/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ │ vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi │ ╞══════════════════════════════════════════════════════════════════════════════╡ │ Copyright 2020 Justine Alexandra Roberts Tunney │ │ │ │ Permission to use, copy, modify, and/or distribute this software for │ │ any purpose with or without fee is hereby granted, provided that the │ │ above copyright notice and this permission notice appear in all copies. │ │ │ │ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ │ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ │ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ │ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ │ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ │ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ │ PERFORMANCE OF THIS SOFTWARE. │ ╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/calls/calls.h" #include "libc/calls/pledge.h" #include "libc/calls/pledge.internal.h" #include "libc/calls/syscall-nt.internal.h" #include "libc/calls/syscall-sysv.internal.h" #include "libc/dce.h" #include "libc/intrin/describeflags.h" #include "libc/intrin/likely.h" #include "libc/intrin/promises.h" #include "libc/intrin/strace.h" #include "libc/intrin/weaken.h" #include "libc/log/libfatal.internal.h" #include "libc/runtime/runtime.h" #include "libc/runtime/zipos.internal.h" #include "libc/sysv/consts/o.h" #include "libc/sysv/errfuns.h" /** * Replaces current process with program. * * Your `prog` may be an actually portable executable or a platform * native binary (e.g. ELF, Mach-O, PE). On UNIX systems, your execve * implementation will try to find where the `ape` interpreter program * is installed on your system. The preferred location is `/usr/bin/ape` * except on Apple Silicon where it's `/usr/local/bin/ape`. The $TMPDIR * and $HOME locations that the APE shell script extracts the versioned * ape binaries to will also be checked as a fallback path. Finally, if * `prog` isn't an executable in any recognizable format, cosmo assumes * it's a bourne shell script and launches it under /bin/sh. * * The signal mask and pending signals are inherited by the new process. * Note the NetBSD kernel has a bug where pending signals are cleared. * * File descriptors that haven't been marked `O_CLOEXEC` through various * devices such as open() and fcntl() will be inherited by the executed * subprocess. The current file position of the duplicated descriptors * is shared across processes. On Windows, `prog` needs to be built by * cosmocc in order to properly inherit file descriptors. If a program * compiled by MSVC or Cygwin is launched instead, then only the stdio * file descriptors can be passed along. * * On Windows, the parent process must be a cosmo program. If you're * calling execve() from a program that wasn't launched by cosmopolitan * bash, or some similar program, then ask yourself if what you really * want is to either (a) call fork() first, or (b) use posix_spawn(). * * On Windows, `argv` and `envp` can't contain binary strings. They need * to be valid UTF-8 in order to round-trip the WIN32 API, without being * corrupted. * * On Windows, cosmo execve uses parent spoofing to implement the UNIX * behavior of replacing the current process. Since POSIX.1 also needs * us to maintain the same PID number too, the _COSMO_PID environemnt * variable is passed to the child process which specifies a spoofed * PID. Whatever is in that variable will be reported by getpid() and * other cosmo processes will be able to send signals to the process * using that pid, via kill(). These synthetic PIDs which are only * created by execve could potentially overlap with OS assignments if * Windows recycles them. Cosmo avoids that by tracking handles of * subprocesses. Each process has its own process manager thread, to * associate pids with win32 handles, and execve will tell the parent * process its new handle when it changes. However it's not perfect. * There's still situations where processes created by execve() can * cause surprising things to happen. For an alternative, consider * posix_spawn() which is fastest and awesomest across all OSes. * * On Windows, support is currently not implemented for inheriting * setitimer() and alarm() into an executed process. * * On Windows, support is currently not implemented for inheriting * getrusage() statistics into an executed process. * * The executed process will share the same terminal and current * directory. * * @param program will not be PATH searched, see commandv() * @param argv[0] is the name of the program to run * @param argv[1,n-2] optionally specify program arguments * @param argv[n-1] is NULL * @param envp[0,n-2] specifies "foo=bar" environment variables * @param envp[n-1] is NULL * @return doesn't return, or -1 w/ errno * @raise ETXTBSY if another process has `prog` open in write mode * @raise ENOEXEC if file is executable but not a valid format * @raise ENOMEM if remaining stack memory is insufficient * @raise EACCES if execute permission was denied * @asyncsignalsafe * @vforksafe */ int execve(const char *prog, char *const argv[], char *const envp[]) { int rc; struct ZiposUri uri; if (!prog || !argv || !envp) { rc = efault(); } else { STRACE("execve(%#s, %s, %s)", prog, DescribeStringList(argv), DescribeStringList(envp)); rc = 0; if (IsLinux() && __execpromises && _weaken(sys_pledge_linux)) { rc = _weaken(sys_pledge_linux)(__execpromises, __pledge_mode); } if (!rc) { if (0 && _weaken(__zipos_parseuri) && (_weaken(__zipos_parseuri)(prog, &uri) != -1)) { rc = _weaken(__zipos_open)(&uri, O_RDONLY | O_CLOEXEC); if (rc != -1) { const int zipFD = rc; strace_enabled(-1); rc = fexecve(zipFD, argv, envp); close(zipFD); strace_enabled(+1); } } else if (!IsWindows()) { rc = sys_execve(prog, argv, envp); } else { rc = sys_execve_nt(prog, argv, envp); } } } STRACE("execve(%#s) failed %d% m", prog, rc); return rc; }