1 /* Authors: Gregory P. Smith & Jeffrey Yasskin */
2 #include "Python.h"
3 #if defined(HAVE_PIPE2) && !defined(_GNU_SOURCE)
4 # define _GNU_SOURCE
5 #endif
6 #include <unistd.h>
7 #include <fcntl.h>
8 #ifdef HAVE_SYS_TYPES_H
9 #include <sys/types.h>
10 #endif
11 #if defined(HAVE_SYS_STAT_H) && defined(__FreeBSD__)
12 #include <sys/stat.h>
13 #endif
14 #ifdef HAVE_SYS_SYSCALL_H
15 #include <sys/syscall.h>
16 #endif
17 #if defined(HAVE_SYS_RESOURCE_H)
18 #include <sys/resource.h>
19 #endif
20 #ifdef HAVE_DIRENT_H
21 #include <dirent.h>
22 #endif
23
24 #if defined(__ANDROID__) && __ANDROID_API__ < 21 && !defined(SYS_getdents64)
25 # include <sys/linux-syscalls.h>
26 # define SYS_getdents64 __NR_getdents64
27 #endif
28
29 #if defined(sun)
30 /* readdir64 is used to work around Solaris 9 bug 6395699. */
31 # define readdir readdir64
32 # define dirent dirent64
33 # if !defined(HAVE_DIRFD)
34 /* Some versions of Solaris lack dirfd(). */
35 # define dirfd(dirp) ((dirp)->dd_fd)
36 # define HAVE_DIRFD
37 # endif
38 #endif
39
40 #if defined(__FreeBSD__) || (defined(__APPLE__) && defined(__MACH__))
41 # define FD_DIR "/dev/fd"
42 #else
43 # define FD_DIR "/proc/self/fd"
44 #endif
45
46 #define POSIX_CALL(call) do { if ((call) == -1) goto error; } while (0)
47
48
49 /* If gc was disabled, call gc.enable(). Return 0 on success. */
50 static int
_enable_gc(int need_to_reenable_gc,PyObject * gc_module)51 _enable_gc(int need_to_reenable_gc, PyObject *gc_module)
52 {
53 PyObject *result;
54 _Py_IDENTIFIER(enable);
55 PyObject *exctype, *val, *tb;
56
57 if (need_to_reenable_gc) {
58 PyErr_Fetch(&exctype, &val, &tb);
59 result = _PyObject_CallMethodId(gc_module, &PyId_enable, NULL);
60 if (exctype != NULL) {
61 PyErr_Restore(exctype, val, tb);
62 }
63 if (result == NULL) {
64 return 1;
65 }
66 Py_DECREF(result);
67 }
68 return 0;
69 }
70
71
72 /* Convert ASCII to a positive int, no libc call. no overflow. -1 on error. */
73 static int
_pos_int_from_ascii(const char * name)74 _pos_int_from_ascii(const char *name)
75 {
76 int num = 0;
77 while (*name >= '0' && *name <= '9') {
78 num = num * 10 + (*name - '0');
79 ++name;
80 }
81 if (*name)
82 return -1; /* Non digit found, not a number. */
83 return num;
84 }
85
86
87 #if defined(__FreeBSD__)
88 /* When /dev/fd isn't mounted it is often a static directory populated
89 * with 0 1 2 or entries for 0 .. 63 on FreeBSD, NetBSD and OpenBSD.
90 * NetBSD and OpenBSD have a /proc fs available (though not necessarily
91 * mounted) and do not have fdescfs for /dev/fd. MacOS X has a devfs
92 * that properly supports /dev/fd.
93 */
94 static int
_is_fdescfs_mounted_on_dev_fd(void)95 _is_fdescfs_mounted_on_dev_fd(void)
96 {
97 struct stat dev_stat;
98 struct stat dev_fd_stat;
99 if (stat("/dev", &dev_stat) != 0)
100 return 0;
101 if (stat(FD_DIR, &dev_fd_stat) != 0)
102 return 0;
103 if (dev_stat.st_dev == dev_fd_stat.st_dev)
104 return 0; /* / == /dev == /dev/fd means it is static. #fail */
105 return 1;
106 }
107 #endif
108
109
110 /* Returns 1 if there is a problem with fd_sequence, 0 otherwise. */
111 static int
_sanity_check_python_fd_sequence(PyObject * fd_sequence)112 _sanity_check_python_fd_sequence(PyObject *fd_sequence)
113 {
114 Py_ssize_t seq_idx, seq_len = PySequence_Length(fd_sequence);
115 long prev_fd = -1;
116 for (seq_idx = 0; seq_idx < seq_len; ++seq_idx) {
117 PyObject* py_fd = PySequence_Fast_GET_ITEM(fd_sequence, seq_idx);
118 long iter_fd = PyLong_AsLong(py_fd);
119 if (iter_fd < 0 || iter_fd <= prev_fd || iter_fd > INT_MAX) {
120 /* Negative, overflow, not a Long, unsorted, too big for a fd. */
121 return 1;
122 }
123 prev_fd = iter_fd;
124 }
125 return 0;
126 }
127
128
129 /* Is fd found in the sorted Python Sequence? */
130 static int
_is_fd_in_sorted_fd_sequence(int fd,PyObject * fd_sequence)131 _is_fd_in_sorted_fd_sequence(int fd, PyObject *fd_sequence)
132 {
133 /* Binary search. */
134 Py_ssize_t search_min = 0;
135 Py_ssize_t search_max = PySequence_Length(fd_sequence) - 1;
136 if (search_max < 0)
137 return 0;
138 do {
139 long middle = (search_min + search_max) / 2;
140 long middle_fd = PyLong_AsLong(
141 PySequence_Fast_GET_ITEM(fd_sequence, middle));
142 if (fd == middle_fd)
143 return 1;
144 if (fd > middle_fd)
145 search_min = middle + 1;
146 else
147 search_max = middle - 1;
148 } while (search_min <= search_max);
149 return 0;
150 }
151
152 static int
make_inheritable(PyObject * py_fds_to_keep,int errpipe_write)153 make_inheritable(PyObject *py_fds_to_keep, int errpipe_write)
154 {
155 Py_ssize_t i, len;
156
157 len = PySequence_Length(py_fds_to_keep);
158 for (i = 0; i < len; ++i) {
159 PyObject* fdobj = PySequence_Fast_GET_ITEM(py_fds_to_keep, i);
160 long fd = PyLong_AsLong(fdobj);
161 assert(!PyErr_Occurred());
162 assert(0 <= fd && fd <= INT_MAX);
163 if (fd == errpipe_write) {
164 /* errpipe_write is part of py_fds_to_keep. It must be closed at
165 exec(), but kept open in the child process until exec() is
166 called. */
167 continue;
168 }
169 if (_Py_set_inheritable((int)fd, 1, NULL) < 0)
170 return -1;
171 }
172 return 0;
173 }
174
175
176 /* Get the maximum file descriptor that could be opened by this process.
177 * This function is async signal safe for use between fork() and exec().
178 */
179 static long
safe_get_max_fd(void)180 safe_get_max_fd(void)
181 {
182 long local_max_fd;
183 #if defined(__NetBSD__)
184 local_max_fd = fcntl(0, F_MAXFD);
185 if (local_max_fd >= 0)
186 return local_max_fd;
187 #endif
188 #if defined(HAVE_SYS_RESOURCE_H) && defined(__OpenBSD__)
189 struct rlimit rl;
190 /* Not on the POSIX async signal safe functions list but likely
191 * safe. TODO - Someone should audit OpenBSD to make sure. */
192 if (getrlimit(RLIMIT_NOFILE, &rl) >= 0)
193 return (long) rl.rlim_max;
194 #endif
195 #ifdef _SC_OPEN_MAX
196 local_max_fd = sysconf(_SC_OPEN_MAX);
197 if (local_max_fd == -1)
198 #endif
199 local_max_fd = 256; /* Matches legacy Lib/subprocess.py behavior. */
200 return local_max_fd;
201 }
202
203
204 /* Close all file descriptors in the range from start_fd and higher
205 * except for those in py_fds_to_keep. If the range defined by
206 * [start_fd, safe_get_max_fd()) is large this will take a long
207 * time as it calls close() on EVERY possible fd.
208 *
209 * It isn't possible to know for sure what the max fd to go up to
210 * is for processes with the capability of raising their maximum.
211 */
212 static void
_close_fds_by_brute_force(long start_fd,PyObject * py_fds_to_keep)213 _close_fds_by_brute_force(long start_fd, PyObject *py_fds_to_keep)
214 {
215 long end_fd = safe_get_max_fd();
216 Py_ssize_t num_fds_to_keep = PySequence_Length(py_fds_to_keep);
217 Py_ssize_t keep_seq_idx;
218 int fd_num;
219 /* As py_fds_to_keep is sorted we can loop through the list closing
220 * fds inbetween any in the keep list falling within our range. */
221 for (keep_seq_idx = 0; keep_seq_idx < num_fds_to_keep; ++keep_seq_idx) {
222 PyObject* py_keep_fd = PySequence_Fast_GET_ITEM(py_fds_to_keep,
223 keep_seq_idx);
224 int keep_fd = PyLong_AsLong(py_keep_fd);
225 if (keep_fd < start_fd)
226 continue;
227 for (fd_num = start_fd; fd_num < keep_fd; ++fd_num) {
228 close(fd_num);
229 }
230 start_fd = keep_fd + 1;
231 }
232 if (start_fd <= end_fd) {
233 for (fd_num = start_fd; fd_num < end_fd; ++fd_num) {
234 close(fd_num);
235 }
236 }
237 }
238
239
240 #if defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)
241 /* It doesn't matter if d_name has room for NAME_MAX chars; we're using this
242 * only to read a directory of short file descriptor number names. The kernel
243 * will return an error if we didn't give it enough space. Highly Unlikely.
244 * This structure is very old and stable: It will not change unless the kernel
245 * chooses to break compatibility with all existing binaries. Highly Unlikely.
246 */
247 struct linux_dirent64 {
248 unsigned long long d_ino;
249 long long d_off;
250 unsigned short d_reclen; /* Length of this linux_dirent */
251 unsigned char d_type;
252 char d_name[256]; /* Filename (null-terminated) */
253 };
254
255 /* Close all open file descriptors in the range from start_fd and higher
256 * Do not close any in the sorted py_fds_to_keep list.
257 *
258 * This version is async signal safe as it does not make any unsafe C library
259 * calls, malloc calls or handle any locks. It is _unfortunate_ to be forced
260 * to resort to making a kernel system call directly but this is the ONLY api
261 * available that does no harm. opendir/readdir/closedir perform memory
262 * allocation and locking so while they usually work they are not guaranteed
263 * to (especially if you have replaced your malloc implementation). A version
264 * of this function that uses those can be found in the _maybe_unsafe variant.
265 *
266 * This is Linux specific because that is all I am ready to test it on. It
267 * should be easy to add OS specific dirent or dirent64 structures and modify
268 * it with some cpp #define magic to work on other OSes as well if you want.
269 */
270 static void
_close_open_fds_safe(int start_fd,PyObject * py_fds_to_keep)271 _close_open_fds_safe(int start_fd, PyObject* py_fds_to_keep)
272 {
273 int fd_dir_fd;
274
275 fd_dir_fd = _Py_open_noraise(FD_DIR, O_RDONLY);
276 if (fd_dir_fd == -1) {
277 /* No way to get a list of open fds. */
278 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
279 return;
280 } else {
281 char buffer[sizeof(struct linux_dirent64)];
282 int bytes;
283 while ((bytes = syscall(SYS_getdents64, fd_dir_fd,
284 (struct linux_dirent64 *)buffer,
285 sizeof(buffer))) > 0) {
286 struct linux_dirent64 *entry;
287 int offset;
288 for (offset = 0; offset < bytes; offset += entry->d_reclen) {
289 int fd;
290 entry = (struct linux_dirent64 *)(buffer + offset);
291 if ((fd = _pos_int_from_ascii(entry->d_name)) < 0)
292 continue; /* Not a number. */
293 if (fd != fd_dir_fd && fd >= start_fd &&
294 !_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
295 close(fd);
296 }
297 }
298 }
299 close(fd_dir_fd);
300 }
301 }
302
303 #define _close_open_fds _close_open_fds_safe
304
305 #else /* NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
306
307
308 /* Close all open file descriptors from start_fd and higher.
309 * Do not close any in the sorted py_fds_to_keep list.
310 *
311 * This function violates the strict use of async signal safe functions. :(
312 * It calls opendir(), readdir() and closedir(). Of these, the one most
313 * likely to ever cause a problem is opendir() as it performs an internal
314 * malloc(). Practically this should not be a problem. The Java VM makes the
315 * same calls between fork and exec in its own UNIXProcess_md.c implementation.
316 *
317 * readdir_r() is not used because it provides no benefit. It is typically
318 * implemented as readdir() followed by memcpy(). See also:
319 * http://womble.decadent.org.uk/readdir_r-advisory.html
320 */
321 static void
_close_open_fds_maybe_unsafe(long start_fd,PyObject * py_fds_to_keep)322 _close_open_fds_maybe_unsafe(long start_fd, PyObject* py_fds_to_keep)
323 {
324 DIR *proc_fd_dir;
325 #ifndef HAVE_DIRFD
326 while (_is_fd_in_sorted_fd_sequence(start_fd, py_fds_to_keep)) {
327 ++start_fd;
328 }
329 /* Close our lowest fd before we call opendir so that it is likely to
330 * reuse that fd otherwise we might close opendir's file descriptor in
331 * our loop. This trick assumes that fd's are allocated on a lowest
332 * available basis. */
333 close(start_fd);
334 ++start_fd;
335 #endif
336
337 #if defined(__FreeBSD__)
338 if (!_is_fdescfs_mounted_on_dev_fd())
339 proc_fd_dir = NULL;
340 else
341 #endif
342 proc_fd_dir = opendir(FD_DIR);
343 if (!proc_fd_dir) {
344 /* No way to get a list of open fds. */
345 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
346 } else {
347 struct dirent *dir_entry;
348 #ifdef HAVE_DIRFD
349 int fd_used_by_opendir = dirfd(proc_fd_dir);
350 #else
351 int fd_used_by_opendir = start_fd - 1;
352 #endif
353 errno = 0;
354 while ((dir_entry = readdir(proc_fd_dir))) {
355 int fd;
356 if ((fd = _pos_int_from_ascii(dir_entry->d_name)) < 0)
357 continue; /* Not a number. */
358 if (fd != fd_used_by_opendir && fd >= start_fd &&
359 !_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
360 close(fd);
361 }
362 errno = 0;
363 }
364 if (errno) {
365 /* readdir error, revert behavior. Highly Unlikely. */
366 _close_fds_by_brute_force(start_fd, py_fds_to_keep);
367 }
368 closedir(proc_fd_dir);
369 }
370 }
371
372 #define _close_open_fds _close_open_fds_maybe_unsafe
373
374 #endif /* else NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
375
376
377 /*
378 * This function is code executed in the child process immediately after fork
379 * to set things up and call exec().
380 *
381 * All of the code in this function must only use async-signal-safe functions,
382 * listed at `man 7 signal` or
383 * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
384 *
385 * This restriction is documented at
386 * http://www.opengroup.org/onlinepubs/009695399/functions/fork.html.
387 */
388 static void
child_exec(char * const exec_array[],char * const argv[],char * const envp[],const char * cwd,int p2cread,int p2cwrite,int c2pread,int c2pwrite,int errread,int errwrite,int errpipe_read,int errpipe_write,int close_fds,int restore_signals,int call_setsid,PyObject * py_fds_to_keep,PyObject * preexec_fn,PyObject * preexec_fn_args_tuple)389 child_exec(char *const exec_array[],
390 char *const argv[],
391 char *const envp[],
392 const char *cwd,
393 int p2cread, int p2cwrite,
394 int c2pread, int c2pwrite,
395 int errread, int errwrite,
396 int errpipe_read, int errpipe_write,
397 int close_fds, int restore_signals,
398 int call_setsid,
399 PyObject *py_fds_to_keep,
400 PyObject *preexec_fn,
401 PyObject *preexec_fn_args_tuple)
402 {
403 int i, saved_errno, reached_preexec = 0;
404 PyObject *result;
405 const char* err_msg = "";
406 /* Buffer large enough to hold a hex integer. We can't malloc. */
407 char hex_errno[sizeof(saved_errno)*2+1];
408
409 if (make_inheritable(py_fds_to_keep, errpipe_write) < 0)
410 goto error;
411
412 /* Close parent's pipe ends. */
413 if (p2cwrite != -1)
414 POSIX_CALL(close(p2cwrite));
415 if (c2pread != -1)
416 POSIX_CALL(close(c2pread));
417 if (errread != -1)
418 POSIX_CALL(close(errread));
419 POSIX_CALL(close(errpipe_read));
420
421 /* When duping fds, if there arises a situation where one of the fds is
422 either 0, 1 or 2, it is possible that it is overwritten (#12607). */
423 if (c2pwrite == 0)
424 POSIX_CALL(c2pwrite = dup(c2pwrite));
425 if (errwrite == 0 || errwrite == 1)
426 POSIX_CALL(errwrite = dup(errwrite));
427
428 /* Dup fds for child.
429 dup2() removes the CLOEXEC flag but we must do it ourselves if dup2()
430 would be a no-op (issue #10806). */
431 if (p2cread == 0) {
432 if (_Py_set_inheritable(p2cread, 1, NULL) < 0)
433 goto error;
434 }
435 else if (p2cread != -1)
436 POSIX_CALL(dup2(p2cread, 0)); /* stdin */
437
438 if (c2pwrite == 1) {
439 if (_Py_set_inheritable(c2pwrite, 1, NULL) < 0)
440 goto error;
441 }
442 else if (c2pwrite != -1)
443 POSIX_CALL(dup2(c2pwrite, 1)); /* stdout */
444
445 if (errwrite == 2) {
446 if (_Py_set_inheritable(errwrite, 1, NULL) < 0)
447 goto error;
448 }
449 else if (errwrite != -1)
450 POSIX_CALL(dup2(errwrite, 2)); /* stderr */
451
452 /* Close pipe fds. Make sure we don't close the same fd more than */
453 /* once, or standard fds. */
454 if (p2cread > 2)
455 POSIX_CALL(close(p2cread));
456 if (c2pwrite > 2 && c2pwrite != p2cread)
457 POSIX_CALL(close(c2pwrite));
458 if (errwrite != c2pwrite && errwrite != p2cread && errwrite > 2)
459 POSIX_CALL(close(errwrite));
460
461 if (cwd)
462 POSIX_CALL(chdir(cwd));
463
464 if (restore_signals)
465 _Py_RestoreSignals();
466
467 #ifdef HAVE_SETSID
468 if (call_setsid)
469 POSIX_CALL(setsid());
470 #endif
471
472 reached_preexec = 1;
473 if (preexec_fn != Py_None && preexec_fn_args_tuple) {
474 /* This is where the user has asked us to deadlock their program. */
475 result = PyObject_Call(preexec_fn, preexec_fn_args_tuple, NULL);
476 if (result == NULL) {
477 /* Stringifying the exception or traceback would involve
478 * memory allocation and thus potential for deadlock.
479 * We've already faced potential deadlock by calling back
480 * into Python in the first place, so it probably doesn't
481 * matter but we avoid it to minimize the possibility. */
482 err_msg = "Exception occurred in preexec_fn.";
483 errno = 0; /* We don't want to report an OSError. */
484 goto error;
485 }
486 /* Py_DECREF(result); - We're about to exec so why bother? */
487 }
488
489 /* close FDs after executing preexec_fn, which might open FDs */
490 if (close_fds) {
491 /* TODO HP-UX could use pstat_getproc() if anyone cares about it. */
492 _close_open_fds(3, py_fds_to_keep);
493 }
494
495 /* This loop matches the Lib/os.py _execvpe()'s PATH search when */
496 /* given the executable_list generated by Lib/subprocess.py. */
497 saved_errno = 0;
498 for (i = 0; exec_array[i] != NULL; ++i) {
499 const char *executable = exec_array[i];
500 if (envp) {
501 execve(executable, argv, envp);
502 } else {
503 execv(executable, argv);
504 }
505 if (errno != ENOENT && errno != ENOTDIR && saved_errno == 0) {
506 saved_errno = errno;
507 }
508 }
509 /* Report the first exec error, not the last. */
510 if (saved_errno)
511 errno = saved_errno;
512
513 error:
514 saved_errno = errno;
515 /* Report the posix error to our parent process. */
516 /* We ignore all write() return values as the total size of our writes is
517 less than PIPEBUF and we cannot do anything about an error anyways.
518 Use _Py_write_noraise() to retry write() if it is interrupted by a
519 signal (fails with EINTR). */
520 if (saved_errno) {
521 char *cur;
522 _Py_write_noraise(errpipe_write, "OSError:", 8);
523 cur = hex_errno + sizeof(hex_errno);
524 while (saved_errno != 0 && cur != hex_errno) {
525 *--cur = Py_hexdigits[saved_errno % 16];
526 saved_errno /= 16;
527 }
528 _Py_write_noraise(errpipe_write, cur, hex_errno + sizeof(hex_errno) - cur);
529 _Py_write_noraise(errpipe_write, ":", 1);
530 if (!reached_preexec) {
531 /* Indicate to the parent that the error happened before exec(). */
532 _Py_write_noraise(errpipe_write, "noexec", 6);
533 }
534 /* We can't call strerror(saved_errno). It is not async signal safe.
535 * The parent process will look the error message up. */
536 } else {
537 _Py_write_noraise(errpipe_write, "SubprocessError:0:", 18);
538 _Py_write_noraise(errpipe_write, err_msg, strlen(err_msg));
539 }
540 }
541
542
543 static PyObject *
subprocess_fork_exec(PyObject * self,PyObject * args)544 subprocess_fork_exec(PyObject* self, PyObject *args)
545 {
546 PyObject *gc_module = NULL;
547 PyObject *executable_list, *py_fds_to_keep;
548 PyObject *env_list, *preexec_fn;
549 PyObject *process_args, *converted_args = NULL, *fast_args = NULL;
550 PyObject *preexec_fn_args_tuple = NULL;
551 int p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite;
552 int errpipe_read, errpipe_write, close_fds, restore_signals;
553 int call_setsid;
554 PyObject *cwd_obj, *cwd_obj2;
555 const char *cwd;
556 pid_t pid;
557 int need_to_reenable_gc = 0;
558 char *const *exec_array, *const *argv = NULL, *const *envp = NULL;
559 Py_ssize_t arg_num;
560 #ifdef WITH_THREAD
561 int import_lock_held = 0;
562 #endif
563
564 if (!PyArg_ParseTuple(
565 args, "OOpOOOiiiiiiiiiiO:fork_exec",
566 &process_args, &executable_list, &close_fds, &py_fds_to_keep,
567 &cwd_obj, &env_list,
568 &p2cread, &p2cwrite, &c2pread, &c2pwrite,
569 &errread, &errwrite, &errpipe_read, &errpipe_write,
570 &restore_signals, &call_setsid, &preexec_fn))
571 return NULL;
572
573 if (close_fds && errpipe_write < 3) { /* precondition */
574 PyErr_SetString(PyExc_ValueError, "errpipe_write must be >= 3");
575 return NULL;
576 }
577 if (PySequence_Length(py_fds_to_keep) < 0) {
578 PyErr_SetString(PyExc_ValueError, "cannot get length of fds_to_keep");
579 return NULL;
580 }
581 if (_sanity_check_python_fd_sequence(py_fds_to_keep)) {
582 PyErr_SetString(PyExc_ValueError, "bad value(s) in fds_to_keep");
583 return NULL;
584 }
585
586 /* We need to call gc.disable() when we'll be calling preexec_fn */
587 if (preexec_fn != Py_None) {
588 PyObject *result;
589 _Py_IDENTIFIER(isenabled);
590 _Py_IDENTIFIER(disable);
591
592 gc_module = PyImport_ImportModule("gc");
593 if (gc_module == NULL)
594 return NULL;
595 result = _PyObject_CallMethodId(gc_module, &PyId_isenabled, NULL);
596 if (result == NULL) {
597 Py_DECREF(gc_module);
598 return NULL;
599 }
600 need_to_reenable_gc = PyObject_IsTrue(result);
601 Py_DECREF(result);
602 if (need_to_reenable_gc == -1) {
603 Py_DECREF(gc_module);
604 return NULL;
605 }
606 result = _PyObject_CallMethodId(gc_module, &PyId_disable, NULL);
607 if (result == NULL) {
608 Py_DECREF(gc_module);
609 return NULL;
610 }
611 Py_DECREF(result);
612 }
613
614 exec_array = _PySequence_BytesToCharpArray(executable_list);
615 if (!exec_array)
616 goto cleanup;
617
618 /* Convert args and env into appropriate arguments for exec() */
619 /* These conversions are done in the parent process to avoid allocating
620 or freeing memory in the child process. */
621 if (process_args != Py_None) {
622 Py_ssize_t num_args;
623 /* Equivalent to: */
624 /* tuple(PyUnicode_FSConverter(arg) for arg in process_args) */
625 fast_args = PySequence_Fast(process_args, "argv must be a tuple");
626 if (fast_args == NULL)
627 goto cleanup;
628 num_args = PySequence_Fast_GET_SIZE(fast_args);
629 converted_args = PyTuple_New(num_args);
630 if (converted_args == NULL)
631 goto cleanup;
632 for (arg_num = 0; arg_num < num_args; ++arg_num) {
633 PyObject *borrowed_arg, *converted_arg;
634 borrowed_arg = PySequence_Fast_GET_ITEM(fast_args, arg_num);
635 if (PyUnicode_FSConverter(borrowed_arg, &converted_arg) == 0)
636 goto cleanup;
637 PyTuple_SET_ITEM(converted_args, arg_num, converted_arg);
638 }
639
640 argv = _PySequence_BytesToCharpArray(converted_args);
641 Py_CLEAR(converted_args);
642 Py_CLEAR(fast_args);
643 if (!argv)
644 goto cleanup;
645 }
646
647 if (env_list != Py_None) {
648 envp = _PySequence_BytesToCharpArray(env_list);
649 if (!envp)
650 goto cleanup;
651 }
652
653 if (preexec_fn != Py_None) {
654 preexec_fn_args_tuple = PyTuple_New(0);
655 if (!preexec_fn_args_tuple)
656 goto cleanup;
657 #ifdef WITH_THREAD
658 _PyImport_AcquireLock();
659 import_lock_held = 1;
660 #endif
661 }
662
663 if (cwd_obj != Py_None) {
664 if (PyUnicode_FSConverter(cwd_obj, &cwd_obj2) == 0)
665 goto cleanup;
666 cwd = PyBytes_AsString(cwd_obj2);
667 } else {
668 cwd = NULL;
669 cwd_obj2 = NULL;
670 }
671
672 pid = fork();
673 if (pid == 0) {
674 /* Child process */
675 /*
676 * Code from here to _exit() must only use async-signal-safe functions,
677 * listed at `man 7 signal` or
678 * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
679 */
680
681 if (preexec_fn != Py_None) {
682 /* We'll be calling back into Python later so we need to do this.
683 * This call may not be async-signal-safe but neither is calling
684 * back into Python. The user asked us to use hope as a strategy
685 * to avoid deadlock... */
686 PyOS_AfterFork();
687 }
688
689 child_exec(exec_array, argv, envp, cwd,
690 p2cread, p2cwrite, c2pread, c2pwrite,
691 errread, errwrite, errpipe_read, errpipe_write,
692 close_fds, restore_signals, call_setsid,
693 py_fds_to_keep, preexec_fn, preexec_fn_args_tuple);
694 _exit(255);
695 return NULL; /* Dead code to avoid a potential compiler warning. */
696 }
697 Py_XDECREF(cwd_obj2);
698
699 if (pid == -1) {
700 /* Capture the errno exception before errno can be clobbered. */
701 PyErr_SetFromErrno(PyExc_OSError);
702 }
703 #ifdef WITH_THREAD
704 if (preexec_fn != Py_None
705 && _PyImport_ReleaseLock() < 0 && !PyErr_Occurred()) {
706 PyErr_SetString(PyExc_RuntimeError,
707 "not holding the import lock");
708 pid = -1;
709 }
710 import_lock_held = 0;
711 #endif
712
713 /* Parent process */
714 if (envp)
715 _Py_FreeCharPArray(envp);
716 if (argv)
717 _Py_FreeCharPArray(argv);
718 _Py_FreeCharPArray(exec_array);
719
720 /* Reenable gc in the parent process (or if fork failed). */
721 if (_enable_gc(need_to_reenable_gc, gc_module)) {
722 pid = -1;
723 }
724 Py_XDECREF(preexec_fn_args_tuple);
725 Py_XDECREF(gc_module);
726
727 if (pid == -1)
728 return NULL; /* fork() failed. Exception set earlier. */
729
730 return PyLong_FromPid(pid);
731
732 cleanup:
733 #ifdef WITH_THREAD
734 if (import_lock_held)
735 _PyImport_ReleaseLock();
736 #endif
737 if (envp)
738 _Py_FreeCharPArray(envp);
739 if (argv)
740 _Py_FreeCharPArray(argv);
741 if (exec_array)
742 _Py_FreeCharPArray(exec_array);
743 Py_XDECREF(converted_args);
744 Py_XDECREF(fast_args);
745 Py_XDECREF(preexec_fn_args_tuple);
746 _enable_gc(need_to_reenable_gc, gc_module);
747 Py_XDECREF(gc_module);
748 return NULL;
749 }
750
751
752 PyDoc_STRVAR(subprocess_fork_exec_doc,
753 "fork_exec(args, executable_list, close_fds, cwd, env,\n\
754 p2cread, p2cwrite, c2pread, c2pwrite,\n\
755 errread, errwrite, errpipe_read, errpipe_write,\n\
756 restore_signals, call_setsid, preexec_fn)\n\
757 \n\
758 Forks a child process, closes parent file descriptors as appropriate in the\n\
759 child and dups the few that are needed before calling exec() in the child\n\
760 process.\n\
761 \n\
762 The preexec_fn, if supplied, will be called immediately before exec.\n\
763 WARNING: preexec_fn is NOT SAFE if your application uses threads.\n\
764 It may trigger infrequent, difficult to debug deadlocks.\n\
765 \n\
766 If an error occurs in the child process before the exec, it is\n\
767 serialized and written to the errpipe_write fd per subprocess.py.\n\
768 \n\
769 Returns: the child process's PID.\n\
770 \n\
771 Raises: Only on an error in the parent process.\n\
772 ");
773
774 /* module level code ********************************************************/
775
776 PyDoc_STRVAR(module_doc,
777 "A POSIX helper for the subprocess module.");
778
779
780 static PyMethodDef module_methods[] = {
781 {"fork_exec", subprocess_fork_exec, METH_VARARGS, subprocess_fork_exec_doc},
782 {NULL, NULL} /* sentinel */
783 };
784
785
786 static struct PyModuleDef _posixsubprocessmodule = {
787 PyModuleDef_HEAD_INIT,
788 "_posixsubprocess",
789 module_doc,
790 -1, /* No memory is needed. */
791 module_methods,
792 };
793
794 PyMODINIT_FUNC
PyInit__posixsubprocess(void)795 PyInit__posixsubprocess(void)
796 {
797 return PyModule_Create(&_posixsubprocessmodule);
798 }
799