Commit Graph

23 Commits

Author SHA1 Message Date
Jilles Tjoelker
02804449a2 popen(): Try to prevent inappropriate fd passing even if 'e' is not used.
Even though not all race conditions can be fixed if the 'e' option is not
used, still fix some race conditions using pipe2():

* Prevent both ends of the pipe from leaking to a concurrent popen().

* Prevent the child process's end of the pipe from leaking to any concurrent
  fork and exec.

This change also simplifies the code.
2013-10-20 20:50:17 +00:00
Jilles Tjoelker
e9dec7758d popen(): Add 'e' mode character to set close-on-exec on the new fd.
If 'e' is used, the kernel must support the recently added pipe2() system
call.

The use of pipe2() with O_CLOEXEC also fixes race conditions between
concurrent popen() calls from different threads, even if the close-on-exec
flag on the fd of the returned FILE is later cleared (because popen() closes
all file descriptors from earlier popen() calls in the child process).
Therefore, this approach should be used in all cases when pipe2() can be
assumed present.

The old version of popen() rejects "re" and "we" but treats "r+e" like "r+".
2013-05-20 17:31:18 +00:00
Ed Schouten
3d98b75bac Rename the queue macros I introduced last year.
Last year I added SLIST_REMOVE_NEXT and STAILQ_REMOVE_NEXT, to remove
entries behind an element in the list, using O(1) time. I recently
discovered NetBSD also has a similar macro, called SLIST_REMOVE_AFTER.
In my opinion this approach is a lot better:

- It doesn't have the unused first argument of the list pointer. I added
  this, mainly because OpenBSD also had it.

- The _AFTER suffix makes a lot more sense, because it is related to
  SLIST_INSERT_AFTER. _NEXT is only used to iterate through the list.

The reason why I want to rename this now, is to make sure we don't
release a major version with the badly named macros.
2009-05-27 19:28:04 +00:00
Ed Schouten
7e7f7ca3c6 Convert popen()'s `pidlist' to a SLIST, for consistency.
I guess the original author of the popen() code didn't want to use our
<sys/queue.h> macro's, because the single linked list macro's didn't
offer O(1) deletion. Because I introduced SLIST_REMOVE_NEXT() some time
ago, we can now use the macro's here.

By converting the code to an SLIST, it is more consistent with other
parts of the C library and the operating system.

Reviewed by:	csjp
Approved by:	philip (mentor, implicit)
2008-07-29 16:29:59 +00:00
Warner Losh
c879ae3536 Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.
2007-01-09 00:28:16 +00:00
Tim J. Robbins
a97ab40a26 Remove unused variable: omask. 2003-01-04 00:15:15 +00:00
Tim J. Robbins
77e2381a3e Protect pidlist with a mutex to avoid a race causing a duplicate free()
when the same pipe FILE is pclosed()'d in different threads, and to avoid
corrupting the linked list when adding or removing items. The symptoms of
the linked list getting corrupted were pclose() either not finding the pipe
on the list, or the list becoming circular and pclose() looping infinitely.
2003-01-03 04:35:04 +00:00
David E. O'Brien
22626efa0f * Remove 'register'. (some functions had 7+ register functions...)
* Fix SCM ID's.
2002-02-01 01:08:48 +00:00
Daniel Eischen
d201fe46e3 Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions.  If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
	__sys_foo - actual system call
	_foo - weak definition to __sys_foo
	foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo.  In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde).  All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes.  <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h  namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE.  We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by:	-arch
2001-01-24 13:01:12 +00:00
Jason Evans
9233c4d942 Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo().  In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate.  In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by:	deischen
2000-01-27 23:07:25 +00:00
Jason Evans
929273386f Add three-tier symbol naming in support of POSIX thread cancellation
points.  For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep().  The arrows represent weak aliases.  For
system calls, the pattern is _read() <-- _libc_read() <-- read().
2000-01-12 09:23:48 +00:00
Mike Smith
26c51fb453 Conform to POSIX and close any copies of popen() descriptors inherited by a
popen()ed child.

PR:		misc/7810
Submitted by:	Wayne Scott <wscott@ichips.intel.com>
1998-10-15 01:47:40 +00:00
Peter Wemm
0c372549f6 Avoid the need for calling functions that malloc after a vfork(). 1998-10-11 14:11:51 +00:00
Bruce Evans
0890dc6f44 vfork -> fork. The child calls execl() which calls malloc(), so
vfork() can't be used.  We could use alloca() in execl() so that
it can be called between vfork() and execve(), but a "portable"
popen() shouldn't depend on this.  Calling execle() instead of
execl() should be fairly safe, since execle() is supposed to be
callable from signal handlers and signal handlers can't call
malloc().  However, execle() is broken.
1998-10-10 19:30:45 +00:00
Bruce Evans
2b9ac168ec FIxed the cleanup. I forgot to leave stdin alone in the usual (!twoway)
case.
1997-04-22 09:44:06 +00:00
John Dyson
5ae9116a7d Clean-up my modification of popen.c for vfork. Bruce's (this) is better.
Submitted by:	Bruce Evans <bde@freebsd.org>
1997-04-20 20:17:04 +00:00
John Dyson
1174d9f9df Fix the problem in popen that makes correct vfork semantics fail.
Specifically, popen modifies a variable "pdes[1]" in the child
in such a way that it breaks code in the parent (due to the address
space sharing.)
1997-04-16 03:26:50 +00:00
Bruce Evans
035e5608d5 Fixed cleaning up after malloc failure, which was broken by Lite2.
We don't use socketpair(), so don't #include <sys/socket.h>.

Restored some gcc-quieting parentheses that were lost in the Lite2 merge.
1997-03-11 18:51:43 +00:00
Peter Wemm
adf6ad9e69 Merge from Lite2:
filesystem include updates, duplicate group suppression, cleanups,
  filesystem whiteout support (unionfs), bidir popen().
1997-03-11 11:52:33 +00:00
Jordan K. Hubbard
51295a4d3e General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 18:57:58 +00:00
Jeffrey Hsu
e78bad2371 Don't cast void functions to void.
Obtained from: NetBSD commit by jtc on June 16, 1995.
1995-06-20 18:31:16 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Rodney W. Grimes
58f0484fa2 BSD 4.4 Lite Lib Sources 1994-05-27 05:00:24 +00:00