blob: 503d60ebcc6901e95781be72f2c9abfedb294b76 [file] [log] [blame]
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/process/launch.h"
#include <fcntl.h>
#include <io.h>
// windows.h must be included before shellapi.h
#include <windows.h>
#include <psapi.h>
#include <shellapi.h>
#include <userenv.h>
#include <ios>
#include <limits>
#include "base/debug/alias.h"
#include "base/debug/stack_trace.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/logging.h"
#include "base/metrics/histogram.h"
#include "base/process/environment_internal.h"
#include "base/process/kill.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "base/system/sys_info.h"
#include "base/threading/scoped_blocking_call.h"
#include "base/threading/scoped_thread_priority.h"
#include "base/trace_event/base_tracing.h"
#include "base/win/scoped_handle.h"
#include "base/win/scoped_process_information.h"
#include "base/win/startup_information.h"
#include "base/win/windows_version.h"
namespace base {
namespace {
bool GetAppOutputInternal(CommandLine::StringPieceType cl,
bool include_stderr,
std::string* output,
int* exit_code) {
TRACE_EVENT0("base", "GetAppOutput");
HANDLE out_read = nullptr;
HANDLE out_write = nullptr;
SECURITY_ATTRIBUTES sa_attr;
// Set the bInheritHandle flag so pipe handles are inherited.
sa_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
sa_attr.bInheritHandle = TRUE;
sa_attr.lpSecurityDescriptor = nullptr;
// Create the pipe for the child process's STDOUT.
if (!CreatePipe(&out_read, &out_write, &sa_attr, 0)) {
NOTREACHED() << "Failed to create pipe";
return false;
}
// Ensure we don't leak the handles.
win::ScopedHandle scoped_out_read(out_read);
win::ScopedHandle scoped_out_write(out_write);
// Ensure the read handles to the pipes are not inherited.
if (!SetHandleInformation(out_read, HANDLE_FLAG_INHERIT, 0)) {
NOTREACHED() << "Failed to disabled pipe inheritance";
return false;
}
FilePath::StringType writable_command_line_string(cl);
STARTUPINFO start_info = {};
start_info.cb = sizeof(STARTUPINFO);
start_info.hStdOutput = out_write;
// Keep the normal stdin.
start_info.hStdInput = GetStdHandle(STD_INPUT_HANDLE);
if (include_stderr) {
start_info.hStdError = out_write;
} else {
start_info.hStdError = GetStdHandle(STD_ERROR_HANDLE);
}
start_info.dwFlags |= STARTF_USESTDHANDLES;
// Create the child process.
PROCESS_INFORMATION temp_process_info = {};
if (!CreateProcess(nullptr, data(writable_command_line_string), nullptr,
nullptr,
TRUE, // Handles are inherited.
0, nullptr, nullptr, &start_info, &temp_process_info)) {
NOTREACHED() << "Failed to start process";
return false;
}
win::ScopedProcessInformation proc_info(temp_process_info);
// Close our writing end of pipe now. Otherwise later read would not be able
// to detect end of child's output.
scoped_out_write.Close();
// Read output from the child process's pipe for STDOUT
const int kBufferSize = 1024;
char buffer[kBufferSize];
for (;;) {
DWORD bytes_read = 0;
BOOL success =
::ReadFile(out_read, buffer, kBufferSize, &bytes_read, nullptr);
if (!success || bytes_read == 0)
break;
output->append(buffer, bytes_read);
}
// Let's wait for the process to finish.
{
// It is okay to allow this process to wait on the launched process as a
// process launched with GetAppOutput*() shouldn't wait back on the process
// that launched it.
internal::GetAppOutputScopedAllowBaseSyncPrimitives allow_wait;
ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::MAY_BLOCK);
WaitForSingleObject(proc_info.process_handle(), INFINITE);
}
TerminationStatus status =
GetTerminationStatus(proc_info.process_handle(), exit_code);
return status != TERMINATION_STATUS_PROCESS_CRASHED &&
status != TERMINATION_STATUS_ABNORMAL_TERMINATION;
}
Process LaunchElevatedProcess(const CommandLine& cmdline,
bool start_hidden,
bool wait) {
TRACE_EVENT0("base", "LaunchElevatedProcess");
const FilePath::StringType file = cmdline.GetProgram().value();
const CommandLine::StringType arguments = cmdline.GetArgumentsString();
SHELLEXECUTEINFO shex_info = {};
shex_info.cbSize = sizeof(shex_info);
shex_info.fMask = SEE_MASK_NOCLOSEPROCESS;
shex_info.hwnd = GetActiveWindow();
shex_info.lpVerb = L"runas";
shex_info.lpFile = file.c_str();
shex_info.lpParameters = arguments.c_str();
shex_info.lpDirectory = nullptr;
shex_info.nShow = start_hidden ? SW_HIDE : SW_SHOWNORMAL;
shex_info.hInstApp = nullptr;
if (!ShellExecuteEx(&shex_info)) {
DPLOG(ERROR);
return Process();
}
if (wait) {
ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::MAY_BLOCK);
WaitForSingleObject(shex_info.hProcess, INFINITE);
}
return Process(shex_info.hProcess);
}
} // namespace
void RouteStdioToConsole(bool create_console_if_not_found) {
// Don't change anything if stdout or stderr already point to a
// valid stream.
//
// If we are running under Buildbot or under Cygwin's default
// terminal (mintty), stderr and stderr will be pipe handles. In
// that case, we don't want to open CONOUT$, because its output
// likely does not go anywhere.
//
// We don't use GetStdHandle() to check stdout/stderr here because
// it can return dangling IDs of handles that were never inherited
// by this process. These IDs could have been reused by the time
// this function is called. The CRT checks the validity of
// stdout/stderr on startup (before the handle IDs can be reused).
// _fileno(stdout) will return -2 (_NO_CONSOLE_FILENO) if stdout was
// invalid.
if (_fileno(stdout) >= 0 || _fileno(stderr) >= 0) {
// _fileno was broken for SUBSYSTEM:WINDOWS from VS2010 to VS2012/2013.
// http://crbug.com/358267. Confirm that the underlying HANDLE is valid
// before aborting.
intptr_t stdout_handle = _get_osfhandle(_fileno(stdout));
intptr_t stderr_handle = _get_osfhandle(_fileno(stderr));
if (stdout_handle >= 0 || stderr_handle >= 0)
return;
}
if (!AttachConsole(ATTACH_PARENT_PROCESS)) {
unsigned int result = GetLastError();
// Was probably already attached.
if (result == ERROR_ACCESS_DENIED)
return;
// Don't bother creating a new console for each child process if the
// parent process is invalid (eg: crashed).
if (result == ERROR_GEN_FAILURE)
return;
if (create_console_if_not_found) {
// Make a new console if attaching to parent fails with any other error.
// It should be ERROR_INVALID_HANDLE at this point, which means the
// browser was likely not started from a console.
AllocConsole();
} else {
return;
}
}
// Arbitrary byte count to use when buffering output lines. More
// means potential waste, less means more risk of interleaved
// log-lines in output.
enum { kOutputBufferSize = 64 * 1024 };
if (freopen("CONOUT$", "w", stdout)) {
setvbuf(stdout, nullptr, _IOLBF, kOutputBufferSize);
// Overwrite FD 1 for the benefit of any code that uses this FD
// directly. This is safe because the CRT allocates FDs 0, 1 and
// 2 at startup even if they don't have valid underlying Windows
// handles. This means we won't be overwriting an FD created by
// _open() after startup.
_dup2(_fileno(stdout), 1);
}
if (freopen("CONOUT$", "w", stderr)) {
setvbuf(stderr, nullptr, _IOLBF, kOutputBufferSize);
_dup2(_fileno(stderr), 2);
}
// Fix all cout, wcout, cin, wcin, cerr, wcerr, clog and wclog.
std::ios::sync_with_stdio();
}
Process LaunchProcess(const CommandLine& cmdline,
const LaunchOptions& options) {
if (options.elevated)
return LaunchElevatedProcess(cmdline, options.start_hidden, options.wait);
return LaunchProcess(cmdline.GetCommandLineString(), options);
}
Process LaunchProcess(const CommandLine::StringType& cmdline,
const LaunchOptions& options) {
// Retain the command line on the stack for investigating shutdown hangs
// tracked in https://crbug.com/1431378
DEBUG_ALIAS_FOR_WCHARCSTR(cmdline_for_debugging, cmdline.c_str(), 200);
if (options.elevated) {
return LaunchElevatedProcess(base::CommandLine::FromString(cmdline),
options.start_hidden, options.wait);
}
TRACE_EVENT0("base", "LaunchProcess");
// Mitigate the issues caused by loading DLLs on a background thread
// (http://crbug/973868).
SCOPED_MAY_LOAD_LIBRARY_AT_BACKGROUND_PRIORITY();
// |process_mitigations| must outlive |startup_info_wrapper|.
DWORD64 process_mitigations[2]{0, 0};
win::StartupInformation startup_info_wrapper;
STARTUPINFO* startup_info = startup_info_wrapper.startup_info();
DWORD flags = 0;
// Count extended attributes before reserving space.
DWORD attribute_count = 0;
// Count PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY.
if (options.disable_cetcompat &&
base::win::GetVersion() >= base::win::Version::WIN10_20H1) {
++attribute_count;
}
// Count PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
if (!options.handles_to_inherit.empty())
++attribute_count;
// Reserve space for attributes.
if (attribute_count > 0) {
if (!startup_info_wrapper.InitializeProcThreadAttributeList(
attribute_count)) {
DPLOG(ERROR);
return Process();
}
flags |= EXTENDED_STARTUPINFO_PRESENT;
}
// Set PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY.
if (options.disable_cetcompat &&
base::win::GetVersion() >= base::win::Version::WIN10_20H1) {
DCHECK_GT(attribute_count, 0u);
process_mitigations[1] |=
PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_ALWAYS_OFF;
if (!startup_info_wrapper.UpdateProcThreadAttribute(
PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &process_mitigations[0],
sizeof(process_mitigations))) {
return Process();
}
}
// Set PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
bool inherit_handles = options.inherit_mode == LaunchOptions::Inherit::kAll;
if (!options.handles_to_inherit.empty()) {
DCHECK_GT(attribute_count, 0u);
DCHECK_EQ(options.inherit_mode, LaunchOptions::Inherit::kSpecific);
if (options.handles_to_inherit.size() >
std::numeric_limits<DWORD>::max() / sizeof(HANDLE)) {
DLOG(ERROR) << "Too many handles to inherit.";
return Process();
}
// Ensure the handles can be inherited.
for (HANDLE handle : options.handles_to_inherit) {
BOOL result = SetHandleInformation(handle, HANDLE_FLAG_INHERIT,
HANDLE_FLAG_INHERIT);
PCHECK(result);
}
if (!startup_info_wrapper.UpdateProcThreadAttribute(
PROC_THREAD_ATTRIBUTE_HANDLE_LIST,
const_cast<HANDLE*>(&options.handles_to_inherit[0]),
static_cast<DWORD>(options.handles_to_inherit.size() *
sizeof(HANDLE)))) {
DPLOG(ERROR);
return Process();
}
inherit_handles = true;
}
if (options.feedback_cursor_off)
startup_info->dwFlags |= STARTF_FORCEOFFFEEDBACK;
if (options.empty_desktop_name)
startup_info->lpDesktop = const_cast<wchar_t*>(L"");
startup_info->dwFlags |= STARTF_USESHOWWINDOW;
startup_info->wShowWindow = options.start_hidden ? SW_HIDE : SW_SHOWNORMAL;
if (options.stdin_handle || options.stdout_handle || options.stderr_handle) {
DCHECK(inherit_handles);
DCHECK(options.stdin_handle);
DCHECK(options.stdout_handle);
DCHECK(options.stderr_handle);
startup_info->dwFlags |= STARTF_USESTDHANDLES;
startup_info->hStdInput = options.stdin_handle;
startup_info->hStdOutput = options.stdout_handle;
startup_info->hStdError = options.stderr_handle;
}
if (options.force_breakaway_from_job_)
flags |= CREATE_BREAKAWAY_FROM_JOB;
PROCESS_INFORMATION temp_process_info = {};
LPCTSTR current_directory = options.current_directory.empty()
? nullptr
: options.current_directory.value().c_str();
auto writable_cmdline(cmdline);
DCHECK(!(flags & CREATE_SUSPENDED))
<< "Creating a suspended process can lead to hung processes if the "
<< "launching process is killed before it assigns the process to the"
<< "job. https://crbug.com/820996";
if (options.as_user) {
flags |= CREATE_UNICODE_ENVIRONMENT;
void* environment_block = nullptr;
if (!CreateEnvironmentBlock(&environment_block, options.as_user, FALSE)) {
DPLOG(ERROR);
return Process();
}
// Environment options are not implemented for use with |as_user|.
DCHECK(!options.clear_environment);
DCHECK(options.environment.empty());
BOOL launched = CreateProcessAsUser(
options.as_user, nullptr, data(writable_cmdline), nullptr, nullptr,
inherit_handles, flags, environment_block, current_directory,
startup_info, &temp_process_info);
DestroyEnvironmentBlock(environment_block);
if (!launched) {
DPLOG(ERROR) << "Command line:" << std::endl
<< WideToUTF8(cmdline) << std::endl;
return Process();
}
} else {
wchar_t* new_environment = nullptr;
std::wstring env_storage;
if (options.clear_environment || !options.environment.empty()) {
if (options.clear_environment) {
static const wchar_t kEmptyEnvironment[] = {0};
env_storage =
internal::AlterEnvironment(kEmptyEnvironment, options.environment);
} else {
wchar_t* old_environment = GetEnvironmentStrings();
if (!old_environment) {
DPLOG(ERROR);
return Process();
}
env_storage =
internal::AlterEnvironment(old_environment, options.environment);
FreeEnvironmentStrings(old_environment);
}
new_environment = data(env_storage);
flags |= CREATE_UNICODE_ENVIRONMENT;
}
if (!CreateProcess(nullptr, data(writable_cmdline), nullptr, nullptr,
inherit_handles, flags, new_environment,
current_directory, startup_info, &temp_process_info)) {
DPLOG(ERROR) << "Command line:" << std::endl << cmdline << std::endl;
return Process();
}
}
win::ScopedProcessInformation process_info(temp_process_info);
if (options.job_handle &&
!AssignProcessToJobObject(options.job_handle,
process_info.process_handle())) {
DPLOG(ERROR) << "Could not AssignProcessToObject";
Process scoped_process(process_info.TakeProcessHandle());
scoped_process.Terminate(win::kProcessKilledExitCode, true);
return Process();
}
if (options.grant_foreground_privilege &&
!AllowSetForegroundWindow(GetProcId(process_info.process_handle()))) {
DPLOG(ERROR) << "Failed to grant foreground privilege to launched process";
}
if (options.wait) {
ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::MAY_BLOCK);
WaitForSingleObject(process_info.process_handle(), INFINITE);
}
return Process(process_info.TakeProcessHandle());
}
bool SetJobObjectLimitFlags(HANDLE job_object, DWORD limit_flags) {
JOBOBJECT_EXTENDED_LIMIT_INFORMATION limit_info = {};
limit_info.BasicLimitInformation.LimitFlags = limit_flags;
return 0 != SetInformationJobObject(
job_object,
JobObjectExtendedLimitInformation,
&limit_info,
sizeof(limit_info));
}
bool GetAppOutput(const CommandLine& cl, std::string* output) {
return GetAppOutput(cl.GetCommandLineString(), output);
}
bool GetAppOutputAndError(const CommandLine& cl, std::string* output) {
int exit_code;
return GetAppOutputInternal(
cl.GetCommandLineString(), true, output, &exit_code);
}
bool GetAppOutputWithExitCode(const CommandLine& cl,
std::string* output,
int* exit_code) {
return GetAppOutputInternal(
cl.GetCommandLineString(), false, output, exit_code);
}
bool GetAppOutput(CommandLine::StringPieceType cl, std::string* output) {
int exit_code;
return GetAppOutputInternal(cl, false, output, &exit_code);
}
void RaiseProcessToHighPriority() {
SetPriorityClass(GetCurrentProcess(), HIGH_PRIORITY_CLASS);
}
} // namespace base