@@ -5,6 +5,8 @@
__typeof (posix_spawn) __posix_spawn;
libc_hidden_proto (__posix_spawn)
+__typeof (posix_spawn) __posix_spawn_cancellable attribute_hidden;
+
__typeof (posix_spawn_file_actions_addclose)
__posix_spawn_file_actions_addclose attribute_hidden;
@@ -33,6 +33,20 @@ versioned_symbol (libc, __posix_spawn, posix_spawn, GLIBC_2_15);
libc_hidden_def (__posix_spawn)
+/* Same as __posix_spawn but allows asynchronous cancellation. It is used
+ internally on SYSTEM implementation to avoid leak a process ID through
+ a cancellation handler. */
+int
+__posix_spawn_cancellable (pid_t *pid, const char *path,
+ const posix_spawn_file_actions_t *file_actions,
+ const posix_spawnattr_t *attrp, char *const argv[],
+ char *const envp[])
+{
+ return __spawni (pid, path, file_actions, attrp, argv, envp,
+ SPAWN_XFLAGS_ENABLE_CANCEL);
+}
+
+
#if SHLIB_COMPAT (libc, GLIBC_2_2, GLIBC_2_15)
int
attribute_compat_text_section
@@ -55,6 +55,7 @@ struct __spawn_action
#define SPAWN_XFLAGS_USE_PATH 0x1
#define SPAWN_XFLAGS_TRY_SHELL 0x2
+#define SPAWN_XFLAGS_ENABLE_CANCEL 0x3
extern int __posix_spawn_file_actions_realloc (posix_spawn_file_actions_t *
file_actions)
@@ -17,3 +17,5 @@
<http://www.gnu.org/licenses/>. */
extern __typeof (__access) __access_noerrno attribute_hidden;
+
+extern __typeof (__kill) __kill_noerrno attribute_hidden;
@@ -256,8 +256,9 @@ __spawnix (pid_t *pid, const char *file,
/* Disable asynchronous cancellation. */
int state;
- __libc_ptf_call (__pthread_setcancelstate,
- (PTHREAD_CANCEL_DISABLE, &state), 0);
+ if ((xflags & SPAWN_XFLAGS_ENABLE_CANCEL) == 0)
+ __libc_ptf_call (__pthread_setcancelstate,
+ (PTHREAD_CANCEL_DISABLE, &state), 0);
ptrdiff_t argc = 0;
ptrdiff_t limit = INT_MAX - 1;
@@ -299,7 +300,8 @@ __spawnix (pid_t *pid, const char *file,
if ((ec == 0) && (pid != NULL))
*pid = new_pid;
- __libc_ptf_call (__pthread_setcancelstate, (state, NULL), 0);
+ if ((xflags & SPAWN_XFLAGS_ENABLE_CANCEL) == 0)
+ __libc_ptf_call (__pthread_setcancelstate, (state, NULL), 0);
return ec;
}
@@ -17,20 +17,22 @@
#include <errno.h>
#include <signal.h>
-#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
+#include <sigsetops.h>
+#include <spawn.h>
+#include <pthread.h>
#include <sys/types.h>
#include <sys/wait.h>
-#include <libc-lock.h>
-#include <sysdep-cancel.h>
-#include <sigsetops.h>
+#include <stdio.h>
+#include <libc-lock.h>
+#include <not-errno.h>
+#include <internal-signals.h>
#define SHELL_PATH "/bin/sh" /* Path of the shell. */
#define SHELL_NAME "sh" /* Name to give it. */
-
#ifdef _LIBC_REENTRANT
static struct sigaction intr, quit;
static int sa_refcntr;
@@ -38,17 +40,53 @@ __libc_lock_define_initialized (static, lock);
# define DO_LOCK() __libc_lock_lock (lock)
# define DO_UNLOCK() __libc_lock_unlock (lock)
-# define INIT_LOCK() ({ __libc_lock_init (lock); sa_refcntr = 0; })
# define ADD_REF() sa_refcntr++
# define SUB_REF() --sa_refcntr
+
#else
# define DO_LOCK()
# define DO_UNLOCK()
-# define INIT_LOCK()
# define ADD_REF() 0
# define SUB_REF() 0
#endif
+/* We have to and actually can handle cancelable system(). The big
+ problem: we have to kill the child process if necessary. To do
+ this a cleanup handler has to be registered and is has to be able
+ to find the PID of the child. The main problem is to reliable have
+ the PID when needed. It is not necessary for the parent thread to
+ return. It might still be in the kernel when the cancellation
+ request comes. Therefore we have to use the clone() calls ability
+ to have the kernel write the PID into the user-level variable. */
+
+#if defined(_LIBC_REENTRANT) && defined(SIGCANCEL)
+static void cancel_handler (void *arg)
+{
+ pid_t child = *(pid_t *) arg;
+
+ __kill_noerrno (child, SIGKILL);
+
+ TEMP_FAILURE_RETRY (__waitpid (child, NULL, 0));
+
+ DO_LOCK ();
+
+ if (SUB_REF () == 0)
+ {
+ __sigaction (SIGQUIT, &quit, NULL);
+ __sigaction (SIGINT, &intr, NULL);
+ }
+
+ DO_UNLOCK ();
+}
+# define CLEANUP_HANDLER() \
+ __libc_cleanup_region_start (1, cancel_handler, &pid)
+# define CLEANUP_RESET() \
+ __libc_cleanup_region_end (0)
+#else
+# define CLEANUP_HANDLER()
+# define CLEANUP_RESET()
+#endif
+
/* Execute LINE as a shell command, returning its status. */
static int
@@ -60,7 +98,9 @@ do_system (const char *line)
#ifndef _LIBC_REENTRANT
struct sigaction intr, quit;
#endif
+ struct sigaction oldintr, oldquit;
sigset_t omask;
+ sigset_t reset;
sa.sa_handler = SIG_IGN;
sa.sa_flags = 0;
@@ -98,9 +138,9 @@ do_system (const char *line)
if (SUB_REF () == 0)
{
save = errno;
- (void) __sigaction (SIGQUIT, &quit, (struct sigaction *) NULL);
+ __sigaction (SIGQUIT, &quit, &oldquit);
out_restore_sigint:
- (void) __sigaction (SIGINT, &intr, (struct sigaction *) NULL);
+ __sigaction (SIGINT, &intr, &oldintr);
__set_errno (save);
}
out:
@@ -109,39 +149,30 @@ do_system (const char *line)
}
}
-#ifdef CLEANUP_HANDLER
- CLEANUP_HANDLER;
-#endif
-
-#ifdef FORK
- pid = FORK ();
-#else
- pid = __fork ();
-#endif
- if (pid == (pid_t) 0)
- {
- /* Child side. */
- const char *new_argv[4];
- new_argv[0] = SHELL_NAME;
- new_argv[1] = "-c";
- new_argv[2] = line;
- new_argv[3] = NULL;
-
- /* Restore the signals. */
- (void) __sigaction (SIGINT, &intr, (struct sigaction *) NULL);
- (void) __sigaction (SIGQUIT, &quit, (struct sigaction *) NULL);
- (void) __sigprocmask (SIG_SETMASK, &omask, (sigset_t *) NULL);
- INIT_LOCK ();
-
- /* Exec the shell. */
- (void) __execve (SHELL_PATH, (char *const *) new_argv, __environ);
- _exit (127);
- }
- else if (pid < (pid_t) 0)
- /* The fork failed. */
- status = -1;
- else
- /* Parent side. */
+ __sigemptyset (&reset);
+ if (oldintr.sa_handler != SIG_IGN)
+ __sigaddset(&reset, SIGINT);
+ if (oldquit.sa_handler != SIG_IGN)
+ __sigaddset(&reset, SIGQUIT);
+
+ posix_spawnattr_t spawn_attr;
+ /* None of the posix_spawnattr_* function returns, including
+ posix_spawnattr_setflags for the follow specific usage (using valid
+ flags). */
+ __posix_spawnattr_init (&spawn_attr);
+ __posix_spawnattr_setsigmask (&spawn_attr, &omask);
+ __posix_spawnattr_setsigdefault (&spawn_attr, &reset);
+ __posix_spawnattr_setflags (&spawn_attr,
+ POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK);
+
+ CLEANUP_HANDLER ();
+ status = __posix_spawn_cancellable (&pid, SHELL_PATH, 0, &spawn_attr,
+ (char *const[]){ (char*) SHELL_NAME,
+ (char*) "-c",
+ (char *) line, NULL },
+ __environ);
+ __posix_spawnattr_destroy (&spawn_attr);
+ if (status == 0)
{
/* Note the system() is a cancellation point. But since we call
waitpid() which itself is a cancellation point we do not
@@ -149,25 +180,16 @@ do_system (const char *line)
if (TEMP_FAILURE_RETRY (__waitpid (pid, &status, 0)) != pid)
status = -1;
}
-
-#ifdef CLEANUP_HANDLER
- CLEANUP_RESET;
-#endif
+ CLEANUP_RESET ();
save = errno;
DO_LOCK ();
if ((SUB_REF () == 0
- && (__sigaction (SIGINT, &intr, (struct sigaction *) NULL)
- | __sigaction (SIGQUIT, &quit, (struct sigaction *) NULL)) != 0)
+ && (__sigaction (SIGINT, &intr, NULL)
+ | __sigaction (SIGQUIT, &quit, NULL)) != 0)
|| __sigprocmask (SIG_SETMASK, &omask, (sigset_t *) NULL) != 0)
{
-#ifndef _LIBC
- /* glibc cannot be used on systems without waitpid. */
- if (errno == ENOSYS)
- __set_errno (save);
- else
-#endif
- status = -1;
+ status = -1;
}
DO_UNLOCK ();
deleted file mode 100644
@@ -1,30 +0,0 @@
-/* Copyright (C) 2002-2018 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
-/* We have to and actually can handle cancelable system(). The big
- problem: we have to kill the child process if necessary. To do
- this a cleanup handler has to be registered and is has to be able
- to find the PID of the child. The main problem is to reliable have
- the PID when needed. It is not necessary for the parent thread to
- return. It might still be in the kernel when the cancellation
- request comes. Therefore we have to use the clone() calls ability
- to have the kernel write the PID into the user-level variable. */
-#define FORK() \
- INLINE_SYSCALL (clone2, 6, CLONE_PARENT_SETTID | SIGCHLD, NULL, 0, \
- &pid, NULL, NULL)
-
-#include <sysdeps/unix/sysv/linux/system.c>
@@ -16,6 +16,8 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#include <sysdep.h>
+
/* This function is used on maybe_enable_malloc_check (elf/dl-tunables.c)
and to avoid having to build/use multiple versions if stack protection
in enabled it is defined as inline. */
@@ -33,3 +35,14 @@ __access_noerrno (const char *pathname, int mode)
return INTERNAL_SYSCALL_ERRNO (res, err);
return 0;
}
+
+static inline int
+__kill_noerrno (pid_t pid, int sig)
+{
+ int res;
+ INTERNAL_SYSCALL_DECL (err);
+ res = INTERNAL_SYSCALL_CALL (kill, err, pid, sig);
+ if (INTERNAL_SYSCALL_ERROR_P (res, err))
+ return INTERNAL_SYSCALL_ERRNO (res, err);
+ return 0;
+}
deleted file mode 100644
@@ -1,29 +0,0 @@
-/* Copyright (C) 2003-2018 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
-/* We have to and actually can handle cancelable system(). The big
- problem: we have to kill the child process if necessary. To do
- this a cleanup handler has to be registered and is has to be able
- to find the PID of the child. The main problem is to reliable have
- the PID when needed. It is not necessary for the parent thread to
- return. It might still be in the kernel when the cancellation
- request comes. Therefore we have to use the clone() calls ability
- to have the kernel write the PID into the user-level variable. */
-#define FORK() \
- INLINE_SYSCALL (clone, 3, 0, CLONE_PARENT_SETTID | SIGCHLD, &pid)
-
-#include "../system.c"
deleted file mode 100644
@@ -1,29 +0,0 @@
-/* Copyright (C) 2003-2018 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
-/* We have to and actually can handle cancelable system(). The big
- problem: we have to kill the child process if necessary. To do
- this a cleanup handler has to be registered and is has to be able
- to find the PID of the child. The main problem is to reliable have
- the PID when needed. It is not necessary for the parent thread to
- return. It might still be in the kernel when the cancellation
- request comes. Therefore we have to use the clone() calls ability
- to have the kernel write the PID into the user-level variable. */
-#define FORK() \
- INLINE_CLONE_SYSCALL (CLONE_PARENT_SETTID | SIGCHLD, 0, &pid, NULL, NULL)
-
-#include "../system.c"
@@ -138,11 +138,11 @@ __spawni_child (void *arguments)
for (int sig = 1; sig < _NSIG; ++sig)
{
if ((attr->__flags & POSIX_SPAWN_SETSIGDEF)
- && sigismember (&attr->__sd, sig))
+ && __sigismember (&attr->__sd, sig))
{
sa.sa_handler = SIG_DFL;
}
- else if (sigismember (&hset, sig))
+ else if (__sigismember (&hset, sig))
{
if (__is_internal_signal (sig))
sa.sa_handler = SIG_IGN;
@@ -330,10 +330,16 @@ __spawnix (pid_t * pid, const char *file,
if (__glibc_unlikely (stack == MAP_FAILED))
return errno;
- /* Disable asynchronous cancellation. */
int state;
- __libc_ptf_call (__pthread_setcancelstate,
- (PTHREAD_CANCEL_DISABLE, &state), 0);
+ if (xflags & SPAWN_XFLAGS_ENABLE_CANCEL)
+ __libc_signal_block_app (&args.oldmask);
+ else
+ {
+ /* Disable asynchronous cancellation. */
+ __libc_ptf_call (__pthread_setcancelstate,
+ (PTHREAD_CANCEL_DISABLE, &state), 0);
+ __libc_signal_block_all (&args.oldmask);
+ }
/* Child must set args.err to something non-negative - we rely on
the parent and child sharing VM. */
@@ -347,8 +353,6 @@ __spawnix (pid_t * pid, const char *file,
args.envp = envp;
args.xflags = xflags;
- __libc_signal_block_all (&args.oldmask);
-
/* The clone flags used will create a new child that will run in the same
memory space (CLONE_VM) and the execution of calling thread will be
suspend until the child calls execve or _exit.
@@ -390,8 +394,8 @@ __spawnix (pid_t * pid, const char *file,
*pid = new_pid;
__libc_signal_restore_set (&args.oldmask);
-
- __libc_ptf_call (__pthread_setcancelstate, (state, NULL), 0);
+ if ((xflags & SPAWN_XFLAGS_ENABLE_CANCEL) == 0)
+ __libc_ptf_call (__pthread_setcancelstate, (state, NULL), 0);
return ec;
}
deleted file mode 100644
@@ -1,76 +0,0 @@
-/* Copyright (C) 2002-2018 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
-#include <sched.h>
-#include <signal.h>
-#include <string.h> /* For the real memset prototype. */
-#include <sysdep.h>
-#include <unistd.h>
-#include <sys/wait.h>
-#include <libc-lock.h>
-
-/* We have to and actually can handle cancelable system(). The big
- problem: we have to kill the child process if necessary. To do
- this a cleanup handler has to be registered and is has to be able
- to find the PID of the child. The main problem is to reliable have
- the PID when needed. It is not necessary for the parent thread to
- return. It might still be in the kernel when the cancellation
- request comes. Therefore we have to use the clone() calls ability
- to have the kernel write the PID into the user-level variable. */
-#ifndef FORK
-# define FORK() \
- INLINE_SYSCALL (clone, 3, CLONE_PARENT_SETTID | SIGCHLD, 0, &pid)
-#endif
-
-#ifdef _LIBC_REENTRANT
-static void cancel_handler (void *arg);
-
-# define CLEANUP_HANDLER \
- __libc_cleanup_region_start (1, cancel_handler, &pid)
-
-# define CLEANUP_RESET \
- __libc_cleanup_region_end (0)
-#endif
-
-
-/* Linux has waitpid(), so override the generic unix version. */
-#include <sysdeps/posix/system.c>
-
-
-#ifdef _LIBC_REENTRANT
-/* The cancellation handler. */
-static void
-cancel_handler (void *arg)
-{
- pid_t child = *(pid_t *) arg;
-
- INTERNAL_SYSCALL_DECL (err);
- INTERNAL_SYSCALL (kill, err, 2, child, SIGKILL);
-
- TEMP_FAILURE_RETRY (__waitpid (child, NULL, 0));
-
- DO_LOCK ();
-
- if (SUB_REF () == 0)
- {
- (void) __sigaction (SIGQUIT, &quit, (struct sigaction *) NULL);
- (void) __sigaction (SIGINT, &intr, (struct sigaction *) NULL);
- }
-
- DO_UNLOCK ();
-}
-#endif