Python code coverage for Modules/_posixsubprocess.c

#	count	content
1	n/a	/* Authors: Gregory P. Smith & Jeffrey Yasskin */
2	n/a	#include "Python.h"
3	n/a	#if defined(HAVE_PIPE2) && !defined(_GNU_SOURCE)
4	n/a	# define _GNU_SOURCE
5	n/a	#endif
6	n/a	#include <unistd.h>
7	n/a	#include <fcntl.h>
8	n/a	#ifdef HAVE_SYS_TYPES_H
9	n/a	#include <sys/types.h>
10	n/a	#endif
11	n/a	#if defined(HAVE_SYS_STAT_H) && defined(__FreeBSD__)
12	n/a	#include <sys/stat.h>
13	n/a	#endif
14	n/a	#ifdef HAVE_SYS_SYSCALL_H
15	n/a	#include <sys/syscall.h>
16	n/a	#endif
17	n/a	#if defined(HAVE_SYS_RESOURCE_H)
18	n/a	#include <sys/resource.h>
19	n/a	#endif
20	n/a	#ifdef HAVE_DIRENT_H
21	n/a	#include <dirent.h>
22	n/a	#endif
23	n/a
24	n/a	#if defined(__ANDROID__) && __ANDROID_API__ < 21 && !defined(SYS_getdents64)
25	n/a	# include <sys/linux-syscalls.h>
26	n/a	# define SYS_getdents64 __NR_getdents64
27	n/a	#endif
28	n/a
29	n/a	#if defined(sun)
30	n/a	/* readdir64 is used to work around Solaris 9 bug 6395699. */
31	n/a	# define readdir readdir64
32	n/a	# define dirent dirent64
33	n/a	# if !defined(HAVE_DIRFD)
34	n/a	/* Some versions of Solaris lack dirfd(). */
35	n/a	# define dirfd(dirp) ((dirp)->dd_fd)
36	n/a	# define HAVE_DIRFD
37	n/a	# endif
38	n/a	#endif
39	n/a
40	n/a	#if defined(__FreeBSD__) \|\| (defined(__APPLE__) && defined(__MACH__))
41	n/a	# define FD_DIR "/dev/fd"
42	n/a	#else
43	n/a	# define FD_DIR "/proc/self/fd"
44	n/a	#endif
45	n/a
46	n/a	#define POSIX_CALL(call) do { if ((call) == -1) goto error; } while (0)
47	n/a
48	n/a
49	n/a	/* If gc was disabled, call gc.enable(). Return 0 on success. */
50	n/a	static int
51	n/a	_enable_gc(int need_to_reenable_gc, PyObject *gc_module)
52	n/a	{
53	n/a	PyObject *result;
54	n/a	_Py_IDENTIFIER(enable);
55	n/a	PyObject exctype, val, *tb;
56	n/a
57	n/a	if (need_to_reenable_gc) {
58	n/a	PyErr_Fetch(&exctype, &val, &tb);
59	n/a	result = _PyObject_CallMethodId(gc_module, &PyId_enable, NULL);
60	n/a	if (exctype != NULL) {
61	n/a	PyErr_Restore(exctype, val, tb);
62	n/a	}
63	n/a	if (result == NULL) {
64	n/a	return 1;
65	n/a	}
66	n/a	Py_DECREF(result);
67	n/a	}
68	n/a	return 0;
69	n/a	}
70	n/a
71	n/a
72	n/a	/* Convert ASCII to a positive int, no libc call. no overflow. -1 on error. */
73	n/a	static int
74	n/a	_pos_int_from_ascii(const char *name)
75	n/a	{
76	n/a	int num = 0;
77	n/a	while (name >= '0' && name <= '9') {
78	n/a	num = num * 10 + (*name - '0');
79	n/a	++name;
80	n/a	}
81	n/a	if (*name)
82	n/a	return -1; /* Non digit found, not a number. */
83	n/a	return num;
84	n/a	}
85	n/a
86	n/a
87	n/a	#if defined(__FreeBSD__)
88	n/a	/* When /dev/fd isn't mounted it is often a static directory populated
89	n/a	* with 0 1 2 or entries for 0 .. 63 on FreeBSD, NetBSD and OpenBSD.
90	n/a	* NetBSD and OpenBSD have a /proc fs available (though not necessarily
91	n/a	* mounted) and do not have fdescfs for /dev/fd. MacOS X has a devfs
92	n/a	* that properly supports /dev/fd.
93	n/a	*/
94	n/a	static int
95	n/a	_is_fdescfs_mounted_on_dev_fd(void)
96	n/a	{
97	n/a	struct stat dev_stat;
98	n/a	struct stat dev_fd_stat;
99	n/a	if (stat("/dev", &dev_stat) != 0)
100	n/a	return 0;
101	n/a	if (stat(FD_DIR, &dev_fd_stat) != 0)
102	n/a	return 0;
103	n/a	if (dev_stat.st_dev == dev_fd_stat.st_dev)
104	n/a	return 0; /* / == /dev == /dev/fd means it is static. #fail */
105	n/a	return 1;
106	n/a	}
107	n/a	#endif
108	n/a
109	n/a
110	n/a	/* Returns 1 if there is a problem with fd_sequence, 0 otherwise. */
111	n/a	static int
112	n/a	_sanity_check_python_fd_sequence(PyObject *fd_sequence)
113	n/a	{
114	n/a	Py_ssize_t seq_idx, seq_len = PySequence_Length(fd_sequence);
115	n/a	long prev_fd = -1;
116	n/a	for (seq_idx = 0; seq_idx < seq_len; ++seq_idx) {
117	n/a	PyObject* py_fd = PySequence_Fast_GET_ITEM(fd_sequence, seq_idx);
118	n/a	long iter_fd = PyLong_AsLong(py_fd);
119	n/a	if (iter_fd < 0 \|\| iter_fd <= prev_fd \|\| iter_fd > INT_MAX) {
120	n/a	/* Negative, overflow, not a Long, unsorted, too big for a fd. */
121	n/a	return 1;
122	n/a	}
123	n/a	prev_fd = iter_fd;
124	n/a	}
125	n/a	return 0;
126	n/a	}
127	n/a
128	n/a
129	n/a	/* Is fd found in the sorted Python Sequence? */
130	n/a	static int
131	n/a	_is_fd_in_sorted_fd_sequence(int fd, PyObject *fd_sequence)
132	n/a	{
133	n/a	/* Binary search. */
134	n/a	Py_ssize_t search_min = 0;
135	n/a	Py_ssize_t search_max = PySequence_Length(fd_sequence) - 1;
136	n/a	if (search_max < 0)
137	n/a	return 0;
138	n/a	do {
139	n/a	long middle = (search_min + search_max) / 2;
140	n/a	long middle_fd = PyLong_AsLong(
141	n/a	PySequence_Fast_GET_ITEM(fd_sequence, middle));
142	n/a	if (fd == middle_fd)
143	n/a	return 1;
144	n/a	if (fd > middle_fd)
145	n/a	search_min = middle + 1;
146	n/a	else
147	n/a	search_max = middle - 1;
148	n/a	} while (search_min <= search_max);
149	n/a	return 0;
150	n/a	}
151	n/a
152	n/a	static int
153	n/a	make_inheritable(PyObject *py_fds_to_keep, int errpipe_write)
154	n/a	{
155	n/a	Py_ssize_t i, len;
156	n/a
157	n/a	len = PySequence_Length(py_fds_to_keep);
158	n/a	for (i = 0; i < len; ++i) {
159	n/a	PyObject* fdobj = PySequence_Fast_GET_ITEM(py_fds_to_keep, i);
160	n/a	long fd = PyLong_AsLong(fdobj);
161	n/a	assert(!PyErr_Occurred());
162	n/a	assert(0 <= fd && fd <= INT_MAX);
163	n/a	if (fd == errpipe_write) {
164	n/a	/* errpipe_write is part of py_fds_to_keep. It must be closed at
165	n/a	exec(), but kept open in the child process until exec() is
166	n/a	called. */
167	n/a	continue;
168	n/a	}
169	n/a	if (_Py_set_inheritable((int)fd, 1, NULL) < 0)
170	n/a	return -1;
171	n/a	}
172	n/a	return 0;
173	n/a	}
174	n/a
175	n/a
176	n/a	/* Get the maximum file descriptor that could be opened by this process.
177	n/a	* This function is async signal safe for use between fork() and exec().
178	n/a	*/
179	n/a	static long
180	n/a	safe_get_max_fd(void)
181	n/a	{
182	n/a	long local_max_fd;
183	n/a	#if defined(__NetBSD__)
184	n/a	local_max_fd = fcntl(0, F_MAXFD);
185	n/a	if (local_max_fd >= 0)
186	n/a	return local_max_fd;
187	n/a	#endif
188	n/a	#if defined(HAVE_SYS_RESOURCE_H) && defined(__OpenBSD__)
189	n/a	struct rlimit rl;
190	n/a	/* Not on the POSIX async signal safe functions list but likely
191	n/a	* safe. TODO - Someone should audit OpenBSD to make sure. */
192	n/a	if (getrlimit(RLIMIT_NOFILE, &rl) >= 0)
193	n/a	return (long) rl.rlim_max;
194	n/a	#endif
195	n/a	#ifdef _SC_OPEN_MAX
196	n/a	local_max_fd = sysconf(_SC_OPEN_MAX);
197	n/a	if (local_max_fd == -1)
198	n/a	#endif
199	n/a	local_max_fd = 256; /* Matches legacy Lib/subprocess.py behavior. */
200	n/a	return local_max_fd;
201	n/a	}
202	n/a
203	n/a
204	n/a	/* Close all file descriptors in the range from start_fd and higher
205	n/a	* except for those in py_fds_to_keep. If the range defined by
206	n/a	* [start_fd, safe_get_max_fd()) is large this will take a long
207	n/a	* time as it calls close() on EVERY possible fd.
208	n/a	*
209	n/a	* It isn't possible to know for sure what the max fd to go up to
210	n/a	* is for processes with the capability of raising their maximum.
211	n/a	*/
212	n/a	static void
213	n/a	_close_fds_by_brute_force(long start_fd, PyObject *py_fds_to_keep)
214	n/a	{
215	n/a	long end_fd = safe_get_max_fd();
216	n/a	Py_ssize_t num_fds_to_keep = PySequence_Length(py_fds_to_keep);
217	n/a	Py_ssize_t keep_seq_idx;
218	n/a	int fd_num;
219	n/a	/* As py_fds_to_keep is sorted we can loop through the list closing
220	n/a	* fds inbetween any in the keep list falling within our range. */
221	n/a	for (keep_seq_idx = 0; keep_seq_idx < num_fds_to_keep; ++keep_seq_idx) {
222	n/a	PyObject* py_keep_fd = PySequence_Fast_GET_ITEM(py_fds_to_keep,
223	n/a	keep_seq_idx);
224	n/a	int keep_fd = PyLong_AsLong(py_keep_fd);
225	n/a	if (keep_fd < start_fd)
226	n/a	continue;
227	n/a	for (fd_num = start_fd; fd_num < keep_fd; ++fd_num) {
228	n/a	close(fd_num);
229	n/a	}
230	n/a	start_fd = keep_fd + 1;
231	n/a	}
232	n/a	if (start_fd <= end_fd) {
233	n/a	for (fd_num = start_fd; fd_num < end_fd; ++fd_num) {
234	n/a	close(fd_num);
235	n/a	}
236	n/a	}
237	n/a	}
238	n/a
239	n/a
240	n/a	#if defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)
241	n/a	/* It doesn't matter if d_name has room for NAME_MAX chars; we're using this
242	n/a	* only to read a directory of short file descriptor number names. The kernel
243	n/a	* will return an error if we didn't give it enough space. Highly Unlikely.
244	n/a	* This structure is very old and stable: It will not change unless the kernel
245	n/a	* chooses to break compatibility with all existing binaries. Highly Unlikely.
246	n/a	*/
247	n/a	struct linux_dirent64 {
248	n/a	unsigned long long d_ino;
249	n/a	long long d_off;
250	n/a	unsigned short d_reclen; /* Length of this linux_dirent */
251	n/a	unsigned char d_type;
252	n/a	char d_name[256]; /* Filename (null-terminated) */
253	n/a	};
254	n/a
255	n/a	/* Close all open file descriptors in the range from start_fd and higher
256	n/a	* Do not close any in the sorted py_fds_to_keep list.
257	n/a	*
258	n/a	* This version is async signal safe as it does not make any unsafe C library
259	n/a	* calls, malloc calls or handle any locks. It is _unfortunate_ to be forced
260	n/a	* to resort to making a kernel system call directly but this is the ONLY api
261	n/a	* available that does no harm. opendir/readdir/closedir perform memory
262	n/a	* allocation and locking so while they usually work they are not guaranteed
263	n/a	* to (especially if you have replaced your malloc implementation). A version
264	n/a	* of this function that uses those can be found in the _maybe_unsafe variant.
265	n/a	*
266	n/a	* This is Linux specific because that is all I am ready to test it on. It
267	n/a	* should be easy to add OS specific dirent or dirent64 structures and modify
268	n/a	* it with some cpp #define magic to work on other OSes as well if you want.
269	n/a	*/
270	n/a	static void
271	n/a	_close_open_fds_safe(int start_fd, PyObject* py_fds_to_keep)
272	n/a	{
273	n/a	int fd_dir_fd;
274	n/a
275	n/a	fd_dir_fd = _Py_open_noraise(FD_DIR, O_RDONLY);
276	n/a	if (fd_dir_fd == -1) {
277	n/a	/* No way to get a list of open fds. */
278	n/a	_close_fds_by_brute_force(start_fd, py_fds_to_keep);
279	n/a	return;
280	n/a	} else {
281	n/a	char buffer[sizeof(struct linux_dirent64)];
282	n/a	int bytes;
283	n/a	while ((bytes = syscall(SYS_getdents64, fd_dir_fd,
284	n/a	(struct linux_dirent64 *)buffer,
285	n/a	sizeof(buffer))) > 0) {
286	n/a	struct linux_dirent64 *entry;
287	n/a	int offset;
288	n/a	for (offset = 0; offset < bytes; offset += entry->d_reclen) {
289	n/a	int fd;
290	n/a	entry = (struct linux_dirent64 *)(buffer + offset);
291	n/a	if ((fd = _pos_int_from_ascii(entry->d_name)) < 0)
292	n/a	continue; /* Not a number. */
293	n/a	if (fd != fd_dir_fd && fd >= start_fd &&
294	n/a	!_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
295	n/a	close(fd);
296	n/a	}
297	n/a	}
298	n/a	}
299	n/a	close(fd_dir_fd);
300	n/a	}
301	n/a	}
302	n/a
303	n/a	#define _close_open_fds _close_open_fds_safe
304	n/a
305	n/a	#else /* NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
306	n/a
307	n/a
308	n/a	/* Close all open file descriptors from start_fd and higher.
309	n/a	* Do not close any in the sorted py_fds_to_keep list.
310	n/a	*
311	n/a	* This function violates the strict use of async signal safe functions. :(
312	n/a	* It calls opendir(), readdir() and closedir(). Of these, the one most
313	n/a	* likely to ever cause a problem is opendir() as it performs an internal
314	n/a	* malloc(). Practically this should not be a problem. The Java VM makes the
315	n/a	* same calls between fork and exec in its own UNIXProcess_md.c implementation.
316	n/a	*
317	n/a	* readdir_r() is not used because it provides no benefit. It is typically
318	n/a	* implemented as readdir() followed by memcpy(). See also:
319	n/a	* http://womble.decadent.org.uk/readdir_r-advisory.html
320	n/a	*/
321	n/a	static void
322	n/a	_close_open_fds_maybe_unsafe(long start_fd, PyObject* py_fds_to_keep)
323	n/a	{
324	n/a	DIR *proc_fd_dir;
325	n/a	#ifndef HAVE_DIRFD
326	n/a	while (_is_fd_in_sorted_fd_sequence(start_fd, py_fds_to_keep)) {
327	n/a	++start_fd;
328	n/a	}
329	n/a	/* Close our lowest fd before we call opendir so that it is likely to
330	n/a	* reuse that fd otherwise we might close opendir's file descriptor in
331	n/a	* our loop. This trick assumes that fd's are allocated on a lowest
332	n/a	* available basis. */
333	n/a	close(start_fd);
334	n/a	++start_fd;
335	n/a	#endif
336	n/a
337	n/a	#if defined(__FreeBSD__)
338	n/a	if (!_is_fdescfs_mounted_on_dev_fd())
339	n/a	proc_fd_dir = NULL;
340	n/a	else
341	n/a	#endif
342	n/a	proc_fd_dir = opendir(FD_DIR);
343	n/a	if (!proc_fd_dir) {
344	n/a	/* No way to get a list of open fds. */
345	n/a	_close_fds_by_brute_force(start_fd, py_fds_to_keep);
346	n/a	} else {
347	n/a	struct dirent *dir_entry;
348	n/a	#ifdef HAVE_DIRFD
349	n/a	int fd_used_by_opendir = dirfd(proc_fd_dir);
350	n/a	#else
351	n/a	int fd_used_by_opendir = start_fd - 1;
352	n/a	#endif
353	n/a	errno = 0;
354	n/a	while ((dir_entry = readdir(proc_fd_dir))) {
355	n/a	int fd;
356	n/a	if ((fd = _pos_int_from_ascii(dir_entry->d_name)) < 0)
357	n/a	continue; /* Not a number. */
358	n/a	if (fd != fd_used_by_opendir && fd >= start_fd &&
359	n/a	!_is_fd_in_sorted_fd_sequence(fd, py_fds_to_keep)) {
360	n/a	close(fd);
361	n/a	}
362	n/a	errno = 0;
363	n/a	}
364	n/a	if (errno) {
365	n/a	/* readdir error, revert behavior. Highly Unlikely. */
366	n/a	_close_fds_by_brute_force(start_fd, py_fds_to_keep);
367	n/a	}
368	n/a	closedir(proc_fd_dir);
369	n/a	}
370	n/a	}
371	n/a
372	n/a	#define _close_open_fds _close_open_fds_maybe_unsafe
373	n/a
374	n/a	#endif /* else NOT (defined(__linux__) && defined(HAVE_SYS_SYSCALL_H)) */
375	n/a
376	n/a
377	n/a	/*
378	n/a	* This function is code executed in the child process immediately after fork
379	n/a	* to set things up and call exec().
380	n/a	*
381	n/a	* All of the code in this function must only use async-signal-safe functions,
382	n/a	* listed at `man 7 signal` or
383	n/a	* http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
384	n/a	*
385	n/a	* This restriction is documented at
386	n/a	* http://www.opengroup.org/onlinepubs/009695399/functions/fork.html.
387	n/a	*/
388	n/a	static void
389	n/a	child_exec(char *const exec_array[],
390	n/a	char *const argv[],
391	n/a	char *const envp[],
392	n/a	const char *cwd,
393	n/a	int p2cread, int p2cwrite,
394	n/a	int c2pread, int c2pwrite,
395	n/a	int errread, int errwrite,
396	n/a	int errpipe_read, int errpipe_write,
397	n/a	int close_fds, int restore_signals,
398	n/a	int call_setsid,
399	n/a	PyObject *py_fds_to_keep,
400	n/a	PyObject *preexec_fn,
401	n/a	PyObject *preexec_fn_args_tuple)
402	n/a	{
403	n/a	int i, saved_errno, reached_preexec = 0;
404	n/a	PyObject *result;
405	n/a	const char* err_msg = "";
406	n/a	/* Buffer large enough to hold a hex integer. We can't malloc. */
407	n/a	char hex_errno[sizeof(saved_errno)*2+1];
408	n/a
409	n/a	if (make_inheritable(py_fds_to_keep, errpipe_write) < 0)
410	n/a	goto error;
411	n/a
412	n/a	/* Close parent's pipe ends. */
413	n/a	if (p2cwrite != -1)
414	n/a	POSIX_CALL(close(p2cwrite));
415	n/a	if (c2pread != -1)
416	n/a	POSIX_CALL(close(c2pread));
417	n/a	if (errread != -1)
418	n/a	POSIX_CALL(close(errread));
419	n/a	POSIX_CALL(close(errpipe_read));
420	n/a
421	n/a	/* When duping fds, if there arises a situation where one of the fds is
422	n/a	either 0, 1 or 2, it is possible that it is overwritten (#12607). */
423	n/a	if (c2pwrite == 0)
424	n/a	POSIX_CALL(c2pwrite = dup(c2pwrite));
425	n/a	if (errwrite == 0 \|\| errwrite == 1)
426	n/a	POSIX_CALL(errwrite = dup(errwrite));
427	n/a
428	n/a	/* Dup fds for child.
429	n/a	dup2() removes the CLOEXEC flag but we must do it ourselves if dup2()
430	n/a	would be a no-op (issue #10806). */
431	n/a	if (p2cread == 0) {
432	n/a	if (_Py_set_inheritable(p2cread, 1, NULL) < 0)
433	n/a	goto error;
434	n/a	}
435	n/a	else if (p2cread != -1)
436	n/a	POSIX_CALL(dup2(p2cread, 0)); /* stdin */
437	n/a
438	n/a	if (c2pwrite == 1) {
439	n/a	if (_Py_set_inheritable(c2pwrite, 1, NULL) < 0)
440	n/a	goto error;
441	n/a	}
442	n/a	else if (c2pwrite != -1)
443	n/a	POSIX_CALL(dup2(c2pwrite, 1)); /* stdout */
444	n/a
445	n/a	if (errwrite == 2) {
446	n/a	if (_Py_set_inheritable(errwrite, 1, NULL) < 0)
447	n/a	goto error;
448	n/a	}
449	n/a	else if (errwrite != -1)
450	n/a	POSIX_CALL(dup2(errwrite, 2)); /* stderr */
451	n/a
452	n/a	/* Close pipe fds. Make sure we don't close the same fd more than */
453	n/a	/* once, or standard fds. */
454	n/a	if (p2cread > 2)
455	n/a	POSIX_CALL(close(p2cread));
456	n/a	if (c2pwrite > 2 && c2pwrite != p2cread)
457	n/a	POSIX_CALL(close(c2pwrite));
458	n/a	if (errwrite != c2pwrite && errwrite != p2cread && errwrite > 2)
459	n/a	POSIX_CALL(close(errwrite));
460	n/a
461	n/a	if (cwd)
462	n/a	POSIX_CALL(chdir(cwd));
463	n/a
464	n/a	if (restore_signals)
465	n/a	_Py_RestoreSignals();
466	n/a
467	n/a	#ifdef HAVE_SETSID
468	n/a	if (call_setsid)
469	n/a	POSIX_CALL(setsid());
470	n/a	#endif
471	n/a
472	n/a	reached_preexec = 1;
473	n/a	if (preexec_fn != Py_None && preexec_fn_args_tuple) {
474	n/a	/* This is where the user has asked us to deadlock their program. */
475	n/a	result = PyObject_Call(preexec_fn, preexec_fn_args_tuple, NULL);
476	n/a	if (result == NULL) {
477	n/a	/* Stringifying the exception or traceback would involve
478	n/a	* memory allocation and thus potential for deadlock.
479	n/a	* We've already faced potential deadlock by calling back
480	n/a	* into Python in the first place, so it probably doesn't
481	n/a	* matter but we avoid it to minimize the possibility. */
482	n/a	err_msg = "Exception occurred in preexec_fn.";
483	n/a	errno = 0; /* We don't want to report an OSError. */
484	n/a	goto error;
485	n/a	}
486	n/a	/* Py_DECREF(result); - We're about to exec so why bother? */
487	n/a	}
488	n/a
489	n/a	/* close FDs after executing preexec_fn, which might open FDs */
490	n/a	if (close_fds) {
491	n/a	/* TODO HP-UX could use pstat_getproc() if anyone cares about it. */
492	n/a	_close_open_fds(3, py_fds_to_keep);
493	n/a	}
494	n/a
495	n/a	/* This loop matches the Lib/os.py _execvpe()'s PATH search when */
496	n/a	/* given the executable_list generated by Lib/subprocess.py. */
497	n/a	saved_errno = 0;
498	n/a	for (i = 0; exec_array[i] != NULL; ++i) {
499	n/a	const char *executable = exec_array[i];
500	n/a	if (envp) {
501	n/a	execve(executable, argv, envp);
502	n/a	} else {
503	n/a	execv(executable, argv);
504	n/a	}
505	n/a	if (errno != ENOENT && errno != ENOTDIR && saved_errno == 0) {
506	n/a	saved_errno = errno;
507	n/a	}
508	n/a	}
509	n/a	/* Report the first exec error, not the last. */
510	n/a	if (saved_errno)
511	n/a	errno = saved_errno;
512	n/a
513	n/a	error:
514	n/a	saved_errno = errno;
515	n/a	/* Report the posix error to our parent process. */
516	n/a	/* We ignore all write() return values as the total size of our writes is
517	n/a	less than PIPEBUF and we cannot do anything about an error anyways.
518	n/a	Use _Py_write_noraise() to retry write() if it is interrupted by a
519	n/a	signal (fails with EINTR). */
520	n/a	if (saved_errno) {
521	n/a	char *cur;
522	n/a	_Py_write_noraise(errpipe_write, "OSError:", 8);
523	n/a	cur = hex_errno + sizeof(hex_errno);
524	n/a	while (saved_errno != 0 && cur != hex_errno) {
525	n/a	*--cur = Py_hexdigits[saved_errno % 16];
526	n/a	saved_errno /= 16;
527	n/a	}
528	n/a	_Py_write_noraise(errpipe_write, cur, hex_errno + sizeof(hex_errno) - cur);
529	n/a	_Py_write_noraise(errpipe_write, ":", 1);
530	n/a	if (!reached_preexec) {
531	n/a	/* Indicate to the parent that the error happened before exec(). */
532	n/a	_Py_write_noraise(errpipe_write, "noexec", 6);
533	n/a	}
534	n/a	/* We can't call strerror(saved_errno). It is not async signal safe.
535	n/a	* The parent process will look the error message up. */
536	n/a	} else {
537	n/a	_Py_write_noraise(errpipe_write, "SubprocessError:0:", 18);
538	n/a	_Py_write_noraise(errpipe_write, err_msg, strlen(err_msg));
539	n/a	}
540	n/a	}
541	n/a
542	n/a
543	n/a	static PyObject *
544	n/a	subprocess_fork_exec(PyObject* self, PyObject *args)
545	n/a	{
546	n/a	PyObject *gc_module = NULL;
547	n/a	PyObject executable_list, py_fds_to_keep;
548	n/a	PyObject env_list, preexec_fn;
549	n/a	PyObject process_args, converted_args = NULL, *fast_args = NULL;
550	n/a	PyObject *preexec_fn_args_tuple = NULL;
551	n/a	int p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite;
552	n/a	int errpipe_read, errpipe_write, close_fds, restore_signals;
553	n/a	int call_setsid;
554	n/a	PyObject cwd_obj, cwd_obj2;
555	n/a	const char *cwd;
556	n/a	pid_t pid;
557	n/a	int need_to_reenable_gc = 0;
558	n/a	char const exec_array, const argv = NULL, const envp = NULL;
559	n/a	Py_ssize_t arg_num;
560	n/a	#ifdef WITH_THREAD
561	n/a	int import_lock_held = 0;
562	n/a	#endif
563	n/a
564	n/a	if (!PyArg_ParseTuple(
565	n/a	args, "OOpOOOiiiiiiiiiiO:fork_exec",
566	n/a	&process_args, &executable_list, &close_fds, &py_fds_to_keep,
567	n/a	&cwd_obj, &env_list,
568	n/a	&p2cread, &p2cwrite, &c2pread, &c2pwrite,
569	n/a	&errread, &errwrite, &errpipe_read, &errpipe_write,
570	n/a	&restore_signals, &call_setsid, &preexec_fn))
571	n/a	return NULL;
572	n/a
573	n/a	if (close_fds && errpipe_write < 3) { /* precondition */
574	n/a	PyErr_SetString(PyExc_ValueError, "errpipe_write must be >= 3");
575	n/a	return NULL;
576	n/a	}
577	n/a	if (PySequence_Length(py_fds_to_keep) < 0) {
578	n/a	PyErr_SetString(PyExc_ValueError, "cannot get length of fds_to_keep");
579	n/a	return NULL;
580	n/a	}
581	n/a	if (_sanity_check_python_fd_sequence(py_fds_to_keep)) {
582	n/a	PyErr_SetString(PyExc_ValueError, "bad value(s) in fds_to_keep");
583	n/a	return NULL;
584	n/a	}
585	n/a
586	n/a	/* We need to call gc.disable() when we'll be calling preexec_fn */
587	n/a	if (preexec_fn != Py_None) {
588	n/a	PyObject *result;
589	n/a	_Py_IDENTIFIER(isenabled);
590	n/a	_Py_IDENTIFIER(disable);
591	n/a
592	n/a	gc_module = PyImport_ImportModule("gc");
593	n/a	if (gc_module == NULL)
594	n/a	return NULL;
595	n/a	result = _PyObject_CallMethodId(gc_module, &PyId_isenabled, NULL);
596	n/a	if (result == NULL) {
597	n/a	Py_DECREF(gc_module);
598	n/a	return NULL;
599	n/a	}
600	n/a	need_to_reenable_gc = PyObject_IsTrue(result);
601	n/a	Py_DECREF(result);
602	n/a	if (need_to_reenable_gc == -1) {
603	n/a	Py_DECREF(gc_module);
604	n/a	return NULL;
605	n/a	}
606	n/a	result = _PyObject_CallMethodId(gc_module, &PyId_disable, NULL);
607	n/a	if (result == NULL) {
608	n/a	Py_DECREF(gc_module);
609	n/a	return NULL;
610	n/a	}
611	n/a	Py_DECREF(result);
612	n/a	}
613	n/a
614	n/a	exec_array = _PySequence_BytesToCharpArray(executable_list);
615	n/a	if (!exec_array)
616	n/a	goto cleanup;
617	n/a
618	n/a	/* Convert args and env into appropriate arguments for exec() */
619	n/a	/* These conversions are done in the parent process to avoid allocating
620	n/a	or freeing memory in the child process. */
621	n/a	if (process_args != Py_None) {
622	n/a	Py_ssize_t num_args;
623	n/a	/* Equivalent to: */
624	n/a	/* tuple(PyUnicode_FSConverter(arg) for arg in process_args) */
625	n/a	fast_args = PySequence_Fast(process_args, "argv must be a tuple");
626	n/a	if (fast_args == NULL)
627	n/a	goto cleanup;
628	n/a	num_args = PySequence_Fast_GET_SIZE(fast_args);
629	n/a	converted_args = PyTuple_New(num_args);
630	n/a	if (converted_args == NULL)
631	n/a	goto cleanup;
632	n/a	for (arg_num = 0; arg_num < num_args; ++arg_num) {
633	n/a	PyObject borrowed_arg, converted_arg;
634	n/a	borrowed_arg = PySequence_Fast_GET_ITEM(fast_args, arg_num);
635	n/a	if (PyUnicode_FSConverter(borrowed_arg, &converted_arg) == 0)
636	n/a	goto cleanup;
637	n/a	PyTuple_SET_ITEM(converted_args, arg_num, converted_arg);
638	n/a	}
639	n/a
640	n/a	argv = _PySequence_BytesToCharpArray(converted_args);
641	n/a	Py_CLEAR(converted_args);
642	n/a	Py_CLEAR(fast_args);
643	n/a	if (!argv)
644	n/a	goto cleanup;
645	n/a	}
646	n/a
647	n/a	if (env_list != Py_None) {
648	n/a	envp = _PySequence_BytesToCharpArray(env_list);
649	n/a	if (!envp)
650	n/a	goto cleanup;
651	n/a	}
652	n/a
653	n/a	if (preexec_fn != Py_None) {
654	n/a	preexec_fn_args_tuple = PyTuple_New(0);
655	n/a	if (!preexec_fn_args_tuple)
656	n/a	goto cleanup;
657	n/a	#ifdef WITH_THREAD
658	n/a	_PyImport_AcquireLock();
659	n/a	import_lock_held = 1;
660	n/a	#endif
661	n/a	}
662	n/a
663	n/a	if (cwd_obj != Py_None) {
664	n/a	if (PyUnicode_FSConverter(cwd_obj, &cwd_obj2) == 0)
665	n/a	goto cleanup;
666	n/a	cwd = PyBytes_AsString(cwd_obj2);
667	n/a	} else {
668	n/a	cwd = NULL;
669	n/a	cwd_obj2 = NULL;
670	n/a	}
671	n/a
672	n/a	pid = fork();
673	n/a	if (pid == 0) {
674	n/a	/* Child process */
675	n/a	/*
676	n/a	* Code from here to _exit() must only use async-signal-safe functions,
677	n/a	* listed at `man 7 signal` or
678	n/a	* http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html.
679	n/a	*/
680	n/a
681	n/a	if (preexec_fn != Py_None) {
682	n/a	/* We'll be calling back into Python later so we need to do this.
683	n/a	* This call may not be async-signal-safe but neither is calling
684	n/a	* back into Python. The user asked us to use hope as a strategy
685	n/a	* to avoid deadlock... */
686	n/a	PyOS_AfterFork();
687	n/a	}
688	n/a
689	n/a	child_exec(exec_array, argv, envp, cwd,
690	n/a	p2cread, p2cwrite, c2pread, c2pwrite,
691	n/a	errread, errwrite, errpipe_read, errpipe_write,
692	n/a	close_fds, restore_signals, call_setsid,
693	n/a	py_fds_to_keep, preexec_fn, preexec_fn_args_tuple);
694	n/a	_exit(255);
695	n/a	return NULL; /* Dead code to avoid a potential compiler warning. */
696	n/a	}
697	n/a	Py_XDECREF(cwd_obj2);
698	n/a
699	n/a	if (pid == -1) {
700	n/a	/* Capture the errno exception before errno can be clobbered. */
701	n/a	PyErr_SetFromErrno(PyExc_OSError);
702	n/a	}
703	n/a	#ifdef WITH_THREAD
704	n/a	if (preexec_fn != Py_None
705	n/a	&& _PyImport_ReleaseLock() < 0 && !PyErr_Occurred()) {
706	n/a	PyErr_SetString(PyExc_RuntimeError,
707	n/a	"not holding the import lock");
708	n/a	pid = -1;
709	n/a	}
710	n/a	import_lock_held = 0;
711	n/a	#endif
712	n/a
713	n/a	/* Parent process */
714	n/a	if (envp)
715	n/a	_Py_FreeCharPArray(envp);
716	n/a	if (argv)
717	n/a	_Py_FreeCharPArray(argv);
718	n/a	_Py_FreeCharPArray(exec_array);
719	n/a
720	n/a	/* Reenable gc in the parent process (or if fork failed). */
721	n/a	if (_enable_gc(need_to_reenable_gc, gc_module)) {
722	n/a	pid = -1;
723	n/a	}
724	n/a	Py_XDECREF(preexec_fn_args_tuple);
725	n/a	Py_XDECREF(gc_module);
726	n/a
727	n/a	if (pid == -1)
728	n/a	return NULL; /* fork() failed. Exception set earlier. */
729	n/a
730	n/a	return PyLong_FromPid(pid);
731	n/a
732	n/a	cleanup:
733	n/a	#ifdef WITH_THREAD
734	n/a	if (import_lock_held)
735	n/a	_PyImport_ReleaseLock();
736	n/a	#endif
737	n/a	if (envp)
738	n/a	_Py_FreeCharPArray(envp);
739	n/a	if (argv)
740	n/a	_Py_FreeCharPArray(argv);
741	n/a	if (exec_array)
742	n/a	_Py_FreeCharPArray(exec_array);
743	n/a	Py_XDECREF(converted_args);
744	n/a	Py_XDECREF(fast_args);
745	n/a	Py_XDECREF(preexec_fn_args_tuple);
746	n/a	_enable_gc(need_to_reenable_gc, gc_module);
747	n/a	Py_XDECREF(gc_module);
748	n/a	return NULL;
749	n/a	}
750	n/a
751	n/a
752	n/a	PyDoc_STRVAR(subprocess_fork_exec_doc,
753	n/a	"fork_exec(args, executable_list, close_fds, cwd, env,\n\
754	n/a	p2cread, p2cwrite, c2pread, c2pwrite,\n\
755	n/a	errread, errwrite, errpipe_read, errpipe_write,\n\
756	n/a	restore_signals, call_setsid, preexec_fn)\n\
757	n/a	\n\
758	n/a	Forks a child process, closes parent file descriptors as appropriate in the\n\
759	n/a	child and dups the few that are needed before calling exec() in the child\n\
760	n/a	process.\n\
761	n/a	\n\
762	n/a	The preexec_fn, if supplied, will be called immediately before exec.\n\
763	n/a	WARNING: preexec_fn is NOT SAFE if your application uses threads.\n\
764	n/a	It may trigger infrequent, difficult to debug deadlocks.\n\
765	n/a	\n\
766	n/a	If an error occurs in the child process before the exec, it is\n\
767	n/a	serialized and written to the errpipe_write fd per subprocess.py.\n\
768	n/a	\n\
769	n/a	Returns: the child process's PID.\n\
770	n/a	\n\
771	n/a	Raises: Only on an error in the parent process.\n\
772	n/a	");
773	n/a
774	n/a	/* module level code ********************************************************/
775	n/a
776	n/a	PyDoc_STRVAR(module_doc,
777	n/a	"A POSIX helper for the subprocess module.");
778	n/a
779	n/a
780	n/a	static PyMethodDef module_methods[] = {
781	n/a	{"fork_exec", subprocess_fork_exec, METH_VARARGS, subprocess_fork_exec_doc},
782	n/a	{NULL, NULL} /* sentinel */
783	n/a	};
784	n/a
785	n/a
786	n/a	static struct PyModuleDef _posixsubprocessmodule = {
787	n/a	PyModuleDef_HEAD_INIT,
788	n/a	"_posixsubprocess",
789	n/a	module_doc,
790	n/a	-1, /* No memory is needed. */
791	n/a	module_methods,
792	n/a	};
793	n/a
794	n/a	PyMODINIT_FUNC
795	n/a	PyInit__posixsubprocess(void)
796	n/a	{
797	n/a	return PyModule_Create(&_posixsubprocessmodule);
798	n/a	}