mirror of
https://github.com/openai/codex.git
synced 2026-05-02 20:32:04 +03:00
82c981cafc
This PR changes stdio MCP child processes to run in their own process group * Add guarded teardown in codex-rmcp-client: send SIGTERM to the group first, then SIGKILL after a short grace period. * Add terminate_process_group helper in process_group.rs. * Add Unix regression test in process_group_cleanup.rs to verify wrapper + grandchild are reaped on client drop. Addresses reported MCP process/thread storm: #10581
185 lines
5.0 KiB
Rust
185 lines
5.0 KiB
Rust
//! Process-group helpers shared by pipe/pty and shell command execution.
|
|
//!
|
|
//! This module centralizes the OS-specific pieces that ensure a spawned
|
|
//! command can be cleaned up reliably:
|
|
//! - `set_process_group` is called in `pre_exec` so the child starts its own
|
|
//! process group.
|
|
//! - `detach_from_tty` starts a new session so non-interactive children do not
|
|
//! inherit the controlling TTY.
|
|
//! - `kill_process_group_by_pid` targets the whole group (children/grandchildren)
|
|
//! - `kill_process_group` targets a known process group ID directly
|
|
//! instead of a single PID.
|
|
//! - `set_parent_death_signal` (Linux only) arranges for the child to receive a
|
|
//! `SIGTERM` when the parent exits, and re-checks the parent PID to avoid
|
|
//! races during fork/exec.
|
|
//!
|
|
//! On non-Unix platforms these helpers are no-ops.
|
|
|
|
use std::io;
|
|
|
|
use tokio::process::Child;
|
|
|
|
#[cfg(target_os = "linux")]
|
|
/// Ensure the child receives SIGTERM when the original parent dies.
|
|
///
|
|
/// This should run in `pre_exec` and uses `parent_pid` captured before spawn to
|
|
/// avoid a race where the parent exits between fork and exec.
|
|
pub fn set_parent_death_signal(parent_pid: libc::pid_t) -> io::Result<()> {
|
|
if unsafe { libc::prctl(libc::PR_SET_PDEATHSIG, libc::SIGTERM) } == -1 {
|
|
return Err(io::Error::last_os_error());
|
|
}
|
|
|
|
if unsafe { libc::getppid() } != parent_pid {
|
|
unsafe {
|
|
libc::raise(libc::SIGTERM);
|
|
}
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(not(target_os = "linux"))]
|
|
/// No-op on non-Linux platforms.
|
|
pub fn set_parent_death_signal(_parent_pid: i32) -> io::Result<()> {
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(unix)]
|
|
/// Detach from the controlling TTY by starting a new session.
|
|
pub fn detach_from_tty() -> io::Result<()> {
|
|
let result = unsafe { libc::setsid() };
|
|
if result == -1 {
|
|
let err = io::Error::last_os_error();
|
|
if err.raw_os_error() == Some(libc::EPERM) {
|
|
return set_process_group();
|
|
}
|
|
return Err(err);
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(not(unix))]
|
|
/// No-op on non-Unix platforms.
|
|
pub fn detach_from_tty() -> io::Result<()> {
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(unix)]
|
|
/// Put the calling process into its own process group.
|
|
///
|
|
/// Intended for use in `pre_exec` so the child becomes the group leader.
|
|
pub fn set_process_group() -> io::Result<()> {
|
|
let result = unsafe { libc::setpgid(0, 0) };
|
|
if result == -1 {
|
|
Err(io::Error::last_os_error())
|
|
} else {
|
|
Ok(())
|
|
}
|
|
}
|
|
|
|
#[cfg(not(unix))]
|
|
/// No-op on non-Unix platforms.
|
|
pub fn set_process_group() -> io::Result<()> {
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(unix)]
|
|
/// Kill the process group for the given PID (best-effort).
|
|
///
|
|
/// This resolves the PGID for `pid` and sends SIGKILL to the whole group.
|
|
pub fn kill_process_group_by_pid(pid: u32) -> io::Result<()> {
|
|
use std::io::ErrorKind;
|
|
|
|
let pid = pid as libc::pid_t;
|
|
let pgid = unsafe { libc::getpgid(pid) };
|
|
if pgid == -1 {
|
|
let err = io::Error::last_os_error();
|
|
if err.kind() != ErrorKind::NotFound {
|
|
return Err(err);
|
|
}
|
|
return Ok(());
|
|
}
|
|
|
|
let result = unsafe { libc::killpg(pgid, libc::SIGKILL) };
|
|
if result == -1 {
|
|
let err = io::Error::last_os_error();
|
|
if err.kind() != ErrorKind::NotFound {
|
|
return Err(err);
|
|
}
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(not(unix))]
|
|
/// No-op on non-Unix platforms.
|
|
pub fn kill_process_group_by_pid(_pid: u32) -> io::Result<()> {
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(unix)]
|
|
/// Send SIGTERM to a specific process group ID (best-effort).
|
|
///
|
|
/// Returns `Ok(true)` when SIGTERM was delivered to an existing group and
|
|
/// `Ok(false)` when the group no longer exists.
|
|
pub fn terminate_process_group(process_group_id: u32) -> io::Result<bool> {
|
|
use std::io::ErrorKind;
|
|
|
|
let pgid = process_group_id as libc::pid_t;
|
|
let result = unsafe { libc::killpg(pgid, libc::SIGTERM) };
|
|
if result == -1 {
|
|
let err = io::Error::last_os_error();
|
|
if err.kind() == ErrorKind::NotFound {
|
|
return Ok(false);
|
|
}
|
|
return Err(err);
|
|
}
|
|
|
|
Ok(true)
|
|
}
|
|
|
|
#[cfg(not(unix))]
|
|
/// No-op on non-Unix platforms.
|
|
pub fn terminate_process_group(_process_group_id: u32) -> io::Result<bool> {
|
|
Ok(false)
|
|
}
|
|
|
|
#[cfg(unix)]
|
|
/// Kill a specific process group ID (best-effort).
|
|
pub fn kill_process_group(process_group_id: u32) -> io::Result<()> {
|
|
use std::io::ErrorKind;
|
|
|
|
let pgid = process_group_id as libc::pid_t;
|
|
let result = unsafe { libc::killpg(pgid, libc::SIGKILL) };
|
|
if result == -1 {
|
|
let err = io::Error::last_os_error();
|
|
if err.kind() != ErrorKind::NotFound {
|
|
return Err(err);
|
|
}
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(not(unix))]
|
|
/// No-op on non-Unix platforms.
|
|
pub fn kill_process_group(_process_group_id: u32) -> io::Result<()> {
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(unix)]
|
|
/// Kill the process group for a tokio child (best-effort).
|
|
pub fn kill_child_process_group(child: &mut Child) -> io::Result<()> {
|
|
if let Some(pid) = child.id() {
|
|
return kill_process_group_by_pid(pid);
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(not(unix))]
|
|
/// No-op on non-Unix platforms.
|
|
pub fn kill_child_process_group(_child: &mut Child) -> io::Result<()> {
|
|
Ok(())
|
|
}
|