diff options
Diffstat (limited to 'src/pkg/syscall/exec_plan9.go')
| -rw-r--r-- | src/pkg/syscall/exec_plan9.go | 525 | 
1 files changed, 0 insertions, 525 deletions
| diff --git a/src/pkg/syscall/exec_plan9.go b/src/pkg/syscall/exec_plan9.go deleted file mode 100644 index 66ab1fced..000000000 --- a/src/pkg/syscall/exec_plan9.go +++ /dev/null @@ -1,525 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Fork, exec, wait, etc. - -package syscall - -import ( -	"sync" -	"unsafe" -) - -// Lock synchronizing creation of new file descriptors with fork. -// -// We want the child in a fork/exec sequence to inherit only the -// file descriptors we intend.  To do that, we mark all file -// descriptors close-on-exec and then, in the child, explicitly -// unmark the ones we want the exec'ed program to keep. -// Unix doesn't make this easy: there is, in general, no way to -// allocate a new file descriptor close-on-exec.  Instead you -// have to allocate the descriptor and then mark it close-on-exec. -// If a fork happens between those two events, the child's exec -// will inherit an unwanted file descriptor. -// -// This lock solves that race: the create new fd/mark close-on-exec -// operation is done holding ForkLock for reading, and the fork itself -// is done holding ForkLock for writing.  At least, that's the idea. -// There are some complications. -// -// Some system calls that create new file descriptors can block -// for arbitrarily long times: open on a hung NFS server or named -// pipe, accept on a socket, and so on.  We can't reasonably grab -// the lock across those operations. -// -// It is worse to inherit some file descriptors than others. -// If a non-malicious child accidentally inherits an open ordinary file, -// that's not a big deal.  On the other hand, if a long-lived child -// accidentally inherits the write end of a pipe, then the reader -// of that pipe will not see EOF until that child exits, potentially -// causing the parent program to hang.  This is a common problem -// in threaded C programs that use popen. -// -// Luckily, the file descriptors that are most important not to -// inherit are not the ones that can take an arbitrarily long time -// to create: pipe returns instantly, and the net package uses -// non-blocking I/O to accept on a listening socket. -// The rules for which file descriptor-creating operations use the -// ForkLock are as follows: -// -// 1) Pipe.    Does not block.  Use the ForkLock. -// 2) Socket.  Does not block.  Use the ForkLock. -// 3) Accept.  If using non-blocking mode, use the ForkLock. -//             Otherwise, live with the race. -// 4) Open.    Can block.  Use O_CLOEXEC if available (Linux). -//             Otherwise, live with the race. -// 5) Dup.     Does not block.  Use the ForkLock. -//             On Linux, could use fcntl F_DUPFD_CLOEXEC -//             instead of the ForkLock, but only for dup(fd, -1). - -var ForkLock sync.RWMutex - -// Convert array of string to array -// of NUL-terminated byte pointer. -func StringSlicePtr(ss []string) []*byte { -	bb := make([]*byte, len(ss)+1) -	for i := 0; i < len(ss); i++ { -		bb[i] = StringBytePtr(ss[i]) -	} -	bb[len(ss)] = nil -	return bb -} - -// gbit16 reads a 16-bit numeric value from a 9P protocol message strored in b, -// returning the value and the remaining slice of b. -func gbit16(b []byte) (uint16, []byte) { -	return uint16(b[0]) | uint16(b[1])<<8, b[2:] -} - -// gstring reads a string from a 9P protocol message strored in b, -// returning the value as a Go string and the remaining slice of b. -func gstring(b []byte) (string, []byte) { -	n, b := gbit16(b) -	return string(b[0:n]), b[n:] -} - -// readdirnames returns the names of files inside the directory represented by dirfd. -func readdirnames(dirfd int) (names []string, err Error) { -	result := make([]string, 0, 100) -	var buf [STATMAX]byte - -	for { -		n, e := Read(dirfd, buf[:]) -		if e != nil { -			return []string{}, e -		} -		if n == 0 { -			break -		} - -		for i := 0; i < n; { -			m, _ := gbit16(buf[i:]) -			m += 2 - -			if m < STATFIXLEN { -				return []string{}, NewError("malformed stat buffer") -			} - -			name, _ := gstring(buf[i+41:]) -			result = append(result, name) - -			i += int(m) -		} -	} -	return []string{}, nil -} - -// readdupdevice returns a list of currently opened fds (excluding stdin, stdout, stderr) from the dup device #d. -// ForkLock should be write locked before calling, so that no new fds would be created while the fd list is being read. -func readdupdevice() (fds []int, err Error) { -	dupdevfd, err := Open("#d", O_RDONLY) - -	if err != nil { -		return -	} -	defer Close(dupdevfd) - -	fileNames, err := readdirnames(dupdevfd) -	if err != nil { -		return -	} - -	fds = make([]int, 0, len(fileNames)>>1) -	for _, fdstr := range fileNames { -		if l := len(fdstr); l > 2 && fdstr[l-3] == 'c' && fdstr[l-2] == 't' && fdstr[l-1] == 'l' { -			continue -		} - -		fd := int(atoi([]byte(fdstr))) - -		if fd == 0 || fd == 1 || fd == 2 || fd == dupdevfd { -			continue -		} - -		fds = append(fds, fd) -	} - -	return fds[0:len(fds)], nil -} - -var startupFds []int - -// Plan 9 does not allow clearing the OCEXEC flag -// from the underlying channel backing an open file descriptor, -// therefore we store a list of already opened file descriptors -// inside startupFds and skip them when manually closing descriptors -// not meant to be passed to a child exec. -func init() { -	startupFds, _ = readdupdevice() -} - -// forkAndExecInChild forks the process, calling dup onto 0..len(fd) -// and finally invoking exec(argv0, argvv, envv) in the child. -// If a dup or exec fails, it writes the error string to pipe. -// (The pipe write end is close-on-exec so if exec succeeds, it will be closed.) -// -// In the child, this function must not acquire any locks, because -// they might have been locked at the time of the fork.  This means -// no rescheduling, no malloc calls, and no new stack segments. -// The calls to RawSyscall are okay because they are assembly -// functions that do not grow the stack. -func forkAndExecInChild(argv0 *byte, argv []*byte, envv []envItem, dir *byte, attr *ProcAttr, fdsToClose []int, pipe int, rflag int) (pid int, err Error) { -	// Declare all variables at top in case any -	// declarations require heap allocation (e.g., errbuf). -	var ( -		r1       uintptr -		nextfd   int -		i        int -		clearenv int -		envfd    int -		errbuf   [ERRMAX]byte -	) - -	// guard against side effects of shuffling fds below. -	fd := append([]int(nil), attr.Files...) - -	if envv != nil { -		clearenv = RFCENVG -	} - -	// About to call fork. -	// No more allocation or calls of non-assembly functions. -	r1, _, _ = RawSyscall(SYS_RFORK, uintptr(RFPROC|RFFDG|RFREND|clearenv|rflag), 0, 0) - -	if r1 != 0 { -		if int(r1) == -1 { -			return 0, NewError(errstr()) -		} -		// parent; return PID -		return int(r1), nil -	} - -	// Fork succeeded, now in child. - -	// Close fds we don't need. -	for i = 0; i < len(fdsToClose); i++ { -		r1, _, _ = RawSyscall(SYS_CLOSE, uintptr(fdsToClose[i]), 0, 0) -		if int(r1) == -1 { -			goto childerror -		} -	} - -	if envv != nil { -		// Write new environment variables. -		for i = 0; i < len(envv); i++ { -			r1, _, _ = RawSyscall(SYS_CREATE, uintptr(unsafe.Pointer(envv[i].name)), uintptr(O_WRONLY), uintptr(0666)) - -			if int(r1) == -1 { -				goto childerror -			} - -			envfd = int(r1) - -			r1, _, _ = RawSyscall6(SYS_PWRITE, uintptr(envfd), uintptr(unsafe.Pointer(envv[i].value)), uintptr(envv[i].nvalue), -				^uintptr(0), ^uintptr(0), 0) - -			if int(r1) == -1 || int(r1) != envv[i].nvalue { -				goto childerror -			} - -			r1, _, _ = RawSyscall(SYS_CLOSE, uintptr(envfd), 0, 0) - -			if int(r1) == -1 { -				goto childerror -			} -		} -	} - -	// Chdir -	if dir != nil { -		r1, _, _ = RawSyscall(SYS_CHDIR, uintptr(unsafe.Pointer(dir)), 0, 0) -		if int(r1) == -1 { -			goto childerror -		} -	} - -	// Pass 1: look for fd[i] < i and move those up above len(fd) -	// so that pass 2 won't stomp on an fd it needs later. -	nextfd = int(len(fd)) -	if pipe < nextfd { -		r1, _, _ = RawSyscall(SYS_DUP, uintptr(pipe), uintptr(nextfd), 0) -		if int(r1) == -1 { -			goto childerror -		} -		pipe = nextfd -		nextfd++ -	} -	for i = 0; i < len(fd); i++ { -		if fd[i] >= 0 && fd[i] < int(i) { -			r1, _, _ = RawSyscall(SYS_DUP, uintptr(fd[i]), uintptr(nextfd), 0) -			if int(r1) == -1 { -				goto childerror -			} - -			fd[i] = nextfd -			nextfd++ -			if nextfd == pipe { // don't stomp on pipe -				nextfd++ -			} -		} -	} - -	// Pass 2: dup fd[i] down onto i. -	for i = 0; i < len(fd); i++ { -		if fd[i] == -1 { -			RawSyscall(SYS_CLOSE, uintptr(i), 0, 0) -			continue -		} -		if fd[i] == int(i) { -			continue -		} - -		r1, _, _ = RawSyscall(SYS_DUP, uintptr(fd[i]), uintptr(i), 0) -		if int(r1) == -1 { -			goto childerror -		} -		RawSyscall(SYS_CLOSE, uintptr(fd[i]), 0, 0) -	} - -	// Time to exec. -	r1, _, _ = RawSyscall(SYS_EXEC, -		uintptr(unsafe.Pointer(argv0)), -		uintptr(unsafe.Pointer(&argv[0])), 0) - -childerror: -	// send error string on pipe -	RawSyscall(SYS_ERRSTR, uintptr(unsafe.Pointer(&errbuf[0])), uintptr(len(errbuf)), 0) -	errbuf[len(errbuf)-1] = 0 -	i = 0 -	for i < len(errbuf) && errbuf[i] != 0 { -		i++ -	} - -	RawSyscall6(SYS_PWRITE, uintptr(pipe), uintptr(unsafe.Pointer(&errbuf[0])), uintptr(i), -		^uintptr(0), ^uintptr(0), 0) - -	for { -		RawSyscall(SYS_EXITS, 0, 0, 0) -	} - -	// Calling panic is not actually safe, -	// but the for loop above won't break -	// and this shuts up the compiler. -	panic("unreached") -} - -func cexecPipe(p []int) Error { -	e := Pipe(p) -	if e != nil { -		return e -	} - -	fd, e := Open("#d/"+itoa(p[1]), O_CLOEXEC) -	if e != nil { -		Close(p[0]) -		Close(p[1]) -		return e -	} - -	Close(fd) -	return nil -} - -type envItem struct { -	name   *byte -	value  *byte -	nvalue int -} - -type ProcAttr struct { -	Dir   string   // Current working directory. -	Env   []string // Environment. -	Files []int    // File descriptors. -	Sys   *SysProcAttr -} - -type SysProcAttr struct { -	Rfork int // additional flags to pass to rfork -} - -var zeroProcAttr ProcAttr -var zeroSysProcAttr SysProcAttr - -func forkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err Error) { -	var ( -		p      [2]int -		n      int -		errbuf [ERRMAX]byte -		wmsg   Waitmsg -	) - -	if attr == nil { -		attr = &zeroProcAttr -	} -	sys := attr.Sys -	if sys == nil { -		sys = &zeroSysProcAttr -	} - -	p[0] = -1 -	p[1] = -1 - -	// Convert args to C form. -	argv0p := StringBytePtr(argv0) -	argvp := StringSlicePtr(argv) - -	var dir *byte -	if attr.Dir != "" { -		dir = StringBytePtr(attr.Dir) -	} -	var envvParsed []envItem -	if attr.Env != nil { -		envvParsed = make([]envItem, 0, len(attr.Env)) -		for _, v := range attr.Env { -			i := 0 -			for i < len(v) && v[i] != '=' { -				i++ -			} - -			envvParsed = append(envvParsed, envItem{StringBytePtr("/env/" + v[:i]), StringBytePtr(v[i+1:]), len(v) - i}) -		} -	} - -	// Acquire the fork lock to prevent other threads from creating new fds before we fork. -	ForkLock.Lock() - -	// get a list of open fds, excluding stdin,stdout and stderr that need to be closed in the child. -	// no new fds can be created while we hold the ForkLock for writing. -	openFds, e := readdupdevice() - -	if e != nil { -		ForkLock.Unlock() -		return 0, e -	} - -	fdsToClose := make([]int, 0, len(openFds)) -	// exclude fds opened from startup from the list of fds to be closed. -	for _, fd := range openFds { -		isReserved := false -		for _, reservedFd := range startupFds { -			if fd == reservedFd { -				isReserved = true -				break -			} -		} - -		if !isReserved { -			fdsToClose = append(fdsToClose, fd) -		} -	} - -	// exclude fds requested by the caller from the list of fds to be closed. -	for _, fd := range openFds { -		isReserved := false -		for _, reservedFd := range attr.Files { -			if fd == reservedFd { -				isReserved = true -				break -			} -		} - -		if !isReserved { -			fdsToClose = append(fdsToClose, fd) -		} -	} - -	// Allocate child status pipe close on exec.	 -	e = cexecPipe(p[:]) - -	if e != nil { -		return 0, e -	} -	fdsToClose = append(fdsToClose, p[0]) - -	// Kick off child. -	pid, err = forkAndExecInChild(argv0p, argvp, envvParsed, dir, attr, fdsToClose, p[1], sys.Rfork) - -	if err != nil { -		if p[0] >= 0 { -			Close(p[0]) -			Close(p[1]) -		} -		ForkLock.Unlock() -		return 0, err -	} -	ForkLock.Unlock() - -	// Read child error status from pipe. -	Close(p[1]) -	n, err = Read(p[0], errbuf[:]) -	Close(p[0]) - -	if err != nil || n != 0 { -		if n != 0 { -			err = NewError(string(errbuf[:])) -		} - -		// Child failed; wait for it to exit, to make sure -		// the zombies don't accumulate. -		for wmsg.Pid != pid { -			Await(&wmsg) -		} -		return 0, err -	} - -	// Read got EOF, so pipe closed on exec, so exec succeeded. -	return pid, nil -} - -// Combination of fork and exec, careful to be thread safe. -func ForkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err Error) { -	return forkExec(argv0, argv, attr) -} - -// StartProcess wraps ForkExec for package os. -func StartProcess(argv0 string, argv []string, attr *ProcAttr) (pid, handle int, err Error) { -	pid, err = forkExec(argv0, argv, attr) -	return pid, 0, err -} - -// Ordinary exec. -func Exec(argv0 string, argv []string, envv []string) (err Error) { -	if envv != nil { -		r1, _, _ := RawSyscall(SYS_RFORK, RFCENVG, 0, 0) -		if int(r1) == -1 { -			return NewError(errstr()) -		} - -		for _, v := range envv { -			i := 0 -			for i < len(v) && v[i] != '=' { -				i++ -			} - -			fd, e := Create("/env/"+v[:i], O_WRONLY, 0666) -			if e != nil { -				return e -			} - -			_, e = Write(fd, []byte(v[i+1:])) -			if e != nil { -				Close(fd) -				return e -			} -			Close(fd) -		} -	} - -	_, _, e := Syscall(SYS_EXEC, -		uintptr(unsafe.Pointer(StringBytePtr(argv0))), -		uintptr(unsafe.Pointer(&StringSlicePtr(argv)[0])), -		0) - -	return NewError(e) -} | 
