search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
timeout: add the --kill-after option
[coreutils/ericb.git] / src / timeout.c
blob49fc4d879bd0c86da237699ee25d5b7778b1a8ad
1 /* timeout -- run a command with bounded time
2 Copyright (C) 2008-2010 Free Software Foundation, Inc.
3
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>. */
16
17
18 /* timeout - Start a command, and kill it if the specified timeout expires
19
20 We try to behave like a shell starting a single (foreground) job,
21 and will kill the job if we receive the alarm signal we setup.
22 The exit status of the job is returned, or one of these errors:
23 EXIT_TIMEDOUT 124 job timed out
24 EXIT_CANCELED 125 internal error
25 EXIT_CANNOT_INVOKE 126 error executing job
26 EXIT_ENOENT 127 couldn't find job to exec
27
28 Caveats:
29 If user specifies the KILL (9) signal is to be sent on timeout,
30 the monitor is killed and so exits with 128+9 rather than 124.
31
32 If you start a command in the background, which reads from the tty
33 and so is immediately sent SIGTTIN to stop, then the timeout
34 process will ignore this so it can timeout the command as expected.
35 This can be seen with `timeout 10 dd&` for example.
36 However if one brings this group to the foreground with the `fg`
37 command before the timer expires, the command will remain
38 in the sTop state as the shell doesn't send a SIGCONT
39 because the timeout process (group leader) is already running.
40 To get the command running again one can Ctrl-Z, and do fg again.
41 Note one can Ctrl-C the whole job when in this state.
42 I think this could be fixed but I'm not sure the extra
43 complication is justified for this scenario.
44
45 Written by Pádraig Brady. */
46
47 #include <config.h>
48 #include <getopt.h>
49 #include <stdio.h>
50 #include <sys/types.h>
51 #include <signal.h>
52
53 #if HAVE_SYS_WAIT_H
54 # include <sys/wait.h>
55 #endif
56 #ifndef WIFSIGNALED
57 # define WIFSIGNALED(s) (((s) & 0xFFFF) - 1 < (unsigned int) 0xFF)
58 #endif
59 #ifndef WTERMSIG
60 # define WTERMSIG(s) ((s) & 0x7F)
61 #endif
62
63 #include "system.h"
64 #include "xstrtol.h"
65 #include "sig2str.h"
66 #include "operand2sig.h"
67 #include "cloexec.h"
68 #include "error.h"
69 #include "long-options.h"
70 #include "quote.h"
71
72 #define PROGRAM_NAME "timeout"
73
74 #define AUTHORS proper_name_utf8 ("Padraig Brady", "P\303\241draig Brady")
75
76 static int timed_out;
77 static int term_signal = SIGTERM; /* same default as kill command. */
78 static int monitored_pid;
79 static int sigs_to_ignore[NSIG]; /* so monitor can ignore sigs it resends. */
80 static unsigned long kill_after;
81
82 static struct option const long_options[] =
83 {
84 {"kill-after", required_argument, NULL, 'k'},
85 {"signal", required_argument, NULL, 's'},
86 {NULL, 0, NULL, 0}
87 };
88
89 /* send sig to group but not ourselves.
90 * FIXME: Is there a better way to achieve this? */
91 static int
92 send_sig (int where, int sig)
93 {
94 sigs_to_ignore[sig] = 1;
95 return kill (where, sig);
96 }
97
98 static void
99 cleanup (int sig)
100 {
101 if (sig == SIGALRM)
102 {
103 timed_out = 1;
104 sig = term_signal;
105 }
106 if (monitored_pid)
107 {
108 if (sigs_to_ignore[sig])
109 {
110 sigs_to_ignore[sig] = 0;
111 return;
112 }
113 if (kill_after)
114 {
115 /* Start a new timeout after which we'll send SIGKILL. */
116 term_signal = SIGKILL;
117 alarm (kill_after);
118 kill_after = 0; /* Don't let later signals reset kill alarm. */
119 }
120 send_sig (0, sig);
121 if (sig != SIGKILL && sig != SIGCONT)
122 send_sig (0, SIGCONT);
123 }
124 else /* we're the child or the child is not exec'd yet. */
125 _exit (128 + sig);
126 }
127
128 void
129 usage (int status)
130 {
131 if (status != EXIT_SUCCESS)
132 fprintf (stderr, _("Try `%s --help' for more information.\n"),
133 program_name);
134 else
135 {
136 printf (_("\
137 Usage: %s [OPTION] DURATION COMMAND [ARG]...\n\
138 or: %s [OPTION]\n"), program_name, program_name);
139
140 fputs (_("\
141 Start COMMAND, and kill it if still running after DURATION.\n\
142 \n\
143 Mandatory arguments to long options are mandatory for short options too.\n\
144 "), stdout);
145 fputs (_("\
146 -k, --kill-after=DURATION\n\
147 also send a KILL signal if COMMAND is still running\n\
148 this long after the initial signal was sent.\n\
149 -s, --signal=SIGNAL\n\
150 specify the signal to be sent on timeout.\n\
151 SIGNAL may be a name like `HUP' or a number.\n\
152 See `kill -l` for a list of signals\n"), stdout);
153
154 fputs (HELP_OPTION_DESCRIPTION, stdout);
155 fputs (VERSION_OPTION_DESCRIPTION, stdout);
156
157 fputs (_("\n\
158 DURATION is an integer with an optional suffix:\n\
159 `s' for seconds(the default), `m' for minutes, `h' for hours or `d' for days.\n\
160 "), stdout);
161
162 fputs (_("\n\
163 If the command times out, then exit with status 124. Otherwise, exit\n\
164 with the status of COMMAND. If no signal is specified, send the TERM\n\
165 signal upon timeout. The TERM signal kills any process that does not\n\
166 block or catch that signal. For other processes, it may be necessary to\n\
167 use the KILL (9) signal, since this signal cannot be caught.\n"), stdout);
168 emit_ancillary_info ();
169 }
170 exit (status);
171 }
172
173 /* Given a long integer value *X, and a suffix character, SUFFIX_CHAR,
174 scale *X by the multiplier implied by SUFFIX_CHAR. SUFFIX_CHAR may
175 be the NUL byte or `s' to denote seconds, `m' for minutes, `h' for
176 hours, or `d' for days. If SUFFIX_CHAR is invalid, don't modify *X
177 and return false. If *X would overflow an integer, don't modify *X
178 and return false. Otherwise return true. */
179
180 static bool
181 apply_time_suffix (unsigned long *x, char suffix_char)
182 {
183 unsigned int multiplier = 1;
184
185 switch (suffix_char)
186 {
187 case 0:
188 case 's':
189 return true;
190 case 'd':
191 multiplier *= 24;
192 case 'h':
193 multiplier *= 60;
194 case 'm':
195 if (multiplier > UINT_MAX / 60) /* 16 bit overflow */
196 return false;
197 multiplier *= 60;
198 break;
199 default:
200 return false;
201 }
202
203 if (*x > UINT_MAX / multiplier)
204 return false;
205
206 *x *= multiplier;
207
208 return true;
209 }
210
211 static unsigned long
212 parse_duration (const char* str)
213 {
214 unsigned long duration;
215 char *ep;
216
217 if (xstrtoul (str, &ep, 10, &duration, NULL)
218 /* Invalid interval. Note 0 disables timeout */
219 || (duration > UINT_MAX)
220 /* Extra chars after the number and an optional s,m,h,d char. */
221 || (*ep && *(ep + 1))
222 /* Check any suffix char and update timeout based on the suffix. */
223 || !apply_time_suffix (&duration, *ep))
224 {
225 error (0, 0, _("invalid time interval %s"), quote (str));
226 usage (EXIT_CANCELED);
227 }
228
229 return duration;
230 }
231
232 static void
233 install_signal_handlers (int sigterm)
234 {
235 struct sigaction sa;
236 sigemptyset (&sa.sa_mask); /* Allow concurrent calls to handler */
237 sa.sa_handler = cleanup;
238 sa.sa_flags = SA_RESTART; /* restart syscalls (like wait() below) */
239
240 sigaction (SIGALRM, &sa, NULL); /* our timeout. */
241 sigaction (SIGINT, &sa, NULL); /* Ctrl-C at terminal for example. */
242 sigaction (SIGQUIT, &sa, NULL); /* Ctrl-\ at terminal for example. */
243 sigaction (SIGHUP, &sa, NULL); /* terminal closed for example. */
244 sigaction (SIGTERM, &sa, NULL); /* if we're killed, stop monitored proc. */
245 sigaction (sigterm, &sa, NULL); /* user specified termination signal. */
246 }
247
248 int
249 main (int argc, char **argv)
250 {
251 unsigned long timeout;
252 char signame[SIG2STR_MAX];
253 int c;
254
255 initialize_main (&argc, &argv);
256 set_program_name (argv[0]);
257 setlocale (LC_ALL, "");
258 bindtextdomain (PACKAGE, LOCALEDIR);
259 textdomain (PACKAGE);
260
261 initialize_exit_failure (EXIT_CANCELED);
262 atexit (close_stdout);
263
264 parse_long_options (argc, argv, PROGRAM_NAME, PACKAGE_NAME, Version,
265 usage, AUTHORS, (char const *) NULL);
266
267 while ((c = getopt_long (argc, argv, "+k:s:", long_options, NULL)) != -1)
268 {
269 switch (c)
270 {
271 case 'k':
272 kill_after = parse_duration (optarg);
273 break;
274 case 's':
275 term_signal = operand2sig (optarg, signame);
276 if (term_signal == -1)
277 usage (EXIT_CANCELED);
278 break;
279 default:
280 usage (EXIT_CANCELED);
281 break;
282 }
283 }
284
285 if (argc - optind < 2)
286 usage (EXIT_CANCELED);
287
288 timeout = parse_duration (argv[optind++]);
289
290 argv += optind;
291
292 /* Ensure we're in our own group so all subprocesses can be killed.
293 Note we don't just put the child in a separate group as
294 then we would need to worry about foreground and background groups
295 and propagating signals between them. */
296 setpgid (0, 0);
297
298 /* Setup handlers before fork() so that we
299 handle any signals caused by child, without races. */
300 install_signal_handlers (term_signal);
301 signal (SIGTTIN, SIG_IGN); /* don't sTop if background child needs tty. */
302 signal (SIGTTOU, SIG_IGN); /* don't sTop if background child needs tty. */
303 signal (SIGCHLD, SIG_DFL); /* Don't inherit CHLD handling from parent. */
304
305 monitored_pid = fork ();
306 if (monitored_pid == -1)
307 {
308 error (0, errno, _("fork system call failed"));
309 return EXIT_CANCELED;
310 }
311 else if (monitored_pid == 0)
312 { /* child */
313 int exit_status;
314
315 /* exec doesn't reset SIG_IGN -> SIG_DFL. */
316 signal (SIGTTIN, SIG_DFL);
317 signal (SIGTTOU, SIG_DFL);
318
319 execvp (argv[0], argv); /* FIXME: should we use "sh -c" ... here? */
320
321 /* exit like sh, env, nohup, ... */
322 exit_status = (errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE);
323 error (0, errno, _("failed to run command %s"), quote (argv[0]));
324 return exit_status;
325 }
326 else
327 {
328 int status;
329
330 alarm (timeout);
331
332 /* We're just waiting for a single process here, so wait() suffices.
333 Note the signal() calls above on GNU/Linux and BSD at least,
334 essentially call the lower level sigaction() with the SA_RESTART flag
335 set, which ensures the following wait call will only return if the
336 child exits, not on this process receiving a signal. Also we're not
337 passing WUNTRACED | WCONTINUED to a waitpid() call and so will not get
338 indication that the child has stopped or continued. */
339 if (wait (&status) == -1)
340 {
341 /* shouldn't happen. */
342 error (0, errno, _("error waiting for command"));
343 status = EXIT_CANCELED;
344 }
345 else
346 {
347 if (WIFEXITED (status))
348 status = WEXITSTATUS (status);
349 else if (WIFSIGNALED (status))
350 status = WTERMSIG (status) + 128; /* what sh does at least. */
351 else
352 {
353 /* shouldn't happen. */
354 error (0, 0, _("unknown status from command (0x%X)"), status);
355 status = EXIT_FAILURE;
356 }
357 }
358
359 if (timed_out)
360 return EXIT_TIMEDOUT;
361 else
362 return status;
363 }
364 }
Eric Blake's GNU coreutils patches