Mercurial > gnulib
changeset 19052:637f3a63efbd
open: support O_CLOEXEC
* NEWS, doc/posix-functions/open.texi:
* doc/posix-functions/openat.texi: Document this.
* lib/fcntl.in.h (O_CLOEXEC): Default to a nonzero value.
(GNULIB_defined_O_CLOEXEC): New symbol.
* lib/open.c: Include cloexec.h.
(open): Support O_CLOEXEC.
* lib/openat.c: Include cloexec.h.
(rpl_openat): Support O_CLOEXEC.
* lib/popen-safer.c: Do not include cloexec.h.
(open_noinherit): Remove.
(popen_safer): Use O_CLOEXEC instead of set_cloexec_flag.
* lib/save-cwd.c: Do not include cloexec.h.
(save_cwd): Use O_CLOEXEC instead of set_cloexec_flag.
* m4/open-cloexec.m4: New file.
* m4/open.m4 (gl_FUNC_OPEN): Require gl_PREPROC_O_CLOEXEC.
Replace 'open' if O_CLOEXEC is not present.
* m4/openat.m4 (gl_FUNC_OPENAT): Require gl_PREPROC_O_CLOEXEC.
Replace 'openat' if O_CLOEXEC is not present.
* modules/freopen (Depends-on): Depend on 'open' if replacing freopen.
* modules/open (Files): Add m4/open-cloexec.m4.
(Depends-on): Depend on cloexec if replacing 'open'.
* modules/openat (Files): Add m4/open-cloexec.m4.
(Depends-on): Depend on cloexec if replacing openat.
* modules/popen-safer (Depends-on): Remove cloexec.
* modules/save-cwd (Depends-on): Remove cloexec, and add
fd-safer-flag and 'open'.
| author | Paul Eggert <eggert@cs.ucla.edu> |
|---|---|
| date | Mon, 14 Aug 2017 13:04:46 -0700 |
| parents | 733fbf6b39bc |
| children | af227a875ce7 |
| files | ChangeLog NEWS doc/posix-functions/open.texi doc/posix-functions/openat.texi lib/fcntl.in.h lib/open.c lib/openat.c lib/popen-safer.c lib/save-cwd.c m4/open-cloexec.m4 m4/open.m4 m4/openat.m4 modules/freopen modules/open modules/openat modules/popen-safer modules/save-cwd |
| diffstat | 17 files changed, 151 insertions(+), 49 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sun Aug 13 11:03:40 2017 -0700 +++ b/ChangeLog Mon Aug 14 13:04:46 2017 -0700 @@ -1,3 +1,34 @@ +2017-08-14 Paul Eggert <eggert@cs.ucla.edu> + + + open: support O_CLOEXEC + * NEWS, doc/posix-functions/open.texi: + * doc/posix-functions/openat.texi: Document this. + * lib/fcntl.in.h (O_CLOEXEC): Default to a nonzero value. + (GNULIB_defined_O_CLOEXEC): New symbol. + * lib/open.c: Include cloexec.h. + (open): Support O_CLOEXEC. + * lib/openat.c: Include cloexec.h. + (rpl_openat): Support O_CLOEXEC. + * lib/popen-safer.c: Do not include cloexec.h. + (open_noinherit): Remove. + (popen_safer): Use O_CLOEXEC instead of set_cloexec_flag. + * lib/save-cwd.c: Do not include cloexec.h. + (save_cwd): Use O_CLOEXEC instead of set_cloexec_flag. + * m4/open-cloexec.m4: New file. + * m4/open.m4 (gl_FUNC_OPEN): Require gl_PREPROC_O_CLOEXEC. + Replace 'open' if O_CLOEXEC is not present. + * m4/openat.m4 (gl_FUNC_OPENAT): Require gl_PREPROC_O_CLOEXEC. + Replace 'openat' if O_CLOEXEC is not present. + * modules/freopen (Depends-on): Depend on 'open' if replacing freopen. + * modules/open (Files): Add m4/open-cloexec.m4. + (Depends-on): Depend on cloexec if replacing 'open'. + * modules/openat (Files): Add m4/open-cloexec.m4. + (Depends-on): Depend on cloexec if replacing openat. + * modules/popen-safer (Depends-on): Remove cloexec. + * modules/save-cwd (Depends-on): Remove cloexec, and add + fd-safer-flag and 'open'. + 2017-08-13 Paul Eggert <eggert@cs.ucla.edu> reallocarray: minor fixes
--- a/NEWS Sun Aug 13 11:03:40 2017 -0700 +++ b/NEWS Mon Aug 14 13:04:46 2017 -0700 @@ -42,6 +42,10 @@ Date Modules Changes +2017-08-14 fcntl-h This module now defaults O_CLOEXEC to a nonzero + value instead of to 0, as the 'open' and + 'openat' modules now emulate O_CLOEXEC. + 2017-07-23 strftime This module is renamed to 'nstrftime'. 2017-05-19 closeout close_stdout longer closes stderr when addresses
--- a/doc/posix-functions/open.texi Sun Aug 13 11:03:40 2017 -0700 +++ b/doc/posix-functions/open.texi Mon Aug 14 13:04:46 2017 -0700 @@ -9,6 +9,9 @@ Portability problems fixed by the Gnulib module open: @itemize @item +Some platforms do not support @code{O_CLOEXEC}: +Solaris 10, probably many others. +@item On platforms where @code{off_t} is a 32-bit type, @code{open} may not work correctly with files larger than 2 GB. (Cf. @code{AC_SYS_LARGEFILE}.) @item @@ -35,6 +38,9 @@ Portability problems not fixed by Gnulib: @itemize @item +The Gnulib replacement for @code{O_CLOEXEC} is not atomic, and so is +not safe in the presence of multiple threads or signal handlers. +@item @code{open ("symlink", O_NOFOLLOW ...)} fails with @code{errno} set to @code{EMLINK} instead of the POSIX-required @code{ELOOP} on some platforms:
--- a/doc/posix-functions/openat.texi Sun Aug 13 11:03:40 2017 -0700 +++ b/doc/posix-functions/openat.texi Mon Aug 14 13:04:46 2017 -0700 @@ -14,6 +14,9 @@ AIX 5.1, HP-UX 11, IRIX 6.5, OSF/1 5.1, Cygwin 1.5.x, mingw, MSVC 14, Interix 3.5, BeOS. But the replacement function is not safe to be used in libraries and is not multithread-safe. @item +Some platforms do not support @code{O_CLOEXEC}: +Solaris 10. +@item On platforms where @code{off_t} is a 32-bit type, @code{open} may not work correctly with files larger than 2 GB. (Cf. @code{AC_SYS_LARGEFILE}.) @item @@ -26,6 +29,9 @@ Portability problems not fixed by Gnulib: @itemize @item +The Gnulib replacement for @code{O_CLOEXEC} is not atomic, and so is +not safe in the presence of multiple threads or signal handlers. +@item @code{openat (fd, "symlink", O_NOFOLLOW ...)} fails with @code{errno} set to @code{EMLINK} instead of the POSIX-required @code{ELOOP} on some platforms:
--- a/lib/fcntl.in.h Sun Aug 13 11:03:40 2017 -0700 +++ b/lib/fcntl.in.h Mon Aug 14 13:04:46 2017 -0700 @@ -213,7 +213,10 @@ #endif #ifndef O_CLOEXEC -# define O_CLOEXEC 0 +# define O_CLOEXEC 0x40000000 /* Try to not collide with system O_* flags. */ +# define GNULIB_defined_O_CLOEXEC 1 +#else +# define GNULIB_defined_O_CLOEXEC 0 #endif #ifndef O_DIRECT
--- a/lib/open.c Sun Aug 13 11:03:40 2017 -0700 +++ b/lib/open.c Mon Aug 14 13:04:46 2017 -0700 @@ -38,6 +38,8 @@ this include because of the preliminary #include <fcntl.h> above. */ #include "fcntl.h" +#include "cloexec.h" + #include <errno.h> #include <stdarg.h> #include <string.h> @@ -52,6 +54,13 @@ int open (const char *filename, int flags, ...) { + /* 0 = unknown, 1 = yes, -1 = no. */ +#if GNULIB_defined_O_CLOEXEC + int have_cloexec = -1; +#else + static int have_cloexec; +#endif + mode_t mode; int fd; @@ -115,7 +124,25 @@ } #endif - fd = orig_open (filename, flags, mode); + fd = orig_open (filename, + flags & ~(have_cloexec <= 0 ? O_CLOEXEC : 0), mode); + + if (flags & O_CLOEXEC) + { + if (! have_cloexec) + { + if (0 <= fd) + have_cloexec = 1; + else if (errno == EINVAL) + { + fd = orig_open (filename, flags & ~O_CLOEXEC, mode); + have_cloexec = -1; + } + } + if (have_cloexec < 0 && 0 <= fd) + set_cloexec_flag (fd, true); + } + #if REPLACE_FCHDIR /* Implementing fchdir and fdopendir requires the ability to open a
--- a/lib/openat.c Sun Aug 13 11:03:40 2017 -0700 +++ b/lib/openat.c Mon Aug 14 13:04:46 2017 -0700 @@ -41,6 +41,8 @@ #include "openat.h" +#include "cloexec.h" + #include <stdarg.h> #include <stdbool.h> #include <stddef.h> @@ -50,10 +52,18 @@ #if HAVE_OPENAT -/* Like openat, but work around Solaris 9 bugs with trailing slash. */ +/* Like openat, but support O_CLOEXEC and work around Solaris 9 bugs + with trailing slash. */ int rpl_openat (int dfd, char const *filename, int flags, ...) { + /* 0 = unknown, 1 = yes, -1 = no. */ +#if GNULIB_defined_O_CLOEXEC + int have_cloexec = -1; +#else + static int have_cloexec; +#endif + mode_t mode; int fd; @@ -103,7 +113,25 @@ } # endif - fd = orig_openat (dfd, filename, flags, mode); + fd = orig_openat (dfd, filename, + flags & ~(have_cloexec <= 0 ? O_CLOEXEC : 0), mode); + + if (flags & O_CLOEXEC) + { + if (! have_cloexec) + { + if (0 <= fd) + have_cloexec = 1; + else if (errno == EINVAL) + { + fd = orig_openat (dfd, filename, flags & ~O_CLOEXEC, mode); + have_cloexec = -1; + } + } + if (have_cloexec < 0 && 0 <= fd) + set_cloexec_flag (fd, true); + } + # if OPEN_TRAILING_SLASH_BUG /* If the filename ends in a slash and fd does not refer to a directory,
--- a/lib/popen-safer.c Sun Aug 13 11:03:40 2017 -0700 +++ b/lib/popen-safer.c Mon Aug 14 13:04:46 2017 -0700 @@ -25,39 +25,6 @@ #include <fcntl.h> #include <unistd.h> -#include "cloexec.h" - -/* Like open (name, flags | O_CLOEXEC), although not necessarily - atomic. FLAGS must not include O_CREAT. */ - -static int -open_noinherit (char const *name, int flags) -{ - int fd; -#if O_CLOEXEC - /* 0 = unknown, 1 = yes, -1 = no. */ - static int have_cloexec; - if (have_cloexec >= 0) - { - fd = open (name, flags | O_CLOEXEC); - if (have_cloexec == 0 && (0 <= fd || errno == EINVAL)) - have_cloexec = (0 <= fd ? 1 : -1); - if (have_cloexec == 1) - return fd; - } -#endif - - fd = open (name, flags); - if (0 <= fd && set_cloexec_flag (fd, true) != 0) - { - int saved_errno = errno; - close (fd); - fd = -1; - errno = saved_errno; - } - return fd; -} - /* Like popen, but do not return stdin, stdout, or stderr. */ FILE * @@ -72,7 +39,7 @@ call (even though this puts more pressure on open fds), so that the original fd created by popen is safe. */ FILE *fp; - int fd = open_noinherit ("/dev/null", O_RDONLY); + int fd = open ("/dev/null", O_RDONLY | O_CLOEXEC); if (0 <= fd && fd <= STDERR_FILENO) { /* Maximum recursion depth is 3. */
--- a/lib/save-cwd.c Sun Aug 13 11:03:40 2017 -0700 +++ b/lib/save-cwd.c Mon Aug 14 13:04:46 2017 -0700 @@ -30,7 +30,6 @@ #include "chdir-long.h" #include "unistd--.h" -#include "cloexec.h" #if GNULIB_FCNTL_SAFER # include "fcntl--.h" @@ -64,16 +63,15 @@ { cwd->name = NULL; - cwd->desc = open (".", O_SEARCH); + cwd->desc = open (".", O_SEARCH | O_CLOEXEC); if (!GNULIB_FCNTL_SAFER) - cwd->desc = fd_safer (cwd->desc); + cwd->desc = fd_safer_flag (cwd->desc, O_CLOEXEC); if (cwd->desc < 0) { cwd->name = getcwd (NULL, 0); return cwd->name ? 0 : -1; } - set_cloexec_flag (cwd->desc, true); return 0; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/m4/open-cloexec.m4 Mon Aug 14 13:04:46 2017 -0700 @@ -0,0 +1,21 @@ +# Test whether O_CLOEXEC is defined. + +dnl Copyright 2017 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +AC_DEFUN([gl_PREPROC_O_CLOEXEC], +[ + AC_CACHE_CHECK([for O_CLOEXEC], + [gl_cv_macro_O_CLOEXEC], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include <fcntl.h> + #ifndef O_CLOEXEC + choke me; + #endif + ]], + [[return O_CLOEXEC;]])], + [gl_cv_macro_O_CLOEXEC=yes], + [gl_cv_macro_O_CLOEXEC=no])]) +])
--- a/m4/open.m4 Sun Aug 13 11:03:40 2017 -0700 +++ b/m4/open.m4 Mon Aug 14 13:04:46 2017 -0700 @@ -1,4 +1,4 @@ -# open.m4 serial 14 +# open.m4 serial 15 dnl Copyright (C) 2007-2017 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, @@ -7,6 +7,7 @@ AC_DEFUN([gl_FUNC_OPEN], [ AC_REQUIRE([AC_CANONICAL_HOST]) + AC_REQUIRE([gl_PREPROC_O_CLOEXEC]) case "$host_os" in mingw* | pw*) REPLACE_OPEN=1 @@ -15,6 +16,9 @@ dnl open("foo/") should not create a file when the file name has a dnl trailing slash. FreeBSD only has the problem on symlinks. AC_CHECK_FUNCS_ONCE([lstat]) + if test "$gl_cv_macro_O_CLOEXEC" != yes; then + REPLACE_OPEN=1 + fi AC_CACHE_CHECK([whether open recognizes a trailing slash], [gl_cv_func_open_slash], [# Assume that if we have lstat, we can also check symlinks.
--- a/m4/openat.m4 Sun Aug 13 11:03:40 2017 -0700 +++ b/m4/openat.m4 Mon Aug 14 13:04:46 2017 -0700 @@ -1,4 +1,4 @@ -# serial 45 +# serial 46 # See if we need to use our replacement for Solaris' openat et al functions. dnl Copyright (C) 2004-2017 Free Software Foundation, Inc. @@ -14,10 +14,12 @@ AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS]) AC_CHECK_FUNCS_ONCE([openat]) AC_REQUIRE([gl_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK]) - case $ac_cv_func_openat+$gl_cv_func_lstat_dereferences_slashed_symlink in - yes+*yes) + AC_REQUIRE([gl_PREPROC_O_CLOEXEC]) + case $ac_cv_func_openat+$gl_cv_func_lstat_dereferences_slashed_symlink+$gl_cv_macro_O_CLOEXEC in + yes+*yes+yes) ;; yes+*) + # Solaris 10 lacks O_CLOEXEC. # Solaris 9 has *at functions, but uniformly mishandles trailing # slash in all of them. REPLACE_OPENAT=1
--- a/modules/freopen Sun Aug 13 11:03:40 2017 -0700 +++ b/modules/freopen Mon Aug 14 13:04:46 2017 -0700 @@ -7,6 +7,7 @@ Depends-on: fcntl-h [test $REPLACE_FREOPEN = 1] +open [test $REPLACE_FREOPEN = 1] stdio largefile
--- a/modules/open Sun Aug 13 11:03:40 2017 -0700 +++ b/modules/open Mon Aug 14 13:04:46 2017 -0700 @@ -4,11 +4,13 @@ Files: lib/open.c m4/open.m4 +m4/open-cloexec.m4 m4/mode_t.m4 Depends-on: fcntl-h largefile +cloexec [test $REPLACE_OPEN = 1] fstat [test $REPLACE_OPEN = 1] stat [test $REPLACE_OPEN = 1]
--- a/modules/openat Sun Aug 13 11:03:40 2017 -0700 +++ b/modules/openat Mon Aug 14 13:04:46 2017 -0700 @@ -4,6 +4,7 @@ Files: lib/openat.c m4/openat.m4 +m4/open-cloexec.m4 m4/lstat.m4 m4/mode_t.m4 @@ -14,6 +15,7 @@ openat-h [test $HAVE_OPENAT = 0 || test $REPLACE_OPENAT = 1] stdbool [test $HAVE_OPENAT = 0 || test $REPLACE_OPENAT = 1] sys_stat [test $HAVE_OPENAT = 0 || test $REPLACE_OPENAT = 1] +cloexec [test $REPLACE_OPENAT = 1] fstat [test $REPLACE_OPENAT = 1] at-internal [test $HAVE_OPENAT = 0] dosname [test $HAVE_OPENAT = 0]