* proposed popen replacement using posix_spawn @ 2013-03-24 1:40 Rich Felker 2013-03-24 1:40 ` Rich Felker 0 siblings, 1 reply; 3+ messages in thread From: Rich Felker @ 2013-03-24 1:40 UTC (permalink / raw) To: musl Hi all, I've rewritten popen using posix_spawn and, based on minimal testing, it seems to be working. Please take a look and let me know if you see any issues with it; if I don't hear any problems soon I'll probably commit and fix bugs later if necessary. The important corner cases seem to be: - fd exhaustion - memory exhaustion - cases where stdio and/or stdout is closed prior to popen Rich ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: proposed popen replacement using posix_spawn 2013-03-24 1:40 proposed popen replacement using posix_spawn Rich Felker @ 2013-03-24 1:40 ` Rich Felker 2013-03-24 1:45 ` Rich Felker 0 siblings, 1 reply; 3+ messages in thread From: Rich Felker @ 2013-03-24 1:40 UTC (permalink / raw) To: musl [-- Attachment #1: Type: text/plain, Size: 266 bytes --] On Sat, Mar 23, 2013 at 09:40:17PM -0400, Rich Felker wrote: > Hi all, > > I've rewritten popen using posix_spawn and, based on minimal testing, > it seems to be working. Please take a look and let me know if you see And here's the forgotten attachment. :-) Rich [-- Attachment #2: popen.c --] [-- Type: text/plain, Size: 1187 bytes --] #include <fcntl.h> #include <unistd.h> #include <errno.h> #include <spawn.h> #include "stdio_impl.h" #include "syscall.h" extern char **__environ; FILE *popen(const char *cmd, const char *mode) { int p[2], op, e; pid_t pid; FILE *f; posix_spawn_file_actions_t fa; if (*mode == 'r') { op = 0; } else if (*mode == 'w') { op = 1; } else { errno = EINVAL; return 0; } if (pipe2(p, O_CLOEXEC)) return NULL; f = fdopen(p[op], mode); if (!f) { __syscall(SYS_close, p[0]); __syscall(SYS_close, p[1]); return NULL; } FLOCK(f); /* Remove close-on-exec flag if dup2 will be a no-op in the child */ if (p[1-op] == 1-op) fcntl(1-op, F_SETFD, 0); e = ENOMEM; if (!posix_spawn_file_actions_init(&fa)) { if (!posix_spawn_file_actions_adddup2(&fa, p[1-op], 1-op)) { if (!(e = posix_spawn(&pid, "/bin/sh", &fa, 0, (char *[]){ "sh", "-c", (char *)cmd, 0 }, __environ))) { posix_spawn_file_actions_destroy(&fa); f->pipe_pid = pid; fcntl(p[op], F_SETFD, 0); __syscall(SYS_close, p[1-op]); FUNLOCK(f); return f; } } posix_spawn_file_actions_destroy(&fa); } fclose(f); __syscall(SYS_close, p[1-op]); errno = e; return 0; } ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: proposed popen replacement using posix_spawn 2013-03-24 1:40 ` Rich Felker @ 2013-03-24 1:45 ` Rich Felker 0 siblings, 0 replies; 3+ messages in thread From: Rich Felker @ 2013-03-24 1:45 UTC (permalink / raw) To: musl On Sat, Mar 23, 2013 at 09:40:57PM -0400, Rich Felker wrote: > /* Remove close-on-exec flag if dup2 will be a no-op in the child */ > if (p[1-op] == 1-op) fcntl(1-op, F_SETFD, 0); This part is wrong; it creates a file descriptor leak race condition in the parent. The only solution I can see is that the parent must ensure p[1-op]!=1-op before calling posix_spawn. The easiest way to do that is to move p[1-op] to a new fd number using F_DUPFD_CLOEXEC when this happens, and fail the entire operation if this fails. I'll update the code accordingly. Rich ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-03-24 1:45 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-03-24 1:40 proposed popen replacement using posix_spawn Rich Felker 2013-03-24 1:40 ` Rich Felker 2013-03-24 1:45 ` Rich Felker
Code repositories for project(s) associated with this public inbox https://git.vuxu.org/mirror/musl/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).