/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
│ vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi │
╞══════════════════════════════════════════════════════════════════════════════╡
│ Copyright 2020 Justine Alexandra Roberts Tunney │
│ │
│ Permission to use, copy, modify, and/or distribute this software for │
│ any purpose with or without fee is hereby granted, provided that the │
│ above copyright notice and this permission notice appear in all copies. │
│ │
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
│ PERFORMANCE OF THIS SOFTWARE. │
╚─────────────────────────────────────────────────────────────────────────────*/
#include "libc/calls/calls.h"
#include "libc/calls/pledge.h"
#include "libc/calls/pledge.internal.h"
#include "libc/calls/syscall-nt.internal.h"
#include "libc/calls/syscall-sysv.internal.h"
#include "libc/dce.h"
#include "libc/intrin/describeflags.h"
#include "libc/intrin/likely.h"
#include "libc/intrin/promises.h"
#include "libc/intrin/strace.h"
#include "libc/intrin/weaken.h"
#include "libc/log/libfatal.internal.h"
#include "libc/runtime/runtime.h"
#include "libc/runtime/zipos.internal.h"
#include "libc/sysv/consts/o.h"
#include "libc/sysv/errfuns.h"
/**
* Replaces current process with program.
*
* Your `prog` may be an actually portable executable or a platform
* native binary (e.g. ELF, Mach-O, PE). On UNIX systems, your execve
* implementation will try to find where the `ape` interpreter program
* is installed on your system. The preferred location is `/usr/bin/ape`
* except on Apple Silicon where it's `/usr/local/bin/ape`. The $TMPDIR
* and $HOME locations that the APE shell script extracts the versioned
* ape binaries to will also be checked as a fallback path. Finally, if
* `prog` isn't an executable in any recognizable format, cosmo assumes
* it's a bourne shell script and launches it under /bin/sh.
*
* The signal mask and pending signals are inherited by the new process.
* Note the NetBSD kernel has a bug where pending signals are cleared.
*
* File descriptors that haven't been marked `O_CLOEXEC` through various
* devices such as open() and fcntl() will be inherited by the executed
* subprocess. The current file position of the duplicated descriptors
* is shared across processes. On Windows, `prog` needs to be built by
* cosmocc in order to properly inherit file descriptors. If a program
* compiled by MSVC or Cygwin is launched instead, then only the stdio
* file descriptors can be passed along.
*
* On Windows, the parent process must be a cosmo program. If you're
* calling execve() from a program that wasn't launched by cosmopolitan
* bash, or some similar program, then ask yourself if what you really
* want is to either (a) call fork() first, or (b) use posix_spawn().
*
* On Windows, `argv` and `envp` can't contain binary strings. They need
* to be valid UTF-8 in order to round-trip the WIN32 API, without being
* corrupted.
*
* On Windows, cosmo execve uses parent spoofing to implement the UNIX
* behavior of replacing the current process. Since POSIX.1 also needs
* us to maintain the same PID number too, the _COSMO_PID environemnt
* variable is passed to the child process which specifies a spoofed
* PID. Whatever is in that variable will be reported by getpid() and
* other cosmo processes will be able to send signals to the process
* using that pid, via kill(). These synthetic PIDs which are only
* created by execve could potentially overlap with OS assignments if
* Windows recycles them. Cosmo avoids that by tracking handles of
* subprocesses. Each process has its own process manager thread, to
* associate pids with win32 handles, and execve will tell the parent
* process its new handle when it changes. However it's not perfect.
* There's still situations where processes created by execve() can
* cause surprising things to happen. For an alternative, consider
* posix_spawn() which is fastest and awesomest across all OSes.
*
* On Windows, support is currently not implemented for inheriting
* setitimer() and alarm() into an executed process.
*
* On Windows, support is currently not implemented for inheriting
* getrusage() statistics into an executed process.
*
* The executed process will share the same terminal and current
* directory.
*
* @param program will not be PATH searched, see commandv()
* @param argv[0] is the name of the program to run
* @param argv[1,n-2] optionally specify program arguments
* @param argv[n-1] is NULL
* @param envp[0,n-2] specifies "foo=bar" environment variables
* @param envp[n-1] is NULL
* @return doesn't return, or -1 w/ errno
* @raise ETXTBSY if another process has `prog` open in write mode
* @raise ENOEXEC if file is executable but not a valid format
* @raise ENOMEM if remaining stack memory is insufficient
* @raise EACCES if execute permission was denied
* @asyncsignalsafe
* @vforksafe
*/
int execve(const char *prog, char *const argv[], char *const envp[]) {
int rc;
struct ZiposUri uri;
if (!prog || !argv || !envp) {
rc = efault();
} else {
STRACE("execve(%#s, %s, %s)", prog, DescribeStringList(argv),
DescribeStringList(envp));
rc = 0;
if (IsLinux() && __execpromises && _weaken(sys_pledge_linux)) {
rc = _weaken(sys_pledge_linux)(__execpromises, __pledge_mode);
}
if (!rc) {
if (0 && _weaken(__zipos_parseuri) &&
(_weaken(__zipos_parseuri)(prog, &uri) != -1)) {
rc = _weaken(__zipos_open)(&uri, O_RDONLY | O_CLOEXEC);
if (rc != -1) {
const int zipFD = rc;
strace_enabled(-1);
rc = fexecve(zipFD, argv, envp);
close(zipFD);
strace_enabled(+1);
}
} else if (!IsWindows()) {
rc = sys_execve(prog, argv, envp);
} else {
rc = sys_execve_nt(prog, argv, envp);
}
}
}
STRACE("execve(%#s) failed %d% m", prog, rc);
return rc;
}