1 /* Authors: Gregory P. Smith & Jeffrey Yasskin */
2 #include "Python.h"
3 #if defined(HAVE_PIPE2) && !defined(_GNU_SOURCE)
4 # define _GNU_SOURCE
5 #endif
6 #include <unistd.h>
7 #include <fcntl.h>
8 #ifdef HAVE_SYS_TYPES_H
9 #include <sys/types.h>
10 #endif
11 #if defined(HAVE_SYS_STAT_H) && defined(__FreeBSD__)
12 #include <sys/stat.h>
13 #endif
14 #ifdef HAVE_SYS_SYSCALL_H
15 #include <sys/syscall.h>
16 #endif
17 #if defined(HAVE_SYS_RESOURCE_H)
18 #include <sys/resource.h>
19 #endif
20 #ifdef HAVE_DIRENT_H
21 #include <dirent.h>
22 #endif
23
24 #include "posixmodule.h"
25
26 #ifdef _Py_MEMORY_SANITIZER
27 # include <sanitizer/msan_interface.h>
28 #endif
29
30 #if defined(__ANDROID__) && __ANDROID_API__ < 21 && !defined(SYS_getdents64)
31 # include <sys/linux-syscalls.h>
32 # define SYS_getdents64 __NR_getdents64
33 #endif
34
35 #if defined(__sun) && defined(__SVR4)
36 /* readdir64 is used to work around Solaris 9 bug 6395699. */
37 # define readdir readdir64
38 # define dirent dirent64
39 # if !defined(HAVE_DIRFD)
40 /* Some versions of Solaris lack dirfd(). */
41 # define dirfd(dirp) ((dirp)->dd_fd)
42 # define HAVE_DIRFD
43 # endif
44 #endif
45
46 #if defined(__FreeBSD__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__DragonFly__)
47 # define FD_DIR "/dev/fd"
48 #else
49 # define FD_DIR "/proc/self/fd"
50 #endif
51
52 #define POSIX_CALL(call) do { if ((call) == -1) goto error; } while (0)
53
54
55 /* If gc was disabled, call gc.enable(). Return 0 on success. */
56 static int
_enable_gc(int need_to_reenable_gc,PyObject * gc_module)57 _enable_gc(int need_to_reenable_gc, PyObject *gc_module)
58 {
59 PyObject *result;
60 _Py_IDENTIFIER(enable);
61 PyObject *exctype, *val, *tb;
62
63 if (need_to_reenable_gc) {
64 PyErr_Fetch(&exctype, &val, &tb);
65 result = _PyObject_CallMethodId(gc_module, &PyId_enable, NULL);
66 if (exctype != NULL) {
67 PyErr_Restore(exctype, val, tb);
68 }
69 if (result == NULL) {
70 return 1;
71 }
72 Py_DECREF(result);
73 }
74 return 0;
75 }
76
77
78 /* Convert ASCII to a positive int, no libc call. no overflow. -1 on error. */
79 static int
_pos_int_from_ascii(const char * name)80 _pos_int_from_ascii(const char *name)
81 {
82 int num = 0;
83 while (*name >= '0' && *name <= '9') {
84 num = num * 10 + (*name - '0');
85 ++name;
86 }
87 if (*name)
88 return -1; /* Non digit found, not a number. */
89 return num;
90 }
91
92
93 #if defined(__FreeBSD__) || defined(__DragonFly__)
94 /* When /dev/fd isn't mounted it is often a static directory populated
95 * with 0 1 2 or entries for 0 .. 63 on FreeBSD, NetBSD, OpenBSD and DragonFlyBSD.
96 * NetBSD and OpenBSD have a /proc fs available (though not necessarily
97 * mounted) and do not have fdescfs for /dev/fd. MacOS X has a devfs
98 * that properly supports /dev/fd.
99 */
100 static int
_is_fdescfs_mounted_on_dev_fd(void)101 _is_fdescfs_mounted_on_dev_fd(void)
102 {
103 struct stat dev_stat;
104 struct stat dev_fd_stat;
105 if (stat("/dev", &dev_stat) != 0)
106 return 0;
107 if (stat(FD_DIR, &dev_fd_stat) != 0)
108 return 0;
109 if (dev_stat.st_dev == dev_fd_stat.st_dev)
110 return 0; /* / == /dev == /dev/fd means it is static. #fail */
111 return 1;
112 }
113 #endif
114
115
116 /* Returns 1 if there is a problem with fd_sequence, 0 otherwise. */
117 static int
_sanity_check_python_fd_sequence(PyObject * fd_sequence)118 _sanity_check_python_fd_sequence(PyObject *fd_sequence)
119 {
120 Py_ssize_t seq_idx;
121 long prev_fd = -1;
122 for (seq_idx = 0; seq_idx < PyTuple_GET_SIZE(fd_sequence); ++seq_idx) {
123 PyObject* py_fd = PyTuple_GET_ITEM(fd_sequence, seq_idx);
124 long iter_fd;
125 if (!PyLong_Check(py_fd)) {
126 return 1;
127 }
128 iter_fd = PyLong_AsLong(py_fd);
129 if (iter_fd < 0 || iter_fd <= prev_fd || iter_fd > INT_MAX) {
130 /* Negative, overflow, unsorted, too big for a fd. */
131 return 1;
132 }
133 prev_fd = iter_fd;
134 }
135 return 0;
136 }
137
138
139 /* Is fd found in the sorted Python Sequence? */
140 static int
_is_fd_in_sorted_fd_sequence(int fd,PyObject * fd_sequence)141 _is_fd_in_sorted_fd_sequence(int fd, PyObject *fd_sequence)
142 {
143 /* Binary search. */
144 Py_ssize_t search_min = 0;
145 Py_ssize_t search_max = PyTuple_GET_SIZE(fd_sequence) - 1;
146 if (search_max < 0)
147 return 0;
148 do {
149 long middle = (search_min + search_max) / 2;
150 long middle_fd = PyLong_AsLong(PyTuple_GET_ITEM(fd_sequence, middle));
151 if (fd == middle_fd)
152 return 1;
153 if (fd > middle_fd)
154 search_min = middle + 1;
155 else
156 search_max = middle - 1;
157 } while (search_min <= search_max);
158 return 0;
159 }
160
161 static int
make_inheritable(PyObject * py_fds_to_keep,int errpipe_write)162 make_inheritable(PyObject *py_fds_to_keep, int errpipe_write)
163 {
164 Py_ssize_t i, len;
165
166 len = PyTuple_GET_SIZE(py_fds_to_keep);
167 for (i = 0; i < len; ++i) {
168 PyObject* fdobj = PyTuple_GET_ITEM(py_fds_to_keep, i);
169 long fd = PyLong_AsLong(fdobj);
170 assert(!PyErr_Occurred());
171 assert(0 <= fd && fd <= INT_MAX);
172 if (fd == errpipe_write) {
173 /* errpipe_write is part of py_fds_to_keep. It must be closed at
174 exec(), but kept open in the child process until exec() is
175 called. */
176 continue;
177 }
178 if (_Py_set_inheritable_async_safe((int)fd, 1, NULL) < 0)
179 return -1;
180 }
181 return 0;
182 }
183
184
185 /* Get the maximum file descriptor that could be opened by this process.
186 * This function is async signal safe for use between fork() and exec().
187 */
188 static long
safe_get_max_fd(void)189 safe_get_max_fd(void)
190 {
191 long local_max_fd;
192 #if defined(__NetBSD__)
193 local_max_fd = fcntl(0, F_MAXFD);
194 if (local_max_fd >= 0)
195 return local_max_fd;
196 #endif
197 #if defined(HAVE_SYS_RESOURCE_H) && defined(__OpenBSD__)
198 struct rlimit rl;
199 /* Not on the POSIX async signal safe functions list but likely
200 * safe. TODO - Someone should audit OpenBSD to make sure. */
201 if (getrlimit(RLIMIT_NOFILE, &rl) >= 0)
202 return (long) rl.rlim_max;
203 #endif
204 #ifdef _SC_OPEN_MAX
205 local_max_fd = sysconf(_SC_OPEN_MAX);
206 if (local_max_fd == -1)
207 #endif
208 local_max_fd = 256; /* Matches legacy Lib/subprocess.py behavior. */
209 return local_max_fd;
210 }
211
212
213 /* Close all file descriptors in the range from start_fd and higher
214 * except for those in py_fds_to_keep. If the range defined by
215 * [start_fd, safe_get_max_fd()) is large this will take a long
216 * time as it calls close() on EVERY possible fd.
217 *
218 * It isn't possible to know for sure what the max fd to go up to
219 * is for processes with the capability of raising their maximum.
220 */
221 static void
_close_fds_by_brute_force(long start_fd,PyObject * py_fds_to_keep)222 _close_fds_by_brute_force(long start_fd, PyObject *py_fds_to_keep)
223 {
224 long end_fd = safe_get_max_fd();
225 Py_ssize_t num_fds_to_keep = PyTuple_GET_SIZE(py_fds_to_keep);
226 Py_ssize_t keep_seq_idx;
227 /* As py_fds_to_keep is sorted we can loop through the list closing
228 * fds in between any in the keep list falling within our range. */
229 for (keep_seq_idx = 0; keep_seq_idx < num_fds_to_keep; ++keep_seq_idx) {
230 PyObject* py_keep_fd = PyTuple_GET_ITEM(py_fds_to_keep, keep_seq_idx);
231 int keep_fd = PyLong_AsLong(py_keep_fd);
232 if (keep_fd < start_fd)
233 continue;
234 _Py_closerange(start_fd, keep_fd - 1);
235 start_fd = keep_fd + 1;
236 }
237 if (start_fd <= end_fd) {
238 _Py_closerange(start_fd, end_fd);
239 }
240 }
241
242
243 #if defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)
244 /* It doesn't matter if d_name has room for NAME_MAX chars; we're using this
245 * only to read a directory of short file descriptor number names. The kernel
246 * will return an error if we didn't give it enough space. Highly Unlikely.
247 * This structure is very old and stable: It will not change unless the kernel
248 * chooses to break compatibility with all existing binaries. Highly Unlikely.
249 */
250 struct linux_dirent64 {
251 unsigned long long d_ino;
252 long long d_off;
253 unsigned short d_reclen; /* Length of this linux_dirent */
254 unsigned char d_type;
255 char d_name[256]; /* Filename (null-terminated) */
256 };
257
258 /* Close all open file descriptors in the range from start_fd and higher
259 * Do not close any in the sorted py_fds_to_keep list.
260 *
261 * This version is async signal safe as it does not make any unsafe C library
262 * calls, malloc calls or handle any locks. It is _unfortunate_ to be forced
263 * to resort to making a kernel system call directly but this is the ONLY api
264 * available that does no harm. opendir/readdir/closedir perform memory
265 * allocation and locking so while they usually work they are not guaranteed
266 * to (especially if you have replaced your malloc implementation). A version
267 * of this function that uses those can be found in the _maybe_unsafe variant.
268 *
269 * This is Linux specific because that is all I am ready to test it on. It
270 * should be easy to add OS specific dirent or dirent64 structures and modify
271 * it with some cpp #define magic to work on other OSes as well if you want.
272 */
273 static void
_close_open_fds_safe(int start_fd,PyObject * py_fds_to_keep)274 _close_open_fds_safe(int start_fd, PyObject* py_fds_to_keep)
275 {
276 int fd_dir_fd;
277
278 fd_dir_fd = _Py_open_noraise(FD_DIR, O_RDONLY);
279 if (fd_dir_fd == -1) {
280 /* No way to get a list of open fds. */
281 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
282 return;
283 } else {
284 char buffer[sizeof(struct linux_dirent64)];
285 int bytes;
286 while ((bytes = syscall(SYS_getdents64, fd_dir_fd,
287 (struct linux_dirent64 *)buffer,
288 sizeof(buffer))) > 0) {
289 struct linux_dirent64 *entry;
290 int offset;
291 #ifdef _Py_MEMORY_SANITIZER
292 __msan_unpoison(buffer, bytes);
293 #endif
294 for (offset = 0; offset < bytes; offset += entry->d_reclen) {
295 int fd;
296 entry = (struct linux_dirent64 *)(buffer + offset);
297 if ((fd = _pos_int_from_ascii(entry->d_name)) < 0)
298 continue; /* Not a number. */
299 if (fd != fd_dir_fd && fd >= start_fd &&
300 !_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
301 close(fd);
302 }
303 }
304 }
305 close(fd_dir_fd);
306 }
307 }
308
309 #define _close_open_fds _close_open_fds_safe
310
311 #else /* NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
312
313
314 /* Close all open file descriptors from start_fd and higher.
315 * Do not close any in the sorted py_fds_to_keep tuple.
316 *
317 * This function violates the strict use of async signal safe functions. :(
318 * It calls opendir(), readdir() and closedir(). Of these, the one most
319 * likely to ever cause a problem is opendir() as it performs an internal
320 * malloc(). Practically this should not be a problem. The Java VM makes the
321 * same calls between fork and exec in its own UNIXProcess_md.c implementation.
322 *
323 * readdir_r() is not used because it provides no benefit. It is typically
324 * implemented as readdir() followed by memcpy(). See also:
325 * http://womble.decadent.org.uk/readdir_r-advisory.html
326 */
327 static void
_close_open_fds_maybe_unsafe(long start_fd,PyObject * py_fds_to_keep)328 _close_open_fds_maybe_unsafe(long start_fd, PyObject* py_fds_to_keep)
329 {
330 DIR *proc_fd_dir;
331 #ifndef HAVE_DIRFD
332 while (_is_fd_in_sorted_fd_sequence(start_fd, py_fds_to_keep)) {
333 ++start_fd;
334 }
335 /* Close our lowest fd before we call opendir so that it is likely to
336 * reuse that fd otherwise we might close opendir's file descriptor in
337 * our loop. This trick assumes that fd's are allocated on a lowest
338 * available basis. */
339 close(start_fd);
340 ++start_fd;
341 #endif
342
343 #if defined(__FreeBSD__) || defined(__DragonFly__)
344 if (!_is_fdescfs_mounted_on_dev_fd())
345 proc_fd_dir = NULL;
346 else
347 #endif
348 proc_fd_dir = opendir(FD_DIR);
349 if (!proc_fd_dir) {
350 /* No way to get a list of open fds. */
351 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
352 } else {
353 struct dirent *dir_entry;
354 #ifdef HAVE_DIRFD
355 int fd_used_by_opendir = dirfd(proc_fd_dir);
356 #else
357 int fd_used_by_opendir = start_fd - 1;
358 #endif
359 errno = 0;
360 while ((dir_entry = readdir(proc_fd_dir))) {
361 int fd;
362 if ((fd = _pos_int_from_ascii(dir_entry->d_name)) < 0)
363 continue; /* Not a number. */
364 if (fd != fd_used_by_opendir && fd >= start_fd &&
365 !_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
366 close(fd);
367 }
368 errno = 0;
369 }
370 if (errno) {
371 /* readdir error, revert behavior. Highly Unlikely. */
372 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
373 }
374 closedir(proc_fd_dir);
375 }
376 }
377
378 #define _close_open_fds _close_open_fds_maybe_unsafe
379
380 #endif /* else NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
381
382
383 /*
384 * This function is code executed in the child process immediately after fork
385 * to set things up and call exec().
386 *
387 * All of the code in this function must only use async-signal-safe functions,
388 * listed at `man 7 signal` or
389 * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
390 *
391 * This restriction is documented at
392 * http://www.opengroup.org/onlinepubs/009695399/functions/fork.html.
393 */
394 static void
child_exec(char * const exec_array[],char * const argv[],char * const envp[],const char * cwd,int p2cread,int p2cwrite,int c2pread,int c2pwrite,int errread,int errwrite,int errpipe_read,int errpipe_write,int close_fds,int restore_signals,int call_setsid,PyObject * py_fds_to_keep,PyObject * preexec_fn,PyObject * preexec_fn_args_tuple)395 child_exec(char *const exec_array[],
396 char *const argv[],
397 char *const envp[],
398 const char *cwd,
399 int p2cread, int p2cwrite,
400 int c2pread, int c2pwrite,
401 int errread, int errwrite,
402 int errpipe_read, int errpipe_write,
403 int close_fds, int restore_signals,
404 int call_setsid,
405 PyObject *py_fds_to_keep,
406 PyObject *preexec_fn,
407 PyObject *preexec_fn_args_tuple)
408 {
409 int i, saved_errno, reached_preexec = 0;
410 PyObject *result;
411 const char* err_msg = "";
412 /* Buffer large enough to hold a hex integer. We can't malloc. */
413 char hex_errno[sizeof(saved_errno)*2+1];
414
415 if (make_inheritable(py_fds_to_keep, errpipe_write) < 0)
416 goto error;
417
418 /* Close parent's pipe ends. */
419 if (p2cwrite != -1)
420 POSIX_CALL(close(p2cwrite));
421 if (c2pread != -1)
422 POSIX_CALL(close(c2pread));
423 if (errread != -1)
424 POSIX_CALL(close(errread));
425 POSIX_CALL(close(errpipe_read));
426
427 /* When duping fds, if there arises a situation where one of the fds is
428 either 0, 1 or 2, it is possible that it is overwritten (#12607). */
429 if (c2pwrite == 0) {
430 POSIX_CALL(c2pwrite = dup(c2pwrite));
431 /* issue32270 */
432 if (_Py_set_inheritable_async_safe(c2pwrite, 0, NULL) < 0) {
433 goto error;
434 }
435 }
436 while (errwrite == 0 || errwrite == 1) {
437 POSIX_CALL(errwrite = dup(errwrite));
438 /* issue32270 */
439 if (_Py_set_inheritable_async_safe(errwrite, 0, NULL) < 0) {
440 goto error;
441 }
442 }
443
444 /* Dup fds for child.
445 dup2() removes the CLOEXEC flag but we must do it ourselves if dup2()
446 would be a no-op (issue #10806). */
447 if (p2cread == 0) {
448 if (_Py_set_inheritable_async_safe(p2cread, 1, NULL) < 0)
449 goto error;
450 }
451 else if (p2cread != -1)
452 POSIX_CALL(dup2(p2cread, 0)); /* stdin */
453
454 if (c2pwrite == 1) {
455 if (_Py_set_inheritable_async_safe(c2pwrite, 1, NULL) < 0)
456 goto error;
457 }
458 else if (c2pwrite != -1)
459 POSIX_CALL(dup2(c2pwrite, 1)); /* stdout */
460
461 if (errwrite == 2) {
462 if (_Py_set_inheritable_async_safe(errwrite, 1, NULL) < 0)
463 goto error;
464 }
465 else if (errwrite != -1)
466 POSIX_CALL(dup2(errwrite, 2)); /* stderr */
467
468 /* We no longer manually close p2cread, c2pwrite, and errwrite here as
469 * _close_open_fds takes care when it is not already non-inheritable. */
470
471 if (cwd)
472 POSIX_CALL(chdir(cwd));
473
474 if (restore_signals)
475 _Py_RestoreSignals();
476
477 #ifdef HAVE_SETSID
478 if (call_setsid)
479 POSIX_CALL(setsid());
480 #endif
481
482 reached_preexec = 1;
483 if (preexec_fn != Py_None && preexec_fn_args_tuple) {
484 /* This is where the user has asked us to deadlock their program. */
485 result = PyObject_Call(preexec_fn, preexec_fn_args_tuple, NULL);
486 if (result == NULL) {
487 /* Stringifying the exception or traceback would involve
488 * memory allocation and thus potential for deadlock.
489 * We've already faced potential deadlock by calling back
490 * into Python in the first place, so it probably doesn't
491 * matter but we avoid it to minimize the possibility. */
492 err_msg = "Exception occurred in preexec_fn.";
493 errno = 0; /* We don't want to report an OSError. */
494 goto error;
495 }
496 /* Py_DECREF(result); - We're about to exec so why bother? */
497 }
498
499 /* close FDs after executing preexec_fn, which might open FDs */
500 if (close_fds) {
501 /* TODO HP-UX could use pstat_getproc() if anyone cares about it. */
502 _close_open_fds(3, py_fds_to_keep);
503 }
504
505 /* This loop matches the Lib/os.py _execvpe()'s PATH search when */
506 /* given the executable_list generated by Lib/subprocess.py. */
507 saved_errno = 0;
508 for (i = 0; exec_array[i] != NULL; ++i) {
509 const char *executable = exec_array[i];
510 if (envp) {
511 execve(executable, argv, envp);
512 } else {
513 execv(executable, argv);
514 }
515 if (errno != ENOENT && errno != ENOTDIR && saved_errno == 0) {
516 saved_errno = errno;
517 }
518 }
519 /* Report the first exec error, not the last. */
520 if (saved_errno)
521 errno = saved_errno;
522
523 error:
524 saved_errno = errno;
525 /* Report the posix error to our parent process. */
526 /* We ignore all write() return values as the total size of our writes is
527 less than PIPEBUF and we cannot do anything about an error anyways.
528 Use _Py_write_noraise() to retry write() if it is interrupted by a
529 signal (fails with EINTR). */
530 if (saved_errno) {
531 char *cur;
532 _Py_write_noraise(errpipe_write, "OSError:", 8);
533 cur = hex_errno + sizeof(hex_errno);
534 while (saved_errno != 0 && cur != hex_errno) {
535 *--cur = Py_hexdigits[saved_errno % 16];
536 saved_errno /= 16;
537 }
538 _Py_write_noraise(errpipe_write, cur, hex_errno + sizeof(hex_errno) - cur);
539 _Py_write_noraise(errpipe_write, ":", 1);
540 if (!reached_preexec) {
541 /* Indicate to the parent that the error happened before exec(). */
542 _Py_write_noraise(errpipe_write, "noexec", 6);
543 }
544 /* We can't call strerror(saved_errno). It is not async signal safe.
545 * The parent process will look the error message up. */
546 } else {
547 _Py_write_noraise(errpipe_write, "SubprocessError:0:", 18);
548 _Py_write_noraise(errpipe_write, err_msg, strlen(err_msg));
549 }
550 }
551
552
553 static PyObject *
subprocess_fork_exec(PyObject * self,PyObject * args)554 subprocess_fork_exec(PyObject* self, PyObject *args)
555 {
556 PyObject *gc_module = NULL;
557 PyObject *executable_list, *py_fds_to_keep;
558 PyObject *env_list, *preexec_fn;
559 PyObject *process_args, *converted_args = NULL, *fast_args = NULL;
560 PyObject *preexec_fn_args_tuple = NULL;
561 int p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite;
562 int errpipe_read, errpipe_write, close_fds, restore_signals;
563 int call_setsid;
564 PyObject *cwd_obj, *cwd_obj2;
565 const char *cwd;
566 pid_t pid;
567 int need_to_reenable_gc = 0;
568 char *const *exec_array, *const *argv = NULL, *const *envp = NULL;
569 Py_ssize_t arg_num;
570 int need_after_fork = 0;
571 int saved_errno = 0;
572
573 if (!PyArg_ParseTuple(
574 args, "OOpO!OOiiiiiiiiiiO:fork_exec",
575 &process_args, &executable_list,
576 &close_fds, &PyTuple_Type, &py_fds_to_keep,
577 &cwd_obj, &env_list,
578 &p2cread, &p2cwrite, &c2pread, &c2pwrite,
579 &errread, &errwrite, &errpipe_read, &errpipe_write,
580 &restore_signals, &call_setsid, &preexec_fn))
581 return NULL;
582
583 if ((preexec_fn != Py_None) &&
584 (_PyInterpreterState_Get() != PyInterpreterState_Main())) {
585 PyErr_SetString(PyExc_RuntimeError,
586 "preexec_fn not supported within subinterpreters");
587 return NULL;
588 }
589
590 if (close_fds && errpipe_write < 3) { /* precondition */
591 PyErr_SetString(PyExc_ValueError, "errpipe_write must be >= 3");
592 return NULL;
593 }
594 if (_sanity_check_python_fd_sequence(py_fds_to_keep)) {
595 PyErr_SetString(PyExc_ValueError, "bad value(s) in fds_to_keep");
596 return NULL;
597 }
598
599 /* We need to call gc.disable() when we'll be calling preexec_fn */
600 if (preexec_fn != Py_None) {
601 PyObject *result;
602 _Py_IDENTIFIER(isenabled);
603 _Py_IDENTIFIER(disable);
604
605 gc_module = PyImport_ImportModule("gc");
606 if (gc_module == NULL)
607 return NULL;
608 result = _PyObject_CallMethodId(gc_module, &PyId_isenabled, NULL);
609 if (result == NULL) {
610 Py_DECREF(gc_module);
611 return NULL;
612 }
613 need_to_reenable_gc = PyObject_IsTrue(result);
614 Py_DECREF(result);
615 if (need_to_reenable_gc == -1) {
616 Py_DECREF(gc_module);
617 return NULL;
618 }
619 result = _PyObject_CallMethodId(gc_module, &PyId_disable, NULL);
620 if (result == NULL) {
621 Py_DECREF(gc_module);
622 return NULL;
623 }
624 Py_DECREF(result);
625 }
626
627 exec_array = _PySequence_BytesToCharpArray(executable_list);
628 if (!exec_array)
629 goto cleanup;
630
631 /* Convert args and env into appropriate arguments for exec() */
632 /* These conversions are done in the parent process to avoid allocating
633 or freeing memory in the child process. */
634 if (process_args != Py_None) {
635 Py_ssize_t num_args;
636 /* Equivalent to: */
637 /* tuple(PyUnicode_FSConverter(arg) for arg in process_args) */
638 fast_args = PySequence_Fast(process_args, "argv must be a tuple");
639 if (fast_args == NULL)
640 goto cleanup;
641 num_args = PySequence_Fast_GET_SIZE(fast_args);
642 converted_args = PyTuple_New(num_args);
643 if (converted_args == NULL)
644 goto cleanup;
645 for (arg_num = 0; arg_num < num_args; ++arg_num) {
646 PyObject *borrowed_arg, *converted_arg;
647 if (PySequence_Fast_GET_SIZE(fast_args) != num_args) {
648 PyErr_SetString(PyExc_RuntimeError, "args changed during iteration");
649 goto cleanup;
650 }
651 borrowed_arg = PySequence_Fast_GET_ITEM(fast_args, arg_num);
652 if (PyUnicode_FSConverter(borrowed_arg, &converted_arg) == 0)
653 goto cleanup;
654 PyTuple_SET_ITEM(converted_args, arg_num, converted_arg);
655 }
656
657 argv = _PySequence_BytesToCharpArray(converted_args);
658 Py_CLEAR(converted_args);
659 Py_CLEAR(fast_args);
660 if (!argv)
661 goto cleanup;
662 }
663
664 if (env_list != Py_None) {
665 envp = _PySequence_BytesToCharpArray(env_list);
666 if (!envp)
667 goto cleanup;
668 }
669
670 if (cwd_obj != Py_None) {
671 if (PyUnicode_FSConverter(cwd_obj, &cwd_obj2) == 0)
672 goto cleanup;
673 cwd = PyBytes_AsString(cwd_obj2);
674 } else {
675 cwd = NULL;
676 cwd_obj2 = NULL;
677 }
678
679 /* This must be the last thing done before fork() because we do not
680 * want to call PyOS_BeforeFork() if there is any chance of another
681 * error leading to the cleanup: code without calling fork(). */
682 if (preexec_fn != Py_None) {
683 preexec_fn_args_tuple = PyTuple_New(0);
684 if (!preexec_fn_args_tuple)
685 goto cleanup;
686 PyOS_BeforeFork();
687 need_after_fork = 1;
688 }
689
690 pid = fork();
691 if (pid == 0) {
692 /* Child process */
693 /*
694 * Code from here to _exit() must only use async-signal-safe functions,
695 * listed at `man 7 signal` or
696 * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
697 */
698
699 if (preexec_fn != Py_None) {
700 /* We'll be calling back into Python later so we need to do this.
701 * This call may not be async-signal-safe but neither is calling
702 * back into Python. The user asked us to use hope as a strategy
703 * to avoid deadlock... */
704 PyOS_AfterFork_Child();
705 }
706
707 child_exec(exec_array, argv, envp, cwd,
708 p2cread, p2cwrite, c2pread, c2pwrite,
709 errread, errwrite, errpipe_read, errpipe_write,
710 close_fds, restore_signals, call_setsid,
711 py_fds_to_keep, preexec_fn, preexec_fn_args_tuple);
712 _exit(255);
713 return NULL; /* Dead code to avoid a potential compiler warning. */
714 }
715 /* Parent (original) process */
716 if (pid == -1) {
717 /* Capture errno for the exception. */
718 saved_errno = errno;
719 }
720
721 Py_XDECREF(cwd_obj2);
722
723 if (need_after_fork)
724 PyOS_AfterFork_Parent();
725 if (envp)
726 _Py_FreeCharPArray(envp);
727 if (argv)
728 _Py_FreeCharPArray(argv);
729 _Py_FreeCharPArray(exec_array);
730
731 /* Reenable gc in the parent process (or if fork failed). */
732 if (_enable_gc(need_to_reenable_gc, gc_module)) {
733 pid = -1;
734 }
735 Py_XDECREF(preexec_fn_args_tuple);
736 Py_XDECREF(gc_module);
737
738 if (pid == -1) {
739 errno = saved_errno;
740 /* We can't call this above as PyOS_AfterFork_Parent() calls back
741 * into Python code which would see the unreturned error. */
742 PyErr_SetFromErrno(PyExc_OSError);
743 return NULL; /* fork() failed. */
744 }
745
746 return PyLong_FromPid(pid);
747
748 cleanup:
749 if (envp)
750 _Py_FreeCharPArray(envp);
751 if (argv)
752 _Py_FreeCharPArray(argv);
753 if (exec_array)
754 _Py_FreeCharPArray(exec_array);
755 Py_XDECREF(converted_args);
756 Py_XDECREF(fast_args);
757 Py_XDECREF(preexec_fn_args_tuple);
758 _enable_gc(need_to_reenable_gc, gc_module);
759 Py_XDECREF(gc_module);
760 return NULL;
761 }
762
763
764 PyDoc_STRVAR(subprocess_fork_exec_doc,
765 "fork_exec(args, executable_list, close_fds, cwd, env,\n\
766 p2cread, p2cwrite, c2pread, c2pwrite,\n\
767 errread, errwrite, errpipe_read, errpipe_write,\n\
768 restore_signals, call_setsid, preexec_fn)\n\
769 \n\
770 Forks a child process, closes parent file descriptors as appropriate in the\n\
771 child and dups the few that are needed before calling exec() in the child\n\
772 process.\n\
773 \n\
774 The preexec_fn, if supplied, will be called immediately before exec.\n\
775 WARNING: preexec_fn is NOT SAFE if your application uses threads.\n\
776 It may trigger infrequent, difficult to debug deadlocks.\n\
777 \n\
778 If an error occurs in the child process before the exec, it is\n\
779 serialized and written to the errpipe_write fd per subprocess.py.\n\
780 \n\
781 Returns: the child process's PID.\n\
782 \n\
783 Raises: Only on an error in the parent process.\n\
784 ");
785
786 /* module level code ********************************************************/
787
788 PyDoc_STRVAR(module_doc,
789 "A POSIX helper for the subprocess module.");
790
791
792 static PyMethodDef module_methods[] = {
793 {"fork_exec", subprocess_fork_exec, METH_VARARGS, subprocess_fork_exec_doc},
794 {NULL, NULL} /* sentinel */
795 };
796
797
798 static struct PyModuleDef _posixsubprocessmodule = {
799 PyModuleDef_HEAD_INIT,
800 "_posixsubprocess",
801 module_doc,
802 -1, /* No memory is needed. */
803 module_methods,
804 };
805
806 PyMODINIT_FUNC
PyInit__posixsubprocess(void)807 PyInit__posixsubprocess(void)
808 {
809 return PyModule_Create(&_posixsubprocessmodule);
810 }
811