AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-09 14:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
master
glibc/posix/tst-spawn3.c

161 lines
4.7 KiB
C
Raw Permalink Normal View History

posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
/* Check posix_spawn add file actions.
Update copyright dates with scripts/update-copyrights
2024-01-01 18:12:26 +00:00
Copyright (C) 2016-2024 Free Software Foundation, Inc.
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
Prefer https to http for gnu.org and fsf.org URLs Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 05:40:42 +00:00
<https://www.gnu.org/licenses/>. */
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
#include <stdio.h>
#include <spawn.h>
#include <error.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/resource.h>
posix: Adapt tst-spawn{2,3} to use libsupport. Checked on x86_64-linux-gnu. * posix/tst-spawn2.c (do_test): Use libsupport. * posix/tst-spawn3.c (do_test): Likewise.
2017-04-24 18:48:01 +00:00
#include <fcntl.h>
#include <paths.h>
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
#include <intprops.h>
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix: Adapt tst-spawn{2,3} to use libsupport. Checked on x86_64-linux-gnu. * posix/tst-spawn2.c (do_test): Use libsupport. * posix/tst-spawn3.c (do_test): Likewise.
2017-04-24 18:48:01 +00:00
#include <support/check.h>
#include <support/temp_file.h>
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
#include <support/xunistd.h>
#include <tst-spawn.h>
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
static int
do_test (void)
{
/* The test checks if posix_spawn open file action close the file descriptor
before opening a new one in case the input file descriptor is already
opened. It does by exhausting all file descriptors on the process before
issue posix_spawn. It then issues a posix_spawn for '/bin/sh echo $$'
and add two rules:
1. Redirect stdout to a temporary filepath
2. Redirect stderr to stdout
If the implementation does not close the file 1. will fail with
EMFILE. */
struct rlimit rl;
int max_fd = 24;
/* Set maximum number of file descriptor to a low value to avoid open
too many files in environments where RLIMIT_NOFILE is large and to
limit the array size to track the opened file descriptors. */
if (getrlimit (RLIMIT_NOFILE, &rl) == -1)
posix: Adapt tst-spawn{2,3} to use libsupport. Checked on x86_64-linux-gnu. * posix/tst-spawn2.c (do_test): Use libsupport. * posix/tst-spawn3.c (do_test): Likewise.
2017-04-24 18:48:01 +00:00
FAIL_EXIT1 ("getrlimit (RLIMIT_NOFILE): %m");
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
max_fd = (rl.rlim_cur < max_fd ? rl.rlim_cur : max_fd);
rl.rlim_cur = max_fd;
if (setrlimit (RLIMIT_NOFILE, &rl) == 1)
posix: Adapt tst-spawn{2,3} to use libsupport. Checked on x86_64-linux-gnu. * posix/tst-spawn2.c (do_test): Use libsupport. * posix/tst-spawn3.c (do_test): Likewise.
2017-04-24 18:48:01 +00:00
FAIL_EXIT1 ("setrlimit (RLIMIT_NOFILE): %m");
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
/* Exhauste the file descriptor limit with temporary files. */
int files[max_fd];
int nfiles = 0;
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
for (; nfiles < max_fd; nfiles++)
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
{
int fd = create_temp_file ("tst-spawn3.", NULL);
if (fd == -1)
{
if (errno != EMFILE)
posix: Adapt tst-spawn{2,3} to use libsupport. Checked on x86_64-linux-gnu. * posix/tst-spawn2.c (do_test): Use libsupport. * posix/tst-spawn3.c (do_test): Likewise.
2017-04-24 18:48:01 +00:00
FAIL_EXIT1 ("create_temp_file: %m");
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
break;
}
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
files[nfiles] = fd;
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
}
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
TEST_VERIFY_EXIT (nfiles != 0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix_spawn_file_actions_t a;
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
TEST_COMPARE (posix_spawn_file_actions_init (&a), 0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
Fix hardcoded /tmp paths in testing (bug 13888). As noted in bug 13888, and as I noted previously in <https://sourceware.org/ml/libc-alpha/2000-10/msg00111.html>, various tests used hardcoded paths in /tmp, so posing issues for simultaneous test runs from different build directories. This patch fixes such uses of hardcoded file names to put them in the build directory instead (in the case of stdio-common/bug5 the file names are changed as well, to avoid a conflict with the name bug5.out also used for the automatic test output redirection). It also fixes test-installation.pl likewise (that was using filenames with $$ in them rather than strictly hardcoded names, but that's still not good practice for temporary file naming). Note that my list of files changed is not identical to that in bug 13888. I added tst-spawn3.c and test-installation.pl, and removed some tests that seem to me (now) to create temporary files securely (simply using /tmp is not itself a problem if the temporary files are handled properly with mkstemp; I haven't checked whether those tests used to do things insecurely). conformtest is not changed because the makefiles always pass a --tmpdir option so the /tmp default is irrelevant, and for the same reason there is no actual problem with nptl/tst-umask1.c because again the makefiles always override the default. nptl/sockperf.c is ignored because there is no code to run it; probably that file should actually be removed. Some tests use the mktemp function, but I think they all use it in a way that *is* secure (for generating names for directories / sockets / fifos / symlinks, where the operation using the name will not follow symlinks and so there is no potential for a symlink attack on the account running the testsuite). Some tests use the tmpnam function to generate temporary file names. This is in principle insecure, but not addressed by this patch (I consider it a separate issue from the fully hardcoded paths). Tested for x86_64. [BZ #13888] * posix/Makefile (CFLAGS-tst-spawn3.c): New variable. * posix/tst-spawn3.c (do_test): Put tst-spwan3.pid in OBJPFX, not /tmp. * scripts/test-installation.pl: Put temporary files in build directory, not /tmp. * stdio-common/Makefile (CFLAGS-bug3.c): New variable. (CFLAGS-bug4.c): Likewise. (CFLAGS-bug5.c): Likewise. (CFLAGS-test-fseek.c): Likewise. (CFLAGS-test-popen.c): Likewise. (CFLAGS-test_rdwr.c): Likewise. * stdio-common/bug3.c (main): Put temporary file in OBJPFX, not /tmp. * stdio-common/bug4.c (main): Likewise. * stdio-common/bug5.c (main): Likewise. * stdio-common/test-fseek.c (TESTFILE): Likewise. * stdio-common/test-popen.c (do_test): Likewise. * stdio-common/test_rdwr.c (main): Likewise.
2018-06-26 21:48:48 +00:00
/* Executes a /bin/sh echo $$ 2>&1 > ${objpfx}tst-spawn3.pid . */
const char pidfile[] = OBJPFX "tst-spawn3.pid";
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
TEST_COMPARE (posix_spawn_file_actions_addopen (&a, STDOUT_FILENO, pidfile,
O_WRONLY| O_CREAT | O_TRUNC,
0644),
0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
TEST_COMPARE (posix_spawn_file_actions_adddup2 (&a, STDOUT_FILENO,
STDERR_FILENO),
0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
/* Since execve (called by posix_spawn) might require to open files to
actually execute the shell script, setup to close the temporary file
descriptors. */
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
int maxnfiles =
#ifdef TST_SPAWN_PIDFD
/* The sparing file descriptor will be returned as the pid descriptor,
otherwise clone fail with EMFILE. */
nfiles - 1;
#else
nfiles;
#endif
for (int i=0; i<maxnfiles; i++)
TEST_COMPARE (posix_spawn_file_actions_addclose (&a, files[i]), 0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
char *spawn_argv[] = { (char *) _PATH_BSHELL, (char *) "-c",
(char *) "echo $$", NULL };
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
PID_T_TYPE pid;
{
int r = POSIX_SPAWN (&pid, _PATH_BSHELL, &a, NULL, spawn_argv, NULL);
if (r == ENOSYS)
FAIL_UNSUPPORTED ("kernel does not support CLONE_PIDFD clone flag");
#ifdef TST_SPAWN_PIDFD
TEST_COMPARE (r, EMFILE);
/* Free up one file descriptor, so posix_spawn_pidfd_ex can return it. */
xclose (files[nfiles-1]);
nfiles--;
r = POSIX_SPAWN (&pid, _PATH_BSHELL, &a, NULL, spawn_argv, NULL);
#endif
TEST_COMPARE (r, 0);
}
siginfo_t sinfo;
TEST_COMPARE (WAITID (P_PID, pid, &sinfo, WEXITED), 0);
TEST_COMPARE (sinfo.si_code, CLD_EXITED);
TEST_COMPARE (sinfo.si_status, 0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
/* Close the temporary files descriptor so it can check posix_spawn
output. */
for (int i=0; i<nfiles; i++)
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
xclose (files[i]);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
int pidfd = xopen (pidfile, O_RDONLY, 0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
char buf[INT_BUFSIZE_BOUND (pid_t)];
ssize_t n = read (pidfd, buf, sizeof (buf));
TEST_VERIFY (n < sizeof buf && n >= 0);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
xunlink (pidfile);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
/* We only expect to read the PID. */
char *endp;
long int rpid = strtol (buf, &endp, 10);
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
TEST_VERIFY (*endp == '\n' && endp != buf);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Returning a pidfd allows a process to keep a race-free handle for a child process, otherwise, the caller will need to either use pidfd_open (which still might be subject to TOCTOU) or keep the old racy interface base on pid_t. To correct use pifd_spawn, the kernel must support not only returning the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). If kernel does not support the waitid, pidfd return ENOSYS. It avoids the need to racy workarounds, such as reading the procfs fdinfo to get the pid to use along with other wait interfaces. These interfaces are similar to the posix_spawn and posix_spawnp, with the only difference being it returns a process file descriptor (int) instead of a process ID (pid_t). Their prototypes are: int pidfd_spawn (int *restrict pidfd, const char *restrict file, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]) int pidfd_spawnp (int *restrict pidfd, const char *restrict path, const posix_spawn_file_actions_t *restrict facts, const posix_spawnattr_t *restrict attrp, char *const argv[restrict_arr], char *const envp[restrict_arr]); A new symbol is used instead of a posix_spawn extension to avoid possible issues with language bindings that might track the return argument lifetime. Although on Linux pid_t and int are interchangeable, POSIX only states that pid_t should be a signed integer. Both symbols reuse the posix_spawn posix_spawn_file_actions_t and posix_spawnattr_t, to void rehash posix_spawn API or add a new one. It also means that both interfaces support the same attribute and file actions, and a new flag or file action on posix_spawn is also added automatically for pidfd_spawn. Also, using posix_spawn plumbing allows the reusing of most of the current testing with some changes: - waitid is used instead of waitpid since it is a more generic interface. - tst-posix_spawn-setsid.c is adapted to take into consideration that the caller can check for session id directly. The test now spawns itself and writes the session id as a file instead. - tst-spawn3.c need to know where pidfd_spawn is used so it keeps an extra file description unused. Checked on x86_64-linux-gnu on Linux 4.15 (no CLONE_PIDFD or waitid support), Linux 5.4 (full support), and Linux 6.2. Reviewed-by: Florian Weimer <fweimer@redhat.com>
2023-08-24 16:42:18 +00:00
TEST_COMPARE (rpid, sinfo.si_pid);
posix: Fix open file action for posix_spawn on Linux On posix_spawn open file action (issued by posix_spawn_file_actions_addopen) POSIX states that if fildes was already an open file descriptor, it shall be closed before the new file is openedi [1]. This avoid pontential issues when posix_spawn plus addopen action is called with the process already at maximum number of file descriptor opened and also for multiple actions on single-open special paths (like /dev/watchdog). This fixes its behavior on Linux posix_spawn implementation and also adds a tests to check for its behavior. Checked on x86_64. * posix/Makefile (tests): Add tst-spawn3. * posix/tst-spawn3.c: New file. * sysdeps/unix/sysv/linux/spawni.c (__spawni_child): Close file descriptor if it is already opened for open action. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addclose.html
2016-09-16 20:44:50 +00:00
return 0;
}
posix: Adapt tst-spawn{2,3} to use libsupport. Checked on x86_64-linux-gnu. * posix/tst-spawn2.c (do_test): Use libsupport. * posix/tst-spawn3.c (do_test): Likewise.
2017-04-24 18:48:01 +00:00
#include <support/test-driver.c>
Reference in New Issue Copy Permalink