2000-10-09 18:24:57 +02:00
/* gspawn.c - Process launching
*
* Copyright 2000 Red Hat , Inc .
* g_execvpe implementation based on GNU libc execvp :
* Copyright 1991 , 92 , 95 , 96 , 97 , 98 , 99 Free Software Foundation , Inc .
*
2016-12-27 19:14:03 +01:00
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation ; either
2017-01-05 12:47:07 +01:00
* version 2.1 of the License , or ( at your option ) any later version .
2000-10-09 18:24:57 +02:00
*
2016-12-27 19:14:03 +01:00
* This library is distributed in the hope that it will be useful ,
2000-10-09 18:24:57 +02:00
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
* Lesser General Public License for more details .
*
2016-12-27 19:14:03 +01:00
* You should have received a copy of the GNU Lesser General Public License
* along with this library ; if not , see < http : //www.gnu.org/licenses/>.
2000-10-09 18:24:57 +02:00
*/
2002-12-04 02:27:44 +01:00
# include "config.h"
2002-02-18 00:28:43 +01:00
2000-10-09 18:24:57 +02:00
# include <sys/time.h>
# include <sys/types.h>
# include <sys/wait.h>
# include <unistd.h>
# include <errno.h>
# include <fcntl.h>
# include <signal.h>
# include <string.h>
2006-12-15 06:33:32 +01:00
# include <stdlib.h> /* for fdwalk */
2007-10-16 07:28:10 +02:00
# include <dirent.h>
2018-09-24 08:36:35 +02:00
# ifdef HAVE_SPAWN_H
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
# include <spawn.h>
2018-09-24 08:36:35 +02:00
# endif /* HAVE_SPAWN_H */
2000-10-09 18:24:57 +02:00
2018-06-23 10:07:02 +02:00
# ifdef HAVE_CRT_EXTERNS_H
# include <crt_externs.h> /* for _NSGetEnviron */
# endif
2000-11-02 12:38:10 +01:00
# ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
# endif /* HAVE_SYS_SELECT_H */
2007-10-16 07:28:10 +02:00
# ifdef HAVE_SYS_RESOURCE_H
# include <sys/resource.h>
# endif /* HAVE_SYS_RESOURCE_H */
2019-09-15 06:53:38 +02:00
# if defined(__linux__) || defined(__DragonFly__)
2018-11-24 13:22:57 +01:00
# include <sys/syscall.h> /* for syscall and SYS_getdents64 */
# endif
2010-09-05 06:23:03 +02:00
# include "gspawn.h"
2018-06-12 17:00:13 +02:00
# include "gspawn-private.h"
2012-08-28 11:52:24 +02:00
# include "gthread.h"
2020-06-25 23:27:10 +02:00
# include "gtrace-private.h"
2013-01-25 18:05:26 +01:00
# include "glib/gstdio.h"
2010-09-05 06:23:03 +02:00
2011-10-16 02:06:32 +02:00
# include "genviron.h"
2010-09-05 06:23:03 +02:00
# include "gmem.h"
2010-09-06 12:43:04 +02:00
# include "gshell.h"
2010-09-05 06:23:03 +02:00
# include "gstring.h"
2010-09-06 12:43:04 +02:00
# include "gstrfuncs.h"
2010-09-05 06:23:03 +02:00
# include "gtestutils.h"
# include "gutils.h"
2001-01-16 03:24:24 +01:00
# include "glibintl.h"
2012-11-10 19:16:29 +01:00
# include "glib-unix.h"
2011-07-06 23:13:05 +02:00
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
/* posix_spawn() is assumed the fastest way to spawn, but glibc's
* implementation was buggy before glibc 2.24 , so avoid it on old versions .
*/
# ifdef HAVE_POSIX_SPAWN
# ifdef __GLIBC__
# if __GLIBC_PREREQ(2,24)
# define POSIX_SPAWN_AVAILABLE
# endif
# else /* !__GLIBC__ */
/* Assume that all non-glibc posix_spawn implementations are fine. */
# define POSIX_SPAWN_AVAILABLE
# endif /* __GLIBC__ */
# endif /* HAVE_POSIX_SPAWN */
2018-06-23 10:07:02 +02:00
# ifdef HAVE__NSGETENVIRON
# define environ (*_NSGetEnviron())
# else
extern char * * environ ;
# endif
2018-08-11 22:52:17 +02:00
# ifndef O_CLOEXEC
# define O_CLOEXEC 0
# else
# define HAVE_O_CLOEXEC 1
# endif
2011-07-06 23:13:05 +02:00
/**
* SECTION : spawn
* @ Short_description : process launching
* @ Title : Spawning Processes
2014-05-31 16:38:47 +02:00
*
* GLib supports spawning of processes with an API that is more
* convenient than the bare UNIX fork ( ) and exec ( ) .
*
* The g_spawn family of functions has synchronous ( g_spawn_sync ( ) )
* and asynchronous variants ( g_spawn_async ( ) , g_spawn_async_with_pipes ( ) ) ,
* as well as convenience variants that take a complete shell - like
* commandline ( g_spawn_command_line_sync ( ) , g_spawn_command_line_async ( ) ) .
*
* See # GSubprocess in GIO for a higher - level API that provides
* stream interfaces for communication with child processes .
2017-04-30 10:41:35 +02:00
*
* An example of using g_spawn_async_with_pipes ( ) :
* | [ < ! - - language = " C " - - >
* const gchar * const argv [ ] = { " my-favourite-program " , " --args " , NULL } ;
* gint child_stdout , child_stderr ;
* GPid child_pid ;
* g_autoptr ( GError ) error = NULL ;
*
* // Spawn child process.
* g_spawn_async_with_pipes ( NULL , argv , NULL , G_SPAWN_DO_NOT_REAP_CHILD , NULL ,
* NULL , & child_pid , NULL , & child_stdout ,
* & child_stderr , & error ) ;
* if ( error ! = NULL )
* {
* g_error ( " Spawning child failed: %s " , error - > message ) ;
* return ;
* }
*
* // Add a child watch function which will be called when the child process
* // exits.
* g_child_watch_add ( child_pid , child_watch_cb , NULL ) ;
*
* // You could watch for output on @child_stdout and @child_stderr using
* // #GUnixInputStream or #GIOChannel here.
*
* static void
* child_watch_cb ( GPid pid ,
* gint status ,
* gpointer user_data )
* {
* g_message ( " Child % " G_PID_FORMAT " exited %s " , pid ,
* g_spawn_check_exit_status ( status , NULL ) ? " normally " : " abnormally " ) ;
*
* // Free any resources associated with the child here, such as I/O channels
* // on its stdout and stderr FDs. If you have no code to put in the
* // child_watch_cb() callback, you can remove it and the g_child_watch_add()
* // call, but you must also remove the G_SPAWN_DO_NOT_REAP_CHILD flag,
* // otherwise the child process will stay around as a zombie until this
* // process exits.
*
* g_spawn_close_pid ( pid ) ;
* }
* ] |
2011-07-06 23:13:05 +02:00
*/
2020-06-22 14:09:56 +02:00
static gint safe_close ( gint fd ) ;
2011-07-06 23:13:05 +02:00
2000-10-09 18:24:57 +02:00
static gint g_execute ( const gchar * file ,
2020-06-22 14:59:48 +02:00
gchar * * argv ,
2020-06-22 15:33:12 +02:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2020-06-22 14:59:48 +02:00
gchar * * envp ,
2020-06-22 15:15:42 +02:00
const gchar * search_path ,
gchar * search_path_buffer ,
gsize search_path_buffer_len ) ;
2000-10-09 18:24:57 +02:00
2020-10-13 13:43:25 +02:00
static gboolean fork_exec ( gboolean intermediate_child ,
const gchar * working_directory ,
const gchar * const * argv ,
const gchar * const * envp ,
gboolean close_descriptors ,
gboolean search_path ,
gboolean search_path_from_envp ,
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
gboolean file_and_argv_zero ,
gboolean cloexec_pipes ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
GPid * child_pid ,
gint * stdin_pipe_out ,
gint * stdout_pipe_out ,
gint * stderr_pipe_out ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
2020-10-13 14:17:38 +02:00
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
2020-10-13 13:43:25 +02:00
GError * * error ) ;
2018-05-28 18:09:21 +02:00
2012-08-28 19:15:56 +02:00
G_DEFINE_QUARK ( g - exec - error - quark , g_spawn_error )
G_DEFINE_QUARK ( g - spawn - exit - error - quark , g_spawn_exit_error )
2012-07-10 17:27:22 +02:00
2000-10-09 18:24:57 +02:00
/**
* g_spawn_async :
2017-10-11 18:49:11 +02:00
* @ working_directory : ( type filename ) ( nullable ) : child ' s current working
* directory , or % NULL to inherit parent ' s
* @ argv : ( array zero - terminated = 1 ) ( element - type filename ) :
* child ' s argument vector
* @ envp : ( array zero - terminated = 1 ) ( element - type filename ) ( nullable ) :
* child ' s environment , or % NULL to inherit parent ' s
2000-10-09 18:24:57 +02:00
* @ flags : flags from # GSpawnFlags
2016-10-29 03:29:02 +02:00
* @ child_setup : ( scope async ) ( nullable ) : function to run in the child just before exec ( )
2011-04-03 18:53:04 +02:00
* @ user_data : ( closure ) : user data for @ child_setup
2016-10-29 03:29:02 +02:00
* @ child_pid : ( out ) ( optional ) : return location for child process reference , or % NULL
2000-10-09 18:24:57 +02:00
* @ error : return location for error
*
* See g_spawn_async_with_pipes ( ) for a full description ; this function
* simply calls the g_spawn_async_with_pipes ( ) without any pipes .
2008-06-11 08:57:22 +02:00
*
* You should call g_spawn_close_pid ( ) on the returned child process
* reference when you don ' t need it any more .
2000-10-09 18:24:57 +02:00
*
2017-08-03 15:40:29 +02:00
* If you are writing a GTK + application , and the program you are spawning is a
* graphical application too , then to ensure that the spawned program opens its
* windows on the right screen , you may want to use # GdkAppLaunchContext ,
2017-11-07 14:38:58 +01:00
* # GAppLaunchContext , or set the % DISPLAY environment variable .
2006-12-17 19:49:57 +01:00
*
2014-01-31 20:56:10 +01:00
* Note that the returned @ child_pid on Windows is a handle to the child
* process and not its identifier . Process handles and process identifiers
* are different concepts on Windows .
2008-06-11 08:57:22 +02:00
*
2014-02-20 01:35:23 +01:00
* Returns : % TRUE on success , % FALSE if error is set
2000-10-09 18:24:57 +02:00
* */
gboolean
g_spawn_async ( const gchar * working_directory ,
gchar * * argv ,
gchar * * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
2004-03-01 21:47:49 +01:00
GPid * child_pid ,
2000-10-09 18:24:57 +02:00
GError * * error )
{
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
return g_spawn_async_with_pipes ( working_directory ,
argv , envp ,
flags ,
child_setup ,
user_data ,
child_pid ,
NULL , NULL , NULL ,
error ) ;
}
/* Avoids a danger in threaded situations (calling close()
* on a file descriptor twice , and another thread has
* re - opened it since the first close )
2020-06-22 13:36:32 +02:00
*
* This function is called between fork ( ) and exec ( ) and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) .
2000-10-09 18:24:57 +02:00
*/
2013-01-25 18:05:26 +01:00
static void
2000-10-09 18:24:57 +02:00
close_and_invalidate ( gint * fd )
{
2002-05-20 21:36:58 +02:00
if ( * fd < 0 )
2013-01-25 18:05:26 +01:00
return ;
2002-05-20 21:36:58 +02:00
else
{
2020-06-22 14:09:56 +02:00
safe_close ( * fd ) ;
2002-05-20 21:36:58 +02:00
* fd = - 1 ;
}
2000-10-09 18:24:57 +02:00
}
2006-12-16 04:36:14 +01:00
/* Some versions of OS X define READ_OK in public headers */
2006-12-16 04:33:23 +01:00
# undef READ_OK
2000-10-09 18:24:57 +02:00
typedef enum
{
READ_FAILED = 0 , /* FALSE */
READ_OK ,
READ_EOF
} ReadResult ;
static ReadResult
read_data ( GString * str ,
gint fd ,
GError * * error )
{
2011-06-15 02:44:15 +02:00
gssize bytes ;
gchar buf [ 4096 ] ;
2000-10-09 18:24:57 +02:00
again :
2003-06-02 20:20:25 +02:00
bytes = read ( fd , buf , 4096 ) ;
2000-10-09 18:24:57 +02:00
if ( bytes = = 0 )
return READ_EOF ;
else if ( bytes > 0 )
{
g_string_append_len ( str , buf , bytes ) ;
return READ_OK ;
}
2011-06-15 02:44:15 +02:00
else if ( errno = = EINTR )
2000-10-09 18:24:57 +02:00
goto again ;
2011-06-15 02:44:15 +02:00
else
2000-10-09 18:24:57 +02:00
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2000-10-09 18:24:57 +02:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_READ ,
_ ( " Failed to read data from child process (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2011-06-15 02:44:15 +02:00
2000-10-09 18:24:57 +02:00
return READ_FAILED ;
}
}
/**
* g_spawn_sync :
2017-10-11 18:49:11 +02:00
* @ working_directory : ( type filename ) ( nullable ) : child ' s current working
* directory , or % NULL to inherit parent ' s
* @ argv : ( array zero - terminated = 1 ) ( element - type filename ) :
* child ' s argument vector
* @ envp : ( array zero - terminated = 1 ) ( element - type filename ) ( nullable ) :
* child ' s environment , or % NULL to inherit parent ' s
2011-04-03 18:53:04 +02:00
* @ flags : flags from # GSpawnFlags
2016-10-29 03:29:02 +02:00
* @ child_setup : ( scope async ) ( nullable ) : function to run in the child just before exec ( )
2011-04-03 18:53:04 +02:00
* @ user_data : ( closure ) : user data for @ child_setup
2016-10-29 03:29:02 +02:00
* @ standard_output : ( out ) ( array zero - terminated = 1 ) ( element - type guint8 ) ( optional ) : return location for child output , or % NULL
* @ standard_error : ( out ) ( array zero - terminated = 1 ) ( element - type guint8 ) ( optional ) : return location for child error messages , or % NULL
* @ exit_status : ( out ) ( optional ) : return location for child exit status , as returned by waitpid ( ) , or % NULL
2007-11-09 17:45:42 +01:00
* @ error : return location for error , or % NULL
2000-10-09 18:24:57 +02:00
*
* Executes a child synchronously ( waits for the child to exit before returning ) .
* All output from the child is stored in @ standard_output and @ standard_error ,
2007-11-09 17:45:42 +01:00
* if those parameters are non - % NULL . Note that you must set the
* % G_SPAWN_STDOUT_TO_DEV_NULL and % G_SPAWN_STDERR_TO_DEV_NULL flags when
* passing % NULL for @ standard_output and @ standard_error .
2012-07-10 17:27:22 +02:00
*
* If @ exit_status is non - % NULL , the platform - specific exit status of
2013-06-21 20:07:58 +02:00
* the child is stored there ; see the documentation of
2012-07-10 17:27:22 +02:00
* g_spawn_check_exit_status ( ) for how to use and interpret this .
* Note that it is invalid to pass % G_SPAWN_DO_NOT_REAP_CHILD in
2017-10-11 14:55:41 +02:00
* @ flags , and on POSIX platforms , the same restrictions as for
* g_child_watch_source_new ( ) apply .
2012-07-10 17:27:22 +02:00
*
* If an error occurs , no data is returned in @ standard_output ,
* @ standard_error , or @ exit_status .
2007-11-09 17:45:42 +01:00
*
2005-08-26 01:28:24 +02:00
* This function calls g_spawn_async_with_pipes ( ) internally ; see that
* function for full details on the other parameters and details on
* how these functions work on Windows .
2000-10-09 18:24:57 +02:00
*
2014-02-20 01:35:23 +01:00
* Returns : % TRUE on success , % FALSE if an error was set
2014-01-31 20:56:10 +01:00
*/
2000-10-09 18:24:57 +02:00
gboolean
g_spawn_sync ( const gchar * working_directory ,
gchar * * argv ,
gchar * * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
gchar * * standard_output ,
gchar * * standard_error ,
gint * exit_status ,
GError * * error )
{
gint outpipe = - 1 ;
gint errpipe = - 1 ;
2004-03-01 21:47:49 +01:00
GPid pid ;
2000-10-09 18:24:57 +02:00
gint ret ;
GString * outstr = NULL ;
GString * errstr = NULL ;
gboolean failed ;
gint status ;
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
g_return_val_if_fail ( ! ( flags & G_SPAWN_DO_NOT_REAP_CHILD ) , FALSE ) ;
g_return_val_if_fail ( standard_output = = NULL | |
! ( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) , FALSE ) ;
g_return_val_if_fail ( standard_error = = NULL | |
! ( flags & G_SPAWN_STDERR_TO_DEV_NULL ) , FALSE ) ;
/* Just to ensure segfaults if callers try to use
* these when an error is reported .
*/
if ( standard_output )
* standard_output = NULL ;
if ( standard_error )
* standard_error = NULL ;
2020-10-13 13:43:25 +02:00
if ( ! fork_exec ( FALSE ,
working_directory ,
( const gchar * const * ) argv ,
( const gchar * const * ) envp ,
! ( flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN ) ,
( flags & G_SPAWN_SEARCH_PATH ) ! = 0 ,
( flags & G_SPAWN_SEARCH_PATH_FROM_ENVP ) ! = 0 ,
( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_STDERR_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_CHILD_INHERITS_STDIN ) ! = 0 ,
( flags & G_SPAWN_FILE_AND_ARGV_ZERO ) ! = 0 ,
( flags & G_SPAWN_CLOEXEC_PIPES ) ! = 0 ,
child_setup ,
user_data ,
& pid ,
NULL ,
standard_output ? & outpipe : NULL ,
standard_error ? & errpipe : NULL ,
- 1 , - 1 , - 1 ,
2020-10-13 14:17:38 +02:00
NULL , NULL , 0 ,
2020-10-13 13:43:25 +02:00
error ) )
2000-10-09 18:24:57 +02:00
return FALSE ;
/* Read data from child. */
failed = FALSE ;
if ( outpipe > = 0 )
{
2003-03-31 00:02:20 +02:00
outstr = g_string_new ( NULL ) ;
2000-10-09 18:24:57 +02:00
}
if ( errpipe > = 0 )
{
2003-03-31 00:02:20 +02:00
errstr = g_string_new ( NULL ) ;
2000-10-09 18:24:57 +02:00
}
/* Read data until we get EOF on both pipes. */
while ( ! failed & &
( outpipe > = 0 | |
errpipe > = 0 ) )
{
2019-10-25 17:36:45 +02:00
/* Any negative FD in the array is ignored, so we can use a fixed length.
* We can use UNIX FDs here without worrying about Windows HANDLEs because
* the Windows implementation is entirely in gspawn - win32 . c . */
GPollFD fds [ ] =
{
{ outpipe , G_IO_IN | G_IO_HUP | G_IO_ERR , 0 } ,
{ errpipe , G_IO_IN | G_IO_HUP | G_IO_ERR , 0 } ,
} ;
ret = g_poll ( fds , G_N_ELEMENTS ( fds ) , - 1 /* no timeout */ ) ;
2000-10-09 18:24:57 +02:00
2011-06-10 16:14:25 +02:00
if ( ret < 0 )
2000-10-09 18:24:57 +02:00
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2011-06-10 16:14:25 +02:00
if ( errno = = EINTR )
continue ;
2000-10-09 18:24:57 +02:00
failed = TRUE ;
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_READ ,
2019-10-25 17:36:45 +02:00
_ ( " Unexpected error in reading data from a child process (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 18:24:57 +02:00
break ;
}
2019-10-25 17:36:45 +02:00
if ( outpipe > = 0 & & fds [ 0 ] . revents ! = 0 )
2000-10-09 18:24:57 +02:00
{
switch ( read_data ( outstr , outpipe , error ) )
{
case READ_FAILED :
failed = TRUE ;
break ;
case READ_EOF :
close_and_invalidate ( & outpipe ) ;
outpipe = - 1 ;
break ;
default :
break ;
}
if ( failed )
break ;
}
2019-10-25 17:36:45 +02:00
if ( errpipe > = 0 & & fds [ 1 ] . revents ! = 0 )
2000-10-09 18:24:57 +02:00
{
switch ( read_data ( errstr , errpipe , error ) )
{
case READ_FAILED :
failed = TRUE ;
break ;
case READ_EOF :
close_and_invalidate ( & errpipe ) ;
errpipe = - 1 ;
break ;
default :
break ;
}
if ( failed )
break ;
}
}
/* These should only be open still if we had an error. */
if ( outpipe > = 0 )
close_and_invalidate ( & outpipe ) ;
if ( errpipe > = 0 )
close_and_invalidate ( & errpipe ) ;
2013-04-23 19:26:48 +02:00
/* Wait for child to exit, even if we have
* an error pending .
2012-10-29 20:44:16 +01:00
*/
2013-04-23 19:26:48 +02:00
again :
ret = waitpid ( pid , & status , 0 ) ;
if ( ret < 0 )
{
if ( errno = = EINTR )
goto again ;
else if ( errno = = ECHILD )
{
if ( exit_status )
{
2017-10-11 14:55:41 +02:00
g_warning ( " In call to g_spawn_sync(), exit status of a child process was requested but ECHILD was received by waitpid(). See the documentation of g_child_watch_source_new() for possible causes. " ) ;
2013-04-23 19:26:48 +02:00
}
else
{
/* We don't need the exit status. */
}
}
else
{
if ( ! failed ) /* avoid error pileups */
{
int errsv = errno ;
failed = TRUE ;
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_READ ,
_ ( " Unexpected error in waitpid() (%s) " ) ,
g_strerror ( errsv ) ) ;
}
}
}
2000-10-09 18:24:57 +02:00
if ( failed )
{
if ( outstr )
g_string_free ( outstr , TRUE ) ;
if ( errstr )
g_string_free ( errstr , TRUE ) ;
return FALSE ;
}
else
{
if ( exit_status )
* exit_status = status ;
if ( standard_output )
* standard_output = g_string_free ( outstr , FALSE ) ;
if ( standard_error )
* standard_error = g_string_free ( errstr , FALSE ) ;
return TRUE ;
}
}
/**
* g_spawn_async_with_pipes :
2017-10-11 18:49:11 +02:00
* @ working_directory : ( type filename ) ( nullable ) : child ' s current working
* directory , or % NULL to inherit parent ' s , in the GLib file name encoding
* @ argv : ( array zero - terminated = 1 ) ( element - type filename ) : child ' s argument
* vector , in the GLib file name encoding
* @ envp : ( array zero - terminated = 1 ) ( element - type filename ) ( nullable ) :
* child ' s environment , or % NULL to inherit parent ' s , in the GLib file
* name encoding
2000-10-09 18:24:57 +02:00
* @ flags : flags from # GSpawnFlags
2016-10-29 03:29:02 +02:00
* @ child_setup : ( scope async ) ( nullable ) : function to run in the child just before exec ( )
2011-04-03 18:53:04 +02:00
* @ user_data : ( closure ) : user data for @ child_setup
2016-10-29 03:29:02 +02:00
* @ child_pid : ( out ) ( optional ) : return location for child process ID , or % NULL
* @ standard_input : ( out ) ( optional ) : return location for file descriptor to write to child ' s stdin , or % NULL
* @ standard_output : ( out ) ( optional ) : return location for file descriptor to read child ' s stdout , or % NULL
* @ standard_error : ( out ) ( optional ) : return location for file descriptor to read child ' s stderr , or % NULL
2000-10-09 18:24:57 +02:00
* @ error : return location for error
*
2020-10-13 14:39:36 +02:00
* Identical to g_spawn_async_with_pipes_and_fds ( ) but with ` n_fds ` set to zero ,
* so no FD assignments are used .
*
* Returns : % TRUE on success , % FALSE if an error was set
*/
gboolean
g_spawn_async_with_pipes ( const gchar * working_directory ,
gchar * * argv ,
gchar * * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
GPid * child_pid ,
gint * standard_input ,
gint * standard_output ,
gint * standard_error ,
GError * * error )
{
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
g_return_val_if_fail ( standard_output = = NULL | |
! ( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) , FALSE ) ;
g_return_val_if_fail ( standard_error = = NULL | |
! ( flags & G_SPAWN_STDERR_TO_DEV_NULL ) , FALSE ) ;
/* can't inherit stdin if we have an input pipe. */
g_return_val_if_fail ( standard_input = = NULL | |
! ( flags & G_SPAWN_CHILD_INHERITS_STDIN ) , FALSE ) ;
return fork_exec ( ! ( flags & G_SPAWN_DO_NOT_REAP_CHILD ) ,
working_directory ,
( const gchar * const * ) argv ,
( const gchar * const * ) envp ,
! ( flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN ) ,
( flags & G_SPAWN_SEARCH_PATH ) ! = 0 ,
( flags & G_SPAWN_SEARCH_PATH_FROM_ENVP ) ! = 0 ,
( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_STDERR_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_CHILD_INHERITS_STDIN ) ! = 0 ,
( flags & G_SPAWN_FILE_AND_ARGV_ZERO ) ! = 0 ,
( flags & G_SPAWN_CLOEXEC_PIPES ) ! = 0 ,
child_setup ,
user_data ,
child_pid ,
standard_input ,
standard_output ,
standard_error ,
- 1 , - 1 , - 1 ,
NULL , NULL , 0 ,
error ) ;
}
/**
* g_spawn_async_with_pipes_and_fds :
* @ working_directory : ( type filename ) ( nullable ) : child ' s current working
* directory , or % NULL to inherit parent ' s , in the GLib file name encoding
* @ argv : ( array zero - terminated = 1 ) ( element - type filename ) : child ' s argument
* vector , in the GLib file name encoding
* @ envp : ( array zero - terminated = 1 ) ( element - type filename ) ( nullable ) :
* child ' s environment , or % NULL to inherit parent ' s , in the GLib file
* name encoding
* @ flags : flags from # GSpawnFlags
* @ child_setup : ( scope async ) ( nullable ) : function to run in the child just before ` exec ( ) `
* @ user_data : ( closure ) : user data for @ child_setup
* @ stdin_fd : file descriptor to use for child ' s stdin , or ` - 1 `
* @ stdout_fd : file descriptor to use for child ' s stdout , or ` - 1 `
* @ stderr_fd : file descriptor to use for child ' s stderr , or ` - 1 `
* @ source_fds : ( array length = n_fds ) ( nullable ) : array of FDs from the parent
* process to make available in the child process
* @ target_fds : ( array length = n_fds ) ( nullable ) : array of FDs to remap
* @ source_fds to in the child process
* @ n_fds : number of FDs in @ source_fds and @ target_fds
* @ child_pid_out : ( out ) ( optional ) : return location for child process ID , or % NULL
* @ stdin_pipe_out : ( out ) ( optional ) : return location for file descriptor to write to child ' s stdin , or % NULL
* @ stdout_pipe_out : ( out ) ( optional ) : return location for file descriptor to read child ' s stdout , or % NULL
* @ stderr_pipe_out : ( out ) ( optional ) : return location for file descriptor to read child ' s stderr , or % NULL
* @ error : return location for error
*
2000-10-09 18:24:57 +02:00
* Executes a child program asynchronously ( your program will not
* block waiting for the child to exit ) . The child program is
2014-02-06 01:32:41 +01:00
* specified by the only argument that must be provided , @ argv .
* @ argv should be a % NULL - terminated array of strings , to be passed
* as the argument vector for the child . The first string in @ argv
* is of course the name of the program to execute . By default , the
* name of the program must be a full path . If @ flags contains the
* % G_SPAWN_SEARCH_PATH flag , the ` PATH ` environment variable is
* used to search for the executable . If @ flags contains the
2020-12-04 19:19:59 +01:00
* % G_SPAWN_SEARCH_PATH_FROM_ENVP flag , the ` PATH ` variable from
2014-02-06 01:32:41 +01:00
* @ envp is used to search for the executable . If both the
* % G_SPAWN_SEARCH_PATH and % G_SPAWN_SEARCH_PATH_FROM_ENVP flags
* are set , the ` PATH ` variable from @ envp takes precedence over
* the environment variable .
2012-05-20 00:01:35 +02:00
*
2011-08-17 08:57:15 +02:00
* If the program name is not a full path and % G_SPAWN_SEARCH_PATH flag is not
* used , then the program will be run from the current directory ( or
2011-12-14 05:00:16 +01:00
* @ working_directory , if specified ) ; this might be unexpected or even
2011-08-17 08:57:15 +02:00
* dangerous in some cases when the current directory is world - writable .
2000-10-09 18:24:57 +02:00
*
2005-08-26 01:28:24 +02:00
* On Windows , note that all the string or string vector arguments to
* this function and the other g_spawn * ( ) functions are in UTF - 8 , the
* GLib file name encoding . Unicode characters that are not part of
2007-11-07 17:44:21 +01:00
* the system codepage passed in these arguments will be correctly
2005-08-26 01:28:24 +02:00
* available in the spawned program only if it uses wide character API
* to retrieve its command line . For C programs built with Microsoft ' s
* tools it is enough to make the program have a wmain ( ) instead of
* main ( ) . wmain ( ) has a wide character argument vector as parameter .
*
* At least currently , mingw doesn ' t support wmain ( ) , so if you use
2014-12-21 00:39:00 +01:00
* mingw to develop the spawned program , it should call
* g_win32_get_command_line ( ) to get arguments in UTF - 8.
2005-08-26 01:28:24 +02:00
*
2014-01-31 20:56:10 +01:00
* On Windows the low - level child process creation API CreateProcess ( )
* doesn ' t use argument vectors , but a command line . The C runtime
* library ' s spawn * ( ) family of functions ( which g_spawn_async_with_pipes ( )
* eventually calls ) paste the argument vector elements together into
* a command line , and the C runtime startup code does a corresponding
* reconstruction of an argument vector from the command line , to be
* passed to main ( ) . Complications arise when you have argument vector
2019-02-07 11:33:24 +01:00
* elements that contain spaces or double quotes . The ` spawn * ( ) ` functions
2014-01-31 20:56:10 +01:00
* don ' t do any quoting or escaping , but on the other hand the startup
* code does do unquoting and unescaping in order to enable receiving
* arguments with embedded spaces or double quotes . To work around this
* asymmetry , g_spawn_async_with_pipes ( ) will do quoting and escaping on
* argument vector elements that need it before calling the C runtime
2003-07-25 23:32:47 +02:00
* spawn ( ) function .
2003-02-05 00:37:04 +01:00
*
2008-06-11 08:57:22 +02:00
* The returned @ child_pid on Windows is a handle to the child
* process , not its identifier . Process handles and process
* identifiers are different concepts on Windows .
*
2001-10-01 19:35:18 +02:00
* @ envp is a % NULL - terminated array of strings , where each string
2014-02-06 14:04:52 +01:00
* has the form ` KEY = VALUE ` . This will become the child ' s environment .
* If @ envp is % NULL , the child inherits its parent ' s environment .
2000-10-09 18:24:57 +02:00
*
* @ flags should be the bitwise OR of any flags you want to affect the
2011-09-05 16:29:09 +02:00
* function ' s behaviour . The % G_SPAWN_DO_NOT_REAP_CHILD means that the
2017-04-30 10:41:35 +02:00
* child will not automatically be reaped ; you must use a child watch
* ( g_child_watch_add ( ) ) to be notified about the death of the child process ,
* otherwise it will stay around as a zombie process until this process exits .
* Eventually you must call g_spawn_close_pid ( ) on the @ child_pid , in order to
* free resources which may be associated with the child process . ( On Unix ,
2011-09-05 16:29:09 +02:00
* using a child watch is equivalent to calling waitpid ( ) or handling
2020-12-04 19:19:59 +01:00
* the ` SIGCHLD ` signal manually . On Windows , calling g_spawn_close_pid ( )
2011-09-05 16:29:09 +02:00
* is equivalent to calling CloseHandle ( ) on the process handle returned
2014-01-31 20:56:10 +01:00
* in @ child_pid ) . See g_child_watch_add ( ) .
2002-11-18 10:58:39 +01:00
*
2018-06-13 21:41:53 +02:00
* Open UNIX file descriptors marked as ` FD_CLOEXEC ` will be automatically
* closed in the child process . % G_SPAWN_LEAVE_DESCRIPTORS_OPEN means that
* other open file descriptors will be inherited by the child ; otherwise all
* descriptors except stdin / stdout / stderr will be closed before calling exec ( )
* in the child . % G_SPAWN_SEARCH_PATH means that @ argv [ 0 ] need not be an
2014-02-06 01:32:41 +01:00
* absolute path , it will be looked for in the ` PATH ` environment
* variable . % G_SPAWN_SEARCH_PATH_FROM_ENVP means need not be an
* absolute path , it will be looked for in the ` PATH ` variable from
2014-01-31 20:56:10 +01:00
* @ envp . If both % G_SPAWN_SEARCH_PATH and % G_SPAWN_SEARCH_PATH_FROM_ENVP
* are used , the value from @ envp takes precedence over the environment .
2020-12-04 19:19:59 +01:00
*
2014-02-06 01:32:41 +01:00
* % G_SPAWN_STDOUT_TO_DEV_NULL means that the child ' s standard output
2020-10-13 14:39:36 +02:00
* will be discarded , instead of going to the same location as the parent ' s
* standard output . If you use this flag , @ stdout_pipe_out must be % NULL .
*
2000-10-09 18:24:57 +02:00
* % G_SPAWN_STDERR_TO_DEV_NULL means that the child ' s standard error
2002-10-12 12:36:45 +02:00
* will be discarded , instead of going to the same location as the parent ' s
2020-10-13 14:39:36 +02:00
* standard error . If you use this flag , @ stderr_pipe_out must be % NULL .
*
2002-10-12 12:36:45 +02:00
* % G_SPAWN_CHILD_INHERITS_STDIN means that the child will inherit the parent ' s
* standard input ( by default , the child ' s standard input is attached to
2020-10-13 14:39:36 +02:00
* ` / dev / null ` ) . If you use this flag , @ stdin_pipe_out must be % NULL .
*
* It is valid to pass the same FD in multiple parameters ( e . g . you can pass
* a single FD for both @ stdout_fd and @ stderr_fd , and include it in
* @ source_fds too ) .
*
* @ source_fds and @ target_fds allow zero or more FDs from this process to be
* remapped to different FDs in the spawned process . If @ n_fds is greater than
* zero , @ source_fds and @ target_fds must both be non - % NULL and the same length .
* Each FD in @ source_fds is remapped to the FD number at the same index in
* @ target_fds . The source and target FD may be equal to simply propagate an FD
* to the spawned process . FD remappings are processed after standard FDs , so
* any target FDs which equal @ stdin_fd , @ stdout_fd or @ stderr_fd will overwrite
* them in the spawned process .
*
2001-06-08 21:41:51 +02:00
* % G_SPAWN_FILE_AND_ARGV_ZERO means that the first element of @ argv is
2014-01-31 20:56:10 +01:00
* the file to execute , while the remaining elements are the actual
* argument vector to pass to the file . Normally g_spawn_async_with_pipes ( )
* uses @ argv [ 0 ] as the file to execute , and passes all of @ argv to the child .
2000-10-09 18:24:57 +02:00
*
Ignore the G_SPAWN_DO_NOT_REAP_CHILD flag, can't be meaninfully
2002-11-17 Tor Lillqvist <tml@iki.fi>
* glib/gspawn-win32.c (g_spawn_async_with_pipes): Ignore the
G_SPAWN_DO_NOT_REAP_CHILD flag, can't be meaninfully implemented
on Windows, at least not now. Always pass dont_wait as TRUE to
do_spawn_with_pipes(). The semantics of the dont_wait parameter is
very different from the semantics of the intermediate_child
parameter to fork_exec_with_pipes() in the Unix version. This
fixes a serious bug, g_spawn_async() in fact behaved
synchronously.
(do_spawn_with_pipes, do_spawn): Rename from
fork_exec_with_pipes() and do_exec(), those names were from the
Unix bersion, and misleading.
(close_and_invalidate): Don't try to close invalid fds.
* glib/gspawn.c (g_spawn_async_with_pipes): Add warning about
Windows behaviour. There is no fork(), so the child_setup()
function is in fact called in the parent.
* glib/gspawn-win32-helper.c (WinMain): Insert spaces in argv
debugging output.
* tests/spawn-test-win32-gui.c: New file. Test program to be
linked as a GUI application. Behaves differently depending on how
invoked (by spawn-test).
* tests/spawn-test.c (run_tests): On Win32, run the
spawn-test-win32-gui program, too, in several ways, synchronously
and asynchronously.
* tests/Makefile.am: Corresponding change.
2002-11-17 04:52:55 +01:00
* @ child_setup and @ user_data are a function and user data . On POSIX
* platforms , the function is called in the child after GLib has
* performed all the setup it plans to perform ( including creating
2014-01-31 20:56:10 +01:00
* pipes , closing file descriptors , etc . ) but before calling exec ( ) .
* That is , @ child_setup is called just before calling exec ( ) in the
* child . Obviously actions taken in this function will only affect
* the child , not the parent .
*
* On Windows , there is no separate fork ( ) and exec ( ) functionality .
* Child processes are created and run with a single API call ,
* CreateProcess ( ) . There is no sensible thing @ child_setup
2008-09-25 10:05:41 +02:00
* could be used for on Windows so it is ignored and not called .
2000-10-09 18:24:57 +02:00
*
2002-11-18 10:58:39 +01:00
* If non - % NULL , @ child_pid will on Unix be filled with the child ' s
2014-01-31 20:56:10 +01:00
* process ID . You can use the process ID to send signals to the child ,
* or to use g_child_watch_add ( ) ( or waitpid ( ) ) if you specified the
2002-11-18 10:58:39 +01:00
* % G_SPAWN_DO_NOT_REAP_CHILD flag . On Windows , @ child_pid will be
* filled with a handle to the child process only if you specified the
* % G_SPAWN_DO_NOT_REAP_CHILD flag . You can then access the child
* process using the Win32 API , for example wait for its termination
2014-01-31 20:56:10 +01:00
* with the WaitFor * ( ) functions , or examine its exit code with
* GetExitCodeProcess ( ) . You should close the handle with CloseHandle ( )
* or g_spawn_close_pid ( ) when you no longer need it .
2000-10-09 18:24:57 +02:00
*
2020-10-13 14:39:36 +02:00
* If non - % NULL , the @ stdin_pipe_out , @ stdout_pipe_out , @ stderr_pipe_out
2000-10-09 18:24:57 +02:00
* locations will be filled with file descriptors for writing to the child ' s
* standard input or reading from its standard output or standard error .
* The caller of g_spawn_async_with_pipes ( ) must close these file descriptors
2014-01-31 20:56:10 +01:00
* when they are no longer in use . If these parameters are % NULL , the
* corresponding pipe won ' t be created .
2002-10-12 12:36:45 +02:00
*
2020-10-13 14:39:36 +02:00
* If @ stdin_pipe_out is % NULL , the child ' s standard input is attached to
2018-02-08 17:39:32 +01:00
* ` / dev / null ` unless % G_SPAWN_CHILD_INHERITS_STDIN is set .
2002-10-12 12:36:45 +02:00
*
2020-10-13 14:39:36 +02:00
* If @ stderr_pipe_out is NULL , the child ' s standard error goes to the same
* location as the parent ' s standard error unless % G_SPAWN_STDERR_TO_DEV_NULL
2006-12-17 19:49:57 +01:00
* is set .
2002-10-12 12:36:45 +02:00
*
2020-10-13 14:39:36 +02:00
* If @ stdout_pipe_out is NULL , the child ' s standard output goes to the same
* location as the parent ' s standard output unless % G_SPAWN_STDOUT_TO_DEV_NULL
2006-12-17 19:49:57 +01:00
* is set .
2000-10-09 18:24:57 +02:00
*
2001-12-16 20:31:36 +01:00
* @ error can be % NULL to ignore errors , or non - % NULL to report errors .
2014-01-31 20:56:10 +01:00
* If an error is set , the function returns % FALSE . Errors are reported
* even if they occur in the child ( for example if the executable in
2014-02-06 14:04:52 +01:00
* @ argv [ 0 ] is not found ) . Typically the ` message ` field of returned
* errors should be displayed to users . Possible errors are those from
* the # G_SPAWN_ERROR domain .
2000-10-09 18:24:57 +02:00
*
2020-10-13 14:39:36 +02:00
* If an error occurs , @ child_pid , @ stdin_pipe_out , @ stdout_pipe_out ,
* and @ stderr_pipe_out will not be filled with valid values .
2004-03-01 21:47:49 +01:00
*
* If @ child_pid is not % NULL and an error does not occur then the returned
2008-06-11 08:57:22 +02:00
* process reference must be closed using g_spawn_close_pid ( ) .
2006-12-17 19:49:57 +01:00
*
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
* On modern UNIX platforms , GLib can use an efficient process launching
* codepath driven internally by posix_spawn ( ) . This has the advantage of
* avoiding the fork - time performance costs of cloning the parent process
* address space , and avoiding associated memory overcommit checks that are
* not relevant in the context of immediately executing a distinct process .
* This optimized codepath will be used provided that the following conditions
* are met :
*
* 1. % G_SPAWN_DO_NOT_REAP_CHILD is set
* 2. % G_SPAWN_LEAVE_DESCRIPTORS_OPEN is set
* 3. % G_SPAWN_SEARCH_PATH_FROM_ENVP is not set
* 4. @ working_directory is % NULL
* 5. @ child_setup is % NULL
* 6. The program is of a recognised binary format , or has a shebang . Otherwise , GLib will have to execute the program through the shell , which is not done using the optimized codepath .
*
2017-08-03 15:40:29 +02:00
* If you are writing a GTK + application , and the program you are spawning is a
* graphical application too , then to ensure that the spawned program opens its
* windows on the right screen , you may want to use # GdkAppLaunchContext ,
2020-12-04 19:19:59 +01:00
* # GAppLaunchContext , or set the ` DISPLAY ` environment variable .
*
2014-02-20 01:35:23 +01:00
* Returns : % TRUE on success , % FALSE if an error was set
2020-10-13 14:39:36 +02:00
*
* Since : 2.68
2014-01-31 20:56:10 +01:00
*/
2000-10-09 18:24:57 +02:00
gboolean
2020-10-13 14:39:36 +02:00
g_spawn_async_with_pipes_and_fds ( const gchar * working_directory ,
const gchar * const * argv ,
const gchar * const * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
GPid * child_pid_out ,
gint * stdin_pipe_out ,
gint * stdout_pipe_out ,
gint * stderr_pipe_out ,
GError * * error )
2000-10-09 18:24:57 +02:00
{
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
2020-10-13 14:39:36 +02:00
g_return_val_if_fail ( stdout_pipe_out = = NULL | |
2000-10-09 18:24:57 +02:00
! ( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) , FALSE ) ;
2020-10-13 14:39:36 +02:00
g_return_val_if_fail ( stderr_pipe_out = = NULL | |
2000-10-09 18:24:57 +02:00
! ( flags & G_SPAWN_STDERR_TO_DEV_NULL ) , FALSE ) ;
/* can't inherit stdin if we have an input pipe. */
2020-10-13 14:39:36 +02:00
g_return_val_if_fail ( stdin_pipe_out = = NULL | |
2000-10-09 18:24:57 +02:00
! ( flags & G_SPAWN_CHILD_INHERITS_STDIN ) , FALSE ) ;
2020-10-13 14:39:36 +02:00
/* can’ t use pipes and stdin/stdout/stderr FDs */
g_return_val_if_fail ( stdin_pipe_out = = NULL | | stdin_fd < 0 , FALSE ) ;
g_return_val_if_fail ( stdout_pipe_out = = NULL | | stdout_fd < 0 , FALSE ) ;
g_return_val_if_fail ( stderr_pipe_out = = NULL | | stderr_fd < 0 , FALSE ) ;
2020-10-13 13:43:25 +02:00
return fork_exec ( ! ( flags & G_SPAWN_DO_NOT_REAP_CHILD ) ,
working_directory ,
( const gchar * const * ) argv ,
( const gchar * const * ) envp ,
! ( flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN ) ,
( flags & G_SPAWN_SEARCH_PATH ) ! = 0 ,
( flags & G_SPAWN_SEARCH_PATH_FROM_ENVP ) ! = 0 ,
( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_STDERR_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_CHILD_INHERITS_STDIN ) ! = 0 ,
( flags & G_SPAWN_FILE_AND_ARGV_ZERO ) ! = 0 ,
( flags & G_SPAWN_CLOEXEC_PIPES ) ! = 0 ,
child_setup ,
user_data ,
2020-10-13 14:39:36 +02:00
child_pid_out ,
stdin_pipe_out ,
stdout_pipe_out ,
stderr_pipe_out ,
stdin_fd ,
stdout_fd ,
stderr_fd ,
source_fds ,
target_fds ,
n_fds ,
2020-10-13 13:43:25 +02:00
error ) ;
2000-10-09 18:24:57 +02:00
}
2018-05-28 18:09:21 +02:00
/**
* g_spawn_async_with_fds :
* @ working_directory : ( type filename ) ( nullable ) : child ' s current working directory , or % NULL to inherit parent ' s , in the GLib file name encoding
* @ argv : ( array zero - terminated = 1 ) : child ' s argument vector , in the GLib file name encoding
* @ envp : ( array zero - terminated = 1 ) ( nullable ) : child ' s environment , or % NULL to inherit parent ' s , in the GLib file name encoding
* @ flags : flags from # GSpawnFlags
* @ child_setup : ( scope async ) ( nullable ) : function to run in the child just before exec ( )
* @ user_data : ( closure ) : user data for @ child_setup
* @ child_pid : ( out ) ( optional ) : return location for child process ID , or % NULL
2020-12-04 19:19:59 +01:00
* @ stdin_fd : file descriptor to use for child ' s stdin , or ` - 1 `
* @ stdout_fd : file descriptor to use for child ' s stdout , or ` - 1 `
* @ stderr_fd : file descriptor to use for child ' s stderr , or ` - 1 `
2018-05-28 18:09:21 +02:00
* @ error : return location for error
*
2020-10-13 14:39:36 +02:00
* Identical to g_spawn_async_with_pipes_and_fds ( ) but with ` n_fds ` set to zero ,
* so no FD assignments are used .
2018-05-28 18:09:21 +02:00
*
* Returns : % TRUE on success , % FALSE if an error was set
*
* Since : 2.58
*/
gboolean
g_spawn_async_with_fds ( const gchar * working_directory ,
gchar * * argv ,
gchar * * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
GPid * child_pid ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
GError * * error )
{
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
2018-06-29 18:38:53 +02:00
g_return_val_if_fail ( stdout_fd < 0 | |
2018-05-28 18:09:21 +02:00
! ( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) , FALSE ) ;
2018-06-29 18:38:53 +02:00
g_return_val_if_fail ( stderr_fd < 0 | |
2018-05-28 18:09:21 +02:00
! ( flags & G_SPAWN_STDERR_TO_DEV_NULL ) , FALSE ) ;
/* can't inherit stdin if we have an input pipe. */
2018-06-29 18:38:53 +02:00
g_return_val_if_fail ( stdin_fd < 0 | |
2018-05-28 18:09:21 +02:00
! ( flags & G_SPAWN_CHILD_INHERITS_STDIN ) , FALSE ) ;
2020-10-13 13:43:25 +02:00
return fork_exec ( ! ( flags & G_SPAWN_DO_NOT_REAP_CHILD ) ,
working_directory ,
( const gchar * const * ) argv ,
( const gchar * const * ) envp ,
! ( flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN ) ,
( flags & G_SPAWN_SEARCH_PATH ) ! = 0 ,
( flags & G_SPAWN_SEARCH_PATH_FROM_ENVP ) ! = 0 ,
( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_STDERR_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_CHILD_INHERITS_STDIN ) ! = 0 ,
( flags & G_SPAWN_FILE_AND_ARGV_ZERO ) ! = 0 ,
( flags & G_SPAWN_CLOEXEC_PIPES ) ! = 0 ,
child_setup ,
user_data ,
child_pid ,
NULL , NULL , NULL ,
stdin_fd ,
stdout_fd ,
stderr_fd ,
2020-10-13 14:17:38 +02:00
NULL , NULL , 0 ,
2020-10-13 13:43:25 +02:00
error ) ;
2018-05-28 18:09:21 +02:00
}
2000-10-09 18:24:57 +02:00
/**
* g_spawn_command_line_sync :
2017-10-11 18:49:11 +02:00
* @ command_line : ( type filename ) : a command line
2016-10-29 03:29:02 +02:00
* @ standard_output : ( out ) ( array zero - terminated = 1 ) ( element - type guint8 ) ( optional ) : return location for child output
* @ standard_error : ( out ) ( array zero - terminated = 1 ) ( element - type guint8 ) ( optional ) : return location for child errors
* @ exit_status : ( out ) ( optional ) : return location for child exit status , as returned by waitpid ( )
2000-10-09 18:24:57 +02:00
* @ error : return location for errors
*
* A simple version of g_spawn_sync ( ) with little - used parameters
* removed , taking a command line instead of an argument vector . See
* g_spawn_sync ( ) for full details . @ command_line will be parsed by
* g_shell_parse_argv ( ) . Unlike g_spawn_sync ( ) , the % G_SPAWN_SEARCH_PATH flag
* is enabled . Note that % G_SPAWN_SEARCH_PATH can have security
* implications , so consider using g_spawn_sync ( ) directly if
* appropriate . Possible errors are those from g_spawn_sync ( ) and those
* from g_shell_parse_argv ( ) .
2005-05-20 21:30:02 +02:00
*
2012-07-10 17:27:22 +02:00
* If @ exit_status is non - % NULL , the platform - specific exit status of
* the child is stored there ; see the documentation of
* g_spawn_check_exit_status ( ) for how to use and interpret this .
2000-10-09 18:24:57 +02:00
*
2002-04-19 22:26:04 +02:00
* On Windows , please note the implications of g_shell_parse_argv ( )
2005-08-26 01:28:24 +02:00
* parsing @ command_line . Parsing is done according to Unix shell rules , not
* Windows command interpreter rules .
* Space is a separator , and backslashes are
2003-02-05 00:37:04 +01:00
* special . Thus you cannot simply pass a @ command_line containing
* canonical Windows paths , like " c: \\ program files \\ app \\ app.exe " , as
* the backslashes will be eaten , and the space will act as a
* separator . You need to enclose such paths with single quotes , like
* " 'c: \\ program files \\ app \\ app.exe' 'e: \\ folder \\ argument.txt' " .
2002-04-19 22:26:04 +02:00
*
2014-02-20 01:35:23 +01:00
* Returns : % TRUE on success , % FALSE if an error was set
2000-10-09 18:24:57 +02:00
* */
gboolean
g_spawn_command_line_sync ( const gchar * command_line ,
gchar * * standard_output ,
gchar * * standard_error ,
gint * exit_status ,
GError * * error )
{
gboolean retval ;
2004-10-24 03:37:42 +02:00
gchar * * argv = NULL ;
2000-10-09 18:24:57 +02:00
g_return_val_if_fail ( command_line ! = NULL , FALSE ) ;
if ( ! g_shell_parse_argv ( command_line ,
NULL , & argv ,
error ) )
return FALSE ;
retval = g_spawn_sync ( NULL ,
argv ,
NULL ,
G_SPAWN_SEARCH_PATH ,
NULL ,
NULL ,
standard_output ,
standard_error ,
exit_status ,
error ) ;
g_strfreev ( argv ) ;
return retval ;
}
/**
* g_spawn_command_line_async :
2017-10-11 18:49:11 +02:00
* @ command_line : ( type filename ) : a command line
2000-10-09 18:24:57 +02:00
* @ error : return location for errors
*
* A simple version of g_spawn_async ( ) that parses a command line with
* g_shell_parse_argv ( ) and passes it to g_spawn_async ( ) . Runs a
* command line in the background . Unlike g_spawn_async ( ) , the
* % G_SPAWN_SEARCH_PATH flag is enabled , other flags are not . Note
* that % G_SPAWN_SEARCH_PATH can have security implications , so
* consider using g_spawn_async ( ) directly if appropriate . Possible
* errors are those from g_shell_parse_argv ( ) and g_spawn_async ( ) .
*
2002-04-19 22:26:04 +02:00
* The same concerns on Windows apply as for g_spawn_command_line_sync ( ) .
*
2014-02-20 01:35:23 +01:00
* Returns : % TRUE on success , % FALSE if error is set
2000-10-09 18:24:57 +02:00
* */
gboolean
g_spawn_command_line_async ( const gchar * command_line ,
GError * * error )
{
gboolean retval ;
2004-10-24 03:37:42 +02:00
gchar * * argv = NULL ;
2000-10-09 18:24:57 +02:00
g_return_val_if_fail ( command_line ! = NULL , FALSE ) ;
if ( ! g_shell_parse_argv ( command_line ,
NULL , & argv ,
error ) )
return FALSE ;
retval = g_spawn_async ( NULL ,
argv ,
NULL ,
G_SPAWN_SEARCH_PATH ,
NULL ,
NULL ,
NULL ,
error ) ;
g_strfreev ( argv ) ;
return retval ;
}
2012-07-10 17:27:22 +02:00
/**
* g_spawn_check_exit_status :
* @ exit_status : An exit code as returned from g_spawn_sync ( )
* @ error : a # GError
*
* Set @ error if @ exit_status indicates the child exited abnormally
* ( e . g . with a nonzero exit code , or via a fatal signal ) .
*
* The g_spawn_sync ( ) and g_child_watch_add ( ) family of APIs return an
* exit status for subprocesses encoded in a platform - specific way .
2014-01-31 20:56:10 +01:00
* On Unix , this is guaranteed to be in the same format waitpid ( ) returns ,
* and on Windows it is guaranteed to be the result of GetExitCodeProcess ( ) .
*
* Prior to the introduction of this function in GLib 2.34 , interpreting
* @ exit_status required use of platform - specific APIs , which is problematic
* for software using GLib as a cross - platform layer .
2012-07-10 17:27:22 +02:00
*
* Additionally , many programs simply want to determine whether or not
* the child exited successfully , and either propagate a # GError or
2014-01-31 20:56:10 +01:00
* print a message to standard error . In that common case , this function
* can be used . Note that the error message in @ error will contain
* human - readable information about the exit status .
2012-07-10 17:27:22 +02:00
*
2014-01-31 20:56:10 +01:00
* The @ domain and @ code of @ error have special semantics in the case
* where the process has an " exit code " , as opposed to being killed by
* a signal . On Unix , this happens if WIFEXITED ( ) would be true of
* @ exit_status . On Windows , it is always the case .
2012-07-10 17:27:22 +02:00
*
* The special semantics are that the actual exit code will be the
* code set in @ error , and the domain will be % G_SPAWN_EXIT_ERROR .
* This allows you to differentiate between different exit codes .
*
* If the process was terminated by some means other than an exit
* status , the domain will be % G_SPAWN_ERROR , and the code will be
* % G_SPAWN_ERROR_FAILED .
*
* This function just offers convenience ; you can of course also check
* the available platform via a macro such as % G_OS_UNIX , and use
2014-01-31 20:56:10 +01:00
* WIFEXITED ( ) and WEXITSTATUS ( ) on @ exit_status directly . Do not attempt
* to scan or parse the error message string ; it may be translated and / or
* change in future versions of GLib .
*
* Returns : % TRUE if child exited successfully , % FALSE otherwise ( and
* @ error will be set )
2012-07-10 17:27:22 +02:00
*
* Since : 2.34
*/
gboolean
g_spawn_check_exit_status ( gint exit_status ,
GError * * error )
{
gboolean ret = FALSE ;
if ( WIFEXITED ( exit_status ) )
{
if ( WEXITSTATUS ( exit_status ) ! = 0 )
{
g_set_error ( error , G_SPAWN_EXIT_ERROR , WEXITSTATUS ( exit_status ) ,
_ ( " Child process exited with code %ld " ) ,
( long ) WEXITSTATUS ( exit_status ) ) ;
goto out ;
}
}
else if ( WIFSIGNALED ( exit_status ) )
{
g_set_error ( error , G_SPAWN_ERROR , G_SPAWN_ERROR_FAILED ,
_ ( " Child process killed by signal %ld " ) ,
( long ) WTERMSIG ( exit_status ) ) ;
goto out ;
}
else if ( WIFSTOPPED ( exit_status ) )
{
g_set_error ( error , G_SPAWN_ERROR , G_SPAWN_ERROR_FAILED ,
_ ( " Child process stopped by signal %ld " ) ,
( long ) WSTOPSIG ( exit_status ) ) ;
goto out ;
}
else
{
g_set_error ( error , G_SPAWN_ERROR , G_SPAWN_ERROR_FAILED ,
_ ( " Child process exited abnormally " ) ) ;
goto out ;
}
ret = TRUE ;
out :
return ret ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2003-06-02 20:20:25 +02:00
static gssize
write_all ( gint fd , gconstpointer vbuf , gsize to_write )
{
gchar * buf = ( gchar * ) vbuf ;
while ( to_write > 0 )
{
gssize count = write ( fd , buf , to_write ) ;
if ( count < 0 )
{
if ( errno ! = EINTR )
return FALSE ;
}
else
{
to_write - = count ;
buf + = count ;
}
}
return TRUE ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2019-09-03 19:43:41 +02:00
G_NORETURN
2000-10-09 18:24:57 +02:00
static void
write_err_and_exit ( gint fd , gint msg )
{
gint en = errno ;
2003-06-02 20:20:25 +02:00
write_all ( fd , & msg , sizeof ( msg ) ) ;
write_all ( fd , & en , sizeof ( en ) ) ;
2000-10-09 18:24:57 +02:00
_exit ( 1 ) ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2006-12-17 18:45:03 +01:00
static int
2006-12-15 06:33:32 +01:00
set_cloexec ( void * data , gint fd )
2000-10-09 18:24:57 +02:00
{
2006-12-17 18:45:03 +01:00
if ( fd > = GPOINTER_TO_INT ( data ) )
2006-12-15 06:33:32 +01:00
fcntl ( fd , F_SETFD , FD_CLOEXEC ) ;
2006-12-17 18:45:03 +01:00
return 0 ;
2000-10-09 18:24:57 +02:00
}
2020-10-13 14:17:38 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
static void
unset_cloexec ( int fd )
{
int flags ;
int result ;
flags = fcntl ( fd , F_GETFD , 0 ) ;
if ( flags ! = - 1 )
{
int errsv ;
flags & = ( ~ FD_CLOEXEC ) ;
do
{
result = fcntl ( fd , F_SETFD , flags ) ;
errsv = errno ;
}
while ( result = = - 1 & & errsv = = EINTR ) ;
}
}
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
static int
dupfd_cloexec ( int parent_fd )
{
int fd , errsv ;
# ifdef F_DUPFD_CLOEXEC
do
{
fd = fcntl ( parent_fd , F_DUPFD_CLOEXEC , 3 ) ;
errsv = errno ;
}
while ( fd = = - 1 & & errsv = = EINTR ) ;
# else
/* OS X Snow Lion and earlier don't have F_DUPFD_CLOEXEC:
* https : //bugzilla.gnome.org/show_bug.cgi?id=710962
*/
int result , flags ;
do
{
fd = fcntl ( parent_fd , F_DUPFD , 3 ) ;
errsv = errno ;
}
while ( fd = = - 1 & & errsv = = EINTR ) ;
flags = fcntl ( fd , F_GETFD , 0 ) ;
if ( flags ! = - 1 )
{
flags | = FD_CLOEXEC ;
do
{
result = fcntl ( fd , F_SETFD , flags ) ;
errsv = errno ;
}
while ( result = = - 1 & & errsv = = EINTR ) ;
}
# endif
return fd ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2019-09-15 06:53:38 +02:00
static gint
2020-06-23 11:49:44 +02:00
safe_close ( gint fd )
2019-09-15 06:53:38 +02:00
{
gint ret ;
2019-09-26 15:10:36 +02:00
do
ret = close ( fd ) ;
while ( ret < 0 & & errno = = EINTR ) ;
2019-09-15 06:53:38 +02:00
return ret ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2019-09-15 06:53:38 +02:00
G_GNUC_UNUSED static int
close_func ( void * data , int fd )
{
if ( fd > = GPOINTER_TO_INT ( data ) )
2020-06-23 11:49:44 +02:00
( void ) safe_close ( fd ) ;
2019-09-15 06:53:38 +02:00
return 0 ;
}
2018-11-24 13:22:57 +01:00
# ifdef __linux__
struct linux_dirent64
{
guint64 d_ino ; /* 64-bit inode number */
guint64 d_off ; /* 64-bit offset to next structure */
unsigned short d_reclen ; /* Size of this dirent */
unsigned char d_type ; /* File type */
char d_name [ ] ; /* Filename (null-terminated) */
} ;
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2018-11-24 13:22:57 +01:00
static gint
filename_to_fd ( const char * p )
{
char c ;
int fd = 0 ;
const int cutoff = G_MAXINT / 10 ;
const int cutlim = G_MAXINT % 10 ;
if ( * p = = ' \0 ' )
return - 1 ;
while ( ( c = * p + + ) ! = ' \0 ' )
{
2020-06-22 14:10:35 +02:00
if ( c < ' 0 ' | | c > ' 9 ' )
2018-11-24 13:22:57 +01:00
return - 1 ;
c - = ' 0 ' ;
/* Check for overflow. */
if ( fd > cutoff | | ( fd = = cutoff & & c > cutlim ) )
return - 1 ;
fd = fd * 10 + c ;
}
return fd ;
}
# endif
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2006-12-15 06:33:32 +01:00
static int
2019-09-20 16:36:30 +02:00
safe_fdwalk ( int ( * cb ) ( void * data , int fd ) , void * data )
2006-12-15 06:33:32 +01:00
{
2019-09-20 16:36:30 +02:00
#if 0
/* Use fdwalk function provided by the system if it is known to be
* async - signal safe .
*
* Currently there are no operating systems known to provide a safe
* implementation , so this section is not used for now .
*/
return fdwalk ( cb , data ) ;
# else
/* Fallback implementation of fdwalk. It should be async-signal safe, but it
* may be slow on non - Linux operating systems , especially on systems allowing
* very high number of open file descriptors .
*/
2020-06-22 14:40:27 +02:00
gint open_max = - 1 ;
2006-12-15 06:33:32 +01:00
gint fd ;
2007-10-16 07:28:10 +02:00
gint res = 0 ;
2020-06-22 14:40:27 +02:00
#if 0 && defined(HAVE_SYS_RESOURCE_H)
2007-10-16 07:28:10 +02:00
struct rlimit rl ;
# endif
2018-11-24 13:22:57 +01:00
# ifdef __linux__
/* Avoid use of opendir/closedir since these are not async-signal-safe. */
int dir_fd = open ( " /proc/self/fd " , O_RDONLY | O_DIRECTORY ) ;
if ( dir_fd > = 0 )
{
char buf [ 4096 ] ;
int pos , nread ;
struct linux_dirent64 * de ;
2007-10-16 07:28:10 +02:00
2018-11-24 13:22:57 +01:00
while ( ( nread = syscall ( SYS_getdents64 , dir_fd , buf , sizeof ( buf ) ) ) > 0 )
{
for ( pos = 0 ; pos < nread ; pos + = de - > d_reclen )
{
de = ( struct linux_dirent64 * ) ( buf + pos ) ;
2007-10-16 07:28:10 +02:00
2018-11-24 13:22:57 +01:00
fd = filename_to_fd ( de - > d_name ) ;
if ( fd < 0 | | fd = = dir_fd )
continue ;
2007-10-16 07:28:10 +02:00
2018-11-24 13:22:57 +01:00
if ( ( res = cb ( data , fd ) ) ! = 0 )
break ;
}
2007-10-16 07:28:10 +02:00
}
2018-11-24 13:22:57 +01:00
2020-06-23 11:49:44 +02:00
safe_close ( dir_fd ) ;
2007-10-16 07:28:10 +02:00
return res ;
2018-11-24 13:22:57 +01:00
}
2006-12-15 06:33:32 +01:00
2007-10-16 07:28:10 +02:00
/* If /proc is not mounted or not accessible we fall back to the old
2020-06-22 14:40:27 +02:00
* rlimit trick . */
2007-10-16 07:28:10 +02:00
# endif
2018-11-24 13:22:57 +01:00
2020-06-22 14:40:27 +02:00
#if 0 && defined(HAVE_SYS_RESOURCE_H)
/* Use getrlimit() function provided by the system if it is known to be
* async - signal safe .
*
* Currently there are no operating systems known to provide a safe
* implementation , so this section is not used for now .
*/
if ( getrlimit ( RLIMIT_NOFILE , & rl ) = = 0 & & rl . rlim_max ! = RLIM_INFINITY )
open_max = rl . rlim_max ;
# endif
2020-11-17 20:42:06 +01:00
# if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
2020-06-22 14:40:27 +02:00
/* Use sysconf() function provided by the system if it is known to be
* async - signal safe .
*
* FreeBSD : sysconf ( ) is included in the list of async - signal safe functions
* found in https : //man.freebsd.org/sigaction(2).
*
* OpenBSD : sysconf ( ) is included in the list of async - signal safe functions
* found in https : //man.openbsd.org/sigaction.2.
2020-11-17 20:42:06 +01:00
*
* Apple : sysconf ( ) is included in the list of async - signal safe functions
* found in https : //opensource.apple.com/source/xnu/xnu-517.12.7/bsd/man/man2/sigaction.2
2020-06-22 14:40:27 +02:00
*/
if ( open_max < 0 )
open_max = sysconf ( _SC_OPEN_MAX ) ;
2007-10-16 07:28:10 +02:00
# endif
2020-06-22 14:40:27 +02:00
/* Hardcoded fallback: the default process hard limit in Linux as of 2020 */
if ( open_max < 0 )
open_max = 4096 ;
2007-10-16 07:28:10 +02:00
for ( fd = 0 ; fd < open_max ; fd + + )
if ( ( res = cb ( data , fd ) ) ! = 0 )
break ;
2006-12-15 06:33:32 +01:00
return res ;
2019-09-20 16:36:30 +02:00
# endif
2006-12-15 06:33:32 +01:00
}
2019-09-15 06:53:38 +02:00
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2019-09-15 06:53:38 +02:00
static void
safe_closefrom ( int lowfd )
{
# if defined(__FreeBSD__) || defined(__OpenBSD__)
/* Use closefrom function provided by the system if it is known to be
* async - signal safe .
*
* FreeBSD : closefrom is included in the list of async - signal safe functions
* found in https : //man.freebsd.org/sigaction(2).
*
* OpenBSD : closefrom is not included in the list , but a direct system call
* should be safe to use .
*/
( void ) closefrom ( lowfd ) ;
# elif defined(__DragonFly__)
/* It is unclear whether closefrom function included in DragonFlyBSD libc_r
* is safe to use because it calls a lot of library functions . It is also
* unclear whether libc_r itself is still being used . Therefore , we do a
* direct system call here ourselves to avoid possible issues .
*/
( void ) syscall ( SYS_closefrom , lowfd ) ;
# elif defined(F_CLOSEM)
/* NetBSD and AIX have a special fcntl command which does the same thing as
* closefrom . NetBSD also includes closefrom function , which seems to be a
* simple wrapper of the fcntl command .
*/
( void ) fcntl ( lowfd , F_CLOSEM ) ;
2020-12-03 15:30:29 +01:00
# else
# if defined(HAVE_CLOSE_RANGE)
2020-10-12 19:10:45 +02:00
/* close_range() is available in Linux since kernel 5.9, and on FreeBSD at
* around the same time . It was designed for use in async - signal - safe
2020-12-03 15:30:29 +01:00
* situations : https : //bugs.python.org/issue38061
*
* Handle ENOSYS in case it ’ s supported in libc but not the kernel ; if so ,
* fall back to safe_fdwalk ( ) . */
if ( close_range ( lowfd , G_MAXUINT ) ! = 0 & & errno = = ENOSYS )
# endif /* HAVE_CLOSE_RANGE */
2019-09-20 16:36:30 +02:00
( void ) safe_fdwalk ( close_func , GINT_TO_POINTER ( lowfd ) ) ;
2006-12-15 06:33:32 +01:00
# endif
2019-09-15 06:53:38 +02:00
}
2006-12-15 06:33:32 +01:00
2020-10-13 14:25:21 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
static gint
safe_dup ( gint fd )
{
gint ret ;
do
ret = dup ( fd ) ;
while ( ret < 0 & & ( errno = = EINTR | | errno = = EBUSY ) ) ;
return ret ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2000-10-09 18:24:57 +02:00
static gint
2020-06-23 11:49:44 +02:00
safe_dup2 ( gint fd1 , gint fd2 )
2000-10-09 18:24:57 +02:00
{
gint ret ;
2019-09-26 15:10:36 +02:00
do
ret = dup2 ( fd1 , fd2 ) ;
2019-09-26 15:13:01 +02:00
while ( ret < 0 & & ( errno = = EINTR | | errno = = EBUSY ) ) ;
2000-10-09 18:24:57 +02:00
return ret ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2011-06-10 16:14:25 +02:00
static gint
2020-06-23 11:49:44 +02:00
safe_open ( const char * path , gint mode )
2011-06-10 16:14:25 +02:00
{
gint ret ;
2019-09-26 15:10:36 +02:00
do
ret = open ( path , mode ) ;
while ( ret < 0 & & errno = = EINTR ) ;
2011-06-10 16:14:25 +02:00
return ret ;
}
2000-10-09 18:24:57 +02:00
enum
{
CHILD_CHDIR_FAILED ,
CHILD_EXEC_FAILED ,
CHILD_DUP2_FAILED ,
CHILD_FORK_FAILED
} ;
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) until it calls exec ( ) . */
2000-10-09 18:24:57 +02:00
static void
do_exec ( gint child_err_report_fd ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
2020-10-13 14:17:38 +02:00
gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
2000-10-09 18:24:57 +02:00
const gchar * working_directory ,
2020-10-13 13:43:25 +02:00
const gchar * const * argv ,
2020-06-22 15:33:12 +02:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2020-10-13 13:43:25 +02:00
const gchar * const * envp ,
2000-10-09 18:24:57 +02:00
gboolean close_descriptors ,
2020-06-22 14:59:48 +02:00
const gchar * search_path ,
2020-06-22 15:15:42 +02:00
gchar * search_path_buffer ,
gsize search_path_buffer_len ,
2000-10-09 18:24:57 +02:00
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
2001-06-08 21:41:51 +02:00
gboolean file_and_argv_zero ,
2000-10-09 18:24:57 +02:00
GSpawnChildSetupFunc child_setup ,
gpointer user_data )
{
2020-10-13 14:17:38 +02:00
gsize i ;
2000-10-09 18:24:57 +02:00
if ( working_directory & & chdir ( working_directory ) < 0 )
write_err_and_exit ( child_err_report_fd ,
CHILD_CHDIR_FAILED ) ;
/* Redirect pipes as required */
if ( stdin_fd > = 0 )
{
/* dup2 can't actually fail here I don't think */
2020-06-23 11:49:44 +02:00
if ( safe_dup2 ( stdin_fd , 0 ) < 0 )
2000-10-09 18:24:57 +02:00
write_err_and_exit ( child_err_report_fd ,
CHILD_DUP2_FAILED ) ;
2020-12-04 19:28:08 +01:00
if ( ! ( ( stdout_fd > = 0 | | stdout_to_null ) & & stdin_fd = = 1 ) & &
! ( ( stderr_fd > = 0 | | stderr_to_null ) & & stdin_fd = = 2 ) )
set_cloexec ( GINT_TO_POINTER ( 0 ) , stdin_fd ) ;
2000-10-09 18:24:57 +02:00
}
else if ( ! child_inherits_stdin )
{
/* Keep process from blocking on a read of stdin */
2020-06-23 11:49:44 +02:00
gint read_null = safe_open ( " /dev/null " , O_RDONLY ) ;
2020-06-22 14:11:32 +02:00
if ( read_null < 0 )
write_err_and_exit ( child_err_report_fd ,
CHILD_DUP2_FAILED ) ;
2020-06-23 11:49:44 +02:00
safe_dup2 ( read_null , 0 ) ;
2000-10-09 18:24:57 +02:00
close_and_invalidate ( & read_null ) ;
}
if ( stdout_fd > = 0 )
{
/* dup2 can't actually fail here I don't think */
2020-06-23 11:49:44 +02:00
if ( safe_dup2 ( stdout_fd , 1 ) < 0 )
2000-10-09 18:24:57 +02:00
write_err_and_exit ( child_err_report_fd ,
CHILD_DUP2_FAILED ) ;
2020-12-04 19:28:08 +01:00
if ( ! ( ( stdin_fd > = 0 | | ! child_inherits_stdin ) & & stdout_fd = = 0 ) & &
! ( ( stderr_fd > = 0 | | stderr_to_null ) & & stdout_fd = = 2 ) )
set_cloexec ( GINT_TO_POINTER ( 0 ) , stdout_fd ) ;
2000-10-09 18:24:57 +02:00
}
else if ( stdout_to_null )
{
2020-06-23 11:49:44 +02:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY ) ;
2020-06-22 14:11:32 +02:00
if ( write_null < 0 )
write_err_and_exit ( child_err_report_fd ,
CHILD_DUP2_FAILED ) ;
2020-06-23 11:49:44 +02:00
safe_dup2 ( write_null , 1 ) ;
2000-10-09 18:24:57 +02:00
close_and_invalidate ( & write_null ) ;
}
if ( stderr_fd > = 0 )
{
/* dup2 can't actually fail here I don't think */
2020-06-23 11:49:44 +02:00
if ( safe_dup2 ( stderr_fd , 2 ) < 0 )
2000-10-09 18:24:57 +02:00
write_err_and_exit ( child_err_report_fd ,
CHILD_DUP2_FAILED ) ;
2020-12-04 19:28:08 +01:00
if ( ! ( ( stdin_fd > = 0 | | ! child_inherits_stdin ) & & stderr_fd = = 0 ) & &
! ( ( stdout_fd > = 0 | | stdout_to_null ) & & stderr_fd = = 1 ) )
set_cloexec ( GINT_TO_POINTER ( 0 ) , stderr_fd ) ;
2000-10-09 18:24:57 +02:00
}
else if ( stderr_to_null )
{
2020-06-23 11:49:44 +02:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY ) ;
2020-10-05 13:31:28 +02:00
if ( write_null < 0 )
write_err_and_exit ( child_err_report_fd ,
CHILD_DUP2_FAILED ) ;
2020-06-23 11:49:44 +02:00
safe_dup2 ( write_null , 2 ) ;
2000-10-09 18:24:57 +02:00
close_and_invalidate ( & write_null ) ;
}
2019-09-15 06:53:38 +02:00
2020-10-13 14:17:38 +02:00
/* Close all file descriptors but stdin, stdout and stderr, and any of source_fds,
2019-09-15 06:53:38 +02:00
* before we exec . Note that this includes
* child_err_report_fd , which keeps the parent from blocking
* forever on the other end of that pipe .
*/
if ( close_descriptors )
{
2020-10-13 14:17:38 +02:00
if ( child_setup = = NULL & & n_fds = = 0 )
2019-09-15 06:53:38 +02:00
{
2020-06-23 11:49:44 +02:00
safe_dup2 ( child_err_report_fd , 3 ) ;
2019-09-15 06:53:38 +02:00
set_cloexec ( GINT_TO_POINTER ( 0 ) , 3 ) ;
safe_closefrom ( 4 ) ;
child_err_report_fd = 3 ;
}
else
{
2019-09-20 16:36:30 +02:00
safe_fdwalk ( set_cloexec , GINT_TO_POINTER ( 3 ) ) ;
2019-09-15 06:53:38 +02:00
}
}
else
{
/* We need to do child_err_report_fd anyway */
set_cloexec ( GINT_TO_POINTER ( 0 ) , child_err_report_fd ) ;
}
2020-10-13 14:17:38 +02:00
/*
* Work through the @ source_fds and @ target_fds mapping .
*
* Based on code derived from
* gnome - terminal : src / terminal - screen . c : terminal_screen_child_setup ( ) ,
* used under the LGPLv2 + with permission from author .
*/
/* Basic fd assignments (where source == target) we can just unset FD_CLOEXEC
*
* If we ' re doing remapping fd assignments , we need to handle
* the case where the user has specified e . g . :
* 5 - > 4 , 4 - > 6
*
* We do this by duping the source fds temporarily in a first pass .
2020-10-13 14:25:21 +02:00
*
* If any of the @ target_fds conflict with @ child_err_report_fd , dup the
* latter so it doesn ’ t get conflated .
2020-10-13 14:17:38 +02:00
*/
if ( n_fds > 0 )
{
for ( i = 0 ; i < n_fds ; i + + )
{
if ( source_fds [ i ] ! = target_fds [ i ] )
source_fds [ i ] = dupfd_cloexec ( source_fds [ i ] ) ;
}
for ( i = 0 ; i < n_fds ; i + + )
{
if ( source_fds [ i ] = = target_fds [ i ] )
{
unset_cloexec ( source_fds [ i ] ) ;
}
else
{
2020-10-13 14:25:21 +02:00
if ( target_fds [ i ] = = child_err_report_fd )
child_err_report_fd = safe_dup ( child_err_report_fd ) ;
2020-10-13 14:17:38 +02:00
safe_dup2 ( source_fds [ i ] , target_fds [ i ] ) ;
( void ) close ( source_fds [ i ] ) ;
}
}
}
2000-10-09 18:24:57 +02:00
/* Call user function just before we exec */
if ( child_setup )
{
( * child_setup ) ( user_data ) ;
}
2001-06-08 21:41:51 +02:00
g_execute ( argv [ 0 ] ,
2020-10-13 13:43:25 +02:00
( gchar * * ) ( file_and_argv_zero ? argv + 1 : argv ) ,
2020-06-22 15:33:12 +02:00
argv_buffer , argv_buffer_len ,
2020-10-13 13:43:25 +02:00
( gchar * * ) envp , search_path , search_path_buffer , search_path_buffer_len ) ;
2000-10-09 18:24:57 +02:00
/* Exec failed */
write_err_and_exit ( child_err_report_fd ,
CHILD_EXEC_FAILED ) ;
}
static gboolean
read_ints ( int fd ,
gint * buf ,
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
gint n_ints_in_buf ,
gint * n_ints_read ,
2000-10-09 18:24:57 +02:00
GError * * error )
{
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
gsize bytes = 0 ;
2000-10-09 18:24:57 +02:00
while ( TRUE )
{
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
gssize chunk ;
2000-10-09 18:24:57 +02:00
if ( bytes > = sizeof ( gint ) * 2 )
break ; /* give up, who knows what happened, should not be
* possible .
*/
again :
chunk = read ( fd ,
( ( gchar * ) buf ) + bytes ,
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
sizeof ( gint ) * n_ints_in_buf - bytes ) ;
2000-10-09 18:24:57 +02:00
if ( chunk < 0 & & errno = = EINTR )
goto again ;
if ( chunk < 0 )
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2000-10-09 18:24:57 +02:00
/* Some weird shit happened, bail out */
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to read from child pipe (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 18:24:57 +02:00
return FALSE ;
}
else if ( chunk = = 0 )
break ; /* EOF */
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
else /* chunk > 0 */
bytes + = chunk ;
2000-10-09 18:24:57 +02:00
}
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
* n_ints_read = ( gint ) ( bytes / sizeof ( gint ) ) ;
2000-10-09 18:24:57 +02:00
return TRUE ;
}
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
# ifdef POSIX_SPAWN_AVAILABLE
static gboolean
2020-10-13 13:43:25 +02:00
do_posix_spawn ( const gchar * const * argv ,
const gchar * const * envp ,
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
gboolean search_path ,
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
gboolean file_and_argv_zero ,
GPid * child_pid ,
gint * child_close_fds ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd )
{
pid_t pid ;
2020-10-13 13:43:25 +02:00
const gchar * const * argv_pass ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
posix_spawnattr_t attr ;
posix_spawn_file_actions_t file_actions ;
gint parent_close_fds [ 3 ] ;
gint num_parent_close_fds = 0 ;
GSList * child_close = NULL ;
GSList * elem ;
sigset_t mask ;
int i , r ;
if ( * argv [ 0 ] = = ' \0 ' )
{
/* We check the simple case first. */
return ENOENT ;
}
r = posix_spawnattr_init ( & attr ) ;
if ( r ! = 0 )
return r ;
if ( child_close_fds )
{
int i = - 1 ;
while ( child_close_fds [ + + i ] ! = - 1 )
child_close = g_slist_prepend ( child_close ,
GINT_TO_POINTER ( child_close_fds [ i ] ) ) ;
}
2018-07-13 13:37:11 +02:00
r = posix_spawnattr_setflags ( & attr , POSIX_SPAWN_SETSIGDEF ) ;
if ( r ! = 0 )
goto out_free_spawnattr ;
/* Reset some signal handlers that we may use */
sigemptyset ( & mask ) ;
sigaddset ( & mask , SIGCHLD ) ;
sigaddset ( & mask , SIGINT ) ;
sigaddset ( & mask , SIGTERM ) ;
sigaddset ( & mask , SIGHUP ) ;
r = posix_spawnattr_setsigdefault ( & attr , & mask ) ;
if ( r ! = 0 )
goto out_free_spawnattr ;
r = posix_spawn_file_actions_init ( & file_actions ) ;
if ( r ! = 0 )
goto out_free_spawnattr ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
/* Redirect pipes as required */
if ( stdin_fd > = 0 )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , stdin_fd , 0 ) ;
if ( r ! = 0 )
goto out_close_fds ;
if ( ! g_slist_find ( child_close , GINT_TO_POINTER ( stdin_fd ) ) )
child_close = g_slist_prepend ( child_close , GINT_TO_POINTER ( stdin_fd ) ) ;
}
else if ( ! child_inherits_stdin )
{
/* Keep process from blocking on a read of stdin */
2020-06-23 11:49:44 +02:00
gint read_null = safe_open ( " /dev/null " , O_RDONLY | O_CLOEXEC ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
g_assert ( read_null ! = - 1 ) ;
parent_close_fds [ num_parent_close_fds + + ] = read_null ;
2018-08-11 22:52:17 +02:00
# ifndef HAVE_O_CLOEXEC
fcntl ( read_null , F_SETFD , FD_CLOEXEC ) ;
# endif
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
r = posix_spawn_file_actions_adddup2 ( & file_actions , read_null , 0 ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
if ( stdout_fd > = 0 )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , stdout_fd , 1 ) ;
if ( r ! = 0 )
goto out_close_fds ;
if ( ! g_slist_find ( child_close , GINT_TO_POINTER ( stdout_fd ) ) )
child_close = g_slist_prepend ( child_close , GINT_TO_POINTER ( stdout_fd ) ) ;
}
else if ( stdout_to_null )
{
2020-06-23 11:49:44 +02:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY | O_CLOEXEC ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
g_assert ( write_null ! = - 1 ) ;
parent_close_fds [ num_parent_close_fds + + ] = write_null ;
2018-08-11 22:52:17 +02:00
# ifndef HAVE_O_CLOEXEC
2018-08-31 01:04:35 +02:00
fcntl ( write_null , F_SETFD , FD_CLOEXEC ) ;
2018-08-11 22:52:17 +02:00
# endif
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
r = posix_spawn_file_actions_adddup2 ( & file_actions , write_null , 1 ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
if ( stderr_fd > = 0 )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , stderr_fd , 2 ) ;
if ( r ! = 0 )
goto out_close_fds ;
if ( ! g_slist_find ( child_close , GINT_TO_POINTER ( stderr_fd ) ) )
child_close = g_slist_prepend ( child_close , GINT_TO_POINTER ( stderr_fd ) ) ;
}
else if ( stderr_to_null )
{
2020-06-23 11:49:44 +02:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY | O_CLOEXEC ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
g_assert ( write_null ! = - 1 ) ;
parent_close_fds [ num_parent_close_fds + + ] = write_null ;
2018-08-11 22:52:17 +02:00
# ifndef HAVE_O_CLOEXEC
2018-08-31 01:04:35 +02:00
fcntl ( write_null , F_SETFD , FD_CLOEXEC ) ;
2018-08-11 22:52:17 +02:00
# endif
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
r = posix_spawn_file_actions_adddup2 ( & file_actions , write_null , 2 ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
/* Intentionally close the fds in the child as the last file action,
* having been careful not to add the same fd to this list twice .
*
* This is important to allow ( e . g . ) for the same fd to be passed as stdout
* and stderr ( we must not close it before we have dupped it in both places ,
* and we must not attempt to close it twice ) .
*/
for ( elem = child_close ; elem ! = NULL ; elem = elem - > next )
{
r = posix_spawn_file_actions_addclose ( & file_actions ,
GPOINTER_TO_INT ( elem - > data ) ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
argv_pass = file_and_argv_zero ? argv + 1 : argv ;
if ( envp = = NULL )
2020-10-13 13:43:25 +02:00
envp = ( const gchar * const * ) environ ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
/* Don't search when it contains a slash. */
if ( ! search_path | | strchr ( argv [ 0 ] , ' / ' ) ! = NULL )
2020-10-13 13:43:25 +02:00
r = posix_spawn ( & pid , argv [ 0 ] , & file_actions , & attr , ( char * const * ) argv_pass , ( char * const * ) envp ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
else
2020-10-13 13:43:25 +02:00
r = posix_spawnp ( & pid , argv [ 0 ] , & file_actions , & attr , ( char * const * ) argv_pass , ( char * const * ) envp ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
if ( r = = 0 & & child_pid ! = NULL )
* child_pid = pid ;
out_close_fds :
for ( i = 0 ; i < num_parent_close_fds ; i + + )
close_and_invalidate ( & parent_close_fds [ i ] ) ;
posix_spawn_file_actions_destroy ( & file_actions ) ;
out_free_spawnattr :
posix_spawnattr_destroy ( & attr ) ;
g_slist_free ( child_close ) ;
return r ;
}
# endif /* POSIX_SPAWN_AVAILABLE */
2000-10-09 18:24:57 +02:00
static gboolean
2020-10-13 13:43:25 +02:00
fork_exec ( gboolean intermediate_child ,
const gchar * working_directory ,
const gchar * const * argv ,
const gchar * const * envp ,
gboolean close_descriptors ,
gboolean search_path ,
gboolean search_path_from_envp ,
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
gboolean file_and_argv_zero ,
gboolean cloexec_pipes ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
GPid * child_pid ,
gint * stdin_pipe_out ,
gint * stdout_pipe_out ,
gint * stderr_pipe_out ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
2020-10-13 14:17:38 +02:00
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
2020-10-13 13:43:25 +02:00
GError * * error )
2000-10-09 18:24:57 +02:00
{
2004-03-01 21:47:49 +01:00
GPid pid = - 1 ;
2000-10-09 18:24:57 +02:00
gint child_err_report_pipe [ 2 ] = { - 1 , - 1 } ;
gint child_pid_report_pipe [ 2 ] = { - 1 , - 1 } ;
2012-11-10 19:16:29 +01:00
guint pipe_flags = cloexec_pipes ? FD_CLOEXEC : 0 ;
2000-10-09 18:24:57 +02:00
gint status ;
2020-06-22 14:59:48 +02:00
const gchar * chosen_search_path ;
2020-06-22 15:15:42 +02:00
gchar * search_path_buffer = NULL ;
2021-01-29 12:26:00 +01:00
gchar * search_path_buffer_heap = NULL ;
2020-06-22 15:15:42 +02:00
gsize search_path_buffer_len = 0 ;
2020-06-22 15:33:12 +02:00
gchar * * argv_buffer = NULL ;
2021-01-29 12:26:00 +01:00
gchar * * argv_buffer_heap = NULL ;
2020-06-22 15:33:12 +02:00
gsize argv_buffer_len = 0 ;
2020-10-13 13:43:25 +02:00
gint stdin_pipe [ 2 ] = { - 1 , - 1 } ;
gint stdout_pipe [ 2 ] = { - 1 , - 1 } ;
gint stderr_pipe [ 2 ] = { - 1 , - 1 } ;
gint child_close_fds [ 4 ] = { - 1 , - 1 , - 1 , - 1 } ;
gint n_child_close_fds = 0 ;
2020-10-13 14:17:38 +02:00
gint * source_fds_copy = NULL ;
2020-10-13 13:43:25 +02:00
g_assert ( stdin_pipe_out = = NULL | | stdin_fd < 0 ) ;
g_assert ( stdout_pipe_out = = NULL | | stdout_fd < 0 ) ;
g_assert ( stderr_pipe_out = = NULL | | stderr_fd < 0 ) ;
/* If pipes have been requested, open them */
if ( stdin_pipe_out ! = NULL )
{
if ( ! g_unix_open_pipe ( stdin_pipe , pipe_flags , error ) )
goto cleanup_and_fail ;
child_close_fds [ n_child_close_fds + + ] = stdin_pipe [ 1 ] ;
stdin_fd = stdin_pipe [ 0 ] ;
}
if ( stdout_pipe_out ! = NULL )
{
if ( ! g_unix_open_pipe ( stdout_pipe , pipe_flags , error ) )
goto cleanup_and_fail ;
child_close_fds [ n_child_close_fds + + ] = stdout_pipe [ 0 ] ;
stdout_fd = stdout_pipe [ 1 ] ;
}
if ( stderr_pipe_out ! = NULL )
{
if ( ! g_unix_open_pipe ( stderr_pipe , pipe_flags , error ) )
goto cleanup_and_fail ;
child_close_fds [ n_child_close_fds + + ] = stderr_pipe [ 0 ] ;
stderr_fd = stderr_pipe [ 1 ] ;
}
child_close_fds [ n_child_close_fds + + ] = - 1 ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
# ifdef POSIX_SPAWN_AVAILABLE
2020-10-13 14:17:38 +02:00
/* FIXME: Handle @source_fds and @target_fds in do_posix_spawn() using the
* file actions API . */
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
if ( ! intermediate_child & & working_directory = = NULL & & ! close_descriptors & &
2020-10-13 14:17:38 +02:00
! search_path_from_envp & & child_setup = = NULL & & n_fds = = 0 )
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
{
2020-06-25 23:27:10 +02:00
g_trace_mark ( G_TRACE_CURRENT_TIME , 0 ,
" GLib " , " posix_spawn " ,
" %s " , argv [ 0 ] ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
status = do_posix_spawn ( argv ,
envp ,
search_path ,
stdout_to_null ,
stderr_to_null ,
child_inherits_stdin ,
file_and_argv_zero ,
child_pid ,
child_close_fds ,
stdin_fd ,
stdout_fd ,
stderr_fd ) ;
if ( status = = 0 )
2020-10-13 13:43:25 +02:00
goto success ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
if ( status ! = ENOEXEC )
{
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
2018-06-25 16:51:00 +02:00
_ ( " Failed to spawn child process “%s” (%s) " ) ,
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
argv [ 0 ] ,
g_strerror ( status ) ) ;
2020-10-13 13:43:25 +02:00
goto cleanup_and_fail ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
}
/* posix_spawn is not intended to support script execution. It does in
* some situations on some glibc versions , but that will be fixed .
* So if it fails with ENOEXEC , we fall through to the regular
* gspawn codepath so that script execution can be attempted ,
* per standard gspawn behaviour . */
g_debug ( " posix_spawn failed (ENOEXEC), fall back to regular gspawn " ) ;
}
else
{
2020-06-25 23:27:10 +02:00
g_trace_mark ( G_TRACE_CURRENT_TIME , 0 ,
" GLib " , " fork " ,
" posix_spawn avoided %s%s%s%s%s " ,
! intermediate_child ? " " : " (automatic reaping requested) " ,
working_directory = = NULL ? " " : " (workdir specified) " ,
! close_descriptors ? " " : " (fd close requested) " ,
! search_path_from_envp ? " " : " (using envp for search path) " ,
child_setup = = NULL ? " " : " (child_setup specified) " ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 22:45:45 +02:00
}
# endif /* POSIX_SPAWN_AVAILABLE */
2020-06-22 14:59:48 +02:00
/* Choose a search path. This has to be done before calling fork()
* as getenv ( ) isn ’ t async - signal - safe ( see ` man 7 signal - safety ` ) . */
chosen_search_path = NULL ;
if ( search_path_from_envp )
2020-10-13 13:43:25 +02:00
chosen_search_path = g_environ_getenv ( ( gchar * * ) envp , " PATH " ) ;
2020-06-22 14:59:48 +02:00
if ( search_path & & chosen_search_path = = NULL )
chosen_search_path = g_getenv ( " PATH " ) ;
2021-01-27 11:53:22 +01:00
if ( ( search_path | | search_path_from_envp ) & & chosen_search_path = = NULL )
2020-06-22 14:59:48 +02:00
{
/* There is no 'PATH' in the environment. The default
* * search path in libc is the current directory followed by
* * the path ' confstr ' returns for ' _CS_PATH ' .
* */
/* In GLib we put . last, for security, and don't use the
* * unportable confstr ( ) ; UNIX98 does not actually specify
* * what to search if PATH is unset . POSIX may , dunno .
* */
chosen_search_path = " /bin:/usr/bin:. " ;
}
2021-01-27 11:53:22 +01:00
if ( search_path | | search_path_from_envp )
g_assert ( chosen_search_path ! = NULL ) ;
else
g_assert ( chosen_search_path = = NULL ) ;
2020-06-22 15:15:42 +02:00
/* Allocate a buffer which the fork()ed child can use to assemble potential
* paths for the binary to exec ( ) , combining the argv [ 0 ] and elements from
* the chosen_search_path . This can ’ t be done in the child because malloc ( )
* ( or alloca ( ) ) are not async - signal - safe ( see ` man 7 signal - safety ` ) .
*
* Add 2 for the nul terminator and a leading ` / ` . */
2021-01-27 11:53:22 +01:00
if ( chosen_search_path ! = NULL )
{
search_path_buffer_len = strlen ( chosen_search_path ) + strlen ( argv [ 0 ] ) + 2 ;
2021-01-29 12:26:00 +01:00
if ( search_path_buffer_len < 4000 )
{
/* Prefer small stack allocations to avoid valgrind leak warnings
* in forked child . The 4000 B cutoff is arbitrary . */
search_path_buffer = g_alloca ( search_path_buffer_len ) ;
}
else
{
search_path_buffer_heap = g_malloc ( search_path_buffer_len ) ;
search_path_buffer = search_path_buffer_heap ;
}
2021-01-27 11:53:22 +01:00
}
if ( search_path | | search_path_from_envp )
g_assert ( search_path_buffer ! = NULL ) ;
else
g_assert ( search_path_buffer = = NULL ) ;
2020-06-22 15:15:42 +02:00
2020-06-22 15:33:12 +02:00
/* And allocate a buffer which is 2 elements longer than @argv, so that if
* script_execute ( ) has to be called later on , it can build a wrapper argv
* array in this buffer . */
2020-10-13 13:43:25 +02:00
argv_buffer_len = g_strv_length ( ( gchar * * ) argv ) + 2 ;
2021-01-29 12:26:00 +01:00
if ( argv_buffer_len < 4000 / sizeof ( gchar * ) )
{
/* Prefer small stack allocations to avoid valgrind leak warnings
* in forked child . The 4000 B cutoff is arbitrary . */
argv_buffer = g_newa ( gchar * , argv_buffer_len ) ;
}
else
{
argv_buffer_heap = g_new ( gchar * , argv_buffer_len ) ;
argv_buffer = argv_buffer_heap ;
}
2020-06-22 15:33:12 +02:00
2020-10-13 14:17:38 +02:00
/* And one to hold a copy of @source_fds for later manipulation in do_exec(). */
source_fds_copy = g_new ( int , n_fds ) ;
if ( n_fds > 0 )
memcpy ( source_fds_copy , source_fds , sizeof ( * source_fds ) * n_fds ) ;
2012-11-10 19:16:29 +01:00
if ( ! g_unix_open_pipe ( child_err_report_pipe , pipe_flags , error ) )
2020-10-13 13:43:25 +02:00
goto cleanup_and_fail ;
2000-10-09 18:24:57 +02:00
2012-11-10 19:16:29 +01:00
if ( intermediate_child & & ! g_unix_open_pipe ( child_pid_report_pipe , pipe_flags , error ) )
2000-10-09 18:24:57 +02:00
goto cleanup_and_fail ;
2005-12-02 22:37:25 +01:00
pid = fork ( ) ;
2000-10-09 18:24:57 +02:00
if ( pid < 0 )
2009-08-20 15:13:43 +02:00
{
int errsv = errno ;
2000-10-09 18:24:57 +02:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FORK ,
_ ( " Failed to fork (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 18:24:57 +02:00
goto cleanup_and_fail ;
}
else if ( pid = = 0 )
{
/* Immediate child. This may or may not be the child that
* actually execs the new process .
*/
2011-06-10 16:48:07 +02:00
/* Reset some signal handlers that we may use */
signal ( SIGCHLD , SIG_DFL ) ;
signal ( SIGINT , SIG_DFL ) ;
signal ( SIGTERM , SIG_DFL ) ;
signal ( SIGHUP , SIG_DFL ) ;
2000-10-09 18:24:57 +02:00
/* Be sure we crash if the parent exits
* and we write to the err_report_pipe
*/
signal ( SIGPIPE , SIG_DFL ) ;
/* Close the parent's end of the pipes;
* not needed in the close_descriptors case ,
* though
*/
close_and_invalidate ( & child_err_report_pipe [ 0 ] ) ;
close_and_invalidate ( & child_pid_report_pipe [ 0 ] ) ;
2020-10-13 13:43:25 +02:00
if ( child_close_fds [ 0 ] ! = - 1 )
2018-05-28 18:09:21 +02:00
{
int i = - 1 ;
while ( child_close_fds [ + + i ] ! = - 1 )
close_and_invalidate ( & child_close_fds [ i ] ) ;
}
2000-10-09 18:24:57 +02:00
if ( intermediate_child )
{
/* We need to fork an intermediate child that launches the
* final child . The purpose of the intermediate child
* is to exit , so we can waitpid ( ) it immediately .
* Then the grandchild will not become a zombie .
*/
2004-03-01 21:47:49 +01:00
GPid grandchild_pid ;
2000-10-09 18:24:57 +02:00
2005-12-02 22:37:25 +01:00
grandchild_pid = fork ( ) ;
2000-10-09 18:24:57 +02:00
if ( grandchild_pid < 0 )
{
/* report -1 as child PID */
2003-06-02 20:20:25 +02:00
write_all ( child_pid_report_pipe [ 1 ] , & grandchild_pid ,
sizeof ( grandchild_pid ) ) ;
2000-10-09 18:24:57 +02:00
write_err_and_exit ( child_err_report_pipe [ 1 ] ,
CHILD_FORK_FAILED ) ;
}
else if ( grandchild_pid = = 0 )
{
2013-07-01 22:10:28 +02:00
close_and_invalidate ( & child_pid_report_pipe [ 1 ] ) ;
2000-10-09 18:24:57 +02:00
do_exec ( child_err_report_pipe [ 1 ] ,
2018-05-28 18:09:21 +02:00
stdin_fd ,
stdout_fd ,
stderr_fd ,
2020-10-13 14:17:38 +02:00
source_fds_copy ,
target_fds ,
n_fds ,
2000-10-09 18:24:57 +02:00
working_directory ,
argv ,
2020-06-22 15:33:12 +02:00
argv_buffer ,
argv_buffer_len ,
2000-10-09 18:24:57 +02:00
envp ,
close_descriptors ,
2020-06-22 14:59:48 +02:00
chosen_search_path ,
2020-06-22 15:15:42 +02:00
search_path_buffer ,
search_path_buffer_len ,
2000-10-09 18:24:57 +02:00
stdout_to_null ,
stderr_to_null ,
child_inherits_stdin ,
2001-06-08 21:41:51 +02:00
file_and_argv_zero ,
2000-10-09 18:24:57 +02:00
child_setup ,
user_data ) ;
}
else
{
2003-06-02 20:20:25 +02:00
write_all ( child_pid_report_pipe [ 1 ] , & grandchild_pid , sizeof ( grandchild_pid ) ) ;
2000-10-09 18:24:57 +02:00
close_and_invalidate ( & child_pid_report_pipe [ 1 ] ) ;
_exit ( 0 ) ;
}
}
else
{
/* Just run the child.
*/
do_exec ( child_err_report_pipe [ 1 ] ,
2018-05-28 18:09:21 +02:00
stdin_fd ,
stdout_fd ,
stderr_fd ,
2020-10-13 14:17:38 +02:00
source_fds_copy ,
target_fds ,
n_fds ,
2000-10-09 18:24:57 +02:00
working_directory ,
argv ,
2020-06-22 15:33:12 +02:00
argv_buffer ,
argv_buffer_len ,
2000-10-09 18:24:57 +02:00
envp ,
close_descriptors ,
2020-06-22 14:59:48 +02:00
chosen_search_path ,
2020-06-22 15:15:42 +02:00
search_path_buffer ,
search_path_buffer_len ,
2000-10-09 18:24:57 +02:00
stdout_to_null ,
stderr_to_null ,
child_inherits_stdin ,
2001-06-08 21:41:51 +02:00
file_and_argv_zero ,
2000-10-09 18:24:57 +02:00
child_setup ,
user_data ) ;
}
}
else
{
/* Parent */
gint buf [ 2 ] ;
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 15:55:09 +02:00
gint n_ints = 0 ;
2000-10-09 18:24:57 +02:00
/* Close the uncared-about ends of the pipes */
close_and_invalidate ( & child_err_report_pipe [ 1 ] ) ;
close_and_invalidate ( & child_pid_report_pipe [ 1 ] ) ;
/* If we had an intermediate child, reap it */
if ( intermediate_child )
{
wait_again :
if ( waitpid ( pid , & status , 0 ) < 0 )
{
if ( errno = = EINTR )
goto wait_again ;
else if ( errno = = ECHILD )
; /* do nothing, child already reaped */
else
2020-10-13 13:43:25 +02:00
g_warning ( " waitpid() should not fail in 'fork_exec' " ) ;
2000-10-09 18:24:57 +02:00
}
}
if ( ! read_ints ( child_err_report_pipe [ 0 ] ,
buf , 2 , & n_ints ,
error ) )
goto cleanup_and_fail ;
if ( n_ints > = 2 )
{
/* Error from the child. */
switch ( buf [ 0 ] )
{
case CHILD_CHDIR_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_CHDIR ,
2016-09-30 05:47:15 +02:00
_ ( " Failed to change to directory “%s” (%s) " ) ,
2000-10-09 18:24:57 +02:00
working_directory ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
case CHILD_EXEC_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
2018-06-12 17:00:13 +02:00
_g_spawn_exec_err_to_g_error ( buf [ 1 ] ) ,
2016-09-30 05:47:15 +02:00
_ ( " Failed to execute child process “%s” (%s) " ) ,
2001-12-14 17:26:24 +01:00
argv [ 0 ] ,
2000-10-09 18:24:57 +02:00
g_strerror ( buf [ 1 ] ) ) ;
break ;
case CHILD_DUP2_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to redirect output or input of child process (%s) " ) ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
case CHILD_FORK_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FORK ,
_ ( " Failed to fork child process (%s) " ) ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
default :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
2016-09-30 05:47:15 +02:00
_ ( " Unknown error executing child process “%s” " ) ,
2001-12-14 17:26:24 +01:00
argv [ 0 ] ) ;
2000-10-09 18:24:57 +02:00
break ;
}
goto cleanup_and_fail ;
}
/* Get child pid from intermediate child pipe. */
if ( intermediate_child )
{
n_ints = 0 ;
if ( ! read_ints ( child_pid_report_pipe [ 0 ] ,
buf , 1 , & n_ints , error ) )
goto cleanup_and_fail ;
if ( n_ints < 1 )
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2000-10-09 18:24:57 +02:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to read enough data from child pid pipe (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 18:24:57 +02:00
goto cleanup_and_fail ;
}
else
{
/* we have the child pid */
pid = buf [ 0 ] ;
}
}
/* Success against all odds! return the information */
2002-05-23 17:36:53 +02:00
close_and_invalidate ( & child_err_report_pipe [ 0 ] ) ;
close_and_invalidate ( & child_pid_report_pipe [ 0 ] ) ;
2020-06-22 15:15:42 +02:00
2021-01-29 12:26:00 +01:00
g_free ( search_path_buffer_heap ) ;
g_free ( argv_buffer_heap ) ;
2020-10-13 14:17:38 +02:00
g_free ( source_fds_copy ) ;
2020-06-22 15:15:42 +02:00
2000-10-09 18:24:57 +02:00
if ( child_pid )
* child_pid = pid ;
2020-10-13 13:43:25 +02:00
goto success ;
2000-10-09 18:24:57 +02:00
}
2020-10-13 13:43:25 +02:00
success :
/* Close the uncared-about ends of the pipes */
close_and_invalidate ( & stdin_pipe [ 0 ] ) ;
close_and_invalidate ( & stdout_pipe [ 1 ] ) ;
close_and_invalidate ( & stderr_pipe [ 1 ] ) ;
if ( stdin_pipe_out ! = NULL )
2021-03-22 12:48:10 +01:00
* stdin_pipe_out = g_steal_fd ( & stdin_pipe [ 1 ] ) ;
2020-10-13 13:43:25 +02:00
if ( stdout_pipe_out ! = NULL )
2021-03-22 12:48:10 +01:00
* stdout_pipe_out = g_steal_fd ( & stdout_pipe [ 0 ] ) ;
2020-10-13 13:43:25 +02:00
if ( stderr_pipe_out ! = NULL )
2021-03-22 12:48:10 +01:00
* stderr_pipe_out = g_steal_fd ( & stderr_pipe [ 0 ] ) ;
2020-10-13 13:43:25 +02:00
return TRUE ;
2000-10-09 18:24:57 +02:00
cleanup_and_fail :
2002-09-23 08:45:10 +02:00
/* There was an error from the Child, reap the child to avoid it being
a zombie .
*/
if ( pid > 0 )
{
wait_failed :
if ( waitpid ( pid , NULL , 0 ) < 0 )
{
if ( errno = = EINTR )
goto wait_failed ;
else if ( errno = = ECHILD )
; /* do nothing, child already reaped */
else
2020-10-13 13:43:25 +02:00
g_warning ( " waitpid() should not fail in 'fork_exec' " ) ;
2002-09-23 08:45:10 +02:00
}
}
2000-10-09 18:24:57 +02:00
close_and_invalidate ( & stdin_pipe [ 0 ] ) ;
close_and_invalidate ( & stdin_pipe [ 1 ] ) ;
close_and_invalidate ( & stdout_pipe [ 0 ] ) ;
close_and_invalidate ( & stdout_pipe [ 1 ] ) ;
close_and_invalidate ( & stderr_pipe [ 0 ] ) ;
close_and_invalidate ( & stderr_pipe [ 1 ] ) ;
2020-10-13 13:43:25 +02:00
close_and_invalidate ( & child_err_report_pipe [ 0 ] ) ;
close_and_invalidate ( & child_err_report_pipe [ 1 ] ) ;
close_and_invalidate ( & child_pid_report_pipe [ 0 ] ) ;
close_and_invalidate ( & child_pid_report_pipe [ 1 ] ) ;
g_clear_pointer ( & search_path_buffer_heap , g_free ) ;
g_clear_pointer ( & argv_buffer_heap , g_free ) ;
2020-10-13 14:17:38 +02:00
g_clear_pointer ( & source_fds_copy , g_free ) ;
2020-10-13 13:43:25 +02:00
2000-10-09 18:24:57 +02:00
return FALSE ;
}
/* Based on execvp from GNU C Library */
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) until it calls exec ( ) . */
2020-06-22 15:33:12 +02:00
static gboolean
2000-10-09 18:24:57 +02:00
script_execute ( const gchar * file ,
gchar * * argv ,
2020-06-22 15:33:12 +02:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2012-05-20 00:01:35 +02:00
gchar * * envp )
2000-10-09 18:24:57 +02:00
{
/* Count the arguments. */
2020-09-10 18:10:06 +02:00
gsize argc = 0 ;
2000-10-09 18:24:57 +02:00
while ( argv [ argc ] )
+ + argc ;
2020-06-22 15:33:12 +02:00
/* Construct an argument list for the shell. */
if ( argc + 2 > argv_buffer_len )
return FALSE ;
argv_buffer [ 0 ] = ( char * ) " /bin/sh " ;
argv_buffer [ 1 ] = ( char * ) file ;
while ( argc > 0 )
{
argv_buffer [ argc + 1 ] = argv [ argc ] ;
- - argc ;
}
/* Execute the shell. */
if ( envp )
execve ( argv_buffer [ 0 ] , argv_buffer , envp ) ;
else
execv ( argv_buffer [ 0 ] , argv_buffer ) ;
return TRUE ;
2000-10-09 18:24:57 +02:00
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2000-10-09 18:24:57 +02:00
static gchar *
my_strchrnul ( const gchar * str , gchar c )
{
gchar * p = ( gchar * ) str ;
while ( * p & & ( * p ! = c ) )
+ + p ;
return p ;
}
2020-06-22 13:36:32 +02:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) until it calls exec ( ) . */
2000-10-09 18:24:57 +02:00
static gint
2020-06-22 14:59:48 +02:00
g_execute ( const gchar * file ,
gchar * * argv ,
2020-06-22 15:33:12 +02:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2020-06-22 14:59:48 +02:00
gchar * * envp ,
2020-06-22 15:15:42 +02:00
const gchar * search_path ,
gchar * search_path_buffer ,
gsize search_path_buffer_len )
2000-10-09 18:24:57 +02:00
{
if ( * file = = ' \0 ' )
{
/* We check the simple case first. */
errno = ENOENT ;
return - 1 ;
}
2020-06-22 14:59:48 +02:00
if ( search_path = = NULL | | strchr ( file , ' / ' ) ! = NULL )
2000-10-09 18:24:57 +02:00
{
/* Don't search when it contains a slash. */
if ( envp )
execve ( file , argv , envp ) ;
else
execv ( file , argv ) ;
2020-06-22 15:33:12 +02:00
if ( errno = = ENOEXEC & &
! script_execute ( file , argv , argv_buffer , argv_buffer_len , envp ) )
{
errno = ENOMEM ;
return - 1 ;
}
2000-10-09 18:24:57 +02:00
}
else
{
gboolean got_eacces = 0 ;
2001-02-18 00:30:48 +01:00
const gchar * path , * p ;
2020-06-22 15:15:42 +02:00
gchar * name ;
2006-12-28 05:48:06 +01:00
gsize len ;
gsize pathlen ;
2000-10-09 18:24:57 +02:00
2020-06-22 14:59:48 +02:00
path = search_path ;
2000-10-09 18:24:57 +02:00
len = strlen ( file ) + 1 ;
pathlen = strlen ( path ) ;
2020-06-22 15:15:42 +02:00
name = search_path_buffer ;
if ( search_path_buffer_len < pathlen + len + 1 )
{
errno = ENOMEM ;
return - 1 ;
}
2000-10-09 18:24:57 +02:00
/* Copy the file name at the top, including '\0' */
memcpy ( name + pathlen + 1 , file , len ) ;
name = name + pathlen ;
/* And add the slash before the filename */
* name = ' / ' ;
p = path ;
do
{
char * startp ;
path = p ;
p = my_strchrnul ( path , ' : ' ) ;
if ( p = = path )
/* Two adjacent colons, or a colon at the beginning or the end
2013-05-20 22:54:48 +02:00
* of ' PATH ' means to search the current directory .
2000-10-09 18:24:57 +02:00
*/
startp = name + 1 ;
else
startp = memcpy ( name - ( p - path ) , path , p - path ) ;
/* Try to execute this name. If it works, execv will not return. */
if ( envp )
execve ( startp , argv , envp ) ;
else
execv ( startp , argv ) ;
2020-06-22 15:33:12 +02:00
if ( errno = = ENOEXEC & &
! script_execute ( startp , argv , argv_buffer , argv_buffer_len , envp ) )
{
errno = ENOMEM ;
return - 1 ;
}
2000-10-09 18:24:57 +02:00
switch ( errno )
{
case EACCES :
2013-05-20 22:54:48 +02:00
/* Record the we got a 'Permission denied' error. If we end
2000-10-09 18:24:57 +02:00
* up finding no executable we can use , we want to diagnose
* that we did find one but were denied access .
*/
got_eacces = TRUE ;
2020-03-04 09:48:15 +01:00
G_GNUC_FALLTHROUGH ;
2000-10-09 18:24:57 +02:00
case ENOENT :
# ifdef ESTALE
case ESTALE :
# endif
# ifdef ENOTDIR
case ENOTDIR :
# endif
/* Those errors indicate the file is missing or not executable
* by us , in which case we want to just try the next path
* directory .
*/
break ;
2012-03-16 00:16:02 +01:00
case ENODEV :
case ETIMEDOUT :
/* Some strange filesystems like AFS return even
* stranger error numbers . They cannot reasonably mean anything
* else so ignore those , too .
*/
break ;
2000-10-09 18:24:57 +02:00
default :
/* Some other error means we found an executable file, but
* something went wrong executing it ; return the error to our
* caller .
*/
return - 1 ;
}
}
while ( * p + + ! = ' \0 ' ) ;
/* We tried every element and none of them worked. */
if ( got_eacces )
/* At least one failure was due to permissions, so report that
* error .
*/
errno = EACCES ;
}
/* Return the error from the last attempt (probably ENOENT). */
return - 1 ;
}
2004-03-01 21:47:49 +01:00
/**
* g_spawn_close_pid :
2008-06-11 08:57:22 +02:00
* @ pid : The process reference to close
2004-03-01 21:47:49 +01:00
*
2008-06-11 08:57:22 +02:00
* On some platforms , notably Windows , the # GPid type represents a resource
2004-03-01 21:47:49 +01:00
* which must be closed to prevent resource leaking . g_spawn_close_pid ( )
* is provided for this purpose . It should be used on all platforms , even
* though it doesn ' t do anything under UNIX .
* */
void
g_spawn_close_pid ( GPid pid )
{
}