X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/secnet/blobdiff_plain/7138d0c54cd2212439434d27cb2d6ea775c3039b..4f5e39ecfaa49376b0a5c3a4c384e91a828c1105:/process.c diff --git a/process.c b/process.c index b40801b..f2a2e42 100644 --- a/process.c +++ b/process.c @@ -5,6 +5,23 @@ #include #include "process.h" +/* Advice about children from Peter: +Better way: before the fork, make a pipe. In the child close the ++reading end. Make the writing end close-on-exec. If the dup2 or exec fails, ++write the errno value. In the parent, close the writing end. Now you can read ++from it. If you get an errno value from the pipe, the process failed and you ++know why. If you get EOF, the exec succeeded. + + So, close on exec only closes if exec isn't going to return then? + qu: I wouldn't bother with all that with pipes. Remember that the ++runtime system can still make exec fail when it's `too late'. + Diz - I would rather have a coherant error message than 'child failed' + The child, if it fails to exec, should print a message to stderr ++(giving errno and what it was trying to execute, most likely), and exit ++nonzero. + It should exit calling _exit. +*/ + /* Process handling - subprocesses, signals, etc. */ static bool_t signal_handling=False; @@ -39,11 +56,10 @@ static void set_default_signals(void); signal processing so that we can catch SIGCHLD for them and report their exit status using the callback function. We block SIGCHLD until signal processing has begun. */ -extern void makesubproc(process_entry_fn *entry, process_callback_fn *cb, - void *est, void *cst, string_t desc) +pid_t makesubproc(process_entry_fn *entry, process_callback_fn *cb, + void *est, void *cst, string_t desc) { struct child *c; - sigset_t sigchld; pid_t p; c=safe_malloc(sizeof(*c),"makesubproc"); @@ -52,9 +68,7 @@ extern void makesubproc(process_entry_fn *entry, process_callback_fn *cb, c->cst=cst; if (!signal_handling) { - sigemptyset(&sigchld); - sigaddset(&sigchld,SIGCHLD); - sigprocmask(SIG_BLOCK,&sigchld,NULL); + fatal("makesubproc called before signal handling started"); } p=fork(); if (p==0) { @@ -70,6 +84,7 @@ extern void makesubproc(process_entry_fn *entry, process_callback_fn *cb, c->finished=False; c->next=children; children=c; + return p; } static signal_notify_fn sigchld_handler; @@ -219,11 +234,21 @@ static void set_default_signals(void) static void signal_handler(int signum) { + int saved_errno; uint8_t thing=0; sigaddset(&pending,signum); + /* XXX the write() may set errno, which can make the main program fail. + However, signal handlers aren't allowed to modify anything which + is not of type sig_atomic_t. The world is broken. */ + /* I have decided to save and restore errno anyway; on most + architectures on which secnet can run modifications to errno + will be atomic, and it seems to be the lesser of the two + evils. */ + saved_errno=errno; write(spw,&thing,1); /* We don't care if this fails (i.e. the pipe is full) because the service routine will spot the pending signal anyway */ + errno=saved_errno; } static void register_signal_handler(struct signotify *s)