1 /* Authors: Gregory P. Smith & Jeffrey Yasskin */
2 #include "Python.h"
3 #if defined(HAVE_PIPE2) && !defined(_GNU_SOURCE)
4 # define _GNU_SOURCE
5 #endif
6 #include <unistd.h>
7 #include <fcntl.h>
8 #ifdef HAVE_SYS_TYPES_H
9 #include <sys/types.h>
10 #endif
11 #if defined(HAVE_SYS_STAT_H) && defined(__FreeBSD__)
12 #include <sys/stat.h>
13 #endif
14 #ifdef HAVE_SYS_SYSCALL_H
15 #include <sys/syscall.h>
16 #endif
17 #if defined(HAVE_SYS_RESOURCE_H)
18 #include <sys/resource.h>
19 #endif
20 #ifdef HAVE_DIRENT_H
21 #include <dirent.h>
22 #endif
23
24 #ifdef _Py_MEMORY_SANITIZER
25 # include <sanitizer/msan_interface.h>
26 #endif
27
28 #if defined(__ANDROID__) && __ANDROID_API__ < 21 && !defined(SYS_getdents64)
29 # include <sys/linux-syscalls.h>
30 # define SYS_getdents64 __NR_getdents64
31 #endif
32
33 #if defined(__sun) && defined(__SVR4)
34 /* readdir64 is used to work around Solaris 9 bug 6395699. */
35 # define readdir readdir64
36 # define dirent dirent64
37 # if !defined(HAVE_DIRFD)
38 /* Some versions of Solaris lack dirfd(). */
39 # define dirfd(dirp) ((dirp)->dd_fd)
40 # define HAVE_DIRFD
41 # endif
42 #endif
43
44 #if defined(__FreeBSD__) || (defined(__APPLE__) && defined(__MACH__))
45 # define FD_DIR "/dev/fd"
46 #else
47 # define FD_DIR "/proc/self/fd"
48 #endif
49
50 #define POSIX_CALL(call) do { if ((call) == -1) goto error; } while (0)
51
52
53 /* If gc was disabled, call gc.enable(). Return 0 on success. */
54 static int
_enable_gc(int need_to_reenable_gc,PyObject * gc_module)55 _enable_gc(int need_to_reenable_gc, PyObject *gc_module)
56 {
57 PyObject *result;
58 _Py_IDENTIFIER(enable);
59 PyObject *exctype, *val, *tb;
60
61 if (need_to_reenable_gc) {
62 PyErr_Fetch(&exctype, &val, &tb);
63 result = _PyObject_CallMethodId(gc_module, &PyId_enable, NULL);
64 if (exctype != NULL) {
65 PyErr_Restore(exctype, val, tb);
66 }
67 if (result == NULL) {
68 return 1;
69 }
70 Py_DECREF(result);
71 }
72 return 0;
73 }
74
75
76 /* Convert ASCII to a positive int, no libc call. no overflow. -1 on error. */
77 static int
_pos_int_from_ascii(const char * name)78 _pos_int_from_ascii(const char *name)
79 {
80 int num = 0;
81 while (*name >= '0' && *name <= '9') {
82 num = num * 10 + (*name - '0');
83 ++name;
84 }
85 if (*name)
86 return -1; /* Non digit found, not a number. */
87 return num;
88 }
89
90
91 #if defined(__FreeBSD__)
92 /* When /dev/fd isn't mounted it is often a static directory populated
93 * with 0 1 2 or entries for 0 .. 63 on FreeBSD, NetBSD and OpenBSD.
94 * NetBSD and OpenBSD have a /proc fs available (though not necessarily
95 * mounted) and do not have fdescfs for /dev/fd. MacOS X has a devfs
96 * that properly supports /dev/fd.
97 */
98 static int
_is_fdescfs_mounted_on_dev_fd(void)99 _is_fdescfs_mounted_on_dev_fd(void)
100 {
101 struct stat dev_stat;
102 struct stat dev_fd_stat;
103 if (stat("/dev", &dev_stat) != 0)
104 return 0;
105 if (stat(FD_DIR, &dev_fd_stat) != 0)
106 return 0;
107 if (dev_stat.st_dev == dev_fd_stat.st_dev)
108 return 0; /* / == /dev == /dev/fd means it is static. #fail */
109 return 1;
110 }
111 #endif
112
113
114 /* Returns 1 if there is a problem with fd_sequence, 0 otherwise. */
115 static int
_sanity_check_python_fd_sequence(PyObject * fd_sequence)116 _sanity_check_python_fd_sequence(PyObject *fd_sequence)
117 {
118 Py_ssize_t seq_idx;
119 long prev_fd = -1;
120 for (seq_idx = 0; seq_idx < PyTuple_GET_SIZE(fd_sequence); ++seq_idx) {
121 PyObject* py_fd = PyTuple_GET_ITEM(fd_sequence, seq_idx);
122 long iter_fd;
123 if (!PyLong_Check(py_fd)) {
124 return 1;
125 }
126 iter_fd = PyLong_AsLong(py_fd);
127 if (iter_fd < 0 || iter_fd <= prev_fd || iter_fd > INT_MAX) {
128 /* Negative, overflow, unsorted, too big for a fd. */
129 return 1;
130 }
131 prev_fd = iter_fd;
132 }
133 return 0;
134 }
135
136
137 /* Is fd found in the sorted Python Sequence? */
138 static int
_is_fd_in_sorted_fd_sequence(int fd,PyObject * fd_sequence)139 _is_fd_in_sorted_fd_sequence(int fd, PyObject *fd_sequence)
140 {
141 /* Binary search. */
142 Py_ssize_t search_min = 0;
143 Py_ssize_t search_max = PyTuple_GET_SIZE(fd_sequence) - 1;
144 if (search_max < 0)
145 return 0;
146 do {
147 long middle = (search_min + search_max) / 2;
148 long middle_fd = PyLong_AsLong(PyTuple_GET_ITEM(fd_sequence, middle));
149 if (fd == middle_fd)
150 return 1;
151 if (fd > middle_fd)
152 search_min = middle + 1;
153 else
154 search_max = middle - 1;
155 } while (search_min <= search_max);
156 return 0;
157 }
158
159 static int
make_inheritable(PyObject * py_fds_to_keep,int errpipe_write)160 make_inheritable(PyObject *py_fds_to_keep, int errpipe_write)
161 {
162 Py_ssize_t i, len;
163
164 len = PyTuple_GET_SIZE(py_fds_to_keep);
165 for (i = 0; i < len; ++i) {
166 PyObject* fdobj = PyTuple_GET_ITEM(py_fds_to_keep, i);
167 long fd = PyLong_AsLong(fdobj);
168 assert(!PyErr_Occurred());
169 assert(0 <= fd && fd <= INT_MAX);
170 if (fd == errpipe_write) {
171 /* errpipe_write is part of py_fds_to_keep. It must be closed at
172 exec(), but kept open in the child process until exec() is
173 called. */
174 continue;
175 }
176 if (_Py_set_inheritable_async_safe((int)fd, 1, NULL) < 0)
177 return -1;
178 }
179 return 0;
180 }
181
182
183 /* Get the maximum file descriptor that could be opened by this process.
184 * This function is async signal safe for use between fork() and exec().
185 */
186 static long
safe_get_max_fd(void)187 safe_get_max_fd(void)
188 {
189 long local_max_fd;
190 #if defined(__NetBSD__)
191 local_max_fd = fcntl(0, F_MAXFD);
192 if (local_max_fd >= 0)
193 return local_max_fd;
194 #endif
195 #if defined(HAVE_SYS_RESOURCE_H) && defined(__OpenBSD__)
196 struct rlimit rl;
197 /* Not on the POSIX async signal safe functions list but likely
198 * safe. TODO - Someone should audit OpenBSD to make sure. */
199 if (getrlimit(RLIMIT_NOFILE, &rl) >= 0)
200 return (long) rl.rlim_max;
201 #endif
202 #ifdef _SC_OPEN_MAX
203 local_max_fd = sysconf(_SC_OPEN_MAX);
204 if (local_max_fd == -1)
205 #endif
206 local_max_fd = 256; /* Matches legacy Lib/subprocess.py behavior. */
207 return local_max_fd;
208 }
209
210
211 /* Close all file descriptors in the range from start_fd and higher
212 * except for those in py_fds_to_keep. If the range defined by
213 * [start_fd, safe_get_max_fd()) is large this will take a long
214 * time as it calls close() on EVERY possible fd.
215 *
216 * It isn't possible to know for sure what the max fd to go up to
217 * is for processes with the capability of raising their maximum.
218 */
219 static void
_close_fds_by_brute_force(long start_fd,PyObject * py_fds_to_keep)220 _close_fds_by_brute_force(long start_fd, PyObject *py_fds_to_keep)
221 {
222 long end_fd = safe_get_max_fd();
223 Py_ssize_t num_fds_to_keep = PyTuple_GET_SIZE(py_fds_to_keep);
224 Py_ssize_t keep_seq_idx;
225 int fd_num;
226 /* As py_fds_to_keep is sorted we can loop through the list closing
227 * fds in between any in the keep list falling within our range. */
228 for (keep_seq_idx = 0; keep_seq_idx < num_fds_to_keep; ++keep_seq_idx) {
229 PyObject* py_keep_fd = PyTuple_GET_ITEM(py_fds_to_keep, keep_seq_idx);
230 int keep_fd = PyLong_AsLong(py_keep_fd);
231 if (keep_fd < start_fd)
232 continue;
233 for (fd_num = start_fd; fd_num < keep_fd; ++fd_num) {
234 close(fd_num);
235 }
236 start_fd = keep_fd + 1;
237 }
238 if (start_fd <= end_fd) {
239 for (fd_num = start_fd; fd_num < end_fd; ++fd_num) {
240 close(fd_num);
241 }
242 }
243 }
244
245
246 #if defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)
247 /* It doesn't matter if d_name has room for NAME_MAX chars; we're using this
248 * only to read a directory of short file descriptor number names. The kernel
249 * will return an error if we didn't give it enough space. Highly Unlikely.
250 * This structure is very old and stable: It will not change unless the kernel
251 * chooses to break compatibility with all existing binaries. Highly Unlikely.
252 */
253 struct linux_dirent64 {
254 unsigned long long d_ino;
255 long long d_off;
256 unsigned short d_reclen; /* Length of this linux_dirent */
257 unsigned char d_type;
258 char d_name[256]; /* Filename (null-terminated) */
259 };
260
261 /* Close all open file descriptors in the range from start_fd and higher
262 * Do not close any in the sorted py_fds_to_keep list.
263 *
264 * This version is async signal safe as it does not make any unsafe C library
265 * calls, malloc calls or handle any locks. It is _unfortunate_ to be forced
266 * to resort to making a kernel system call directly but this is the ONLY api
267 * available that does no harm. opendir/readdir/closedir perform memory
268 * allocation and locking so while they usually work they are not guaranteed
269 * to (especially if you have replaced your malloc implementation). A version
270 * of this function that uses those can be found in the _maybe_unsafe variant.
271 *
272 * This is Linux specific because that is all I am ready to test it on. It
273 * should be easy to add OS specific dirent or dirent64 structures and modify
274 * it with some cpp #define magic to work on other OSes as well if you want.
275 */
276 static void
_close_open_fds_safe(int start_fd,PyObject * py_fds_to_keep)277 _close_open_fds_safe(int start_fd, PyObject* py_fds_to_keep)
278 {
279 int fd_dir_fd;
280
281 fd_dir_fd = _Py_open_noraise(FD_DIR, O_RDONLY);
282 if (fd_dir_fd == -1) {
283 /* No way to get a list of open fds. */
284 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
285 return;
286 } else {
287 char buffer[sizeof(struct linux_dirent64)];
288 int bytes;
289 while ((bytes = syscall(SYS_getdents64, fd_dir_fd,
290 (struct linux_dirent64 *)buffer,
291 sizeof(buffer))) > 0) {
292 struct linux_dirent64 *entry;
293 int offset;
294 #ifdef _Py_MEMORY_SANITIZER
295 __msan_unpoison(buffer, bytes);
296 #endif
297 for (offset = 0; offset < bytes; offset += entry->d_reclen) {
298 int fd;
299 entry = (struct linux_dirent64 *)(buffer + offset);
300 if ((fd = _pos_int_from_ascii(entry->d_name)) < 0)
301 continue; /* Not a number. */
302 if (fd != fd_dir_fd && fd >= start_fd &&
303 !_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
304 close(fd);
305 }
306 }
307 }
308 close(fd_dir_fd);
309 }
310 }
311
312 #define _close_open_fds _close_open_fds_safe
313
314 #else /* NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
315
316
317 /* Close all open file descriptors from start_fd and higher.
318 * Do not close any in the sorted py_fds_to_keep tuple.
319 *
320 * This function violates the strict use of async signal safe functions. :(
321 * It calls opendir(), readdir() and closedir(). Of these, the one most
322 * likely to ever cause a problem is opendir() as it performs an internal
323 * malloc(). Practically this should not be a problem. The Java VM makes the
324 * same calls between fork and exec in its own UNIXProcess_md.c implementation.
325 *
326 * readdir_r() is not used because it provides no benefit. It is typically
327 * implemented as readdir() followed by memcpy(). See also:
328 * http://womble.decadent.org.uk/readdir_r-advisory.html
329 */
330 static void
_close_open_fds_maybe_unsafe(long start_fd,PyObject * py_fds_to_keep)331 _close_open_fds_maybe_unsafe(long start_fd, PyObject* py_fds_to_keep)
332 {
333 DIR *proc_fd_dir;
334 #ifndef HAVE_DIRFD
335 while (_is_fd_in_sorted_fd_sequence(start_fd, py_fds_to_keep)) {
336 ++start_fd;
337 }
338 /* Close our lowest fd before we call opendir so that it is likely to
339 * reuse that fd otherwise we might close opendir's file descriptor in
340 * our loop. This trick assumes that fd's are allocated on a lowest
341 * available basis. */
342 close(start_fd);
343 ++start_fd;
344 #endif
345
346 #if defined(__FreeBSD__)
347 if (!_is_fdescfs_mounted_on_dev_fd())
348 proc_fd_dir = NULL;
349 else
350 #endif
351 proc_fd_dir = opendir(FD_DIR);
352 if (!proc_fd_dir) {
353 /* No way to get a list of open fds. */
354 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
355 } else {
356 struct dirent *dir_entry;
357 #ifdef HAVE_DIRFD
358 int fd_used_by_opendir = dirfd(proc_fd_dir);
359 #else
360 int fd_used_by_opendir = start_fd - 1;
361 #endif
362 errno = 0;
363 while ((dir_entry = readdir(proc_fd_dir))) {
364 int fd;
365 if ((fd = _pos_int_from_ascii(dir_entry->d_name)) < 0)
366 continue; /* Not a number. */
367 if (fd != fd_used_by_opendir && fd >= start_fd &&
368 !_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
369 close(fd);
370 }
371 errno = 0;
372 }
373 if (errno) {
374 /* readdir error, revert behavior. Highly Unlikely. */
375 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
376 }
377 closedir(proc_fd_dir);
378 }
379 }
380
381 #define _close_open_fds _close_open_fds_maybe_unsafe
382
383 #endif /* else NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
384
385
386 /*
387 * This function is code executed in the child process immediately after fork
388 * to set things up and call exec().
389 *
390 * All of the code in this function must only use async-signal-safe functions,
391 * listed at `man 7 signal` or
392 * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
393 *
394 * This restriction is documented at
395 * http://www.opengroup.org/onlinepubs/009695399/functions/fork.html.
396 */
397 static void
child_exec(char * const exec_array[],char * const argv[],char * const envp[],const char * cwd,int p2cread,int p2cwrite,int c2pread,int c2pwrite,int errread,int errwrite,int errpipe_read,int errpipe_write,int close_fds,int restore_signals,int call_setsid,PyObject * py_fds_to_keep,PyObject * preexec_fn,PyObject * preexec_fn_args_tuple)398 child_exec(char *const exec_array[],
399 char *const argv[],
400 char *const envp[],
401 const char *cwd,
402 int p2cread, int p2cwrite,
403 int c2pread, int c2pwrite,
404 int errread, int errwrite,
405 int errpipe_read, int errpipe_write,
406 int close_fds, int restore_signals,
407 int call_setsid,
408 PyObject *py_fds_to_keep,
409 PyObject *preexec_fn,
410 PyObject *preexec_fn_args_tuple)
411 {
412 int i, saved_errno, reached_preexec = 0;
413 PyObject *result;
414 const char* err_msg = "";
415 /* Buffer large enough to hold a hex integer. We can't malloc. */
416 char hex_errno[sizeof(saved_errno)*2+1];
417
418 if (make_inheritable(py_fds_to_keep, errpipe_write) < 0)
419 goto error;
420
421 /* Close parent's pipe ends. */
422 if (p2cwrite != -1)
423 POSIX_CALL(close(p2cwrite));
424 if (c2pread != -1)
425 POSIX_CALL(close(c2pread));
426 if (errread != -1)
427 POSIX_CALL(close(errread));
428 POSIX_CALL(close(errpipe_read));
429
430 /* When duping fds, if there arises a situation where one of the fds is
431 either 0, 1 or 2, it is possible that it is overwritten (#12607). */
432 if (c2pwrite == 0) {
433 POSIX_CALL(c2pwrite = dup(c2pwrite));
434 /* issue32270 */
435 if (_Py_set_inheritable_async_safe(c2pwrite, 0, NULL) < 0) {
436 goto error;
437 }
438 }
439 while (errwrite == 0 || errwrite == 1) {
440 POSIX_CALL(errwrite = dup(errwrite));
441 /* issue32270 */
442 if (_Py_set_inheritable_async_safe(errwrite, 0, NULL) < 0) {
443 goto error;
444 }
445 }
446
447 /* Dup fds for child.
448 dup2() removes the CLOEXEC flag but we must do it ourselves if dup2()
449 would be a no-op (issue #10806). */
450 if (p2cread == 0) {
451 if (_Py_set_inheritable_async_safe(p2cread, 1, NULL) < 0)
452 goto error;
453 }
454 else if (p2cread != -1)
455 POSIX_CALL(dup2(p2cread, 0)); /* stdin */
456
457 if (c2pwrite == 1) {
458 if (_Py_set_inheritable_async_safe(c2pwrite, 1, NULL) < 0)
459 goto error;
460 }
461 else if (c2pwrite != -1)
462 POSIX_CALL(dup2(c2pwrite, 1)); /* stdout */
463
464 if (errwrite == 2) {
465 if (_Py_set_inheritable_async_safe(errwrite, 1, NULL) < 0)
466 goto error;
467 }
468 else if (errwrite != -1)
469 POSIX_CALL(dup2(errwrite, 2)); /* stderr */
470
471 /* We no longer manually close p2cread, c2pwrite, and errwrite here as
472 * _close_open_fds takes care when it is not already non-inheritable. */
473
474 if (cwd)
475 POSIX_CALL(chdir(cwd));
476
477 if (restore_signals)
478 _Py_RestoreSignals();
479
480 #ifdef HAVE_SETSID
481 if (call_setsid)
482 POSIX_CALL(setsid());
483 #endif
484
485 reached_preexec = 1;
486 if (preexec_fn != Py_None && preexec_fn_args_tuple) {
487 /* This is where the user has asked us to deadlock their program. */
488 result = PyObject_Call(preexec_fn, preexec_fn_args_tuple, NULL);
489 if (result == NULL) {
490 /* Stringifying the exception or traceback would involve
491 * memory allocation and thus potential for deadlock.
492 * We've already faced potential deadlock by calling back
493 * into Python in the first place, so it probably doesn't
494 * matter but we avoid it to minimize the possibility. */
495 err_msg = "Exception occurred in preexec_fn.";
496 errno = 0; /* We don't want to report an OSError. */
497 goto error;
498 }
499 /* Py_DECREF(result); - We're about to exec so why bother? */
500 }
501
502 /* close FDs after executing preexec_fn, which might open FDs */
503 if (close_fds) {
504 /* TODO HP-UX could use pstat_getproc() if anyone cares about it. */
505 _close_open_fds(3, py_fds_to_keep);
506 }
507
508 /* This loop matches the Lib/os.py _execvpe()'s PATH search when */
509 /* given the executable_list generated by Lib/subprocess.py. */
510 saved_errno = 0;
511 for (i = 0; exec_array[i] != NULL; ++i) {
512 const char *executable = exec_array[i];
513 if (envp) {
514 execve(executable, argv, envp);
515 } else {
516 execv(executable, argv);
517 }
518 if (errno != ENOENT && errno != ENOTDIR && saved_errno == 0) {
519 saved_errno = errno;
520 }
521 }
522 /* Report the first exec error, not the last. */
523 if (saved_errno)
524 errno = saved_errno;
525
526 error:
527 saved_errno = errno;
528 /* Report the posix error to our parent process. */
529 /* We ignore all write() return values as the total size of our writes is
530 less than PIPEBUF and we cannot do anything about an error anyways.
531 Use _Py_write_noraise() to retry write() if it is interrupted by a
532 signal (fails with EINTR). */
533 if (saved_errno) {
534 char *cur;
535 _Py_write_noraise(errpipe_write, "OSError:", 8);
536 cur = hex_errno + sizeof(hex_errno);
537 while (saved_errno != 0 && cur != hex_errno) {
538 *--cur = Py_hexdigits[saved_errno % 16];
539 saved_errno /= 16;
540 }
541 _Py_write_noraise(errpipe_write, cur, hex_errno + sizeof(hex_errno) - cur);
542 _Py_write_noraise(errpipe_write, ":", 1);
543 if (!reached_preexec) {
544 /* Indicate to the parent that the error happened before exec(). */
545 _Py_write_noraise(errpipe_write, "noexec", 6);
546 }
547 /* We can't call strerror(saved_errno). It is not async signal safe.
548 * The parent process will look the error message up. */
549 } else {
550 _Py_write_noraise(errpipe_write, "SubprocessError:0:", 18);
551 _Py_write_noraise(errpipe_write, err_msg, strlen(err_msg));
552 }
553 }
554
555
556 static PyObject *
subprocess_fork_exec(PyObject * self,PyObject * args)557 subprocess_fork_exec(PyObject* self, PyObject *args)
558 {
559 PyObject *gc_module = NULL;
560 PyObject *executable_list, *py_fds_to_keep;
561 PyObject *env_list, *preexec_fn;
562 PyObject *process_args, *converted_args = NULL, *fast_args = NULL;
563 PyObject *preexec_fn_args_tuple = NULL;
564 int p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite;
565 int errpipe_read, errpipe_write, close_fds, restore_signals;
566 int call_setsid;
567 PyObject *cwd_obj, *cwd_obj2;
568 const char *cwd;
569 pid_t pid;
570 int need_to_reenable_gc = 0;
571 char *const *exec_array, *const *argv = NULL, *const *envp = NULL;
572 Py_ssize_t arg_num;
573 int need_after_fork = 0;
574 int saved_errno = 0;
575
576 if (!PyArg_ParseTuple(
577 args, "OOpO!OOiiiiiiiiiiO:fork_exec",
578 &process_args, &executable_list,
579 &close_fds, &PyTuple_Type, &py_fds_to_keep,
580 &cwd_obj, &env_list,
581 &p2cread, &p2cwrite, &c2pread, &c2pwrite,
582 &errread, &errwrite, &errpipe_read, &errpipe_write,
583 &restore_signals, &call_setsid, &preexec_fn))
584 return NULL;
585
586 if ((preexec_fn != Py_None) &&
587 (_PyInterpreterState_Get() != PyInterpreterState_Main())) {
588 PyErr_SetString(PyExc_RuntimeError,
589 "preexec_fn not supported within subinterpreters");
590 return NULL;
591 }
592
593 if (close_fds && errpipe_write < 3) { /* precondition */
594 PyErr_SetString(PyExc_ValueError, "errpipe_write must be >= 3");
595 return NULL;
596 }
597 if (_sanity_check_python_fd_sequence(py_fds_to_keep)) {
598 PyErr_SetString(PyExc_ValueError, "bad value(s) in fds_to_keep");
599 return NULL;
600 }
601
602 /* We need to call gc.disable() when we'll be calling preexec_fn */
603 if (preexec_fn != Py_None) {
604 PyObject *result;
605 _Py_IDENTIFIER(isenabled);
606 _Py_IDENTIFIER(disable);
607
608 gc_module = PyImport_ImportModule("gc");
609 if (gc_module == NULL)
610 return NULL;
611 result = _PyObject_CallMethodId(gc_module, &PyId_isenabled, NULL);
612 if (result == NULL) {
613 Py_DECREF(gc_module);
614 return NULL;
615 }
616 need_to_reenable_gc = PyObject_IsTrue(result);
617 Py_DECREF(result);
618 if (need_to_reenable_gc == -1) {
619 Py_DECREF(gc_module);
620 return NULL;
621 }
622 result = _PyObject_CallMethodId(gc_module, &PyId_disable, NULL);
623 if (result == NULL) {
624 Py_DECREF(gc_module);
625 return NULL;
626 }
627 Py_DECREF(result);
628 }
629
630 exec_array = _PySequence_BytesToCharpArray(executable_list);
631 if (!exec_array)
632 goto cleanup;
633
634 /* Convert args and env into appropriate arguments for exec() */
635 /* These conversions are done in the parent process to avoid allocating
636 or freeing memory in the child process. */
637 if (process_args != Py_None) {
638 Py_ssize_t num_args;
639 /* Equivalent to: */
640 /* tuple(PyUnicode_FSConverter(arg) for arg in process_args) */
641 fast_args = PySequence_Fast(process_args, "argv must be a tuple");
642 if (fast_args == NULL)
643 goto cleanup;
644 num_args = PySequence_Fast_GET_SIZE(fast_args);
645 converted_args = PyTuple_New(num_args);
646 if (converted_args == NULL)
647 goto cleanup;
648 for (arg_num = 0; arg_num < num_args; ++arg_num) {
649 PyObject *borrowed_arg, *converted_arg;
650 if (PySequence_Fast_GET_SIZE(fast_args) != num_args) {
651 PyErr_SetString(PyExc_RuntimeError, "args changed during iteration");
652 goto cleanup;
653 }
654 borrowed_arg = PySequence_Fast_GET_ITEM(fast_args, arg_num);
655 if (PyUnicode_FSConverter(borrowed_arg, &converted_arg) == 0)
656 goto cleanup;
657 PyTuple_SET_ITEM(converted_args, arg_num, converted_arg);
658 }
659
660 argv = _PySequence_BytesToCharpArray(converted_args);
661 Py_CLEAR(converted_args);
662 Py_CLEAR(fast_args);
663 if (!argv)
664 goto cleanup;
665 }
666
667 if (env_list != Py_None) {
668 envp = _PySequence_BytesToCharpArray(env_list);
669 if (!envp)
670 goto cleanup;
671 }
672
673 if (cwd_obj != Py_None) {
674 if (PyUnicode_FSConverter(cwd_obj, &cwd_obj2) == 0)
675 goto cleanup;
676 cwd = PyBytes_AsString(cwd_obj2);
677 } else {
678 cwd = NULL;
679 cwd_obj2 = NULL;
680 }
681
682 /* This must be the last thing done before fork() because we do not
683 * want to call PyOS_BeforeFork() if there is any chance of another
684 * error leading to the cleanup: code without calling fork(). */
685 if (preexec_fn != Py_None) {
686 preexec_fn_args_tuple = PyTuple_New(0);
687 if (!preexec_fn_args_tuple)
688 goto cleanup;
689 PyOS_BeforeFork();
690 need_after_fork = 1;
691 }
692
693 pid = fork();
694 if (pid == 0) {
695 /* Child process */
696 /*
697 * Code from here to _exit() must only use async-signal-safe functions,
698 * listed at `man 7 signal` or
699 * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
700 */
701
702 if (preexec_fn != Py_None) {
703 /* We'll be calling back into Python later so we need to do this.
704 * This call may not be async-signal-safe but neither is calling
705 * back into Python. The user asked us to use hope as a strategy
706 * to avoid deadlock... */
707 PyOS_AfterFork_Child();
708 }
709
710 child_exec(exec_array, argv, envp, cwd,
711 p2cread, p2cwrite, c2pread, c2pwrite,
712 errread, errwrite, errpipe_read, errpipe_write,
713 close_fds, restore_signals, call_setsid,
714 py_fds_to_keep, preexec_fn, preexec_fn_args_tuple);
715 _exit(255);
716 return NULL; /* Dead code to avoid a potential compiler warning. */
717 }
718 /* Parent (original) process */
719 if (pid == -1) {
720 /* Capture errno for the exception. */
721 saved_errno = errno;
722 }
723
724 Py_XDECREF(cwd_obj2);
725
726 if (need_after_fork)
727 PyOS_AfterFork_Parent();
728 if (envp)
729 _Py_FreeCharPArray(envp);
730 if (argv)
731 _Py_FreeCharPArray(argv);
732 _Py_FreeCharPArray(exec_array);
733
734 /* Reenable gc in the parent process (or if fork failed). */
735 if (_enable_gc(need_to_reenable_gc, gc_module)) {
736 pid = -1;
737 }
738 Py_XDECREF(preexec_fn_args_tuple);
739 Py_XDECREF(gc_module);
740
741 if (pid == -1) {
742 errno = saved_errno;
743 /* We can't call this above as PyOS_AfterFork_Parent() calls back
744 * into Python code which would see the unreturned error. */
745 PyErr_SetFromErrno(PyExc_OSError);
746 return NULL; /* fork() failed. */
747 }
748
749 return PyLong_FromPid(pid);
750
751 cleanup:
752 if (envp)
753 _Py_FreeCharPArray(envp);
754 if (argv)
755 _Py_FreeCharPArray(argv);
756 if (exec_array)
757 _Py_FreeCharPArray(exec_array);
758 Py_XDECREF(converted_args);
759 Py_XDECREF(fast_args);
760 Py_XDECREF(preexec_fn_args_tuple);
761 _enable_gc(need_to_reenable_gc, gc_module);
762 Py_XDECREF(gc_module);
763 return NULL;
764 }
765
766
767 PyDoc_STRVAR(subprocess_fork_exec_doc,
768 "fork_exec(args, executable_list, close_fds, cwd, env,\n\
769 p2cread, p2cwrite, c2pread, c2pwrite,\n\
770 errread, errwrite, errpipe_read, errpipe_write,\n\
771 restore_signals, call_setsid, preexec_fn)\n\
772 \n\
773 Forks a child process, closes parent file descriptors as appropriate in the\n\
774 child and dups the few that are needed before calling exec() in the child\n\
775 process.\n\
776 \n\
777 The preexec_fn, if supplied, will be called immediately before exec.\n\
778 WARNING: preexec_fn is NOT SAFE if your application uses threads.\n\
779 It may trigger infrequent, difficult to debug deadlocks.\n\
780 \n\
781 If an error occurs in the child process before the exec, it is\n\
782 serialized and written to the errpipe_write fd per subprocess.py.\n\
783 \n\
784 Returns: the child process's PID.\n\
785 \n\
786 Raises: Only on an error in the parent process.\n\
787 ");
788
789 /* module level code ********************************************************/
790
791 PyDoc_STRVAR(module_doc,
792 "A POSIX helper for the subprocess module.");
793
794
795 static PyMethodDef module_methods[] = {
796 {"fork_exec", subprocess_fork_exec, METH_VARARGS, subprocess_fork_exec_doc},
797 {NULL, NULL} /* sentinel */
798 };
799
800
801 static struct PyModuleDef _posixsubprocessmodule = {
802 PyModuleDef_HEAD_INIT,
803 "_posixsubprocess",
804 module_doc,
805 -1, /* No memory is needed. */
806 module_methods,
807 };
808
809 PyMODINIT_FUNC
PyInit__posixsubprocess(void)810 PyInit__posixsubprocess(void)
811 {
812 return PyModule_Create(&_posixsubprocessmodule);
813 }
814