/*

 * Copyright 2006-2007 Free Software Foundation, Inc.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

 *

 * Reap any leftover children possibly holding file descriptors.

 * Children are identified by the stale file descriptor or PGID / SID.

 * Both can be missed but only the stale file descriptors are important for us.

 * PGID / SID may be set by the children on their own.

 * If we fine a candidate we kill it will all its process tree (grandchildren).

 * The child process is run with `2>&1' redirection (due to forkpty(3)).

 * 2007-07-10  Jan Kratochvil  <jan.kratochvil@redhat.com>

 */

/* For getpgid(2).  */

#define _GNU_SOURCE 1

#include <stdio.h>

#include <stdlib.h>

#include <sys/types.h>

#include <sys/wait.h>

#include <dirent.h>

#include <unistd.h>

#include <errno.h>

#include <ctype.h>

#include <string.h>

#include <limits.h>

#include <fcntl.h>

#include <assert.h>

#include <pty.h>

#include <poll.h>

#include <sys/stat.h>

#define LENGTH(x) (sizeof (x) / sizeof (*(x)))

static const char *progname;

static volatile pid_t child;

static void signal_chld (int signo)

{

}

static volatile int signal_alrm_hit = 0;

static void signal_alrm (int signo)

{

  signal_alrm_hit = 1;

}

static char childptyname[LINE_MAX];

static void print_child_error (const char *reason, char **argv)

{

  char **sp;

  fprintf (stderr, "%s: %d %s:", progname, (int) child, reason);

  for (sp = argv; *sp != NULL; sp++)

    {

      fputc (' ', stderr);

      fputs (*sp, stderr);

    }

  fputc ('\n', stderr);

}

static int read_out (int amaster)

{

  char buf[LINE_MAX];

  ssize_t buf_got;

  buf_got = read (amaster, buf, sizeof buf);

  if (buf_got == 0)

    return 0;

  /* Weird but at least after POLLHUP we get EIO instead of just EOF.  */

  if (buf_got == -1 && errno == EIO)

    return 0;

  if (buf_got == -1 && errno == EAGAIN)

    return 0;

  if (buf_got < 0)

    {

      perror ("read (amaster)");

      exit (EXIT_FAILURE);

    }

  if (write (STDOUT_FILENO, buf, buf_got) != buf_got)

    {

      perror ("write(2)");

      exit (EXIT_FAILURE);

    }

  return 1;

}

/* kill (child, 0) == 0 sometimes even when CHILD's state is already "Z".  */

static int child_exited (void)

{

  char buf[200];

  int fd, i, retval;

  ssize_t got;

  char state[3];

  snprintf (buf, sizeof (buf), "/proc/%ld/stat", (long) child);

  fd = open (buf, O_RDONLY);

  if (fd == -1)

    {

      perror ("open (/proc/CHILD/stat)");

      exit (EXIT_FAILURE);

    }

  got = read (fd, buf, sizeof(buf));

  if (got <= 0)

    {

      perror ("read (/proc/CHILD/stat)");

      exit (EXIT_FAILURE);

    }

  if (close (fd) != 0)

    {

      perror ("close (/proc/CHILD/stat)");

      exit (EXIT_FAILURE);

    }

  /* RHEL-5 does not support %ms.  */

  i = sscanf (buf, "%*d%*s%2s", state);

  if (i != 1)

    {

      perror ("sscanf (/proc/CHILD/stat)");

      exit (EXIT_FAILURE);

    }

  retval = strcmp (state, "Z") == 0;

  return retval;

}

static int spawn (char **argv, int timeout)

{

  pid_t child_got;

  int status, amaster, i, rc;

  struct sigaction act;

  sigset_t set;

  struct termios termios;

  unsigned alarm_orig;

  /* We do not use signal(2) to be sure we do not have SA_RESTART.  */

  memset (&act, 0, sizeof (act));

  act.sa_handler = signal_chld;

  i = sigemptyset (&act.sa_mask);

  assert (i == 0);

  act.sa_flags = 0;	/* !SA_RESTART */

  i = sigaction (SIGCHLD, &act, NULL);

  assert (i == 0);

  i = sigemptyset (&set);

  assert (i == 0);

  i = sigaddset (&set, SIGCHLD);

  assert (i == 0);

  i = sigprocmask (SIG_SETMASK, &set, NULL);

  assert (i == 0);

  /* With TERMP passed as NULL we get "\n" -> "\r\n".  */

  termios.c_iflag = IGNBRK | IGNPAR;

  termios.c_oflag = 0;

  termios.c_cflag = CS8 | CREAD | CLOCAL | HUPCL | B9600;

  termios.c_lflag = IEXTEN | NOFLSH;

  memset (termios.c_cc, _POSIX_VDISABLE, sizeof (termios.c_cc));

  termios.c_cc[VTIME] = 0;

  termios.c_cc[VMIN ] = 1;

  cfmakeraw (&termios);

#ifdef FLUSHO

  /* Workaround a readline deadlock bug in _get_tty_settings().  */

  termios.c_lflag &= ~FLUSHO;

#endif

  child = forkpty (&amaster, childptyname, &termios, NULL);

  switch (child)

    {

      case -1:

	perror ("forkpty(3)");

	exit (EXIT_FAILURE);

      case 0:

	/* Do not replace STDIN as inferiors query its termios.  */

#if 0

	i = close (STDIN_FILENO);

	assert (i == 0);

	i = open ("/dev/null", O_RDONLY);

	assert (i == STDIN_FILENO);

#endif

	i = sigemptyset (&set);

	assert (i == 0);

	i = sigprocmask (SIG_SETMASK, &set, NULL);

	assert (i == 0);

	/* Do not setpgrp(2) in the parent process as the process-group

	   is shared for the whole sh(1) pipeline we could be a part

	   of.  The process-group is set according to PID of the first

	   command in the pipeline.

	   We would rip even vi(1) in the case of:

		./orphanripper sh -c 'sleep 1&' | vi -

	   */

	/* Do not setpgrp(2) as our pty would not be ours and we would

	   get `SIGSTOP' later, particularly after spawning gdb(1).

	   setsid(3) was already executed by forkpty(3) and it would fail if

	   executed again.  */

	if (getpid() != getpgrp ())

	  {

	    perror ("getpgrp(2)");

	    exit (EXIT_FAILURE);

	  }

	execvp (argv[0], argv);

	perror ("execvp(2)");

	exit (EXIT_FAILURE);

      default:

	break;

    }

  i = fcntl (amaster, F_SETFL, O_RDWR | O_NONBLOCK);

  if (i != 0)

    {

      perror ("fcntl (amaster, F_SETFL, O_NONBLOCK)");

      exit (EXIT_FAILURE);

    }

  /* We do not use signal(2) to be sure we do not have SA_RESTART.  */

  act.sa_handler = signal_alrm;

  i = sigaction (SIGALRM, &act, NULL);

  assert (i == 0);

  alarm_orig = alarm (timeout);

  assert (alarm_orig == 0);

  i = sigemptyset (&set);

  assert (i == 0);

  while (!signal_alrm_hit)

    {

      struct pollfd pollfd;

      pollfd.fd = amaster;

      pollfd.events = POLLIN;

      i = ppoll (&pollfd, 1, NULL, &set);

      if (i == -1 && errno == EINTR)

	{

	  if (child_exited ())

	    break;

	  /* Non-CHILD child may have exited.  */

	  continue;

	}

      assert (i == 1);

      /* Data available?  Process it first.  */

      if (pollfd.revents & POLLIN)

	{

	  if (!read_out (amaster))

	    {

	      fprintf (stderr, "%s: Unexpected EOF\n", progname);

	      exit (EXIT_FAILURE);

	    }

	}

      if (pollfd.revents & POLLHUP)

        break;

      if ((pollfd.revents &= ~POLLIN) != 0)

	{

	  fprintf (stderr, "%s: ppoll(2): revents 0x%x\n", progname,

		   (unsigned) pollfd.revents);

	  exit (EXIT_FAILURE);

	}

      /* Child exited?  */

      if (child_exited ())

	break;

    }

  if (signal_alrm_hit)

    {

      i = kill (child, SIGKILL);

      assert (i == 0);

    }

  else

    alarm (0);

  /* WNOHANG still could fail.  */

  child_got = waitpid (child, &status, 0);

  if (child != child_got)

    {

      fprintf (stderr, "waitpid (%d) = %d: %m\n", (int) child, (int) child_got);

      exit (EXIT_FAILURE);

    }

  if (signal_alrm_hit)

    {

      char *buf;

      if (asprintf (&buf, "Timed out after %d seconds", timeout) != -1)

	{

	  print_child_error (buf, argv);

	  free (buf);

	}

      rc = 128 + SIGALRM;

    }

  else if (WIFEXITED (status))

    rc = WEXITSTATUS (status);

  else if (WIFSIGNALED (status))

    {

      print_child_error (strsignal (WTERMSIG (status)), argv);

      rc = 128 + WTERMSIG (status);

    }

  else if (WIFSTOPPED (status))

    {

      fprintf (stderr, "waitpid (%d): WIFSTOPPED - WSTOPSIG is %d\n",

	       (int) child, WSTOPSIG (status));

      exit (EXIT_FAILURE);

    }

  else

    {

      fprintf (stderr, "waitpid (%d): !WIFEXITED (%d)\n", (int) child, status);

      exit (EXIT_FAILURE);

    }

  /* Not used in fact.  */

  i = sigprocmask (SIG_SETMASK, &set, NULL);

  assert (i == 0);

  /* Do not unset O_NONBLOCK as a stale child (the whole purpose of this

     program) having open its output pty would block us in read_out.  */

#if 0

  i = fcntl (amaster, F_SETFL, O_RDONLY /* !O_NONBLOCK */);

  if (i != 0)

    {

      perror ("fcntl (amaster, F_SETFL, O_RDONLY /* !O_NONBLOCK */)");

      exit (EXIT_FAILURE);

    }

#endif

  while (read_out (amaster));

  /* Do not close the master FD as the child would have `/dev/pts/23 (deleted)'

     entries which are not expected (and expecting ` (deleted)' would be

     a race.  */

#if 0

  i = close (amaster);

  if (i != 0)

    {

      perror ("close (forkpty ()'s amaster)");

      exit (EXIT_FAILURE);

    }

#endif

  return rc;

}

/* Detected commandline may look weird due to a race:

   Original command:

	./orphanripper sh -c 'sleep 1&' &

   Correct output:

	[1] 29610

	./orphanripper: Killed -9 orphan PID 29612 (PGID 29611): sleep 1

   Raced output (sh(1) child still did not update its argv[]):

	[1] 29613

	./orphanripper: Killed -9 orphan PID 29615 (PGID 29614): sh -c sleep 1&

   We could delay a bit before ripping the children.  */

static const char *read_cmdline (pid_t pid)

{

  char cmdline_fname[32];

  static char cmdline[LINE_MAX];

  int fd;

  ssize_t got;

  char *s;

  if (snprintf (cmdline_fname, sizeof cmdline_fname, "/proc/%d/cmdline",

      (int) pid) < 0)

    return NULL;

  fd = open (cmdline_fname, O_RDONLY);

  if (fd == -1)

    {

      /* It may have already exited - ENOENT.  */

#if 0

      fprintf (stderr, "%s: open (\"%s\"): %m\n", progname, cmdline_fname);

#endif

      return NULL;

    }

  got = read (fd, cmdline, sizeof (cmdline) - 1);

  if (got == -1)

    fprintf (stderr, "%s: read (\"%s\"): %m\n", progname,

       cmdline_fname);

  if (close (fd) != 0)

    fprintf (stderr, "%s: close (\"%s\"): %m\n", progname,

       cmdline_fname);

  if (got < 0)

    return NULL;

  /* Convert '\0' argument delimiters to spaces.  */

  for (s = cmdline; s < cmdline + got; s++)

    if (!*s)

      *s = ' ';

  /* Trim the trailing spaces (typically single '\0'->' ').  */

  while (s > cmdline && isspace (s[-1]))

    s--;

  *s = 0;

  return cmdline;

}

static int dir_scan (const char *dirname,

		  int (*callback) (struct dirent *dirent, const char *pathname))

{

  DIR *dir;

  struct dirent *dirent;

  int rc = 0;

  dir = opendir (dirname);

  if (dir == NULL)

    {

      if (errno == EACCES || errno == ENOENT)

	return rc;

      fprintf (stderr, "%s: opendir (\"%s\"): %m\n", progname, dirname);

      exit (EXIT_FAILURE);

    }

  while ((errno = 0, dirent = readdir (dir)))

    {

      char pathname[LINE_MAX];

      int pathname_len;

      pathname_len = snprintf (pathname, sizeof pathname, "%s/%s",

				 dirname, dirent->d_name);

      if (pathname_len <= 0 || pathname_len >= (int) sizeof pathname)

	{

	  fprintf (stderr, "entry file name too long: `%s' / `%s'\n",

		   dirname, dirent->d_name);

	  continue;

	}

      /* RHEL-4.5 on s390x never fills in D_TYPE.  */

      if (dirent->d_type == DT_UNKNOWN)

        {

	  struct stat statbuf;

	  int i;

	  /* We are not interested in the /proc/PID/fd/ links targets.  */

	  i = lstat (pathname, &statbuf);

	  if (i == -1)

	    {

	      if (errno == EACCES || errno == ENOENT)

	        continue;

	      fprintf (stderr, "%s: stat (\"%s\"): %m\n", progname, pathname);

	      exit (EXIT_FAILURE);

	    }

	  if (S_ISDIR (statbuf.st_mode))

	    dirent->d_type = DT_DIR;

	  if (S_ISLNK (statbuf.st_mode))

	    dirent->d_type = DT_LNK;

	  /* No other D_TYPE types used in this code.  */

	}

      rc = (*callback) (dirent, pathname);

      if (rc != 0)

	{

	  errno = 0;

	  break;

	}

    }

  if (errno != 0)

    {

      fprintf (stderr, "%s: readdir (\"%s\"): %m\n", progname, dirname);

      exit (EXIT_FAILURE);

    }

  if (closedir (dir) != 0)

    {

      fprintf (stderr, "%s: closedir (\"%s\"): %m\n", progname, dirname);

      exit (EXIT_FAILURE);

    }

  return rc;

}

static int fd_fs_scan (pid_t pid, int (*func) (pid_t pid, const char *link))

{

  char dirname[64];

  if (snprintf (dirname, sizeof dirname, "/proc/%d/fd", (int) pid) < 0)

    {

      perror ("snprintf(3)");

      exit (EXIT_FAILURE);

    }

  int callback (struct dirent *dirent, const char *pathname)

  {

    char buf[LINE_MAX];

    ssize_t buf_len;

    if ((dirent->d_type != DT_DIR && dirent->d_type != DT_LNK)

	|| (dirent->d_type == DT_DIR && strcmp (dirent->d_name, ".") != 0

	    && strcmp (dirent->d_name, "..") != 0)

	|| (dirent->d_type == DT_LNK && strspn (dirent->d_name, "0123456789")

	    != strlen (dirent->d_name)))

      {

	fprintf (stderr, "Unexpected entry \"%s\" (d_type %u)"

			 " on readdir (\"%s\"): %m\n",

		 dirent->d_name, (unsigned) dirent->d_type, dirname);

	return 0;

      }

    if (dirent->d_type == DT_DIR)

      return 0;

    buf_len = readlink (pathname, buf, sizeof buf - 1);

    if (buf_len <= 0 || buf_len >= (ssize_t) sizeof buf - 1)

      {

	if (errno != ENOENT && errno != EACCES)

	  fprintf (stderr, "Error reading link \"%s\": %m\n", pathname);

	return 0;

      }

    buf[buf_len] = 0;

    return (*func) (pid, buf);

  }

  return dir_scan (dirname, callback);

}

static void pid_fs_scan (void (*func) (pid_t pid, void *data), void *data)

{

  int callback (struct dirent *dirent, const char *pathname)

  {

    if (dirent->d_type != DT_DIR

	|| strspn (dirent->d_name, "0123456789") != strlen (dirent->d_name))

      return 0;

    (*func) (atoi (dirent->d_name), data);

    return 0;

  }

  dir_scan ("/proc", callback);

}

static int rip_check_ptyname (pid_t pid, const char *link)

{

  assert (pid != getpid ());

  return strcmp (link, childptyname) == 0;

}

struct pid

  {

    struct pid *next;

    pid_t pid;

  };

static struct pid *pid_list;

static int pid_found (pid_t pid)

{

  struct pid *entry;

  for (entry = pid_list; entry != NULL; entry = entry->next)

    if (entry->pid == pid)

      return 1;

  return 0;

}

/* Single pass is not enough, a (multithreaded) process was seen to survive.

   Repeated killing of the same process is not enough, zombies can be killed.

   */

static int cleanup_acted;

static void pid_record (pid_t pid)

{

  struct pid *entry;

  if (pid_found (pid))

    return;

  cleanup_acted = 1;

  entry = malloc (sizeof (*entry));

  if (entry == NULL)

    {

      fprintf (stderr, "%s: malloc: %m\n", progname);

      exit (EXIT_FAILURE);

    }

  entry->pid = pid;

  entry->next = pid_list;

  pid_list = entry;

}

static void pid_forall (void (*func) (pid_t pid))

{

  struct pid *entry;

  for (entry = pid_list; entry != NULL; entry = entry->next)

    (*func) (entry->pid);

}

/* Returns 0 on failure.  */

static pid_t pid_get_parent (pid_t pid)

{

  char fname[64];

  FILE *f;

  char line[LINE_MAX];

  pid_t retval = 0;

  if (snprintf (fname, sizeof fname, "/proc/%d/status", (int) pid) < 0)

    {

      perror ("snprintf(3)");

      exit (EXIT_FAILURE);

    }

  f = fopen (fname, "r");

  if (f == NULL)

    {

      return 0;

    }

  while (errno = 0, fgets (line, sizeof line, f) == line)

    {

      if (strncmp (line, "PPid:\t", sizeof "PPid:\t" - 1) != 0)

	continue;

      retval = atoi (line + sizeof "PPid:\t" - 1);

      errno = 0;

      break;

    }

  if (errno != 0)

    {

      fprintf (stderr, "%s: fgets (\"%s\"): %m\n", progname, fname);

      exit (EXIT_FAILURE);

    }

  if (fclose (f) != 0)

    {

      fprintf (stderr, "%s: fclose (\"%s\"): %m\n", progname, fname);

      exit (EXIT_FAILURE);

    }

  return retval;

}

static void killtree (pid_t pid);

static void killtree_pid_fs_scan (pid_t pid, void *data)

{

  pid_t parent_pid = *(pid_t *) data;

  /* Do not optimize it as we could miss some newly spawned processes.

     Always traverse all the leaves.  */

#if 0

  /* Optimization.  */

  if (pid_found (pid))

    return;

#endif

  if (pid_get_parent (pid) != parent_pid)

    return;

  killtree (pid);

}

static void killtree (pid_t pid)

{

  pid_record (pid);

  pid_fs_scan (killtree_pid_fs_scan, &pid;;

}

static void rip_pid_fs_scan (pid_t pid, void *data)

{

  pid_t pgid;

  /* Shouldn't happen.  */

  if (pid == getpid ())

    return;

  /* Check both PGID and the stale file descriptors.  */

  pgid = getpgid (pid);

  if (pgid == child

      || fd_fs_scan (pid, rip_check_ptyname) != 0)

    killtree (pid);

}

static void killproc (pid_t pid)

{

  const char *cmdline;

  cmdline = read_cmdline (pid);

  /* Avoid printing the message for already gone processes.  */

  if (kill (pid, 0) != 0 && errno == ESRCH)

    return;

  if (cmdline == NULL)

    cmdline = "<error>";

  fprintf (stderr, "%s: Killed -9 orphan PID %d: %s\n", progname, (int) pid, cmdline);

  if (kill (pid, SIGKILL) == 0)

    cleanup_acted = 1;

  else if (errno != ESRCH)

    fprintf (stderr, "%s: kill (%d, SIGKILL): %m\n", progname, (int) pid);

  /* RHEL-3 kernels cannot SIGKILL a `T (stopped)' process.  */

  kill (pid, SIGCONT);

  /* Do not waitpid(2) as it cannot be our direct descendant and it gets

     cleaned up by init(8).  */

#if 0

  pid_t pid_got;

  pid_got = waitpid (pid, NULL, 0);

  if (pid != pid_got)

    {

      fprintf (stderr, "%s: waitpid (%d) != %d: %m\n", progname,

	 (int) pid, (int) pid_got);

      return;

    }

#endif

}

static void rip (void)

{

  cleanup_acted = 0;

  do

    {

      if (cleanup_acted)

        usleep (1000000 / 10);

      cleanup_acted = 0;

      pid_fs_scan (rip_pid_fs_scan, NULL);

      pid_forall (killproc);

    }

  while (cleanup_acted);

}

int main (int argc, char **argv)

{

  int timeout = 0;

  int rc;

  progname = *argv++;

  argc--;

  if (argc < 1 || strcmp (*argv, "-h") == 0

      || strcmp (*argv, "--help") == 0)