <ver> is the protocol version (1), <cmd> is the command 240 // name ("load", "datadump", ...), and <arg> is an argument 241 int expected_str_count = 2 + AttachOperation::arg_count_max; 242 const int max_len = (sizeof(ver_str) + 1) + (AttachOperation::name_length_max + 1) + 243 AttachOperation::arg_count_max*(AttachOperation::arg_length_max + 1); 244 245 char buf[max_len]; 246 int str_count = 0; 247 248 // Read until all (expected) strings have been read, the buffer is 249 // full, or EOF. 250 251 int off = 0; 252 int left = max_len; 253 254 do { 255 int n; 256 RESTARTABLE(read(s, buf+off, left), n); 257 assert(n <= left, "buffer was too small, impossible!"); 258 buf[max_len - 1] = '\0'; 259 if (n == -1) { 260 return NULL; // reset by peer or other error 261 } 262 if (n == 0) { 263 break; 264 } 265 for (int i=0; i<n; i++) { 266 if (buf[off+i] == 0) { 267 // EOS found 268 str_count++; 269 270 // The first string is <ver> so check it now to 271 // check for protocol mis-match 272 if (str_count == 1) { 273 if ((strlen(buf) != strlen(ver_str)) || 274 (atoi(buf) != ATTACH_PROTOCOL_VER)) { 275 char msg[32]; 276 sprintf(msg, "%d\n", ATTACH_ERROR_BADVERSION); 277 write_fully(s, msg, strlen(msg)); 278 return NULL; 279 } 280 } 281 } 282 } 283 off += n; 284 left -= n; 285 } while (left > 0 && str_count < expected_str_count); 286 287 if (str_count != expected_str_count) { 288 return NULL; // incomplete request 289 } 290 291 // parse request 292 293 ArgumentIterator args(buf, (max_len)-left); 294 295 // version already checked 296 char* v = args.next(); 297 298 char* name = args.next(); 299 if (name == NULL || strlen(name) > AttachOperation::name_length_max) { 300 return NULL; 301 } 302 303 LinuxAttachOperation* op = new LinuxAttachOperation(name); 304 305 for (int i=0; i<AttachOperation::arg_count_max; i++) { 306 char* arg = args.next(); 307 if (arg == NULL) { 308 op->set_arg(i, NULL); 309 } else { 310 if (strlen(arg) > AttachOperation::arg_length_max) { 311 delete op; 312 return NULL; 313 } 314 op->set_arg(i, arg); 315 } 316 } 317 318 op->set_socket(s); 319 return op; 320} 321 322 323// Dequeue an operation 324// 325// In the Linux implementation there is only a single operation and clients 326// cannot queue commands (except at the socket level). 327// 328LinuxAttachOperation* LinuxAttachListener::dequeue() { 329 for (;;) { 330 int s; 331 332 // wait for client to connect 333 struct sockaddr addr; 334 socklen_t len = sizeof(addr); 335 RESTARTABLE(::accept(listener(), &addr, &len), s); 336 if (s == -1) { 337 return NULL; // log a warning? 338 } 339 340 // get the credentials of the peer and check the effective uid/guid 341 // - check with jeff on this. 342 struct ucred cred_info; 343 socklen_t optlen = sizeof(cred_info); 344 if (::getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void*)&cred_info, &optlen) == -1) { 345 ::close(s); 346 continue; 347 } 348 uid_t euid = geteuid(); 349 gid_t egid = getegid(); 350 351 if (cred_info.uid != euid || cred_info.gid != egid) { 352 ::close(s); 353 continue; 354 } 355 356 // peer credential look okay so we read the request 357 LinuxAttachOperation* op = read_request(s); 358 if (op == NULL) { 359 ::close(s); 360 continue; 361 } else { 362 return op; 363 } 364 } 365} 366 367// write the given buffer to the socket 368int LinuxAttachListener::write_fully(int s, char* buf, int len) { 369 do { 370 int n = ::write(s, buf, len); 371 if (n == -1) { 372 if (errno != EINTR) return -1; 373 } else { 374 buf += n; 375 len -= n; 376 } 377 } 378 while (len > 0); 379 return 0; 380} 381 382// Complete an operation by sending the operation result and any result 383// output to the client. At this time the socket is in blocking mode so 384// potentially we can block if there is a lot of data and the client is 385// non-responsive. For most operations this is a non-issue because the 386// default send buffer is sufficient to buffer everything. In the future 387// if there are operations that involves a very big reply then it the 388// socket could be made non-blocking and a timeout could be used. 389 390void LinuxAttachOperation::complete(jint result, bufferedStream* st) { 391 JavaThread* thread = JavaThread::current(); 392 ThreadBlockInVM tbivm(thread); 393 394 thread->set_suspend_equivalent(); 395 // cleared by handle_special_suspend_equivalent_condition() or 396 // java_suspend_self() via check_and_wait_while_suspended() 397 398 // write operation result 399 char msg[32]; 400 sprintf(msg, "%d\n", result); 401 int rc = LinuxAttachListener::write_fully(this->socket(), msg, strlen(msg)); 402 403 // write any result data 404 if (rc == 0) { 405 LinuxAttachListener::write_fully(this->socket(), (char*) st->base(), st->size()); 406 ::shutdown(this->socket(), 2); 407 } 408 409 // done 410 ::close(this->socket()); 411 412 // were we externally suspended while we were waiting? 413 thread->check_and_wait_while_suspended(); 414 415 delete this; 416} 417 418 419// AttachListener functions 420 421AttachOperation* AttachListener::dequeue() { 422 JavaThread* thread = JavaThread::current(); 423 ThreadBlockInVM tbivm(thread); 424 425 thread->set_suspend_equivalent(); 426 // cleared by handle_special_suspend_equivalent_condition() or 427 // java_suspend_self() via check_and_wait_while_suspended() 428 429 AttachOperation* op = LinuxAttachListener::dequeue(); 430 431 // were we externally suspended while we were waiting? 432 thread->check_and_wait_while_suspended(); 433 434 return op; 435} 436 437 438// Performs initialization at vm startup 439// For Linux we remove any stale .java_pid file which could cause 440// an attaching process to think we are ready to receive on the 441// domain socket before we are properly initialized 442 443void AttachListener::vm_start() { 444 char fn[UNIX_PATH_MAX]; 445 struct stat64 st; 446 int ret; 447 448 int n = snprintf(fn, UNIX_PATH_MAX, "%s/.java_pid%d", 449 os::get_temp_directory(), os::current_process_id()); 450 assert(n < (int)UNIX_PATH_MAX, "java_pid file name buffer overflow"); 451 452 RESTARTABLE(::stat64(fn, &st), ret); 453 if (ret == 0) { 454 ret = ::unlink(fn); 455 if (ret == -1) { 456 log_debug(attach)("Failed to remove stale attach pid file at %s", fn); 457 } 458 } 459} 460 461int AttachListener::pd_init() { 462 JavaThread* thread = JavaThread::current(); 463 ThreadBlockInVM tbivm(thread); 464 465 thread->set_suspend_equivalent(); 466 // cleared by handle_special_suspend_equivalent_condition() or 467 // java_suspend_self() via check_and_wait_while_suspended() 468 469 int ret_code = LinuxAttachListener::init(); 470 471 // were we externally suspended while we were waiting? 472 thread->check_and_wait_while_suspended(); 473 474 return ret_code; 475} 476 477// Attach Listener is started lazily except in the case when 478// +ReduseSignalUsage is used 479bool AttachListener::init_at_startup() { 480 if (ReduceSignalUsage) { 481 return true; 482 } else { 483 return false; 484 } 485} 486 487// If the file .attach_pid<pid> exists in the working directory 488// or /tmp then this is the trigger to start the attach mechanism 489bool AttachListener::is_init_trigger() { 490 if (init_at_startup() || is_initialized()) { 491 return false; // initialized at startup or already initialized 492 } 493 char fn[PATH_MAX+1]; 494 sprintf(fn, ".attach_pid%d", os::current_process_id()); 495 int ret; 496 struct stat64 st; 497 RESTARTABLE(::stat64(fn, &st), ret); 498 if (ret == -1) { 499 log_trace(attach)("Failed to find attach file: %s, trying alternate", fn); 500 snprintf(fn, sizeof(fn), "%s/.attach_pid%d", 501 os::get_temp_directory(), os::current_process_id()); 502 RESTARTABLE(::stat64(fn, &st), ret); 503 if (ret == -1) { 504 log_debug(attach)("Failed to find attach file: %s", fn); 505 } 506 } 507 if (ret == 0) { 508 // simple check to avoid starting the attach mechanism when 509 // a bogus user creates the file 510 if (st.st_uid == geteuid()) { 511 init(); 512 log_trace(attach)("Attach trigerred by %s", fn); 513 return true; 514 } else { 515 log_debug(attach)("File %s has wrong user id %d (vs %d). Attach is not trigerred", fn, st.st_uid, geteuid()); 516 } 517 } 518 return false; 519} 520 521// if VM aborts then remove listener 522void AttachListener::abort() { 523 listener_cleanup(); 524} 525 526void AttachListener::pd_data_dump() { 527 os::signal_notify(SIGQUIT); 528} 529 530AttachOperationFunctionInfo* AttachListener::pd_find_operation(const char* n) { 531 return NULL; 532} 533 534jint AttachListener::pd_set_flag(AttachOperation* op, outputStream* out) { 535 out->print_cr("flag '%s' cannot be changed", op->arg(0)); 536 return JNI_ERR; 537} 538 539void AttachListener::pd_detachall() { 540 // do nothing for now 541} 542