https://github.com/labath created https://github.com/llvm/llvm-project/pull/137978
This is a follow-up to https://github.com/llvm/llvm-project/pull/126935, which enables passing handles to a child process on windows systems. Unlike on unix-like systems, the handles need to be created with the "inheritable" flag because there's to way to change the flag value after it has been created. This is why I don't respect the child_process_inherit flag but rather always set the flag to true. (My next step is to delete the flag entirely.) This does mean that pipe may be created as inheritable even if its not necessary, but I think this is offset by the fact that windows (unlike unixes, which pass all ~O_CLOEXEC descriptors through execve and *all* descriptors through fork) has a way to specify the precise set of handles to pass to a specific child process. If this turns out to be insufficient, instead of a constructor flag, I'd rather go with creating a separate api to create an inheritable copy of a handle (as typically, you only want to inherit one end of the pipe). >From 5b2721cee30a6c8b43efacb43b35c3a3150e6414 Mon Sep 17 00:00:00 2001 From: Pavel Labath <pa...@labath.sk> Date: Sun, 20 Oct 2024 02:55:02 +0200 Subject: [PATCH 1/2] [lldb/Host] Enable inheriting "non-inheritable" FDs Currently we're creating inheritable (`~FD_CLOEXEC`) file descriptors in the (few) cases where we need to pass an FD to a subprocess. The problem with these is that, in a multithreaded application such as lldb, there's essentially no way to prevent them from being leaked into processes other than the intended one. A safer (though still not completely safe) approach is to mark the descriptors as FD_CLOEXEC and only clear this flag in the subprocess. We currently have something that almost does that, which is the ability to add a `DuplicateFileAction` to our `ProcessLaunchInfo` struct (the duplicated file descriptor will be created with the flag cleared). The problem with *that* is that this approach is completely incompatible with Windows. Windows equivalents of file descriptors are `HANDLE`s, but these do not have user controlled values -- applications are expected to work with whatever HANDLE values are assigned by the OS. In unix terms, there is no equivalent to the `dup2` syscall (only `dup`). To find a way out of this conundrum, and create a miniscule API surface that works uniformly across platforms, this PR proposes to extend the `DuplicateFileAction` API to support duplicating a file descriptor onto itself. Currently, this operation does nothing (it leaves the FD_CLOEXEC flag set), because that's how `dup2(fd, fd)` behaves, but I think it's not completely unreasonable to say that this operation should clear the FD_CLOEXEC flag, just like it would do if one was using different fd values. This would enable us to pass a windows HANDLE as itself through the ProcessLaunchInfo API. This PR implements the unix portion of this idea. Macos and non-macos launchers are updated to clear FD_CLOEXEC flag when duplicating a file descriptor onto itself, and I've created a test which enables passing a FD_CLOEXEC file descritor to the subprocess. For the windows portion, please see the follow-up PR. --- lldb/source/Host/macosx/objcxx/Host.mm | 11 ++++- .../Host/posix/ProcessLauncherPosixFork.cpp | 11 ++++- lldb/unittests/Host/HostTest.cpp | 40 +++++++++++++++++++ 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/lldb/source/Host/macosx/objcxx/Host.mm b/lldb/source/Host/macosx/objcxx/Host.mm index bb270f6a44e43..e187bf98188ae 100644 --- a/lldb/source/Host/macosx/objcxx/Host.mm +++ b/lldb/source/Host/macosx/objcxx/Host.mm @@ -1100,7 +1100,7 @@ static bool AddPosixSpawnFileAction(void *_file_actions, const FileAction *info, else if (info->GetActionArgument() == -1) error = Status::FromErrorString( "invalid duplicate fd for posix_spawn_file_actions_adddup2(...)"); - else { + else if (info->GetFD() != info->GetActionArgument()) { error = Status(::posix_spawn_file_actions_adddup2(file_actions, info->GetFD(), info->GetActionArgument()), @@ -1110,6 +1110,15 @@ static bool AddPosixSpawnFileAction(void *_file_actions, const FileAction *info, "error: {0}, posix_spawn_file_actions_adddup2 " "(action={1}, fd={2}, dup_fd={3})", error, file_actions, info->GetFD(), info->GetActionArgument()); + } else { + error = + Status(::posix_spawn_file_actions_addinherit_np(file_actions, info->GetFD()), + eErrorTypePOSIX); + if (error.Fail()) + LLDB_LOG(log, + "error: {0}, posix_spawn_file_actions_addinherit_np " + "(action={1}, fd={2})", + error, file_actions, info->GetFD()); } break; diff --git a/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp b/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp index 8c6d503fc7fe2..698524349e16a 100644 --- a/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp +++ b/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp @@ -17,6 +17,7 @@ #include "llvm/Support/Errno.h" #include <climits> +#include <fcntl.h> #include <sys/ptrace.h> #include <sys/wait.h> #include <unistd.h> @@ -122,8 +123,14 @@ struct ForkLaunchInfo { ExitWithError(error_fd, "close"); break; case FileAction::eFileActionDuplicate: - if (dup2(action.fd, action.arg) == -1) - ExitWithError(error_fd, "dup2"); + if (action.fd != action.arg) { + if (dup2(action.fd, action.arg) == -1) + ExitWithError(error_fd, "dup2"); + } else { + if (fcntl(action.fd, F_SETFD, + fcntl(action.fd, F_GETFD) & ~FD_CLOEXEC) == -1) + ExitWithError(error_fd, "fcntl"); + } break; case FileAction::eFileActionOpen: DupDescriptor(error_fd, action.path.c_str(), action.fd, action.arg); diff --git a/lldb/unittests/Host/HostTest.cpp b/lldb/unittests/Host/HostTest.cpp index ed1df6de001ea..222de62ab6697 100644 --- a/lldb/unittests/Host/HostTest.cpp +++ b/lldb/unittests/Host/HostTest.cpp @@ -9,8 +9,10 @@ #include "lldb/Host/Host.h" #include "TestingSupport/SubsystemRAII.h" #include "lldb/Host/FileSystem.h" +#include "lldb/Host/Pipe.h" #include "lldb/Host/ProcessLaunchInfo.h" #include "lldb/Utility/ProcessInfo.h" +#include "llvm/ADT/Twine.h" #include "llvm/Support/CommandLine.h" #include "llvm/Support/FileSystem.h" #include "llvm/Testing/Support/Error.h" @@ -87,3 +89,41 @@ TEST(Host, LaunchProcessSetsArgv0) { ASSERT_THAT_ERROR(Host::LaunchProcess(info).takeError(), Succeeded()); ASSERT_THAT(exit_status.get_future().get(), 0); } + +#ifdef LLVM_ON_UNIX +TEST(Host, LaunchProcessDuplicatesHandle) { + static constexpr llvm::StringLiteral test_msg("Hello subprocess!"); + + SubsystemRAII<FileSystem> subsystems; + + if (test_arg) { + Pipe pipe(LLDB_INVALID_PIPE, (lldb::pipe_t)test_arg.getValue()); + llvm::Expected<size_t> bytes_written = + pipe.Write(test_msg.data(), test_msg.size()); + if (bytes_written && *bytes_written == test_msg.size()) + exit(0); + exit(1); + } + Pipe pipe; + ASSERT_THAT_ERROR(pipe.CreateNew(/*child_process_inherit=*/false).takeError(), + llvm::Succeeded()); + ProcessLaunchInfo info; + info.SetExecutableFile(FileSpec(TestMainArgv0), + /*add_exe_file_as_first_arg=*/true); + info.GetArguments().AppendArgument( + "--gtest_filter=Host.LaunchProcessDuplicatesHandle"); + info.GetArguments().AppendArgument( + ("--test-arg=" + llvm::Twine((uint64_t)pipe.GetWritePipe())).str()); + info.AppendDuplicateFileAction((uint64_t)pipe.GetWritePipe(), + (uint64_t)pipe.GetWritePipe()); + info.SetMonitorProcessCallback(&ProcessLaunchInfo::NoOpMonitorCallback); + ASSERT_THAT_ERROR(Host::LaunchProcess(info).takeError(), llvm::Succeeded()); + pipe.CloseWriteFileDescriptor(); + + char msg[100]; + llvm::Expected<size_t> bytes_read = + pipe.Read(msg, sizeof(msg), std::chrono::seconds(10)); + ASSERT_THAT_EXPECTED(bytes_read, llvm::Succeeded()); + ASSERT_EQ(llvm::StringRef(msg, *bytes_read), test_msg); +} +#endif >From bcf9387c6389135ad5a5a6ac647b92eaa2774947 Mon Sep 17 00:00:00 2001 From: Pavel Labath <pa...@labath.sk> Date: Thu, 9 Jan 2025 15:32:11 +0100 Subject: [PATCH 2/2] [lldb] Inherit DuplicateFileAction(HANDLE, HANDLE) handles on windows This is a follow-up to #126935, which enables passing handles to a child process on windows systems. Unlike on unix-like systems, the handles need to be created with the "inheritable" flag because there's to way to change the flag value after it has been created. This is why I don't respect the child_process_inherit flag but rather always set the flag to true. (My next step is to delete the flag entirely.) This does mean that pipe may be created as inheritable even if its not necessary, but I think this is offset by the fact that windows (unlike unixes, which pass all ~O_CLOEXEC descriptors through execve and *all* descriptors through fork) has a way to specify the precise set of handles to pass to a specific child process. If this turns out to be insufficient, instead of a constructor flag, I'd rather go with creating a separate api to create an inheritable copy of a handle (as typically, you only want to inherit one end of the pipe). --- lldb/source/Host/windows/PipeWindows.cpp | 5 +- .../Host/windows/ProcessLauncherWindows.cpp | 73 +++++++++++++++---- lldb/tools/lldb-server/lldb-platform.cpp | 2 - lldb/unittests/Host/HostTest.cpp | 2 - 4 files changed, 63 insertions(+), 19 deletions(-) diff --git a/lldb/source/Host/windows/PipeWindows.cpp b/lldb/source/Host/windows/PipeWindows.cpp index e3f5b629a0590..1f7f6e03519d0 100644 --- a/lldb/source/Host/windows/PipeWindows.cpp +++ b/lldb/source/Host/windows/PipeWindows.cpp @@ -88,8 +88,9 @@ Status PipeWindows::CreateNew(llvm::StringRef name, std::string pipe_path = g_pipe_name_prefix.str(); pipe_path.append(name.str()); - SECURITY_ATTRIBUTES sa{sizeof(SECURITY_ATTRIBUTES), 0, - child_process_inherit ? TRUE : FALSE}; + // We always create inheritable handles, but we won't pass them to a child + // process unless explicitly requested (cf. ProcessLauncherWindows.cpp). + SECURITY_ATTRIBUTES sa{sizeof(SECURITY_ATTRIBUTES), 0, TRUE}; // Always open for overlapped i/o. We implement blocking manually in Read // and Write. diff --git a/lldb/source/Host/windows/ProcessLauncherWindows.cpp b/lldb/source/Host/windows/ProcessLauncherWindows.cpp index 065ba9271ad0d..bc35667ea9a23 100644 --- a/lldb/source/Host/windows/ProcessLauncherWindows.cpp +++ b/lldb/source/Host/windows/ProcessLauncherWindows.cpp @@ -10,6 +10,7 @@ #include "lldb/Host/HostProcess.h" #include "lldb/Host/ProcessLaunchInfo.h" +#include "llvm/ADT/ScopeExit.h" #include "llvm/ADT/SmallVector.h" #include "llvm/Support/ConvertUTF.h" #include "llvm/Support/Program.h" @@ -65,14 +66,23 @@ ProcessLauncherWindows::LaunchProcess(const ProcessLaunchInfo &launch_info, std::string executable; std::vector<char> environment; - STARTUPINFO startupinfo = {}; + STARTUPINFOEX startupinfoex = {}; + STARTUPINFO &startupinfo = startupinfoex.StartupInfo; PROCESS_INFORMATION pi = {}; HANDLE stdin_handle = GetStdioHandle(launch_info, STDIN_FILENO); HANDLE stdout_handle = GetStdioHandle(launch_info, STDOUT_FILENO); HANDLE stderr_handle = GetStdioHandle(launch_info, STDERR_FILENO); - - startupinfo.cb = sizeof(startupinfo); + auto close_handles = llvm::make_scope_exit([&] { + if (stdin_handle) + ::CloseHandle(stdin_handle); + if (stdout_handle) + ::CloseHandle(stdout_handle); + if (stderr_handle) + ::CloseHandle(stderr_handle); + }); + + startupinfo.cb = sizeof(startupinfoex); startupinfo.dwFlags |= STARTF_USESTDHANDLES; startupinfo.hStdError = stderr_handle ? stderr_handle : ::GetStdHandle(STD_ERROR_HANDLE); @@ -81,6 +91,48 @@ ProcessLauncherWindows::LaunchProcess(const ProcessLaunchInfo &launch_info, startupinfo.hStdOutput = stdout_handle ? stdout_handle : ::GetStdHandle(STD_OUTPUT_HANDLE); + std::vector<HANDLE> inherited_handles; + if (startupinfo.hStdError) + inherited_handles.push_back(startupinfo.hStdError); + if (startupinfo.hStdInput) + inherited_handles.push_back(startupinfo.hStdInput); + if (startupinfo.hStdOutput) + inherited_handles.push_back(startupinfo.hStdOutput); + + size_t attributelist_size = 0; + InitializeProcThreadAttributeList(/*lpAttributeList=*/nullptr, + /*dwAttributeCount=*/1, /*dwFlags=*/0, + &attributelist_size); + + startupinfoex.lpAttributeList = + static_cast<LPPROC_THREAD_ATTRIBUTE_LIST>(malloc(attributelist_size)); + auto free_attributelist = + llvm::make_scope_exit([&] { free(startupinfoex.lpAttributeList); }); + if (!InitializeProcThreadAttributeList(startupinfoex.lpAttributeList, + /*dwAttributeCount=*/1, /*dwFlags=*/0, + &attributelist_size)) { + error = Status(::GetLastError(), eErrorTypeWin32); + return HostProcess(); + } + auto delete_attributelist = llvm::make_scope_exit( + [&] { DeleteProcThreadAttributeList(startupinfoex.lpAttributeList); }); + for (size_t i = 0; i < launch_info.GetNumFileActions(); ++i) { + const FileAction *act = launch_info.GetFileActionAtIndex(i); + if (act->GetAction() == FileAction::eFileActionDuplicate && + act->GetFD() == act->GetActionArgument()) + inherited_handles.push_back(reinterpret_cast<HANDLE>(act->GetFD())); + } + if (!inherited_handles.empty()) { + if (!UpdateProcThreadAttribute( + startupinfoex.lpAttributeList, /*dwFlags=*/0, + PROC_THREAD_ATTRIBUTE_HANDLE_LIST, inherited_handles.data(), + inherited_handles.size() * sizeof(HANDLE), + /*lpPreviousValue=*/nullptr, /*lpReturnSize=*/nullptr)) { + error = Status(::GetLastError(), eErrorTypeWin32); + return HostProcess(); + } + } + const char *hide_console_var = getenv("LLDB_LAUNCH_INFERIORS_WITHOUT_CONSOLE"); if (hide_console_var && @@ -89,7 +141,8 @@ ProcessLauncherWindows::LaunchProcess(const ProcessLaunchInfo &launch_info, startupinfo.wShowWindow = SW_HIDE; } - DWORD flags = CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT; + DWORD flags = CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT | + EXTENDED_STARTUPINFO_PRESENT; if (launch_info.GetFlags().Test(eLaunchFlagDebug)) flags |= DEBUG_ONLY_THIS_PROCESS; @@ -114,9 +167,10 @@ ProcessLauncherWindows::LaunchProcess(const ProcessLaunchInfo &launch_info, WCHAR *pwcommandLine = wcommandLine.empty() ? nullptr : &wcommandLine[0]; BOOL result = ::CreateProcessW( - wexecutable.c_str(), pwcommandLine, NULL, NULL, TRUE, flags, env_block, + wexecutable.c_str(), pwcommandLine, NULL, NULL, + /*bInheritHandles=*/!inherited_handles.empty(), flags, env_block, wworkingDirectory.size() == 0 ? NULL : wworkingDirectory.c_str(), - &startupinfo, &pi); + reinterpret_cast<STARTUPINFO *>(&startupinfoex), &pi); if (!result) { // Call GetLastError before we make any other system calls. @@ -131,13 +185,6 @@ ProcessLauncherWindows::LaunchProcess(const ProcessLaunchInfo &launch_info, ::CloseHandle(pi.hThread); } - if (stdin_handle) - ::CloseHandle(stdin_handle); - if (stdout_handle) - ::CloseHandle(stdout_handle); - if (stderr_handle) - ::CloseHandle(stderr_handle); - if (!result) return HostProcess(); diff --git a/lldb/tools/lldb-server/lldb-platform.cpp b/lldb/tools/lldb-server/lldb-platform.cpp index 10d79c63af994..5b0a8ade01025 100644 --- a/lldb/tools/lldb-server/lldb-platform.cpp +++ b/lldb/tools/lldb-server/lldb-platform.cpp @@ -274,10 +274,8 @@ static Status spawn_process(const char *progname, const FileSpec &prog, self_args.AppendArgument(llvm::StringRef("platform")); self_args.AppendArgument(llvm::StringRef("--child-platform-fd")); self_args.AppendArgument(llvm::to_string(shared_socket.GetSendableFD())); -#ifndef _WIN32 launch_info.AppendDuplicateFileAction((int)shared_socket.GetSendableFD(), (int)shared_socket.GetSendableFD()); -#endif if (gdb_port) { self_args.AppendArgument(llvm::StringRef("--gdbserver-port")); self_args.AppendArgument(llvm::to_string(gdb_port)); diff --git a/lldb/unittests/Host/HostTest.cpp b/lldb/unittests/Host/HostTest.cpp index 222de62ab6697..9e4390a48fb18 100644 --- a/lldb/unittests/Host/HostTest.cpp +++ b/lldb/unittests/Host/HostTest.cpp @@ -90,7 +90,6 @@ TEST(Host, LaunchProcessSetsArgv0) { ASSERT_THAT(exit_status.get_future().get(), 0); } -#ifdef LLVM_ON_UNIX TEST(Host, LaunchProcessDuplicatesHandle) { static constexpr llvm::StringLiteral test_msg("Hello subprocess!"); @@ -126,4 +125,3 @@ TEST(Host, LaunchProcessDuplicatesHandle) { ASSERT_THAT_EXPECTED(bytes_read, llvm::Succeeded()); ASSERT_EQ(llvm::StringRef(msg, *bytes_read), test_msg); } -#endif _______________________________________________ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
