picnoir
/
glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
glibc/posix/tst-spawn5.c

299 lines
8.2 KiB
C
Raw Normal View History

posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
/* Tests for posix_spawn signal handling.
Update copyright dates with scripts/update-copyrights I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 19:54:23 +01:00
Copyright (C) 2021-2022 Free Software Foundation, Inc.
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <stdio.h>
#include <stdlib.h>
#include <getopt.h>
#include <spawn.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <dirent.h>
#include <stdbool.h>
#include <errno.h>
#include <limits.h>
#include <support/check.h>
#include <support/xunistd.h>
#include <support/support.h>
#include <arch-fd_to_filename.h>
#include <array_length.h>
/* Nonzero if the program gets called via `exec'. */
static int restart;
/* Hold the four initial argument used to respawn the process, plus
the extra '--direct' and '--restart', and a final NULL. */
static char *initial_argv[7];
Properly run tst-spawn5 directly [BZ #28067] Change tst-spawn5.c to handle tst-spawn5 without optional path to ld.so, --library-path nor the library path when glibc is configured with --enable-hardcoded-path-in-tests. This fixes BZ #28067. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-09 14:57:51 +02:00
static int initial_argv_count;
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
#define CMDLINE_OPTIONS \
{ "restart", no_argument, &restart, 1 },
#define NFDS 100
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
static int
parse_fd (const char *str)
{
char *endptr;
long unsigned int fd = strtoul (str, &endptr, 10);
if (*endptr != '\0' || fd > INT_MAX)
FAIL_EXIT1 ("invalid file descriptor value: %s", str);
return fd;
}
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
/* Called on process re-execution. The arguments are the expected opened
file descriptors. */
_Noreturn static void
handle_restart (int argc, char *argv[])
{
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
TEST_VERIFY (argc > 0);
int lowfd = parse_fd (argv[0]);
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
size_t nfds = argc > 1 ? argc - 1 : 0;
struct fd_t
{
int fd;
_Bool found;
} *fds = xmalloc (sizeof (struct fd_t) * nfds);
for (int i = 0; i < nfds; i++)
{
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
fds[i].fd = parse_fd (argv[i + 1]);
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
fds[i].found = false;
}
DIR *dirp = opendir (FD_TO_FILENAME_PREFIX);
if (dirp == NULL)
FAIL_EXIT1 ("opendir (\"" FD_TO_FILENAME_PREFIX "\"): %m");
while (true)
{
errno = 0;
struct dirent64 *e = readdir64 (dirp);
if (e == NULL)
{
if (errno != 0)
FAIL_EXIT1 ("readdir: %m");
break;
}
if (e->d_name[0] == '.')
continue;
char *endptr;
long int fd = strtol (e->d_name, &endptr, 10);
if (*endptr != '\0' || fd < 0 || fd > INT_MAX)
FAIL_EXIT1 ("readdir: invalid file descriptor name: /proc/self/fd/%s",
e->d_name);
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
/* Ignore the descriptors not in the range of the opened files. */
if (fd < lowfd || fd == dirfd (dirp))
continue;
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
bool found = false;
for (int i = 0; i < nfds; i++)
if (fds[i].fd == fd)
fds[i].found = found = true;
if (!found)
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
{
char *path = xasprintf ("/proc/self/fd/%s", e->d_name);
char *resolved = xreadlink (path);
FAIL_EXIT1 ("unexpected open file descriptor %ld: %s", fd, resolved);
}
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
}
closedir (dirp);
for (int i = 0; i < nfds; i++)
if (!fds[i].found)
FAIL_EXIT1 ("file descriptor %d not opened", fds[i].fd);
free (fds);
exit (EXIT_SUCCESS);
}
static void
spawn_closefrom_test (posix_spawn_file_actions_t *fa, int lowfd, int highfd,
int *extrafds, size_t nextrafds)
{
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
/* 3 or 7 elements from initial_argv:
Properly run tst-spawn5 directly [BZ #28067] Change tst-spawn5.c to handle tst-spawn5 without optional path to ld.so, --library-path nor the library path when glibc is configured with --enable-hardcoded-path-in-tests. This fixes BZ #28067. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-09 14:57:51 +02:00
+ path to ld.so optional
+ --library-path optional
+ the library path optional
+ application name
+ --direct
+ --restart
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
+ lowest opened file descriptor
+ up to 2 * maximum_fd arguments (the expected open file descriptors),
plus NULL. */
Properly run tst-spawn5 directly [BZ #28067] Change tst-spawn5.c to handle tst-spawn5 without optional path to ld.so, --library-path nor the library path when glibc is configured with --enable-hardcoded-path-in-tests. This fixes BZ #28067. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-09 14:57:51 +02:00
int argv_size = initial_argv_count + 2 * NFDS + 1;
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
char *args[argv_size];
int argc = 0;
for (char **arg = initial_argv; *arg != NULL; arg++)
args[argc++] = *arg;
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
args[argc++] = xasprintf ("%d", lowfd);
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
for (int i = lowfd; i < highfd; i++)
args[argc++] = xasprintf ("%d", i);
for (int i = 0; i < nextrafds; i++)
args[argc++] = xasprintf ("%d", extrafds[i]);
args[argc] = NULL;
TEST_VERIFY (argc < argv_size);
pid_t pid;
int status;
TEST_COMPARE (posix_spawn (&pid, args[0], fa, NULL, args, environ), 0);
TEST_COMPARE (xwaitpid (pid, &status, 0), pid);
TEST_VERIFY (WIFEXITED (status));
TEST_VERIFY (!WIFSIGNALED (status));
TEST_COMPARE (WEXITSTATUS (status), 0);
}
static void
do_test_closefrom (void)
{
Use support_open_dev_null_range io/tst-closefrom, misc/tst-close_range, and posix/tst-spawn5 (BZ #28260) It ensures a continuous range of file descriptor and avoid hitting the RLIMIT_NOFILE. Checked on x86_64-linux-gnu.
2021-08-24 21:15:50 +02:00
int lowfd = support_open_dev_null_range (NFDS, O_RDONLY, 0600);
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
const int half_fd = lowfd + NFDS / 2;
/* Close half of the descriptors and check result. */
{
posix_spawn_file_actions_t fa;
TEST_COMPARE (posix_spawn_file_actions_init (&fa), 0);
int ret = posix_spawn_file_actions_addclosefrom_np (&fa, half_fd);
if (ret == EINVAL)
/* Hurd currently does not support closefrom fileaction. */
FAIL_UNSUPPORTED ("posix_spawn_file_actions_addclosefrom_np unsupported");
TEST_COMPARE (ret, 0);
spawn_closefrom_test (&fa, lowfd, half_fd, NULL, 0);
TEST_COMPARE (posix_spawn_file_actions_destroy (&fa), 0);
}
/* Create some gaps, close up to a threshold, and check result. */
xclose (lowfd + 57);
xclose (lowfd + 78);
xclose (lowfd + 81);
xclose (lowfd + 82);
xclose (lowfd + 84);
xclose (lowfd + 90);
{
posix_spawn_file_actions_t fa;
TEST_COMPARE (posix_spawn_file_actions_init (&fa), 0);
TEST_COMPARE (posix_spawn_file_actions_addclosefrom_np (&fa, half_fd), 0);
spawn_closefrom_test (&fa, lowfd, half_fd, NULL, 0);
TEST_COMPARE (posix_spawn_file_actions_destroy (&fa), 0);
}
/* Close the remaining but the last one. */
{
posix_spawn_file_actions_t fa;
TEST_COMPARE (posix_spawn_file_actions_init (&fa), 0);
TEST_COMPARE (posix_spawn_file_actions_addclosefrom_np (&fa, lowfd + 1), 0);
spawn_closefrom_test (&fa, lowfd, lowfd + 1, NULL, 0);
TEST_COMPARE (posix_spawn_file_actions_destroy (&fa), 0);
}
/* Close everything. */
{
posix_spawn_file_actions_t fa;
TEST_COMPARE (posix_spawn_file_actions_init (&fa), 0);
TEST_COMPARE (posix_spawn_file_actions_addclosefrom_np (&fa, lowfd), 0);
spawn_closefrom_test (&fa, lowfd, lowfd, NULL, 0);
TEST_COMPARE (posix_spawn_file_actions_destroy (&fa), 0);
}
/* Close a range and add some file actions. */
{
posix_spawn_file_actions_t fa;
TEST_COMPARE (posix_spawn_file_actions_init (&fa), 0);
TEST_COMPARE (posix_spawn_file_actions_addclosefrom_np (&fa, lowfd + 1), 0);
TEST_COMPARE (posix_spawn_file_actions_addopen (&fa, lowfd, "/dev/null",
0666, O_RDONLY), 0);
TEST_COMPARE (posix_spawn_file_actions_adddup2 (&fa, lowfd, lowfd + 1), 0);
TEST_COMPARE (posix_spawn_file_actions_addopen (&fa, lowfd, "/dev/null",
0666, O_RDONLY), 0);
spawn_closefrom_test (&fa, lowfd, lowfd, (int[]){lowfd, lowfd + 1}, 2);
TEST_COMPARE (posix_spawn_file_actions_destroy (&fa), 0);
}
}
static int
do_test (int argc, char *argv[])
{
/* We must have either:
- one or four parameters if called initially:
+ argv[1]: path for ld.so optional
+ argv[2]: "--library-path" optional
+ argv[3]: the library path optional
+ argv[4]: the application name
- six parameters left if called through re-execution:
+ argv[1]: the application name
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
+ argv[2]: the lowest file descriptor expected
+ argv[3]: first expected open file descriptor optional
+ argv[n]: last expected open file descritptor optional
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
* When built with --enable-hardcoded-path-in-tests or issued without
using the loader directly. */
if (restart)
posix: Ignore non opened files on tst-spawn5 The make program might open a pipe for its job server, which triggers an invalid check on the spawned process. This patch now passes the lowest file descriptor as ithe first argument, so only the range that was actually opened is checked. Checked on x86_64-linux-gnu and i686-linux-gnu and centos7 (which triggers the issue).
2021-07-13 15:46:23 +02:00
/* Ignore the application name. */
handle_restart (argc - 1, &argv[1]);
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
Properly run tst-spawn5 directly [BZ #28067] Change tst-spawn5.c to handle tst-spawn5 without optional path to ld.so, --library-path nor the library path when glibc is configured with --enable-hardcoded-path-in-tests. This fixes BZ #28067. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2021-07-09 14:57:51 +02:00
TEST_VERIFY_EXIT (argc == 2 || argc == 5);
int i;
for (i = 0; i < argc - 1; i++)
initial_argv[i] = argv[i + 1];
initial_argv[i++] = (char *) "--direct";
initial_argv[i++] = (char *) "--restart";
initial_argv_count = i;
posix: Add posix_spawn_file_actions_addclosefrom_np This patch adds a way to close a range of file descriptors on posix_spawn as a new file action. The API is similar to the one provided by Solaris 11 [1], where the file action causes the all open file descriptors greater than or equal to input on to be closed when the new process is spawned. The function posix_spawn_file_actions_addclosefrom_np is safe to be implemented by iterating over /proc/self/fd, since the Linux spawni.c helper process does not use CLONE_FILES, so its has own file descriptor table and any failure (in /proc operation) aborts the process creation and returns an error to the caller. I am aware that this file action might be redundant to the current approach of POSIX in promoting O_CLOEXEC in more interfaces. However O_CLOEXEC is still not the default and for some specific usages, the caller needs to close all possible file descriptors to avoid them leaking. Some examples are CPython (discussed in BZ#10353) and OpenJDK jspawnhelper [2] (where OpenJDK spawns a helper process to exactly closes all file descriptors). Most likely any environment which calls functions that might open file descriptor under the hood and aim to use posix_spawn might face the same requirement. Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15. [1] https://docs.oracle.com/cd/E36784_01/html/E36874/posix-spawn-file-actions-addclosefrom-np-3c.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/unix/native/libjava/childproc.c#L82
2021-03-10 16:26:33 +01:00
do_test_closefrom ();
return 0;
}
#define TEST_FUNCTION_ARGV do_test
#include <support/test-driver.c>