Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 1995, 2008, Oracle and/or its affiliates. All rights reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. Oracle designates this |
| 8 | * particular file as subject to the "Classpath" exception as provided |
| 9 | * by Oracle in the LICENSE file that accompanied this code. |
| 10 | * |
| 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * version 2 for more details (a copy is included in the LICENSE file that |
| 15 | * accompanied this code). |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License version |
| 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 20 | * |
| 21 | * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| 22 | * or visit www.oracle.com if you need additional information or have any |
| 23 | * questions. |
| 24 | */ |
| 25 | |
| 26 | #undef _LARGEFILE64_SOURCE |
| 27 | #define _LARGEFILE64_SOURCE 1 |
| 28 | |
| 29 | #include "jni.h" |
| 30 | #include "jvm.h" |
| 31 | #include "jvm_md.h" |
| 32 | #include "jni_util.h" |
| 33 | #include "io_util.h" |
Steven Moreland | cab01ac | 2017-07-18 16:18:36 -0700 | [diff] [blame] | 34 | #include <nativehelper/JNIHelp.h> |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 35 | |
| 36 | #define NATIVE_METHOD(className, functionName, signature) \ |
| 37 | { #functionName, signature, (void*)(className ## _ ## functionName) } |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 38 | |
| 39 | /* |
| 40 | * Platform-specific support for java.lang.Process |
| 41 | */ |
| 42 | #include <assert.h> |
| 43 | #include <stddef.h> |
| 44 | #include <stdlib.h> |
| 45 | #include <sys/types.h> |
| 46 | #include <ctype.h> |
Doug Horn | a242673 | 2018-11-13 11:51:03 -0800 | [diff] [blame] | 47 | // Android-changed: Fuchsia: Point to correct location of header. http://b/119426171 |
| 48 | // #ifdef _ALLBSD_SOURCE |
| 49 | #if defined(_ALLBSD_SOURCE) && !defined(__Fuchsia__) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 50 | #include <wait.h> |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 51 | #else |
| 52 | #include <sys/wait.h> |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 53 | #endif |
| 54 | #include <signal.h> |
| 55 | #include <string.h> |
| 56 | #include <errno.h> |
| 57 | #include <dirent.h> |
| 58 | #include <unistd.h> |
| 59 | #include <fcntl.h> |
| 60 | #include <limits.h> |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 61 | // Android-added: Use raw syscalls instead of libc functions in the child. |
| 62 | #ifdef __linux__ |
| 63 | #include <sys/syscall.h> |
| 64 | #endif |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 65 | |
| 66 | #ifdef __APPLE__ |
| 67 | #include <crt_externs.h> |
| 68 | #define environ (*_NSGetEnviron()) |
| 69 | #endif |
| 70 | |
| 71 | /* |
| 72 | * There are 3 possible strategies we might use to "fork": |
| 73 | * |
| 74 | * - fork(2). Very portable and reliable but subject to |
| 75 | * failure due to overcommit (see the documentation on |
| 76 | * /proc/sys/vm/overcommit_memory in Linux proc(5)). |
| 77 | * This is the ancient problem of spurious failure whenever a large |
| 78 | * process starts a small subprocess. |
| 79 | * |
| 80 | * - vfork(). Using this is scary because all relevant man pages |
| 81 | * contain dire warnings, e.g. Linux vfork(2). But at least it's |
| 82 | * documented in the glibc docs and is standardized by XPG4. |
| 83 | * http://www.opengroup.org/onlinepubs/000095399/functions/vfork.html |
| 84 | * On Linux, one might think that vfork() would be implemented using |
| 85 | * the clone system call with flag CLONE_VFORK, but in fact vfork is |
| 86 | * a separate system call (which is a good sign, suggesting that |
| 87 | * vfork will continue to be supported at least on Linux). |
| 88 | * Another good sign is that glibc implements posix_spawn using |
| 89 | * vfork whenever possible. Note that we cannot use posix_spawn |
| 90 | * ourselves because there's no reliable way to close all inherited |
| 91 | * file descriptors. |
| 92 | * |
| 93 | * - clone() with flags CLONE_VM but not CLONE_THREAD. clone() is |
| 94 | * Linux-specific, but this ought to work - at least the glibc |
| 95 | * sources contain code to handle different combinations of CLONE_VM |
| 96 | * and CLONE_THREAD. However, when this was implemented, it |
| 97 | * appeared to fail on 32-bit i386 (but not 64-bit x86_64) Linux with |
| 98 | * the simple program |
| 99 | * Runtime.getRuntime().exec("/bin/true").waitFor(); |
| 100 | * with: |
| 101 | * # Internal Error (os_linux_x86.cpp:683), pid=19940, tid=2934639536 |
| 102 | * # Error: pthread_getattr_np failed with errno = 3 (ESRCH) |
| 103 | * We believe this is a glibc bug, reported here: |
| 104 | * http://sources.redhat.com/bugzilla/show_bug.cgi?id=10311 |
| 105 | * but the glibc maintainers closed it as WONTFIX. |
| 106 | * |
| 107 | * Based on the above analysis, we are currently using vfork() on |
| 108 | * Linux and fork() on other Unix systems, but the code to use clone() |
| 109 | * remains. |
| 110 | */ |
| 111 | |
| 112 | #define START_CHILD_USE_CLONE 0 /* clone() currently disabled; see above. */ |
| 113 | |
| 114 | #ifndef START_CHILD_USE_CLONE |
| 115 | #ifdef __linux__ |
| 116 | #define START_CHILD_USE_CLONE 1 |
| 117 | #else |
| 118 | #define START_CHILD_USE_CLONE 0 |
| 119 | #endif |
| 120 | #endif |
| 121 | |
| 122 | /* By default, use vfork() on Linux. */ |
| 123 | #ifndef START_CHILD_USE_VFORK |
Evgenii Stepanov | e537e1b | 2018-03-15 14:51:46 -0700 | [diff] [blame] | 124 | // Android-changed: disable vfork under AddressSanitizer. |
| 125 | // #ifdef __linux__ |
Evgenii Stepanov | c88ebe7 | 2021-08-17 15:59:21 -0700 | [diff] [blame] | 126 | #if defined(__linux__) && !__has_feature(address_sanitizer) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 127 | #define START_CHILD_USE_VFORK 1 |
| 128 | #else |
| 129 | #define START_CHILD_USE_VFORK 0 |
| 130 | #endif |
| 131 | #endif |
| 132 | |
| 133 | #if START_CHILD_USE_CLONE |
| 134 | #include <sched.h> |
| 135 | #define START_CHILD_SYSTEM_CALL "clone" |
| 136 | #elif START_CHILD_USE_VFORK |
| 137 | #define START_CHILD_SYSTEM_CALL "vfork" |
| 138 | #else |
| 139 | #define START_CHILD_SYSTEM_CALL "fork" |
| 140 | #endif |
| 141 | |
| 142 | #ifndef STDIN_FILENO |
| 143 | #define STDIN_FILENO 0 |
| 144 | #endif |
| 145 | |
| 146 | #ifndef STDOUT_FILENO |
| 147 | #define STDOUT_FILENO 1 |
| 148 | #endif |
| 149 | |
| 150 | #ifndef STDERR_FILENO |
| 151 | #define STDERR_FILENO 2 |
| 152 | #endif |
| 153 | |
| 154 | #ifndef SA_NOCLDSTOP |
| 155 | #define SA_NOCLDSTOP 0 |
| 156 | #endif |
| 157 | |
| 158 | #ifndef SA_RESTART |
| 159 | #define SA_RESTART 0 |
| 160 | #endif |
| 161 | |
| 162 | #define FAIL_FILENO (STDERR_FILENO + 1) |
| 163 | |
| 164 | /* TODO: Refactor. */ |
| 165 | #define RESTARTABLE(_cmd, _result) do { \ |
| 166 | do { \ |
Chih-Hung Hsieh | a0b3a2c | 2016-05-11 14:36:03 -0700 | [diff] [blame] | 167 | (_result) = _cmd; \ |
| 168 | } while(((_result) == -1) && (errno == EINTR)); \ |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 169 | } while(0) |
| 170 | |
| 171 | /* This is one of the rare times it's more portable to declare an |
| 172 | * external symbol explicitly, rather than via a system header. |
| 173 | * The declaration is standardized as part of UNIX98, but there is |
| 174 | * no standard (not even de-facto) header file where the |
| 175 | * declaration is to be found. See: |
| 176 | * http://www.opengroup.org/onlinepubs/009695399/functions/environ.html |
| 177 | * http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_02.html |
| 178 | * |
| 179 | * "All identifiers in this volume of IEEE Std 1003.1-2001, except |
| 180 | * environ, are defined in at least one of the headers" (!) |
| 181 | */ |
| 182 | extern char **environ; |
| 183 | |
| 184 | |
| 185 | static void |
| 186 | setSIGCHLDHandler(JNIEnv *env) |
| 187 | { |
| 188 | /* There is a subtle difference between having the signal handler |
| 189 | * for SIGCHLD be SIG_DFL and SIG_IGN. We cannot obtain process |
| 190 | * termination information for child processes if the signal |
| 191 | * handler is SIG_IGN. It must be SIG_DFL. |
| 192 | * |
| 193 | * We used to set the SIGCHLD handler only on Linux, but it's |
| 194 | * safest to set it unconditionally. |
| 195 | * |
| 196 | * Consider what happens if java's parent process sets the SIGCHLD |
| 197 | * handler to SIG_IGN. Normally signal handlers are inherited by |
| 198 | * children, but SIGCHLD is a controversial case. Solaris appears |
| 199 | * to always reset it to SIG_DFL, but this behavior may be |
| 200 | * non-standard-compliant, and we shouldn't rely on it. |
| 201 | * |
| 202 | * References: |
| 203 | * http://www.opengroup.org/onlinepubs/7908799/xsh/exec.html |
| 204 | * http://www.pasc.org/interps/unofficial/db/p1003.1/pasc-1003.1-132.html |
| 205 | */ |
| 206 | struct sigaction sa; |
| 207 | sa.sa_handler = SIG_DFL; |
| 208 | sigemptyset(&sa.sa_mask); |
| 209 | sa.sa_flags = SA_NOCLDSTOP | SA_RESTART; |
| 210 | if (sigaction(SIGCHLD, &sa, NULL) < 0) |
| 211 | JNU_ThrowInternalError(env, "Can't set SIGCHLD handler"); |
| 212 | } |
| 213 | |
| 214 | static void* |
| 215 | xmalloc(JNIEnv *env, size_t size) |
| 216 | { |
| 217 | void *p = malloc(size); |
| 218 | if (p == NULL) |
| 219 | JNU_ThrowOutOfMemoryError(env, NULL); |
| 220 | return p; |
| 221 | } |
| 222 | |
| 223 | #define NEW(type, n) ((type *) xmalloc(env, (n) * sizeof(type))) |
| 224 | |
| 225 | /** |
| 226 | * If PATH is not defined, the OS provides some default value. |
| 227 | * Unfortunately, there's no portable way to get this value. |
| 228 | * Fortunately, it's only needed if the child has PATH while we do not. |
| 229 | */ |
| 230 | static const char* |
| 231 | defaultPath(void) |
| 232 | { |
| 233 | #ifdef __solaris__ |
| 234 | /* These really are the Solaris defaults! */ |
| 235 | return (geteuid() == 0 || getuid() == 0) ? |
| 236 | "/usr/xpg4/bin:/usr/ccs/bin:/usr/bin:/opt/SUNWspro/bin:/usr/sbin" : |
| 237 | "/usr/xpg4/bin:/usr/ccs/bin:/usr/bin:/opt/SUNWspro/bin:"; |
| 238 | #else |
| 239 | return ":/bin:/usr/bin"; /* glibc */ |
| 240 | #endif |
| 241 | } |
| 242 | |
| 243 | static const char* |
| 244 | effectivePath(void) |
| 245 | { |
| 246 | const char *s = getenv("PATH"); |
| 247 | return (s != NULL) ? s : defaultPath(); |
| 248 | } |
| 249 | |
| 250 | static int |
| 251 | countOccurrences(const char *s, char c) |
| 252 | { |
| 253 | int count; |
| 254 | for (count = 0; *s != '\0'; s++) |
| 255 | count += (*s == c); |
| 256 | return count; |
| 257 | } |
| 258 | |
| 259 | static const char * const * |
| 260 | splitPath(JNIEnv *env, const char *path) |
| 261 | { |
| 262 | const char *p, *q; |
| 263 | char **pathv; |
| 264 | int i; |
| 265 | int count = countOccurrences(path, ':') + 1; |
| 266 | |
| 267 | pathv = NEW(char*, count+1); |
| 268 | pathv[count] = NULL; |
| 269 | for (p = path, i = 0; i < count; i++, p = q + 1) { |
| 270 | for (q = p; (*q != ':') && (*q != '\0'); q++) |
| 271 | ; |
| 272 | if (q == p) /* empty PATH component => "." */ |
| 273 | pathv[i] = "./"; |
| 274 | else { |
| 275 | int addSlash = ((*(q - 1)) != '/'); |
| 276 | pathv[i] = NEW(char, q - p + addSlash + 1); |
| 277 | memcpy(pathv[i], p, q - p); |
| 278 | if (addSlash) |
| 279 | pathv[i][q - p] = '/'; |
| 280 | pathv[i][q - p + addSlash] = '\0'; |
| 281 | } |
| 282 | } |
| 283 | return (const char * const *) pathv; |
| 284 | } |
| 285 | |
| 286 | /** |
| 287 | * Cached value of JVM's effective PATH. |
| 288 | * (We don't support putenv("PATH=...") in native code) |
| 289 | */ |
| 290 | static const char *parentPath; |
| 291 | |
| 292 | /** |
| 293 | * Split, canonicalized version of parentPath |
| 294 | */ |
| 295 | static const char * const *parentPathv; |
| 296 | |
| 297 | static jfieldID field_exitcode; |
| 298 | |
| 299 | JNIEXPORT void JNICALL |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 300 | UNIXProcess_initIDs(JNIEnv *env, jclass clazz) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 301 | { |
| 302 | field_exitcode = (*env)->GetFieldID(env, clazz, "exitcode", "I"); |
| 303 | |
| 304 | parentPath = effectivePath(); |
| 305 | parentPathv = splitPath(env, parentPath); |
| 306 | |
| 307 | setSIGCHLDHandler(env); |
| 308 | } |
| 309 | |
| 310 | |
| 311 | #ifndef WIFEXITED |
| 312 | #define WIFEXITED(status) (((status)&0xFF) == 0) |
| 313 | #endif |
| 314 | |
| 315 | #ifndef WEXITSTATUS |
| 316 | #define WEXITSTATUS(status) (((status)>>8)&0xFF) |
| 317 | #endif |
| 318 | |
| 319 | #ifndef WIFSIGNALED |
| 320 | #define WIFSIGNALED(status) (((status)&0xFF) > 0 && ((status)&0xFF00) == 0) |
| 321 | #endif |
| 322 | |
| 323 | #ifndef WTERMSIG |
| 324 | #define WTERMSIG(status) ((status)&0x7F) |
| 325 | #endif |
| 326 | |
| 327 | /* Block until a child process exits and return its exit code. |
| 328 | Note, can only be called once for any given pid. */ |
| 329 | JNIEXPORT jint JNICALL |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 330 | UNIXProcess_waitForProcessExit(JNIEnv* env, |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 331 | jobject junk, |
| 332 | jint pid) |
| 333 | { |
| 334 | /* We used to use waitid() on Solaris, waitpid() on Linux, but |
| 335 | * waitpid() is more standard, so use it on all POSIX platforms. */ |
| 336 | int status; |
| 337 | /* Wait for the child process to exit. This returns immediately if |
| 338 | the child has already exited. */ |
| 339 | while (waitpid(pid, &status, 0) < 0) { |
| 340 | switch (errno) { |
| 341 | case ECHILD: return 0; |
| 342 | case EINTR: break; |
| 343 | default: return -1; |
| 344 | } |
| 345 | } |
| 346 | |
| 347 | if (WIFEXITED(status)) { |
| 348 | /* |
| 349 | * The child exited normally; get its exit code. |
| 350 | */ |
| 351 | return WEXITSTATUS(status); |
| 352 | } else if (WIFSIGNALED(status)) { |
| 353 | /* The child exited because of a signal. |
| 354 | * The best value to return is 0x80 + signal number, |
| 355 | * because that is what all Unix shells do, and because |
| 356 | * it allows callers to distinguish between process exit and |
| 357 | * process death by signal. |
| 358 | * Unfortunately, the historical behavior on Solaris is to return |
| 359 | * the signal number, and we preserve this for compatibility. */ |
| 360 | #ifdef __solaris__ |
| 361 | return WTERMSIG(status); |
| 362 | #else |
| 363 | return 0x80 + WTERMSIG(status); |
| 364 | #endif |
| 365 | } else { |
| 366 | /* |
| 367 | * Unknown exit code; pass it through. |
| 368 | */ |
| 369 | return status; |
| 370 | } |
| 371 | } |
| 372 | |
| 373 | static ssize_t |
| 374 | restartableWrite(int fd, const void *buf, size_t count) |
| 375 | { |
| 376 | ssize_t result; |
| 377 | RESTARTABLE(write(fd, buf, count), result); |
| 378 | return result; |
| 379 | } |
| 380 | |
| 381 | static int |
| 382 | restartableDup2(int fd_from, int fd_to) |
| 383 | { |
| 384 | int err; |
| 385 | RESTARTABLE(dup2(fd_from, fd_to), err); |
| 386 | return err; |
| 387 | } |
| 388 | |
| 389 | static int |
| 390 | restartableClose(int fd) |
| 391 | { |
| 392 | int err; |
Nick Kralevich | 4ecb71f | 2019-01-16 12:23:53 -0800 | [diff] [blame] | 393 | // Android-changed: do not retry EINTR close() failures. b/20501816 |
| 394 | // Note: This code was removed upstream in OpenJDK 7u50, |
| 395 | // commit http://hg.openjdk.java.net/jdk/jdk/rev/e2e5122cd62e |
| 396 | // relating to upstream bug JDK-5049299. The entire file was |
| 397 | // then dropped in favor of .java code in upstream OpenJDK 9, |
| 398 | // commit http://hg.openjdk.java.net/jdk/jdk/rev/fe8344cf6496 |
| 399 | // |
| 400 | // If we integrate OpenJDK 7u50+, this Android patch can be dropped. |
| 401 | // |
| 402 | // RESTARTABLE(close(fd), err); |
| 403 | err = close(fd); |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 404 | return err; |
| 405 | } |
| 406 | |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 407 | // Android-added: in the child process, we want to avoid using the libc |
| 408 | // close() function because it is sometimes intercepted by other libraries and |
| 409 | // could cause a deadlock. |
| 410 | static int closeInChild(int fd) |
| 411 | { |
| 412 | #ifdef __linux__ |
| 413 | return syscall(__NR_close, fd); |
| 414 | #else |
| 415 | return close(fd); |
| 416 | #endif |
| 417 | } |
| 418 | |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 419 | static int |
| 420 | closeSafely(int fd) |
| 421 | { |
| 422 | return (fd == -1) ? 0 : restartableClose(fd); |
| 423 | } |
| 424 | |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 425 | // Android-added: See closeInChild. |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 426 | static int |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 427 | closeSafelyInChild(int fd) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 428 | { |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 429 | return (fd == -1) ? 0 : closeInChild(fd); |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 430 | } |
| 431 | |
Doug Horn | e9cc931 | 2018-11-20 12:17:20 -0800 | [diff] [blame] | 432 | // Android-changed: Fuchsia: Alias *64 on Fuchsia builds. http://b/119496969 |
| 433 | // #ifdef _ALLBSD_SOURCE |
| 434 | #if defined(_ALLBSD_SOURCE) || defined(__Fuchsia__) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 435 | #define FD_DIR "/dev/fd" |
| 436 | #define dirent64 dirent |
| 437 | #define readdir64 readdir |
| 438 | #else |
| 439 | #define FD_DIR "/proc/self/fd" |
| 440 | #endif |
| 441 | |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 442 | // Android-changed: opendir is not async-signal-safe and should not be called |
| 443 | // after forking. This can cause a deadlock if both of these conditions are met: |
| 444 | // - The program is running under a binary translation tool such as Valgrind |
| 445 | // which emulates the vfork syscall using fork. |
| 446 | // - The malloc mutex was locked at the time of the fork, which remains |
| 447 | // permanently locked in the child process. |
| 448 | // |
| 449 | // As a workaround, we access the directory directly with the getdents syscall |
| 450 | // using a stack-allocated buffer. |
| 451 | #ifdef __linux__ |
| 452 | static int |
| 453 | closeDescriptors(void) |
| 454 | { |
| 455 | int dir_fd; |
| 456 | char buffer[4096]; |
| 457 | long available_bytes; |
| 458 | int from_fd = FAIL_FILENO + 1; |
| 459 | |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 460 | // Close one file descriptor to guarantee that we have enough free FDs to |
| 461 | // open FD_DIR. |
| 462 | closeInChild(from_fd); |
| 463 | |
| 464 | if ((dir_fd = syscall(__NR_openat, AT_FDCWD, FD_DIR, O_CLOEXEC | O_DIRECTORY | O_RDONLY)) == -1) |
| 465 | return 0; |
| 466 | |
| 467 | // See closeInChild for why we are using a raw syscall here. |
| 468 | while ((available_bytes = syscall(__NR_getdents64, dir_fd, buffer, sizeof(buffer))) > 0) { |
| 469 | char *p = buffer; |
| 470 | while (available_bytes > 0) { |
| 471 | struct dirent64 *dirp = (struct dirent64 *)p; |
| 472 | p += dirp->d_reclen; |
| 473 | available_bytes -= dirp->d_reclen; |
| 474 | |
| 475 | int fd = atoi(dirp->d_name); |
| 476 | if (fd >= from_fd && fd != dir_fd) |
| 477 | closeInChild(fd); |
| 478 | } |
| 479 | } |
| 480 | |
| 481 | closeInChild(dir_fd); |
| 482 | |
| 483 | return 1; |
| 484 | } |
| 485 | #else |
| 486 | static int |
| 487 | isAsciiDigit(char c) |
| 488 | { |
| 489 | return c >= '0' && c <= '9'; |
| 490 | } |
| 491 | |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 492 | static int |
Florian Mayer | d4f5306 | 2020-04-28 14:58:06 +0000 | [diff] [blame] | 493 | closeDescriptors(void) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 494 | { |
Florian Mayer | d4f5306 | 2020-04-28 14:58:06 +0000 | [diff] [blame] | 495 | DIR *dp; |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 496 | struct dirent64 *dirp; |
| 497 | int from_fd = FAIL_FILENO + 1; |
| 498 | |
| 499 | /* We're trying to close all file descriptors, but opendir() might |
| 500 | * itself be implemented using a file descriptor, and we certainly |
| 501 | * don't want to close that while it's in use. We assume that if |
| 502 | * opendir() is implemented using a file descriptor, then it uses |
| 503 | * the lowest numbered file descriptor, just like open(). So we |
| 504 | * close a couple explicitly. */ |
| 505 | |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 506 | closeInChild(from_fd); /* for possible use by opendir() */ |
| 507 | closeInChild(from_fd + 1); /* another one for good luck */ |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 508 | |
Florian Mayer | d4f5306 | 2020-04-28 14:58:06 +0000 | [diff] [blame] | 509 | if ((dp = opendir(FD_DIR)) == NULL) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 510 | return 0; |
| 511 | |
| 512 | /* We use readdir64 instead of readdir to work around Solaris bug |
| 513 | * 6395699: /proc/self/fd fails to report file descriptors >= 1024 on Solaris 9 |
| 514 | */ |
| 515 | while ((dirp = readdir64(dp)) != NULL) { |
| 516 | int fd; |
| 517 | if (isAsciiDigit(dirp->d_name[0]) && |
| 518 | (fd = strtol(dirp->d_name, NULL, 10)) >= from_fd + 2) |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 519 | closeInChild(fd); |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 520 | } |
| 521 | |
| 522 | closedir(dp); |
| 523 | |
| 524 | return 1; |
| 525 | } |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 526 | #endif |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 527 | |
| 528 | static int |
| 529 | moveDescriptor(int fd_from, int fd_to) |
| 530 | { |
| 531 | if (fd_from != fd_to) { |
| 532 | if ((restartableDup2(fd_from, fd_to) == -1) || |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 533 | (closeInChild(fd_from) == -1)) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 534 | return -1; |
| 535 | } |
| 536 | return 0; |
| 537 | } |
| 538 | |
| 539 | static const char * |
| 540 | getBytes(JNIEnv *env, jbyteArray arr) |
| 541 | { |
| 542 | return arr == NULL ? NULL : |
| 543 | (const char*) (*env)->GetByteArrayElements(env, arr, NULL); |
| 544 | } |
| 545 | |
| 546 | static void |
| 547 | releaseBytes(JNIEnv *env, jbyteArray arr, const char* parr) |
| 548 | { |
| 549 | if (parr != NULL) |
| 550 | (*env)->ReleaseByteArrayElements(env, arr, (jbyte*) parr, JNI_ABORT); |
| 551 | } |
| 552 | |
| 553 | static void |
| 554 | initVectorFromBlock(const char**vector, const char* block, int count) |
| 555 | { |
| 556 | int i; |
| 557 | const char *p; |
| 558 | for (i = 0, p = block; i < count; i++) { |
| 559 | /* Invariant: p always points to the start of a C string. */ |
| 560 | vector[i] = p; |
| 561 | while (*(p++)); |
| 562 | } |
| 563 | vector[count] = NULL; |
| 564 | } |
| 565 | |
| 566 | static void |
| 567 | throwIOException(JNIEnv *env, int errnum, const char *defaultDetail) |
| 568 | { |
| 569 | static const char * const format = "error=%d, %s"; |
| 570 | const char *detail = defaultDetail; |
| 571 | char *errmsg; |
| 572 | jstring s; |
| 573 | |
| 574 | if (errnum != 0) { |
| 575 | const char *s = strerror(errnum); |
Nikita Iashchenko | 60d0167 | 2018-10-05 15:58:47 +0100 | [diff] [blame] | 576 | // Android-changed: Fix logic for recognizing error strings. http://b/110019823 |
| 577 | // if (strcmp(s, "Unknown error") != 0) |
| 578 | if (strstr(s, "Unknown error") == 0) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 579 | detail = s; |
| 580 | } |
| 581 | /* ASCII Decimal representation uses 2.4 times as many bits as binary. */ |
George Burgess IV | 6786911 | 2016-03-02 13:58:32 -0800 | [diff] [blame] | 582 | size_t newsize = strlen(format) + strlen(detail) + 3 * sizeof(errnum); |
| 583 | errmsg = NEW(char, newsize); |
| 584 | snprintf(errmsg, newsize, format, errnum, detail); |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 585 | s = JNU_NewStringPlatform(env, errmsg); |
| 586 | if (s != NULL) { |
| 587 | jobject x = JNU_NewObjectByName(env, "java/io/IOException", |
| 588 | "(Ljava/lang/String;)V", s); |
| 589 | if (x != NULL) |
| 590 | (*env)->Throw(env, x); |
| 591 | } |
| 592 | free(errmsg); |
| 593 | } |
| 594 | |
| 595 | #ifdef DEBUG_PROCESS |
| 596 | /* Debugging process code is difficult; where to write debug output? */ |
| 597 | static void |
| 598 | debugPrint(char *format, ...) |
| 599 | { |
| 600 | FILE *tty = fopen("/dev/tty", "w"); |
| 601 | va_list ap; |
| 602 | va_start(ap, format); |
| 603 | vfprintf(tty, format, ap); |
| 604 | va_end(ap); |
| 605 | fclose(tty); |
| 606 | } |
| 607 | #endif /* DEBUG_PROCESS */ |
| 608 | |
| 609 | /** |
| 610 | * Exec FILE as a traditional Bourne shell script (i.e. one without #!). |
| 611 | * If we could do it over again, we would probably not support such an ancient |
| 612 | * misfeature, but compatibility wins over sanity. The original support for |
| 613 | * this was imported accidentally from execvp(). |
| 614 | */ |
Evgenii Stepanov | e537e1b | 2018-03-15 14:51:46 -0700 | [diff] [blame] | 615 | // Android-added: #if START_CHILD_USE_CLONE || START_CHILD_USE_VFORK |
| 616 | #if START_CHILD_USE_CLONE || START_CHILD_USE_VFORK |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 617 | static void |
| 618 | execve_as_traditional_shell_script(const char *file, |
| 619 | const char *argv[], |
| 620 | const char *const envp[]) |
| 621 | { |
| 622 | /* Use the extra word of space provided for us in argv by caller. */ |
| 623 | const char *argv0 = argv[0]; |
| 624 | const char *const *end = argv; |
| 625 | while (*end != NULL) |
| 626 | ++end; |
| 627 | memmove(argv+2, argv+1, (end-argv) * sizeof (*end)); |
| 628 | argv[0] = "/bin/sh"; |
| 629 | argv[1] = file; |
| 630 | execve(argv[0], (char **) argv, (char **) envp); |
| 631 | /* Can't even exec /bin/sh? Big trouble, but let's soldier on... */ |
| 632 | memmove(argv+1, argv+2, (end-argv) * sizeof (*end)); |
| 633 | argv[0] = argv0; |
| 634 | } |
Evgenii Stepanov | e537e1b | 2018-03-15 14:51:46 -0700 | [diff] [blame] | 635 | #endif |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 636 | |
| 637 | /** |
| 638 | * Like execve(2), except that in case of ENOEXEC, FILE is assumed to |
| 639 | * be a shell script and the system default shell is invoked to run it. |
| 640 | */ |
| 641 | static void |
| 642 | execve_with_shell_fallback(const char *file, |
| 643 | const char *argv[], |
| 644 | const char *const envp[]) |
| 645 | { |
| 646 | #if START_CHILD_USE_CLONE || START_CHILD_USE_VFORK |
| 647 | /* shared address space; be very careful. */ |
| 648 | execve(file, (char **) argv, (char **) envp); |
| 649 | if (errno == ENOEXEC) |
| 650 | execve_as_traditional_shell_script(file, argv, envp); |
| 651 | #else |
| 652 | /* unshared address space; we can mutate environ. */ |
| 653 | environ = (char **) envp; |
| 654 | execvp(file, (char **) argv); |
| 655 | #endif |
| 656 | } |
| 657 | |
| 658 | /** |
| 659 | * 'execvpe' should have been included in the Unix standards, |
| 660 | * and is a GNU extension in glibc 2.10. |
| 661 | * |
| 662 | * JDK_execvpe is identical to execvp, except that the child environment is |
| 663 | * specified via the 3rd argument instead of being inherited from environ. |
| 664 | */ |
| 665 | static void |
| 666 | JDK_execvpe(const char *file, |
| 667 | const char *argv[], |
| 668 | const char *const envp[]) |
| 669 | { |
| 670 | if (envp == NULL || (char **) envp == environ) { |
| 671 | execvp(file, (char **) argv); |
| 672 | return; |
| 673 | } |
| 674 | |
| 675 | if (*file == '\0') { |
| 676 | errno = ENOENT; |
| 677 | return; |
| 678 | } |
| 679 | |
| 680 | if (strchr(file, '/') != NULL) { |
| 681 | execve_with_shell_fallback(file, argv, envp); |
| 682 | } else { |
| 683 | /* We must search PATH (parent's, not child's) */ |
| 684 | char expanded_file[PATH_MAX]; |
| 685 | int filelen = strlen(file); |
| 686 | int sticky_errno = 0; |
| 687 | const char * const * dirs; |
| 688 | for (dirs = parentPathv; *dirs; dirs++) { |
| 689 | const char * dir = *dirs; |
| 690 | int dirlen = strlen(dir); |
| 691 | if (filelen + dirlen + 1 >= PATH_MAX) { |
| 692 | errno = ENAMETOOLONG; |
| 693 | continue; |
| 694 | } |
| 695 | memcpy(expanded_file, dir, dirlen); |
| 696 | memcpy(expanded_file + dirlen, file, filelen); |
| 697 | expanded_file[dirlen + filelen] = '\0'; |
| 698 | execve_with_shell_fallback(expanded_file, argv, envp); |
| 699 | /* There are 3 responses to various classes of errno: |
| 700 | * return immediately, continue (especially for ENOENT), |
| 701 | * or continue with "sticky" errno. |
| 702 | * |
| 703 | * From exec(3): |
| 704 | * |
| 705 | * If permission is denied for a file (the attempted |
| 706 | * execve returned EACCES), these functions will continue |
| 707 | * searching the rest of the search path. If no other |
| 708 | * file is found, however, they will return with the |
| 709 | * global variable errno set to EACCES. |
| 710 | */ |
| 711 | switch (errno) { |
| 712 | case EACCES: |
| 713 | sticky_errno = errno; |
| 714 | /* FALLTHRU */ |
| 715 | case ENOENT: |
| 716 | case ENOTDIR: |
| 717 | #ifdef ELOOP |
| 718 | case ELOOP: |
| 719 | #endif |
| 720 | #ifdef ESTALE |
| 721 | case ESTALE: |
| 722 | #endif |
| 723 | #ifdef ENODEV |
| 724 | case ENODEV: |
| 725 | #endif |
| 726 | #ifdef ETIMEDOUT |
| 727 | case ETIMEDOUT: |
| 728 | #endif |
| 729 | break; /* Try other directories in PATH */ |
| 730 | default: |
| 731 | return; |
| 732 | } |
| 733 | } |
| 734 | if (sticky_errno != 0) |
| 735 | errno = sticky_errno; |
| 736 | } |
| 737 | } |
| 738 | |
| 739 | /* |
| 740 | * Reads nbyte bytes from file descriptor fd into buf, |
| 741 | * The read operation is retried in case of EINTR or partial reads. |
| 742 | * |
| 743 | * Returns number of bytes read (normally nbyte, but may be less in |
| 744 | * case of EOF). In case of read errors, returns -1 and sets errno. |
| 745 | */ |
| 746 | static ssize_t |
| 747 | readFully(int fd, void *buf, size_t nbyte) |
| 748 | { |
| 749 | ssize_t remaining = nbyte; |
| 750 | for (;;) { |
| 751 | ssize_t n = read(fd, buf, remaining); |
| 752 | if (n == 0) { |
| 753 | return nbyte - remaining; |
| 754 | } else if (n > 0) { |
| 755 | remaining -= n; |
| 756 | if (remaining <= 0) |
| 757 | return nbyte; |
| 758 | /* We were interrupted in the middle of reading the bytes. |
| 759 | * Unlikely, but possible. */ |
| 760 | buf = (void *) (((char *)buf) + n); |
| 761 | } else if (errno == EINTR) { |
| 762 | /* Strange signals like SIGJVM1 are possible at any time. |
| 763 | * See http://www.dreamsongs.com/WorseIsBetter.html */ |
| 764 | } else { |
| 765 | return -1; |
| 766 | } |
| 767 | } |
| 768 | } |
| 769 | |
| 770 | typedef struct _ChildStuff |
| 771 | { |
| 772 | int in[2]; |
| 773 | int out[2]; |
| 774 | int err[2]; |
| 775 | int fail[2]; |
| 776 | int fds[3]; |
| 777 | const char **argv; |
| 778 | const char **envv; |
| 779 | const char *pdir; |
| 780 | jboolean redirectErrorStream; |
| 781 | #if START_CHILD_USE_CLONE |
| 782 | void *clone_stack; |
| 783 | #endif |
| 784 | } ChildStuff; |
| 785 | |
| 786 | static void |
| 787 | copyPipe(int from[2], int to[2]) |
| 788 | { |
| 789 | to[0] = from[0]; |
| 790 | to[1] = from[1]; |
| 791 | } |
| 792 | |
| 793 | /** |
| 794 | * Child process after a successful fork() or clone(). |
| 795 | * This function must not return, and must be prepared for either all |
| 796 | * of its address space to be shared with its parent, or to be a copy. |
| 797 | * It must not modify global variables such as "environ". |
| 798 | */ |
| 799 | static int |
| 800 | childProcess(void *arg) |
| 801 | { |
| 802 | const ChildStuff* p = (const ChildStuff*) arg; |
| 803 | |
| 804 | /* Close the parent sides of the pipes. |
| 805 | Closing pipe fds here is redundant, since closeDescriptors() |
| 806 | would do it anyways, but a little paranoia is a good thing. */ |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 807 | if ((closeSafelyInChild(p->in[1]) == -1) || |
| 808 | (closeSafelyInChild(p->out[0]) == -1) || |
| 809 | (closeSafelyInChild(p->err[0]) == -1) || |
| 810 | (closeSafelyInChild(p->fail[0]) == -1)) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 811 | goto WhyCantJohnnyExec; |
| 812 | |
| 813 | /* Give the child sides of the pipes the right fileno's. */ |
| 814 | /* Note: it is possible for in[0] == 0 */ |
| 815 | if ((moveDescriptor(p->in[0] != -1 ? p->in[0] : p->fds[0], |
| 816 | STDIN_FILENO) == -1) || |
| 817 | (moveDescriptor(p->out[1]!= -1 ? p->out[1] : p->fds[1], |
| 818 | STDOUT_FILENO) == -1)) |
| 819 | goto WhyCantJohnnyExec; |
| 820 | |
| 821 | if (p->redirectErrorStream) { |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 822 | if ((closeSafelyInChild(p->err[1]) == -1) || |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 823 | (restartableDup2(STDOUT_FILENO, STDERR_FILENO) == -1)) |
| 824 | goto WhyCantJohnnyExec; |
| 825 | } else { |
| 826 | if (moveDescriptor(p->err[1] != -1 ? p->err[1] : p->fds[2], |
| 827 | STDERR_FILENO) == -1) |
| 828 | goto WhyCantJohnnyExec; |
| 829 | } |
| 830 | |
| 831 | if (moveDescriptor(p->fail[1], FAIL_FILENO) == -1) |
| 832 | goto WhyCantJohnnyExec; |
| 833 | |
| 834 | /* close everything */ |
Florian Mayer | d4f5306 | 2020-04-28 14:58:06 +0000 | [diff] [blame] | 835 | if (closeDescriptors() == 0) { /* failed, close the old way */ |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 836 | int max_fd = (int)sysconf(_SC_OPEN_MAX); |
| 837 | int fd; |
| 838 | for (fd = FAIL_FILENO + 1; fd < max_fd; fd++) |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 839 | if (closeInChild(fd) == -1 && errno != EBADF) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 840 | goto WhyCantJohnnyExec; |
| 841 | } |
| 842 | |
| 843 | /* change to the new working directory */ |
| 844 | if (p->pdir != NULL && chdir(p->pdir) < 0) |
| 845 | goto WhyCantJohnnyExec; |
| 846 | |
| 847 | if (fcntl(FAIL_FILENO, F_SETFD, FD_CLOEXEC) == -1) |
| 848 | goto WhyCantJohnnyExec; |
| 849 | |
| 850 | JDK_execvpe(p->argv[0], p->argv, p->envv); |
| 851 | |
| 852 | WhyCantJohnnyExec: |
| 853 | /* We used to go to an awful lot of trouble to predict whether the |
| 854 | * child would fail, but there is no reliable way to predict the |
| 855 | * success of an operation without *trying* it, and there's no way |
| 856 | * to try a chdir or exec in the parent. Instead, all we need is a |
| 857 | * way to communicate any failure back to the parent. Easy; we just |
| 858 | * send the errno back to the parent over a pipe in case of failure. |
| 859 | * The tricky thing is, how do we communicate the *success* of exec? |
| 860 | * We use FD_CLOEXEC together with the fact that a read() on a pipe |
| 861 | * yields EOF when the write ends (we have two of them!) are closed. |
| 862 | */ |
| 863 | { |
| 864 | int errnum = errno; |
| 865 | restartableWrite(FAIL_FILENO, &errnum, sizeof(errnum)); |
| 866 | } |
Amanieu d'Antras | c88b39b | 2022-05-05 15:11:29 +0100 | [diff] [blame] | 867 | closeInChild(FAIL_FILENO); |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 868 | _exit(-1); |
| 869 | return 0; /* Suppress warning "no return value from function" */ |
| 870 | } |
| 871 | |
| 872 | /** |
| 873 | * Start a child process running function childProcess. |
| 874 | * This function only returns in the parent. |
| 875 | * We are unusually paranoid; use of clone/vfork is |
| 876 | * especially likely to tickle gcc/glibc bugs. |
| 877 | */ |
| 878 | #ifdef __attribute_noinline__ /* See: sys/cdefs.h */ |
| 879 | __attribute_noinline__ |
| 880 | #endif |
| 881 | static pid_t |
| 882 | startChild(ChildStuff *c) { |
| 883 | #if START_CHILD_USE_CLONE |
| 884 | #define START_CHILD_CLONE_STACK_SIZE (64 * 1024) |
| 885 | /* |
| 886 | * See clone(2). |
| 887 | * Instead of worrying about which direction the stack grows, just |
| 888 | * allocate twice as much and start the stack in the middle. |
| 889 | */ |
| 890 | if ((c->clone_stack = malloc(2 * START_CHILD_CLONE_STACK_SIZE)) == NULL) |
| 891 | /* errno will be set to ENOMEM */ |
| 892 | return -1; |
| 893 | return clone(childProcess, |
| 894 | c->clone_stack + START_CHILD_CLONE_STACK_SIZE, |
| 895 | CLONE_VFORK | CLONE_VM | SIGCHLD, c); |
| 896 | #else |
| 897 | #if START_CHILD_USE_VFORK |
| 898 | /* |
| 899 | * We separate the call to vfork into a separate function to make |
| 900 | * very sure to keep stack of child from corrupting stack of parent, |
| 901 | * as suggested by the scary gcc warning: |
| 902 | * warning: variable 'foo' might be clobbered by 'longjmp' or 'vfork' |
| 903 | */ |
| 904 | volatile pid_t resultPid = vfork(); |
| 905 | #else |
| 906 | /* |
| 907 | * From Solaris fork(2): In Solaris 10, a call to fork() is |
| 908 | * identical to a call to fork1(); only the calling thread is |
| 909 | * replicated in the child process. This is the POSIX-specified |
| 910 | * behavior for fork(). |
| 911 | */ |
| 912 | pid_t resultPid = fork(); |
| 913 | #endif |
| 914 | if (resultPid == 0) |
| 915 | childProcess(c); |
| 916 | assert(resultPid != 0); /* childProcess never returns */ |
| 917 | return resultPid; |
| 918 | #endif /* ! START_CHILD_USE_CLONE */ |
| 919 | } |
| 920 | |
| 921 | JNIEXPORT jint JNICALL |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 922 | UNIXProcess_forkAndExec(JNIEnv *env, |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 923 | jobject process, |
| 924 | jbyteArray prog, |
| 925 | jbyteArray argBlock, jint argc, |
| 926 | jbyteArray envBlock, jint envc, |
| 927 | jbyteArray dir, |
| 928 | jintArray std_fds, |
| 929 | jboolean redirectErrorStream) |
| 930 | { |
| 931 | int errnum; |
| 932 | int resultPid = -1; |
| 933 | int in[2], out[2], err[2], fail[2]; |
| 934 | jint *fds = NULL; |
| 935 | const char *pprog = NULL; |
| 936 | const char *pargBlock = NULL; |
| 937 | const char *penvBlock = NULL; |
| 938 | ChildStuff *c; |
| 939 | |
| 940 | in[0] = in[1] = out[0] = out[1] = err[0] = err[1] = fail[0] = fail[1] = -1; |
| 941 | |
| 942 | if ((c = NEW(ChildStuff, 1)) == NULL) return -1; |
| 943 | c->argv = NULL; |
| 944 | c->envv = NULL; |
| 945 | c->pdir = NULL; |
| 946 | #if START_CHILD_USE_CLONE |
| 947 | c->clone_stack = NULL; |
| 948 | #endif |
| 949 | |
| 950 | /* Convert prog + argBlock into a char ** argv. |
| 951 | * Add one word room for expansion of argv for use by |
| 952 | * execve_as_traditional_shell_script. |
| 953 | */ |
| 954 | assert(prog != NULL && argBlock != NULL); |
| 955 | if ((pprog = getBytes(env, prog)) == NULL) goto Catch; |
| 956 | if ((pargBlock = getBytes(env, argBlock)) == NULL) goto Catch; |
| 957 | if ((c->argv = NEW(const char *, argc + 3)) == NULL) goto Catch; |
| 958 | c->argv[0] = pprog; |
| 959 | initVectorFromBlock(c->argv+1, pargBlock, argc); |
| 960 | |
| 961 | if (envBlock != NULL) { |
| 962 | /* Convert envBlock into a char ** envv */ |
| 963 | if ((penvBlock = getBytes(env, envBlock)) == NULL) goto Catch; |
| 964 | if ((c->envv = NEW(const char *, envc + 1)) == NULL) goto Catch; |
| 965 | initVectorFromBlock(c->envv, penvBlock, envc); |
| 966 | } |
| 967 | |
| 968 | if (dir != NULL) { |
| 969 | if ((c->pdir = getBytes(env, dir)) == NULL) goto Catch; |
| 970 | } |
| 971 | |
| 972 | assert(std_fds != NULL); |
| 973 | fds = (*env)->GetIntArrayElements(env, std_fds, NULL); |
| 974 | if (fds == NULL) goto Catch; |
| 975 | |
| 976 | if ((fds[0] == -1 && pipe(in) < 0) || |
| 977 | (fds[1] == -1 && pipe(out) < 0) || |
| 978 | (fds[2] == -1 && pipe(err) < 0) || |
| 979 | (pipe(fail) < 0)) { |
| 980 | throwIOException(env, errno, "Bad file descriptor"); |
| 981 | goto Catch; |
| 982 | } |
| 983 | c->fds[0] = fds[0]; |
| 984 | c->fds[1] = fds[1]; |
| 985 | c->fds[2] = fds[2]; |
| 986 | |
| 987 | copyPipe(in, c->in); |
| 988 | copyPipe(out, c->out); |
| 989 | copyPipe(err, c->err); |
| 990 | copyPipe(fail, c->fail); |
| 991 | |
| 992 | c->redirectErrorStream = redirectErrorStream; |
| 993 | |
| 994 | resultPid = startChild(c); |
| 995 | assert(resultPid != 0); |
| 996 | |
| 997 | if (resultPid < 0) { |
| 998 | throwIOException(env, errno, START_CHILD_SYSTEM_CALL " failed"); |
| 999 | goto Catch; |
| 1000 | } |
| 1001 | |
| 1002 | restartableClose(fail[1]); fail[1] = -1; /* See: WhyCantJohnnyExec */ |
| 1003 | |
| 1004 | switch (readFully(fail[0], &errnum, sizeof(errnum))) { |
| 1005 | case 0: break; /* Exec succeeded */ |
| 1006 | case sizeof(errnum): |
| 1007 | waitpid(resultPid, NULL, 0); |
| 1008 | throwIOException(env, errnum, "Exec failed"); |
| 1009 | goto Catch; |
| 1010 | default: |
| 1011 | throwIOException(env, errno, "Read failed"); |
| 1012 | goto Catch; |
| 1013 | } |
| 1014 | |
| 1015 | fds[0] = (in [1] != -1) ? in [1] : -1; |
| 1016 | fds[1] = (out[0] != -1) ? out[0] : -1; |
| 1017 | fds[2] = (err[0] != -1) ? err[0] : -1; |
| 1018 | |
| 1019 | Finally: |
| 1020 | #if START_CHILD_USE_CLONE |
| 1021 | free(c->clone_stack); |
| 1022 | #endif |
| 1023 | |
| 1024 | /* Always clean up the child's side of the pipes */ |
| 1025 | closeSafely(in [0]); |
| 1026 | closeSafely(out[1]); |
| 1027 | closeSafely(err[1]); |
| 1028 | |
| 1029 | /* Always clean up fail descriptors */ |
| 1030 | closeSafely(fail[0]); |
| 1031 | closeSafely(fail[1]); |
| 1032 | |
| 1033 | releaseBytes(env, prog, pprog); |
| 1034 | releaseBytes(env, argBlock, pargBlock); |
| 1035 | releaseBytes(env, envBlock, penvBlock); |
| 1036 | releaseBytes(env, dir, c->pdir); |
| 1037 | |
| 1038 | free(c->argv); |
| 1039 | free(c->envv); |
| 1040 | free(c); |
| 1041 | |
| 1042 | if (fds != NULL) |
| 1043 | (*env)->ReleaseIntArrayElements(env, std_fds, fds, 0); |
| 1044 | |
| 1045 | return resultPid; |
| 1046 | |
| 1047 | Catch: |
| 1048 | /* Clean up the parent's side of the pipes in case of failure only */ |
| 1049 | closeSafely(in [1]); |
| 1050 | closeSafely(out[0]); |
| 1051 | closeSafely(err[0]); |
| 1052 | goto Finally; |
| 1053 | } |
| 1054 | |
| 1055 | JNIEXPORT void JNICALL |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 1056 | UNIXProcess_destroyProcess(JNIEnv *env, jobject junk, jint pid) |
Piotr Jastrzebski | 51b1b69 | 2015-02-16 15:01:09 +0000 | [diff] [blame] | 1057 | { |
| 1058 | kill(pid, SIGTERM); |
| 1059 | } |
Piotr Jastrzebski | de626ec | 2015-05-19 12:16:00 +0100 | [diff] [blame] | 1060 | |
| 1061 | static JNINativeMethod gMethods[] = { |
| 1062 | NATIVE_METHOD(UNIXProcess, destroyProcess, "(I)V"), |
| 1063 | NATIVE_METHOD(UNIXProcess, forkAndExec, "([B[BI[BI[B[IZ)I"), |
| 1064 | NATIVE_METHOD(UNIXProcess, waitForProcessExit, "(I)I"), |
| 1065 | NATIVE_METHOD(UNIXProcess, initIDs, "()V"), |
| 1066 | }; |
| 1067 | |
| 1068 | void register_java_lang_UNIXProcess(JNIEnv* env) { |
| 1069 | jniRegisterNativeMethods(env, "java/lang/UNIXProcess", gMethods, NELEM(gMethods)); |
| 1070 | } |