2000-10-09 16:24:57 +00:00
/* gspawn.c - Process launching
*
* Copyright 2000 Red Hat , Inc .
* g_execvpe implementation based on GNU libc execvp :
* Copyright 1991 , 92 , 95 , 96 , 97 , 98 , 99 Free Software Foundation , Inc .
*
2022-05-18 09:15:38 +01:00
* SPDX - License - Identifier : LGPL - 2.1 - or - later
*
2016-12-27 19:14:03 +01:00
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation ; either
2017-01-05 12:47:07 +01:00
* version 2.1 of the License , or ( at your option ) any later version .
2000-10-09 16:24:57 +00:00
*
2016-12-27 19:14:03 +01:00
* This library is distributed in the hope that it will be useful ,
2000-10-09 16:24:57 +00:00
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
* Lesser General Public License for more details .
*
2016-12-27 19:14:03 +01:00
* You should have received a copy of the GNU Lesser General Public License
* along with this library ; if not , see < http : //www.gnu.org/licenses/>.
2000-10-09 16:24:57 +00:00
*/
2002-12-04 01:27:44 +00:00
# include "config.h"
2002-02-17 23:28:43 +00:00
2000-10-09 16:24:57 +00:00
# include <sys/time.h>
# include <sys/types.h>
# include <sys/wait.h>
# include <unistd.h>
# include <errno.h>
# include <fcntl.h>
# include <signal.h>
# include <string.h>
2006-12-15 05:33:32 +00:00
# include <stdlib.h> /* for fdwalk */
2007-10-16 05:28:10 +00:00
# include <dirent.h>
2022-10-28 13:54:03 -04:00
# include <unistd.h>
2018-09-24 01:36:35 -05:00
# ifdef HAVE_SPAWN_H
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
# include <spawn.h>
2018-09-24 01:36:35 -05:00
# endif /* HAVE_SPAWN_H */
2000-10-09 16:24:57 +00:00
2018-06-23 16:07:02 +08:00
# ifdef HAVE_CRT_EXTERNS_H
# include <crt_externs.h> /* for _NSGetEnviron */
# endif
2000-11-02 11:38:10 +00:00
# ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
# endif /* HAVE_SYS_SELECT_H */
2007-10-16 05:28:10 +00:00
# ifdef HAVE_SYS_RESOURCE_H
# include <sys/resource.h>
# endif /* HAVE_SYS_RESOURCE_H */
2019-09-15 12:53:38 +08:00
# if defined(__linux__) || defined(__DragonFly__)
2018-11-24 13:22:57 +01:00
# include <sys/syscall.h> /* for syscall and SYS_getdents64 */
# endif
2010-09-05 00:23:03 -04:00
# include "gspawn.h"
2018-06-12 16:00:13 +01:00
# include "gspawn-private.h"
2012-08-28 05:52:24 -04:00
# include "gthread.h"
2020-06-25 22:27:10 +01:00
# include "gtrace-private.h"
2013-01-25 12:05:26 -05:00
# include "glib/gstdio.h"
2010-09-05 00:23:03 -04:00
2011-10-15 20:06:32 -04:00
# include "genviron.h"
2010-09-05 00:23:03 -04:00
# include "gmem.h"
2010-09-06 11:43:04 +01:00
# include "gshell.h"
2010-09-05 00:23:03 -04:00
# include "gstring.h"
2010-09-06 11:43:04 +01:00
# include "gstrfuncs.h"
2010-09-05 00:23:03 -04:00
# include "gtestutils.h"
# include "gutils.h"
2001-01-16 02:24:24 +00:00
# include "glibintl.h"
2012-11-10 13:16:29 -05:00
# include "glib-unix.h"
2011-07-06 22:13:05 +01:00
2023-11-06 14:46:52 +00:00
# if defined(__APPLE__) && defined(HAVE_LIBPROC_H)
2022-10-28 16:04:46 -04:00
# include <libproc.h>
# include <sys/proc_info.h>
# endif
2022-05-02 11:09:11 +02:00
# define INHERITS_OR_NULL_STDIN (G_SPAWN_STDIN_FROM_DEV_NULL | G_SPAWN_CHILD_INHERITS_STDIN)
# define INHERITS_OR_NULL_STDOUT (G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_CHILD_INHERITS_STDOUT)
# define INHERITS_OR_NULL_STDERR (G_SPAWN_STDERR_TO_DEV_NULL | G_SPAWN_CHILD_INHERITS_STDERR)
2022-10-28 13:54:03 -04:00
# define IS_STD_FILENO(_fd) ((_fd >= STDIN_FILENO) && (_fd <= STDERR_FILENO))
# define IS_VALID_FILENO(_fd) (_fd >= 0)
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
/* posix_spawn() is assumed the fastest way to spawn, but glibc's
* implementation was buggy before glibc 2.24 , so avoid it on old versions .
*/
# ifdef HAVE_POSIX_SPAWN
# ifdef __GLIBC__
# if __GLIBC_PREREQ(2,24)
# define POSIX_SPAWN_AVAILABLE
# endif
# else /* !__GLIBC__ */
/* Assume that all non-glibc posix_spawn implementations are fine. */
# define POSIX_SPAWN_AVAILABLE
# endif /* __GLIBC__ */
# endif /* HAVE_POSIX_SPAWN */
2018-06-23 16:07:02 +08:00
# ifdef HAVE__NSGETENVIRON
# define environ (*_NSGetEnviron())
# else
extern char * * environ ;
# endif
2018-08-11 21:52:17 +01:00
# ifndef O_CLOEXEC
# define O_CLOEXEC 0
# else
# define HAVE_O_CLOEXEC 1
# endif
2000-10-09 16:24:57 +00:00
static gint g_execute ( const gchar * file ,
2020-06-22 13:59:48 +01:00
gchar * * argv ,
2020-06-22 14:33:12 +01:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2020-06-22 13:59:48 +01:00
gchar * * envp ,
2020-06-22 14:15:42 +01:00
const gchar * search_path ,
gchar * search_path_buffer ,
gsize search_path_buffer_len ) ;
2000-10-09 16:24:57 +00:00
2020-10-13 12:43:25 +01:00
static gboolean fork_exec ( gboolean intermediate_child ,
const gchar * working_directory ,
const gchar * const * argv ,
const gchar * const * envp ,
gboolean close_descriptors ,
gboolean search_path ,
gboolean search_path_from_envp ,
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
gboolean file_and_argv_zero ,
gboolean cloexec_pipes ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
GPid * child_pid ,
gint * stdin_pipe_out ,
gint * stdout_pipe_out ,
gint * stderr_pipe_out ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
2020-10-13 13:17:38 +01:00
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
2020-10-13 12:43:25 +01:00
GError * * error ) ;
2018-05-28 10:09:21 -06:00
2012-08-28 13:15:56 -04:00
G_DEFINE_QUARK ( g - exec - error - quark , g_spawn_error )
G_DEFINE_QUARK ( g - spawn - exit - error - quark , g_spawn_exit_error )
2012-07-10 11:27:22 -04:00
2006-12-16 03:36:14 +00:00
/* Some versions of OS X define READ_OK in public headers */
2006-12-16 03:33:23 +00:00
# undef READ_OK
2000-10-09 16:24:57 +00:00
typedef enum
{
READ_FAILED = 0 , /* FALSE */
READ_OK ,
READ_EOF
} ReadResult ;
static ReadResult
read_data ( GString * str ,
gint fd ,
GError * * error )
{
2011-06-14 20:44:15 -04:00
gssize bytes ;
gchar buf [ 4096 ] ;
2000-10-09 16:24:57 +00:00
again :
2003-06-02 18:20:25 +00:00
bytes = read ( fd , buf , 4096 ) ;
2000-10-09 16:24:57 +00:00
if ( bytes = = 0 )
return READ_EOF ;
else if ( bytes > 0 )
{
g_string_append_len ( str , buf , bytes ) ;
return READ_OK ;
}
2011-06-14 20:44:15 -04:00
else if ( errno = = EINTR )
2000-10-09 16:24:57 +00:00
goto again ;
2011-06-14 20:44:15 -04:00
else
2000-10-09 16:24:57 +00:00
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2000-10-09 16:24:57 +00:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_READ ,
_ ( " Failed to read data from child process (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2011-06-14 20:44:15 -04:00
2000-10-09 16:24:57 +00:00
return READ_FAILED ;
}
}
gboolean
2024-07-15 16:12:57 +01:00
g_spawn_sync_impl ( const gchar * working_directory ,
gchar * * argv ,
gchar * * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
gchar * * standard_output ,
gchar * * standard_error ,
gint * wait_status ,
GError * * error )
2000-10-09 16:24:57 +00:00
{
gint outpipe = - 1 ;
gint errpipe = - 1 ;
2004-03-01 20:47:49 +00:00
GPid pid ;
2000-10-09 16:24:57 +00:00
gint ret ;
GString * outstr = NULL ;
GString * errstr = NULL ;
gboolean failed ;
gint status ;
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
2022-01-31 14:54:10 +00:00
g_return_val_if_fail ( argv [ 0 ] ! = NULL , FALSE ) ;
2000-10-09 16:24:57 +00:00
g_return_val_if_fail ( ! ( flags & G_SPAWN_DO_NOT_REAP_CHILD ) , FALSE ) ;
g_return_val_if_fail ( standard_output = = NULL | |
! ( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) , FALSE ) ;
g_return_val_if_fail ( standard_error = = NULL | |
! ( flags & G_SPAWN_STDERR_TO_DEV_NULL ) , FALSE ) ;
/* Just to ensure segfaults if callers try to use
* these when an error is reported .
*/
if ( standard_output )
* standard_output = NULL ;
if ( standard_error )
* standard_error = NULL ;
2020-10-13 12:43:25 +01:00
if ( ! fork_exec ( FALSE ,
working_directory ,
( const gchar * const * ) argv ,
( const gchar * const * ) envp ,
! ( flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN ) ,
( flags & G_SPAWN_SEARCH_PATH ) ! = 0 ,
( flags & G_SPAWN_SEARCH_PATH_FROM_ENVP ) ! = 0 ,
( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_STDERR_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_CHILD_INHERITS_STDIN ) ! = 0 ,
( flags & G_SPAWN_FILE_AND_ARGV_ZERO ) ! = 0 ,
( flags & G_SPAWN_CLOEXEC_PIPES ) ! = 0 ,
child_setup ,
user_data ,
& pid ,
NULL ,
standard_output ? & outpipe : NULL ,
standard_error ? & errpipe : NULL ,
- 1 , - 1 , - 1 ,
2020-10-13 13:17:38 +01:00
NULL , NULL , 0 ,
2020-10-13 12:43:25 +01:00
error ) )
2000-10-09 16:24:57 +00:00
return FALSE ;
/* Read data from child. */
failed = FALSE ;
if ( outpipe > = 0 )
{
2003-03-30 22:02:20 +00:00
outstr = g_string_new ( NULL ) ;
2000-10-09 16:24:57 +00:00
}
if ( errpipe > = 0 )
{
2003-03-30 22:02:20 +00:00
errstr = g_string_new ( NULL ) ;
2000-10-09 16:24:57 +00:00
}
/* Read data until we get EOF on both pipes. */
while ( ! failed & &
( outpipe > = 0 | |
errpipe > = 0 ) )
{
2019-10-25 16:36:45 +01:00
/* Any negative FD in the array is ignored, so we can use a fixed length.
* We can use UNIX FDs here without worrying about Windows HANDLEs because
* the Windows implementation is entirely in gspawn - win32 . c . */
GPollFD fds [ ] =
{
{ outpipe , G_IO_IN | G_IO_HUP | G_IO_ERR , 0 } ,
{ errpipe , G_IO_IN | G_IO_HUP | G_IO_ERR , 0 } ,
} ;
ret = g_poll ( fds , G_N_ELEMENTS ( fds ) , - 1 /* no timeout */ ) ;
2000-10-09 16:24:57 +00:00
2011-06-10 10:14:25 -04:00
if ( ret < 0 )
2000-10-09 16:24:57 +00:00
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2011-06-10 10:14:25 -04:00
if ( errno = = EINTR )
continue ;
2000-10-09 16:24:57 +00:00
failed = TRUE ;
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_READ ,
2019-10-25 16:36:45 +01:00
_ ( " Unexpected error in reading data from a child process (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 16:24:57 +00:00
break ;
}
2019-10-25 16:36:45 +01:00
if ( outpipe > = 0 & & fds [ 0 ] . revents ! = 0 )
2000-10-09 16:24:57 +00:00
{
switch ( read_data ( outstr , outpipe , error ) )
{
case READ_FAILED :
failed = TRUE ;
break ;
case READ_EOF :
2023-05-30 16:04:05 +01:00
g_clear_fd ( & outpipe , NULL ) ;
2000-10-09 16:24:57 +00:00
break ;
default :
break ;
}
if ( failed )
break ;
}
2019-10-25 16:36:45 +01:00
if ( errpipe > = 0 & & fds [ 1 ] . revents ! = 0 )
2000-10-09 16:24:57 +00:00
{
switch ( read_data ( errstr , errpipe , error ) )
{
case READ_FAILED :
failed = TRUE ;
break ;
case READ_EOF :
2023-05-30 16:04:05 +01:00
g_clear_fd ( & errpipe , NULL ) ;
2000-10-09 16:24:57 +00:00
break ;
default :
break ;
}
if ( failed )
break ;
}
}
/* These should only be open still if we had an error. */
2023-05-30 16:04:05 +01:00
g_clear_fd ( & outpipe , NULL ) ;
g_clear_fd ( & errpipe , NULL ) ;
2013-04-23 13:26:48 -04:00
/* Wait for child to exit, even if we have
* an error pending .
2012-10-29 15:44:16 -04:00
*/
2013-04-23 13:26:48 -04:00
again :
ret = waitpid ( pid , & status , 0 ) ;
if ( ret < 0 )
{
if ( errno = = EINTR )
goto again ;
else if ( errno = = ECHILD )
{
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
if ( wait_status )
2013-04-23 13:26:48 -04:00
{
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
g_warning ( " In call to g_spawn_sync(), wait status of a child process was requested but ECHILD was received by waitpid(). See the documentation of g_child_watch_source_new() for possible causes. " ) ;
2013-04-23 13:26:48 -04:00
}
else
{
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
/* We don't need the wait status. */
2013-04-23 13:26:48 -04:00
}
}
else
{
if ( ! failed ) /* avoid error pileups */
{
int errsv = errno ;
failed = TRUE ;
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_READ ,
_ ( " Unexpected error in waitpid() (%s) " ) ,
g_strerror ( errsv ) ) ;
}
}
}
2000-10-09 16:24:57 +00:00
if ( failed )
{
if ( outstr )
g_string_free ( outstr , TRUE ) ;
if ( errstr )
g_string_free ( errstr , TRUE ) ;
return FALSE ;
}
else
{
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
if ( wait_status )
* wait_status = status ;
2000-10-09 16:24:57 +00:00
if ( standard_output )
* standard_output = g_string_free ( outstr , FALSE ) ;
if ( standard_error )
* standard_error = g_string_free ( errstr , FALSE ) ;
return TRUE ;
}
}
gboolean
2024-07-15 16:12:57 +01:00
g_spawn_async_with_pipes_and_fds_impl ( const gchar * working_directory ,
const gchar * const * argv ,
const gchar * const * envp ,
GSpawnFlags flags ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
GPid * child_pid_out ,
gint * stdin_pipe_out ,
gint * stdout_pipe_out ,
gint * stderr_pipe_out ,
GError * * error )
2000-10-09 16:24:57 +00:00
{
g_return_val_if_fail ( argv ! = NULL , FALSE ) ;
2022-01-31 14:54:10 +00:00
g_return_val_if_fail ( argv [ 0 ] ! = NULL , FALSE ) ;
2022-05-02 11:09:11 +02:00
/* can’
g_return_val_if_fail ( ( flags & INHERITS_OR_NULL_STDIN ) ! = INHERITS_OR_NULL_STDIN , FALSE ) ;
g_return_val_if_fail ( ( flags & INHERITS_OR_NULL_STDOUT ) ! = INHERITS_OR_NULL_STDOUT , FALSE ) ;
g_return_val_if_fail ( ( flags & INHERITS_OR_NULL_STDERR ) ! = INHERITS_OR_NULL_STDERR , FALSE ) ;
2020-10-13 13:39:36 +01:00
/* can’
g_return_val_if_fail ( stdin_pipe_out = = NULL | | stdin_fd < 0 , FALSE ) ;
g_return_val_if_fail ( stdout_pipe_out = = NULL | | stdout_fd < 0 , FALSE ) ;
g_return_val_if_fail ( stderr_pipe_out = = NULL | | stderr_fd < 0 , FALSE ) ;
2022-05-02 11:09:11 +02:00
if ( ( flags & INHERITS_OR_NULL_STDIN ) ! = 0 )
stdin_pipe_out = NULL ;
if ( ( flags & INHERITS_OR_NULL_STDOUT ) ! = 0 )
stdout_pipe_out = NULL ;
if ( ( flags & INHERITS_OR_NULL_STDERR ) ! = 0 )
stderr_pipe_out = NULL ;
2020-10-13 12:43:25 +01:00
return fork_exec ( ! ( flags & G_SPAWN_DO_NOT_REAP_CHILD ) ,
working_directory ,
( const gchar * const * ) argv ,
( const gchar * const * ) envp ,
! ( flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN ) ,
( flags & G_SPAWN_SEARCH_PATH ) ! = 0 ,
( flags & G_SPAWN_SEARCH_PATH_FROM_ENVP ) ! = 0 ,
( flags & G_SPAWN_STDOUT_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_STDERR_TO_DEV_NULL ) ! = 0 ,
( flags & G_SPAWN_CHILD_INHERITS_STDIN ) ! = 0 ,
( flags & G_SPAWN_FILE_AND_ARGV_ZERO ) ! = 0 ,
( flags & G_SPAWN_CLOEXEC_PIPES ) ! = 0 ,
child_setup ,
user_data ,
2020-10-13 13:39:36 +01:00
child_pid_out ,
stdin_pipe_out ,
stdout_pipe_out ,
stderr_pipe_out ,
stdin_fd ,
stdout_fd ,
stderr_fd ,
source_fds ,
target_fds ,
n_fds ,
2020-10-13 12:43:25 +01:00
error ) ;
2000-10-09 16:24:57 +00:00
}
2018-05-28 10:09:21 -06:00
gboolean
2024-07-15 16:12:57 +01:00
g_spawn_check_wait_status_impl ( gint wait_status ,
GError * * error )
2012-07-10 11:27:22 -04:00
{
gboolean ret = FALSE ;
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
if ( WIFEXITED ( wait_status ) )
2012-07-10 11:27:22 -04:00
{
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
if ( WEXITSTATUS ( wait_status ) ! = 0 )
2012-07-10 11:27:22 -04:00
{
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
g_set_error ( error , G_SPAWN_EXIT_ERROR , WEXITSTATUS ( wait_status ) ,
2012-07-10 11:27:22 -04:00
_ ( " Child process exited with code %ld " ) ,
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
( long ) WEXITSTATUS ( wait_status ) ) ;
2012-07-10 11:27:22 -04:00
goto out ;
}
}
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
else if ( WIFSIGNALED ( wait_status ) )
2012-07-10 11:27:22 -04:00
{
g_set_error ( error , G_SPAWN_ERROR , G_SPAWN_ERROR_FAILED ,
_ ( " Child process killed by signal %ld " ) ,
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
( long ) WTERMSIG ( wait_status ) ) ;
2012-07-10 11:27:22 -04:00
goto out ;
}
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
else if ( WIFSTOPPED ( wait_status ) )
2012-07-10 11:27:22 -04:00
{
g_set_error ( error , G_SPAWN_ERROR , G_SPAWN_ERROR_FAILED ,
_ ( " Child process stopped by signal %ld " ) ,
Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:
enum { EXITED, SIGNALLED, ... } tag;
union {
int exit_status; /* if EXITED */
struct {
int terminating_signal;
bool core_dumped;
} terminating_signal; /* if SIGNALLED */
...
} detail;
Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.
I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".
GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.
Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:
#if !GLIB_CHECK_VERSION(2, 69, 0)
#define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
#endif
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-14 12:51:01 +01:00
( long ) WSTOPSIG ( wait_status ) ) ;
2012-07-10 11:27:22 -04:00
goto out ;
}
else
{
g_set_error ( error , G_SPAWN_ERROR , G_SPAWN_ERROR_FAILED ,
_ ( " Child process exited abnormally " ) ) ;
goto out ;
}
ret = TRUE ;
out :
return ret ;
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2003-06-02 18:20:25 +00:00
static gssize
write_all ( gint fd , gconstpointer vbuf , gsize to_write )
{
gchar * buf = ( gchar * ) vbuf ;
while ( to_write > 0 )
{
gssize count = write ( fd , buf , to_write ) ;
if ( count < 0 )
{
if ( errno ! = EINTR )
return FALSE ;
}
else
{
to_write - = count ;
buf + = count ;
}
}
return TRUE ;
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2019-09-03 19:43:41 +02:00
G_NORETURN
2000-10-09 16:24:57 +00:00
static void
write_err_and_exit ( gint fd , gint msg )
{
gint en = errno ;
2003-06-02 18:20:25 +00:00
write_all ( fd , & msg , sizeof ( msg ) ) ;
write_all ( fd , & en , sizeof ( en ) ) ;
2024-08-30 11:42:12 -05:00
close ( fd ) ;
2000-10-09 16:24:57 +00:00
_exit ( 1 ) ;
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2024-02-05 20:29:26 +00:00
static void
set_cloexec ( int fd )
2000-10-09 16:24:57 +00:00
{
2024-02-05 20:29:26 +00:00
fcntl ( fd , F_SETFD , FD_CLOEXEC ) ;
2000-10-09 16:24:57 +00:00
}
2020-10-13 13:17:38 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
static void
unset_cloexec ( int fd )
{
int flags ;
int result ;
flags = fcntl ( fd , F_GETFD , 0 ) ;
if ( flags ! = - 1 )
{
int errsv ;
flags & = ( ~ FD_CLOEXEC ) ;
do
{
result = fcntl ( fd , F_SETFD , flags ) ;
errsv = errno ;
}
while ( result = = - 1 & & errsv = = EINTR ) ;
}
}
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
static int
2021-12-14 13:36:27 -06:00
dupfd_cloexec ( int old_fd , int new_fd_min )
2020-10-13 13:17:38 +01:00
{
int fd , errsv ;
# ifdef F_DUPFD_CLOEXEC
do
{
2021-12-14 13:36:27 -06:00
fd = fcntl ( old_fd , F_DUPFD_CLOEXEC , new_fd_min ) ;
2020-10-13 13:17:38 +01:00
errsv = errno ;
}
while ( fd = = - 1 & & errsv = = EINTR ) ;
# else
/* OS X Snow Lion and earlier don't have F_DUPFD_CLOEXEC:
* https : //bugzilla.gnome.org/show_bug.cgi?id=710962
*/
int result , flags ;
do
{
2021-12-14 13:36:27 -06:00
fd = fcntl ( old_fd , F_DUPFD , new_fd_min ) ;
2020-10-13 13:17:38 +01:00
errsv = errno ;
}
while ( fd = = - 1 & & errsv = = EINTR ) ;
flags = fcntl ( fd , F_GETFD , 0 ) ;
if ( flags ! = - 1 )
{
flags | = FD_CLOEXEC ;
do
{
result = fcntl ( fd , F_SETFD , flags ) ;
errsv = errno ;
}
while ( result = = - 1 & & errsv = = EINTR ) ;
}
# endif
return fd ;
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2000-10-09 16:24:57 +00:00
static gint
2020-06-23 10:49:44 +01:00
safe_dup2 ( gint fd1 , gint fd2 )
2000-10-09 16:24:57 +00:00
{
gint ret ;
2019-09-26 14:10:36 +01:00
do
ret = dup2 ( fd1 , fd2 ) ;
2019-09-26 14:13:01 +01:00
while ( ret < 0 & & ( errno = = EINTR | | errno = = EBUSY ) ) ;
2000-10-09 16:24:57 +00:00
return ret ;
}
2022-10-28 13:54:03 -04:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
static gboolean
relocate_fd_out_of_standard_range ( gint * fd )
{
gint ret = - 1 ;
const int min_fileno = STDERR_FILENO + 1 ;
do
ret = fcntl ( * fd , F_DUPFD , min_fileno ) ;
while ( ret < 0 & & errno = = EINTR ) ;
/* Note we don't need to close the old fd, because the caller is expected
* to close fds in the standard range itself .
*/
if ( ret > = min_fileno )
{
* fd = ret ;
return TRUE ;
}
return FALSE ;
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2011-06-10 10:14:25 -04:00
static gint
2020-06-23 10:49:44 +01:00
safe_open ( const char * path , gint mode )
2011-06-10 10:14:25 -04:00
{
gint ret ;
2019-09-26 14:10:36 +01:00
do
ret = open ( path , mode ) ;
while ( ret < 0 & & errno = = EINTR ) ;
2011-06-10 10:14:25 -04:00
return ret ;
}
2000-10-09 16:24:57 +00:00
enum
{
CHILD_CHDIR_FAILED ,
CHILD_EXEC_FAILED ,
2021-12-14 13:36:30 -06:00
CHILD_OPEN_FAILED ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ,
2022-01-17 15:27:24 +00:00
CHILD_FORK_FAILED ,
CHILD_CLOSE_FAILED ,
2000-10-09 16:24:57 +00:00
} ;
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
2022-01-31 14:54:10 +00:00
* async - signal - safe ( see signal - safety ( 7 ) ) until it calls exec ( ) .
*
* All callers must guarantee that @ argv and @ argv [ 0 ] are non - NULL . */
2000-10-09 16:24:57 +00:00
static void
do_exec ( gint child_err_report_fd ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
2020-10-13 13:17:38 +01:00
gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
2000-10-09 16:24:57 +00:00
const gchar * working_directory ,
2020-10-13 12:43:25 +01:00
const gchar * const * argv ,
2020-06-22 14:33:12 +01:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2020-10-13 12:43:25 +01:00
const gchar * const * envp ,
2000-10-09 16:24:57 +00:00
gboolean close_descriptors ,
2020-06-22 13:59:48 +01:00
const gchar * search_path ,
2020-06-22 14:15:42 +01:00
gchar * search_path_buffer ,
gsize search_path_buffer_len ,
2000-10-09 16:24:57 +00:00
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
2001-06-08 19:41:51 +00:00
gboolean file_and_argv_zero ,
2000-10-09 16:24:57 +00:00
GSpawnChildSetupFunc child_setup ,
gpointer user_data )
{
2020-10-13 13:17:38 +01:00
gsize i ;
2021-12-14 13:36:27 -06:00
gint max_target_fd = 0 ;
2020-10-13 13:17:38 +01:00
2000-10-09 16:24:57 +00:00
if ( working_directory & & chdir ( working_directory ) < 0 )
write_err_and_exit ( child_err_report_fd ,
CHILD_CHDIR_FAILED ) ;
2022-10-28 13:54:03 -04:00
/* It's possible the caller assigned stdin to an fd with a
* file number that is supposed to be reserved for
* stdout or stderr .
*
* If so , move it up out of the standard range , so it doesn ' t
* cause a conflict .
*/
if ( IS_STD_FILENO ( stdin_fd ) & & stdin_fd ! = STDIN_FILENO )
{
int old_fd = stdin_fd ;
if ( ! relocate_fd_out_of_standard_range ( & stdin_fd ) )
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
if ( stdout_fd = = old_fd )
stdout_fd = stdin_fd ;
if ( stderr_fd = = old_fd )
stderr_fd = stdin_fd ;
}
/* Redirect pipes as required
*
* There are two cases where we don ' t need to do the redirection
* 1. Where the associated file descriptor is cleared / invalid
* 2. When the associated file descriptor is already given the
* correct file number .
*/
if ( IS_VALID_FILENO ( stdin_fd ) & & stdin_fd ! = STDIN_FILENO )
2000-10-09 16:24:57 +00:00
{
2020-06-23 10:49:44 +01:00
if ( safe_dup2 ( stdin_fd , 0 ) < 0 )
2000-10-09 16:24:57 +00:00
write_err_and_exit ( child_err_report_fd ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ) ;
2000-10-09 16:24:57 +00:00
2024-02-05 20:29:26 +00:00
set_cloexec ( stdin_fd ) ;
2000-10-09 16:24:57 +00:00
}
else if ( ! child_inherits_stdin )
{
/* Keep process from blocking on a read of stdin */
2020-06-23 10:49:44 +01:00
gint read_null = safe_open ( " /dev/null " , O_RDONLY ) ;
2020-06-22 13:11:32 +01:00
if ( read_null < 0 )
write_err_and_exit ( child_err_report_fd ,
2021-12-14 13:36:30 -06:00
CHILD_OPEN_FAILED ) ;
2021-12-14 13:36:30 -06:00
if ( safe_dup2 ( read_null , 0 ) < 0 )
write_err_and_exit ( child_err_report_fd ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ) ;
2023-05-30 16:04:05 +01:00
g_clear_fd ( & read_null , NULL ) ;
2000-10-09 16:24:57 +00:00
}
2022-10-28 13:54:03 -04:00
/* Like with stdin above, it's possible the caller assigned
* stdout to an fd with a file number that ' s intruding on the
* standard range .
*
* If so , move it out of the way , too .
*/
if ( IS_STD_FILENO ( stdout_fd ) & & stdout_fd ! = STDOUT_FILENO )
{
int old_fd = stdout_fd ;
if ( ! relocate_fd_out_of_standard_range ( & stdout_fd ) )
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
if ( stderr_fd = = old_fd )
stderr_fd = stdout_fd ;
}
if ( IS_VALID_FILENO ( stdout_fd ) & & stdout_fd ! = STDOUT_FILENO )
2000-10-09 16:24:57 +00:00
{
2020-06-23 10:49:44 +01:00
if ( safe_dup2 ( stdout_fd , 1 ) < 0 )
2000-10-09 16:24:57 +00:00
write_err_and_exit ( child_err_report_fd ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ) ;
2000-10-09 16:24:57 +00:00
2024-02-05 20:29:26 +00:00
set_cloexec ( stdout_fd ) ;
2000-10-09 16:24:57 +00:00
}
else if ( stdout_to_null )
{
2020-06-23 10:49:44 +01:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY ) ;
2020-06-22 13:11:32 +01:00
if ( write_null < 0 )
write_err_and_exit ( child_err_report_fd ,
2021-12-14 13:36:30 -06:00
CHILD_OPEN_FAILED ) ;
2021-12-14 13:36:30 -06:00
if ( safe_dup2 ( write_null , 1 ) < 0 )
write_err_and_exit ( child_err_report_fd ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ) ;
2023-05-30 16:04:05 +01:00
g_clear_fd ( & write_null , NULL ) ;
2000-10-09 16:24:57 +00:00
}
2022-10-28 13:54:03 -04:00
if ( IS_STD_FILENO ( stderr_fd ) & & stderr_fd ! = STDERR_FILENO )
{
if ( ! relocate_fd_out_of_standard_range ( & stderr_fd ) )
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
}
/* Like with stdin/stdout above, it's possible the caller assigned
* stderr to an fd with a file number that ' s intruding on the
* standard range .
*
* Make sure it ' s out of the way , also .
*/
if ( IS_VALID_FILENO ( stderr_fd ) & & stderr_fd ! = STDERR_FILENO )
2000-10-09 16:24:57 +00:00
{
2020-06-23 10:49:44 +01:00
if ( safe_dup2 ( stderr_fd , 2 ) < 0 )
2000-10-09 16:24:57 +00:00
write_err_and_exit ( child_err_report_fd ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ) ;
2000-10-09 16:24:57 +00:00
2024-02-05 20:29:26 +00:00
set_cloexec ( stderr_fd ) ;
2000-10-09 16:24:57 +00:00
}
else if ( stderr_to_null )
{
2020-06-23 10:49:44 +01:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY ) ;
2020-10-05 12:31:28 +01:00
if ( write_null < 0 )
write_err_and_exit ( child_err_report_fd ,
2021-12-14 13:36:30 -06:00
CHILD_OPEN_FAILED ) ;
2021-12-14 13:36:30 -06:00
if ( safe_dup2 ( write_null , 2 ) < 0 )
write_err_and_exit ( child_err_report_fd ,
2022-10-31 09:39:59 -04:00
CHILD_DUPFD_FAILED ) ;
2023-05-30 16:04:05 +01:00
g_clear_fd ( & write_null , NULL ) ;
2000-10-09 16:24:57 +00:00
}
2019-09-15 12:53:38 +08:00
2020-10-13 13:17:38 +01:00
/* Close all file descriptors but stdin, stdout and stderr, and any of source_fds,
2019-09-15 12:53:38 +08:00
* before we exec . Note that this includes
* child_err_report_fd , which keeps the parent from blocking
* forever on the other end of that pipe .
*/
if ( close_descriptors )
{
2020-10-13 13:17:38 +01:00
if ( child_setup = = NULL & & n_fds = = 0 )
2019-09-15 12:53:38 +08:00
{
2021-12-14 13:36:30 -06:00
if ( safe_dup2 ( child_err_report_fd , 3 ) < 0 )
2022-10-31 09:39:59 -04:00
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
2024-02-05 20:29:26 +00:00
set_cloexec ( 3 ) ;
glib-unix: Add g_closefrom(), g_fdwalk_set_cloexec()
These are the same as Linux `close_range (lowfd, ~0U, 0)` and
`close_range (lowfd, ~0U, CLOSE_RANGE_CLOEXEC)`, but portable.
Unlike some implementations of BSD closefrom(3), they are
async-signal-safe.
The implementations were moved from the GSpawn code, which already
needs all of this functionality anyway, with the exception of
set_cloexec() which was copied (leading to some minor duplication,
but it's very simple).
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3247
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-02-05 20:26:52 +00:00
if ( g_closefrom ( 4 ) < 0 )
2022-01-17 15:27:24 +00:00
write_err_and_exit ( child_err_report_fd , CHILD_CLOSE_FAILED ) ;
2019-09-15 12:53:38 +08:00
child_err_report_fd = 3 ;
}
else
{
glib-unix: Add g_closefrom(), g_fdwalk_set_cloexec()
These are the same as Linux `close_range (lowfd, ~0U, 0)` and
`close_range (lowfd, ~0U, CLOSE_RANGE_CLOEXEC)`, but portable.
Unlike some implementations of BSD closefrom(3), they are
async-signal-safe.
The implementations were moved from the GSpawn code, which already
needs all of this functionality anyway, with the exception of
set_cloexec() which was copied (leading to some minor duplication,
but it's very simple).
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3247
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-02-05 20:26:52 +00:00
if ( g_fdwalk_set_cloexec ( 3 ) < 0 )
2022-01-17 15:27:24 +00:00
write_err_and_exit ( child_err_report_fd , CHILD_CLOSE_FAILED ) ;
2019-09-15 12:53:38 +08:00
}
}
else
{
/* We need to do child_err_report_fd anyway */
2024-02-05 20:29:26 +00:00
set_cloexec ( child_err_report_fd ) ;
2019-09-15 12:53:38 +08:00
}
2020-10-13 13:17:38 +01:00
/*
* Work through the @ source_fds and @ target_fds mapping .
*
2021-12-14 13:36:27 -06:00
* Based on code originally derived from
2020-10-13 13:17:38 +01:00
* gnome - terminal : src / terminal - screen . c : terminal_screen_child_setup ( ) ,
2021-12-14 13:36:27 -06:00
* used under the LGPLv2 + with permission from author . ( The code has
* since migrated to vte : src / spawn . cc : SpawnContext : : exec and is no longer
* terribly similar to what we have here . )
2020-10-13 13:17:38 +01:00
*/
if ( n_fds > 0 )
{
2021-12-14 13:36:27 -06:00
for ( i = 0 ; i < n_fds ; i + + )
max_target_fd = MAX ( max_target_fd , target_fds [ i ] ) ;
if ( max_target_fd = = G_MAXINT )
{
errno = EINVAL ;
2022-10-31 09:39:59 -04:00
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
2021-12-14 13:36:27 -06:00
}
/* If we're doing remapping fd assignments, we need to handle
* the case where the user has specified e . g . 5 - > 4 , 4 - > 6.
* We do this by duping all source fds , taking care to ensure the new
* fds are larger than any target fd to avoid introducing new conflicts .
*/
2020-10-13 13:17:38 +01:00
for ( i = 0 ; i < n_fds ; i + + )
{
if ( source_fds [ i ] ! = target_fds [ i ] )
2021-12-14 13:36:30 -06:00
{
source_fds [ i ] = dupfd_cloexec ( source_fds [ i ] , max_target_fd + 1 ) ;
if ( source_fds [ i ] < 0 )
2022-10-31 09:39:59 -04:00
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
2021-12-14 13:36:30 -06:00
}
2020-10-13 13:17:38 +01:00
}
2021-12-14 13:36:27 -06:00
2020-10-13 13:17:38 +01:00
for ( i = 0 ; i < n_fds ; i + + )
{
2021-12-14 13:36:27 -06:00
/* For basic fd assignments (where source == target), we can just
* unset FD_CLOEXEC .
*/
2020-10-13 13:17:38 +01:00
if ( source_fds [ i ] = = target_fds [ i ] )
{
unset_cloexec ( source_fds [ i ] ) ;
}
else
{
2021-12-14 13:36:27 -06:00
/* If any of the @target_fds conflict with @child_err_report_fd,
* dup it so it doesn ’ t get conflated .
*/
2020-10-13 13:25:21 +01:00
if ( target_fds [ i ] = = child_err_report_fd )
2021-12-14 13:36:30 -06:00
{
child_err_report_fd = dupfd_cloexec ( child_err_report_fd , max_target_fd + 1 ) ;
if ( child_err_report_fd < 0 )
2022-10-31 09:39:59 -04:00
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
2021-12-14 13:36:30 -06:00
}
if ( safe_dup2 ( source_fds [ i ] , target_fds [ i ] ) < 0 )
2022-10-31 09:39:59 -04:00
write_err_and_exit ( child_err_report_fd , CHILD_DUPFD_FAILED ) ;
2020-10-13 13:25:21 +01:00
2023-05-30 16:04:05 +01:00
g_clear_fd ( & source_fds [ i ] , NULL ) ;
2020-10-13 13:17:38 +01:00
}
}
}
2000-10-09 16:24:57 +00:00
/* Call user function just before we exec */
if ( child_setup )
{
( * child_setup ) ( user_data ) ;
}
2001-06-08 19:41:51 +00:00
g_execute ( argv [ 0 ] ,
2020-10-13 12:43:25 +01:00
( gchar * * ) ( file_and_argv_zero ? argv + 1 : argv ) ,
2020-06-22 14:33:12 +01:00
argv_buffer , argv_buffer_len ,
2020-10-13 12:43:25 +01:00
( gchar * * ) envp , search_path , search_path_buffer , search_path_buffer_len ) ;
2000-10-09 16:24:57 +00:00
/* Exec failed */
write_err_and_exit ( child_err_report_fd ,
CHILD_EXEC_FAILED ) ;
}
static gboolean
read_ints ( int fd ,
gint * buf ,
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
gint n_ints_in_buf ,
gint * n_ints_read ,
2000-10-09 16:24:57 +00:00
GError * * error )
{
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
gsize bytes = 0 ;
2000-10-09 16:24:57 +00:00
while ( TRUE )
{
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
gssize chunk ;
2000-10-09 16:24:57 +00:00
if ( bytes > = sizeof ( gint ) * 2 )
break ; /* give up, who knows what happened, should not be
* possible .
*/
again :
chunk = read ( fd ,
( ( gchar * ) buf ) + bytes ,
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
sizeof ( gint ) * n_ints_in_buf - bytes ) ;
2000-10-09 16:24:57 +00:00
if ( chunk < 0 & & errno = = EINTR )
goto again ;
if ( chunk < 0 )
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2000-10-09 16:24:57 +00:00
/* Some weird shit happened, bail out */
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to read from child pipe (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 16:24:57 +00:00
return FALSE ;
}
else if ( chunk = = 0 )
break ; /* EOF */
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
else /* chunk > 0 */
bytes + = chunk ;
2000-10-09 16:24:57 +00:00
}
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
* n_ints_read = ( gint ) ( bytes / sizeof ( gint ) ) ;
2000-10-09 16:24:57 +00:00
return TRUE ;
}
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
# ifdef POSIX_SPAWN_AVAILABLE
static gboolean
2020-10-13 12:43:25 +01:00
do_posix_spawn ( const gchar * const * argv ,
const gchar * const * envp ,
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
gboolean search_path ,
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
gboolean file_and_argv_zero ,
GPid * child_pid ,
gint * child_close_fds ,
gint stdin_fd ,
gint stdout_fd ,
2021-12-14 13:36:28 -06:00
gint stderr_fd ,
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds )
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
{
pid_t pid ;
2021-12-14 13:36:28 -06:00
gint * duped_source_fds = NULL ;
gint max_target_fd = 0 ;
2020-10-13 12:43:25 +01:00
const gchar * const * argv_pass ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
posix_spawnattr_t attr ;
posix_spawn_file_actions_t file_actions ;
gint parent_close_fds [ 3 ] ;
2021-12-14 13:36:28 -06:00
gsize num_parent_close_fds = 0 ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
GSList * child_close = NULL ;
GSList * elem ;
sigset_t mask ;
2021-12-14 13:36:28 -06:00
gsize i ;
int r ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
2022-01-31 14:54:10 +00:00
g_assert ( argv ! = NULL & & argv [ 0 ] ! = NULL ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
if ( * argv [ 0 ] = = ' \0 ' )
{
/* We check the simple case first. */
return ENOENT ;
}
r = posix_spawnattr_init ( & attr ) ;
if ( r ! = 0 )
return r ;
if ( child_close_fds )
{
int i = - 1 ;
while ( child_close_fds [ + + i ] ! = - 1 )
child_close = g_slist_prepend ( child_close ,
GINT_TO_POINTER ( child_close_fds [ i ] ) ) ;
}
2018-07-13 13:37:11 +02:00
r = posix_spawnattr_setflags ( & attr , POSIX_SPAWN_SETSIGDEF ) ;
if ( r ! = 0 )
goto out_free_spawnattr ;
/* Reset some signal handlers that we may use */
sigemptyset ( & mask ) ;
sigaddset ( & mask , SIGCHLD ) ;
sigaddset ( & mask , SIGINT ) ;
sigaddset ( & mask , SIGTERM ) ;
sigaddset ( & mask , SIGHUP ) ;
r = posix_spawnattr_setsigdefault ( & attr , & mask ) ;
if ( r ! = 0 )
goto out_free_spawnattr ;
r = posix_spawn_file_actions_init ( & file_actions ) ;
if ( r ! = 0 )
goto out_free_spawnattr ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
/* Redirect pipes as required */
if ( stdin_fd > = 0 )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , stdin_fd , 0 ) ;
if ( r ! = 0 )
goto out_close_fds ;
if ( ! g_slist_find ( child_close , GINT_TO_POINTER ( stdin_fd ) ) )
child_close = g_slist_prepend ( child_close , GINT_TO_POINTER ( stdin_fd ) ) ;
}
else if ( ! child_inherits_stdin )
{
/* Keep process from blocking on a read of stdin */
2020-06-23 10:49:44 +01:00
gint read_null = safe_open ( " /dev/null " , O_RDONLY | O_CLOEXEC ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
g_assert ( read_null ! = - 1 ) ;
parent_close_fds [ num_parent_close_fds + + ] = read_null ;
2018-08-11 21:52:17 +01:00
# ifndef HAVE_O_CLOEXEC
fcntl ( read_null , F_SETFD , FD_CLOEXEC ) ;
# endif
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
r = posix_spawn_file_actions_adddup2 ( & file_actions , read_null , 0 ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
if ( stdout_fd > = 0 )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , stdout_fd , 1 ) ;
if ( r ! = 0 )
goto out_close_fds ;
if ( ! g_slist_find ( child_close , GINT_TO_POINTER ( stdout_fd ) ) )
child_close = g_slist_prepend ( child_close , GINT_TO_POINTER ( stdout_fd ) ) ;
}
else if ( stdout_to_null )
{
2020-06-23 10:49:44 +01:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY | O_CLOEXEC ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
g_assert ( write_null ! = - 1 ) ;
parent_close_fds [ num_parent_close_fds + + ] = write_null ;
2018-08-11 21:52:17 +01:00
# ifndef HAVE_O_CLOEXEC
2018-08-30 18:04:35 -05:00
fcntl ( write_null , F_SETFD , FD_CLOEXEC ) ;
2018-08-11 21:52:17 +01:00
# endif
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
r = posix_spawn_file_actions_adddup2 ( & file_actions , write_null , 1 ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
if ( stderr_fd > = 0 )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , stderr_fd , 2 ) ;
if ( r ! = 0 )
goto out_close_fds ;
if ( ! g_slist_find ( child_close , GINT_TO_POINTER ( stderr_fd ) ) )
child_close = g_slist_prepend ( child_close , GINT_TO_POINTER ( stderr_fd ) ) ;
}
else if ( stderr_to_null )
{
2020-06-23 10:49:44 +01:00
gint write_null = safe_open ( " /dev/null " , O_WRONLY | O_CLOEXEC ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
g_assert ( write_null ! = - 1 ) ;
parent_close_fds [ num_parent_close_fds + + ] = write_null ;
2018-08-11 21:52:17 +01:00
# ifndef HAVE_O_CLOEXEC
2018-08-30 18:04:35 -05:00
fcntl ( write_null , F_SETFD , FD_CLOEXEC ) ;
2018-08-11 21:52:17 +01:00
# endif
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
r = posix_spawn_file_actions_adddup2 ( & file_actions , write_null , 2 ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
2021-12-14 13:36:28 -06:00
/* If source_fds[i] != target_fds[i], we need to handle the case
* where the user has specified , e . g . , 5 - > 4 , 4 - > 6. We do this
* by duping the source fds , taking care to ensure the new fds are
* larger than any target fd to avoid introducing new conflicts .
*
* If source_fds [ i ] = = target_fds [ i ] , then we just need to leak
* the fd into the child process , which we * could * do by temporarily
* unsetting CLOEXEC and then setting it again after we spawn if
* it was originally set . POSIX requires that the addup2 action unset
* CLOEXEC if source and target are identical , so you ' d think doing it
* manually wouldn ' t be needed , but unfortunately as of 2021 many
* libcs still don ' t do so . Example nonconforming libcs :
* Bionic : https : //android.googlesource.com/platform/bionic/+/f6e5b582604715729b09db3e36a7aeb8c24b36a4/libc/bionic/spawn.cpp#71
* uclibc - ng : https : //cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/librt/spawn.c?id=7c36bcae09d66bbaa35cbb02253ae0556f42677e#n88
*
* Anyway , unsetting CLOEXEC ourselves would open a small race window
* where the fd could be inherited into a child process if another
* thread spawns something at the same time , because we have not
* called fork ( ) and are multithreaded here . This race is avoidable by
* using dupfd_cloexec , which we already have to do to handle the
* source_fds [ i ] ! = target_fds [ i ] case . So let ' s always do it !
*/
for ( i = 0 ; i < n_fds ; i + + )
max_target_fd = MAX ( max_target_fd , target_fds [ i ] ) ;
if ( max_target_fd = = G_MAXINT )
goto out_close_fds ;
duped_source_fds = g_new ( gint , n_fds ) ;
2024-04-12 15:58:20 +01:00
for ( i = 0 ; i < n_fds ; i + + )
duped_source_fds [ i ] = - 1 ; /* initialise in case dupfd_cloexec() fails below */
2021-12-14 13:36:28 -06:00
for ( i = 0 ; i < n_fds ; i + + )
2021-12-14 13:36:30 -06:00
{
duped_source_fds [ i ] = dupfd_cloexec ( source_fds [ i ] , max_target_fd + 1 ) ;
if ( duped_source_fds [ i ] < 0 )
goto out_close_fds ;
}
2021-12-14 13:36:28 -06:00
for ( i = 0 ; i < n_fds ; i + + )
{
r = posix_spawn_file_actions_adddup2 ( & file_actions , duped_source_fds [ i ] , target_fds [ i ] ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
/* Intentionally close the fds in the child as the last file action,
* having been careful not to add the same fd to this list twice .
*
* This is important to allow ( e . g . ) for the same fd to be passed as stdout
* and stderr ( we must not close it before we have dupped it in both places ,
* and we must not attempt to close it twice ) .
*/
for ( elem = child_close ; elem ! = NULL ; elem = elem - > next )
{
r = posix_spawn_file_actions_addclose ( & file_actions ,
GPOINTER_TO_INT ( elem - > data ) ) ;
if ( r ! = 0 )
goto out_close_fds ;
}
argv_pass = file_and_argv_zero ? argv + 1 : argv ;
if ( envp = = NULL )
2020-10-13 12:43:25 +01:00
envp = ( const gchar * const * ) environ ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
/* Don't search when it contains a slash. */
if ( ! search_path | | strchr ( argv [ 0 ] , ' / ' ) ! = NULL )
2020-10-13 12:43:25 +01:00
r = posix_spawn ( & pid , argv [ 0 ] , & file_actions , & attr , ( char * const * ) argv_pass , ( char * const * ) envp ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
else
2020-10-13 12:43:25 +01:00
r = posix_spawnp ( & pid , argv [ 0 ] , & file_actions , & attr , ( char * const * ) argv_pass , ( char * const * ) envp ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
if ( r = = 0 & & child_pid ! = NULL )
* child_pid = pid ;
out_close_fds :
for ( i = 0 ; i < num_parent_close_fds ; i + + )
2023-05-30 16:04:05 +01:00
g_clear_fd ( & parent_close_fds [ i ] , NULL ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
2021-12-14 13:36:28 -06:00
if ( duped_source_fds ! = NULL )
{
for ( i = 0 ; i < n_fds ; i + + )
2023-05-30 16:04:05 +01:00
g_clear_fd ( & duped_source_fds [ i ] , NULL ) ;
2021-12-14 13:36:28 -06:00
g_free ( duped_source_fds ) ;
}
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
posix_spawn_file_actions_destroy ( & file_actions ) ;
out_free_spawnattr :
posix_spawnattr_destroy ( & attr ) ;
g_slist_free ( child_close ) ;
return r ;
}
# endif /* POSIX_SPAWN_AVAILABLE */
2023-05-31 12:00:58 +01:00
static gboolean
source_fds_collide_with_pipe ( const GUnixPipe * pipefd ,
const int * source_fds ,
gsize n_fds ,
GError * * error )
{
return ( _g_spawn_invalid_source_fd ( pipefd - > fds [ G_UNIX_PIPE_END_READ ] , source_fds , n_fds , error ) | |
_g_spawn_invalid_source_fd ( pipefd - > fds [ G_UNIX_PIPE_END_WRITE ] , source_fds , n_fds , error ) ) ;
}
2000-10-09 16:24:57 +00:00
static gboolean
2020-10-13 12:43:25 +01:00
fork_exec ( gboolean intermediate_child ,
const gchar * working_directory ,
const gchar * const * argv ,
const gchar * const * envp ,
gboolean close_descriptors ,
gboolean search_path ,
gboolean search_path_from_envp ,
gboolean stdout_to_null ,
gboolean stderr_to_null ,
gboolean child_inherits_stdin ,
gboolean file_and_argv_zero ,
gboolean cloexec_pipes ,
GSpawnChildSetupFunc child_setup ,
gpointer user_data ,
GPid * child_pid ,
gint * stdin_pipe_out ,
gint * stdout_pipe_out ,
gint * stderr_pipe_out ,
gint stdin_fd ,
gint stdout_fd ,
gint stderr_fd ,
2020-10-13 13:17:38 +01:00
const gint * source_fds ,
const gint * target_fds ,
gsize n_fds ,
2020-10-13 12:43:25 +01:00
GError * * error )
2000-10-09 16:24:57 +00:00
{
2004-03-01 20:47:49 +00:00
GPid pid = - 1 ;
2023-05-31 12:00:58 +01:00
GUnixPipe child_err_report_pipe = G_UNIX_PIPE_INIT ;
GUnixPipe child_pid_report_pipe = G_UNIX_PIPE_INIT ;
2023-11-27 16:46:31 -05:00
guint pipe_flags = cloexec_pipes ? O_CLOEXEC : 0 ;
2000-10-09 16:24:57 +00:00
gint status ;
2020-06-22 13:59:48 +01:00
const gchar * chosen_search_path ;
2020-06-22 14:15:42 +01:00
gchar * search_path_buffer = NULL ;
2021-01-29 12:26:00 +01:00
gchar * search_path_buffer_heap = NULL ;
2020-06-22 14:15:42 +01:00
gsize search_path_buffer_len = 0 ;
2020-06-22 14:33:12 +01:00
gchar * * argv_buffer = NULL ;
2021-01-29 12:26:00 +01:00
gchar * * argv_buffer_heap = NULL ;
2020-06-22 14:33:12 +01:00
gsize argv_buffer_len = 0 ;
2023-05-31 12:00:58 +01:00
GUnixPipe stdin_pipe = G_UNIX_PIPE_INIT ;
GUnixPipe stdout_pipe = G_UNIX_PIPE_INIT ;
GUnixPipe stderr_pipe = G_UNIX_PIPE_INIT ;
2020-10-13 12:43:25 +01:00
gint child_close_fds [ 4 ] = { - 1 , - 1 , - 1 , - 1 } ;
gint n_child_close_fds = 0 ;
2020-10-13 13:17:38 +01:00
gint * source_fds_copy = NULL ;
2020-10-13 12:43:25 +01:00
2022-01-31 14:54:10 +00:00
g_assert ( argv ! = NULL & & argv [ 0 ] ! = NULL ) ;
2020-10-13 12:43:25 +01:00
g_assert ( stdin_pipe_out = = NULL | | stdin_fd < 0 ) ;
g_assert ( stdout_pipe_out = = NULL | | stdout_fd < 0 ) ;
g_assert ( stderr_pipe_out = = NULL | | stderr_fd < 0 ) ;
/* If pipes have been requested, open them */
if ( stdin_pipe_out ! = NULL )
{
2023-05-31 12:00:58 +01:00
if ( ! g_unix_pipe_open ( & stdin_pipe , pipe_flags , error ) )
2020-10-13 12:43:25 +01:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
if ( source_fds_collide_with_pipe ( & stdin_pipe , source_fds , n_fds , error ) )
2022-02-08 00:11:00 +04:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
child_close_fds [ n_child_close_fds + + ] = g_unix_pipe_get ( & stdin_pipe , G_UNIX_PIPE_END_WRITE ) ;
stdin_fd = g_unix_pipe_get ( & stdin_pipe , G_UNIX_PIPE_END_READ ) ;
2020-10-13 12:43:25 +01:00
}
if ( stdout_pipe_out ! = NULL )
{
2023-05-31 12:00:58 +01:00
if ( ! g_unix_pipe_open ( & stdout_pipe , pipe_flags , error ) )
2020-10-13 12:43:25 +01:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
if ( source_fds_collide_with_pipe ( & stdout_pipe , source_fds , n_fds , error ) )
2022-02-08 00:11:00 +04:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
child_close_fds [ n_child_close_fds + + ] = g_unix_pipe_get ( & stdout_pipe , G_UNIX_PIPE_END_READ ) ;
stdout_fd = g_unix_pipe_get ( & stdout_pipe , G_UNIX_PIPE_END_WRITE ) ;
2020-10-13 12:43:25 +01:00
}
if ( stderr_pipe_out ! = NULL )
{
2023-05-31 12:00:58 +01:00
if ( ! g_unix_pipe_open ( & stderr_pipe , pipe_flags , error ) )
2020-10-13 12:43:25 +01:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
if ( source_fds_collide_with_pipe ( & stderr_pipe , source_fds , n_fds , error ) )
2022-02-08 00:11:00 +04:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
child_close_fds [ n_child_close_fds + + ] = g_unix_pipe_get ( & stderr_pipe , G_UNIX_PIPE_END_READ ) ;
stderr_fd = g_unix_pipe_get ( & stderr_pipe , G_UNIX_PIPE_END_WRITE ) ;
2020-10-13 12:43:25 +01:00
}
child_close_fds [ n_child_close_fds + + ] = - 1 ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
# ifdef POSIX_SPAWN_AVAILABLE
if ( ! intermediate_child & & working_directory = = NULL & & ! close_descriptors & &
2021-12-14 13:36:28 -06:00
! search_path_from_envp & & child_setup = = NULL )
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
{
2020-06-25 22:27:10 +01:00
g_trace_mark ( G_TRACE_CURRENT_TIME , 0 ,
" GLib " , " posix_spawn " ,
" %s " , argv [ 0 ] ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
status = do_posix_spawn ( argv ,
envp ,
search_path ,
stdout_to_null ,
stderr_to_null ,
child_inherits_stdin ,
file_and_argv_zero ,
child_pid ,
child_close_fds ,
stdin_fd ,
stdout_fd ,
2021-12-14 13:36:28 -06:00
stderr_fd ,
source_fds ,
target_fds ,
n_fds ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
if ( status = = 0 )
2020-10-13 12:43:25 +01:00
goto success ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
if ( status ! = ENOEXEC )
{
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
2018-06-25 16:51:00 +02:00
_ ( " Failed to spawn child process “%s” (%s) " ) ,
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
argv [ 0 ] ,
g_strerror ( status ) ) ;
2020-10-13 12:43:25 +01:00
goto cleanup_and_fail ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
}
/* posix_spawn is not intended to support script execution. It does in
* some situations on some glibc versions , but that will be fixed .
* So if it fails with ENOEXEC , we fall through to the regular
* gspawn codepath so that script execution can be attempted ,
* per standard gspawn behaviour . */
g_debug ( " posix_spawn failed (ENOEXEC), fall back to regular gspawn " ) ;
}
else
{
2020-06-25 22:27:10 +01:00
g_trace_mark ( G_TRACE_CURRENT_TIME , 0 ,
" GLib " , " fork " ,
" posix_spawn avoided %s%s%s%s%s " ,
! intermediate_child ? " " : " (automatic reaping requested) " ,
working_directory = = NULL ? " " : " (workdir specified) " ,
! close_descriptors ? " " : " (fd close requested) " ,
! search_path_from_envp ? " " : " (using envp for search path) " ,
child_setup = = NULL ? " " : " (child_setup specified) " ) ;
gspawn: Optimize with posix_spawn codepath
When the amount of free memory on the system is somewhat low, gnome-shell
will sometimes fail to launch apps, reporting the error:
fork(): Cannot allocate memory
fork() is failing here because while cloning the process virtual address
space, Linux worries that the thread being forked may end up COWing the
entire address space of the parent process (gnome-shell, which is
memory-hungry), and there is not enough free memory to permit that to
happen.
In this case we are simply calling fork() in order to quickly call exec(),
which will throw away the entirity of the duplicated VM, so we should
look for ways to avoid the overcommit check.
The well known solution to this is to use clone(CLONE_VM) or vfork(), which
completely avoids creating a new memory address space for the child.
However, that comes with a bunch of caveats and complications:
https://gist.github.com/nicowilliams/a8a07b0fc75df05f684c23c18d7db234
https://ewontfix.com/7/
In 2016, glibc's posix_spawn() was rewritten to use this approach
while also resolving the concerns.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9ff72da471a509a8c19791efe469f47fa6977410
I experimented with a similar approach in glib, but it was not practical
because glibc has several items of important internal knowledge (such as
knowing which signals should be given special treatment because they are
NPTL implementation details) that are not cleanly exposed elsewhere.
Instead, this patch adapts the gspawn code to use posix_spawn() where
possible, which will reap the benefits of that implementation.
The posix_spawn API is more limited than the gspawn API though,
partly due to natural limitations of using CLONE_VM, so the posix_spawn
path is added as a separate codepath which is only executed when the
conditions are right. Callers such as gnome-shell will have to be modified
to meet these conditions, such as not having a child_setup function.
In addition to allowing for the gnome-shell "Cannot allocate memory"
failure to be avoided, this should result in a general speedup in this
area, because fork()'s behaviour of cloning the entire VM space
has a cost which is now avoided. posix_spawn() has also recently
been optimized on OpenSolaris as the most performant way to spawn
a child process.
2018-05-28 14:45:45 -06:00
}
# endif /* POSIX_SPAWN_AVAILABLE */
2020-06-22 13:59:48 +01:00
/* Choose a search path. This has to be done before calling fork()
* as getenv ( ) isn ’ t async - signal - safe ( see ` man 7 signal - safety ` ) . */
chosen_search_path = NULL ;
if ( search_path_from_envp )
2020-10-13 12:43:25 +01:00
chosen_search_path = g_environ_getenv ( ( gchar * * ) envp , " PATH " ) ;
2020-06-22 13:59:48 +01:00
if ( search_path & & chosen_search_path = = NULL )
chosen_search_path = g_getenv ( " PATH " ) ;
2021-01-27 10:53:22 +00:00
if ( ( search_path | | search_path_from_envp ) & & chosen_search_path = = NULL )
2020-06-22 13:59:48 +01:00
{
/* There is no 'PATH' in the environment. The default
* * search path in libc is the current directory followed by
* * the path ' confstr ' returns for ' _CS_PATH ' .
* */
/* In GLib we put . last, for security, and don't use the
* * unportable confstr ( ) ; UNIX98 does not actually specify
* * what to search if PATH is unset . POSIX may , dunno .
* */
chosen_search_path = " /bin:/usr/bin:. " ;
}
2021-01-27 10:53:22 +00:00
if ( search_path | | search_path_from_envp )
g_assert ( chosen_search_path ! = NULL ) ;
else
g_assert ( chosen_search_path = = NULL ) ;
2020-06-22 14:15:42 +01:00
/* Allocate a buffer which the fork()ed child can use to assemble potential
* paths for the binary to exec ( ) , combining the argv [ 0 ] and elements from
* the chosen_search_path . This can ’ t be done in the child because malloc ( )
* ( or alloca ( ) ) are not async - signal - safe ( see ` man 7 signal - safety ` ) .
*
* Add 2 for the nul terminator and a leading ` / ` . */
2021-01-27 10:53:22 +00:00
if ( chosen_search_path ! = NULL )
{
search_path_buffer_len = strlen ( chosen_search_path ) + strlen ( argv [ 0 ] ) + 2 ;
2021-01-29 12:26:00 +01:00
if ( search_path_buffer_len < 4000 )
{
/* Prefer small stack allocations to avoid valgrind leak warnings
* in forked child . The 4000 B cutoff is arbitrary . */
search_path_buffer = g_alloca ( search_path_buffer_len ) ;
}
else
{
search_path_buffer_heap = g_malloc ( search_path_buffer_len ) ;
search_path_buffer = search_path_buffer_heap ;
}
2021-01-27 10:53:22 +00:00
}
if ( search_path | | search_path_from_envp )
g_assert ( search_path_buffer ! = NULL ) ;
else
g_assert ( search_path_buffer = = NULL ) ;
2020-06-22 14:15:42 +01:00
2020-06-22 14:33:12 +01:00
/* And allocate a buffer which is 2 elements longer than @argv, so that if
* script_execute ( ) has to be called later on , it can build a wrapper argv
* array in this buffer . */
2020-10-13 12:43:25 +01:00
argv_buffer_len = g_strv_length ( ( gchar * * ) argv ) + 2 ;
2021-01-29 12:26:00 +01:00
if ( argv_buffer_len < 4000 / sizeof ( gchar * ) )
{
/* Prefer small stack allocations to avoid valgrind leak warnings
* in forked child . The 4000 B cutoff is arbitrary . */
argv_buffer = g_newa ( gchar * , argv_buffer_len ) ;
}
else
{
argv_buffer_heap = g_new ( gchar * , argv_buffer_len ) ;
argv_buffer = argv_buffer_heap ;
}
2020-06-22 14:33:12 +01:00
2020-10-13 13:17:38 +01:00
/* And one to hold a copy of @source_fds for later manipulation in do_exec(). */
source_fds_copy = g_new ( int , n_fds ) ;
if ( n_fds > 0 )
memcpy ( source_fds_copy , source_fds , sizeof ( * source_fds ) * n_fds ) ;
2023-05-31 12:00:58 +01:00
if ( ! g_unix_pipe_open ( & child_err_report_pipe , pipe_flags , error ) )
2020-10-13 12:43:25 +01:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
if ( source_fds_collide_with_pipe ( & child_err_report_pipe , source_fds , n_fds , error ) )
2000-10-09 16:24:57 +00:00
goto cleanup_and_fail ;
2022-02-08 00:11:00 +04:00
if ( intermediate_child )
{
2023-05-31 12:00:58 +01:00
if ( ! g_unix_pipe_open ( & child_pid_report_pipe , pipe_flags , error ) )
2022-02-08 00:11:00 +04:00
goto cleanup_and_fail ;
2023-05-31 12:00:58 +01:00
if ( source_fds_collide_with_pipe ( & child_pid_report_pipe , source_fds , n_fds , error ) )
2022-02-08 00:11:00 +04:00
goto cleanup_and_fail ;
}
2000-10-09 16:24:57 +00:00
2005-12-02 21:37:25 +00:00
pid = fork ( ) ;
2000-10-09 16:24:57 +00:00
if ( pid < 0 )
2009-08-20 15:13:43 +02:00
{
int errsv = errno ;
2000-10-09 16:24:57 +00:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FORK ,
_ ( " Failed to fork (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 16:24:57 +00:00
goto cleanup_and_fail ;
}
else if ( pid = = 0 )
{
/* Immediate child. This may or may not be the child that
* actually execs the new process .
*/
2011-06-10 10:48:07 -04:00
/* Reset some signal handlers that we may use */
signal ( SIGCHLD , SIG_DFL ) ;
signal ( SIGINT , SIG_DFL ) ;
signal ( SIGTERM , SIG_DFL ) ;
signal ( SIGHUP , SIG_DFL ) ;
2000-10-09 16:24:57 +00:00
/* Be sure we crash if the parent exits
* and we write to the err_report_pipe
*/
signal ( SIGPIPE , SIG_DFL ) ;
/* Close the parent's end of the pipes;
* not needed in the close_descriptors case ,
* though
*/
2023-05-31 12:00:58 +01:00
g_unix_pipe_close ( & child_err_report_pipe , G_UNIX_PIPE_END_READ , NULL ) ;
g_unix_pipe_close ( & child_pid_report_pipe , G_UNIX_PIPE_END_READ , NULL ) ;
2020-10-13 12:43:25 +01:00
if ( child_close_fds [ 0 ] ! = - 1 )
2018-05-28 10:09:21 -06:00
{
int i = - 1 ;
while ( child_close_fds [ + + i ] ! = - 1 )
2023-05-30 16:04:05 +01:00
g_clear_fd ( & child_close_fds [ i ] , NULL ) ;
2018-05-28 10:09:21 -06:00
}
2000-10-09 16:24:57 +00:00
if ( intermediate_child )
{
/* We need to fork an intermediate child that launches the
* final child . The purpose of the intermediate child
* is to exit , so we can waitpid ( ) it immediately .
* Then the grandchild will not become a zombie .
*/
2004-03-01 20:47:49 +00:00
GPid grandchild_pid ;
2000-10-09 16:24:57 +00:00
2005-12-02 21:37:25 +00:00
grandchild_pid = fork ( ) ;
2000-10-09 16:24:57 +00:00
if ( grandchild_pid < 0 )
{
/* report -1 as child PID */
2023-05-31 12:00:58 +01:00
write_all ( g_unix_pipe_get ( & child_pid_report_pipe , G_UNIX_PIPE_END_WRITE ) ,
& grandchild_pid , sizeof ( grandchild_pid ) ) ;
2000-10-09 16:24:57 +00:00
2023-05-31 12:00:58 +01:00
write_err_and_exit ( g_unix_pipe_get ( & child_err_report_pipe , G_UNIX_PIPE_END_WRITE ) ,
2000-10-09 16:24:57 +00:00
CHILD_FORK_FAILED ) ;
}
else if ( grandchild_pid = = 0 )
{
2023-05-31 12:00:58 +01:00
g_unix_pipe_close ( & child_pid_report_pipe , G_UNIX_PIPE_END_WRITE , NULL ) ;
do_exec ( g_unix_pipe_get ( & child_err_report_pipe , G_UNIX_PIPE_END_WRITE ) ,
2018-05-28 10:09:21 -06:00
stdin_fd ,
stdout_fd ,
stderr_fd ,
2020-10-13 13:17:38 +01:00
source_fds_copy ,
target_fds ,
n_fds ,
2000-10-09 16:24:57 +00:00
working_directory ,
argv ,
2020-06-22 14:33:12 +01:00
argv_buffer ,
argv_buffer_len ,
2000-10-09 16:24:57 +00:00
envp ,
close_descriptors ,
2020-06-22 13:59:48 +01:00
chosen_search_path ,
2020-06-22 14:15:42 +01:00
search_path_buffer ,
search_path_buffer_len ,
2000-10-09 16:24:57 +00:00
stdout_to_null ,
stderr_to_null ,
child_inherits_stdin ,
2001-06-08 19:41:51 +00:00
file_and_argv_zero ,
2000-10-09 16:24:57 +00:00
child_setup ,
user_data ) ;
}
else
{
2023-05-31 12:00:58 +01:00
write_all ( g_unix_pipe_get ( & child_pid_report_pipe , G_UNIX_PIPE_END_WRITE ) ,
& grandchild_pid , sizeof ( grandchild_pid ) ) ;
g_unix_pipe_close ( & child_pid_report_pipe , G_UNIX_PIPE_END_WRITE , NULL ) ;
2000-10-09 16:24:57 +00:00
_exit ( 0 ) ;
}
}
else
{
/* Just run the child.
*/
2023-05-31 12:00:58 +01:00
do_exec ( g_unix_pipe_get ( & child_err_report_pipe , G_UNIX_PIPE_END_WRITE ) ,
2018-05-28 10:09:21 -06:00
stdin_fd ,
stdout_fd ,
stderr_fd ,
2020-10-13 13:17:38 +01:00
source_fds_copy ,
target_fds ,
n_fds ,
2000-10-09 16:24:57 +00:00
working_directory ,
argv ,
2020-06-22 14:33:12 +01:00
argv_buffer ,
argv_buffer_len ,
2000-10-09 16:24:57 +00:00
envp ,
close_descriptors ,
2020-06-22 13:59:48 +01:00
chosen_search_path ,
2020-06-22 14:15:42 +01:00
search_path_buffer ,
search_path_buffer_len ,
2000-10-09 16:24:57 +00:00
stdout_to_null ,
stderr_to_null ,
child_inherits_stdin ,
2001-06-08 19:41:51 +00:00
file_and_argv_zero ,
2000-10-09 16:24:57 +00:00
child_setup ,
user_data ) ;
}
}
else
{
/* Parent */
gint buf [ 2 ] ;
Changes for 64-bit cleanliness, loosely based on patch from Mark Murnane.
Wed Jun 20 12:00:54 2001 Owen Taylor <otaylor@redhat.com>
Changes for 64-bit cleanliness, loosely based on patch
from Mark Murnane.
* gconvert.c (g_convert/g_convert_with_fallback): Remove
workarounds for since-fixed GNU libc bugs. Minor
doc fix.
* gconvert.[ch]: Change gint to gsize/gssize as
appropriate.
* gconvert.c (g_locale/filename_to/from_utf8): Fix incorrect
computation of bytes_read / bytes_written.
* gfileutils.[ch] (g_file_get_contents): Make length
out parameter 'gsize *len'.
* ghook.c (g_hook_compare_ids): Don't compare a
and b as 'a - b'.
* gmacros.h (GSIZE_TO_POINTER): Add GPOINTER_TO_SIZE,
GSIZE_TO_POINTER.
* gmain.c (g_timeout_prepare): Rewrite to avoid
overflows. (Fixes bug when system clock skews
backwards more than 24 days.)
* gmarkup.[ch]: Make lengths passed to callbacks
gsize, length for g_markup_parse-context_parse(),
g_markup_escape_text() gssize.
* gmessages.[ch] (g_printf_string_upper_bound): Change
return value to gsize.
* gmessages.c (printf_string_upper_bound): Remove
a ridiculous use of 'inline' on a 300 line function.
* gstring.[ch]: Represent size of string as a gsize,
not gint. Make parameters to functions take gsize,
or gssize where -1 is allowed.
* gstring.c (g_string_erase): Make
g_string_erase (string, pos, -1) a synonym for
g_string_truncate for consistency with other G*
APIs.
* gstrfuncs.[ch]: Make all functions taking a string
length, take a gsize, or gssize if -1 is allowed.
(g_strstr_len, g_strrstr_len). Also fix some boundary
conditions in g_str[r]str[_len].
* gutf8.c tests/unicode-encoding.c: Make parameters that
are byte lengths gsize, gssize as appropriate. Make
character offsets, other counts, glong.
* gasyncqueue.c gcompletion.c
timeloop.c timeloop-basic.c gutils.c gspawn.c.
Small 64 bit cleanliness fixups.
* glist.c (g_list_sort2, g_list_sort_real): Fix functions
that should have been static.
* gdate.c (g_date_fill_parse_tokens): Fix extra
declaration that was shadowing another.
* tests/module-test.c: Include string.h
Mon Jun 18 15:43:29 2001 Owen Taylor <otaylor@redhat.com>
* gutf8.c (g_get_charset): Make argument
G_CONST_RETURN char **.
2001-06-23 13:55:09 +00:00
gint n_ints = 0 ;
2000-10-09 16:24:57 +00:00
/* Close the uncared-about ends of the pipes */
2023-05-31 12:00:58 +01:00
g_unix_pipe_close ( & child_err_report_pipe , G_UNIX_PIPE_END_WRITE , NULL ) ;
g_unix_pipe_close ( & child_pid_report_pipe , G_UNIX_PIPE_END_WRITE , NULL ) ;
2000-10-09 16:24:57 +00:00
/* If we had an intermediate child, reap it */
if ( intermediate_child )
{
wait_again :
if ( waitpid ( pid , & status , 0 ) < 0 )
{
if ( errno = = EINTR )
goto wait_again ;
else if ( errno = = ECHILD )
; /* do nothing, child already reaped */
else
2020-10-13 12:43:25 +01:00
g_warning ( " waitpid() should not fail in 'fork_exec' " ) ;
2000-10-09 16:24:57 +00:00
}
}
2023-05-31 12:00:58 +01:00
if ( ! read_ints ( g_unix_pipe_get ( & child_err_report_pipe , G_UNIX_PIPE_END_READ ) ,
2000-10-09 16:24:57 +00:00
buf , 2 , & n_ints ,
error ) )
goto cleanup_and_fail ;
if ( n_ints > = 2 )
{
/* Error from the child. */
switch ( buf [ 0 ] )
{
case CHILD_CHDIR_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_CHDIR ,
2016-09-30 05:47:15 +02:00
_ ( " Failed to change to directory “%s” (%s) " ) ,
2000-10-09 16:24:57 +00:00
working_directory ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
case CHILD_EXEC_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
2018-06-12 16:00:13 +01:00
_g_spawn_exec_err_to_g_error ( buf [ 1 ] ) ,
2016-09-30 05:47:15 +02:00
_ ( " Failed to execute child process “%s” (%s) " ) ,
2001-12-14 16:26:24 +00:00
argv [ 0 ] ,
2000-10-09 16:24:57 +00:00
g_strerror ( buf [ 1 ] ) ) ;
break ;
2021-12-14 13:36:30 -06:00
case CHILD_OPEN_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to open file to remap file descriptor (%s) " ) ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
2022-10-31 09:39:59 -04:00
case CHILD_DUPFD_FAILED :
2000-10-09 16:24:57 +00:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
2021-12-14 13:36:25 -06:00
_ ( " Failed to duplicate file descriptor for child process (%s) " ) ,
2000-10-09 16:24:57 +00:00
g_strerror ( buf [ 1 ] ) ) ;
break ;
case CHILD_FORK_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FORK ,
_ ( " Failed to fork child process (%s) " ) ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
2022-01-17 15:27:24 +00:00
case CHILD_CLOSE_FAILED :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to close file descriptor for child process (%s) " ) ,
g_strerror ( buf [ 1 ] ) ) ;
break ;
2000-10-09 16:24:57 +00:00
default :
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
2016-09-30 05:47:15 +02:00
_ ( " Unknown error executing child process “%s” " ) ,
2001-12-14 16:26:24 +00:00
argv [ 0 ] ) ;
2000-10-09 16:24:57 +00:00
break ;
}
goto cleanup_and_fail ;
}
/* Get child pid from intermediate child pipe. */
if ( intermediate_child )
{
n_ints = 0 ;
2023-05-31 12:00:58 +01:00
if ( ! read_ints ( g_unix_pipe_get ( & child_pid_report_pipe , G_UNIX_PIPE_END_READ ) ,
2000-10-09 16:24:57 +00:00
buf , 1 , & n_ints , error ) )
goto cleanup_and_fail ;
if ( n_ints < 1 )
{
2009-08-20 15:13:43 +02:00
int errsv = errno ;
2000-10-09 16:24:57 +00:00
g_set_error ( error ,
G_SPAWN_ERROR ,
G_SPAWN_ERROR_FAILED ,
_ ( " Failed to read enough data from child pid pipe (%s) " ) ,
2009-08-20 15:13:43 +02:00
g_strerror ( errsv ) ) ;
2000-10-09 16:24:57 +00:00
goto cleanup_and_fail ;
}
else
{
/* we have the child pid */
pid = buf [ 0 ] ;
}
}
/* Success against all odds! return the information */
2023-05-31 12:00:58 +01:00
g_unix_pipe_close ( & child_err_report_pipe , G_UNIX_PIPE_END_READ , NULL ) ;
g_unix_pipe_close ( & child_pid_report_pipe , G_UNIX_PIPE_END_READ , NULL ) ;
2020-06-22 14:15:42 +01:00
2021-01-29 12:26:00 +01:00
g_free ( search_path_buffer_heap ) ;
g_free ( argv_buffer_heap ) ;
2020-10-13 13:17:38 +01:00
g_free ( source_fds_copy ) ;
2020-06-22 14:15:42 +01:00
2000-10-09 16:24:57 +00:00
if ( child_pid )
* child_pid = pid ;
2020-10-13 12:43:25 +01:00
goto success ;
2000-10-09 16:24:57 +00:00
}
2020-10-13 12:43:25 +01:00
success :
/* Close the uncared-about ends of the pipes */
2023-05-31 12:00:58 +01:00
g_unix_pipe_close ( & stdin_pipe , G_UNIX_PIPE_END_READ , NULL ) ;
g_unix_pipe_close ( & stdout_pipe , G_UNIX_PIPE_END_WRITE , NULL ) ;
g_unix_pipe_close ( & stderr_pipe , G_UNIX_PIPE_END_WRITE , NULL ) ;
2020-10-13 12:43:25 +01:00
if ( stdin_pipe_out ! = NULL )
2023-05-31 12:00:58 +01:00
* stdin_pipe_out = g_unix_pipe_steal ( & stdin_pipe , G_UNIX_PIPE_END_WRITE ) ;
2020-10-13 12:43:25 +01:00
if ( stdout_pipe_out ! = NULL )
2023-05-31 12:00:58 +01:00
* stdout_pipe_out = g_unix_pipe_steal ( & stdout_pipe , G_UNIX_PIPE_END_READ ) ;
2020-10-13 12:43:25 +01:00
if ( stderr_pipe_out ! = NULL )
2023-05-31 12:00:58 +01:00
* stderr_pipe_out = g_unix_pipe_steal ( & stderr_pipe , G_UNIX_PIPE_END_READ ) ;
2020-10-13 12:43:25 +01:00
return TRUE ;
2000-10-09 16:24:57 +00:00
cleanup_and_fail :
2002-09-23 06:45:10 +00:00
/* There was an error from the Child, reap the child to avoid it being
a zombie .
*/
if ( pid > 0 )
{
wait_failed :
if ( waitpid ( pid , NULL , 0 ) < 0 )
{
if ( errno = = EINTR )
goto wait_failed ;
else if ( errno = = ECHILD )
; /* do nothing, child already reaped */
else
2020-10-13 12:43:25 +01:00
g_warning ( " waitpid() should not fail in 'fork_exec' " ) ;
2002-09-23 06:45:10 +00:00
}
}
2023-05-31 12:00:58 +01:00
g_unix_pipe_clear ( & stdin_pipe ) ;
g_unix_pipe_clear ( & stdout_pipe ) ;
g_unix_pipe_clear ( & stderr_pipe ) ;
g_unix_pipe_clear ( & child_err_report_pipe ) ;
g_unix_pipe_clear ( & child_pid_report_pipe ) ;
2020-10-13 12:43:25 +01:00
g_clear_pointer ( & search_path_buffer_heap , g_free ) ;
g_clear_pointer ( & argv_buffer_heap , g_free ) ;
2020-10-13 13:17:38 +01:00
g_clear_pointer ( & source_fds_copy , g_free ) ;
2020-10-13 12:43:25 +01:00
2000-10-09 16:24:57 +00:00
return FALSE ;
}
/* Based on execvp from GNU C Library */
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) until it calls exec ( ) . */
2020-06-22 14:33:12 +01:00
static gboolean
2000-10-09 16:24:57 +00:00
script_execute ( const gchar * file ,
gchar * * argv ,
2020-06-22 14:33:12 +01:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2012-05-20 00:01:35 +02:00
gchar * * envp )
2000-10-09 16:24:57 +00:00
{
/* Count the arguments. */
2020-09-10 18:10:06 +02:00
gsize argc = 0 ;
2000-10-09 16:24:57 +00:00
while ( argv [ argc ] )
+ + argc ;
2020-06-22 14:33:12 +01:00
/* Construct an argument list for the shell. */
if ( argc + 2 > argv_buffer_len )
return FALSE ;
argv_buffer [ 0 ] = ( char * ) " /bin/sh " ;
argv_buffer [ 1 ] = ( char * ) file ;
while ( argc > 0 )
{
argv_buffer [ argc + 1 ] = argv [ argc ] ;
- - argc ;
}
/* Execute the shell. */
if ( envp )
execve ( argv_buffer [ 0 ] , argv_buffer , envp ) ;
else
execv ( argv_buffer [ 0 ] , argv_buffer ) ;
return TRUE ;
2000-10-09 16:24:57 +00:00
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) . */
2000-10-09 16:24:57 +00:00
static gchar *
my_strchrnul ( const gchar * str , gchar c )
{
gchar * p = ( gchar * ) str ;
while ( * p & & ( * p ! = c ) )
+ + p ;
return p ;
}
2020-06-22 12:36:32 +01:00
/* This function is called between fork() and exec() and hence must be
* async - signal - safe ( see signal - safety ( 7 ) ) until it calls exec ( ) . */
2000-10-09 16:24:57 +00:00
static gint
2020-06-22 13:59:48 +01:00
g_execute ( const gchar * file ,
gchar * * argv ,
2020-06-22 14:33:12 +01:00
gchar * * argv_buffer ,
gsize argv_buffer_len ,
2020-06-22 13:59:48 +01:00
gchar * * envp ,
2020-06-22 14:15:42 +01:00
const gchar * search_path ,
gchar * search_path_buffer ,
gsize search_path_buffer_len )
2000-10-09 16:24:57 +00:00
{
2022-01-31 14:54:10 +00:00
if ( file = = NULL | | * file = = ' \0 ' )
2000-10-09 16:24:57 +00:00
{
/* We check the simple case first. */
errno = ENOENT ;
return - 1 ;
}
2020-06-22 13:59:48 +01:00
if ( search_path = = NULL | | strchr ( file , ' / ' ) ! = NULL )
2000-10-09 16:24:57 +00:00
{
/* Don't search when it contains a slash. */
if ( envp )
execve ( file , argv , envp ) ;
else
execv ( file , argv ) ;
2020-06-22 14:33:12 +01:00
if ( errno = = ENOEXEC & &
! script_execute ( file , argv , argv_buffer , argv_buffer_len , envp ) )
{
errno = ENOMEM ;
return - 1 ;
}
2000-10-09 16:24:57 +00:00
}
else
{
gboolean got_eacces = 0 ;
2001-02-17 23:30:48 +00:00
const gchar * path , * p ;
2020-06-22 14:15:42 +01:00
gchar * name ;
2006-12-28 04:48:06 +00:00
gsize len ;
gsize pathlen ;
2000-10-09 16:24:57 +00:00
2020-06-22 13:59:48 +01:00
path = search_path ;
2000-10-09 16:24:57 +00:00
len = strlen ( file ) + 1 ;
pathlen = strlen ( path ) ;
2020-06-22 14:15:42 +01:00
name = search_path_buffer ;
if ( search_path_buffer_len < pathlen + len + 1 )
{
errno = ENOMEM ;
return - 1 ;
}
2000-10-09 16:24:57 +00:00
/* Copy the file name at the top, including '\0' */
memcpy ( name + pathlen + 1 , file , len ) ;
name = name + pathlen ;
/* And add the slash before the filename */
* name = ' / ' ;
p = path ;
do
{
char * startp ;
path = p ;
p = my_strchrnul ( path , ' : ' ) ;
if ( p = = path )
/* Two adjacent colons, or a colon at the beginning or the end
2013-05-20 17:54:48 -03:00
* of ' PATH ' means to search the current directory .
2000-10-09 16:24:57 +00:00
*/
startp = name + 1 ;
else
startp = memcpy ( name - ( p - path ) , path , p - path ) ;
/* Try to execute this name. If it works, execv will not return. */
if ( envp )
execve ( startp , argv , envp ) ;
else
execv ( startp , argv ) ;
2020-06-22 14:33:12 +01:00
if ( errno = = ENOEXEC & &
! script_execute ( startp , argv , argv_buffer , argv_buffer_len , envp ) )
{
errno = ENOMEM ;
return - 1 ;
}
2000-10-09 16:24:57 +00:00
switch ( errno )
{
case EACCES :
2013-05-20 17:54:48 -03:00
/* Record the we got a 'Permission denied' error. If we end
2000-10-09 16:24:57 +00:00
* up finding no executable we can use , we want to diagnose
* that we did find one but were denied access .
*/
got_eacces = TRUE ;
2020-03-04 09:48:15 +01:00
G_GNUC_FALLTHROUGH ;
2000-10-09 16:24:57 +00:00
case ENOENT :
# ifdef ESTALE
case ESTALE :
# endif
# ifdef ENOTDIR
case ENOTDIR :
# endif
/* Those errors indicate the file is missing or not executable
* by us , in which case we want to just try the next path
* directory .
*/
break ;
2012-03-15 19:16:02 -04:00
case ENODEV :
case ETIMEDOUT :
/* Some strange filesystems like AFS return even
* stranger error numbers . They cannot reasonably mean anything
* else so ignore those , too .
*/
break ;
2000-10-09 16:24:57 +00:00
default :
/* Some other error means we found an executable file, but
* something went wrong executing it ; return the error to our
* caller .
*/
return - 1 ;
}
}
while ( * p + + ! = ' \0 ' ) ;
/* We tried every element and none of them worked. */
if ( got_eacces )
/* At least one failure was due to permissions, so report that
* error .
*/
errno = EACCES ;
}
/* Return the error from the last attempt (probably ENOENT). */
return - 1 ;
}
2004-03-01 20:47:49 +00:00
void
2024-07-15 16:12:57 +01:00
g_spawn_close_pid_impl ( GPid pid )
2004-03-01 20:47:49 +00:00
{
2024-07-15 16:12:57 +01:00
/* no-op */
2004-03-01 20:47:49 +00:00
}
