Make POSIX SIGTERM/SIGINT/SIGHUP handler async signal safe.

chrome/browser/browser_main.cc

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/browser_main.h"
 
 #include <algorithm>
 
 #include "app/hi_res_timer_manager.h"
 #include "app/l10n_util.h"
 #include "app/resource_bundle.h"
 #include "app/system_monitor.h"
 #include "base/command_line.h"
 #include "base/field_trial.h"
 #include "base/file_util.h"
 #include "base/histogram.h"
 #include "base/lazy_instance.h"
 #include "base/scoped_nsautorelease_pool.h"
 #include "base/path_service.h"
+#include "base/platform_thread.h"
 #include "base/process_util.h"
 #include "base/string_piece.h"
 #include "base/string_util.h"
 #include "base/sys_string_conversions.h"
 #include "base/time.h"
 #include "base/tracked_objects.h"
 #include "base/values.h"
 #include "chrome/browser/browser_main_win.h"
 #include "chrome/browser/browser_init.h"
 #include "chrome/browser/browser_list.h"
@@ skipping 35 matching lines @@
 #include "net/base/net_module.h"
 #include "net/http/http_network_session.h"
 #include "net/socket/client_socket_pool_base.h"
 
 #if defined(OS_POSIX)
 // TODO(port): get rid of this include. It's used just to provide declarations
 // and stub definitions for classes we encouter during the porting effort.
 #include <errno.h>
 #include <signal.h>
 #include <sys/resource.h>
+#include "base/eintr_wrapper.h"
 #endif
 
 #if defined(USE_LINUX_BREAKPAD)
 #include "base/linux_util.h"
 #include "chrome/app/breakpad_linux.h"
 #endif
 
 #if defined(OS_LINUX)
 #include "chrome/common/gtk_util.h"
 #endif
@@ skipping 76 matching lines @@
 #elif defined(OS_POSIX)
   MessageLoopForUI::current()->Run();
 #endif
 }
 
 #if defined(OS_POSIX)
 // See comment in BrowserMain, where sigaction is called.
 void SIGCHLDHandler(int signal) {
 }
 
+int g_shutdown_pipe_write_fd = -1;
+int g_shutdown_pipe_read_fd = -1;
+
 // Common code between SIG{HUP, INT, TERM}Handler.
-void GracefulShutdownHandler(int signal, const int expected_signal) {
-  DCHECK_EQ(signal, expected_signal);
-  LOG(INFO) << "Addressing signal " << expected_signal << " on "
-            << PlatformThread::CurrentId();
-
-  bool posted = ChromeThread::PostTask(
-      ChromeThread::UI, FROM_HERE,
-      NewRunnableFunction(BrowserList::CloseAllBrowsersAndExit));
-
+void GracefulShutdownHandler(int signal) {
   // Reinstall the default handler.  We had one shot at graceful shutdown.
   struct sigaction action;
   memset(&action, 0, sizeof(action));
   action.sa_handler = SIG_DFL;
-  CHECK(sigaction(expected_signal, &action, NULL) == 0);
+  CHECK(sigaction(signal, &action, NULL) == 0);
 
-  if (posted) {
-    LOG(INFO) << "Posted task to UI thread; resetting signal "
-              << expected_signal << " handler";
-  } else {
+  RAW_CHECK(g_shutdown_pipe_write_fd != -1);
+  RAW_CHECK(g_shutdown_pipe_read_fd != -1);
+  size_t bytes_written = 0;
+  do {
+    int rv = HANDLE_EINTR(
+        write(g_shutdown_pipe_write_fd,
+              reinterpret_cast<const char*>(&signal) + bytes_written,
+              sizeof(signal) - bytes_written));
+    RAW_CHECK(rv >= 0);
+    bytes_written += rv;
+  } while (bytes_written < sizeof(signal));
+
+  RAW_LOG(INFO,
+          "Successfully wrote to shutdown pipe, resetting signal handler.");
+}
+
+// See comment in BrowserMain, where sigaction is called.
+void SIGHUPHandler(int signal) {
+  RAW_CHECK(signal == SIGHUP);
+  RAW_LOG(INFO, "Handling SIGHUP.");
+  GracefulShutdownHandler(signal);
+}
+
+// See comment in BrowserMain, where sigaction is called.
+void SIGINTHandler(int signal) {
+  RAW_CHECK(signal == SIGINT);
+  RAW_LOG(INFO, "Handling SIGINT.");
+  GracefulShutdownHandler(signal);
+}
+
+// See comment in BrowserMain, where sigaction is called.
+void SIGTERMHandler(int signal) {
+  RAW_CHECK(signal == SIGTERM);
+  RAW_LOG(INFO, "Handling SIGTERM.");
+  GracefulShutdownHandler(signal);
+}
+
+class ShutdownDetector : public PlatformThread::Delegate {
+ public:
+  explicit ShutdownDetector(int shutdown_fd);
+
+  virtual void ThreadMain();
+
+ private:
+  const int shutdown_fd_;
+
+  DISALLOW_COPY_AND_ASSIGN(ShutdownDetector);
+};
+
+ShutdownDetector::ShutdownDetector(int shutdown_fd)
+    : shutdown_fd_(shutdown_fd) {
+  CHECK(shutdown_fd_ != -1);
+}
+
+void ShutdownDetector::ThreadMain() {
+  int signal;
+  size_t bytes_read = 0;
+  ssize_t ret;
+  do {
+    ret = HANDLE_EINTR(
+        read(shutdown_fd_,
+             reinterpret_cast<char*>(&signal) + bytes_read,
+             sizeof(signal) - bytes_read));
+    if (ret < 0) {
+      NOTREACHED() << "Unexpected error: " << strerror(errno);
+      break;
+    } else if (ret == 0) {
+      NOTREACHED() << "Unexpected closure of shutdown pipe.";
+      break;
+    }
+    bytes_read += ret;
+  } while (bytes_read < sizeof(signal));
+
+  LOG(INFO) << "Handling shutdown for signal " << signal << ".";
+
+  if (!ChromeThread::PostTask(
+      ChromeThread::UI, FROM_HERE,
+      NewRunnableFunction(BrowserList::CloseAllBrowsersAndExit))) {
     // Without a UI thread to post the exit task to, there aren't many
     // options.  Raise the signal again.  The default handler will pick it up
     // and cause an ungraceful exit.
-    LOG(WARNING) << "No UI thread, exiting ungracefully";
+    LOG(WARNING) << "No UI thread, exiting ungracefully.";
     kill(getpid(), signal);
 
     // The signal may be handled on another thread.  Give that a chance to
     // happen.
     sleep(3);
 
     // We really should be dead by now.  For whatever reason, we're not. Exit
     // immediately, with the exit status set to the signal number with bit 8
     // set.  On the systems that we care about, this exit status is what is
     // normally used to indicate an exit by this signal's default handler.
     // This mechanism isn't a de jure standard, but even in the worst case, it
     // should at least result in an immediate exit.
-    LOG(WARNING) << "Still here, exiting really ungracefully";
+    LOG(WARNING) << "Still here, exiting really ungracefully.";
     _exit(signal | (1 << 7));
   }
 }
 
-// See comment in BrowserMain, where sigaction is called.
-void SIGHUPHandler(int signal) {
-  GracefulShutdownHandler(signal, SIGHUP);
-}
-
-// See comment in BrowserMain, where sigaction is called.
-void SIGINTHandler(int signal) {
-  GracefulShutdownHandler(signal, SIGINT);
-}
-
-// See comment in BrowserMain, where sigaction is called.
-void SIGTERMHandler(int signal) {
-  GracefulShutdownHandler(signal, SIGTERM);
-}
-
 // Sets the file descriptor soft limit to |max_descriptors| or the OS hard
 // limit, whichever is lower.
 void SetFileDescriptorLimit(unsigned int max_descriptors) {
   struct rlimit limits;
   if (getrlimit(RLIMIT_NOFILE, &limits) == 0) {
     unsigned int new_limit = max_descriptors;
     if (limits.rlim_max > 0 && limits.rlim_max < max_descriptors) {
       new_limit = limits.rlim_max;
     }
     limits.rlim_cur = new_limit;
@@ skipping 118 matching lines @@
   std::wstring app_name = chrome::kBrowserAppName;
   std::string thread_name_string = WideToASCII(app_name + L"_BrowserMain");
 
   const char* thread_name = thread_name_string.c_str();
   PlatformThread::SetName(thread_name);
   main_message_loop.set_thread_name(thread_name);
 
   // Register the main thread by instantiating it, but don't call any methods.
   ChromeThread main_thread(ChromeThread::UI, MessageLoop::current());
 
+#if defined(OS_POSIX)
+  int pipefd[2];
+  int ret = pipe(pipefd);
+  if (ret < 0) {
+    PLOG(DFATAL) << "Failed to create pipe";
+  } else {
+    g_shutdown_pipe_read_fd = pipefd[0];
+    g_shutdown_pipe_write_fd = pipefd[1];
+    const size_t kShutdownDetectorThreadStackSize = 4096;
+    if (!PlatformThread::CreateNonJoinable(
+        kShutdownDetectorThreadStackSize,
+        new ShutdownDetector(g_shutdown_pipe_read_fd))) {

[Hironori Bono, 2009/12/08 09:44:53]

I'm wondering when this ShutdownDetector instance is deleted. (Is this caused
the memory leak in one of our Linux buildbots since Build 2213?)

+      LOG(DFATAL) << "Failed to create shutdown detector task.";
+    }
+  }
+#endif  // defined(OS_POSIX)
+
   FilePath user_data_dir;
 #if defined(OS_WIN)
   PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
 #else
   // Getting the user data dir can fail if the directory isn't
   // creatable, for example; on Windows in code below we bring up a
   // dialog prompting the user to pick a different directory.
   // However, ProcessSingleton needs a real user_data_dir on Mac/Linux,
   // so it's better to fail here than fail mysteriously elsewhere.
   CHECK(PathService::Get(chrome::DIR_USER_DATA, &user_data_dir))
@@ skipping 523 matching lines @@
   if (metrics)
     metrics->Stop();
 
   // browser_shutdown takes care of deleting browser_process, so we need to
   // release it.
   browser_process.release();
   browser_shutdown::Shutdown();
 
   return result_code;
 }