1 use crate::std::fmt; 2 use crate::std::io::{self, ErrorKind}; 3 4 use crate::std::num::NonZeroI32; 5 use crate::std::sys; 6 use crate::std::sys::cvt; 7 use crate::std::sys::process::process_common::*; 8 use core::ffi::NonZero_c_int; 9 use dlibc; 10 11 #[cfg(target_os = "linux")] 12 use crate::std::os::linux::process::PidFd; 13 14 #[cfg(any( 15 target_os = "macos", 16 target_os = "watchos", 17 target_os = "tvos", 18 target_os = "freebsd", 19 all(target_os = "linux", target_env = "gnu"), 20 all(target_os = "linux", target_env = "musl"), 21 target_os = "nto", 22 ))] 23 use crate::std::sys::weak::weak; 24 25 #[cfg(target_os = "vxworks")] 26 use dlibc::RTP_ID as pid_t; 27 28 #[cfg(not(target_os = "vxworks"))] 29 use dlibc::{c_int, pid_t}; 30 31 #[cfg(not(any( 32 target_os = "vxworks", 33 target_os = "l4re", 34 target_os = "tvos", 35 target_os = "watchos", 36 )))] 37 use dlibc::{gid_t, uid_t}; 38 39 cfg_if::cfg_if! { 40 if #[cfg(all(target_os = "nto", target_env = "nto71"))] { 41 use crate::std::thread; 42 use dlibc::{c_char, posix_spawn_file_actions_t, posix_spawnattr_t}; 43 use crate::std::time::Duration; 44 use crate::std::sync::LazyLock; 45 // Get smallest amount of time we can sleep. 46 // Return a common value if it cannot be determined. 47 fn get_clock_resolution() -> Duration { 48 static MIN_DELAY: LazyLock<Duration, fn() -> Duration> = LazyLock::new(|| { 49 let mut mindelay = dlibc::timespec { tv_sec: 0, tv_nsec: 0 }; 50 if unsafe { dlibc::clock_getres(dlibc::CLOCK_MONOTONIC, &mut mindelay) } == 0 51 { 52 Duration::from_nanos(mindelay.tv_nsec as u64) 53 } else { 54 Duration::from_millis(1) 55 } 56 }); 57 *MIN_DELAY 58 } 59 // Arbitrary minimum sleep duration for retrying fork/spawn 60 const MIN_FORKSPAWN_SLEEP: Duration = Duration::from_nanos(1); 61 // Maximum duration of sleeping before giving up and returning an error 62 const MAX_FORKSPAWN_SLEEP: Duration = Duration::from_millis(1000); 63 } 64 } 65 66 //////////////////////////////////////////////////////////////////////////////// 67 // Command 68 //////////////////////////////////////////////////////////////////////////////// 69 70 impl Command { 71 pub fn spawn( 72 &mut self, 73 _default: Stdio, 74 _needs_stdin: bool, 75 ) -> io::Result<(Process, StdioPipes)> { 76 // const CLOEXEC_MSG_FOOTER: [u8; 4] = *b"NOEX"; 77 78 // let envp = self.capture_env(); 79 80 // if self.saw_nul() { 81 // return Err(io::const_io_error!( 82 // ErrorKind::InvalidInput, 83 // "nul byte found in provided data", 84 // )); 85 // } 86 87 // let (ours, theirs) = self.setup_io(default, needs_stdin)?; 88 89 // if let Some(ret) = self.posix_spawn(&theirs, envp.as_ref())? { 90 // return Ok((ret, ours)); 91 // } 92 93 // #[cfg(target_os = "linux")] 94 // let (input, output) = sys::net::Socket::new_pair(dlibc::AF_UNIX, dlibc::SOCK_SEQPACKET)?; 95 96 // #[cfg(not(target_os = "linux"))] 97 // let (input, output) = sys::pipe::anon_pipe()?; 98 99 // // Whatever happens after the fork is almost for sure going to touch or 100 // // look at the environment in one way or another (PATH in `execvp` or 101 // // accessing the `environ` pointer ourselves). Make sure no other thread 102 // // is accessing the environment when we do the fork itself. 103 // // 104 // // Note that as soon as we're done with the fork there's no need to hold 105 // // a lock any more because the parent won't do anything and the child is 106 // // in its own process. Thus the parent drops the lock guard immediately. 107 // // The child calls `mem::forget` to leak the lock, which is crucial because 108 // // releasing a lock is not async-signal-safe. 109 // let env_lock = sys::os::env_read_lock(); 110 // let pid = unsafe { self.do_fork()? }; 111 112 // if pid == 0 { 113 // crate::std::panic::always_abort(); 114 // mem::forget(env_lock); // avoid non-async-signal-safe unlocking 115 // drop(input); 116 // #[cfg(target_os = "linux")] 117 // if self.get_create_pidfd() { 118 // self.send_pidfd(&output); 119 // } 120 // let Err(err) = unsafe { self.do_exec(theirs, envp.as_ref()) }; 121 // let errno = err.raw_os_error().unwrap_or(dlibc::EINVAL) as u32; 122 // let errno = errno.to_be_bytes(); 123 // let bytes = [ 124 // errno[0], 125 // errno[1], 126 // errno[2], 127 // errno[3], 128 // CLOEXEC_MSG_FOOTER[0], 129 // CLOEXEC_MSG_FOOTER[1], 130 // CLOEXEC_MSG_FOOTER[2], 131 // CLOEXEC_MSG_FOOTER[3], 132 // ]; 133 // // pipe I/O up to PIPE_BUF bytes should be atomic, and then 134 // // we want to be sure we *don't* run at_exit destructors as 135 // // we're being torn down regardless 136 // rtassert!(output.write(&bytes).is_ok()); 137 // unsafe { dlibc::_exit(1) } 138 // } 139 140 // drop(env_lock); 141 // drop(output); 142 143 // #[cfg(target_os = "linux")] 144 // let pidfd = if self.get_create_pidfd() { self.recv_pidfd(&input) } else { -1 }; 145 146 // #[cfg(not(target_os = "linux"))] 147 // let pidfd = -1; 148 149 // // Safety: We obtained the pidfd from calling `clone3` with 150 // // `CLONE_PIDFD` so it's valid an otherwise unowned. 151 // let mut p = unsafe { Process::new(pid, pidfd) }; 152 // let mut bytes = [0; 8]; 153 154 // // loop to handle EINTR 155 // loop { 156 // match input.read(&mut bytes) { 157 // Ok(0) => return Ok((p, ours)), 158 // Ok(8) => { 159 // let (errno, footer) = bytes.split_at(4); 160 // assert_eq!( 161 // CLOEXEC_MSG_FOOTER, footer, 162 // "Validation on the CLOEXEC pipe failed: {:?}", 163 // bytes 164 // ); 165 // let errno = i32::from_be_bytes(errno.try_into().unwrap()); 166 // assert!(p.wait().is_ok(), "wait() should either return Ok or panic"); 167 // return Err(Error::from_raw_os_error(errno)); 168 // } 169 // Err(ref e) if e.is_interrupted() => {} 170 // Err(e) => { 171 // assert!(p.wait().is_ok(), "wait() should either return Ok or panic"); 172 // panic!("the CLOEXEC pipe failed: {e:?}") 173 // } 174 // Ok(..) => { 175 // // pipe I/O up to PIPE_BUF bytes should be atomic 176 // // similarly SOCK_SEQPACKET messages should arrive whole 177 // assert!(p.wait().is_ok(), "wait() should either return Ok or panic"); 178 // panic!("short read on the CLOEXEC pipe") 179 // } 180 // } 181 // } 182 unimplemented!(); 183 } 184 185 pub fn output(&mut self) -> io::Result<(ExitStatus, Vec<u8>, Vec<u8>)> { 186 let (proc, pipes) = self.spawn(Stdio::MakePipe, false)?; 187 crate::std::sys_common::process::wait_with_output(proc, pipes) 188 } 189 190 // WatchOS and TVOS headers mark the `fork`/`exec*` functions with 191 // `__WATCHOS_PROHIBITED __TVOS_PROHIBITED`, and indicate that the 192 // `posix_spawn*` functions should be used instead. It isn't entirely clear 193 // what `PROHIBITED` means here (e.g. if calls to these functions are 194 // allowed to exist in dead code), but it sounds bad, so we go out of our 195 // way to avoid that all-together. 196 #[cfg(any(target_os = "tvos", target_os = "watchos"))] 197 const ERR_APPLE_TV_WATCH_NO_FORK_EXEC: Error = io::const_io_error!( 198 ErrorKind::Unsupported, 199 "`fork`+`exec`-based process spawning is not supported on this target", 200 ); 201 202 #[cfg(any(target_os = "tvos", target_os = "watchos"))] 203 unsafe fn do_fork(&mut self) -> Result<pid_t, io::Error> { 204 return Err(Self::ERR_APPLE_TV_WATCH_NO_FORK_EXEC); 205 } 206 207 // Attempts to fork the process. If successful, returns Ok((0, -1)) 208 // in the child, and Ok((child_pid, -1)) in the parent. 209 #[cfg(not(any( 210 target_os = "watchos", 211 target_os = "tvos", 212 all(target_os = "nto", target_env = "nto71"), 213 )))] 214 unsafe fn do_fork(&mut self) -> Result<pid_t, io::Error> { 215 cvt(dlibc::fork()) 216 } 217 218 // On QNX Neutrino, fork can fail with EBADF in case "another thread might have opened 219 // or closed a file descriptor while the fork() was occurring". 220 // Documentation says "... or try calling fork() again". This is what we do here. 221 // See also https://www.qnx.com/developers/docs/7.1/#com.qnx.doc.neutrino.lib_ref/topic/f/fork.html 222 #[cfg(all(target_os = "nto", target_env = "nto71"))] 223 unsafe fn do_fork(&mut self) -> Result<pid_t, io::Error> { 224 use crate::std::sys::os::errno; 225 226 let mut delay = MIN_FORKSPAWN_SLEEP; 227 228 loop { 229 let r = dlibc::fork(); 230 if r == -1 as dlibc::pid_t && errno() as dlibc::c_int == dlibc::EBADF { 231 if delay < get_clock_resolution() { 232 // We cannot sleep this short (it would be longer). 233 // Yield instead. 234 thread::yield_now(); 235 } else if delay < MAX_FORKSPAWN_SLEEP { 236 thread::sleep(delay); 237 } else { 238 return Err(io::const_io_error!( 239 ErrorKind::WouldBlock, 240 "forking returned EBADF too often", 241 )); 242 } 243 delay *= 2; 244 continue; 245 } else { 246 return cvt(r); 247 } 248 } 249 } 250 251 pub fn exec(&mut self, default: Stdio) -> io::Error { 252 let envp = self.capture_env(); 253 254 if self.saw_nul() { 255 return io::const_io_error!(ErrorKind::InvalidInput, "nul byte found in provided data",); 256 } 257 258 match self.setup_io(default, true) { 259 Ok((_, theirs)) => { 260 unsafe { 261 // Similar to when forking, we want to ensure that access to 262 // the environment is synchronized, so make sure to grab the 263 // environment lock before we try to exec. 264 let _lock = sys::os::env_read_lock(); 265 266 let Err(e) = self.do_exec(theirs, envp.as_ref()) else { 267 todo!() 268 }; 269 e 270 } 271 } 272 Err(e) => e, 273 } 274 } 275 276 // And at this point we've reached a special time in the life of the 277 // child. The child must now be considered hamstrung and unable to 278 // do anything other than syscalls really. Consider the following 279 // scenario: 280 // 281 // 1. Thread A of process 1 grabs the malloc() mutex 282 // 2. Thread B of process 1 forks(), creating thread C 283 // 3. Thread C of process 2 then attempts to malloc() 284 // 4. The memory of process 2 is the same as the memory of 285 // process 1, so the mutex is locked. 286 // 287 // This situation looks a lot like deadlock, right? It turns out 288 // that this is what pthread_atfork() takes care of, which is 289 // presumably implemented across platforms. The first thing that 290 // threads to *before* forking is to do things like grab the malloc 291 // mutex, and then after the fork they unlock it. 292 // 293 // Despite this information, libnative's spawn has been witnessed to 294 // deadlock on both macOS and FreeBSD. I'm not entirely sure why, but 295 // all collected backtraces point at malloc/free traffic in the 296 // child spawned process. 297 // 298 // For this reason, the block of code below should contain 0 299 // invocations of either malloc of free (or their related friends). 300 // 301 // As an example of not having malloc/free traffic, we don't close 302 // this file descriptor by dropping the FileDesc (which contains an 303 // allocation). Instead we just close it manually. This will never 304 // have the drop glue anyway because this code never returns (the 305 // child will either exec() or invoke dlibc::exit) 306 #[cfg(not(any(target_os = "tvos", target_os = "watchos")))] 307 unsafe fn do_exec( 308 &mut self, 309 stdio: ChildPipes, 310 maybe_envp: Option<&CStringArray>, 311 ) -> Result<!, io::Error> { 312 use crate::std::sys::{self, cvt_r}; 313 314 if let Some(fd) = stdio.stdin.fd() { 315 cvt_r(|| dlibc::dup2(fd, dlibc::STDIN_FILENO))?; 316 } 317 if let Some(fd) = stdio.stdout.fd() { 318 cvt_r(|| dlibc::dup2(fd, dlibc::STDOUT_FILENO))?; 319 } 320 if let Some(fd) = stdio.stderr.fd() { 321 cvt_r(|| dlibc::dup2(fd, dlibc::STDERR_FILENO))?; 322 } 323 324 #[cfg(not(target_os = "l4re"))] 325 { 326 if let Some(_g) = self.get_groups() { 327 //FIXME: Redox kernel does not support setgroups yet 328 #[cfg(not(target_os = "redox"))] 329 cvt(dlibc::setgroups(_g.len().try_into().unwrap(), _g.as_ptr()))?; 330 } 331 if let Some(u) = self.get_gid() { 332 cvt(dlibc::setgid(u as gid_t))?; 333 } 334 if let Some(u) = self.get_uid() { 335 // When dropping privileges from root, the `setgroups` call 336 // will remove any extraneous groups. We only drop groups 337 // if the current uid is 0 and we weren't given an explicit 338 // set of groups. If we don't call this, then even though our 339 // uid has dropped, we may still have groups that enable us to 340 // do super-user things. 341 //FIXME: Redox kernel does not support setgroups yet 342 #[cfg(not(target_os = "redox"))] 343 if dlibc::getuid() == 0 && self.get_groups().is_none() { 344 cvt(dlibc::setgroups(0, crate::std::ptr::null()))?; 345 } 346 cvt(dlibc::setuid(u as uid_t))?; 347 } 348 } 349 if let Some(ref cwd) = *self.get_cwd() { 350 cvt(dlibc::chdir(cwd.as_ptr()))?; 351 } 352 353 if let Some(pgroup) = self.get_pgroup() { 354 cvt(dlibc::setpgid(0, pgroup))?; 355 } 356 357 // emscripten has no signal support. 358 #[cfg(not(target_os = "emscripten"))] 359 { 360 // Inherit the signal mask from the parent rather than resetting it (i.e. do not call 361 // pthread_sigmask). 362 363 // If #[unix_sigpipe] is specified, don't reset SIGPIPE to SIG_DFL. 364 // If #[unix_sigpipe] is not specified, reset SIGPIPE to SIG_DFL for backward compatibility. 365 // 366 // #[unix_sigpipe] is an opportunity to change the default here. 367 if !crate::std::sys::unix_sigpipe_attr_specified() { 368 #[cfg(target_os = "android")] // see issue #88585 369 { 370 let mut action: dlibc::sigaction = mem::zeroed(); 371 action.sa_sigaction = dlibc::SIG_DFL; 372 cvt(dlibc::sigaction( 373 dlibc::SIGPIPE, 374 &action, 375 crate::std::ptr::null_mut(), 376 ))?; 377 } 378 #[cfg(not(target_os = "android"))] 379 { 380 let ret = sys::signal(dlibc::SIGPIPE, dlibc::SIG_DFL); 381 if ret == dlibc::SIG_ERR { 382 return Err(io::Error::last_os_error()); 383 } 384 } 385 } 386 } 387 388 for callback in self.get_closures().iter_mut() { 389 callback()?; 390 } 391 392 // Although we're performing an exec here we may also return with an 393 // error from this function (without actually exec'ing) in which case we 394 // want to be sure to restore the global environment back to what it 395 // once was, ensuring that our temporary override, when free'd, doesn't 396 // corrupt our process's environment. 397 let mut _reset = None; 398 if let Some(envp) = maybe_envp { 399 struct Reset(*const *const dlibc::c_char); 400 401 impl Drop for Reset { 402 fn drop(&mut self) { 403 unsafe { 404 *sys::os::environ() = self.0; 405 } 406 } 407 } 408 409 _reset = Some(Reset(*sys::os::environ())); 410 *sys::os::environ() = envp.as_ptr(); 411 } 412 413 dlibc::execvp(self.get_program_cstr().as_ptr(), self.get_argv().as_ptr()); 414 Err(io::Error::last_os_error()) 415 } 416 417 #[cfg(any(target_os = "tvos", target_os = "watchos"))] 418 unsafe fn do_exec( 419 &mut self, 420 _stdio: ChildPipes, 421 _maybe_envp: Option<&CStringArray>, 422 ) -> Result<!, io::Error> { 423 return Err(Self::ERR_APPLE_TV_WATCH_NO_FORK_EXEC); 424 } 425 426 #[cfg(not(any( 427 target_os = "macos", 428 target_os = "tvos", 429 target_os = "watchos", 430 target_os = "freebsd", 431 all(target_os = "linux", target_env = "gnu"), 432 all(target_os = "linux", target_env = "musl"), 433 target_os = "nto", 434 )))] 435 fn posix_spawn( 436 &mut self, 437 _: &ChildPipes, 438 _: Option<&CStringArray>, 439 ) -> io::Result<Option<Process>> { 440 Ok(None) 441 } 442 443 // Only support platforms for which posix_spawn() can return ENOENT 444 // directly. 445 #[cfg(any( 446 target_os = "macos", 447 // FIXME: `target_os = "ios"`? 448 target_os = "tvos", 449 target_os = "watchos", 450 target_os = "freebsd", 451 all(target_os = "linux", target_env = "gnu"), 452 all(target_os = "linux", target_env = "musl"), 453 target_os = "nto", 454 ))] 455 fn posix_spawn( 456 &mut self, 457 stdio: &ChildPipes, 458 envp: Option<&CStringArray>, 459 ) -> io::Result<Option<Process>> { 460 use crate::std::mem::MaybeUninit; 461 use crate::std::sys::{self, cvt_nz, unix_sigpipe_attr_specified}; 462 463 if self.get_gid().is_some() 464 || self.get_uid().is_some() 465 || (self.env_saw_path() && !self.program_is_path()) 466 || !self.get_closures().is_empty() 467 || self.get_groups().is_some() 468 || self.get_create_pidfd() 469 { 470 return Ok(None); 471 } 472 473 // Only glibc 2.24+ posix_spawn() supports returning ENOENT directly. 474 #[cfg(all(target_os = "linux", target_env = "gnu"))] 475 { 476 if let Some(version) = sys::os::glibc_version() { 477 if version < (2, 24) { 478 return Ok(None); 479 } 480 } else { 481 return Ok(None); 482 } 483 } 484 485 // On QNX Neutrino, posix_spawnp can fail with EBADF in case "another thread might have opened 486 // or closed a file descriptor while the posix_spawn() was occurring". 487 // Documentation says "... or try calling posix_spawn() again". This is what we do here. 488 // See also http://www.qnx.com/developers/docs/7.1/#com.qnx.doc.neutrino.lib_ref/topic/p/posix_spawn.html 489 #[cfg(all(target_os = "nto", target_env = "nto71"))] 490 unsafe fn retrying_libc_posix_spawnp( 491 pid: *mut pid_t, 492 file: *const c_char, 493 file_actions: *const posix_spawn_file_actions_t, 494 attrp: *const posix_spawnattr_t, 495 argv: *const *mut c_char, 496 envp: *const *mut c_char, 497 ) -> io::Result<i32> { 498 let mut delay = MIN_FORKSPAWN_SLEEP; 499 loop { 500 match dlibc::posix_spawnp(pid, file, file_actions, attrp, argv, envp) { 501 dlibc::EBADF => { 502 if delay < get_clock_resolution() { 503 // We cannot sleep this short (it would be longer). 504 // Yield instead. 505 thread::yield_now(); 506 } else if delay < MAX_FORKSPAWN_SLEEP { 507 thread::sleep(delay); 508 } else { 509 return Err(io::const_io_error!( 510 ErrorKind::WouldBlock, 511 "posix_spawnp returned EBADF too often", 512 )); 513 } 514 delay *= 2; 515 continue; 516 } 517 r => { 518 return Ok(r); 519 } 520 } 521 } 522 } 523 524 // Solaris, glibc 2.29+, and musl 1.24+ can set a new working directory, 525 // and maybe others will gain this non-POSIX function too. We'll check 526 // for this weak symbol as soon as it's needed, so we can return early 527 // otherwise to do a manual chdir before exec. 528 weak! { 529 fn posix_spawn_file_actions_addchdir_np( 530 *mut dlibc::posix_spawn_file_actions_t, 531 *const dlibc::c_char 532 ) -> dlibc::c_int 533 } 534 let addchdir = match self.get_cwd() { 535 Some(cwd) => { 536 if cfg!(any( 537 target_os = "macos", 538 target_os = "tvos", 539 target_os = "watchos" 540 )) { 541 // There is a bug in macOS where a relative executable 542 // path like "../myprogram" will cause `posix_spawn` to 543 // successfully launch the program, but erroneously return 544 // ENOENT when used with posix_spawn_file_actions_addchdir_np 545 // which was introduced in macOS 10.15. 546 if self.get_program_kind() == ProgramKind::Relative { 547 return Ok(None); 548 } 549 } 550 match posix_spawn_file_actions_addchdir_np.get() { 551 Some(f) => Some((f, cwd)), 552 None => return Ok(None), 553 } 554 } 555 None => None, 556 }; 557 558 let pgroup = self.get_pgroup(); 559 560 // Safety: -1 indicates we don't have a pidfd. 561 let mut p = unsafe { Process::new(0, -1) }; 562 563 struct PosixSpawnFileActions<'a>(&'a mut MaybeUninit<dlibc::posix_spawn_file_actions_t>); 564 565 impl Drop for PosixSpawnFileActions<'_> { 566 fn drop(&mut self) { 567 unsafe { 568 dlibc::posix_spawn_file_actions_destroy(self.0.as_mut_ptr()); 569 } 570 } 571 } 572 573 struct PosixSpawnattr<'a>(&'a mut MaybeUninit<dlibc::posix_spawnattr_t>); 574 575 impl Drop for PosixSpawnattr<'_> { 576 fn drop(&mut self) { 577 unsafe { 578 dlibc::posix_spawnattr_destroy(self.0.as_mut_ptr()); 579 } 580 } 581 } 582 583 unsafe { 584 let mut attrs = MaybeUninit::uninit(); 585 cvt_nz(dlibc::posix_spawnattr_init(attrs.as_mut_ptr()))?; 586 let attrs = PosixSpawnattr(&mut attrs); 587 588 let mut flags = 0; 589 590 let mut file_actions = MaybeUninit::uninit(); 591 cvt_nz(dlibc::posix_spawn_file_actions_init( 592 file_actions.as_mut_ptr(), 593 ))?; 594 let file_actions = PosixSpawnFileActions(&mut file_actions); 595 596 if let Some(fd) = stdio.stdin.fd() { 597 cvt_nz(dlibc::posix_spawn_file_actions_adddup2( 598 file_actions.0.as_mut_ptr(), 599 fd, 600 dlibc::STDIN_FILENO, 601 ))?; 602 } 603 if let Some(fd) = stdio.stdout.fd() { 604 cvt_nz(dlibc::posix_spawn_file_actions_adddup2( 605 file_actions.0.as_mut_ptr(), 606 fd, 607 dlibc::STDOUT_FILENO, 608 ))?; 609 } 610 if let Some(fd) = stdio.stderr.fd() { 611 cvt_nz(dlibc::posix_spawn_file_actions_adddup2( 612 file_actions.0.as_mut_ptr(), 613 fd, 614 dlibc::STDERR_FILENO, 615 ))?; 616 } 617 if let Some((f, cwd)) = addchdir { 618 cvt_nz(f(file_actions.0.as_mut_ptr(), cwd.as_ptr()))?; 619 } 620 621 if let Some(pgroup) = pgroup { 622 flags |= dlibc::POSIX_SPAWN_SETPGROUP; 623 cvt_nz(dlibc::posix_spawnattr_setpgroup( 624 attrs.0.as_mut_ptr(), 625 pgroup, 626 ))?; 627 } 628 629 // Inherit the signal mask from this process rather than resetting it (i.e. do not call 630 // posix_spawnattr_setsigmask). 631 632 // If #[unix_sigpipe] is specified, don't reset SIGPIPE to SIG_DFL. 633 // If #[unix_sigpipe] is not specified, reset SIGPIPE to SIG_DFL for backward compatibility. 634 // 635 // #[unix_sigpipe] is an opportunity to change the default here. 636 if !unix_sigpipe_attr_specified() { 637 let mut default_set = MaybeUninit::<dlibc::sigset_t>::uninit(); 638 cvt(sigemptyset(default_set.as_mut_ptr()))?; 639 cvt(sigaddset(default_set.as_mut_ptr(), dlibc::SIGPIPE))?; 640 cvt_nz(dlibc::posix_spawnattr_setsigdefault( 641 attrs.0.as_mut_ptr(), 642 default_set.as_ptr(), 643 ))?; 644 flags |= dlibc::POSIX_SPAWN_SETSIGDEF; 645 } 646 647 cvt_nz(dlibc::posix_spawnattr_setflags( 648 attrs.0.as_mut_ptr(), 649 flags as _, 650 ))?; 651 652 // Make sure we synchronize access to the global `environ` resource 653 let _env_lock = sys::os::env_read_lock(); 654 let envp = envp 655 .map(|c| c.as_ptr()) 656 .unwrap_or_else(|| *sys::os::environ() as *const _); 657 658 #[cfg(not(target_os = "nto"))] 659 let spawn_fn = dlibc::posix_spawnp; 660 #[cfg(target_os = "nto")] 661 let spawn_fn = retrying_libc_posix_spawnp; 662 663 let spawn_res = spawn_fn( 664 &mut p.pid, 665 self.get_program_cstr().as_ptr(), 666 file_actions.0.as_ptr(), 667 attrs.0.as_ptr(), 668 self.get_argv().as_ptr() as *const _, 669 envp as *const _, 670 ); 671 672 #[cfg(target_os = "nto")] 673 let spawn_res = spawn_res?; 674 675 cvt_nz(spawn_res)?; 676 Ok(Some(p)) 677 } 678 } 679 680 #[cfg(target_os = "linux")] 681 fn send_pidfd(&self, sock: &crate::std::sys::net::Socket) { 682 use crate::std::io::IoSlice; 683 use crate::std::os::fd::RawFd; 684 use crate::std::sys::cvt_r; 685 use dlibc::{CMSG_DATA, CMSG_FIRSTHDR, CMSG_LEN, CMSG_SPACE, SCM_RIGHTS, SOL_SOCKET}; 686 687 unsafe { 688 let child_pid = dlibc::getpid(); 689 // pidfd_open sets CLOEXEC by default 690 let pidfd = dlibc::syscall(dlibc::SYS_pidfd_open, child_pid, 0); 691 692 let fds: [c_int; 1] = [pidfd as RawFd]; 693 694 const SCM_MSG_LEN: usize = mem::size_of::<[c_int; 1]>(); 695 696 #[repr(C)] 697 union Cmsg { 698 buf: [u8; unsafe { CMSG_SPACE(SCM_MSG_LEN as u32) as usize }], 699 _align: dlibc::cmsghdr, 700 } 701 702 let mut cmsg: Cmsg = mem::zeroed(); 703 704 // 0-length message to send through the socket so we can pass along the fd 705 let mut iov = [IoSlice::new(b"")]; 706 let mut msg: dlibc::msghdr = mem::zeroed(); 707 708 msg.msg_iov = &mut iov as *mut _ as *mut _; 709 msg.msg_iovlen = 1; 710 msg.msg_controllen = mem::size_of_val(&cmsg.buf) as _; 711 msg.msg_control = &mut cmsg.buf as *mut _ as *mut _; 712 713 // only attach cmsg if we successfully acquired the pidfd 714 if pidfd >= 0 { 715 let hdr = CMSG_FIRSTHDR(&mut msg as *mut _ as *mut _); 716 (*hdr).cmsg_level = SOL_SOCKET; 717 (*hdr).cmsg_type = SCM_RIGHTS; 718 (*hdr).cmsg_len = CMSG_LEN(SCM_MSG_LEN as _) as _; 719 let data = CMSG_DATA(hdr); 720 crate::std::ptr::copy_nonoverlapping( 721 fds.as_ptr().cast::<u8>(), 722 data as *mut _, 723 SCM_MSG_LEN, 724 ); 725 } 726 727 // we send the 0-length message even if we failed to acquire the pidfd 728 // so we get a consistent SEQPACKET order 729 match cvt_r(|| dlibc::sendmsg(sock.as_raw(), &msg, 0)) { 730 Ok(0) => {} 731 _ => rtabort!("failed to communicate with parent process"), 732 } 733 } 734 } 735 736 #[cfg(target_os = "linux")] 737 fn recv_pidfd(&self, sock: &crate::std::sys::net::Socket) -> pid_t { 738 use crate::std::io::IoSliceMut; 739 use crate::std::sys::cvt_r; 740 741 use dlibc::{CMSG_DATA, CMSG_FIRSTHDR, CMSG_LEN, CMSG_SPACE, SCM_RIGHTS, SOL_SOCKET}; 742 743 unsafe { 744 const SCM_MSG_LEN: usize = mem::size_of::<[c_int; 1]>(); 745 746 #[repr(C)] 747 union Cmsg { 748 _buf: [u8; unsafe { CMSG_SPACE(SCM_MSG_LEN as u32) as usize }], 749 _align: dlibc::cmsghdr, 750 } 751 let mut cmsg: Cmsg = mem::zeroed(); 752 // 0-length read to get the fd 753 let mut iov = [IoSliceMut::new(&mut [])]; 754 755 let mut msg: dlibc::msghdr = mem::zeroed(); 756 757 msg.msg_iov = &mut iov as *mut _ as *mut _; 758 msg.msg_iovlen = 1; 759 msg.msg_controllen = mem::size_of::<Cmsg>() as _; 760 msg.msg_control = &mut cmsg as *mut _ as *mut _; 761 762 match cvt_r(|| dlibc::recvmsg(sock.as_raw(), &mut msg, 0)) { 763 Err(_) => return -1, 764 Ok(_) => {} 765 } 766 767 let hdr = CMSG_FIRSTHDR(&mut msg as *mut _ as *mut _); 768 if hdr.is_null() 769 || (*hdr).cmsg_level != SOL_SOCKET 770 || (*hdr).cmsg_type != SCM_RIGHTS 771 || (*hdr).cmsg_len != CMSG_LEN(SCM_MSG_LEN as _) as _ 772 { 773 return -1; 774 } 775 let data = CMSG_DATA(hdr); 776 777 let mut fds = [-1 as c_int]; 778 779 crate::std::ptr::copy_nonoverlapping( 780 data as *const _, 781 fds.as_mut_ptr().cast::<u8>(), 782 SCM_MSG_LEN, 783 ); 784 785 fds[0] 786 } 787 } 788 } 789 790 //////////////////////////////////////////////////////////////////////////////// 791 // Processes 792 //////////////////////////////////////////////////////////////////////////////// 793 794 /// The unique ID of the process (this should never be negative). 795 pub struct Process { 796 pid: pid_t, 797 status: Option<ExitStatus>, 798 // On Linux, stores the pidfd created for this child. 799 // This is None if the user did not request pidfd creation, 800 // or if the pidfd could not be created for some reason 801 // (e.g. the `clone3` syscall was not available). 802 #[cfg(target_os = "linux")] 803 pidfd: Option<PidFd>, 804 } 805 806 impl Process { 807 #[cfg(target_os = "linux")] 808 unsafe fn new(pid: pid_t, pidfd: pid_t) -> Self { 809 use crate::std::os::unix::io::FromRawFd; 810 use crate::std::sys_common::FromInner; 811 // Safety: If `pidfd` is nonnegative, we assume it's valid and otherwise unowned. 812 let pidfd = (pidfd >= 0).then(|| PidFd::from_inner(sys::fd::FileDesc::from_raw_fd(pidfd))); 813 Process { 814 pid, 815 status: None, 816 pidfd, 817 } 818 } 819 820 #[cfg(not(target_os = "linux"))] 821 unsafe fn new(pid: pid_t, _pidfd: pid_t) -> Self { 822 Process { pid, status: None } 823 } 824 825 pub fn id(&self) -> u32 { 826 self.pid as u32 827 } 828 829 pub fn kill(&mut self) -> io::Result<()> { 830 // If we've already waited on this process then the pid can be recycled 831 // and used for another process, and we probably shouldn't be killing 832 // random processes, so return Ok because the process has exited already. 833 if self.status.is_some() { 834 Ok(()) 835 } else { 836 cvt(unsafe { dlibc::kill(self.pid, dlibc::SIGKILL) }).map(drop) 837 } 838 } 839 840 pub fn wait(&mut self) -> io::Result<ExitStatus> { 841 use crate::std::sys::cvt_r; 842 if let Some(status) = self.status { 843 return Ok(status); 844 } 845 let mut status = 0 as c_int; 846 cvt_r(|| unsafe { dlibc::waitpid(self.pid, &mut status, 0) })?; 847 self.status = Some(ExitStatus::new(status)); 848 Ok(ExitStatus::new(status)) 849 } 850 851 pub fn try_wait(&mut self) -> io::Result<Option<ExitStatus>> { 852 if let Some(status) = self.status { 853 return Ok(Some(status)); 854 } 855 let mut status = 0 as c_int; 856 let pid = cvt(unsafe { dlibc::waitpid(self.pid, &mut status, dlibc::WNOHANG) })?; 857 if pid == 0 { 858 Ok(None) 859 } else { 860 self.status = Some(ExitStatus::new(status)); 861 Ok(Some(ExitStatus::new(status))) 862 } 863 } 864 } 865 866 /// Unix exit statuses 867 // 868 // This is not actually an "exit status" in Unix terminology. Rather, it is a "wait status". 869 // See the discussion in comments and doc comments for `std::process::ExitStatus`. 870 #[derive(PartialEq, Eq, Clone, Copy, Default)] 871 pub struct ExitStatus(c_int); 872 873 impl fmt::Debug for ExitStatus { 874 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 875 f.debug_tuple("unix_wait_status").field(&self.0).finish() 876 } 877 } 878 879 impl ExitStatus { 880 pub fn new(status: c_int) -> ExitStatus { 881 ExitStatus(status) 882 } 883 884 fn exited(&self) -> bool { 885 dlibc::WIFEXITED(self.0) 886 } 887 888 pub fn exit_ok(&self) -> Result<(), ExitStatusError> { 889 // This assumes that WIFEXITED(status) && WEXITSTATUS==0 corresponds to status==0. This is 890 // true on all actual versions of Unix, is widely assumed, and is specified in SuS 891 // https://pubs.opengroup.org/onlinepubs/9699919799/functions/wait.html. If it is not 892 // true for a platform pretending to be Unix, the tests (our doctests, and also 893 // process_unix/tests.rs) will spot it. `ExitStatusError::code` assumes this too. 894 match NonZero_c_int::try_from(self.0) { 895 /* was nonzero */ Ok(failure) => Err(ExitStatusError(failure)), 896 /* was zero, couldn't convert */ Err(_) => Ok(()), 897 } 898 } 899 900 pub fn code(&self) -> Option<i32> { 901 self.exited().then(|| dlibc::WEXITSTATUS(self.0)) 902 } 903 904 pub fn signal(&self) -> Option<i32> { 905 dlibc::WIFSIGNALED(self.0).then(|| dlibc::WTERMSIG(self.0)) 906 } 907 908 pub fn core_dumped(&self) -> bool { 909 dlibc::WIFSIGNALED(self.0) && dlibc::WCOREDUMP(self.0) 910 } 911 912 pub fn stopped_signal(&self) -> Option<i32> { 913 dlibc::WIFSTOPPED(self.0).then(|| dlibc::WSTOPSIG(self.0)) 914 } 915 916 pub fn continued(&self) -> bool { 917 dlibc::WIFCONTINUED(self.0) 918 } 919 920 pub fn into_raw(&self) -> c_int { 921 self.0 922 } 923 } 924 925 /// Converts a raw `c_int` to a type-safe `ExitStatus` by wrapping it without copying. 926 impl From<c_int> for ExitStatus { 927 fn from(a: c_int) -> ExitStatus { 928 ExitStatus(a) 929 } 930 } 931 932 /// Convert a signal number to a readable, searchable name. 933 /// 934 /// This string should be displayed right after the signal number. 935 /// If a signal is unrecognized, it returns the empty string, so that 936 /// you just get the number like "0". If it is recognized, you'll get 937 /// something like "9 (SIGKILL)". 938 fn signal_string(signal: i32) -> &'static str { 939 match signal { 940 dlibc::SIGHUP => " (SIGHUP)", 941 dlibc::SIGINT => " (SIGINT)", 942 dlibc::SIGQUIT => " (SIGQUIT)", 943 dlibc::SIGILL => " (SIGILL)", 944 dlibc::SIGTRAP => " (SIGTRAP)", 945 dlibc::SIGABRT => " (SIGABRT)", 946 #[cfg(not(target_os = "l4re"))] 947 dlibc::SIGBUS => " (SIGBUS)", 948 dlibc::SIGFPE => " (SIGFPE)", 949 dlibc::SIGKILL => " (SIGKILL)", 950 #[cfg(not(target_os = "l4re"))] 951 dlibc::SIGUSR1 => " (SIGUSR1)", 952 dlibc::SIGSEGV => " (SIGSEGV)", 953 #[cfg(not(target_os = "l4re"))] 954 dlibc::SIGUSR2 => " (SIGUSR2)", 955 dlibc::SIGPIPE => " (SIGPIPE)", 956 dlibc::SIGALRM => " (SIGALRM)", 957 dlibc::SIGTERM => " (SIGTERM)", 958 #[cfg(not(target_os = "l4re"))] 959 dlibc::SIGCHLD => " (SIGCHLD)", 960 #[cfg(not(target_os = "l4re"))] 961 dlibc::SIGCONT => " (SIGCONT)", 962 #[cfg(not(target_os = "l4re"))] 963 dlibc::SIGSTOP => " (SIGSTOP)", 964 #[cfg(not(target_os = "l4re"))] 965 dlibc::SIGTSTP => " (SIGTSTP)", 966 #[cfg(not(target_os = "l4re"))] 967 dlibc::SIGTTIN => " (SIGTTIN)", 968 #[cfg(not(target_os = "l4re"))] 969 dlibc::SIGTTOU => " (SIGTTOU)", 970 #[cfg(not(target_os = "l4re"))] 971 dlibc::SIGURG => " (SIGURG)", 972 #[cfg(not(target_os = "l4re"))] 973 dlibc::SIGXCPU => " (SIGXCPU)", 974 #[cfg(not(target_os = "l4re"))] 975 dlibc::SIGXFSZ => " (SIGXFSZ)", 976 #[cfg(not(target_os = "l4re"))] 977 dlibc::SIGVTALRM => " (SIGVTALRM)", 978 #[cfg(not(target_os = "l4re"))] 979 dlibc::SIGPROF => " (SIGPROF)", 980 #[cfg(not(target_os = "l4re"))] 981 dlibc::SIGWINCH => " (SIGWINCH)", 982 #[cfg(not(any(target_os = "haiku", target_os = "l4re")))] 983 dlibc::SIGIO => " (SIGIO)", 984 #[cfg(target_os = "haiku")] 985 dlibc::SIGPOLL => " (SIGPOLL)", 986 #[cfg(not(target_os = "l4re"))] 987 dlibc::SIGSYS => " (SIGSYS)", 988 // For information on Linux signals, run `man 7 signal` 989 #[cfg(all( 990 target_os = "linux", 991 any( 992 target_arch = "x86_64", 993 target_arch = "x86", 994 target_arch = "arm", 995 target_arch = "aarch64" 996 ) 997 ))] 998 dlibc::SIGSTKFLT => " (SIGSTKFLT)", 999 #[cfg(any(target_os = "linux", target_os = "nto"))] 1000 dlibc::SIGPWR => " (SIGPWR)", 1001 #[cfg(any( 1002 target_os = "macos", 1003 target_os = "ios", 1004 target_os = "tvos", 1005 target_os = "freebsd", 1006 target_os = "netbsd", 1007 target_os = "openbsd", 1008 target_os = "dragonfly", 1009 target_os = "nto", 1010 ))] 1011 dlibc::SIGEMT => " (SIGEMT)", 1012 #[cfg(any( 1013 target_os = "macos", 1014 target_os = "ios", 1015 target_os = "tvos", 1016 target_os = "freebsd", 1017 target_os = "netbsd", 1018 target_os = "openbsd", 1019 target_os = "dragonfly" 1020 ))] 1021 dlibc::SIGINFO => " (SIGINFO)", 1022 _ => "", 1023 } 1024 } 1025 1026 impl fmt::Display for ExitStatus { 1027 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 1028 if let Some(code) = self.code() { 1029 write!(f, "exit status: {code}") 1030 } else if let Some(signal) = self.signal() { 1031 let signal_string = signal_string(signal); 1032 if self.core_dumped() { 1033 write!(f, "signal: {signal}{signal_string} (core dumped)") 1034 } else { 1035 write!(f, "signal: {signal}{signal_string}") 1036 } 1037 } else if let Some(signal) = self.stopped_signal() { 1038 let signal_string = signal_string(signal); 1039 write!( 1040 f, 1041 "stopped (not terminated) by signal: {signal}{signal_string}" 1042 ) 1043 } else if self.continued() { 1044 write!(f, "continued (WIFCONTINUED)") 1045 } else { 1046 write!(f, "unrecognised wait status: {} {:#x}", self.0, self.0) 1047 } 1048 } 1049 } 1050 1051 #[derive(PartialEq, Eq, Clone, Copy)] 1052 pub struct ExitStatusError(NonZero_c_int); 1053 1054 impl Into<ExitStatus> for ExitStatusError { 1055 fn into(self) -> ExitStatus { 1056 ExitStatus(self.0.into()) 1057 } 1058 } 1059 1060 impl fmt::Debug for ExitStatusError { 1061 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 1062 f.debug_tuple("unix_wait_status").field(&self.0).finish() 1063 } 1064 } 1065 1066 impl ExitStatusError { 1067 pub fn code(self) -> Option<NonZeroI32> { 1068 ExitStatus(self.0.into()) 1069 .code() 1070 .map(|st| st.try_into().unwrap()) 1071 } 1072 } 1073 1074 #[cfg(target_os = "linux")] 1075 impl crate::std::os::linux::process::ChildExt for crate::std::process::Child { 1076 fn pidfd(&self) -> io::Result<&PidFd> { 1077 self.handle 1078 .pidfd 1079 .as_ref() 1080 .ok_or_else(|| Error::new(ErrorKind::Uncategorized, "No pidfd was created.")) 1081 } 1082 1083 fn take_pidfd(&mut self) -> io::Result<PidFd> { 1084 self.handle 1085 .pidfd 1086 .take() 1087 .ok_or_else(|| Error::new(ErrorKind::Uncategorized, "No pidfd was created.")) 1088 } 1089 } 1090 1091 #[cfg(test)] 1092 #[path = "process_unix/tests.rs"] 1093 mod tests; 1094