* limitations under the License.
*/
-#include "folly/Subprocess.h"
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
+#include <folly/Subprocess.h>
#if __linux__
#include <sys/prctl.h>
#include <fcntl.h>
#include <poll.h>
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
#include <unistd.h>
#include <array>
#include <glog/logging.h>
-#include "folly/Conv.h"
-#include "folly/Exception.h"
-#include "folly/FileUtil.h"
-#include "folly/ScopeGuard.h"
-#include "folly/String.h"
-#include "folly/io/Cursor.h"
+#include <folly/Conv.h>
+#include <folly/Exception.h>
+#include <folly/ScopeGuard.h>
+#include <folly/String.h>
+#include <folly/io/Cursor.h>
extern char** environ;
// Copy pointers to the given strings in a format suitable for posix_spawn
std::unique_ptr<const char*[]> cloneStrings(const std::vector<std::string>& s) {
std::unique_ptr<const char*[]> d(new const char*[s.size() + 1]);
- for (int i = 0; i < s.size(); i++) {
+ for (size_t i = 0; i < s.size(); i++) {
d[i] = s[i].c_str();
}
d[s.size()] = nullptr;
});
// Create a pipe to use to receive error information from the child,
- // in case it fails before calling exec(), setting the close-on-exec flag
- // on both sides of the pipe.
- // This way the pipe will be closed automatically in the child if execve()
- // succeeds. If the exec fails the child can write error information to the
- // pipe.
- // Note that O_CLOEXEC must be set in a single call while we are creating
- // the pipe instead of doing pipe()/fcntl separately, which might race if a
- // another thread calls fork()/exec() concurrently and both sides of the pipe
- // may be inherited by the corresponding child process without being closed.
+ // in case it fails before calling exec()
int errFds[2];
- int r = ::pipe2(errFds, O_CLOEXEC);
- checkUnixError(r, "pipe2");
+#if FOLLY_HAVE_PIPE2
+ checkUnixError(::pipe2(errFds, O_CLOEXEC), "pipe2");
+#else
+ checkUnixError(::pipe(errFds), "pipe");
+#endif
SCOPE_EXIT {
CHECK_ERR(::close(errFds[0]));
if (errFds[1] >= 0) {
}
};
+#if !FOLLY_HAVE_PIPE2
+ // Ask the child to close the read end of the error pipe.
+ checkUnixError(fcntl(errFds[0], F_SETFD, FD_CLOEXEC), "set FD_CLOEXEC");
+ // Set the close-on-exec flag on the write side of the pipe.
+ // This way the pipe will be closed automatically in the child if execve()
+ // succeeds. If the exec fails the child can write error information to the
+ // pipe.
+ checkUnixError(fcntl(errFds[1], F_SETFD, FD_CLOEXEC), "set FD_CLOEXEC");
+#endif
+
// Perform the actual work of setting up pipes then forking and
// executing the child.
spawnInternal(std::move(argv), executable, options, env, errFds[1]);
// child has exited and can be immediately waited for. In all other cases,
// we have no way of cleaning up the child.
+ if (options.processGroupLeader_) {
+ // This is done both in the parent and the child to avoid the race where
+ // the parent assumes that the child is a leader, but the child has not
+ // yet run setprp(). Not checking error codes since we're deliberately
+ // racing the child, which may already have run execve(), and expect to
+ // lose frequently.
+ setpgid(pid_, pid_);
+ }
// Close writable side of the errFd pipe in the parent process
CHECK_ERR(::close(errFds[1]));
errFds[1] = -1;
for (auto& p : options.fdActions_) {
if (p.second == PIPE_IN || p.second == PIPE_OUT) {
int fds[2];
- // Set O_CLOEXEC on both ends of the pipe atomically while creating
- // the pipe. The child will clear O_CLOEXEC on its side of the pipe
- // before calling exec() so that stays open afterwards.
- // This way even if a concurrently constructed Subprocess inherits
- // both ends of this pipe, they will be automatically closed
- // after the corresponding exec().
+ // We're setting both ends of the pipe as close-on-exec. The child
+ // doesn't need to reset the flag on its end, as we always dup2() the fd,
+ // and dup2() fds don't share the close-on-exec flag.
+#if FOLLY_HAVE_PIPE2
r = ::pipe2(fds, O_CLOEXEC);
checkUnixError(r, "pipe2");
+#else
+ r = ::pipe(fds);
+ checkUnixError(r, "pipe");
+ r = fcntl(fds[0], F_SETFD, FD_CLOEXEC);
+ checkUnixError(r, "set FD_CLOEXEC");
+ r = fcntl(fds[1], F_SETFD, FD_CLOEXEC);
+ checkUnixError(r, "set FD_CLOEXEC");
+#endif
PipeInfo pinfo;
pinfo.direction = p.second;
int cfd;
CHECK_EQ(r, 0) << "pthread_sigmask: " << errnoStr(r); // shouldn't fail
};
+ // Call c_str() here, as it's not necessarily safe after fork.
+ const char* childDir =
+ options.childDir_.empty() ? nullptr : options.childDir_.c_str();
pid_t pid = vfork();
if (pid == 0) {
- int errnoValue = prepareChild(options, &oldSignals);
+ int errnoValue = prepareChild(options, &oldSignals, childDir);
if (errnoValue != 0) {
childError(errFd, kChildFailure, errnoValue);
}
}
int Subprocess::prepareChild(const Options& options,
- const sigset_t* sigmask) const {
+ const sigset_t* sigmask,
+ const char* childDir) const {
// While all signals are blocked, we must reset their
// dispositions to default.
for (int sig = 1; sig < NSIG; ++sig) {
::signal(sig, SIG_DFL);
}
- // Unblock signals; restore signal mask.
- int r = pthread_sigmask(SIG_SETMASK, sigmask, nullptr);
- if (r != 0) {
- return r; // pthread_sigmask() returns an errno value
- }
- // Change the working directory, if one is given
- if (!options.childDir_.empty()) {
- r = ::chdir(options.childDir_.c_str());
- if (r == -1) {
- return errno;
+ {
+ // Unblock signals; restore signal mask.
+ int r = pthread_sigmask(SIG_SETMASK, sigmask, nullptr);
+ if (r != 0) {
+ return r; // pthread_sigmask() returns an errno value
}
}
- for (auto& p : pipes_) {
- // Clear FD_CLOEXEC on the child side of the pipe so
- // it stays open after exec() (so that the child could
- // access it).
- // See spawnInternal() for why FD_CLOEXEC must be set
- // by default on pipes.
- r = fcntl(p.childFd, F_SETFD, 0);
- if (r == -1) {
+ // Change the working directory, if one is given
+ if (childDir) {
+ if (::chdir(childDir) == -1) {
return errno;
}
}
+ // We don't have to explicitly close the parent's end of all pipes,
+ // as they all have the FD_CLOEXEC flag set and will be closed at
+ // exec time.
+
// Close all fds that we're supposed to close.
- // Note that we're ignoring errors here, in case some of these
- // fds were set to close on exec.
for (auto& p : options.fdActions_) {
if (p.second == CLOSE) {
- ::close(p.first);
- } else {
- r = ::dup2(p.second, p.first);
- if (r == -1) {
+ if (::close(p.first) == -1) {
+ return errno;
+ }
+ } else if (p.second != p.first) {
+ if (::dup2(p.second, p.first) == -1) {
return errno;
}
}
#if __linux__
// Opt to receive signal on parent death, if requested
if (options.parentDeathSignal_ != 0) {
- r = prctl(PR_SET_PDEATHSIG, options.parentDeathSignal_, 0, 0, 0);
- if (r == -1) {
+ if (prctl(PR_SET_PDEATHSIG, options.parentDeathSignal_, 0, 0, 0) == -1) {
return errno;
}
}
#endif
+ if (options.processGroupLeader_) {
+ if (setpgrp() == -1) {
+ return errno;
+ }
+ }
+
return 0;
}
char** argv, char** env,
const Options& options) const {
// Now, finally, exec.
- int r;
if (options.usePath_) {
::execvp(executable, argv);
} else {
} while (r == -1 && errno == EINTR);
checkUnixError(r, "poll");
- for (int i = 0; i < pipes_.size(); ++i) {
+ for (size_t i = 0; i < pipes_.size(); ++i) {
auto& p = pipes_[i];
DCHECK_EQ(fds[i].fd, p.parentFd);
short events = fds[i].revents;
} // namespace
} // namespace folly
-
projects / folly.git / blobdiff