[Issue #125] Runaway process termination on startup #133
Conversation
|
Also created https://github.com/kohsuke/winsw/releases/tag/PR-133 with winsw.exe for evaluation |
|
@reviewbybees |
|
This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation. |
oleg-nenashev
changed the title
|
Plugin documentation will be delivered later once I get #129 integrated |
| /// <returns>List of child process PIDs</returns> | ||
| public static List<int> GetChildPids(int pid) | ||
| { | ||
| var searcher = new ManagementObjectSearcher("Select * From Win32_Process Where ParentProcessID=" + pid); |
There was a problem hiding this comment.
Does this still work with a limited access user? (ie not running as SYSTEM but a locked down (non-admin) service account)
There was a problem hiding this comment.
It used to work at least. The code has been just migrated to another place without change, so I do not expect differences
| @@ -13,7 +13,7 @@ public class XmlHelper | |||
| /// </summary> | |||
| /// <param name="node">Parent node</param> | |||
| /// <param name="tagName">Element name</param> | |||
| /// <param name="optional">If otional, don't throw an exception if the elemen is missing</param> | |||
| /// <param name="optional">If optional, don't throw an exception if the elemen is missing</param> | |||
There was a problem hiding this comment.
you missed the second typo on the line :) (element)
| [assembly: AssemblyConfiguration("")] | ||
| [assembly: AssemblyCompany("")] | ||
| [assembly: AssemblyProduct("RunawayProcessKiller")] | ||
| [assembly: AssemblyCopyright("Copyright © 2015")] |
| </PropertyGroup> | ||
| <ItemGroup> | ||
| <Reference Include="log4net"> | ||
| <HintPath>..\..\packages\log4net.2.0.5\lib\net20-full\log4net.dll</HintPath> |
There was a problem hiding this comment.
NIT: does a user need to do more setup now to get log4net so they can compile this project? (where can they obtain it from - is the README updated?)
There was a problem hiding this comment.
No need to do additional steps. log4net is being merged into the executable using ILMerge. A user still gets a single binary
| } | ||
| else | ||
| { | ||
| Logger.Warn("The requested PID file '" + Pidfile + "' does not exist. The runaway process won't be checked"); |
There was a problem hiding this comment.
NIT: is this really a warning? - seems like INFO as this is expected (at least for the first time you startup the service)
There was a problem hiding this comment.
And for the first time we have no idea if there is a runaway process. So I think it's a valid Warning
| } | ||
|
|
||
| // Kill the runaway process | ||
| ProcessHelper.StopProcessAndChildren(pid, this.StopTimeout, this.StopParentProcessFirst); |
There was a problem hiding this comment.
This is very scary.... on windows PIDs can be reused... and if this is due to a reboot after say patching the PID could depend on the order of startup of services - so you could (attempt) kill a very important system service.
There should be some form of check that the parent process was the one started (perhaps by setting a magic environment cookie - or at least looking like it is a java process aka Jenkins)
| + " <id>SERVICE_NAME</id> " | ||
| + " <name>Jenkins Slave</name> " | ||
| + " <description>This service runs a slave for Jenkins continuous integration system.</description> " | ||
| + " <executable>C:\\Program Files\\Java\\jre7\\bin\\java.exe</executable> " |
There was a problem hiding this comment.
this test is likely to fail on a CI system like Jenkins if this is needed - if its not - then should really be something like x:\ignored\not\used to avoid confusion.
There was a problem hiding this comment.
This test does not actually start the executable. Hence should be fine
|
@oleg-nenashev generally the code looks good - but killing process trees because a PID was left in a file looks very very scary to me - and I fear you could end up killing very important services on a restart of the OS (due to the old PID being used by a different service after restart) at which point you could crash windows (if its a system critical process) and which point you get boot loops.... |
|
Yes, I agree the process validation needs to be extended |
…rs service Id before terminating it
|
@jtnord I have added the check of the Service Id environment of the process, which needs to be terminated |
|
@reviewbybees done |
Edited by @NextTurn: Resolves #125. Changes summary:
IWinSWExtensionnow offers hooks for the wrapped process startup/terminationMaintoProcessHelperinWinSW BaseRunaway Process Killerwith some basic testsThis change introduces an extension, which performs automatic termination of runaway processes on startup. Sample configuration:
https://issues.jenkins-ci.org/browse/JENKINS-39231