1
/*
2
 * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
#undef  _LARGEFILE64_SOURCE
27
#define _LARGEFILE64_SOURCE 1
28

29
#include "jni.h"
30
#include "jvm.h"
31
#include "jvm_md.h"
32
#include "jni_util.h"
33
#include "io_util.h"
34

35
/*
36
 * Platform-specific support for java.lang.Process
37
 */
38
#include <assert.h>
39
#include <stddef.h>
40
#include <stdlib.h>
41
#include <sys/types.h>
42
#include <ctype.h>
43
#include <sys/wait.h>
44
#include <signal.h>
45
#include <string.h>
46

47
#if defined(__solaris__) || defined(_ALLBSD_SOURCE) || defined(_AIX)
48
#include <spawn.h>
49
#endif
50

51
#include "childproc.h"
52

53
/*
54
 * There are 4 possible strategies we might use to "fork":
55
 *
56
 * - fork(2).  Very portable and reliable but subject to
57
 *   failure due to overcommit (see the documentation on
58
 *   /proc/sys/vm/overcommit_memory in Linux proc(5)).
59
 *   This is the ancient problem of spurious failure whenever a large
60
 *   process starts a small subprocess.
61
 *
62
 * - vfork().  Using this is scary because all relevant man pages
63
 *   contain dire warnings, e.g. Linux vfork(2).  But at least it's
64
 *   documented in the glibc docs and is standardized by XPG4.
65
 *   http://www.opengroup.org/onlinepubs/000095399/functions/vfork.html
66
 *   On Linux, one might think that vfork() would be implemented using
67
 *   the clone system call with flag CLONE_VFORK, but in fact vfork is
68
 *   a separate system call (which is a good sign, suggesting that
69
 *   vfork will continue to be supported at least on Linux).
70
 *   Another good sign is that glibc implements posix_spawn using
71
 *   vfork whenever possible.  Note that we cannot use posix_spawn
72
 *   ourselves because there's no reliable way to close all inherited
73
 *   file descriptors.
74
 *
75
 * - clone() with flags CLONE_VM but not CLONE_THREAD.  clone() is
76
 *   Linux-specific, but this ought to work - at least the glibc
77
 *   sources contain code to handle different combinations of CLONE_VM
78
 *   and CLONE_THREAD.  However, when this was implemented, it
79
 *   appeared to fail on 32-bit i386 (but not 64-bit x86_64) Linux with
80
 *   the simple program
81
 *     Runtime.getRuntime().exec("/bin/true").waitFor();
82
 *   with:
83
 *     #  Internal Error (os_linux_x86.cpp:683), pid=19940, tid=2934639536
84
 *     #  Error: pthread_getattr_np failed with errno = 3 (ESRCH)
85
 *   We believe this is a glibc bug, reported here:
86
 *     http://sources.redhat.com/bugzilla/show_bug.cgi?id=10311
87
 *   but the glibc maintainers closed it as WONTFIX.
88
 *
89
 * - posix_spawn(). While posix_spawn() is a fairly elaborate and
90
 *   complicated system call, it can't quite do everything that the old
91
 *   fork()/exec() combination can do, so the only feasible way to do
92
 *   this, is to use posix_spawn to launch a new helper executable
93
 *   "jprochelper", which in turn execs the target (after cleaning
94
 *   up file-descriptors etc.) The end result is the same as before,
95
 *   a child process linked to the parent in the same way, but it
96
 *   avoids the problem of duplicating the parent (VM) process
97
 *   address space temporarily, before launching the target command.
98
 *
99
 * Based on the above analysis, we are currently using vfork() on
100
 * Linux and spawn() on other Unix systems, but the code to use clone()
101
 * and fork() remains.
102
 */
103

104

105
static void
106
setSIGCHLDHandler(JNIEnv *env)
107
{
108
    /* There is a subtle difference between having the signal handler
109
     * for SIGCHLD be SIG_DFL and SIG_IGN.  We cannot obtain process
110
     * termination information for child processes if the signal
111
     * handler is SIG_IGN.  It must be SIG_DFL.
112
     *
113
     * We used to set the SIGCHLD handler only on Linux, but it's
114
     * safest to set it unconditionally.
115
     *
116
     * Consider what happens if java's parent process sets the SIGCHLD
117
     * handler to SIG_IGN.  Normally signal handlers are inherited by
118
     * children, but SIGCHLD is a controversial case.  Solaris appears
119
     * to always reset it to SIG_DFL, but this behavior may be
120
     * non-standard-compliant, and we shouldn't rely on it.
121
     *
122
     * References:
123
     * http://www.opengroup.org/onlinepubs/7908799/xsh/exec.html
124
     * http://www.pasc.org/interps/unofficial/db/p1003.1/pasc-1003.1-132.html
125
     */
126
    struct sigaction sa;
127
    sa.sa_handler = SIG_DFL;
128
    sigemptyset(&sa.sa_mask);
129
    sa.sa_flags = SA_NOCLDSTOP | SA_RESTART;
130
    if (sigaction(SIGCHLD, &sa, NULL) < 0)
131
        JNU_ThrowInternalError(env, "Can't set SIGCHLD handler");
132
}
133

134
static void*
135
xmalloc(JNIEnv *env, size_t size)
136
{
137
    void *p = malloc(size);
138
    if (p == NULL)
139
        JNU_ThrowOutOfMemoryError(env, NULL);
140
    return p;
141
}
142

143
#define NEW(type, n) ((type *) xmalloc(env, (n) * sizeof(type)))
144

145
/**
146
 * If PATH is not defined, the OS provides some default value.
147
 * Unfortunately, there's no portable way to get this value.
148
 * Fortunately, it's only needed if the child has PATH while we do not.
149
 */
150
static const char*
151
defaultPath(void)
152
{
153
#ifdef __solaris__
154
    /* These really are the Solaris defaults! */
155
    return (geteuid() == 0 || getuid() == 0) ?
156
        "/usr/xpg4/bin:/usr/ccs/bin:/usr/bin:/opt/SUNWspro/bin:/usr/sbin" :
157
        "/usr/xpg4/bin:/usr/ccs/bin:/usr/bin:/opt/SUNWspro/bin:";
158
#else
159
    return ":/bin:/usr/bin";    /* glibc */
160
#endif
161
}
162

163
static const char*
164
effectivePath(void)
165
{
166
    const char *s = getenv("PATH");
167
    return (s != NULL) ? s : defaultPath();
168
}
169

170
static int
171
countOccurrences(const char *s, char c)
172
{
173
    int count;
174
    for (count = 0; *s != '\0'; s++)
175
        count += (*s == c);
176
    return count;
177
}
178

179
static const char * const *
180
effectivePathv(JNIEnv *env)
181
{
182
    char *p;
183
    int i;
184
    const char *path = effectivePath();
185
    int count = countOccurrences(path, ':') + 1;
186
    size_t pathvsize = sizeof(const char *) * (count+1);
187
    size_t pathsize = strlen(path) + 1;
188
    const char **pathv = (const char **) xmalloc(env, pathvsize + pathsize);
189

190
    if (pathv == NULL)
191
        return NULL;
192
    p = (char *) pathv + pathvsize;
193
    memcpy(p, path, pathsize);
194
    /* split PATH by replacing ':' with NULs; empty components => "." */
195
    for (i = 0; i < count; i++) {
196
        char *q = p + strcspn(p, ":");
197
        pathv[i] = (p == q) ? "." : p;
198
        *q = '\0';
199
        p = q + 1;
200
    }
201
    pathv[count] = NULL;
202
    return pathv;
203
}
204

205
JNIEXPORT void JNICALL
206
Java_java_lang_UNIXProcess_init(JNIEnv *env, jclass clazz)
207
{
208
    parentPathv = effectivePathv(env);
209
    CHECK_NULL(parentPathv);
210
    setSIGCHLDHandler(env);
211
}
212

213

214
#ifndef WIFEXITED
215
#define WIFEXITED(status) (((status)&0xFF) == 0)
216
#endif
217

218
#ifndef WEXITSTATUS
219
#define WEXITSTATUS(status) (((status)>>8)&0xFF)
220
#endif
221

222
#ifndef WIFSIGNALED
223
#define WIFSIGNALED(status) (((status)&0xFF) > 0 && ((status)&0xFF00) == 0)
224
#endif
225

226
#ifndef WTERMSIG
227
#define WTERMSIG(status) ((status)&0x7F)
228
#endif
229

230
/* Block until a child process exits and return its exit code.
231
   Note, can only be called once for any given pid. */
232
JNIEXPORT jint JNICALL
233
Java_java_lang_UNIXProcess_waitForProcessExit(JNIEnv* env,
234
                                              jobject junk,
235
                                              jint pid)
236
{
237
    /* We used to use waitid() on Solaris, waitpid() on Linux, but
238
     * waitpid() is more standard, so use it on all POSIX platforms. */
239
    int status;
240
    /* Wait for the child process to exit.  This returns immediately if
241
       the child has already exited. */
242
    while (waitpid(pid, &status, 0) < 0) {
243
        switch (errno) {
244
        case ECHILD: return 0;
245
        case EINTR: break;
246
        default: return -1;
247
        }
248
    }
249

250
    if (WIFEXITED(status)) {
251
        /*
252
         * The child exited normally; get its exit code.
253
         */
254
        return WEXITSTATUS(status);
255
    } else if (WIFSIGNALED(status)) {
256
        /* The child exited because of a signal.
257
         * The best value to return is 0x80 + signal number,
258
         * because that is what all Unix shells do, and because
259
         * it allows callers to distinguish between process exit and
260
         * process death by signal.
261
         * Unfortunately, the historical behavior on Solaris is to return
262
         * the signal number, and we preserve this for compatibility. */
263
#ifdef __solaris__
264
        return WTERMSIG(status);
265
#else
266
        return 0x80 + WTERMSIG(status);
267
#endif
268
    } else {
269
        /*
270
         * Unknown exit code; pass it through.
271
         */
272
        return status;
273
    }
274
}
275

276
static const char *
277
getBytes(JNIEnv *env, jbyteArray arr)
278
{
279
    return arr == NULL ? NULL :
280
        (const char*) (*env)->GetByteArrayElements(env, arr, NULL);
281
}
282

283
static void
284
releaseBytes(JNIEnv *env, jbyteArray arr, const char* parr)
285
{
286
    if (parr != NULL)
287
        (*env)->ReleaseByteArrayElements(env, arr, (jbyte*) parr, JNI_ABORT);
288
}
289

290
static void
291
throwIOException(JNIEnv *env, int errnum, const char *defaultDetail)
292
{
293
    static const char * const format = "error=%d, %s";
294
    const char *detail = defaultDetail;
295
    char *errmsg;
296
    char tmpbuf[1024];
297
    jstring s;
298

299
    if (errnum != 0) {
300
        int ret = getErrorString(errnum, tmpbuf, sizeof(tmpbuf));
301
        if (ret != EINVAL)
302
            detail = tmpbuf;
303
    }
304
    /* ASCII Decimal representation uses 2.4 times as many bits as binary. */
305
    errmsg = NEW(char, strlen(format) + strlen(detail) + 3 * sizeof(errnum));
306
    if (errmsg == NULL)
307
        return;
308

309
    sprintf(errmsg, format, errnum, detail);
310
    s = JNU_NewStringPlatform(env, errmsg);
311
    if (s != NULL) {
312
        jobject x = JNU_NewObjectByName(env, "java/io/IOException",
313
                                        "(Ljava/lang/String;)V", s);
314
        if (x != NULL)
315
            (*env)->Throw(env, x);
316
    }
317
    free(errmsg);
318
}
319

320
#ifdef DEBUG_PROCESS
321
/* Debugging process code is difficult; where to write debug output? */
322
static void
323
debugPrint(char *format, ...)
324
{
325
    FILE *tty = fopen("/dev/tty", "w");
326
    va_list ap;
327
    va_start(ap, format);
328
    vfprintf(tty, format, ap);
329
    va_end(ap);
330
    fclose(tty);
331
}
332
#endif /* DEBUG_PROCESS */
333

334
static void
335
copyPipe(int from[2], int to[2])
336
{
337
    to[0] = from[0];
338
    to[1] = from[1];
339
}
340

341
/* arg is an array of pointers to 0 terminated strings. array is terminated
342
 * by a null element.
343
 *
344
 * *nelems and *nbytes receive the number of elements of array (incl 0)
345
 * and total number of bytes (incl. 0)
346
 * Note. An empty array will have one null element
347
 * But if arg is null, then *nelems set to 0, and *nbytes to 0
348
 */
349
static void arraysize(const char * const *arg, int *nelems, int *nbytes)
350
{
351
    int i, bytes, count;
352
    const char * const *a = arg;
353
    char *p;
354
    int *q;
355
    if (arg == 0) {
356
        *nelems = 0;
357
        *nbytes = 0;
358
        return;
359
    }
360
    /* count the array elements and number of bytes */
361
    for (count=0, bytes=0; *a != 0; count++, a++) {
362
        bytes += strlen(*a)+1;
363
    }
364
    *nbytes = bytes;
365
    *nelems = count+1;
366
}
367

368
/* copy the strings from arg[] into buf, starting at given offset
369
 * return new offset to next free byte
370
 */
371
static int copystrings(char *buf, int offset, const char * const *arg) {
372
    char *p;
373
    const char * const *a;
374
    int count=0;
375

376
    if (arg == 0) {
377
        return offset;
378
    }
379
    for (p=buf+offset, a=arg; *a != 0; a++) {
380
        int len = strlen(*a) +1;
381
        memcpy(p, *a, len);
382
        p += len;
383
        count += len;
384
    }
385
    return offset+count;
386
}
387

388
/**
389
 * We are unusually paranoid; use of clone/vfork is
390
 * especially likely to tickle gcc/glibc bugs.
391
 */
392
#ifdef __attribute_noinline__  /* See: sys/cdefs.h */
393
__attribute_noinline__
394
#endif
395

396
#define START_CHILD_USE_CLONE 0  /* clone() currently disabled; see above. */
397

398
#ifdef START_CHILD_USE_CLONE
399
static pid_t
400
cloneChild(ChildStuff *c) {
401
#ifdef __linux__
402
#define START_CHILD_CLONE_STACK_SIZE (64 * 1024)
403
    /*
404
     * See clone(2).
405
     * Instead of worrying about which direction the stack grows, just
406
     * allocate twice as much and start the stack in the middle.
407
     */
408
    if ((c->clone_stack = malloc(2 * START_CHILD_CLONE_STACK_SIZE)) == NULL)
409
        /* errno will be set to ENOMEM */
410
        return -1;
411
    return clone(childProcess,
412
                 c->clone_stack + START_CHILD_CLONE_STACK_SIZE,
413
                 CLONE_VFORK | CLONE_VM | SIGCHLD, c);
414
#else
415
/* not available on Solaris / Mac */
416
    assert(0);
417
    return -1;
418
#endif
419
}
420
#endif
421

422
static pid_t
423
vforkChild(ChildStuff *c) {
424
    volatile pid_t resultPid;
425

426
    /*
427
     * We separate the call to vfork into a separate function to make
428
     * very sure to keep stack of child from corrupting stack of parent,
429
     * as suggested by the scary gcc warning:
430
     *  warning: variable 'foo' might be clobbered by 'longjmp' or 'vfork'
431
     */
432
    resultPid = vfork();
433

434
    if (resultPid == 0) {
435
        childProcess(c);
436
    }
437
    assert(resultPid != 0);  /* childProcess never returns */
438
    return resultPid;
439
}
440

441
static pid_t
442
forkChild(ChildStuff *c) {
443
    pid_t resultPid;
444

445
    /*
446
     * From Solaris fork(2): In Solaris 10, a call to fork() is
447
     * identical to a call to fork1(); only the calling thread is
448
     * replicated in the child process. This is the POSIX-specified
449
     * behavior for fork().
450
     */
451
    resultPid = fork();
452

453
    if (resultPid == 0) {
454
        childProcess(c);
455
    }
456
    assert(resultPid != 0);  /* childProcess never returns */
457
    return resultPid;
458
}
459

460
#if defined(__solaris__) || defined(_ALLBSD_SOURCE) || defined(_AIX)
461
static pid_t
462
spawnChild(JNIEnv *env, jobject process, ChildStuff *c, const char *helperpath) {
463
    pid_t resultPid;
464
    jboolean isCopy;
465
    int i, offset, rval, bufsize, magic;
466
    char *buf, buf1[16];
467
    char *hlpargs[2];
468
    SpawnInfo sp;
469

470
    /* need to tell helper which fd is for receiving the childstuff
471
     * and which fd to send response back on
472
     */
473
    snprintf(buf1, sizeof(buf1), "%d:%d", c->childenv[0], c->fail[1]);
474
    /* put the fd string as argument to the helper cmd */
475
    hlpargs[0] = buf1;
476
    hlpargs[1] = 0;
477

478
    /* Following items are sent down the pipe to the helper
479
     * after it is spawned.
480
     * All strings are null terminated. All arrays of strings
481
     * have an empty string for termination.
482
     * - the ChildStuff struct
483
     * - the SpawnInfo struct
484
     * - the argv strings array
485
     * - the envv strings array
486
     * - the home directory string
487
     * - the parentPath string
488
     * - the parentPathv array
489
     */
490
    /* First calculate the sizes */
491
    arraysize(c->argv, &sp.nargv, &sp.argvBytes);
492
    bufsize = sp.argvBytes;
493
    arraysize(c->envv, &sp.nenvv, &sp.envvBytes);
494
    bufsize += sp.envvBytes;
495
    sp.dirlen = c->pdir == 0 ? 0 : strlen(c->pdir)+1;
496
    bufsize += sp.dirlen;
497
    arraysize(parentPathv, &sp.nparentPathv, &sp.parentPathvBytes);
498
    bufsize += sp.parentPathvBytes;
499
    /* We need to clear FD_CLOEXEC if set in the fds[].
500
     * Files are created FD_CLOEXEC in Java.
501
     * Otherwise, they will be closed when the target gets exec'd */
502
    for (i=0; i<3; i++) {
503
        if (c->fds[i] != -1) {
504
            int flags = fcntl(c->fds[i], F_GETFD);
505
            if (flags & FD_CLOEXEC) {
506
                fcntl(c->fds[i], F_SETFD, flags & (~1));
507
            }
508
        }
509
    }
510

511
    rval = posix_spawn(&resultPid, helperpath, 0, 0, (char * const *) hlpargs, environ);
512

513
    if (rval != 0) {
514
        return -1;
515
    }
516

517
    /* now the lengths are known, copy the data */
518
    buf = NEW(char, bufsize);
519
    if (buf == 0) {
520
        return -1;
521
    }
522
    offset = copystrings(buf, 0, &c->argv[0]);
523
    offset = copystrings(buf, offset, &c->envv[0]);
524
    memcpy(buf+offset, c->pdir, sp.dirlen);
525
    offset += sp.dirlen;
526
    offset = copystrings(buf, offset, parentPathv);
527
    assert(offset == bufsize);
528

529
    magic = magicNumber();
530

531
    /* write the two structs and the data buffer */
532
    write(c->childenv[1], (char *)&magic, sizeof(magic)); // magic number first
533
    write(c->childenv[1], (char *)c, sizeof(*c));
534
    write(c->childenv[1], (char *)&sp, sizeof(sp));
535
    write(c->childenv[1], buf, bufsize);
536
    free(buf);
537

538
    /* In this mode an external main() in invoked which calls back into
539
     * childProcess() in this file, rather than directly
540
     * via the statement below */
541
    return resultPid;
542
}
543
#endif
544

545
/*
546
 * Start a child process running function childProcess.
547
 * This function only returns in the parent.
548
 */
549
static pid_t
550
startChild(JNIEnv *env, jobject process, ChildStuff *c, const char *helperpath) {
551
    switch (c->mode) {
552
      case MODE_VFORK:
553
        return vforkChild(c);
554
      case MODE_FORK:
555
        return forkChild(c);
556
#if defined(__solaris__) || defined(_ALLBSD_SOURCE) || defined(_AIX)
557
      case MODE_POSIX_SPAWN:
558
        return spawnChild(env, process, c, helperpath);
559
#endif
560
      default:
561
        return -1;
562
    }
563
}
564

565
JNIEXPORT jint JNICALL
566
Java_java_lang_UNIXProcess_forkAndExec(JNIEnv *env,
567
                                       jobject process,
568
                                       jint mode,
569
                                       jbyteArray helperpath,
570
                                       jbyteArray prog,
571
                                       jbyteArray argBlock, jint argc,
572
                                       jbyteArray envBlock, jint envc,
573
                                       jbyteArray dir,
574
                                       jintArray std_fds,
575
                                       jboolean redirectErrorStream)
576
{
577
    int errnum;
578
    int resultPid = -1;
579
    int in[2], out[2], err[2], fail[2], childenv[2];
580
    jint *fds = NULL;
581
    const char *phelperpath = NULL;
582
    const char *pprog = NULL;
583
    const char *pargBlock = NULL;
584
    const char *penvBlock = NULL;
585
    ChildStuff *c;
586

587
    in[0] = in[1] = out[0] = out[1] = err[0] = err[1] = fail[0] = fail[1] = -1;
588
    childenv[0] = childenv[1] = -1;
589

590
    if ((c = NEW(ChildStuff, 1)) == NULL) return -1;
591
    c->argv = NULL;
592
    c->envv = NULL;
593
    c->pdir = NULL;
594
    c->clone_stack = NULL;
595

596
    /* Convert prog + argBlock into a char ** argv.
597
     * Add one word room for expansion of argv for use by
598
     * execve_as_traditional_shell_script.
599
     * This word is also used when using spawn mode
600
     */
601
    assert(prog != NULL && argBlock != NULL);
602
    if ((phelperpath = getBytes(env, helperpath))   == NULL) goto Catch;
603
    if ((pprog       = getBytes(env, prog))         == NULL) goto Catch;
604
    if ((pargBlock   = getBytes(env, argBlock))     == NULL) goto Catch;
605
    if ((c->argv     = NEW(const char *, argc + 3)) == NULL) goto Catch;
606
    c->argv[0] = pprog;
607
    c->argc = argc + 2;
608
    initVectorFromBlock(c->argv+1, pargBlock, argc);
609

610
    if (envBlock != NULL) {
611
        /* Convert envBlock into a char ** envv */
612
        if ((penvBlock = getBytes(env, envBlock))   == NULL) goto Catch;
613
        if ((c->envv = NEW(const char *, envc + 1)) == NULL) goto Catch;
614
        initVectorFromBlock(c->envv, penvBlock, envc);
615
    }
616

617
    if (dir != NULL) {
618
        if ((c->pdir = getBytes(env, dir)) == NULL) goto Catch;
619
    }
620

621
    assert(std_fds != NULL);
622
    fds = (*env)->GetIntArrayElements(env, std_fds, NULL);
623
    if (fds == NULL) goto Catch;
624

625
    if ((fds[0] == -1 && pipe(in)  < 0) ||
626
        (fds[1] == -1 && pipe(out) < 0) ||
627
        (fds[2] == -1 && pipe(err) < 0) ||
628
        (pipe(childenv) < 0) ||
629
        (pipe(fail) < 0)) {
630
        throwIOException(env, errno, "Bad file descriptor");
631
        goto Catch;
632
    }
633
    c->fds[0] = fds[0];
634
    c->fds[1] = fds[1];
635
    c->fds[2] = fds[2];
636

637
    copyPipe(in,   c->in);
638
    copyPipe(out,  c->out);
639
    copyPipe(err,  c->err);
640
    copyPipe(fail, c->fail);
641
    copyPipe(childenv, c->childenv);
642

643
    c->redirectErrorStream = redirectErrorStream;
644
    c->mode = mode;
645

646
    resultPid = startChild(env, process, c, phelperpath);
647
    assert(resultPid != 0);
648

649
    if (resultPid < 0) {
650
        switch (c->mode) {
651
          case MODE_VFORK:
652
            throwIOException(env, errno, "vfork failed");
653
            break;
654
          case MODE_FORK:
655
            throwIOException(env, errno, "fork failed");
656
            break;
657
          case MODE_POSIX_SPAWN:
658
            throwIOException(env, errno, "spawn failed");
659
            break;
660
        }
661
        goto Catch;
662
    }
663
    close(fail[1]); fail[1] = -1; /* See: WhyCantJohnnyExec  (childproc.c)  */
664

665
    switch (readFully(fail[0], &errnum, sizeof(errnum))) {
666
    case 0: break; /* Exec succeeded */
667
    case sizeof(errnum):
668
        waitpid(resultPid, NULL, 0);
669
        throwIOException(env, errnum, "Exec failed");
670
        goto Catch;
671
    default:
672
        throwIOException(env, errno, "Read failed");
673
        goto Catch;
674
    }
675

676
    fds[0] = (in [1] != -1) ? in [1] : -1;
677
    fds[1] = (out[0] != -1) ? out[0] : -1;
678
    fds[2] = (err[0] != -1) ? err[0] : -1;
679

680
 Finally:
681
    free(c->clone_stack);
682

683
    /* Always clean up the child's side of the pipes */
684
    closeSafely(in [0]);
685
    closeSafely(out[1]);
686
    closeSafely(err[1]);
687

688
    /* Always clean up fail and childEnv descriptors */
689
    closeSafely(fail[0]);
690
    closeSafely(fail[1]);
691
    closeSafely(childenv[0]);
692
    closeSafely(childenv[1]);
693

694
    releaseBytes(env, helperpath, phelperpath);
695
    releaseBytes(env, prog,       pprog);
696
    releaseBytes(env, argBlock,   pargBlock);
697
    releaseBytes(env, envBlock,   penvBlock);
698
    releaseBytes(env, dir,        c->pdir);
699

700
    free(c->argv);
701
    free(c->envv);
702
    free(c);
703

704
    if (fds != NULL)
705
        (*env)->ReleaseIntArrayElements(env, std_fds, fds, 0);
706

707
    return resultPid;
708

709
 Catch:
710
    /* Clean up the parent's side of the pipes in case of failure only */
711
    closeSafely(in [1]); in[1] = -1;
712
    closeSafely(out[0]); out[0] = -1;
713
    closeSafely(err[0]); err[0] = -1;
714
    goto Finally;
715
}
716

717
JNIEXPORT void JNICALL
718
Java_java_lang_UNIXProcess_destroyProcess(JNIEnv *env,
719
                                          jobject junk,
720
                                          jint pid,
721
                                          jboolean force)
722
{
723
    int sig = (force == JNI_TRUE) ? SIGKILL : SIGTERM;
724
    kill(pid, sig);
725
}
726

727