|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-API] [PATCH 2 of 6] CA-33440: Move the unsafe direct fork_and_exec code from forkhelpers into stunnel, since it's only stunnel (called from the CLI) which actually needs it
# HG changeset patch
# User David Scott <dave.scott@xxxxxxxxxxxxx>
# Date 1261409809 0
# Node ID 6d735f8541855ebf3ab2b438e5c569d362e9d2de
# Parent 2729bb9dfe53eaa563c243d907593b9e8503114b
CA-33440: Move the unsafe direct fork_and_exec code from forkhelpers into
stunnel, since it's only stunnel (called from the CLI) which actually needs it.
Signed-off-by: David Scott <dave.scott@xxxxxxxxxxxxx>
diff -r 2729bb9dfe53 -r 6d735f854185 stdext/forkhelpers.ml
--- a/stdext/forkhelpers.ml Mon Dec 21 15:36:48 2009 +0000
+++ b/stdext/forkhelpers.ml Mon Dec 21 15:36:49 2009 +0000
@@ -37,36 +37,6 @@
| Nopid -> "Nopid"
let nopid = Nopid
-
-(* Low-level (unsafe) function which forks, runs a 'pre_exec' function and
- then executes some other binary. It makes sure to catch any exception
thrown by
- exec* so that we don't end up with two ocaml processes. *)
-let fork_and_exec ?(pre_exec=fun () -> ()) ?env (cmdline: string list) =
- let args = Array.of_list cmdline in
- let argv0 = List.hd cmdline in
- let pid = Unix.fork () in
- if pid = 0 then begin
- try
- pre_exec ();
- (* CA-18955: xapi now runs with priority -3. We then set his sons
priority to 0. *)
- ignore_int (Unix.nice (-(Unix.nice 0)));
- ignore_int (Unix.setsid ());
- match env with
- | None -> Unix.execv argv0 args
- | Some env -> Unix.execve argv0 args env
- with _ -> exit 1
- end else Stdfork pid
-
-(** File descriptor operations to be performed after a fork.
- These are all safe in the presence of threads *)
-type fd_operation =
- | Dup2 of Unix.file_descr * Unix.file_descr
- | Close of Unix.file_descr
-
-let do_fd_operation = function
- | Dup2(a, b) -> Unix.dup2 a b
- | Close a -> Unix.close a
-
exception Subprocess_failed of int
exception Subprocess_killed of int
diff -r 2729bb9dfe53 -r 6d735f854185 stdext/forkhelpers.mli
--- a/stdext/forkhelpers.mli Mon Dec 21 15:36:48 2009 +0000
+++ b/stdext/forkhelpers.mli Mon Dec 21 15:36:49 2009 +0000
@@ -32,19 +32,6 @@
val nopid : pidty
-(** File descriptor operations to be performed after a fork.
- These are all safe in the presence of threads *)
-type fd_operation =
- Dup2 of Unix.file_descr * Unix.file_descr
- | Close of Unix.file_descr
-
-val do_fd_operation : fd_operation -> unit
-
-(** Low-level (unsafe) function which forks, runs a 'pre_exec' function and
- then executes some other binary. It makes sure to catch any exception
thrown by
- exec* so that we don't end up with two ocaml processes. *)
-val fork_and_exec : ?pre_exec:(unit -> unit) -> ?env:string array -> string
list -> pidty
-
(** Safe function which forks a command, closing all fds except a whitelist and
having performed some fd operations in the child *)
val safe_close_and_exec : ?env:string array -> Unix.file_descr option ->
Unix.file_descr option -> Unix.file_descr option -> (string * Unix.file_descr)
list -> string -> string list -> pidty
diff -r 2729bb9dfe53 -r 6d735f854185 stunnel/stunnel.ml
--- a/stunnel/stunnel.ml Mon Dec 21 15:36:48 2009 +0000
+++ b/stunnel/stunnel.ml Mon Dec 21 15:36:49 2009 +0000
@@ -56,8 +56,56 @@
| Some p -> p
| None -> raise Stunnel_binary_missing
+module Unsafe = struct
+ (** These functions are not safe in a multithreaded program *)
-type t = { mutable pid: Forkhelpers.pidty; fd: Unix.file_descr; host: string;
port: int;
+ (* Low-level (unsafe) function which forks, runs a 'pre_exec' function and
+ then executes some other binary. It makes sure to catch any exception
thrown by
+ exec* so that we don't end up with two ocaml processes. *)
+ let fork_and_exec ?(pre_exec=fun () -> ()) ?env (cmdline: string list) =
+ let args = Array.of_list cmdline in
+ let argv0 = List.hd cmdline in
+ let pid = Unix.fork () in
+ if pid = 0 then begin
+ try
+ pre_exec ();
+ (* CA-18955: xapi now runs with priority -3. We then set his
sons priority to 0. *)
+ ignore_int (Unix.nice (-(Unix.nice 0)));
+ ignore_int (Unix.setsid ());
+ match env with
+ | None -> Unix.execv argv0 args
+ | Some env -> Unix.execve argv0 args env
+ with _ -> exit 1
+ end else pid
+
+ (** File descriptor operations to be performed after a fork.
+ These are all safe in the presence of threads *)
+ type fd_operation =
+ | Dup2 of Unix.file_descr * Unix.file_descr
+ | Close of Unix.file_descr
+
+ let do_fd_operation = function
+ | Dup2(a, b) -> Unix.dup2 a b
+ | Close a -> Unix.close a
+end
+
+type pid =
+ | StdFork of int (** we forked and exec'ed. This is the pid *)
+ | FEFork of Forkhelpers.pidty (** the forkhelpers module did it for us. *)
+ | Nopid
+
+let string_of_pid = function
+ | StdFork x -> Printf.sprintf "(StdFork %d)" x
+ | FEFork x -> Forkhelpers.string_of_pidty x
+ | Nopid -> "None"
+
+let getpid ty =
+ match ty with
+ | StdFork pid -> pid
+ | FEFork pid -> Forkhelpers.getpid pid
+ | Nopid -> failwith "No pid!"
+
+type t = { mutable pid: pid; fd: Unix.file_descr; host: string; port: int;
connected_time: float;
unique_id: int option;
mutable logfile: string;
@@ -82,7 +130,10 @@
let disconnect x =
List.iter (ignore_exn Unix.close) [ x.fd ];
- ignore_exn Forkhelpers.waitpid_fail_if_bad_exit x.pid
+ match x.pid with
+ | FEFork pid -> ignore(Forkhelpers.waitpid pid)
+ | StdFork pid -> ignore(Unix.waitpid [] pid)
+ | Nopid -> ()
(* With some probability, stunnel fails during its startup code before it reads
the config data from us. Therefore we get a SIGPIPE writing the config data.
@@ -95,25 +146,26 @@
assert (not extended_diagnosis); (* !!! Unimplemented *)
let data_out,data_in = Unix.socketpair Unix.PF_UNIX Unix.SOCK_STREAM 0 in
let args = [ "-m"; "client"; "-s"; "-"; "-d"; Printf.sprintf "%s:%d" host
port ] in
- let t = { pid = Forkhelpers.nopid; fd = data_out; host = host; port = port;
+ let t = { pid = Nopid; fd = data_out; host = host; port = port;
connected_time = Unix.gettimeofday (); unique_id = unique_id;
logfile = "" } in
let to_close = ref [ data_in ] in
let result = Forkhelpers.with_logfile_fd "stunnel" (fun logfd ->
let fdops = [
- Forkhelpers.Dup2(data_in, Unix.stdin);
- Forkhelpers.Dup2(data_in, Unix.stdout);
- Forkhelpers.Dup2(logfd, Unix.stderr)
+ Unsafe.Dup2(data_in, Unix.stdin);
+ Unsafe.Dup2(data_in, Unix.stdout);
+ Unsafe.Dup2(logfd, Unix.stderr)
] in
let fds_needed = [ Unix.stdin; Unix.stdout; Unix.stderr ] in
t.pid <- (
if use_external_fd_wrapper then
- Forkhelpers.safe_close_and_exec (Some data_in) (Some data_in) (Some
logfd) [] (stunnel_path ()) args
+ FEFork (Forkhelpers.safe_close_and_exec (Some data_in) (Some data_in)
(Some logfd) [] (stunnel_path ()) args)
else
- Forkhelpers.fork_and_exec ~pre_exec:(fun _ ->
- List.iter Forkhelpers.do_fd_operation fdops;
+ StdFork(Unsafe.fork_and_exec ~pre_exec:(fun _ ->
+ List.iter Unsafe.do_fd_operation fdops;
Unixext.close_all_fds_except fds_needed
- ) ((stunnel_path ()) :: args)
+
+ ) ((stunnel_path ()) :: args))
);
List.iter Unix.close [ data_in ];
) in
@@ -138,7 +190,7 @@
let close fd =
if List.mem fd !to_close
then (Unix.close fd; to_close := List.filter (fun x -> x <> fd) !to_close)
in
- let t = { pid = Forkhelpers.nopid; fd = data_out; host = host; port = port;
+ let t = { pid = Nopid; fd = data_out; host = host; port = port;
connected_time = Unix.gettimeofday (); unique_id = unique_id;
logfile = "" } in
let result = Forkhelpers.with_logfile_fd "stunnel"
@@ -146,9 +198,9 @@
(fun logfd ->
let path = stunnel_path() in
let fdops =
- [ Forkhelpers.Dup2(data_in, Unix.stdin);
- Forkhelpers.Dup2(data_in, Unix.stdout);
- Forkhelpers.Dup2(logfd, Unix.stderr) ] in
+ [ Unsafe.Dup2(data_in, Unix.stdin);
+ Unsafe.Dup2(data_in, Unix.stdout);
+ Unsafe.Dup2(logfd, Unix.stderr) ] in
let fds_needed = [ Unix.stdin; Unix.stdout; Unix.stderr; config_out ] in
let args_external = [ "-fd"; config_out_uuid ] in
let args_internal = [ "-fd"; string_of_int
(Unixext.int_of_file_descr config_out) ] in
@@ -158,18 +210,18 @@
end;
t.pid <-
if use_external_fd_wrapper
- then Forkhelpers.safe_close_and_exec (Some data_in) (Some data_in)
(Some logfd) [(config_out_uuid, config_out)] path args_external
- else Forkhelpers.fork_and_exec ~pre_exec:
+ then FEFork(Forkhelpers.safe_close_and_exec (Some data_in) (Some
data_in) (Some logfd) [(config_out_uuid, config_out)] path args_external)
+ else StdFork(Unsafe.fork_and_exec ~pre_exec:
(fun _ ->
- List.iter Forkhelpers.do_fd_operation fdops;
+ List.iter Unsafe.do_fd_operation fdops;
Unixext.close_all_fds_except fds_needed)
- (path::args_internal);
+ (path::args_internal));
List.iter close [ data_in; config_out; ];
(* Make sure we close config_in eventually *)
finally
(fun () ->
- let pidmsg = Printf.sprintf "stunnel has pidty: %s\n"
(Forkhelpers.string_of_pidty t.pid) in
+ let pidmsg = Printf.sprintf "stunnel has pidty: %s\n"
(string_of_pid t.pid) in
write_to_log pidmsg;
let config = config_file verify_cert extended_diagnosis host port in
diff -r 2729bb9dfe53 -r 6d735f854185 stunnel/stunnel.mli
--- a/stunnel/stunnel.mli Mon Dec 21 15:36:48 2009 +0000
+++ b/stunnel/stunnel.mli Mon Dec 21 15:36:49 2009 +0000
@@ -22,8 +22,15 @@
val use_new_stunnel : bool ref
val init_stunnel_path : unit -> unit
+type pid =
+ | StdFork of int (** we forked and exec'ed. This is the pid *)
+ | FEFork of Forkhelpers.pidty (** the forkhelpers module did it for us. *)
+ | Nopid
+
+val getpid: pid -> int
+
(** Represents an active stunnel connection *)
-type t = { mutable pid: Forkhelpers.pidty;
+type t = { mutable pid: pid;
fd: Unix.file_descr;
host: string;
port: int;
4 files changed, 79 insertions(+), 63 deletions(-)
stdext/forkhelpers.ml | 30 ----------------
stdext/forkhelpers.mli | 13 ------
stunnel/stunnel.ml | 90 +++++++++++++++++++++++++++++++++++++-----------
stunnel/stunnel.mli | 9 ++++
Attachment:
xen-api-libs.hg-6.patch _______________________________________________ xen-api mailing list xen-api@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/mailman/listinfo/xen-api
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |