Source file src/syscall/exec_freebsd.go 

     1  // Copyright 2021 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package syscall
     6  
     7  import (
     8  	"runtime"
     9  	"unsafe"
    10  )
    11  
    12  type SysProcAttr struct {
    13  	Chroot     string      // Chroot.
    14  	Credential *Credential // Credential.
    15  	Ptrace     bool        // Enable tracing.
    16  	Setsid     bool        // Create session.
    17  	// Setpgid sets the process group ID of the child to Pgid,
    18  	// or, if Pgid == 0, to the new child's process ID.
    19  	Setpgid bool
    20  	// Setctty sets the controlling terminal of the child to
    21  	// file descriptor Ctty. Ctty must be a descriptor number
    22  	// in the child process: an index into ProcAttr.Files.
    23  	// This is only meaningful if Setsid is true.
    24  	Setctty bool
    25  	Noctty  bool // Detach fd 0 from controlling terminal
    26  	Ctty    int  // Controlling TTY fd
    27  	// Foreground places the child process group in the foreground.
    28  	// This implies Setpgid. The Ctty field must be set to
    29  	// the descriptor of the controlling TTY.
    30  	// Unlike Setctty, in this case Ctty must be a descriptor
    31  	// number in the parent process.
    32  	Foreground bool
    33  	Pgid       int    // Child's process group ID if Setpgid.
    34  	Pdeathsig  Signal // Signal that the process will get when its parent dies (Linux and FreeBSD only)
    35  	Jail       int    // Jail to which the child process is attached (FreeBSD only).
    36  }
    37  
    38  const (
    39  	_P_PID = 0
    40  
    41  	_PROC_PDEATHSIG_CTL = 11
    42  )
    43  
    44  // Implemented in runtime package.
    45  func runtime_BeforeFork()
    46  func runtime_AfterFork()
    47  func runtime_AfterForkInChild()
    48  
    49  // Fork, dup fd onto 0..len(fd), and exec(argv0, argvv, envv) in child.
    50  // If a dup or exec fails, write the errno error to pipe.
    51  // (Pipe is close-on-exec so if exec succeeds, it will be closed.)
    52  // In the child, this function must not acquire any locks, because
    53  // they might have been locked at the time of the fork. This means
    54  // no rescheduling, no malloc calls, and no new stack segments.
    55  // For the same reason compiler does not race instrument it.
    56  // The calls to RawSyscall are okay because they are assembly
    57  // functions that do not grow the stack.
    58  //
    59  //go:norace
    60  func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr *ProcAttr, sys *SysProcAttr, pipe int) (pid int, err Errno) {
    61  	// Declare all variables at top in case any
    62  	// declarations require heap allocation (e.g., err1).
    63  	var (
    64  		r1              uintptr
    65  		err1            Errno
    66  		nextfd          int
    67  		i               int
    68  		pgrp            _C_int
    69  		cred            *Credential
    70  		ngroups, groups uintptr
    71  		upid, ppid      uintptr
    72  	)
    73  
    74  	rlim := origRlimitNofile.Load()
    75  
    76  	// Record parent PID so child can test if it has died.
    77  	if sys.Pdeathsig != 0 {
    78  		ppid, _, _ = RawSyscall(SYS_GETPID, 0, 0, 0)
    79  	}
    80  
    81  	// guard against side effects of shuffling fds below.
    82  	// Make sure that nextfd is beyond any currently open files so
    83  	// that we can't run the risk of overwriting any of them.
    84  	fd := make([]int, len(attr.Files))
    85  	nextfd = len(attr.Files)
    86  	for i, ufd := range attr.Files {
    87  		if nextfd < int(ufd) {
    88  			nextfd = int(ufd)
    89  		}
    90  		fd[i] = int(ufd)
    91  	}
    92  	nextfd++
    93  
    94  	// About to call fork.
    95  	// No more allocation or calls of non-assembly functions.
    96  	runtime_BeforeFork()
    97  	r1, _, err1 = RawSyscall(SYS_FORK, 0, 0, 0)
    98  	if err1 != 0 {
    99  		runtime_AfterFork()
   100  		return 0, err1
   101  	}
   102  
   103  	if r1 != 0 {
   104  		// parent; return PID
   105  		runtime_AfterFork()
   106  		return int(r1), 0
   107  	}
   108  
   109  	// Fork succeeded, now in child.
   110  
   111  	// Attach to the given jail, if any. The system call also changes the
   112  	// process' root and working directories to the jail's path directory.
   113  	if sys.Jail > 0 {
   114  		_, _, err1 = RawSyscall(SYS_JAIL_ATTACH, uintptr(sys.Jail), 0, 0)
   115  		if err1 != 0 {
   116  			goto childerror
   117  		}
   118  	}
   119  
   120  	// Enable tracing if requested.
   121  	if sys.Ptrace {
   122  		_, _, err1 = RawSyscall(SYS_PTRACE, uintptr(PTRACE_TRACEME), 0, 0)
   123  		if err1 != 0 {
   124  			goto childerror
   125  		}
   126  	}
   127  
   128  	// Session ID
   129  	if sys.Setsid {
   130  		_, _, err1 = RawSyscall(SYS_SETSID, 0, 0, 0)
   131  		if err1 != 0 {
   132  			goto childerror
   133  		}
   134  	}
   135  
   136  	// Set process group
   137  	if sys.Setpgid || sys.Foreground {
   138  		// Place child in process group.
   139  		_, _, err1 = RawSyscall(SYS_SETPGID, 0, uintptr(sys.Pgid), 0)
   140  		if err1 != 0 {
   141  			goto childerror
   142  		}
   143  	}
   144  
   145  	if sys.Foreground {
   146  		// This should really be pid_t, however _C_int (aka int32) is
   147  		// generally equivalent.
   148  		pgrp = _C_int(sys.Pgid)
   149  		if pgrp == 0 {
   150  			r1, _, err1 = RawSyscall(SYS_GETPID, 0, 0, 0)
   151  			if err1 != 0 {
   152  				goto childerror
   153  			}
   154  
   155  			pgrp = _C_int(r1)
   156  		}
   157  
   158  		// Place process group in foreground.
   159  		_, _, err1 = RawSyscall(SYS_IOCTL, uintptr(sys.Ctty), uintptr(TIOCSPGRP), uintptr(unsafe.Pointer(&pgrp)))
   160  		if err1 != 0 {
   161  			goto childerror
   162  		}
   163  	}
   164  
   165  	// Restore the signal mask. We do this after TIOCSPGRP to avoid
   166  	// having the kernel send a SIGTTOU signal to the process group.
   167  	runtime_AfterForkInChild()
   168  
   169  	// Chroot
   170  	if chroot != nil {
   171  		_, _, err1 = RawSyscall(SYS_CHROOT, uintptr(unsafe.Pointer(chroot)), 0, 0)
   172  		if err1 != 0 {
   173  			goto childerror
   174  		}
   175  	}
   176  
   177  	// User and groups
   178  	if cred = sys.Credential; cred != nil {
   179  		ngroups = uintptr(len(cred.Groups))
   180  		groups = uintptr(0)
   181  		if ngroups > 0 {
   182  			groups = uintptr(unsafe.Pointer(&cred.Groups[0]))
   183  		}
   184  		if !cred.NoSetGroups {
   185  			_, _, err1 = RawSyscall(SYS_SETGROUPS, ngroups, groups, 0)
   186  			if err1 != 0 {
   187  				goto childerror
   188  			}
   189  		}
   190  		_, _, err1 = RawSyscall(SYS_SETGID, uintptr(cred.Gid), 0, 0)
   191  		if err1 != 0 {
   192  			goto childerror
   193  		}
   194  		_, _, err1 = RawSyscall(SYS_SETUID, uintptr(cred.Uid), 0, 0)
   195  		if err1 != 0 {
   196  			goto childerror
   197  		}
   198  	}
   199  
   200  	// Chdir
   201  	if dir != nil {
   202  		_, _, err1 = RawSyscall(SYS_CHDIR, uintptr(unsafe.Pointer(dir)), 0, 0)
   203  		if err1 != 0 {
   204  			goto childerror
   205  		}
   206  	}
   207  
   208  	// Parent death signal
   209  	if sys.Pdeathsig != 0 {
   210  		switch runtime.GOARCH {
   211  		case "386", "arm":
   212  			_, _, err1 = RawSyscall6(SYS_PROCCTL, _P_PID, 0, 0, _PROC_PDEATHSIG_CTL, uintptr(unsafe.Pointer(&sys.Pdeathsig)), 0)
   213  		default:
   214  			_, _, err1 = RawSyscall6(SYS_PROCCTL, _P_PID, 0, _PROC_PDEATHSIG_CTL, uintptr(unsafe.Pointer(&sys.Pdeathsig)), 0, 0)
   215  		}
   216  		if err1 != 0 {
   217  			goto childerror
   218  		}
   219  
   220  		// Signal self if parent is already dead. This might cause a
   221  		// duplicate signal in rare cases, but it won't matter when
   222  		// using SIGKILL.
   223  		r1, _, _ = RawSyscall(SYS_GETPPID, 0, 0, 0)
   224  		if r1 != ppid {
   225  			upid, _, _ = RawSyscall(SYS_GETPID, 0, 0, 0)
   226  			_, _, err1 = RawSyscall(SYS_KILL, upid, uintptr(sys.Pdeathsig), 0)
   227  			if err1 != 0 {
   228  				goto childerror
   229  			}
   230  		}
   231  	}
   232  
   233  	// Pass 1: look for fd[i] < i and move those up above len(fd)
   234  	// so that pass 2 won't stomp on an fd it needs later.
   235  	if pipe < nextfd {
   236  		_, _, err1 = RawSyscall(SYS_FCNTL, uintptr(pipe), F_DUP2FD_CLOEXEC, uintptr(nextfd))
   237  		if err1 != 0 {
   238  			goto childerror
   239  		}
   240  		pipe = nextfd
   241  		nextfd++
   242  	}
   243  	for i = 0; i < len(fd); i++ {
   244  		if fd[i] >= 0 && fd[i] < i {
   245  			if nextfd == pipe { // don't stomp on pipe
   246  				nextfd++
   247  			}
   248  			_, _, err1 = RawSyscall(SYS_FCNTL, uintptr(fd[i]), F_DUP2FD_CLOEXEC, uintptr(nextfd))
   249  			if err1 != 0 {
   250  				goto childerror
   251  			}
   252  			fd[i] = nextfd
   253  			nextfd++
   254  		}
   255  	}
   256  
   257  	// Pass 2: dup fd[i] down onto i.
   258  	for i = 0; i < len(fd); i++ {
   259  		if fd[i] == -1 {
   260  			RawSyscall(SYS_CLOSE, uintptr(i), 0, 0)
   261  			continue
   262  		}
   263  		if fd[i] == i {
   264  			// dup2(i, i) won't clear close-on-exec flag on Linux,
   265  			// probably not elsewhere either.
   266  			_, _, err1 = RawSyscall(SYS_FCNTL, uintptr(fd[i]), F_SETFD, 0)
   267  			if err1 != 0 {
   268  				goto childerror
   269  			}
   270  			continue
   271  		}
   272  		// The new fd is created NOT close-on-exec,
   273  		// which is exactly what we want.
   274  		_, _, err1 = RawSyscall(SYS_DUP2, uintptr(fd[i]), uintptr(i), 0)
   275  		if err1 != 0 {
   276  			goto childerror
   277  		}
   278  	}
   279  
   280  	// By convention, we don't close-on-exec the fds we are
   281  	// started with, so if len(fd) < 3, close 0, 1, 2 as needed.
   282  	// Programs that know they inherit fds >= 3 will need
   283  	// to set them close-on-exec.
   284  	for i = len(fd); i < 3; i++ {
   285  		RawSyscall(SYS_CLOSE, uintptr(i), 0, 0)
   286  	}
   287  
   288  	// Detach fd 0 from tty
   289  	if sys.Noctty {
   290  		_, _, err1 = RawSyscall(SYS_IOCTL, 0, uintptr(TIOCNOTTY), 0)
   291  		if err1 != 0 {
   292  			goto childerror
   293  		}
   294  	}
   295  
   296  	// Set the controlling TTY to Ctty
   297  	if sys.Setctty {
   298  		_, _, err1 = RawSyscall(SYS_IOCTL, uintptr(sys.Ctty), uintptr(TIOCSCTTY), 0)
   299  		if err1 != 0 {
   300  			goto childerror
   301  		}
   302  	}
   303  
   304  	// Restore original rlimit.
   305  	if rlim != nil {
   306  		RawSyscall(SYS_SETRLIMIT, uintptr(RLIMIT_NOFILE), uintptr(unsafe.Pointer(rlim)), 0)
   307  	}
   308  
   309  	// Time to exec.
   310  	_, _, err1 = RawSyscall(SYS_EXECVE,
   311  		uintptr(unsafe.Pointer(argv0)),
   312  		uintptr(unsafe.Pointer(&argv[0])),
   313  		uintptr(unsafe.Pointer(&envv[0])))
   314  
   315  childerror:
   316  	// send error code on pipe
   317  	RawSyscall(SYS_WRITE, uintptr(pipe), uintptr(unsafe.Pointer(&err1)), unsafe.Sizeof(err1))
   318  	for {
   319  		RawSyscall(SYS_EXIT, 253, 0, 0)
   320  	}
   321  }
   322  
   323  // forkAndExecFailureCleanup cleans up after an exec failure.
   324  func forkAndExecFailureCleanup(attr *ProcAttr, sys *SysProcAttr) {
   325  	// Nothing to do.
   326  }
   327  

View as plain text

go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.