gh-132124: improve safety nets for creating AF_UNIX socket files #134085
+87
−5
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -19,7 +19,7 @@ | |
| from . import process | ||
|
|
||
| __all__ = [ | ||
| 'sub_debug', 'debug', 'info', 'sub_warning', 'warn', 'get_logger', | ||
| 'log_to_stderr', 'get_temp_dir', 'register_after_fork', | ||
| 'is_exiting', 'Finalize', 'ForkAwareThreadLock', 'ForkAwareLocal', | ||
| 'close_all_fds_except', 'SUBDEBUG', 'SUBWARNING', | ||
|
|
@@ -34,6 +34,7 @@ | |
| DEBUG = 10 | ||
| INFO = 20 | ||
| SUBWARNING = 25 | ||
| WARNING = 30 | ||
|
|
||
| LOGGER_NAME = 'multiprocessing' | ||
| DEFAULT_LOGGING_FORMAT = '[%(levelname)s/%(processName)s] %(message)s' | ||
|
|
@@ -53,6 +54,10 @@ def info(msg, *args): | |
| if _logger: | ||
| _logger.log(INFO, msg, *args, stacklevel=2) | ||
|
|
||
| def warn(msg, *args): | ||
| if _logger: | ||
| _logger.log(WARNING, msg, *args, stacklevel=2) | ||
|
|
||
| def sub_warning(msg, *args): | ||
| if _logger: | ||
| _logger.log(SUBWARNING, msg, *args, stacklevel=2) | ||
|
|
@@ -121,6 +126,21 @@ def is_abstract_socket_namespace(address): | |
| # Function returning a temp directory which will be removed on exit | ||
| # | ||
|
|
||
| # Maximum length of a socket file path is usually between 92 and 108 [1], | ||
| # but Linux is known to use a size of 108 [2]. BSD-based systems usually | ||
| # use a size of 104 or 108 and Windows does not create AF_UNIX sockets. | ||
| # | ||
| # [1]: https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/sys_un.h.html | ||
| # [2]: https://man7.org/linux/man-pages/man7/unix.7.html. | ||
|
|
||
| if sys.platform == 'linux': | ||
| _SUN_PATH_MAX = 108 | ||
|
There was a problem hiding this comment. This |
||
| elif sys.platform.startswith(('openbsd', 'freebsd')): | ||
| _SUN_PATH_MAX = 104 | ||
| else: | ||
| # On Windows platforms, we do not create AF_UNIX sockets. | ||
| _SUN_PATH_MAX = None if os.name == 'nt' else 92 | ||
|
|
||
| def _remove_temp_dir(rmtree, tempdir): | ||
| rmtree(tempdir) | ||
|
|
||
|
|
@@ -130,12 +150,67 @@ def _remove_temp_dir(rmtree, tempdir): | |
| if current_process is not None: | ||
| current_process._config['tempdir'] = None | ||
|
|
||
| def _get_base_temp_dir(tempfile): | ||
| """Get a temporary directory where socket files will be created. | ||
|
|
||
| To prevent additional imports, pass a pre-imported 'tempfile' module. | ||
| """ | ||
| if os.name == 'nt': | ||
| return None | ||
| # Most of the time, the default temporary directory is /tmp. Thus, | ||
| # listener sockets files "$TMPDIR/pymp-XXXXXXXX/sock-XXXXXXXX" do | ||
| # not have a path length exceeding SUN_PATH_MAX. | ||
| # | ||
| # If users specify their own temporary directory, we may be unable | ||
| # to create those files. Therefore, we fall back to the system-wide | ||
| # temporary directory /tmp, assumed to exist on POSIX systems. | ||
| # | ||
| # See https://github.com/python/cpython/issues/132124. | ||
| base_tempdir = tempfile.gettempdir() | ||
| # Files created in a temporary directory are suffixed by a string | ||
| # generated by tempfile._RandomNameSequence, which, by design, | ||
| # is 8 characters long. | ||
| # | ||
| # Thus, the length of socket filename will be: | ||
| # | ||
| # len(base_tempdir + '/pymp-XXXXXXXX' + '/sock-XXXXXXXX') | ||
| sun_path_len = len(base_tempdir) + 14 + 14 | ||
| if sun_path_len <= _SUN_PATH_MAX: | ||
| return base_tempdir | ||
| # Fallback to the default system-wide temporary directory. | ||
| # This ignores user-defined environment variables. | ||
| # | ||
| # On POSIX systems, /tmp MUST be writable by any application [1]. | ||
| # We however emit a warning if this is not the case to prevent | ||
| # obscure errors later in the execution. | ||
| # | ||
| # On some legacy systems, /var/tmp and /usr/tmp can be present | ||
| # and will be used instead. | ||
| # | ||
| # [1]: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html | ||
| dirlist = ['/tmp', '/var/tmp', '/usr/tmp'] | ||
| try: | ||
| base_system_tempdir = tempfile._get_default_tempdir(dirlist) | ||
| except FileNotFoundError: | ||
| warn("Process-wide temporary directory %s will not be usable for " | ||
| "creating socket files and no usable system-wide temporary " | ||
| "directory was found in %s", base_tempdir, dirlist) | ||
| # At this point, the system-wide temporary directory is not usable | ||
| # but we may assume that the user-defined one is, even if we will | ||
| # not be able to write socket files out there. | ||
| return base_tempdir | ||
| warn("Ignoring user-defined temporary directory: %s", base_tempdir) | ||
| # at most max(map(len, dirlist)) + 14 + 14 = 36 characters | ||
| assert len(base_system_tempdir) + 14 + 14 <= _SUN_PATH_MAX | ||
| return base_system_tempdir | ||
|
|
||
| def get_temp_dir(): | ||
| # get name of a temp directory which will be automatically cleaned up | ||
| tempdir = process.current_process()._config.get('tempdir') | ||
| if tempdir is None: | ||
| import shutil, tempfile | ||
| base_tempdir = _get_base_temp_dir(tempfile) | ||
| tempdir = tempfile.mkdtemp(prefix='pymp-', dir=base_tempdir) | ||
| info('created temp directory %s', tempdir) | ||
| # keep a strong reference to shutil.rmtree(), since the finalizer | ||
| # can be called late during Python shutdown | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| On POSIX-compliant systems, :func:`!multiprocessing.util.get_temp_dir` now | ||
| ignores :envvar:`TMPDIR` (and similar environment variables) if the path | ||
| length of ``AF_UNIX`` socket files exceeds the platform-specific maximum | ||
| length when using the :ref:`forkserver | ||
| <multiprocessing-start-method-forkserver>` start method. Patch by Bénédikt | ||
| Tran. |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note to self: I'm going to leave 'warn' out of
__all__and rename the function to_warnas a modification to our 3.13 backport as it'd technically be an API change in a bugfix release otherwise.