WinAPI: who closes an inherited handle? - winapi

In windows, a child process can inherit handles of the parent process, given that the handle is created inheritable, and the child process is created with the "inherit handles" option.
How are those handles closed properly? I couldn't find any documentation on that.
Does the inherited handle in the child process become invalid when the parent process closes it (or terminates)? In that case, the child process would have to duplicate it. and only close the duplicate after use - but depending on how the handle value is passed to the child process, there would be a (miniscule) window in which the handle could become invalid before it is duplicated.
Or does the child process get its own handle, that it can (and should) close as needed?
That seems more reasonable to me, though I wonder how can we ensure that the child process knows of ll handles it became responsible for?

inherit handles this is duplicated handles. so they independent from parent process handles and not become invalid when the parent process closes self copy. and child process can (and should) close this handles when no more needed it. if not do this - handles will be closed when process exit.
how can we ensure that the child process knows of all handles it
became responsible for?
formally possible enumerate all handles in self process (via NtQuerySystemInformation(SystemExtendedHandleInformation) and for every handle call GetHandleInformation and check for HANDLE_FLAG_INHERIT. but this not have big sense and nobody do this.
need ask another question first - for what we pass handle(s) to child ? in most case we also pass information about this handles values to child. usually inside command line. child must understand format of command line and get information about handles.
how child will be use handles, close he they or it will be closed only when child exit - this already depend from child process. how it written/design

Related

Killing all descendent processes robustly on macOS

On Linux, Pid namespaces can be used to robustly kill all descendent (including orphaned & zombie) processes – see this answer for example.
What's the closest to a "robust" way to do the same on macOS? I can't rely on process groups unfortunately as some of the descendent processes alter them.
It's a gross kludge, but it might work: The first process would open a file descriptor so that, by default, all descendant processes inherit it. When it wants to kill them all, it runs lsof to find all processes with that file open and kills them.
It won't work for processes which have detached themselves, but you could walk the child process tree using proc_listchildpids() and send signals to each PID you obtain. There are probably some timing edge cases between checking a process's children and killing it - it could spawn more processes in this time. You could perhaps suspend all processes before listing their children and killing them. Processes whose parent has died should I think be reattached to their grandparent anyway though (I may be wrong on this) so in that case, as long as you keep calling proc_listchildpids() after sending each round of signals you should eventually end up in a steady state. (Ideally with no child processes left. But if they get into a really bad state [due to a kernel bug], some processes may be completely unkillable.)
proc_listchildpids() is declared in <libproc/libproc.h>.

Does Windows 7 recycle process id (PID) numbers?

I have this little test program that tracks PID's as they are created and shut down.
I am investigating a problem that my program has found and would like to ask you about this
in order to have a better idea on what's going on.
When a windows process is started, it gets a PID but when the process is shut down, does the PID
become retired (like a star basketballer's jersey number) or is it possible for a new, entirely
unrelated, process to be created under that released PID?
Thanks
Yes, process IDs may be recycled by the system. They become available for this as soon as the last handle to the process has been closed.
Raymond Chen discussed this matter here: When does a process ID become available for reuse?
The process ID is a value associated with the process object, and as
long as the process object is still around, so too will its process
ID. The process object remains as long as the process is still running
(the process implicitly retains a reference to itself) or as long as
somebody still has a handle to the process object.
If you think about it, this makes sense, because as long as there is
still a handle to the process, somebody can call WaitForSingleObject
to wait for the process to exit, or they can call GetExitCodeProcess
to retrieve the exit code, and that exit code has to be stored
somewhere for later retrieval.
When all handles are closed, then the kernel knows that nobody is
going to ask whether the process is still running or what its exit
code is (because you need a handle to ask those questions). At which
point the process object can be destroyed, which in turn destroys the
process ID.
I ran a test for about an hour and in that time 302 processes exits and 70 of them had PIDs in common (same PID was used for a new process). So that would say they are reused frequently.
Evidently, if the process is terminated, its PID is available for reuse.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms683215%28v=vs.85%29.aspx
Remarks
Until a process terminates, its process identifier uniquely identifies it on the system. For more information about access rights, see Process Security and Access Rights.

Provide full access over terminal for child, while it alive

I use fork() in order to exec some another program, for example "vim" or "man bash". But, at that moment I lost control, I can't print anything in vim or scroll or quite.
So, my question: how give child full access over terminal(input/output) and get it back for parent after child death?
So, my question: how give child full access over terminal(input/output) and get it back for parent after child death?
waitpid() and SIGCHLD are mechanisms for knowing when a child process has finished. The functions tcgetpgrp(fd) and tcsetpgrp(fd,pgrp) and ctermid() can be used to place a program in the foreground of a terminal.
Otherwise, the information in tcsetpgrp() in 'C' is probably instructive.

Detecting if anonymous pipe is writable - to detect when to end process

So heres the situation (in windows):
Theres a child process started by the parent, which only has one pipe open, stdout.
In order for the parent to end the process, it calls pclose
We can't call read on the pipe to detect if its broken to end the process (because it's a write only pipe, read will always return immediately with an error)
Is there a way to get an event from the pipe when the read end (on the parent) closes? If not, we have to continuously write garbage to the pipe in order to detect when it closes, which is a sub-optimal and wasteful solution.

Are Process::detach and Process::wait mutually exclusive (Ruby)?

I'm refactoring a bit of concurrent processing in my Ruby on Rails server (running on Linux) to use Spawn. Spawn::fork_it documentation claims that forked processes can still be waited on after being detached: https://github.com/tra/spawn/blob/master/lib/spawn.rb (line 186):
# detach from child process (parent may still wait for detached process if they wish)
Process.detach(child)
However, the Ruby Process::detach documentation says you should not do this: http://www.ruby-doc.org/core/classes/Process.html
Some operating systems retain the status of terminated child processes until the parent collects that status (normally using some variant of wait(). If the parent never collects this status, the child stays around as a zombie process. Process::detach prevents this by setting up a separate Ruby thread whose sole job is to reap the status of the process pid when it terminates. Use detach only when you do not intent to explicitly wait for the child to terminate.
Yet Spawn::wait effectively allows you to do just that by wrapping Process::wait. On a side note, I specifically want to use the Process::waitpid2 method to wait on the child processes, instead of using the Spawn::wait method.
Will detach-and-wait not work correctly on Linux? I'm concerned that this may cause a race condition between the detached reaper thread and the waiting parent process, as to who collects the child status first.
The answer to this question is there in the documentation. Are you writing code for your own use in a controlled environment? Or to be used widely by third parties? Ruby is written to be widely used by third parties, so their recommendation is to not do something that could fail on "some operating systems". Perhaps the Spawn library is designed primarily for use on Linux machines and tested only on a small subset thereof where this tactic works.
If you're distributing the code you're writing to be used by anyone and everyone, I would take Ruby's approach.
If you control the environment where this code will be run, I would write two tests:
A test that spawns a process, detaches it and then waits for it.
A test that spawns a process and then just waits for it.
Count the failure rate for both and if they are equal (within a margin that you feel is acceptable), go for it!

Resources