1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2008 Ed Schouten <ed@FreeBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include "namespace.h" 33 #include <sys/param.h> 34 #include <sys/queue.h> 35 #include <sys/wait.h> 36 37 #include <errno.h> 38 #include <fcntl.h> 39 #include <sched.h> 40 #include <spawn.h> 41 #include <signal.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <unistd.h> 45 #include "un-namespace.h" 46 #include "libc_private.h" 47 48 struct __posix_spawnattr { 49 short sa_flags; 50 pid_t sa_pgroup; 51 struct sched_param sa_schedparam; 52 int sa_schedpolicy; 53 sigset_t sa_sigdefault; 54 sigset_t sa_sigmask; 55 }; 56 57 struct __posix_spawn_file_actions { 58 STAILQ_HEAD(, __posix_spawn_file_actions_entry) fa_list; 59 }; 60 61 typedef struct __posix_spawn_file_actions_entry { 62 STAILQ_ENTRY(__posix_spawn_file_actions_entry) fae_list; 63 enum { 64 FAE_OPEN, 65 FAE_DUP2, 66 FAE_CLOSE, 67 FAE_CHDIR, 68 FAE_FCHDIR, 69 FAE_CLOSEFROM, 70 } fae_action; 71 72 int fae_fildes; 73 union { 74 struct { 75 char *path; 76 #define fae_path fae_data.open.path 77 int oflag; 78 #define fae_oflag fae_data.open.oflag 79 mode_t mode; 80 #define fae_mode fae_data.open.mode 81 } open; 82 struct { 83 int newfildes; 84 #define fae_newfildes fae_data.dup2.newfildes 85 } dup2; 86 } fae_data; 87 } posix_spawn_file_actions_entry_t; 88 89 /* 90 * Spawn routines 91 */ 92 93 static int 94 process_spawnattr(const posix_spawnattr_t sa) 95 { 96 struct sigaction sigact = { .sa_flags = 0, .sa_handler = SIG_DFL }; 97 int i; 98 99 /* 100 * POSIX doesn't really describe in which order everything 101 * should be set. We'll just set them in the order in which they 102 * are mentioned. 103 */ 104 105 /* Set process group */ 106 if (sa->sa_flags & POSIX_SPAWN_SETPGROUP) { 107 if (setpgid(0, sa->sa_pgroup) != 0) 108 return (errno); 109 } 110 111 /* Set scheduler policy */ 112 if (sa->sa_flags & POSIX_SPAWN_SETSCHEDULER) { 113 if (sched_setscheduler(0, sa->sa_schedpolicy, 114 &sa->sa_schedparam) != 0) 115 return (errno); 116 } else if (sa->sa_flags & POSIX_SPAWN_SETSCHEDPARAM) { 117 if (sched_setparam(0, &sa->sa_schedparam) != 0) 118 return (errno); 119 } 120 121 /* Reset user ID's */ 122 if (sa->sa_flags & POSIX_SPAWN_RESETIDS) { 123 if (setegid(getgid()) != 0) 124 return (errno); 125 if (seteuid(getuid()) != 0) 126 return (errno); 127 } 128 129 /* 130 * Set signal masks/defaults. 131 * Use unwrapped syscall, libthr is in undefined state after vfork(). 132 */ 133 if (sa->sa_flags & POSIX_SPAWN_SETSIGMASK) { 134 __sys_sigprocmask(SIG_SETMASK, &sa->sa_sigmask, NULL); 135 } 136 137 if (sa->sa_flags & POSIX_SPAWN_SETSIGDEF) { 138 for (i = 1; i <= _SIG_MAXSIG; i++) { 139 if (sigismember(&sa->sa_sigdefault, i)) 140 if (__sys_sigaction(i, &sigact, NULL) != 0) 141 return (errno); 142 } 143 } 144 145 return (0); 146 } 147 148 static int 149 process_file_actions_entry(posix_spawn_file_actions_entry_t *fae) 150 { 151 int fd, saved_errno; 152 153 switch (fae->fae_action) { 154 case FAE_OPEN: 155 /* Perform an open(), make it use the right fd */ 156 fd = _open(fae->fae_path, fae->fae_oflag, fae->fae_mode); 157 if (fd < 0) 158 return (errno); 159 if (fd != fae->fae_fildes) { 160 if (_dup2(fd, fae->fae_fildes) == -1) { 161 saved_errno = errno; 162 (void)_close(fd); 163 return (saved_errno); 164 } 165 if (_close(fd) != 0) { 166 if (errno == EBADF) 167 return (EBADF); 168 } 169 } 170 if (_fcntl(fae->fae_fildes, F_SETFD, 0) == -1) 171 return (errno); 172 break; 173 case FAE_DUP2: 174 /* Perform a dup2() */ 175 if (_dup2(fae->fae_fildes, fae->fae_newfildes) == -1) 176 return (errno); 177 if (_fcntl(fae->fae_newfildes, F_SETFD, 0) == -1) 178 return (errno); 179 break; 180 case FAE_CLOSE: 181 /* Perform a close(), do not fail if already closed */ 182 (void)_close(fae->fae_fildes); 183 break; 184 case FAE_CHDIR: 185 if (chdir(fae->fae_path) != 0) 186 return (errno); 187 break; 188 case FAE_FCHDIR: 189 if (fchdir(fae->fae_fildes) != 0) 190 return (errno); 191 break; 192 case FAE_CLOSEFROM: 193 closefrom(fae->fae_fildes); 194 break; 195 } 196 return (0); 197 } 198 199 static int 200 process_file_actions(const posix_spawn_file_actions_t fa) 201 { 202 posix_spawn_file_actions_entry_t *fae; 203 int error; 204 205 /* Replay all file descriptor modifications */ 206 STAILQ_FOREACH(fae, &fa->fa_list, fae_list) { 207 error = process_file_actions_entry(fae); 208 if (error) 209 return (error); 210 } 211 return (0); 212 } 213 214 struct posix_spawn_args { 215 const char *path; 216 const posix_spawn_file_actions_t *fa; 217 const posix_spawnattr_t *sa; 218 char * const * argv; 219 char * const * envp; 220 int use_env_path; 221 volatile int error; 222 }; 223 224 #define PSPAWN_STACK_ALIGNMENT 16 225 #define PSPAWN_STACK_ALIGNBYTES (PSPAWN_STACK_ALIGNMENT - 1) 226 #define PSPAWN_STACK_ALIGN(sz) \ 227 (((sz) + PSPAWN_STACK_ALIGNBYTES) & ~PSPAWN_STACK_ALIGNBYTES) 228 229 #if defined(__i386__) || defined(__amd64__) 230 /* 231 * Below we'll assume that _RFORK_THREAD_STACK_SIZE is appropriately aligned for 232 * the posix_spawn() case where we do not end up calling _execvpe and won't ever 233 * try to allocate space on the stack for argv[]. 234 */ 235 #define _RFORK_THREAD_STACK_SIZE 4096 236 _Static_assert((_RFORK_THREAD_STACK_SIZE % PSPAWN_STACK_ALIGNMENT) == 0, 237 "Inappropriate stack size alignment"); 238 #endif 239 240 static int 241 _posix_spawn_thr(void *data) 242 { 243 struct posix_spawn_args *psa; 244 char * const *envp; 245 246 psa = data; 247 if (psa->sa != NULL) { 248 psa->error = process_spawnattr(*psa->sa); 249 if (psa->error) 250 _exit(127); 251 } 252 if (psa->fa != NULL) { 253 psa->error = process_file_actions(*psa->fa); 254 if (psa->error) 255 _exit(127); 256 } 257 envp = psa->envp != NULL ? psa->envp : environ; 258 if (psa->use_env_path) 259 _execvpe(psa->path, psa->argv, envp); 260 else 261 _execve(psa->path, psa->argv, envp); 262 psa->error = errno; 263 264 /* This is called in such a way that it must not exit. */ 265 _exit(127); 266 } 267 268 static int 269 do_posix_spawn(pid_t *pid, const char *path, 270 const posix_spawn_file_actions_t *fa, 271 const posix_spawnattr_t *sa, 272 char * const argv[], char * const envp[], int use_env_path) 273 { 274 struct posix_spawn_args psa; 275 pid_t p; 276 #ifdef _RFORK_THREAD_STACK_SIZE 277 char *stack; 278 size_t cnt, stacksz; 279 280 stacksz = _RFORK_THREAD_STACK_SIZE; 281 if (use_env_path) { 282 /* 283 * We need to make sure we have enough room on the stack for the 284 * potential alloca() in execvPe if it gets kicked back an 285 * ENOEXEC from execve(2), plus the original buffer we gave 286 * ourselves; this protects us in the event that the caller 287 * intentionally or inadvertently supplies enough arguments to 288 * make us blow past the stack we've allocated from it. 289 */ 290 for (cnt = 0; argv[cnt] != NULL; ++cnt) 291 ; 292 stacksz += MAX(3, cnt + 2) * sizeof(char *); 293 stacksz = PSPAWN_STACK_ALIGN(stacksz); 294 } 295 296 /* 297 * aligned_alloc is not safe to use here, because we can't guarantee 298 * that aligned_alloc and free will be provided by the same 299 * implementation. We've actively hit at least one application that 300 * will provide its own malloc/free but not aligned_alloc leading to 301 * a free by the wrong allocator. 302 */ 303 stack = malloc(stacksz); 304 if (stack == NULL) 305 return (ENOMEM); 306 stacksz = (((uintptr_t)stack + stacksz) & ~PSPAWN_STACK_ALIGNBYTES) - 307 (uintptr_t)stack; 308 #endif 309 psa.path = path; 310 psa.fa = fa; 311 psa.sa = sa; 312 psa.argv = argv; 313 psa.envp = envp; 314 psa.use_env_path = use_env_path; 315 psa.error = 0; 316 317 /* 318 * Passing RFSPAWN to rfork(2) gives us effectively a vfork that drops 319 * non-ignored signal handlers. We'll fall back to the slightly less 320 * ideal vfork(2) if we get an EINVAL from rfork -- this should only 321 * happen with newer libc on older kernel that doesn't accept 322 * RFSPAWN. 323 */ 324 #ifdef _RFORK_THREAD_STACK_SIZE 325 /* 326 * x86 stores the return address on the stack, so rfork(2) cannot work 327 * as-is because the child would clobber the return address om the 328 * parent. Because of this, we must use rfork_thread instead while 329 * almost every other arch stores the return address in a register. 330 */ 331 p = rfork_thread(RFSPAWN, stack + stacksz, _posix_spawn_thr, &psa); 332 free(stack); 333 #else 334 p = rfork(RFSPAWN); 335 if (p == 0) 336 /* _posix_spawn_thr does not return */ 337 _posix_spawn_thr(&psa); 338 #endif 339 /* 340 * The above block should leave us in a state where we've either 341 * succeeded and we're ready to process the results, or we need to 342 * fallback to vfork() if the kernel didn't like RFSPAWN. 343 */ 344 345 if (p == -1 && errno == EINVAL) { 346 p = vfork(); 347 if (p == 0) 348 /* _posix_spawn_thr does not return */ 349 _posix_spawn_thr(&psa); 350 } 351 if (p == -1) 352 return (errno); 353 if (psa.error != 0) 354 /* Failed; ready to reap */ 355 _waitpid(p, NULL, WNOHANG); 356 else if (pid != NULL) 357 /* exec succeeded */ 358 *pid = p; 359 return (psa.error); 360 } 361 362 int 363 posix_spawn(pid_t *pid, const char *path, 364 const posix_spawn_file_actions_t *fa, 365 const posix_spawnattr_t *sa, 366 char * const argv[], char * const envp[]) 367 { 368 return (do_posix_spawn(pid, path, fa, sa, argv, envp, 0)); 369 } 370 371 int 372 posix_spawnp(pid_t *pid, const char *path, 373 const posix_spawn_file_actions_t *fa, 374 const posix_spawnattr_t *sa, 375 char * const argv[], char * const envp[]) 376 { 377 return (do_posix_spawn(pid, path, fa, sa, argv, envp, 1)); 378 } 379 380 /* 381 * File descriptor actions 382 */ 383 384 int 385 posix_spawn_file_actions_init(posix_spawn_file_actions_t *ret) 386 { 387 posix_spawn_file_actions_t fa; 388 389 fa = malloc(sizeof(struct __posix_spawn_file_actions)); 390 if (fa == NULL) 391 return (-1); 392 393 STAILQ_INIT(&fa->fa_list); 394 *ret = fa; 395 return (0); 396 } 397 398 int 399 posix_spawn_file_actions_destroy(posix_spawn_file_actions_t *fa) 400 { 401 posix_spawn_file_actions_entry_t *fae; 402 403 while ((fae = STAILQ_FIRST(&(*fa)->fa_list)) != NULL) { 404 /* Remove file action entry from the queue */ 405 STAILQ_REMOVE_HEAD(&(*fa)->fa_list, fae_list); 406 407 /* Deallocate file action entry */ 408 if (fae->fae_action == FAE_OPEN || 409 fae->fae_action == FAE_CHDIR) 410 free(fae->fae_path); 411 free(fae); 412 } 413 414 free(*fa); 415 return (0); 416 } 417 418 int 419 posix_spawn_file_actions_addopen(posix_spawn_file_actions_t * __restrict fa, 420 int fildes, const char * __restrict path, int oflag, mode_t mode) 421 { 422 posix_spawn_file_actions_entry_t *fae; 423 int error; 424 425 if (fildes < 0) 426 return (EBADF); 427 428 /* Allocate object */ 429 fae = malloc(sizeof(posix_spawn_file_actions_entry_t)); 430 if (fae == NULL) 431 return (errno); 432 433 /* Set values and store in queue */ 434 fae->fae_action = FAE_OPEN; 435 fae->fae_path = strdup(path); 436 if (fae->fae_path == NULL) { 437 error = errno; 438 free(fae); 439 return (error); 440 } 441 fae->fae_fildes = fildes; 442 fae->fae_oflag = oflag; 443 fae->fae_mode = mode; 444 445 STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); 446 return (0); 447 } 448 449 int 450 posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t *fa, 451 int fildes, int newfildes) 452 { 453 posix_spawn_file_actions_entry_t *fae; 454 455 if (fildes < 0 || newfildes < 0) 456 return (EBADF); 457 458 /* Allocate object */ 459 fae = malloc(sizeof(posix_spawn_file_actions_entry_t)); 460 if (fae == NULL) 461 return (errno); 462 463 /* Set values and store in queue */ 464 fae->fae_action = FAE_DUP2; 465 fae->fae_fildes = fildes; 466 fae->fae_newfildes = newfildes; 467 468 STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); 469 return (0); 470 } 471 472 int 473 posix_spawn_file_actions_addclose(posix_spawn_file_actions_t *fa, 474 int fildes) 475 { 476 posix_spawn_file_actions_entry_t *fae; 477 478 if (fildes < 0) 479 return (EBADF); 480 481 /* Allocate object */ 482 fae = malloc(sizeof(posix_spawn_file_actions_entry_t)); 483 if (fae == NULL) 484 return (errno); 485 486 /* Set values and store in queue */ 487 fae->fae_action = FAE_CLOSE; 488 fae->fae_fildes = fildes; 489 490 STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); 491 return (0); 492 } 493 494 int 495 posix_spawn_file_actions_addchdir_np(posix_spawn_file_actions_t * 496 __restrict fa, const char *__restrict path) 497 { 498 posix_spawn_file_actions_entry_t *fae; 499 int error; 500 501 fae = malloc(sizeof(posix_spawn_file_actions_entry_t)); 502 if (fae == NULL) 503 return (errno); 504 505 fae->fae_action = FAE_CHDIR; 506 fae->fae_path = strdup(path); 507 if (fae->fae_path == NULL) { 508 error = errno; 509 free(fae); 510 return (error); 511 } 512 513 STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); 514 return (0); 515 } 516 517 int 518 posix_spawn_file_actions_addfchdir_np(posix_spawn_file_actions_t *__restrict fa, 519 int fildes) 520 { 521 posix_spawn_file_actions_entry_t *fae; 522 523 if (fildes < 0) 524 return (EBADF); 525 526 /* Allocate object */ 527 fae = malloc(sizeof(posix_spawn_file_actions_entry_t)); 528 if (fae == NULL) 529 return (errno); 530 531 fae->fae_action = FAE_FCHDIR; 532 fae->fae_fildes = fildes; 533 534 STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); 535 return (0); 536 } 537 538 int 539 posix_spawn_file_actions_addclosefrom_np (posix_spawn_file_actions_t * 540 __restrict fa, int from) 541 { 542 posix_spawn_file_actions_entry_t *fae; 543 544 if (from < 0) 545 return (EBADF); 546 547 /* Allocate object */ 548 fae = malloc(sizeof(posix_spawn_file_actions_entry_t)); 549 if (fae == NULL) 550 return (errno); 551 552 fae->fae_action = FAE_CLOSEFROM; 553 fae->fae_fildes = from; 554 555 STAILQ_INSERT_TAIL(&(*fa)->fa_list, fae, fae_list); 556 return (0); 557 } 558 559 /* 560 * Spawn attributes 561 */ 562 563 int 564 posix_spawnattr_init(posix_spawnattr_t *ret) 565 { 566 posix_spawnattr_t sa; 567 568 sa = calloc(1, sizeof(struct __posix_spawnattr)); 569 if (sa == NULL) 570 return (errno); 571 572 /* Set defaults as specified by POSIX, cleared above */ 573 *ret = sa; 574 return (0); 575 } 576 577 int 578 posix_spawnattr_destroy(posix_spawnattr_t *sa) 579 { 580 free(*sa); 581 return (0); 582 } 583 584 int 585 posix_spawnattr_getflags(const posix_spawnattr_t * __restrict sa, 586 short * __restrict flags) 587 { 588 *flags = (*sa)->sa_flags; 589 return (0); 590 } 591 592 int 593 posix_spawnattr_getpgroup(const posix_spawnattr_t * __restrict sa, 594 pid_t * __restrict pgroup) 595 { 596 *pgroup = (*sa)->sa_pgroup; 597 return (0); 598 } 599 600 int 601 posix_spawnattr_getschedparam(const posix_spawnattr_t * __restrict sa, 602 struct sched_param * __restrict schedparam) 603 { 604 *schedparam = (*sa)->sa_schedparam; 605 return (0); 606 } 607 608 int 609 posix_spawnattr_getschedpolicy(const posix_spawnattr_t * __restrict sa, 610 int * __restrict schedpolicy) 611 { 612 *schedpolicy = (*sa)->sa_schedpolicy; 613 return (0); 614 } 615 616 int 617 posix_spawnattr_getsigdefault(const posix_spawnattr_t * __restrict sa, 618 sigset_t * __restrict sigdefault) 619 { 620 *sigdefault = (*sa)->sa_sigdefault; 621 return (0); 622 } 623 624 int 625 posix_spawnattr_getsigmask(const posix_spawnattr_t * __restrict sa, 626 sigset_t * __restrict sigmask) 627 { 628 *sigmask = (*sa)->sa_sigmask; 629 return (0); 630 } 631 632 int 633 posix_spawnattr_setflags(posix_spawnattr_t *sa, short flags) 634 { 635 (*sa)->sa_flags = flags; 636 return (0); 637 } 638 639 int 640 posix_spawnattr_setpgroup(posix_spawnattr_t *sa, pid_t pgroup) 641 { 642 (*sa)->sa_pgroup = pgroup; 643 return (0); 644 } 645 646 int 647 posix_spawnattr_setschedparam(posix_spawnattr_t * __restrict sa, 648 const struct sched_param * __restrict schedparam) 649 { 650 (*sa)->sa_schedparam = *schedparam; 651 return (0); 652 } 653 654 int 655 posix_spawnattr_setschedpolicy(posix_spawnattr_t *sa, int schedpolicy) 656 { 657 (*sa)->sa_schedpolicy = schedpolicy; 658 return (0); 659 } 660 661 int 662 posix_spawnattr_setsigdefault(posix_spawnattr_t * __restrict sa, 663 const sigset_t * __restrict sigdefault) 664 { 665 (*sa)->sa_sigdefault = *sigdefault; 666 return (0); 667 } 668 669 int 670 posix_spawnattr_setsigmask(posix_spawnattr_t * __restrict sa, 671 const sigset_t * __restrict sigmask) 672 { 673 (*sa)->sa_sigmask = *sigmask; 674 return (0); 675 } 676