iopopen.c 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322
  1. /* Copyright (C) 1993-2026 Free Software Foundation, Inc.
  2. This file is part of the GNU C Library.
  3. The GNU C Library is free software; you can redistribute it and/or
  4. modify it under the terms of the GNU Lesser General Public
  5. License as published by the Free Software Foundation; either
  6. version 2.1 of the License, or (at your option) any later version.
  7. The GNU C Library is distributed in the hope that it will be useful,
  8. but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  10. Lesser General Public License for more details.
  11. You should have received a copy of the GNU Lesser General Public
  12. License along with the GNU C Library; if not, see
  13. <https://www.gnu.org/licenses/>.
  14. As a special exception, if you link the code in this file with
  15. files compiled with a GNU compiler to produce an executable,
  16. that does not cause the resulting executable to be covered by
  17. the GNU Lesser General Public License. This exception does not
  18. however invalidate any other reasons why the executable file
  19. might be covered by the GNU Lesser General Public License.
  20. This exception applies to code released by its copyright holders
  21. in files containing the exception. */
  22. #include "libioP.h"
  23. #include <fcntl.h>
  24. #include <signal.h>
  25. #include <unistd.h>
  26. #include <stdlib.h>
  27. #include <shlib-compat.h>
  28. #include <not-cancel.h>
  29. #include <sys/types.h>
  30. #include <sys/wait.h>
  31. #include <spawn.h>
  32. #include <paths.h>
  33. struct _IO_proc_file
  34. {
  35. struct _IO_FILE_plus file;
  36. /* Following fields must match those in class procbuf (procbuf.h) */
  37. pid_t pid;
  38. struct _IO_proc_file *next;
  39. };
  40. typedef struct _IO_proc_file _IO_proc_file;
  41. static struct _IO_proc_file *proc_file_chain;
  42. #ifdef _IO_MTSAFE_IO
  43. static _IO_lock_t proc_file_chain_lock = _IO_lock_initializer;
  44. static void
  45. unlock (void *not_used)
  46. {
  47. _IO_lock_unlock (proc_file_chain_lock);
  48. }
  49. #endif
  50. /* These lock/unlock/resetlock functions are used during fork. */
  51. void
  52. _IO_proc_file_chain_lock (void)
  53. {
  54. _IO_lock_lock (proc_file_chain_lock);
  55. }
  56. void
  57. _IO_proc_file_chain_unlock (void)
  58. {
  59. _IO_lock_unlock (proc_file_chain_lock);
  60. }
  61. void
  62. _IO_proc_file_chain_resetlock (void)
  63. {
  64. _IO_lock_init (proc_file_chain_lock);
  65. }
  66. /* POSIX states popen shall ensure that any streams from previous popen()
  67. calls that remain open in the parent process should be closed in the new
  68. child process.
  69. To avoid a race-condition between checking which file descriptors need to
  70. be close (by transversing the proc_file_chain list) and the insertion of a
  71. new one after a successful posix_spawn this function should be called
  72. with proc_file_chain_lock acquired. */
  73. static int
  74. spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command,
  75. int do_cloexec, int pipe_fds[2], int parent_end, int child_end,
  76. int child_pipe_fd)
  77. {
  78. int err = 0;
  79. for (struct _IO_proc_file *p = proc_file_chain; p; p = p->next)
  80. {
  81. int fd = _IO_fileno ((FILE *) p);
  82. /* If any stream from previous popen() calls has fileno
  83. child_pipe_fd, it has been already closed by the adddup2 action
  84. above. */
  85. if (fd != child_pipe_fd)
  86. {
  87. err = __posix_spawn_file_actions_addclose (fa, fd);
  88. if (err != 0)
  89. return err;
  90. }
  91. }
  92. err = __posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, NULL,
  93. (char *const[]){ (char*) "sh", (char*) "-c", (char*) "--",
  94. (char *) command, NULL }, __environ);
  95. if (err != 0)
  96. return err;
  97. __close_nocancel (pipe_fds[child_end]);
  98. if (!do_cloexec)
  99. /* Undo the effects of the pipe2 call which set the
  100. close-on-exec flag. */
  101. __fcntl (pipe_fds[parent_end], F_SETFD, 0);
  102. _IO_fileno (fp) = pipe_fds[parent_end];
  103. ((_IO_proc_file *) fp)->next = proc_file_chain;
  104. proc_file_chain = (_IO_proc_file *) fp;
  105. return 0;
  106. }
  107. FILE *
  108. _IO_new_proc_open (FILE *fp, const char *command, const char *mode)
  109. {
  110. int read_or_write;
  111. /* These are indexes for pipe_fds. */
  112. int parent_end, child_end;
  113. int pipe_fds[2];
  114. int child_pipe_fd;
  115. int err;
  116. int do_read = 0;
  117. int do_write = 0;
  118. int do_cloexec = 0;
  119. while (*mode != '\0')
  120. switch (*mode++)
  121. {
  122. case 'r':
  123. do_read = 1;
  124. break;
  125. case 'w':
  126. do_write = 1;
  127. break;
  128. case 'e':
  129. do_cloexec = 1;
  130. break;
  131. default:
  132. errout:
  133. __set_errno (EINVAL);
  134. return NULL;
  135. }
  136. if ((do_read ^ do_write) == 0)
  137. goto errout;
  138. if (_IO_file_is_open (fp))
  139. return NULL;
  140. /* Atomically set the O_CLOEXEC flag for the pipe end used by the
  141. child process (to avoid leaking the file descriptor in case of a
  142. concurrent fork). This is later reverted in the child process.
  143. When popen returns, the parent pipe end can be O_CLOEXEC or not,
  144. depending on the 'e' open mode, but there is only one flag which
  145. controls both descriptors. The parent end is adjusted below,
  146. after creating the child process. (In the child process, the
  147. parent end should be closed on execve, so O_CLOEXEC remains set
  148. there.) */
  149. if (__pipe2 (pipe_fds, O_CLOEXEC) < 0)
  150. return NULL;
  151. if (do_read)
  152. {
  153. parent_end = 0;
  154. child_end = 1;
  155. read_or_write = _IO_NO_WRITES;
  156. child_pipe_fd = 1;
  157. }
  158. else
  159. {
  160. parent_end = 1;
  161. child_end = 0;
  162. read_or_write = _IO_NO_READS;
  163. child_pipe_fd = 0;
  164. }
  165. posix_spawn_file_actions_t fa;
  166. /* posix_spawn_file_actions_init does not fail. */
  167. __posix_spawn_file_actions_init (&fa);
  168. /* The descriptor is already the one the child will use. In this case
  169. it must be moved to another one otherwise, there is no safe way to
  170. remove the close-on-exec flag in the child without creating a FD leak
  171. race in the parent. */
  172. if (pipe_fds[child_end] == child_pipe_fd)
  173. {
  174. int tmp = __fcntl (child_pipe_fd, F_DUPFD_CLOEXEC, 0);
  175. if (tmp < 0)
  176. goto spawn_failure;
  177. __close_nocancel (pipe_fds[child_end]);
  178. pipe_fds[child_end] = tmp;
  179. }
  180. err = __posix_spawn_file_actions_adddup2 (&fa, pipe_fds[child_end],
  181. child_pipe_fd);
  182. if (err != 0)
  183. goto spawn_failure;
  184. #ifdef _IO_MTSAFE_IO
  185. _IO_cleanup_region_start_noarg (unlock);
  186. _IO_lock_lock (proc_file_chain_lock);
  187. #endif
  188. err = spawn_process (&fa, fp, command, do_cloexec, pipe_fds, parent_end,
  189. child_end, child_pipe_fd);
  190. #ifdef _IO_MTSAFE_IO
  191. _IO_lock_unlock (proc_file_chain_lock);
  192. _IO_cleanup_region_end (0);
  193. #endif
  194. __posix_spawn_file_actions_destroy (&fa);
  195. if (err != 0)
  196. {
  197. __set_errno (err);
  198. spawn_failure:
  199. __close_nocancel (pipe_fds[child_end]);
  200. __close_nocancel (pipe_fds[parent_end]);
  201. return NULL;
  202. }
  203. _IO_mask_flags (fp, read_or_write, _IO_NO_READS|_IO_NO_WRITES);
  204. return fp;
  205. }
  206. FILE *
  207. _IO_new_popen (const char *command, const char *mode)
  208. {
  209. struct locked_FILE
  210. {
  211. struct _IO_proc_file fpx;
  212. #ifdef _IO_MTSAFE_IO
  213. _IO_lock_t lock;
  214. #endif
  215. } *new_f;
  216. FILE *fp;
  217. new_f = (struct locked_FILE *) malloc (sizeof (struct locked_FILE));
  218. if (new_f == NULL)
  219. return NULL;
  220. #ifdef _IO_MTSAFE_IO
  221. new_f->fpx.file.file._lock = &new_f->lock;
  222. #endif
  223. fp = &new_f->fpx.file.file;
  224. _IO_init_internal (fp, 0);
  225. _IO_JUMPS (&new_f->fpx.file) = &_IO_proc_jumps;
  226. _IO_new_file_init_internal (&new_f->fpx.file);
  227. if (_IO_new_proc_open (fp, command, mode) != NULL)
  228. return (FILE *) &new_f->fpx.file;
  229. _IO_un_link (&new_f->fpx.file);
  230. free (new_f);
  231. return NULL;
  232. }
  233. int
  234. _IO_new_proc_close (FILE *fp)
  235. {
  236. /* This is not name-space clean. FIXME! */
  237. int wstatus;
  238. _IO_proc_file **ptr = &proc_file_chain;
  239. pid_t wait_pid;
  240. int status = -1;
  241. /* Unlink from proc_file_chain. */
  242. #ifdef _IO_MTSAFE_IO
  243. _IO_cleanup_region_start_noarg (unlock);
  244. _IO_lock_lock (proc_file_chain_lock);
  245. #endif
  246. for ( ; *ptr != NULL; ptr = &(*ptr)->next)
  247. {
  248. if (*ptr == (_IO_proc_file *) fp)
  249. {
  250. *ptr = (*ptr)->next;
  251. status = 0;
  252. break;
  253. }
  254. }
  255. #ifdef _IO_MTSAFE_IO
  256. _IO_lock_unlock (proc_file_chain_lock);
  257. _IO_cleanup_region_end (0);
  258. #endif
  259. if (status < 0 || __close_nocancel (_IO_fileno(fp)) < 0)
  260. return -1;
  261. /* POSIX.2 Rationale: "Some historical implementations either block
  262. or ignore the signals SIGINT, SIGQUIT, and SIGHUP while waiting
  263. for the child process to terminate. Since this behavior is not
  264. described in POSIX.2, such implementations are not conforming." */
  265. do
  266. {
  267. int state;
  268. __pthread_setcancelstate (PTHREAD_CANCEL_DISABLE, &state);
  269. wait_pid = __waitpid (((_IO_proc_file *) fp)->pid, &wstatus, 0);
  270. __pthread_setcancelstate (state, NULL);
  271. }
  272. while (wait_pid == -1 && errno == EINTR);
  273. if (wait_pid == -1)
  274. return -1;
  275. return wstatus;
  276. }
  277. strong_alias (_IO_new_popen, __new_popen)
  278. versioned_symbol (libc, _IO_new_popen, _IO_popen, GLIBC_2_1);
  279. versioned_symbol (libc, __new_popen, popen, GLIBC_2_1);
  280. versioned_symbol (libc, _IO_new_proc_open, _IO_proc_open, GLIBC_2_1);
  281. versioned_symbol (libc, _IO_new_proc_close, _IO_proc_close, GLIBC_2_1);