run-command: dup_devnull(): guard against syscalls failing
[git/gitweb.git] / run-command.c
blobafc573ed41061f7c704209de2d229e7a6a900165
1 #include "cache.h"
2 #include "run-command.h"
3 #include "exec_cmd.h"
4 #include "sigchain.h"
5 #include "argv-array.h"
7 #ifndef SHELL_PATH
8 # define SHELL_PATH "/bin/sh"
9 #endif
11 struct child_to_clean {
12 pid_t pid;
13 struct child_to_clean *next;
15 static struct child_to_clean *children_to_clean;
16 static int installed_child_cleanup_handler;
18 static void cleanup_children(int sig)
20 while (children_to_clean) {
21 struct child_to_clean *p = children_to_clean;
22 children_to_clean = p->next;
23 kill(p->pid, sig);
24 free(p);
28 static void cleanup_children_on_signal(int sig)
30 cleanup_children(sig);
31 sigchain_pop(sig);
32 raise(sig);
35 static void cleanup_children_on_exit(void)
37 cleanup_children(SIGTERM);
40 static void mark_child_for_cleanup(pid_t pid)
42 struct child_to_clean *p = xmalloc(sizeof(*p));
43 p->pid = pid;
44 p->next = children_to_clean;
45 children_to_clean = p;
47 if (!installed_child_cleanup_handler) {
48 atexit(cleanup_children_on_exit);
49 sigchain_push_common(cleanup_children_on_signal);
50 installed_child_cleanup_handler = 1;
54 static void clear_child_for_cleanup(pid_t pid)
56 struct child_to_clean **pp;
58 for (pp = &children_to_clean; *pp; pp = &(*pp)->next) {
59 struct child_to_clean *clean_me = *pp;
61 if (clean_me->pid == pid) {
62 *pp = clean_me->next;
63 free(clean_me);
64 return;
69 static inline void close_pair(int fd[2])
71 close(fd[0]);
72 close(fd[1]);
75 #ifndef WIN32
76 static inline void dup_devnull(int to)
78 int fd = open("/dev/null", O_RDWR);
79 if (fd < 0)
80 die_errno(_("open /dev/null failed"));
81 if (dup2(fd, to) < 0)
82 die_errno(_("dup2(%d,%d) failed"), fd, to);
83 close(fd);
85 #endif
87 static char *locate_in_PATH(const char *file)
89 const char *p = getenv("PATH");
90 struct strbuf buf = STRBUF_INIT;
92 if (!p || !*p)
93 return NULL;
95 while (1) {
96 const char *end = strchrnul(p, ':');
98 strbuf_reset(&buf);
100 /* POSIX specifies an empty entry as the current directory. */
101 if (end != p) {
102 strbuf_add(&buf, p, end - p);
103 strbuf_addch(&buf, '/');
105 strbuf_addstr(&buf, file);
107 if (!access(buf.buf, F_OK))
108 return strbuf_detach(&buf, NULL);
110 if (!*end)
111 break;
112 p = end + 1;
115 strbuf_release(&buf);
116 return NULL;
119 static int exists_in_PATH(const char *file)
121 char *r = locate_in_PATH(file);
122 free(r);
123 return r != NULL;
126 int sane_execvp(const char *file, char * const argv[])
128 if (!execvp(file, argv))
129 return 0; /* cannot happen ;-) */
132 * When a command can't be found because one of the directories
133 * listed in $PATH is unsearchable, execvp reports EACCES, but
134 * careful usability testing (read: analysis of occasional bug
135 * reports) reveals that "No such file or directory" is more
136 * intuitive.
138 * We avoid commands with "/", because execvp will not do $PATH
139 * lookups in that case.
141 * The reassignment of EACCES to errno looks like a no-op below,
142 * but we need to protect against exists_in_PATH overwriting errno.
144 if (errno == EACCES && !strchr(file, '/'))
145 errno = exists_in_PATH(file) ? EACCES : ENOENT;
146 else if (errno == ENOTDIR && !strchr(file, '/'))
147 errno = ENOENT;
148 return -1;
151 static const char **prepare_shell_cmd(const char **argv)
153 int argc, nargc = 0;
154 const char **nargv;
156 for (argc = 0; argv[argc]; argc++)
157 ; /* just counting */
158 /* +1 for NULL, +3 for "sh -c" plus extra $0 */
159 nargv = xmalloc(sizeof(*nargv) * (argc + 1 + 3));
161 if (argc < 1)
162 die("BUG: shell command is empty");
164 if (strcspn(argv[0], "|&;<>()$`\\\"' \t\n*?[#~=%") != strlen(argv[0])) {
165 #ifndef WIN32
166 nargv[nargc++] = SHELL_PATH;
167 #else
168 nargv[nargc++] = "sh";
169 #endif
170 nargv[nargc++] = "-c";
172 if (argc < 2)
173 nargv[nargc++] = argv[0];
174 else {
175 struct strbuf arg0 = STRBUF_INIT;
176 strbuf_addf(&arg0, "%s \"$@\"", argv[0]);
177 nargv[nargc++] = strbuf_detach(&arg0, NULL);
181 for (argc = 0; argv[argc]; argc++)
182 nargv[nargc++] = argv[argc];
183 nargv[nargc] = NULL;
185 return nargv;
188 #ifndef WIN32
189 static int execv_shell_cmd(const char **argv)
191 const char **nargv = prepare_shell_cmd(argv);
192 trace_argv_printf(nargv, "trace: exec:");
193 sane_execvp(nargv[0], (char **)nargv);
194 free(nargv);
195 return -1;
197 #endif
199 #ifndef WIN32
200 static int child_err = 2;
201 static int child_notifier = -1;
203 static void notify_parent(void)
206 * execvp failed. If possible, we'd like to let start_command
207 * know, so failures like ENOENT can be handled right away; but
208 * otherwise, finish_command will still report the error.
210 xwrite(child_notifier, "", 1);
213 static NORETURN void die_child(const char *err, va_list params)
215 vwritef(child_err, "fatal: ", err, params);
216 exit(128);
219 static void error_child(const char *err, va_list params)
221 vwritef(child_err, "error: ", err, params);
223 #endif
225 static inline void set_cloexec(int fd)
227 int flags = fcntl(fd, F_GETFD);
228 if (flags >= 0)
229 fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
232 static int wait_or_whine(pid_t pid, const char *argv0)
234 int status, code = -1;
235 pid_t waiting;
236 int failed_errno = 0;
238 while ((waiting = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
239 ; /* nothing */
241 if (waiting < 0) {
242 failed_errno = errno;
243 error("waitpid for %s failed: %s", argv0, strerror(errno));
244 } else if (waiting != pid) {
245 error("waitpid is confused (%s)", argv0);
246 } else if (WIFSIGNALED(status)) {
247 code = WTERMSIG(status);
248 if (code != SIGINT && code != SIGQUIT)
249 error("%s died of signal %d", argv0, code);
251 * This return value is chosen so that code & 0xff
252 * mimics the exit code that a POSIX shell would report for
253 * a program that died from this signal.
255 code += 128;
256 } else if (WIFEXITED(status)) {
257 code = WEXITSTATUS(status);
259 * Convert special exit code when execvp failed.
261 if (code == 127) {
262 code = -1;
263 failed_errno = ENOENT;
265 } else {
266 error("waitpid is confused (%s)", argv0);
269 clear_child_for_cleanup(pid);
271 errno = failed_errno;
272 return code;
275 int start_command(struct child_process *cmd)
277 int need_in, need_out, need_err;
278 int fdin[2], fdout[2], fderr[2];
279 int failed_errno = failed_errno;
282 * In case of errors we must keep the promise to close FDs
283 * that have been passed in via ->in and ->out.
286 need_in = !cmd->no_stdin && cmd->in < 0;
287 if (need_in) {
288 if (pipe(fdin) < 0) {
289 failed_errno = errno;
290 if (cmd->out > 0)
291 close(cmd->out);
292 goto fail_pipe;
294 cmd->in = fdin[1];
297 need_out = !cmd->no_stdout
298 && !cmd->stdout_to_stderr
299 && cmd->out < 0;
300 if (need_out) {
301 if (pipe(fdout) < 0) {
302 failed_errno = errno;
303 if (need_in)
304 close_pair(fdin);
305 else if (cmd->in)
306 close(cmd->in);
307 goto fail_pipe;
309 cmd->out = fdout[0];
312 need_err = !cmd->no_stderr && cmd->err < 0;
313 if (need_err) {
314 if (pipe(fderr) < 0) {
315 failed_errno = errno;
316 if (need_in)
317 close_pair(fdin);
318 else if (cmd->in)
319 close(cmd->in);
320 if (need_out)
321 close_pair(fdout);
322 else if (cmd->out)
323 close(cmd->out);
324 fail_pipe:
325 error("cannot create pipe for %s: %s",
326 cmd->argv[0], strerror(failed_errno));
327 errno = failed_errno;
328 return -1;
330 cmd->err = fderr[0];
333 trace_argv_printf(cmd->argv, "trace: run_command:");
334 fflush(NULL);
336 #ifndef WIN32
338 int notify_pipe[2];
339 if (pipe(notify_pipe))
340 notify_pipe[0] = notify_pipe[1] = -1;
342 cmd->pid = fork();
343 if (!cmd->pid) {
345 * Redirect the channel to write syscall error messages to
346 * before redirecting the process's stderr so that all die()
347 * in subsequent call paths use the parent's stderr.
349 if (cmd->no_stderr || need_err) {
350 child_err = dup(2);
351 set_cloexec(child_err);
353 set_die_routine(die_child);
354 set_error_routine(error_child);
356 close(notify_pipe[0]);
357 set_cloexec(notify_pipe[1]);
358 child_notifier = notify_pipe[1];
359 atexit(notify_parent);
361 if (cmd->no_stdin)
362 dup_devnull(0);
363 else if (need_in) {
364 dup2(fdin[0], 0);
365 close_pair(fdin);
366 } else if (cmd->in) {
367 dup2(cmd->in, 0);
368 close(cmd->in);
371 if (cmd->no_stderr)
372 dup_devnull(2);
373 else if (need_err) {
374 dup2(fderr[1], 2);
375 close_pair(fderr);
376 } else if (cmd->err > 1) {
377 dup2(cmd->err, 2);
378 close(cmd->err);
381 if (cmd->no_stdout)
382 dup_devnull(1);
383 else if (cmd->stdout_to_stderr)
384 dup2(2, 1);
385 else if (need_out) {
386 dup2(fdout[1], 1);
387 close_pair(fdout);
388 } else if (cmd->out > 1) {
389 dup2(cmd->out, 1);
390 close(cmd->out);
393 if (cmd->dir && chdir(cmd->dir))
394 die_errno("exec '%s': cd to '%s' failed", cmd->argv[0],
395 cmd->dir);
396 if (cmd->env) {
397 for (; *cmd->env; cmd->env++) {
398 if (strchr(*cmd->env, '='))
399 putenv((char *)*cmd->env);
400 else
401 unsetenv(*cmd->env);
404 if (cmd->git_cmd) {
405 execv_git_cmd(cmd->argv);
406 } else if (cmd->use_shell) {
407 execv_shell_cmd(cmd->argv);
408 } else {
409 sane_execvp(cmd->argv[0], (char *const*) cmd->argv);
411 if (errno == ENOENT) {
412 if (!cmd->silent_exec_failure)
413 error("cannot run %s: %s", cmd->argv[0],
414 strerror(ENOENT));
415 exit(127);
416 } else {
417 die_errno("cannot exec '%s'", cmd->argv[0]);
420 if (cmd->pid < 0)
421 error("cannot fork() for %s: %s", cmd->argv[0],
422 strerror(failed_errno = errno));
423 else if (cmd->clean_on_exit)
424 mark_child_for_cleanup(cmd->pid);
427 * Wait for child's execvp. If the execvp succeeds (or if fork()
428 * failed), EOF is seen immediately by the parent. Otherwise, the
429 * child process sends a single byte.
430 * Note that use of this infrastructure is completely advisory,
431 * therefore, we keep error checks minimal.
433 close(notify_pipe[1]);
434 if (read(notify_pipe[0], &notify_pipe[1], 1) == 1) {
436 * At this point we know that fork() succeeded, but execvp()
437 * failed. Errors have been reported to our stderr.
439 wait_or_whine(cmd->pid, cmd->argv[0]);
440 failed_errno = errno;
441 cmd->pid = -1;
443 close(notify_pipe[0]);
446 #else
448 int fhin = 0, fhout = 1, fherr = 2;
449 const char **sargv = cmd->argv;
450 char **env = environ;
452 if (cmd->no_stdin)
453 fhin = open("/dev/null", O_RDWR);
454 else if (need_in)
455 fhin = dup(fdin[0]);
456 else if (cmd->in)
457 fhin = dup(cmd->in);
459 if (cmd->no_stderr)
460 fherr = open("/dev/null", O_RDWR);
461 else if (need_err)
462 fherr = dup(fderr[1]);
463 else if (cmd->err > 2)
464 fherr = dup(cmd->err);
466 if (cmd->no_stdout)
467 fhout = open("/dev/null", O_RDWR);
468 else if (cmd->stdout_to_stderr)
469 fhout = dup(fherr);
470 else if (need_out)
471 fhout = dup(fdout[1]);
472 else if (cmd->out > 1)
473 fhout = dup(cmd->out);
475 if (cmd->env)
476 env = make_augmented_environ(cmd->env);
478 if (cmd->git_cmd) {
479 cmd->argv = prepare_git_cmd(cmd->argv);
480 } else if (cmd->use_shell) {
481 cmd->argv = prepare_shell_cmd(cmd->argv);
484 cmd->pid = mingw_spawnvpe(cmd->argv[0], cmd->argv, env, cmd->dir,
485 fhin, fhout, fherr);
486 failed_errno = errno;
487 if (cmd->pid < 0 && (!cmd->silent_exec_failure || errno != ENOENT))
488 error("cannot spawn %s: %s", cmd->argv[0], strerror(errno));
489 if (cmd->clean_on_exit && cmd->pid >= 0)
490 mark_child_for_cleanup(cmd->pid);
492 if (cmd->env)
493 free_environ(env);
494 if (cmd->git_cmd)
495 free(cmd->argv);
497 cmd->argv = sargv;
498 if (fhin != 0)
499 close(fhin);
500 if (fhout != 1)
501 close(fhout);
502 if (fherr != 2)
503 close(fherr);
505 #endif
507 if (cmd->pid < 0) {
508 if (need_in)
509 close_pair(fdin);
510 else if (cmd->in)
511 close(cmd->in);
512 if (need_out)
513 close_pair(fdout);
514 else if (cmd->out)
515 close(cmd->out);
516 if (need_err)
517 close_pair(fderr);
518 else if (cmd->err)
519 close(cmd->err);
520 errno = failed_errno;
521 return -1;
524 if (need_in)
525 close(fdin[0]);
526 else if (cmd->in)
527 close(cmd->in);
529 if (need_out)
530 close(fdout[1]);
531 else if (cmd->out)
532 close(cmd->out);
534 if (need_err)
535 close(fderr[1]);
536 else if (cmd->err)
537 close(cmd->err);
539 return 0;
542 int finish_command(struct child_process *cmd)
544 return wait_or_whine(cmd->pid, cmd->argv[0]);
547 int run_command(struct child_process *cmd)
549 int code = start_command(cmd);
550 if (code)
551 return code;
552 return finish_command(cmd);
555 static void prepare_run_command_v_opt(struct child_process *cmd,
556 const char **argv,
557 int opt)
559 memset(cmd, 0, sizeof(*cmd));
560 cmd->argv = argv;
561 cmd->no_stdin = opt & RUN_COMMAND_NO_STDIN ? 1 : 0;
562 cmd->git_cmd = opt & RUN_GIT_CMD ? 1 : 0;
563 cmd->stdout_to_stderr = opt & RUN_COMMAND_STDOUT_TO_STDERR ? 1 : 0;
564 cmd->silent_exec_failure = opt & RUN_SILENT_EXEC_FAILURE ? 1 : 0;
565 cmd->use_shell = opt & RUN_USING_SHELL ? 1 : 0;
566 cmd->clean_on_exit = opt & RUN_CLEAN_ON_EXIT ? 1 : 0;
569 int run_command_v_opt(const char **argv, int opt)
571 struct child_process cmd;
572 prepare_run_command_v_opt(&cmd, argv, opt);
573 return run_command(&cmd);
576 int run_command_v_opt_cd_env(const char **argv, int opt, const char *dir, const char *const *env)
578 struct child_process cmd;
579 prepare_run_command_v_opt(&cmd, argv, opt);
580 cmd.dir = dir;
581 cmd.env = env;
582 return run_command(&cmd);
585 #ifndef NO_PTHREADS
586 static pthread_t main_thread;
587 static int main_thread_set;
588 static pthread_key_t async_key;
590 static void *run_thread(void *data)
592 struct async *async = data;
593 intptr_t ret;
595 pthread_setspecific(async_key, async);
596 ret = async->proc(async->proc_in, async->proc_out, async->data);
597 return (void *)ret;
600 static NORETURN void die_async(const char *err, va_list params)
602 vreportf("fatal: ", err, params);
604 if (!pthread_equal(main_thread, pthread_self())) {
605 struct async *async = pthread_getspecific(async_key);
606 if (async->proc_in >= 0)
607 close(async->proc_in);
608 if (async->proc_out >= 0)
609 close(async->proc_out);
610 pthread_exit((void *)128);
613 exit(128);
615 #endif
617 int start_async(struct async *async)
619 int need_in, need_out;
620 int fdin[2], fdout[2];
621 int proc_in, proc_out;
623 need_in = async->in < 0;
624 if (need_in) {
625 if (pipe(fdin) < 0) {
626 if (async->out > 0)
627 close(async->out);
628 return error("cannot create pipe: %s", strerror(errno));
630 async->in = fdin[1];
633 need_out = async->out < 0;
634 if (need_out) {
635 if (pipe(fdout) < 0) {
636 if (need_in)
637 close_pair(fdin);
638 else if (async->in)
639 close(async->in);
640 return error("cannot create pipe: %s", strerror(errno));
642 async->out = fdout[0];
645 if (need_in)
646 proc_in = fdin[0];
647 else if (async->in)
648 proc_in = async->in;
649 else
650 proc_in = -1;
652 if (need_out)
653 proc_out = fdout[1];
654 else if (async->out)
655 proc_out = async->out;
656 else
657 proc_out = -1;
659 #ifdef NO_PTHREADS
660 /* Flush stdio before fork() to avoid cloning buffers */
661 fflush(NULL);
663 async->pid = fork();
664 if (async->pid < 0) {
665 error("fork (async) failed: %s", strerror(errno));
666 goto error;
668 if (!async->pid) {
669 if (need_in)
670 close(fdin[1]);
671 if (need_out)
672 close(fdout[0]);
673 exit(!!async->proc(proc_in, proc_out, async->data));
676 mark_child_for_cleanup(async->pid);
678 if (need_in)
679 close(fdin[0]);
680 else if (async->in)
681 close(async->in);
683 if (need_out)
684 close(fdout[1]);
685 else if (async->out)
686 close(async->out);
687 #else
688 if (!main_thread_set) {
690 * We assume that the first time that start_async is called
691 * it is from the main thread.
693 main_thread_set = 1;
694 main_thread = pthread_self();
695 pthread_key_create(&async_key, NULL);
696 set_die_routine(die_async);
699 if (proc_in >= 0)
700 set_cloexec(proc_in);
701 if (proc_out >= 0)
702 set_cloexec(proc_out);
703 async->proc_in = proc_in;
704 async->proc_out = proc_out;
706 int err = pthread_create(&async->tid, NULL, run_thread, async);
707 if (err) {
708 error("cannot create thread: %s", strerror(err));
709 goto error;
712 #endif
713 return 0;
715 error:
716 if (need_in)
717 close_pair(fdin);
718 else if (async->in)
719 close(async->in);
721 if (need_out)
722 close_pair(fdout);
723 else if (async->out)
724 close(async->out);
725 return -1;
728 int finish_async(struct async *async)
730 #ifdef NO_PTHREADS
731 return wait_or_whine(async->pid, "child process");
732 #else
733 void *ret = (void *)(intptr_t)(-1);
735 if (pthread_join(async->tid, &ret))
736 error("pthread_join failed");
737 return (int)(intptr_t)ret;
738 #endif
741 int run_hook(const char *index_file, const char *name, ...)
743 struct child_process hook;
744 struct argv_array argv = ARGV_ARRAY_INIT;
745 const char *p, *env[2];
746 char index[PATH_MAX];
747 va_list args;
748 int ret;
750 if (access(git_path("hooks/%s", name), X_OK) < 0)
751 return 0;
753 va_start(args, name);
754 argv_array_push(&argv, git_path("hooks/%s", name));
755 while ((p = va_arg(args, const char *)))
756 argv_array_push(&argv, p);
757 va_end(args);
759 memset(&hook, 0, sizeof(hook));
760 hook.argv = argv.argv;
761 hook.no_stdin = 1;
762 hook.stdout_to_stderr = 1;
763 if (index_file) {
764 snprintf(index, sizeof(index), "GIT_INDEX_FILE=%s", index_file);
765 env[0] = index;
766 env[1] = NULL;
767 hook.env = env;
770 ret = run_command(&hook);
771 argv_array_clear(&argv);
772 return ret;