-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #46775 -- don't mutate the process's environment in Command::exec #55359
Conversation
r? @aidanhs (rust_highfive has picked a reviewer for you, use r? to override) |
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
I don't see how I could have broken compiletests, with a libstd fix? |
The failure in question is https://github.com/rust-lang/rust/blob/master/src/test/run-pass-fulldeps/issue-15149.rs which used
|
Ooof, this one is a mess. With the previous logic, the env was mutated so the current process's env contained a modified That's a frustrating mess, the only workaround that comes to mind is implementing |
TBH I wouldn't even expect the |
Unfortunately #15149 indicates that this was an intentional decision, so we can't just break it. |
Oh this is so sad :( So the original Unix implementation used a strange way to change the child's environment (not using |
dee48bf
to
34ab6a3
Compare
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
34ab6a3
to
13c6fb7
Compare
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
13c6fb7
to
1c07f4d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the fix here! I've got a few comments but they should be pretty easily fixable
1c07f4d
to
fc770ea
Compare
@alexcrichton I think I got 'em both. |
@bors: r+ Thanks! |
📌 Commit fc770eaed19d1bc488cfa4632889edc107a7d813 has been approved by |
@bors: p=1 We'll want to be sure to backport this, so raising priority |
@bors: r+ p=1 er oops, didn't mean to close |
💡 This pull request was already approved, no need to approve it again.
|
This commit, after reverting rust-lang#55359, applies a different fix for rust-lang#46775 while also fixing rust-lang#55775. The basic idea was to go back to pre-rust-lang#55359 libstd, and then fix rust-lang#46775 in a way that doesn't expose rust-lang#55775. The issue described in rust-lang#46775 boils down to two problems: * First, the global environment is reset during `exec` but, but if the `exec` call fails then the global environment was a dangling pointer into free'd memory as the block of memory was deallocated when `Command` is dropped. This is fixed in this commit by installing a `Drop` stack object which ensures that the `environ` pointer is preserved on a failing `exec`. * Second, the global environment was accessed in an unsynchronized fashion during `exec`. This was fixed by ensuring that the Rust-specific environment lock is acquired for these system-level operations. Thanks to Alex Gaynor for pioneering the solution here! Closes rust-lang#55775 Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
std: Synchronize access to global env during `exec` This commit, after reverting #55359, applies a different fix for #46775 while also fixing #55775. The basic idea was to go back to pre-#55359 libstd, and then fix #46775 in a way that doesn't expose #55775. The issue described in #46775 boils down to two problems: * First, the global environment is reset during `exec` but, but if the `exec` call fails then the global environment was a dangling pointer into free'd memory as the block of memory was deallocated when `Command` is dropped. This is fixed in this commit by installing a `Drop` stack object which ensures that the `environ` pointer is preserved on a failing `exec`. * Second, the global environment was accessed in an unsynchronized fashion during `exec`. This was fixed by ensuring that the Rust-specific environment lock is acquired for these system-level operations. Thanks to Alex Gaynor for pioneering the solution here! Closes #55775
This commit, after reverting rust-lang#55359, applies a different fix for rust-lang#46775 while also fixing rust-lang#55775. The basic idea was to go back to pre-rust-lang#55359 libstd, and then fix rust-lang#46775 in a way that doesn't expose rust-lang#55775. The issue described in rust-lang#46775 boils down to two problems: * First, the global environment is reset during `exec` but, but if the `exec` call fails then the global environment was a dangling pointer into free'd memory as the block of memory was deallocated when `Command` is dropped. This is fixed in this commit by installing a `Drop` stack object which ensures that the `environ` pointer is preserved on a failing `exec`. * Second, the global environment was accessed in an unsynchronized fashion during `exec`. This was fixed by ensuring that the Rust-specific environment lock is acquired for these system-level operations. Thanks to Alex Gaynor for pioneering the solution here! Closes rust-lang#55775 Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
std: Synchronize access to global env during `exec` This commit, after reverting #55359, applies a different fix for #46775 while also fixing #55775. The basic idea was to go back to pre-#55359 libstd, and then fix #46775 in a way that doesn't expose #55775. The issue described in #46775 boils down to two problems: * First, the global environment is reset during `exec` but, but if the `exec` call fails then the global environment was a dangling pointer into free'd memory as the block of memory was deallocated when `Command` is dropped. This is fixed in this commit by installing a `Drop` stack object which ensures that the `environ` pointer is preserved on a failing `exec`. * Second, the global environment was accessed in an unsynchronized fashion during `exec`. This was fixed by ensuring that the Rust-specific environment lock is acquired for these system-level operations. Thanks to Alex Gaynor for pioneering the solution here! Closes #55775
This commit, after reverting rust-lang#55359, applies a different fix for rust-lang#46775 while also fixing rust-lang#55775. The basic idea was to go back to pre-rust-lang#55359 libstd, and then fix rust-lang#46775 in a way that doesn't expose rust-lang#55775. The issue described in rust-lang#46775 boils down to two problems: * First, the global environment is reset during `exec` but, but if the `exec` call fails then the global environment was a dangling pointer into free'd memory as the block of memory was deallocated when `Command` is dropped. This is fixed in this commit by installing a `Drop` stack object which ensures that the `environ` pointer is preserved on a failing `exec`. * Second, the global environment was accessed in an unsynchronized fashion during `exec`. This was fixed by ensuring that the Rust-specific environment lock is acquired for these system-level operations. Thanks to Alex Gaynor for pioneering the solution here! Closes rust-lang#55775 Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
This commit, after reverting rust-lang#55359, applies a different fix for rust-lang#46775 while also fixing rust-lang#55775. The basic idea was to go back to pre-rust-lang#55359 libstd, and then fix rust-lang#46775 in a way that doesn't expose rust-lang#55775. The issue described in rust-lang#46775 boils down to two problems: * First, the global environment is reset during `exec` but, but if the `exec` call fails then the global environment was a dangling pointer into free'd memory as the block of memory was deallocated when `Command` is dropped. This is fixed in this commit by installing a `Drop` stack object which ensures that the `environ` pointer is preserved on a failing `exec`. * Second, the global environment was accessed in an unsynchronized fashion during `exec`. This was fixed by ensuring that the Rust-specific environment lock is acquired for these system-level operations. Thanks to Alex Gaynor for pioneering the solution here! Closes rust-lang#55775 Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Instead, pass the environment to execvpe, so the kernel can apply it directly to the new process. This avoids a use-after-free in the case where exec'ing the new process fails for any reason, as well as a race condition if there are other threads alive during the exec.
Fixes #46775