cmd/tailscaled: change Windows implementation to shut down subprocess via closing its stdin

We've been doing a hard kill of the subprocess, which is only safe as long as
both the cli and gui are not running and the subprocess has had the opportunity
to clean up DNS settings etc. If unattended mode is turned on, this is definitely
unsafe.

I changed babysitProc to close the subprocess's stdin to make it shut down, and
then I plumbed a cancel function into the stdin reader on the subprocess side.

Fixes https://github.com/tailscale/corp/issues/5621

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
This commit is contained in:
Aaron Klotz 2022-12-09 10:14:39 -07:00
parent 9c67395334
commit 53e2010b8a
1 changed files with 21 additions and 8 deletions

View File

@ -25,6 +25,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io"
"log" "log"
"net/netip" "net/netip"
"os" "os"
@ -273,17 +274,24 @@ func beWindowsSubprocess() bool {
log.Printf("Error reading environment config: %v", err) log.Printf("Error reading environment config: %v", err)
} }
ctx, cancel := context.WithCancel(context.Background())
go func() { go func() {
b := make([]byte, 16) b := make([]byte, 16)
for { for {
_, err := os.Stdin.Read(b) _, err := os.Stdin.Read(b)
if err == io.EOF {
// Parent wants us to shut down gracefully.
log.Printf("subproc received EOF from stdin")
cancel()
return
}
if err != nil { if err != nil {
log.Fatalf("stdin err (parent process died): %v", err) log.Fatalf("stdin err (parent process died): %v", err)
} }
} }
}() }()
err := startIPNServer(context.Background(), log.Printf, logid) err := startIPNServer(ctx, log.Printf, logid)
if err != nil { if err != nil {
log.Fatalf("ipnserver: %v", err) log.Fatalf("ipnserver: %v", err)
} }
@ -365,8 +373,9 @@ func babysitProc(ctx context.Context, args []string, logf logger.Logf) {
} }
var proc struct { var proc struct {
mu sync.Mutex mu sync.Mutex
p *os.Process p *os.Process
wStdin *os.File
} }
done := make(chan struct{}) done := make(chan struct{})
@ -378,15 +387,18 @@ func babysitProc(ctx context.Context, args []string, logf logger.Logf) {
case sig = <-interrupt: case sig = <-interrupt:
logf("babysitProc: got signal: %v", sig) logf("babysitProc: got signal: %v", sig)
close(done) close(done)
proc.mu.Lock()
proc.p.Signal(sig)
proc.mu.Unlock()
case <-ctx.Done(): case <-ctx.Done():
logf("babysitProc: context done") logf("babysitProc: context done")
sig = os.Kill
close(done) close(done)
proc.mu.Lock()
// Closing wStdin gives the subprocess a chance to shut down cleanly,
// which is important for cleaning up DNS settings etc.
proc.wStdin.Close()
proc.mu.Unlock()
} }
proc.mu.Lock()
proc.p.Signal(sig)
proc.mu.Unlock()
}() }()
bo := backoff.NewBackoff("babysitProc", logf, 30*time.Second) bo := backoff.NewBackoff("babysitProc", logf, 30*time.Second)
@ -448,6 +460,7 @@ func babysitProc(ctx context.Context, args []string, logf logger.Logf) {
} else { } else {
proc.mu.Lock() proc.mu.Lock()
proc.p = cmd.Process proc.p = cmd.Process
proc.wStdin = wStdin
proc.mu.Unlock() proc.mu.Unlock()
err = cmd.Wait() err = cmd.Wait()