-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
std: Don't pass overlapped handles to processes #38835
Conversation
This commit fixes a mistake introduced in rust-lang#31618 where overlapped handles were leaked to child processes on Windows. On Windows once a handle is in overlapped mode it should always have I/O executed with an instance of `OVERLAPPED`. Most child processes, however, are not prepared to have their stdio handles in overlapped mode as they don't use `OVERLAPPED` on reads/writes to the handle. Now we haven't had any odd behavior in Rust up to this point, and the original bug was introduced almost a year ago. I believe this is because it turns out that if you *don't* pass an `OVERLAPPED` then the system will [supply one for you][link]. In this case everything will go awry if you concurrently operate on the handle. In Rust, however, the stdio handles are always locked, and there's no way to not use them unlocked in libstd. Due to that change we've always had synchronized access to these handles, which means that Rust programs typically "just work". Conversely, though, this commit fixes the test case included, which exhibits behavior that other programs Rust spawns may attempt to execute. Namely, the stdio handles may be concurrently used and having them in overlapped mode wreaks havoc. [link]: https://blogs.msdn.microsoft.com/oldnewthing/20121012-00/?p=6343 Closes rust-lang#38811
r? @brson (rust_highfive has picked a reviewer for you, use r? to override) |
I'm also going to beta-nominate this issue due to it fixing a stable-to-stable regression, but if this rides the trains that also seems reasonable. For me if this passes the test suite I'd imagine it's ready to backport. |
@bors r+ |
📌 Commit 5148918 has been approved by |
@@ -54,11 +79,16 @@ pub fn anon_pipe() -> io::Result<(AnonPipe, AnonPipe)> { | |||
.encode_wide() | |||
.chain(Some(0)) | |||
.collect::<Vec<_>>(); | |||
let mut flags = c::FILE_FLAG_FIRST_PIPE_INSTANCE | | |||
c::FILE_FLAG_OVERLAPPED; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indentation is weird here. I immediately assumed this was inside some conditional.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’d honestly prefer if it was written as such:
let access_flag = if ours_readable { PIPE_ACCESS_INBOUND } else { PIPE_ACCESS_OUTBOUND };
let handle = c::CreateNamedPipeW(wide_name.as_ptr(),
PIPE_1 |
PIPE_2 |
access_flags, ...
@bors: p=1 This is a backport |
⌛ Testing commit 5148918 with merge 309dcc9... |
💔 Test failed - status-travis |
@bors retry |
⌛ Testing commit 5148918 with merge 9429fdc... |
💔 Test failed - status-travis |
@bors: retry
* osx linker segfaulted
…On Fri, Jan 6, 2017 at 8:21 AM, bors ***@***.***> wrote:
💔 Test failed - status-travis
<https://travis-ci.org/rust-lang/rust/builds/189523760>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#38835 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAD95CFyt6ddDzgOqb_L7QJflUHtE4CAks5rPmoVgaJpZM4LbMY2>
.
|
std: Don't pass overlapped handles to processes This commit fixes a mistake introduced in #31618 where overlapped handles were leaked to child processes on Windows. On Windows once a handle is in overlapped mode it should always have I/O executed with an instance of `OVERLAPPED`. Most child processes, however, are not prepared to have their stdio handles in overlapped mode as they don't use `OVERLAPPED` on reads/writes to the handle. Now we haven't had any odd behavior in Rust up to this point, and the original bug was introduced almost a year ago. I believe this is because it turns out that if you *don't* pass an `OVERLAPPED` then the system will [supply one for you][link]. In this case everything will go awry if you concurrently operate on the handle. In Rust, however, the stdio handles are always locked, and there's no way to not use them unlocked in libstd. Due to that change we've always had synchronized access to these handles, which means that Rust programs typically "just work". Conversely, though, this commit fixes the test case included, which exhibits behavior that other programs Rust spawns may attempt to execute. Namely, the stdio handles may be concurrently used and having them in overlapped mode wreaks havoc. [link]: https://blogs.msdn.microsoft.com/oldnewthing/20121012-00/?p=6343 Closes #38811
☀️ Test successful - status-appveyor, status-travis |
This commit fixes a mistake introduced in #31618 where overlapped handles were
leaked to child processes on Windows. On Windows once a handle is in overlapped
mode it should always have I/O executed with an instance of
OVERLAPPED
. Mostchild processes, however, are not prepared to have their stdio handles in
overlapped mode as they don't use
OVERLAPPED
on reads/writes to the handle.Now we haven't had any odd behavior in Rust up to this point, and the original
bug was introduced almost a year ago. I believe this is because it turns out
that if you don't pass an
OVERLAPPED
then the system will supply one foryou. In this case everything will go awry if you concurrently operate on
the handle. In Rust, however, the stdio handles are always locked, and there's
no way to not use them unlocked in libstd. Due to that change we've always had
synchronized access to these handles, which means that Rust programs typically
"just work".
Conversely, though, this commit fixes the test case included, which exhibits
behavior that other programs Rust spawns may attempt to execute. Namely, the
stdio handles may be concurrently used and having them in overlapped mode wreaks
havoc.
Closes #38811