]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/killall.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hwdb: Add mapping for Xiaomi Mipad 2 bottom bezel capacitive buttons
[thirdparty/systemd.git] / src / shared / killall.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2010 ProFUSION embedded systems
4 ***/
5
6 #include <errno.h>
7 #include <signal.h>
8 #include <sys/wait.h>
9 #include <unistd.h>
10
11 #include "alloc-util.h"
12 #include "constants.h"
13 #include "dirent-util.h"
14 #include "errno-util.h"
15 #include "fd-util.h"
16 #include "format-util.h"
17 #include "initrd-util.h"
18 #include "killall.h"
19 #include "parse-util.h"
20 #include "process-util.h"
21 #include "set.h"
22 #include "stdio-util.h"
23 #include "string-util.h"
24 #include "terminal-util.h"
25
26 static bool argv_has_at(pid_t pid) {
27 _cleanup_fclose_ FILE *f = NULL;
28 const char *p;
29 char c = 0;
30
31 p = procfs_file_alloca(pid, "cmdline");
32 f = fopen(p, "re");
33 if (!f) {
34 log_debug_errno(errno, "Failed to open %s, ignoring: %m", p);
35 return true; /* not really, but has the desired effect */
36 }
37
38 /* Try to read the first character of the command line. If the cmdline is empty (which might be the case for
39 * kernel threads but potentially also other stuff), this line won't do anything, but we don't care much, as
40 * actual kernel threads are already filtered out above. */
41 (void) fread(&c, 1, 1, f);
42
43 /* Processes with argv[0][0] = '@' we ignore from the killing spree.
44 *
45 * https://systemd.io/ROOT_STORAGE_DAEMONS */
46 return c == '@';
47 }
48
49 static bool is_survivor_cgroup(const PidRef *pid) {
50 _cleanup_free_ char *cgroup_path = NULL;
51 int r;
52
53 assert(pidref_is_set(pid));
54
55 r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
56 if (r < 0) {
57 log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
58 return false;
59 }
60
61 r = cg_get_xattr_bool(cgroup_path, "user.survive_final_kill_signal");
62 /* user xattr support was added to kernel v5.7, try with the trusted namespace as a fallback */
63 if (ERRNO_IS_NEG_XATTR_ABSENT(r))
64 r = cg_get_xattr_bool(cgroup_path, "trusted.survive_final_kill_signal");
65 if (r < 0 && !ERRNO_IS_NEG_XATTR_ABSENT(r))
66 log_debug_errno(r,
67 "Failed to get survive_final_kill_signal xattr of %s, ignoring: %m",
68 cgroup_path);
69
70 return r > 0;
71 }
72
73 static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
74 uid_t uid;
75 int r;
76
77 assert(pidref_is_set(pid));
78
79 /* We are PID 1, let's not commit suicide */
80 if (pid->pid == 1)
81 return true;
82
83 /* Ignore kernel threads */
84 r = pidref_is_kernel_thread(pid);
85 if (r != 0)
86 return true; /* also ignore processes where we can't determine this */
87
88 /* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
89 if (is_survivor_cgroup(pid))
90 return true;
91
92 r = pidref_get_uid(pid, &uid);
93 if (r < 0)
94 return true; /* not really, but better safe than sorry */
95
96 /* Non-root processes otherwise are always subject to be killed */
97 if (uid != 0)
98 return false;
99
100 if (!argv_has_at(pid->pid))
101 return false;
102
103 if (warn_rootfs &&
104 pid_from_same_root_fs(pid->pid) > 0) {
105
106 _cleanup_free_ char *comm = NULL;
107
108 (void) pidref_get_comm(pid, &comm);
109
110 log_notice("Process " PID_FMT " (%s) has been marked to be excluded from killing. It is "
111 "running from the root file system, and thus likely to block re-mounting of the "
112 "root file system to read-only. Please consider moving it into an initrd file "
113 "system instead.", pid->pid, strna(comm));
114 }
115
116 return true;
117 }
118
119 static void log_children_not_yet_killed(Set *pids) {
120 _cleanup_free_ char *lst_child = NULL;
121 int r;
122
123 void *p;
124 SET_FOREACH(p, pids) {
125 _cleanup_free_ char *s = NULL;
126
127 if (pid_get_comm(PTR_TO_PID(p), &s) >= 0)
128 r = strextendf_with_separator(&lst_child, ", ", PID_FMT " (%s)", PTR_TO_PID(p), s);
129 else
130 r = strextendf_with_separator(&lst_child, ", ", PID_FMT, PTR_TO_PID(p));
131 if (r < 0)
132 return (void) log_oom_warning();
133 }
134
135 if (isempty(lst_child))
136 return;
137
138 log_warning("Waiting for process: %s", lst_child);
139 }
140
141 static int wait_for_children(Set *pids, sigset_t *mask, usec_t timeout) {
142 usec_t until, date_log_child, n;
143
144 assert(mask);
145
146 /* Return the number of children remaining in the pids set: That correspond to the number
147 * of processes still "alive" after the timeout */
148
149 if (set_isempty(pids))
150 return 0;
151
152 n = now(CLOCK_MONOTONIC);
153 until = usec_add(n, timeout);
154 date_log_child = usec_add(n, 10u * USEC_PER_SEC);
155 if (date_log_child > until)
156 date_log_child = usec_add(n, timeout / 2u);
157
158 for (;;) {
159 struct timespec ts;
160 int k;
161 void *p;
162
163 /* First, let the kernel inform us about killed
164 * children. Most processes will probably be our
165 * children, but some are not (might be our
166 * grandchildren instead...). */
167 for (;;) {
168 pid_t pid;
169
170 pid = waitpid(-1, NULL, WNOHANG);
171 if (pid == 0)
172 break;
173 if (pid < 0) {
174 if (errno == ECHILD)
175 break;
176
177 return log_error_errno(errno, "waitpid() failed: %m");
178 }
179
180 (void) set_remove(pids, PID_TO_PTR(pid));
181 }
182
183 /* Now explicitly check who might be remaining, who
184 * might not be our child. */
185 SET_FOREACH(p, pids) {
186
187 /* kill(pid, 0) sends no signal, but it tells
188 * us whether the process still exists. */
189 if (kill(PTR_TO_PID(p), 0) == 0)
190 continue;
191
192 if (errno != ESRCH)
193 continue;
194
195 set_remove(pids, p);
196 }
197
198 if (set_isempty(pids))
199 return 0;
200
201 n = now(CLOCK_MONOTONIC);
202 if (date_log_child > 0 && n >= date_log_child) {
203 log_children_not_yet_killed(pids);
204 /* Log the children not yet killed only once */
205 date_log_child = 0;
206 }
207
208 if (n >= until)
209 return set_size(pids);
210
211 if (date_log_child > 0)
212 timespec_store(&ts, MIN(until - n, date_log_child - n));
213 else
214 timespec_store(&ts, until - n);
215
216 k = sigtimedwait(mask, NULL, &ts);
217 if (k != SIGCHLD) {
218
219 if (k < 0 && errno != EAGAIN)
220 return log_error_errno(errno, "sigtimedwait() failed: %m");
221
222 if (k >= 0)
223 log_warning("sigtimedwait() returned unexpected signal.");
224 }
225 }
226 }
227
228 static int killall(int sig, Set *pids, bool send_sighup) {
229 _cleanup_closedir_ DIR *dir = NULL;
230 int n_killed = 0, r;
231
232 /* Send the specified signal to all remaining processes, if not excluded by ignore_proc().
233 * Returns the number of processes to which the specified signal was sent */
234
235 r = proc_dir_open(&dir);
236 if (r < 0)
237 return log_warning_errno(r, "Failed to open /proc/: %m");
238
239 for (;;) {
240 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
241
242 r = proc_dir_read_pidref(dir, &pidref);
243 if (r < 0)
244 return log_warning_errno(r, "Failed to enumerate /proc/: %m");
245 if (r == 0)
246 break;
247
248 if (ignore_proc(&pidref, sig == SIGKILL && !in_initrd()))
249 continue;
250
251 if (sig == SIGKILL) {
252 _cleanup_free_ char *s = NULL;
253
254 (void) pidref_get_comm(&pidref, &s);
255 log_notice("Sending SIGKILL to PID "PID_FMT" (%s).", pidref.pid, strna(s));
256 }
257
258 r = pidref_kill(&pidref, sig);
259 if (r < 0) {
260 if (r != -ESRCH)
261 log_warning_errno(errno, "Could not kill " PID_FMT ", ignoring: %m", pidref.pid);
262 } else {
263 n_killed++;
264 if (pids) {
265 r = set_put(pids, PID_TO_PTR(pidref.pid));
266 if (r < 0)
267 (void) log_oom_warning();
268 }
269 }
270
271 if (send_sighup) {
272 /* Optionally, also send a SIGHUP signal, but only if the process has a controlling
273 * tty. This is useful to allow handling of shells which ignore SIGTERM but react to
274 * SIGHUP. We do not send this to processes that have no controlling TTY since we
275 * don't want to trigger reloads of daemon processes. Also we make sure to only send
276 * this after SIGTERM so that SIGTERM is always first in the queue. */
277
278 if (get_ctty_devnr(pidref.pid, NULL) >= 0)
279 /* it's OK if the process is gone, just ignore the result */
280 (void) pidref_kill(&pidref, SIGHUP);
281 }
282 }
283
284 return n_killed;
285 }
286
287 int broadcast_signal(int sig, bool wait_for_exit, bool send_sighup, usec_t timeout) {
288 int n_children_left;
289 sigset_t mask, oldmask;
290 _cleanup_set_free_ Set *pids = NULL;
291
292 /* Send the specified signal to all remaining processes, if not excluded by ignore_proc().
293 * Return:
294 * - The number of processes still "alive" after the timeout (that should have been killed)
295 * if the function needs to wait for the end of the processes (wait_for_exit).
296 * - Otherwise, the number of processes to which the specified signal was sent */
297
298 if (wait_for_exit)
299 pids = set_new(NULL);
300
301 assert_se(sigemptyset(&mask) == 0);
302 assert_se(sigaddset(&mask, SIGCHLD) == 0);
303 assert_se(sigprocmask(SIG_BLOCK, &mask, &oldmask) == 0);
304
305 if (kill(-1, SIGSTOP) < 0 && errno != ESRCH)
306 log_warning_errno(errno, "kill(-1, SIGSTOP) failed: %m");
307
308 n_children_left = killall(sig, pids, send_sighup);
309
310 if (kill(-1, SIGCONT) < 0 && errno != ESRCH)
311 log_warning_errno(errno, "kill(-1, SIGCONT) failed: %m");
312
313 if (wait_for_exit && n_children_left > 0)
314 n_children_left = wait_for_children(pids, &mask, timeout);
315
316 assert_se(sigprocmask(SIG_SETMASK, &oldmask, NULL) == 0);
317
318 return n_children_left;
319 }
Unnamed repository; edit this file 'description' to name the repository.