Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document safety of fork() and fix tests #695

Merged
merged 3 commits into from
Jul 23, 2017
Merged

Document safety of fork() and fix tests #695

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7128f15
Document invariants of fork and fix tests
jonas-schievink Jul 20, 2017
f793d5f
Remove unneeded local
jonas-schievink Jul 22, 2017
91fa117
Replace remaining process::exit with libc::_exit
jonas-schievink Jul 22, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions src/unistd.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,18 @@ impl ForkResult {
/// Continuing execution in parent process, new child has pid: 1234
/// I'm a new child process
/// ```
///
/// # Safety
///
/// In a multithreaded program, only [async-signal-safe] functions like `pause`
/// and `_exit` may be called by the child (the parent isn't restricted). Note
/// that memory allocation may **not** be async-signal-safe and thus must be
/// prevented.
///
/// Those functions are only a small subset of your operating system's API, so
/// special care must be taken to only invoke code you can control and audit.
///
/// [async-signal-safe]: http://man7.org/linux/man-pages/man7/signal-safety.7.html
#[inline]
pub fn fork() -> Result<ForkResult> {
use self::ForkResult::*;
Expand Down Expand Up @@ -687,7 +699,7 @@ pub fn gethostname<'a>(buffer: &'a mut [u8]) -> Result<&'a CStr> {
/// use nix::unistd::close;
///
/// fn main() {
/// let mut f = tempfile::tempfile().unwrap();
/// let f = tempfile::tempfile().unwrap();
/// close(f.as_raw_fd()).unwrap(); // Bad! f will also close on drop!
/// }
/// ```
Expand All @@ -700,7 +712,7 @@ pub fn gethostname<'a>(buffer: &'a mut [u8]) -> Result<&'a CStr> {
/// use nix::unistd::close;
///
/// fn main() {
/// let mut f = tempfile::tempfile().unwrap();
/// let f = tempfile::tempfile().unwrap();
/// close(f.into_raw_fd()).unwrap(); // Good. into_raw_fd consumes f
/// }
/// ```
Expand Down
11 changes: 7 additions & 4 deletions test/sys/test_wait.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,16 @@ use nix::unistd::*;
use nix::unistd::ForkResult::*;
use nix::sys::signal::*;
use nix::sys::wait::*;
use libc::exit;
use libc::_exit;

#[test]
fn test_wait_signal() {
#[allow(unused_variables)]
let m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test");

// Safe: The child only calls `pause` and/or `_exit`, which are async-signal-safe.
match fork() {
Ok(Child) => pause().unwrap_or(()),
Ok(Child) => pause().unwrap_or_else(|_| unsafe { _exit(123) }),
Ok(Parent { child }) => {
kill(child, Some(SIGKILL)).ok().expect("Error: Kill Failed");
assert_eq!(waitpid(child, None), Ok(WaitStatus::Signaled(child, SIGKILL, false)));
Expand All @@ -25,8 +26,9 @@ fn test_wait_exit() {
#[allow(unused_variables)]
let m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test");

// Safe: Child only calls `_exit`, which is async-signal-safe.
match fork() {
Ok(Child) => unsafe { exit(12); },
Ok(Child) => unsafe { _exit(12); },
Ok(Parent { child }) => {
assert_eq!(waitpid(child, None), Ok(WaitStatus::Exited(child, 12)));
},
Expand All @@ -46,13 +48,14 @@ mod ptrace {
use nix::unistd::*;
use nix::unistd::ForkResult::*;
use std::{ptr, process};
use libc::_exit;

fn ptrace_child() -> ! {
let _ = ptrace(PTRACE_TRACEME, Pid::from_raw(0), ptr::null_mut(), ptr::null_mut());
// As recommended by ptrace(2), raise SIGTRAP to pause the child
// until the parent is ready to continue
let _ = raise(SIGTRAP);
process::exit(0)
unsafe { _exit(0) }
}

fn ptrace_parent(child: Pid) {
Expand Down
17 changes: 11 additions & 6 deletions test/test_unistd.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,16 @@ use std::io::Write;
use std::os::unix::prelude::*;
use tempfile::tempfile;
use tempdir::TempDir;
use libc::off_t;
use std::process::exit;
use libc::{_exit, off_t};

#[test]
fn test_fork_and_waitpid() {
#[allow(unused_variables)]
let m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test");
let pid = fork();
match pid {
Ok(Child) => exit(0),

// Safe: Child only calls `_exit`, which is signal-safe
match fork() {
Ok(Child) => unsafe { _exit(0) },
Ok(Parent { child }) => {
// assert that child was created and pid > 0
let child_raw: ::libc::pid_t = child.into();
Expand Down Expand Up @@ -48,9 +48,11 @@ fn test_wait() {
// Grab FORK_MTX so wait doesn't reap a different test's child process
#[allow(unused_variables)]
let m = ::FORK_MTX.lock().expect("Mutex got poisoned by another test");

// Safe: Child only calls `_exit`, which is signal-safe
let pid = fork();
match pid {
Ok(Child) => exit(0),
Ok(Child) => unsafe { _exit(0) },
Ok(Parent { child }) => {
let wait_status = wait();

Expand Down Expand Up @@ -111,6 +113,9 @@ macro_rules! execve_test_factory(
// data from `reader`.
let (reader, writer) = pipe().unwrap();

// Safe: Child calls `exit`, `dup`, `close` and the provided `exec*` family function.
// NOTE: Technically, this makes the macro unsafe to use because you could pass anything.
// The tests make sure not to do that, though.
match fork().unwrap() {
Child => {
#[cfg(not(target_os = "android"))]
Expand Down