Merge pull request #2859 from nguerrera/shim-exec

Move ForkAndExecProcess shim from coreclr to corefx

Author: nguerrera

src/Common/src/Interop/Unix/libcoreclr/Interop.ForkAndExecProcess.cs renamed to src/Common/src/Interop/Unix/System.Native/Interop.ForkAndExecProcess.cs

@@ -8,7 +8,7 @@
 
 internal static partial class Interop
 {
-    internal static partial class libcoreclr
+    internal static partial class Sys
     {
         internal static unsafe int ForkAndExecProcess(
             string filename, string[] argv, string[] envp, string cwd,
@@ -32,7 +32,7 @@ internal static unsafe int ForkAndExecProcess(
             }
         }
 
-        [DllImport(Libraries.LibCoreClr, SetLastError = true)]
+        [DllImport(Libraries.SystemNative, SetLastError = true)]
         private static extern unsafe int ForkAndExecProcess(
             string filename, byte** argv, byte** envp, string cwd,
             int redirectStdin, int redirectStdout, int redirectStderr,

src/Native/System.Native/CMakeLists.txt

@@ -2,6 +2,7 @@ project(System.Native)
 
 set(NATIVE_SOURCES
     pal_errno.cpp
+    pal_exec.cpp
     pal_stat.cpp
 )
 

src/Native/System.Native/pal_exec.cpp

@@ -0,0 +1,144 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+#include "../config.h"
+#include "pal_exec.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+enum
+{
+    READ_END_OF_PIPE = 0,
+    WRITE_END_OF_PIPE = 1,
+};
+    
+static void CloseIfOpen(int fd)
+{
+    // Ignoring errors from close is a deliberate choice and we musn't
+    // let close during cleanup on a failure path disturb errno.
+    if (fd >= 0)
+    {
+        int priorErrno = errno;
+        close(fd);
+        errno = priorErrno;
+    }
+}
+
+extern "C"
+int32_t ForkAndExecProcess(
+    const char* filename,
+    char* const argv[],
+    char* const envp[],
+    const char* cwd,
+    int32_t redirectStdin,
+    int32_t redirectStdout,
+    int32_t redirectStderr,
+    int32_t* childPid,
+    int32_t* stdinFd,
+    int32_t* stdoutFd,
+    int32_t* stderrFd)
+{
+    int success = true;
+    int stdinFds[2] = { -1, -1 }, stdoutFds[2] = { -1, -1 }, stderrFds[2] = { -1, -1 };
+    int processId = -1;
+
+    // Validate arguments
+    if (nullptr == filename || nullptr == argv || nullptr == envp ||
+        nullptr == stdinFd || nullptr == stdoutFd || nullptr == stderrFd ||
+        nullptr == childPid)
+    {
+        assert(!"null argument.");
+        errno = EINVAL;
+        success = false;
+        goto done;
+    }
+
+    if ((redirectStdin  & ~1) != 0 ||
+        (redirectStdout & ~1) != 0 ||
+        (redirectStderr & ~1) != 0)
+    {
+        assert(!"Boolean redirect* inputs must be 0 or 1.");
+        errno = EINVAL;
+        success = false;
+        goto done;
+    }
+
+    // Open pipes for any requests to redirect stdin/stdout/stderr
+    if ((redirectStdin  && pipe(stdinFds)  != 0) ||
+        (redirectStdout && pipe(stdoutFds) != 0) ||
+        (redirectStderr && pipe(stderrFds) != 0))
+    {
+        assert(!"pipe() failed.");
+        success = false;
+        goto done;
+    }
+
+    // Fork the child process
+    if ((processId = fork()) == -1)
+    {
+        assert(!"fork() failed.");
+        success = false;
+        goto done;
+    }
+
+    if (processId == 0) // processId == 0 if this is child process
+    {
+        // Close the child's copy of the parent end of any open pipes
+        CloseIfOpen(stdinFds[WRITE_END_OF_PIPE]);
+        CloseIfOpen(stdoutFds[READ_END_OF_PIPE]);
+        CloseIfOpen(stderrFds[READ_END_OF_PIPE]);
+
+        // For any redirections that should happen, dup the pipe descriptors onto stdin/out/err.
+        // Then close out the old pipe descriptrs, which we no longer need.
+        if ((redirectStdin  && dup2(stdinFds[READ_END_OF_PIPE],   STDIN_FILENO)  == -1) ||
+            (redirectStdout && dup2(stdoutFds[WRITE_END_OF_PIPE], STDOUT_FILENO) == -1) ||
+            (redirectStderr && dup2(stderrFds[WRITE_END_OF_PIPE], STDERR_FILENO) == -1))
+        {
+            _exit(errno != 0 ? errno : EXIT_FAILURE);
+        }
+        CloseIfOpen(stdinFds[READ_END_OF_PIPE]);
+        CloseIfOpen(stdoutFds[WRITE_END_OF_PIPE]);
+        CloseIfOpen(stderrFds[WRITE_END_OF_PIPE]);
+
+        // Change to the designated working directory, if one was specified
+        if (nullptr != cwd && chdir(cwd) == -1)
+        {
+            _exit(errno != 0 ? errno : EXIT_FAILURE);
+        }
+
+        // Finally, execute the new process.  execve will not return if it's successful.
+        execve(filename, (char**)argv, (char**)envp);
+        _exit(errno != 0 ? errno : EXIT_FAILURE); // execve failed
+    }
+
+    // This is the parent process. processId == pid of the child
+    *childPid = processId;
+    *stdinFd = stdinFds[WRITE_END_OF_PIPE];
+    *stdoutFd = stdoutFds[READ_END_OF_PIPE];
+    *stderrFd = stderrFds[READ_END_OF_PIPE];
+
+done:
+    // Regardless of success or failure, close the parent's copy of the child's end of
+    // any opened pipes.  The parent doesn't need them anymore.
+    CloseIfOpen(stdinFds[READ_END_OF_PIPE]);
+    CloseIfOpen(stdoutFds[WRITE_END_OF_PIPE]);
+    CloseIfOpen(stderrFds[WRITE_END_OF_PIPE]);
+
+    // If we failed, close everything else and give back error values in all out arguments.
+    if (!success)
+    {
+        CloseIfOpen(stdinFds[WRITE_END_OF_PIPE]);
+        CloseIfOpen(stdoutFds[READ_END_OF_PIPE]);
+        CloseIfOpen(stderrFds[READ_END_OF_PIPE]);
+
+        *stdinFd  = -1;
+        *stdoutFd = -1;
+        *stderrFd = -1;
+        *childPid = -1;
+    }
+    
+    return success ? 0 : -1;
+}

src/Native/System.Native/pal_exec.h

@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+#pragma once
+
+#include <stdint.h>
+
+/**
+ * Used by System.Diagnostics.Process.Start to fork/exec a new process.
+ *
+ * This function takes the place of directly using fork and execve from managed code,
+ * in order to avoid executing managed code in the child process in the window between
+ * fork and execve, which is not safe.
+ *
+ * As would have been the case with fork/execve, a return value of 0 is success and -1
+ * is failure; if failure, error information is provided in errno.
+ */
+extern "C"
+int32_t ForkAndExecProcess(
+    const char* filename,    // filename argument to execve
+    char* const argv[],      // argv argument to execve
+    char* const envp[],      // envp argument to execve
+    const char* cwd,         // path passed to chdir in child process
+    int32_t redirectStdin,    // whether to redirect standard input from the parent
+    int32_t redirectStdout,   // whether to redirect standard output to the parent
+    int32_t redirectStderr,   // whether to redirect standard error to the parent
+    int32_t* childPid,        // [out] the child process' id
+    int32_t* stdinFd,         // [out] if redirectStdin, the parent's fd for the child's stdin
+    int32_t* stdoutFd,        // [out] if redirectStdout, the parent's fd for the child's stdout
+    int32_t* stderrFd);       // [out] if redirectStderr, the parent's fd for the child's stderr

src/System.Diagnostics.Process/src/System.Diagnostics.Process.csproj

@@ -258,7 +258,7 @@
     <Compile Include="$(CommonPath)\Interop\Unix\libc\Interop.waitpid.cs">
       <Link>Common\Interop\Unix\Interop.waitpid.cs</Link>
     </Compile>
-    <Compile Include="$(CommonPath)\Interop\Unix\libcoreclr\Interop.ForkAndExecProcess.cs">
+    <Compile Include="$(CommonPath)\Interop\Unix\System.Native\Interop.ForkAndExecProcess.cs">
       <Link>Common\Interop\Unix\Interop.ForkAndExecProcess.cs</Link>
     </Compile>
     <Compile Include="$(CommonPath)\Interop\Unix\libc\Interop.getsid.cs">

src/System.Diagnostics.Process/src/System/Diagnostics/Process.Unix.cs

@@ -206,13 +206,13 @@ private bool StartCore(ProcessStartInfo startInfo)
             string[] envp = CreateEnvp(startInfo);
             string cwd = !string.IsNullOrWhiteSpace(startInfo.WorkingDirectory) ? startInfo.WorkingDirectory : null;
 
-            // Invoke the runtime's fork/execve routine.  It will create pipes for all requested
+            // Invoke the shim fork/execve routine.  It will create pipes for all requested
             // redirects, fork a child process, map the pipe ends onto the appropriate stdin/stdout/stderr
-            // descriptors, and execve to execute the requested process.  The runtime's implementation
+            // descriptors, and execve to execute the requested process.  The shim implementation
             // is used to fork/execve as executing managed code in a forked process is not safe (only
             // the calling thread will transfer, thread IDs aren't stable across the fork, etc.)
             int childPid, stdinFd, stdoutFd, stderrFd;
-            if (Interop.libcoreclr.ForkAndExecProcess(
+            if (Interop.Sys.ForkAndExecProcess(
                 filename, argv, envp, cwd,
                 startInfo.RedirectStandardInput, startInfo.RedirectStandardOutput, startInfo.RedirectStandardError,
                 out childPid,