Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix osproc so that it doesn't close pipe/process/thread handles twice #16385

Merged
merged 2 commits into from
Dec 18, 2020

Conversation

demotomohiro
Copy link
Contributor

I added error check code to closeHandle call used to implement osproc procedures for windows.
And I got invalid handle error because pipe handles and process/thread handles are closed twice when execCmdEx proc in osproc module is called.

This PR adds error check code to closeHandle, doesn't close handles twice and set INVALID_HANDLE_VALUE or 0 after the handle is closed so that finding handle use after close is easier.

According to this blog post, invalid handle value of a file handle and a process/thread handle is different.
https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443


# You may NOT close outputStream and errorStream.
assert p.outStream == nil or FileHandleStream(p.outStream).handle != INVALID_HANDLE_VALUE
assert p.errStream == nil or FileHandleStream(p.errStream).handle != INVALID_HANDLE_VALUE
Copy link
Collaborator

@juancarlospaco juancarlospaco Dec 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

doAssert because is an important check, and add a descriptive error message to it IMHO.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it should be doAssert.
As far as I know, these asserts fails only when close(p: Process) was called or outputStream/errorStream was closed before close(p: Process) is called.
These errors can be detected if assert was on.
If no asserts failed when assert was on, these error should never happen in -d:danger build.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these error should never happen in -d:danger build.

they could, because a different code path can be executed based on runtime conditions that would only be run in production. Generally, there's no point in skipping some assert if the cost of the check is dwarfed by the cost of the proc it lives in, which is the case here (the syscall would dwarf a simple check)

@alaviss
Copy link
Collaborator

alaviss commented Dec 18, 2020

If possible, please provide ways to close I/O handles from user code, as it is needed for some use cases (like execCmdEx) and is currently incorrectly done via closing the .inputHandle, which leaves the handle to be closed an another time with process.close().

@juancarlospaco
Copy link
Collaborator

If you gonna tweak a close() is not better to make a destructor ?. 🤔

@Araq Araq merged commit dcdbae7 into nim-lang:devel Dec 18, 2020
@Araq
Copy link
Member

Araq commented Dec 18, 2020

If you gonna tweak a close() is not better to make a destructor ?.

That would be a refactoring, for another time where we patched the stdlib to use destructors... :-)

@planetis-m
Copy link
Contributor

Thank you for fixing this :)

@demotomohiro
Copy link
Contributor Author

If possible, please provide ways to close I/O handles from user code, as it is needed for some use cases (like execCmdEx) and is currently incorrectly done via closing the .inputHandle, which leaves the handle to be closed an another time with process.close().

In osproc's Posix code, it seems closing Stream before calling close(p: Process) is safe.
It checks nil before closing the file handle and sets nil to the file handle when stream is closed.
File handles of pipes are closed same way in close(p: Process).

This PR fix the problem in windows implementation in the same way and you can close input stream safely before closing process.
But closing output/error stream cause assertion fail because I don't think it doesn't need to be closed before closing process.
You need to close process.inHandle when you want to send end of file to child process. But is there any case you need to close outHandle or errHandle before the child process exit?

@demotomohiro demotomohiro deleted the fix-osproc-close-twice branch December 18, 2020 10:29
raiseOSError(osLastError())

proc fileClose[T: Handle | FileHandle](h: var T) {.inline.} =
if h > 4:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@demotomohiro pre-existing but where does this magic h > 4 comes from? shouldn't that at least be h > 2 ?

eg assuming stdin=0,stdout=1,stderr=2, what about files with fileno equal to 3 or 4 ?

at very least we need a comment explanining where this comes from

narimiran pushed a commit that referenced this pull request Dec 19, 2020
…#16385) [backport]

* Add error check to closeHandle and fix closing handle twice in osproc

* Fix compile error on Linux

(cherry picked from commit dcdbae7)
narimiran pushed a commit that referenced this pull request Dec 19, 2020
…#16385) [backport]

* Add error check to closeHandle and fix closing handle twice in osproc

* Fix compile error on Linux

(cherry picked from commit dcdbae7)
mildred pushed a commit to mildred/Nim that referenced this pull request Jan 11, 2021
…nim-lang#16385) [backport]

* Add error check to closeHandle and fix closing handle twice in osproc

* Fix compile error on Linux
ardek66 pushed a commit to ardek66/Nim that referenced this pull request Mar 26, 2021
…nim-lang#16385) [backport]

* Add error check to closeHandle and fix closing handle twice in osproc

* Fix compile error on Linux
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants