run-command.con commit run-command: fix segfault when cleaning forked async process (7b91929)
   1#include "cache.h"
   2#include "run-command.h"
   3#include "exec_cmd.h"
   4#include "sigchain.h"
   5#include "argv-array.h"
   6#include "thread-utils.h"
   7#include "strbuf.h"
   8
   9void child_process_init(struct child_process *child)
  10{
  11        memset(child, 0, sizeof(*child));
  12        argv_array_init(&child->args);
  13        argv_array_init(&child->env_array);
  14}
  15
  16void child_process_clear(struct child_process *child)
  17{
  18        argv_array_clear(&child->args);
  19        argv_array_clear(&child->env_array);
  20}
  21
  22struct child_to_clean {
  23        pid_t pid;
  24        struct child_process *process;
  25        struct child_to_clean *next;
  26};
  27static struct child_to_clean *children_to_clean;
  28static int installed_child_cleanup_handler;
  29
  30static void cleanup_children(int sig, int in_signal)
  31{
  32        struct child_to_clean *children_to_wait_for = NULL;
  33
  34        while (children_to_clean) {
  35                struct child_to_clean *p = children_to_clean;
  36                children_to_clean = p->next;
  37
  38                if (p->process && !in_signal) {
  39                        struct child_process *process = p->process;
  40                        if (process->clean_on_exit_handler) {
  41                                trace_printf(
  42                                        "trace: run_command: running exit handler for pid %"
  43                                        PRIuMAX, (uintmax_t)p->pid
  44                                );
  45                                process->clean_on_exit_handler(process);
  46                        }
  47                }
  48
  49                kill(p->pid, sig);
  50
  51                if (p->process && p->process->wait_after_clean) {
  52                        p->next = children_to_wait_for;
  53                        children_to_wait_for = p;
  54                } else {
  55                        if (!in_signal)
  56                                free(p);
  57                }
  58        }
  59
  60        while (children_to_wait_for) {
  61                struct child_to_clean *p = children_to_wait_for;
  62                children_to_wait_for = p->next;
  63
  64                while (waitpid(p->pid, NULL, 0) < 0 && errno == EINTR)
  65                        ; /* spin waiting for process exit or error */
  66
  67                if (!in_signal)
  68                        free(p);
  69        }
  70}
  71
  72static void cleanup_children_on_signal(int sig)
  73{
  74        cleanup_children(sig, 1);
  75        sigchain_pop(sig);
  76        raise(sig);
  77}
  78
  79static void cleanup_children_on_exit(void)
  80{
  81        cleanup_children(SIGTERM, 0);
  82}
  83
  84static void mark_child_for_cleanup(pid_t pid, struct child_process *process)
  85{
  86        struct child_to_clean *p = xmalloc(sizeof(*p));
  87        p->pid = pid;
  88        p->process = process;
  89        p->next = children_to_clean;
  90        children_to_clean = p;
  91
  92        if (!installed_child_cleanup_handler) {
  93                atexit(cleanup_children_on_exit);
  94                sigchain_push_common(cleanup_children_on_signal);
  95                installed_child_cleanup_handler = 1;
  96        }
  97}
  98
  99static void clear_child_for_cleanup(pid_t pid)
 100{
 101        struct child_to_clean **pp;
 102
 103        for (pp = &children_to_clean; *pp; pp = &(*pp)->next) {
 104                struct child_to_clean *clean_me = *pp;
 105
 106                if (clean_me->pid == pid) {
 107                        *pp = clean_me->next;
 108                        free(clean_me);
 109                        return;
 110                }
 111        }
 112}
 113
 114static inline void close_pair(int fd[2])
 115{
 116        close(fd[0]);
 117        close(fd[1]);
 118}
 119
 120#ifndef GIT_WINDOWS_NATIVE
 121static inline void dup_devnull(int to)
 122{
 123        int fd = open("/dev/null", O_RDWR);
 124        if (fd < 0)
 125                die_errno(_("open /dev/null failed"));
 126        if (dup2(fd, to) < 0)
 127                die_errno(_("dup2(%d,%d) failed"), fd, to);
 128        close(fd);
 129}
 130#endif
 131
 132static char *locate_in_PATH(const char *file)
 133{
 134        const char *p = getenv("PATH");
 135        struct strbuf buf = STRBUF_INIT;
 136
 137        if (!p || !*p)
 138                return NULL;
 139
 140        while (1) {
 141                const char *end = strchrnul(p, ':');
 142
 143                strbuf_reset(&buf);
 144
 145                /* POSIX specifies an empty entry as the current directory. */
 146                if (end != p) {
 147                        strbuf_add(&buf, p, end - p);
 148                        strbuf_addch(&buf, '/');
 149                }
 150                strbuf_addstr(&buf, file);
 151
 152                if (!access(buf.buf, F_OK))
 153                        return strbuf_detach(&buf, NULL);
 154
 155                if (!*end)
 156                        break;
 157                p = end + 1;
 158        }
 159
 160        strbuf_release(&buf);
 161        return NULL;
 162}
 163
 164static int exists_in_PATH(const char *file)
 165{
 166        char *r = locate_in_PATH(file);
 167        free(r);
 168        return r != NULL;
 169}
 170
 171int sane_execvp(const char *file, char * const argv[])
 172{
 173        if (!execvp(file, argv))
 174                return 0; /* cannot happen ;-) */
 175
 176        /*
 177         * When a command can't be found because one of the directories
 178         * listed in $PATH is unsearchable, execvp reports EACCES, but
 179         * careful usability testing (read: analysis of occasional bug
 180         * reports) reveals that "No such file or directory" is more
 181         * intuitive.
 182         *
 183         * We avoid commands with "/", because execvp will not do $PATH
 184         * lookups in that case.
 185         *
 186         * The reassignment of EACCES to errno looks like a no-op below,
 187         * but we need to protect against exists_in_PATH overwriting errno.
 188         */
 189        if (errno == EACCES && !strchr(file, '/'))
 190                errno = exists_in_PATH(file) ? EACCES : ENOENT;
 191        else if (errno == ENOTDIR && !strchr(file, '/'))
 192                errno = ENOENT;
 193        return -1;
 194}
 195
 196static const char **prepare_shell_cmd(struct argv_array *out, const char **argv)
 197{
 198        if (!argv[0])
 199                die("BUG: shell command is empty");
 200
 201        if (strcspn(argv[0], "|&;<>()$`\\\"' \t\n*?[#~=%") != strlen(argv[0])) {
 202#ifndef GIT_WINDOWS_NATIVE
 203                argv_array_push(out, SHELL_PATH);
 204#else
 205                argv_array_push(out, "sh");
 206#endif
 207                argv_array_push(out, "-c");
 208
 209                /*
 210                 * If we have no extra arguments, we do not even need to
 211                 * bother with the "$@" magic.
 212                 */
 213                if (!argv[1])
 214                        argv_array_push(out, argv[0]);
 215                else
 216                        argv_array_pushf(out, "%s \"$@\"", argv[0]);
 217        }
 218
 219        argv_array_pushv(out, argv);
 220        return out->argv;
 221}
 222
 223#ifndef GIT_WINDOWS_NATIVE
 224static int execv_shell_cmd(const char **argv)
 225{
 226        struct argv_array nargv = ARGV_ARRAY_INIT;
 227        prepare_shell_cmd(&nargv, argv);
 228        trace_argv_printf(nargv.argv, "trace: exec:");
 229        sane_execvp(nargv.argv[0], (char **)nargv.argv);
 230        argv_array_clear(&nargv);
 231        return -1;
 232}
 233#endif
 234
 235#ifndef GIT_WINDOWS_NATIVE
 236static int child_notifier = -1;
 237
 238static void notify_parent(void)
 239{
 240        /*
 241         * execvp failed.  If possible, we'd like to let start_command
 242         * know, so failures like ENOENT can be handled right away; but
 243         * otherwise, finish_command will still report the error.
 244         */
 245        xwrite(child_notifier, "", 1);
 246}
 247#endif
 248
 249static inline void set_cloexec(int fd)
 250{
 251        int flags = fcntl(fd, F_GETFD);
 252        if (flags >= 0)
 253                fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
 254}
 255
 256static int wait_or_whine(pid_t pid, const char *argv0, int in_signal)
 257{
 258        int status, code = -1;
 259        pid_t waiting;
 260        int failed_errno = 0;
 261
 262        while ((waiting = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
 263                ;       /* nothing */
 264        if (in_signal)
 265                return 0;
 266
 267        if (waiting < 0) {
 268                failed_errno = errno;
 269                error_errno("waitpid for %s failed", argv0);
 270        } else if (waiting != pid) {
 271                error("waitpid is confused (%s)", argv0);
 272        } else if (WIFSIGNALED(status)) {
 273                code = WTERMSIG(status);
 274                if (code != SIGINT && code != SIGQUIT && code != SIGPIPE)
 275                        error("%s died of signal %d", argv0, code);
 276                /*
 277                 * This return value is chosen so that code & 0xff
 278                 * mimics the exit code that a POSIX shell would report for
 279                 * a program that died from this signal.
 280                 */
 281                code += 128;
 282        } else if (WIFEXITED(status)) {
 283                code = WEXITSTATUS(status);
 284                /*
 285                 * Convert special exit code when execvp failed.
 286                 */
 287                if (code == 127) {
 288                        code = -1;
 289                        failed_errno = ENOENT;
 290                }
 291        } else {
 292                error("waitpid is confused (%s)", argv0);
 293        }
 294
 295        clear_child_for_cleanup(pid);
 296
 297        errno = failed_errno;
 298        return code;
 299}
 300
 301int start_command(struct child_process *cmd)
 302{
 303        int need_in, need_out, need_err;
 304        int fdin[2], fdout[2], fderr[2];
 305        int failed_errno;
 306        char *str;
 307
 308        if (!cmd->argv)
 309                cmd->argv = cmd->args.argv;
 310        if (!cmd->env)
 311                cmd->env = cmd->env_array.argv;
 312
 313        /*
 314         * In case of errors we must keep the promise to close FDs
 315         * that have been passed in via ->in and ->out.
 316         */
 317
 318        need_in = !cmd->no_stdin && cmd->in < 0;
 319        if (need_in) {
 320                if (pipe(fdin) < 0) {
 321                        failed_errno = errno;
 322                        if (cmd->out > 0)
 323                                close(cmd->out);
 324                        str = "standard input";
 325                        goto fail_pipe;
 326                }
 327                cmd->in = fdin[1];
 328        }
 329
 330        need_out = !cmd->no_stdout
 331                && !cmd->stdout_to_stderr
 332                && cmd->out < 0;
 333        if (need_out) {
 334                if (pipe(fdout) < 0) {
 335                        failed_errno = errno;
 336                        if (need_in)
 337                                close_pair(fdin);
 338                        else if (cmd->in)
 339                                close(cmd->in);
 340                        str = "standard output";
 341                        goto fail_pipe;
 342                }
 343                cmd->out = fdout[0];
 344        }
 345
 346        need_err = !cmd->no_stderr && cmd->err < 0;
 347        if (need_err) {
 348                if (pipe(fderr) < 0) {
 349                        failed_errno = errno;
 350                        if (need_in)
 351                                close_pair(fdin);
 352                        else if (cmd->in)
 353                                close(cmd->in);
 354                        if (need_out)
 355                                close_pair(fdout);
 356                        else if (cmd->out)
 357                                close(cmd->out);
 358                        str = "standard error";
 359fail_pipe:
 360                        error("cannot create %s pipe for %s: %s",
 361                                str, cmd->argv[0], strerror(failed_errno));
 362                        child_process_clear(cmd);
 363                        errno = failed_errno;
 364                        return -1;
 365                }
 366                cmd->err = fderr[0];
 367        }
 368
 369        trace_argv_printf(cmd->argv, "trace: run_command:");
 370        fflush(NULL);
 371
 372#ifndef GIT_WINDOWS_NATIVE
 373{
 374        int notify_pipe[2];
 375        if (pipe(notify_pipe))
 376                notify_pipe[0] = notify_pipe[1] = -1;
 377
 378        cmd->pid = fork();
 379        failed_errno = errno;
 380        if (!cmd->pid) {
 381                /*
 382                 * Redirect the channel to write syscall error messages to
 383                 * before redirecting the process's stderr so that all die()
 384                 * in subsequent call paths use the parent's stderr.
 385                 */
 386                if (cmd->no_stderr || need_err) {
 387                        int child_err = dup(2);
 388                        set_cloexec(child_err);
 389                        set_error_handle(fdopen(child_err, "w"));
 390                }
 391
 392                close(notify_pipe[0]);
 393                set_cloexec(notify_pipe[1]);
 394                child_notifier = notify_pipe[1];
 395                atexit(notify_parent);
 396
 397                if (cmd->no_stdin)
 398                        dup_devnull(0);
 399                else if (need_in) {
 400                        dup2(fdin[0], 0);
 401                        close_pair(fdin);
 402                } else if (cmd->in) {
 403                        dup2(cmd->in, 0);
 404                        close(cmd->in);
 405                }
 406
 407                if (cmd->no_stderr)
 408                        dup_devnull(2);
 409                else if (need_err) {
 410                        dup2(fderr[1], 2);
 411                        close_pair(fderr);
 412                } else if (cmd->err > 1) {
 413                        dup2(cmd->err, 2);
 414                        close(cmd->err);
 415                }
 416
 417                if (cmd->no_stdout)
 418                        dup_devnull(1);
 419                else if (cmd->stdout_to_stderr)
 420                        dup2(2, 1);
 421                else if (need_out) {
 422                        dup2(fdout[1], 1);
 423                        close_pair(fdout);
 424                } else if (cmd->out > 1) {
 425                        dup2(cmd->out, 1);
 426                        close(cmd->out);
 427                }
 428
 429                if (cmd->dir && chdir(cmd->dir))
 430                        die_errno("exec '%s': cd to '%s' failed", cmd->argv[0],
 431                            cmd->dir);
 432                if (cmd->env) {
 433                        for (; *cmd->env; cmd->env++) {
 434                                if (strchr(*cmd->env, '='))
 435                                        putenv((char *)*cmd->env);
 436                                else
 437                                        unsetenv(*cmd->env);
 438                        }
 439                }
 440                if (cmd->git_cmd)
 441                        execv_git_cmd(cmd->argv);
 442                else if (cmd->use_shell)
 443                        execv_shell_cmd(cmd->argv);
 444                else
 445                        sane_execvp(cmd->argv[0], (char *const*) cmd->argv);
 446                if (errno == ENOENT) {
 447                        if (!cmd->silent_exec_failure)
 448                                error("cannot run %s: %s", cmd->argv[0],
 449                                        strerror(ENOENT));
 450                        exit(127);
 451                } else {
 452                        die_errno("cannot exec '%s'", cmd->argv[0]);
 453                }
 454        }
 455        if (cmd->pid < 0)
 456                error_errno("cannot fork() for %s", cmd->argv[0]);
 457        else if (cmd->clean_on_exit)
 458                mark_child_for_cleanup(cmd->pid, cmd);
 459
 460        /*
 461         * Wait for child's execvp. If the execvp succeeds (or if fork()
 462         * failed), EOF is seen immediately by the parent. Otherwise, the
 463         * child process sends a single byte.
 464         * Note that use of this infrastructure is completely advisory,
 465         * therefore, we keep error checks minimal.
 466         */
 467        close(notify_pipe[1]);
 468        if (read(notify_pipe[0], &notify_pipe[1], 1) == 1) {
 469                /*
 470                 * At this point we know that fork() succeeded, but execvp()
 471                 * failed. Errors have been reported to our stderr.
 472                 */
 473                wait_or_whine(cmd->pid, cmd->argv[0], 0);
 474                failed_errno = errno;
 475                cmd->pid = -1;
 476        }
 477        close(notify_pipe[0]);
 478}
 479#else
 480{
 481        int fhin = 0, fhout = 1, fherr = 2;
 482        const char **sargv = cmd->argv;
 483        struct argv_array nargv = ARGV_ARRAY_INIT;
 484
 485        if (cmd->no_stdin)
 486                fhin = open("/dev/null", O_RDWR);
 487        else if (need_in)
 488                fhin = dup(fdin[0]);
 489        else if (cmd->in)
 490                fhin = dup(cmd->in);
 491
 492        if (cmd->no_stderr)
 493                fherr = open("/dev/null", O_RDWR);
 494        else if (need_err)
 495                fherr = dup(fderr[1]);
 496        else if (cmd->err > 2)
 497                fherr = dup(cmd->err);
 498
 499        if (cmd->no_stdout)
 500                fhout = open("/dev/null", O_RDWR);
 501        else if (cmd->stdout_to_stderr)
 502                fhout = dup(fherr);
 503        else if (need_out)
 504                fhout = dup(fdout[1]);
 505        else if (cmd->out > 1)
 506                fhout = dup(cmd->out);
 507
 508        if (cmd->git_cmd)
 509                cmd->argv = prepare_git_cmd(&nargv, cmd->argv);
 510        else if (cmd->use_shell)
 511                cmd->argv = prepare_shell_cmd(&nargv, cmd->argv);
 512
 513        cmd->pid = mingw_spawnvpe(cmd->argv[0], cmd->argv, (char**) cmd->env,
 514                        cmd->dir, fhin, fhout, fherr);
 515        failed_errno = errno;
 516        if (cmd->pid < 0 && (!cmd->silent_exec_failure || errno != ENOENT))
 517                error_errno("cannot spawn %s", cmd->argv[0]);
 518        if (cmd->clean_on_exit && cmd->pid >= 0)
 519                mark_child_for_cleanup(cmd->pid, cmd);
 520
 521        argv_array_clear(&nargv);
 522        cmd->argv = sargv;
 523        if (fhin != 0)
 524                close(fhin);
 525        if (fhout != 1)
 526                close(fhout);
 527        if (fherr != 2)
 528                close(fherr);
 529}
 530#endif
 531
 532        if (cmd->pid < 0) {
 533                if (need_in)
 534                        close_pair(fdin);
 535                else if (cmd->in)
 536                        close(cmd->in);
 537                if (need_out)
 538                        close_pair(fdout);
 539                else if (cmd->out)
 540                        close(cmd->out);
 541                if (need_err)
 542                        close_pair(fderr);
 543                else if (cmd->err)
 544                        close(cmd->err);
 545                child_process_clear(cmd);
 546                errno = failed_errno;
 547                return -1;
 548        }
 549
 550        if (need_in)
 551                close(fdin[0]);
 552        else if (cmd->in)
 553                close(cmd->in);
 554
 555        if (need_out)
 556                close(fdout[1]);
 557        else if (cmd->out)
 558                close(cmd->out);
 559
 560        if (need_err)
 561                close(fderr[1]);
 562        else if (cmd->err)
 563                close(cmd->err);
 564
 565        return 0;
 566}
 567
 568int finish_command(struct child_process *cmd)
 569{
 570        int ret = wait_or_whine(cmd->pid, cmd->argv[0], 0);
 571        child_process_clear(cmd);
 572        return ret;
 573}
 574
 575int finish_command_in_signal(struct child_process *cmd)
 576{
 577        return wait_or_whine(cmd->pid, cmd->argv[0], 1);
 578}
 579
 580
 581int run_command(struct child_process *cmd)
 582{
 583        int code;
 584
 585        if (cmd->out < 0 || cmd->err < 0)
 586                die("BUG: run_command with a pipe can cause deadlock");
 587
 588        code = start_command(cmd);
 589        if (code)
 590                return code;
 591        return finish_command(cmd);
 592}
 593
 594int run_command_v_opt(const char **argv, int opt)
 595{
 596        return run_command_v_opt_cd_env(argv, opt, NULL, NULL);
 597}
 598
 599int run_command_v_opt_cd_env(const char **argv, int opt, const char *dir, const char *const *env)
 600{
 601        struct child_process cmd = CHILD_PROCESS_INIT;
 602        cmd.argv = argv;
 603        cmd.no_stdin = opt & RUN_COMMAND_NO_STDIN ? 1 : 0;
 604        cmd.git_cmd = opt & RUN_GIT_CMD ? 1 : 0;
 605        cmd.stdout_to_stderr = opt & RUN_COMMAND_STDOUT_TO_STDERR ? 1 : 0;
 606        cmd.silent_exec_failure = opt & RUN_SILENT_EXEC_FAILURE ? 1 : 0;
 607        cmd.use_shell = opt & RUN_USING_SHELL ? 1 : 0;
 608        cmd.clean_on_exit = opt & RUN_CLEAN_ON_EXIT ? 1 : 0;
 609        cmd.dir = dir;
 610        cmd.env = env;
 611        return run_command(&cmd);
 612}
 613
 614#ifndef NO_PTHREADS
 615static pthread_t main_thread;
 616static int main_thread_set;
 617static pthread_key_t async_key;
 618static pthread_key_t async_die_counter;
 619
 620static void *run_thread(void *data)
 621{
 622        struct async *async = data;
 623        intptr_t ret;
 624
 625        if (async->isolate_sigpipe) {
 626                sigset_t mask;
 627                sigemptyset(&mask);
 628                sigaddset(&mask, SIGPIPE);
 629                if (pthread_sigmask(SIG_BLOCK, &mask, NULL) < 0) {
 630                        ret = error("unable to block SIGPIPE in async thread");
 631                        return (void *)ret;
 632                }
 633        }
 634
 635        pthread_setspecific(async_key, async);
 636        ret = async->proc(async->proc_in, async->proc_out, async->data);
 637        return (void *)ret;
 638}
 639
 640static NORETURN void die_async(const char *err, va_list params)
 641{
 642        vreportf("fatal: ", err, params);
 643
 644        if (in_async()) {
 645                struct async *async = pthread_getspecific(async_key);
 646                if (async->proc_in >= 0)
 647                        close(async->proc_in);
 648                if (async->proc_out >= 0)
 649                        close(async->proc_out);
 650                pthread_exit((void *)128);
 651        }
 652
 653        exit(128);
 654}
 655
 656static int async_die_is_recursing(void)
 657{
 658        void *ret = pthread_getspecific(async_die_counter);
 659        pthread_setspecific(async_die_counter, (void *)1);
 660        return ret != NULL;
 661}
 662
 663int in_async(void)
 664{
 665        if (!main_thread_set)
 666                return 0; /* no asyncs started yet */
 667        return !pthread_equal(main_thread, pthread_self());
 668}
 669
 670static void NORETURN async_exit(int code)
 671{
 672        pthread_exit((void *)(intptr_t)code);
 673}
 674
 675#else
 676
 677static struct {
 678        void (**handlers)(void);
 679        size_t nr;
 680        size_t alloc;
 681} git_atexit_hdlrs;
 682
 683static int git_atexit_installed;
 684
 685static void git_atexit_dispatch(void)
 686{
 687        size_t i;
 688
 689        for (i=git_atexit_hdlrs.nr ; i ; i--)
 690                git_atexit_hdlrs.handlers[i-1]();
 691}
 692
 693static void git_atexit_clear(void)
 694{
 695        free(git_atexit_hdlrs.handlers);
 696        memset(&git_atexit_hdlrs, 0, sizeof(git_atexit_hdlrs));
 697        git_atexit_installed = 0;
 698}
 699
 700#undef atexit
 701int git_atexit(void (*handler)(void))
 702{
 703        ALLOC_GROW(git_atexit_hdlrs.handlers, git_atexit_hdlrs.nr + 1, git_atexit_hdlrs.alloc);
 704        git_atexit_hdlrs.handlers[git_atexit_hdlrs.nr++] = handler;
 705        if (!git_atexit_installed) {
 706                if (atexit(&git_atexit_dispatch))
 707                        return -1;
 708                git_atexit_installed = 1;
 709        }
 710        return 0;
 711}
 712#define atexit git_atexit
 713
 714static int process_is_async;
 715int in_async(void)
 716{
 717        return process_is_async;
 718}
 719
 720static void NORETURN async_exit(int code)
 721{
 722        exit(code);
 723}
 724
 725#endif
 726
 727void check_pipe(int err)
 728{
 729        if (err == EPIPE) {
 730                if (in_async())
 731                        async_exit(141);
 732
 733                signal(SIGPIPE, SIG_DFL);
 734                raise(SIGPIPE);
 735                /* Should never happen, but just in case... */
 736                exit(141);
 737        }
 738}
 739
 740int start_async(struct async *async)
 741{
 742        int need_in, need_out;
 743        int fdin[2], fdout[2];
 744        int proc_in, proc_out;
 745
 746        need_in = async->in < 0;
 747        if (need_in) {
 748                if (pipe(fdin) < 0) {
 749                        if (async->out > 0)
 750                                close(async->out);
 751                        return error_errno("cannot create pipe");
 752                }
 753                async->in = fdin[1];
 754        }
 755
 756        need_out = async->out < 0;
 757        if (need_out) {
 758                if (pipe(fdout) < 0) {
 759                        if (need_in)
 760                                close_pair(fdin);
 761                        else if (async->in)
 762                                close(async->in);
 763                        return error_errno("cannot create pipe");
 764                }
 765                async->out = fdout[0];
 766        }
 767
 768        if (need_in)
 769                proc_in = fdin[0];
 770        else if (async->in)
 771                proc_in = async->in;
 772        else
 773                proc_in = -1;
 774
 775        if (need_out)
 776                proc_out = fdout[1];
 777        else if (async->out)
 778                proc_out = async->out;
 779        else
 780                proc_out = -1;
 781
 782#ifdef NO_PTHREADS
 783        /* Flush stdio before fork() to avoid cloning buffers */
 784        fflush(NULL);
 785
 786        async->pid = fork();
 787        if (async->pid < 0) {
 788                error_errno("fork (async) failed");
 789                goto error;
 790        }
 791        if (!async->pid) {
 792                if (need_in)
 793                        close(fdin[1]);
 794                if (need_out)
 795                        close(fdout[0]);
 796                git_atexit_clear();
 797                process_is_async = 1;
 798                exit(!!async->proc(proc_in, proc_out, async->data));
 799        }
 800
 801        mark_child_for_cleanup(async->pid, NULL);
 802
 803        if (need_in)
 804                close(fdin[0]);
 805        else if (async->in)
 806                close(async->in);
 807
 808        if (need_out)
 809                close(fdout[1]);
 810        else if (async->out)
 811                close(async->out);
 812#else
 813        if (!main_thread_set) {
 814                /*
 815                 * We assume that the first time that start_async is called
 816                 * it is from the main thread.
 817                 */
 818                main_thread_set = 1;
 819                main_thread = pthread_self();
 820                pthread_key_create(&async_key, NULL);
 821                pthread_key_create(&async_die_counter, NULL);
 822                set_die_routine(die_async);
 823                set_die_is_recursing_routine(async_die_is_recursing);
 824        }
 825
 826        if (proc_in >= 0)
 827                set_cloexec(proc_in);
 828        if (proc_out >= 0)
 829                set_cloexec(proc_out);
 830        async->proc_in = proc_in;
 831        async->proc_out = proc_out;
 832        {
 833                int err = pthread_create(&async->tid, NULL, run_thread, async);
 834                if (err) {
 835                        error_errno("cannot create thread");
 836                        goto error;
 837                }
 838        }
 839#endif
 840        return 0;
 841
 842error:
 843        if (need_in)
 844                close_pair(fdin);
 845        else if (async->in)
 846                close(async->in);
 847
 848        if (need_out)
 849                close_pair(fdout);
 850        else if (async->out)
 851                close(async->out);
 852        return -1;
 853}
 854
 855int finish_async(struct async *async)
 856{
 857#ifdef NO_PTHREADS
 858        return wait_or_whine(async->pid, "child process", 0);
 859#else
 860        void *ret = (void *)(intptr_t)(-1);
 861
 862        if (pthread_join(async->tid, &ret))
 863                error("pthread_join failed");
 864        return (int)(intptr_t)ret;
 865#endif
 866}
 867
 868const char *find_hook(const char *name)
 869{
 870        static struct strbuf path = STRBUF_INIT;
 871
 872        strbuf_reset(&path);
 873        strbuf_git_path(&path, "hooks/%s", name);
 874        if (access(path.buf, X_OK) < 0)
 875                return NULL;
 876        return path.buf;
 877}
 878
 879int run_hook_ve(const char *const *env, const char *name, va_list args)
 880{
 881        struct child_process hook = CHILD_PROCESS_INIT;
 882        const char *p;
 883
 884        p = find_hook(name);
 885        if (!p)
 886                return 0;
 887
 888        argv_array_push(&hook.args, p);
 889        while ((p = va_arg(args, const char *)))
 890                argv_array_push(&hook.args, p);
 891        hook.env = env;
 892        hook.no_stdin = 1;
 893        hook.stdout_to_stderr = 1;
 894
 895        return run_command(&hook);
 896}
 897
 898int run_hook_le(const char *const *env, const char *name, ...)
 899{
 900        va_list args;
 901        int ret;
 902
 903        va_start(args, name);
 904        ret = run_hook_ve(env, name, args);
 905        va_end(args);
 906
 907        return ret;
 908}
 909
 910struct io_pump {
 911        /* initialized by caller */
 912        int fd;
 913        int type; /* POLLOUT or POLLIN */
 914        union {
 915                struct {
 916                        const char *buf;
 917                        size_t len;
 918                } out;
 919                struct {
 920                        struct strbuf *buf;
 921                        size_t hint;
 922                } in;
 923        } u;
 924
 925        /* returned by pump_io */
 926        int error; /* 0 for success, otherwise errno */
 927
 928        /* internal use */
 929        struct pollfd *pfd;
 930};
 931
 932static int pump_io_round(struct io_pump *slots, int nr, struct pollfd *pfd)
 933{
 934        int pollsize = 0;
 935        int i;
 936
 937        for (i = 0; i < nr; i++) {
 938                struct io_pump *io = &slots[i];
 939                if (io->fd < 0)
 940                        continue;
 941                pfd[pollsize].fd = io->fd;
 942                pfd[pollsize].events = io->type;
 943                io->pfd = &pfd[pollsize++];
 944        }
 945
 946        if (!pollsize)
 947                return 0;
 948
 949        if (poll(pfd, pollsize, -1) < 0) {
 950                if (errno == EINTR)
 951                        return 1;
 952                die_errno("poll failed");
 953        }
 954
 955        for (i = 0; i < nr; i++) {
 956                struct io_pump *io = &slots[i];
 957
 958                if (io->fd < 0)
 959                        continue;
 960
 961                if (!(io->pfd->revents & (POLLOUT|POLLIN|POLLHUP|POLLERR|POLLNVAL)))
 962                        continue;
 963
 964                if (io->type == POLLOUT) {
 965                        ssize_t len = xwrite(io->fd,
 966                                             io->u.out.buf, io->u.out.len);
 967                        if (len < 0) {
 968                                io->error = errno;
 969                                close(io->fd);
 970                                io->fd = -1;
 971                        } else {
 972                                io->u.out.buf += len;
 973                                io->u.out.len -= len;
 974                                if (!io->u.out.len) {
 975                                        close(io->fd);
 976                                        io->fd = -1;
 977                                }
 978                        }
 979                }
 980
 981                if (io->type == POLLIN) {
 982                        ssize_t len = strbuf_read_once(io->u.in.buf,
 983                                                       io->fd, io->u.in.hint);
 984                        if (len < 0)
 985                                io->error = errno;
 986                        if (len <= 0) {
 987                                close(io->fd);
 988                                io->fd = -1;
 989                        }
 990                }
 991        }
 992
 993        return 1;
 994}
 995
 996static int pump_io(struct io_pump *slots, int nr)
 997{
 998        struct pollfd *pfd;
 999        int i;
1000
1001        for (i = 0; i < nr; i++)
1002                slots[i].error = 0;
1003
1004        ALLOC_ARRAY(pfd, nr);
1005        while (pump_io_round(slots, nr, pfd))
1006                ; /* nothing */
1007        free(pfd);
1008
1009        /* There may be multiple errno values, so just pick the first. */
1010        for (i = 0; i < nr; i++) {
1011                if (slots[i].error) {
1012                        errno = slots[i].error;
1013                        return -1;
1014                }
1015        }
1016        return 0;
1017}
1018
1019
1020int pipe_command(struct child_process *cmd,
1021                 const char *in, size_t in_len,
1022                 struct strbuf *out, size_t out_hint,
1023                 struct strbuf *err, size_t err_hint)
1024{
1025        struct io_pump io[3];
1026        int nr = 0;
1027
1028        if (in)
1029                cmd->in = -1;
1030        if (out)
1031                cmd->out = -1;
1032        if (err)
1033                cmd->err = -1;
1034
1035        if (start_command(cmd) < 0)
1036                return -1;
1037
1038        if (in) {
1039                io[nr].fd = cmd->in;
1040                io[nr].type = POLLOUT;
1041                io[nr].u.out.buf = in;
1042                io[nr].u.out.len = in_len;
1043                nr++;
1044        }
1045        if (out) {
1046                io[nr].fd = cmd->out;
1047                io[nr].type = POLLIN;
1048                io[nr].u.in.buf = out;
1049                io[nr].u.in.hint = out_hint;
1050                nr++;
1051        }
1052        if (err) {
1053                io[nr].fd = cmd->err;
1054                io[nr].type = POLLIN;
1055                io[nr].u.in.buf = err;
1056                io[nr].u.in.hint = err_hint;
1057                nr++;
1058        }
1059
1060        if (pump_io(io, nr) < 0) {
1061                finish_command(cmd); /* throw away exit code */
1062                return -1;
1063        }
1064
1065        return finish_command(cmd);
1066}
1067
1068enum child_state {
1069        GIT_CP_FREE,
1070        GIT_CP_WORKING,
1071        GIT_CP_WAIT_CLEANUP,
1072};
1073
1074struct parallel_processes {
1075        void *data;
1076
1077        int max_processes;
1078        int nr_processes;
1079
1080        get_next_task_fn get_next_task;
1081        start_failure_fn start_failure;
1082        task_finished_fn task_finished;
1083
1084        struct {
1085                enum child_state state;
1086                struct child_process process;
1087                struct strbuf err;
1088                void *data;
1089        } *children;
1090        /*
1091         * The struct pollfd is logically part of *children,
1092         * but the system call expects it as its own array.
1093         */
1094        struct pollfd *pfd;
1095
1096        unsigned shutdown : 1;
1097
1098        int output_owner;
1099        struct strbuf buffered_output; /* of finished children */
1100};
1101
1102static int default_start_failure(struct strbuf *out,
1103                                 void *pp_cb,
1104                                 void *pp_task_cb)
1105{
1106        return 0;
1107}
1108
1109static int default_task_finished(int result,
1110                                 struct strbuf *out,
1111                                 void *pp_cb,
1112                                 void *pp_task_cb)
1113{
1114        return 0;
1115}
1116
1117static void kill_children(struct parallel_processes *pp, int signo)
1118{
1119        int i, n = pp->max_processes;
1120
1121        for (i = 0; i < n; i++)
1122                if (pp->children[i].state == GIT_CP_WORKING)
1123                        kill(pp->children[i].process.pid, signo);
1124}
1125
1126static struct parallel_processes *pp_for_signal;
1127
1128static void handle_children_on_signal(int signo)
1129{
1130        kill_children(pp_for_signal, signo);
1131        sigchain_pop(signo);
1132        raise(signo);
1133}
1134
1135static void pp_init(struct parallel_processes *pp,
1136                    int n,
1137                    get_next_task_fn get_next_task,
1138                    start_failure_fn start_failure,
1139                    task_finished_fn task_finished,
1140                    void *data)
1141{
1142        int i;
1143
1144        if (n < 1)
1145                n = online_cpus();
1146
1147        pp->max_processes = n;
1148
1149        trace_printf("run_processes_parallel: preparing to run up to %d tasks", n);
1150
1151        pp->data = data;
1152        if (!get_next_task)
1153                die("BUG: you need to specify a get_next_task function");
1154        pp->get_next_task = get_next_task;
1155
1156        pp->start_failure = start_failure ? start_failure : default_start_failure;
1157        pp->task_finished = task_finished ? task_finished : default_task_finished;
1158
1159        pp->nr_processes = 0;
1160        pp->output_owner = 0;
1161        pp->shutdown = 0;
1162        pp->children = xcalloc(n, sizeof(*pp->children));
1163        pp->pfd = xcalloc(n, sizeof(*pp->pfd));
1164        strbuf_init(&pp->buffered_output, 0);
1165
1166        for (i = 0; i < n; i++) {
1167                strbuf_init(&pp->children[i].err, 0);
1168                child_process_init(&pp->children[i].process);
1169                pp->pfd[i].events = POLLIN | POLLHUP;
1170                pp->pfd[i].fd = -1;
1171        }
1172
1173        pp_for_signal = pp;
1174        sigchain_push_common(handle_children_on_signal);
1175}
1176
1177static void pp_cleanup(struct parallel_processes *pp)
1178{
1179        int i;
1180
1181        trace_printf("run_processes_parallel: done");
1182        for (i = 0; i < pp->max_processes; i++) {
1183                strbuf_release(&pp->children[i].err);
1184                child_process_clear(&pp->children[i].process);
1185        }
1186
1187        free(pp->children);
1188        free(pp->pfd);
1189
1190        /*
1191         * When get_next_task added messages to the buffer in its last
1192         * iteration, the buffered output is non empty.
1193         */
1194        strbuf_write(&pp->buffered_output, stderr);
1195        strbuf_release(&pp->buffered_output);
1196
1197        sigchain_pop_common();
1198}
1199
1200/* returns
1201 *  0 if a new task was started.
1202 *  1 if no new jobs was started (get_next_task ran out of work, non critical
1203 *    problem with starting a new command)
1204 * <0 no new job was started, user wishes to shutdown early. Use negative code
1205 *    to signal the children.
1206 */
1207static int pp_start_one(struct parallel_processes *pp)
1208{
1209        int i, code;
1210
1211        for (i = 0; i < pp->max_processes; i++)
1212                if (pp->children[i].state == GIT_CP_FREE)
1213                        break;
1214        if (i == pp->max_processes)
1215                die("BUG: bookkeeping is hard");
1216
1217        code = pp->get_next_task(&pp->children[i].process,
1218                                 &pp->children[i].err,
1219                                 pp->data,
1220                                 &pp->children[i].data);
1221        if (!code) {
1222                strbuf_addbuf(&pp->buffered_output, &pp->children[i].err);
1223                strbuf_reset(&pp->children[i].err);
1224                return 1;
1225        }
1226        pp->children[i].process.err = -1;
1227        pp->children[i].process.stdout_to_stderr = 1;
1228        pp->children[i].process.no_stdin = 1;
1229
1230        if (start_command(&pp->children[i].process)) {
1231                code = pp->start_failure(&pp->children[i].err,
1232                                         pp->data,
1233                                         &pp->children[i].data);
1234                strbuf_addbuf(&pp->buffered_output, &pp->children[i].err);
1235                strbuf_reset(&pp->children[i].err);
1236                if (code)
1237                        pp->shutdown = 1;
1238                return code;
1239        }
1240
1241        pp->nr_processes++;
1242        pp->children[i].state = GIT_CP_WORKING;
1243        pp->pfd[i].fd = pp->children[i].process.err;
1244        return 0;
1245}
1246
1247static void pp_buffer_stderr(struct parallel_processes *pp, int output_timeout)
1248{
1249        int i;
1250
1251        while ((i = poll(pp->pfd, pp->max_processes, output_timeout)) < 0) {
1252                if (errno == EINTR)
1253                        continue;
1254                pp_cleanup(pp);
1255                die_errno("poll");
1256        }
1257
1258        /* Buffer output from all pipes. */
1259        for (i = 0; i < pp->max_processes; i++) {
1260                if (pp->children[i].state == GIT_CP_WORKING &&
1261                    pp->pfd[i].revents & (POLLIN | POLLHUP)) {
1262                        int n = strbuf_read_once(&pp->children[i].err,
1263                                                 pp->children[i].process.err, 0);
1264                        if (n == 0) {
1265                                close(pp->children[i].process.err);
1266                                pp->children[i].state = GIT_CP_WAIT_CLEANUP;
1267                        } else if (n < 0)
1268                                if (errno != EAGAIN)
1269                                        die_errno("read");
1270                }
1271        }
1272}
1273
1274static void pp_output(struct parallel_processes *pp)
1275{
1276        int i = pp->output_owner;
1277        if (pp->children[i].state == GIT_CP_WORKING &&
1278            pp->children[i].err.len) {
1279                strbuf_write(&pp->children[i].err, stderr);
1280                strbuf_reset(&pp->children[i].err);
1281        }
1282}
1283
1284static int pp_collect_finished(struct parallel_processes *pp)
1285{
1286        int i, code;
1287        int n = pp->max_processes;
1288        int result = 0;
1289
1290        while (pp->nr_processes > 0) {
1291                for (i = 0; i < pp->max_processes; i++)
1292                        if (pp->children[i].state == GIT_CP_WAIT_CLEANUP)
1293                                break;
1294                if (i == pp->max_processes)
1295                        break;
1296
1297                code = finish_command(&pp->children[i].process);
1298
1299                code = pp->task_finished(code,
1300                                         &pp->children[i].err, pp->data,
1301                                         &pp->children[i].data);
1302
1303                if (code)
1304                        result = code;
1305                if (code < 0)
1306                        break;
1307
1308                pp->nr_processes--;
1309                pp->children[i].state = GIT_CP_FREE;
1310                pp->pfd[i].fd = -1;
1311                child_process_init(&pp->children[i].process);
1312
1313                if (i != pp->output_owner) {
1314                        strbuf_addbuf(&pp->buffered_output, &pp->children[i].err);
1315                        strbuf_reset(&pp->children[i].err);
1316                } else {
1317                        strbuf_write(&pp->children[i].err, stderr);
1318                        strbuf_reset(&pp->children[i].err);
1319
1320                        /* Output all other finished child processes */
1321                        strbuf_write(&pp->buffered_output, stderr);
1322                        strbuf_reset(&pp->buffered_output);
1323
1324                        /*
1325                         * Pick next process to output live.
1326                         * NEEDSWORK:
1327                         * For now we pick it randomly by doing a round
1328                         * robin. Later we may want to pick the one with
1329                         * the most output or the longest or shortest
1330                         * running process time.
1331                         */
1332                        for (i = 0; i < n; i++)
1333                                if (pp->children[(pp->output_owner + i) % n].state == GIT_CP_WORKING)
1334                                        break;
1335                        pp->output_owner = (pp->output_owner + i) % n;
1336                }
1337        }
1338        return result;
1339}
1340
1341int run_processes_parallel(int n,
1342                           get_next_task_fn get_next_task,
1343                           start_failure_fn start_failure,
1344                           task_finished_fn task_finished,
1345                           void *pp_cb)
1346{
1347        int i, code;
1348        int output_timeout = 100;
1349        int spawn_cap = 4;
1350        struct parallel_processes pp;
1351
1352        pp_init(&pp, n, get_next_task, start_failure, task_finished, pp_cb);
1353        while (1) {
1354                for (i = 0;
1355                    i < spawn_cap && !pp.shutdown &&
1356                    pp.nr_processes < pp.max_processes;
1357                    i++) {
1358                        code = pp_start_one(&pp);
1359                        if (!code)
1360                                continue;
1361                        if (code < 0) {
1362                                pp.shutdown = 1;
1363                                kill_children(&pp, -code);
1364                        }
1365                        break;
1366                }
1367                if (!pp.nr_processes)
1368                        break;
1369                pp_buffer_stderr(&pp, output_timeout);
1370                pp_output(&pp);
1371                code = pp_collect_finished(&pp);
1372                if (code) {
1373                        pp.shutdown = 1;
1374                        if (code < 0)
1375                                kill_children(&pp, -code);
1376                }
1377        }
1378
1379        pp_cleanup(&pp);
1380        return 0;
1381}