gre-ilya/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unix: use posix_spawn instead of fork (#3520)

Browse Source 
Remove the conditionals so that posix_spawn will be used whenever
possible, and not only on Apple.

Tests specifically if posix_spawn works before using it: it is broken
on QEMU with glibc, for example, since fork/clone is broken there.
This commit is contained in:
Jameson Nash 2026-03-25 20:21:11 -04:00 committed by GitHub
parent d19855c702
commit 40d45efebf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 106 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
src/unix/process.c
View File

@ -33,15 +33,13 @@
#include <sys/wait.h> #include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h> #include <fcntl.h>
#include <poll.h> #include <spawn.h>
#include <paths.h>
#include <dlfcn.h>
#if defined(__APPLE__) #if defined(__APPLE__)
# include <spawn.h>
# include <paths.h>
# include <sys/kauth.h> # include <sys/kauth.h>
# include <sys/types.h>
# include <sys/sysctl.h> # include <sys/sysctl.h>
# include <dlfcn.h>
# include <crt_externs.h> # include <crt_externs.h>
# include <xlocale.h> # include <xlocale.h>
# define environ (*_NSGetEnviron()) # define environ (*_NSGetEnviron())
@ -53,6 +51,9 @@
#else #else
extern char **environ; extern char **environ;
#ifndef POSIX_SPAWN_SETSID
# define POSIX_SPAWN_SETSID 0
#endif
#endif #endif
#if defined(__linux__) || \ #if defined(__linux__) || \
@ -70,6 +71,15 @@ extern char **environ;
#define UV_USE_SIGCHLD #define UV_USE_SIGCHLD
#endif #endif
static uv_once_t posix_spawn_init_once = UV_ONCE_INIT;
static int posix_spawn_can_use_setsid;
static volatile int posix_spawn_works;
static struct uv__posix_spawn_fncs_s {
struct {
int (*addchdir)(posix_spawn_file_actions_t *, const char *);
} file_actions;
} posix_spawn_fncs;
#ifdef UV_USE_SIGCHLD #ifdef UV_USE_SIGCHLD
static void uv__chld(uv_signal_t* handle, int signum) { static void uv__chld(uv_signal_t* handle, int signum) {
@ -423,25 +433,6 @@ static void uv__process_child_init(const uv_process_options_t* options,
#if defined(__APPLE__) #if defined(__APPLE__)
typedef struct uv__posix_spawn_fncs_tag {
struct {
int (*addchdir_np)(const posix_spawn_file_actions_t *, const char *);
} file_actions;
} uv__posix_spawn_fncs_t;
static uv_once_t posix_spawn_init_once = UV_ONCE_INIT;
static uv__posix_spawn_fncs_t posix_spawn_fncs;
static int posix_spawn_can_use_setsid;
static void uv__spawn_init_posix_spawn_fncs(void) {
/* Try to locate all non-portable functions at runtime */
posix_spawn_fncs.file_actions.addchdir_np =
dlsym(RTLD_DEFAULT, "posix_spawn_file_actions_addchdir_np");
}
static void uv__spawn_init_can_use_setsid(void) { static void uv__spawn_init_can_use_setsid(void) {
int which[] = {CTL_KERN, KERN_OSRELEASE}; int which[] = {CTL_KERN, KERN_OSRELEASE};
unsigned major; unsigned major;
@ -460,20 +451,52 @@ static void uv__spawn_init_can_use_setsid(void) {
posix_spawn_can_use_setsid = (major >= 19); /* macOS Catalina */ posix_spawn_can_use_setsid = (major >= 19); /* macOS Catalina */
} }
#endif
static void uv__spawn_init_posix_spawn(void) { static void uv__spawn_init_posix_spawn(void) {
/* Init handles to all potentially non-defined functions */ #if !defined(__linux__)
uv__spawn_init_posix_spawn_fncs(); posix_spawn_works = 1;
#elif !defined(__ANDROID__)
pid_t pid;
int status;
/* Init feature detection for POSIX_SPAWN_SETSID flag */ /* Probe whether vfork()/clone(CLONE_VM) correctly shares the address space,
* i.e. a write by the child before _exit() is visible to the parent once it
* resumes. On Linux vfork() is equivalent to
* clone(CLONE_VM|CLONE_VFORK|SIGCHLD). On QEMU and WSL1, CLONE_VM is broken,
* resulting in glibc errors if we try to use posix_spawn(). */
posix_spawn_works = 0;
pid = vfork();
if (pid == 0) {
posix_spawn_works = 1;
_exit(0);
}
if (pid > 0)
waitpid(pid, &status, 0);
#endif
/* Try to locate all new functions at runtime.
* Expected on macOS, glibc, and musl. */
posix_spawn_fncs.file_actions.addchdir =
dlsym(RTLD_DEFAULT, "posix_spawn_file_actions_addchdir");
if (posix_spawn_fncs.file_actions.addchdir == NULL)
posix_spawn_fncs.file_actions.addchdir =
dlsym(RTLD_DEFAULT, "posix_spawn_file_actions_addchdir_np");
#ifdef __APPLE__
/* Init feature detection for POSIX_SPAWN_SETSID flag. */
uv__spawn_init_can_use_setsid(); uv__spawn_init_can_use_setsid();
#elif POSIX_SPAWN_SETSID != 0
/* Otherwise, if SETSID is defined, we can use it
* (added in glibc 2.26 circa 2017). */
posix_spawn_can_use_setsid = 1;
#endif
} }
static int uv__spawn_set_posix_spawn_attrs( static int uv__spawn_set_posix_spawn_attrs(
posix_spawnattr_t* attrs, posix_spawnattr_t* attrs,
const uv__posix_spawn_fncs_t* posix_spawn_fncs,
const uv_process_options_t* options) { const uv_process_options_t* options) {
int err; int err;
unsigned int flags; unsigned int flags;
@ -495,18 +518,17 @@ static int uv__spawn_set_posix_spawn_attrs(
} }
/* Set flags for spawn behavior /* Set flags for spawn behavior
* 1) POSIX_SPAWN_CLOEXEC_DEFAULT: (Apple Extension) All descriptors in the * 1) POSIX_SPAWN_SETSIGDEF: Signals mentioned in spawn-sigdefault in the
* spawn attributes will be reset to behave as their default
* 2) POSIX_SPAWN_SETSIGMASK: Signal mask will be set to the value of
* spawn-sigmask in attributes
* 3) POSIX_SPAWN_SETSID: Make the process a new session leader if a detached
* session was requested.
* 4) POSIX_SPAWN_CLOEXEC_DEFAULT: (Apple Extension) All descriptors in the
* parent will be treated as if they had been created with O_CLOEXEC. The * parent will be treated as if they had been created with O_CLOEXEC. The
* only fds that will be passed on to the child are those manipulated by * only fds that will be passed on to the child are those manipulated by
* the file actions * the file actions */
* 2) POSIX_SPAWN_SETSIGDEF: Signals mentioned in spawn-sigdefault in the flags = POSIX_SPAWN_SETSIGDEF |
* spawn attributes will be reset to behave as their default
* 3) POSIX_SPAWN_SETSIGMASK: Signal mask will be set to the value of
* spawn-sigmask in attributes
* 4) POSIX_SPAWN_SETSID: Make the process a new session leader if a detached
* session was requested. */
flags = POSIX_SPAWN_CLOEXEC_DEFAULT |
POSIX_SPAWN_SETSIGDEF |
POSIX_SPAWN_SETSIGMASK; POSIX_SPAWN_SETSIGMASK;
if (options->flags & UV_PROCESS_DETACHED) { if (options->flags & UV_PROCESS_DETACHED) {
/* If running on a version of macOS where this flag is not supported, /* If running on a version of macOS where this flag is not supported,
@ -519,6 +541,9 @@ static int uv__spawn_set_posix_spawn_attrs(
flags |= POSIX_SPAWN_SETSID; flags |= POSIX_SPAWN_SETSID;
} }
#ifdef __APPLE__
flags |= POSIX_SPAWN_CLOEXEC_DEFAULT;
#endif
err = posix_spawnattr_setflags(attrs, flags); err = posix_spawnattr_setflags(attrs, flags);
if (err != 0) if (err != 0)
goto error; goto error;
@ -545,7 +570,6 @@ error:
static int uv__spawn_set_posix_spawn_file_actions( static int uv__spawn_set_posix_spawn_file_actions(
posix_spawn_file_actions_t* actions, posix_spawn_file_actions_t* actions,
const uv__posix_spawn_fncs_t* posix_spawn_fncs,
const uv_process_options_t* options, const uv_process_options_t* options,
int stdio_count, int stdio_count,
int (*pipes)[2]) { int (*pipes)[2]) {
@ -562,12 +586,12 @@ static int uv__spawn_set_posix_spawn_file_actions(
/* Set the current working directory if requested */ /* Set the current working directory if requested */
if (options->cwd != NULL) { if (options->cwd != NULL) {
if (posix_spawn_fncs->file_actions.addchdir_np == NULL) { if (posix_spawn_fncs.file_actions.addchdir == NULL) {
err = ENOSYS; err = ENOSYS;
goto error; goto error;
} }
err = posix_spawn_fncs->file_actions.addchdir_np(actions, options->cwd); err = posix_spawn_fncs.file_actions.addchdir(actions, options->cwd);
if (err != 0) if (err != 0)
goto error; goto error;
} }
@ -580,8 +604,16 @@ static int uv__spawn_set_posix_spawn_file_actions(
* stdout and stderr go to the same fd, which was not the intention. */ * stdout and stderr go to the same fd, which was not the intention. */
for (fd = 0; fd < stdio_count; fd++) { for (fd = 0; fd < stdio_count; fd++) {
use_fd = pipes[fd][1]; use_fd = pipes[fd][1];
#if defined(__APPLE__) || defined(__linux__)
if (use_fd < 0 || use_fd >= fd) if (use_fd < 0 || use_fd >= fd)
continue; continue;
#else
/* The behavior of posix_spawn_file_actions_adddup2 may be undefined if
* use_fd==fd, so we do this extra little dance to copy it up and back, on
* platforms where we aren't sure if it works. */
if (use_fd < 0 || use_fd > fd)
continue;
#endif
use_fd = stdio_count; use_fd = stdio_count;
for (fd2 = 0; fd2 < stdio_count; fd2++) { for (fd2 = 0; fd2 < stdio_count; fd2++) {
/* If we were not setting POSIX_SPAWN_CLOEXEC_DEFAULT, we would need to /* If we were not setting POSIX_SPAWN_CLOEXEC_DEFAULT, we would need to
@ -623,9 +655,11 @@ static int uv__spawn_set_posix_spawn_file_actions(
} }
} }
#ifdef __APPLE__
if (fd == use_fd) if (fd == use_fd)
err = posix_spawn_file_actions_addinherit_np(actions, fd); err = posix_spawn_file_actions_addinherit_np(actions, fd);
else else
#endif
err = posix_spawn_file_actions_adddup2(actions, use_fd, fd); err = posix_spawn_file_actions_adddup2(actions, use_fd, fd);
assert(err != ENOSYS); assert(err != ENOSYS);
if (err != 0) if (err != 0)
@ -781,22 +815,24 @@ static int uv__spawn_resolve_and_spawn(const uv_process_options_t* options,
static int uv__spawn_and_init_child_posix_spawn( static int uv__spawn_and_init_child_posix_spawn(
uv_loop_t* loop,
const uv_process_options_t* options, const uv_process_options_t* options,
int stdio_count, int stdio_count,
int (*pipes)[2], int (*pipes)[2],
pid_t* pid, pid_t* pid) {
const uv__posix_spawn_fncs_t* posix_spawn_fncs) {
int err; int err;
posix_spawnattr_t attrs; posix_spawnattr_t attrs;
posix_spawn_file_actions_t actions; posix_spawn_file_actions_t actions;
err = uv__spawn_set_posix_spawn_attrs(&attrs, posix_spawn_fncs, options); if (!posix_spawn_works)
return UV_ENOSYS;
err = uv__spawn_set_posix_spawn_attrs(&attrs, options);
if (err != 0) if (err != 0)
goto error; goto error;
/* This may mutate pipes. */ /* This may mutate pipes. */
err = uv__spawn_set_posix_spawn_file_actions(&actions, err = uv__spawn_set_posix_spawn_file_actions(&actions,
posix_spawn_fncs,
options, options,
stdio_count, stdio_count,
pipes); pipes);
@ -805,12 +841,23 @@ static int uv__spawn_and_init_child_posix_spawn(
goto error; goto error;
} }
#ifndef __APPLE__
/* Acquire write lock to prevent opening new fds in worker threads.
* Unnecessary on Apple, since we set POSIX_SPAWN_CLOEXEC_DEFAULT. */
uv_rwlock_wrlock(&loop->cloexec_lock);
#endif
/* Try to spawn options->file resolving in the provided environment /* Try to spawn options->file resolving in the provided environment
* if any */ * if any. */
err = uv__spawn_resolve_and_spawn(options, &attrs, &actions, pid); err = uv__spawn_resolve_and_spawn(options, &attrs, &actions, pid);
assert(err != ENOSYS); assert(err != ENOSYS);
/* Destroy the actions/attributes */ #ifndef __APPLE__
/* Release lock in parent process. */
uv_rwlock_wrunlock(&loop->cloexec_lock);
#endif
/* Destroy the actions/attributes. */
(void) posix_spawn_file_actions_destroy(&actions); (void) posix_spawn_file_actions_destroy(&actions);
(void) posix_spawnattr_destroy(&attrs); (void) posix_spawnattr_destroy(&attrs);
@ -819,7 +866,7 @@ error:
* already destroyed, only the happy path requires cleanup */ * already destroyed, only the happy path requires cleanup */
return UV__ERR(err); return UV__ERR(err);
} }
#endif
static int uv__spawn_and_init_child_fork(const uv_process_options_t* options, static int uv__spawn_and_init_child_fork(const uv_process_options_t* options,
int stdio_count, int stdio_count,
@ -874,36 +921,21 @@ static int uv__spawn_and_init_child(
int exec_errorno; int exec_errorno;
ssize_t r; ssize_t r;
#if defined(__APPLE__)
uv_once(&posix_spawn_init_once, uv__spawn_init_posix_spawn); uv_once(&posix_spawn_init_once, uv__spawn_init_posix_spawn);
/* Special child process spawn case for macOS Big Sur (11.0) onwards /* Calling posix_spawn is considerably faster, if it supports the given
* * options. The posix_spawn flow will return UV_ENOSYS if any of the
* Big Sur introduced a significant performance degradation on a call to * posix_spawn_x_np non-standard functions is both _needed_ and _undefined_.
* fork/exec when the process has many pages mmaped in with MAP_JIT, like, say * In those cases, default back to the fork/execve strategy. For all other
* a javascript interpreter. Electron-based applications, for example, * errors, just fail. */
* are impacted; though the magnitude of the impact depends on how much the err = uv__spawn_and_init_child_posix_spawn(loop,
* app relies on subprocesses. options,
*
* On macOS, though, posix_spawn is implemented in a way that does not
* exhibit the problem. This block implements the forking and preparation
* logic with posix_spawn and its related primitives. It also takes advantage of
* the macOS extension POSIX_SPAWN_CLOEXEC_DEFAULT that makes impossible to
* leak descriptors to the child process. */
err = uv__spawn_and_init_child_posix_spawn(options,
stdio_count, stdio_count,
pipes, pipes,
pid, pid);
&posix_spawn_fncs);
/* The posix_spawn flow will return UV_ENOSYS if any of the posix_spawn_x_np
* non-standard functions is both _needed_ and _undefined_. In those cases,
* default back to the fork/execve strategy. For all other errors, just fail. */
if (err != UV_ENOSYS) if (err != UV_ENOSYS)
return err; return err;
#endif
/* This pipe is used by the parent to wait until /* This pipe is used by the parent to wait until
* the child has called `execve()`. We need this * the child has called `execve()`. We need this
* to avoid the following race condition: * to avoid the following race condition:
@ -928,12 +960,12 @@ static int uv__spawn_and_init_child(
if (err) if (err)
return err; return err;
/* Acquire write lock to prevent opening new fds in worker threads */ /* Acquire write lock to prevent opening new fds in worker threads. */
uv_rwlock_wrlock(&loop->cloexec_lock); uv_rwlock_wrlock(&loop->cloexec_lock);
err = uv__spawn_and_init_child_fork(options, stdio_count, pipes, signal_pipe[1], pid); err = uv__spawn_and_init_child_fork(options, stdio_count, pipes, signal_pipe[1], pid);
/* Release lock in parent process */ /* Release lock in parent process. */
uv_rwlock_wrunlock(&loop->cloexec_lock); uv_rwlock_wrunlock(&loop->cloexec_lock);
uv__close(signal_pipe[1]); uv__close(signal_pipe[1]);
@ -968,6 +1000,7 @@ static int uv__spawn_and_init_child(
} }
#endif /* ISN'T TARGET_OS_TV || TARGET_OS_WATCH */ #endif /* ISN'T TARGET_OS_TV || TARGET_OS_WATCH */
int uv_spawn(uv_loop_t* loop, int uv_spawn(uv_loop_t* loop,
uv_process_t* process, uv_process_t* process,
const uv_process_options_t* options) { const uv_process_options_t* options) {