diff options
| author | Gregory P. Smith <greg@krypto.org> | 2022-04-25 23:19:39 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-25 23:19:39 (GMT) |
| commit | cd5726fe674eaff442510eeb6c75628858be9e9f (patch) | |
| tree | d311f0b144298e29596d1fb5dcc4629ec9e8647e /Modules | |
| parent | eddd07f840c9a4ab0ee05ce56d98caac0f072cef (diff) | |
| download | cpython-cd5726fe674eaff442510eeb6c75628858be9e9f.zip cpython-cd5726fe674eaff442510eeb6c75628858be9e9f.tar.gz cpython-cd5726fe674eaff442510eeb6c75628858be9e9f.tar.bz2 | |
gh-91401: Add a failsafe way to disable vfork. (#91490)
Just in case there is ever an issue with _posixsubprocess's use of
vfork() due to the complexity of using it properly and potential
directions that Linux platforms where it defaults to on could take, this
adds a failsafe so that users can disable its use entirely by setting
a global flag.
No known reason to disable it exists. But it'd be a shame to encounter
one and not be able to use CPython without patching and rebuilding it.
See the linked issue for some discussion on reasoning.
Also documents the existing way to disable posix_spawn.
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_posixsubprocess.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/Modules/_posixsubprocess.c b/Modules/_posixsubprocess.c index 440c7c5..2440609 100644 --- a/Modules/_posixsubprocess.c +++ b/Modules/_posixsubprocess.c @@ -751,9 +751,10 @@ subprocess_fork_exec(PyObject *module, PyObject *args) Py_ssize_t arg_num, num_groups = 0; int need_after_fork = 0; int saved_errno = 0; + int allow_vfork; if (!PyArg_ParseTuple( - args, "OOpO!OOiiiiiiiiiiOOOiO:fork_exec", + args, "OOpO!OOiiiiiiiiiiOOOiOp:fork_exec", &process_args, &executable_list, &close_fds, &PyTuple_Type, &py_fds_to_keep, &cwd_obj, &env_list, @@ -761,7 +762,7 @@ subprocess_fork_exec(PyObject *module, PyObject *args) &errread, &errwrite, &errpipe_read, &errpipe_write, &restore_signals, &call_setsid, &gid_object, &groups_list, &uid_object, &child_umask, - &preexec_fn)) + &preexec_fn, &allow_vfork)) return NULL; if ((preexec_fn != Py_None) && @@ -940,7 +941,7 @@ subprocess_fork_exec(PyObject *module, PyObject *args) #ifdef VFORK_USABLE /* Use vfork() only if it's safe. See the comment above child_exec(). */ sigset_t old_sigs; - if (preexec_fn == Py_None && + if (preexec_fn == Py_None && allow_vfork && !call_setuid && !call_setgid && !call_setgroups) { /* Block all signals to ensure that no signal handlers are run in the * child process while it shares memory with us. Note that signals |