summaryrefslogtreecommitdiff
path: root/src/signal
AgeCommit message (Collapse)AuthorFilesLines
2013-08-31fix breakage in synccall due to incorrect signal restoration in sigqueueRich Felker1-2/+3
commit 07827d1a82fb33262f686eda959857f0d28cd8fa seems to have introduced this issue. sigqueue is called from the synccall core, at which time, even implementation-internal signals are blocked. however, pthread_sigmask removes the implementation-internal signals from the old mask before returning, so that a process which began life with them blocked will not be able to save a signal mask that has them blocked, possibly causing them to become re-blocked later. however, this was causing sigqueue to unblock the implementation-internal signals during synccall, leading to deadlock.
2013-08-10fix _NSIG and SIGRTMAX on mipsRich Felker1-1/+3
a mips signal mask contains 128 bits, enough for signals 1 through 128. however, the exit status obtained from the wait-family functions only has room for values up to 127. reportedly signal 128 was causing kernelspace bugs, so it was removed from the kernel recently; even without that issue, however, it was impossible to support it correctly in userspace. at the same time, the bug was masked on musl by SIGRTMAX incorrectly yielding 64 on mips, rather than the "correct" value of 128. now that the _NSIG issue is fixed, SIGRTMAX can be fixed at the same time, exposing the full range of signals for application use. note that the (nonstandardized) libc _NSIG value is actually one greater than the max signal number, and also one greater than the kernel headers' idea of _NSIG. this is the reason for the discrepency with the recent kernel changes. since reducing _NSIG by one brought it down from 129 to 128, rather than from 128 to 127, _NSIG/8, used widely in the musl sources, is unchanged.
2013-08-09change sigset_t functions to restrict to _NSIGRich Felker4-5/+5
the idea here is to avoid advertising signals that don't exist and to make these functions safe to call (e.g. from within other parts of the implementation) on fake sigset_t objects which do not have the HURD padding.
2013-08-09optimize posix_spawn to avoid spurious sigaction syscallsRich Felker2-5/+16
the trick here is that sigaction can track for us which signals have ever had a signal handler set for them, and only those signals need to be considered for reset. this tracking mask may have false positives, since it is impossible to remove bits from it without race conditions. false negatives are not possible since the mask is updated with atomic operations prior to making the sigaction syscall. implementation-internal signals are set to SIG_IGN rather than SIG_DFL so that a signal raised in the parent (e.g. calling pthread_cancel on the thread executing pthread_spawn) does not have any chance make it to the child, where it would cause spurious termination by signal. this change reduces the minimum/typical number of syscalls in the child from around 70 to 4 (including execve). this should greatly improve the performance of posix_spawn and other interfaces which use it (popen and system). to facilitate these changes, sigismember is also changed to return 0 rather than -1 for invalid signals, and to return the actual status of implementation-internal signals. POSIX allows but does not require an error on invalid signal numbers, and in fact returning an error tends to confuse applications which wrongly assume the return value of sigismember is boolean.
2013-07-30use separate sigaction buffers for old and new dataTimo Teräs2-8/+8
in signal() it is needed since __sigaction uses restrict in parameters and sharing the buffer is technically an aliasing error. do the same for the syscall, as at least qemu-user does not handle it properly.
2013-07-24change jmp_buf to share an underlying type and struct tag with sigjmp_bufRich Felker2-2/+2
this is necessary to meet the C++ ABI target. alternatives were considered to avoid the size increase for non-sig jmp_buf objects, but they seemed to have worse properties. moreover, the relative size increase is only extreme on x86[_64]; one way of interpreting this is that, if the size increase from this patch makes jmp_buf use too much memory, then the program was already using too much memory when built for non-x86 archs.
2013-07-18fix off-by-one error in checks for implementation-internal signal numbersRich Felker3-3/+3
2013-04-26transition to using functions for internal signal blocking/restoringRich Felker3-4/+48
there are several reasons for this change. one is getting rid of the repetition of the syscall signature all over the place. another is sharing the constant masks without costly GOT accesses in PIC. the main motivation, however, is accurately representing whether we want to block signals that might be handled by the application, or all signals.
2013-04-26optimize/debloat raiseRich Felker1-2/+2
use __syscall rather than syscall when failure is not possible or not to be considered.
2013-04-22fix reversed argument order x86_64 sigsetjmp's call to sigprocmaskRich Felker1-2/+2
this caused sigsetjmp not to save the signal mask but instead to clobber it with whatever happened to be in the sigjmb_buf prior to the call.
2013-03-26remove __SYSCALL_SSLEN arch macro in favor of using public _NSIGRich Felker5-6/+6
the issue at hand is that many syscalls require as an argument the kernel-ABI size of sigset_t, intended to allow the kernel to switch to a larger sigset_t in the future. previously, each arch was defining this size in syscall_arch.h, which was redundant with the definition of _NSIG in bits/signal.h. as it's used in some not-quite-portable application code as well, _NSIG is much more likely to be recognized and understood immediately by someone reading the code, and it's also shorter and less cluttered. note that _NSIG is actually 65/129, not 64/128, but the division takes care of throwing away the off-by-one part.
2012-12-06fix sigorset/sigandset: _NSIG/8 is the size in bytesrofl0r2-2/+2
2012-12-06sigandset/sigorset: do not check for NULL pointers.rofl0r2-10/+0
that way it's consistent with existing sig* functions, and saves some code size.
2012-12-06fixup sigandsetrofl0r2-2/+2
2012-12-06add sigandset and sigorset (needed for qemu)rofl0r2-0/+34
2012-11-23fix powerpc sigsetjmp asm to match the new jmp_buf size/offsetsRich Felker1-2/+2
2012-11-19powerpc: handle syscall error in clone.rofl0r1-14/+15
sigsetjmp: store temporaries in jmp_buf rather than on stack.
2012-11-18fix powerpc asm not to store data in volatile space below stack pointerRich Felker1-8/+8
it's essential to decrement the stack pointer before writing to new stack space, rather than afterwards. otherwise there is a race condition during which asynchronous code (signals) could clobber the data being stored. it may be possible to optimize the code further using stwu, but I wanted to avoid making any changes to the actual stack layout in this commit. further improvements can be made separately if desired.
2012-11-14fix indention with spaces in powerpc asmRich Felker2-10/+10
2012-11-14Merge remote-tracking branch 'ppc-port/ppc-squashed'Rich Felker2-0/+45
2012-11-13PPC port cleaned up, static linking works well now.rofl0r4-25/+45
2012-11-13import preliminary ppc work by rdp.Richard Pennington2-0/+25
2012-11-08clean up sloppy nested inclusion from pthread_impl.hRich Felker1-0/+1
this mirrors the stdio_impl.h cleanup. one header which is not strictly needed, errno.h, is left in pthread_impl.h, because since pthread functions return their error codes rather than using errno, nearly every single pthread function needs the errno constants. in a few places, rather than bringing in string.h to use memset, the memset was replaced by direct assignment. this seems to generate much better code anyway, and makes many functions which were previously non-leaf functions into leaf functions (possibly eliminating a great deal of bloat on some platforms where non-leaf functions require ugly prologue and/or epilogue).
2012-10-18fix (hopefully; untested) completely broken/incomplete microblaze sigsetjmpRich Felker1-3/+12
2012-10-17fix microblaze asm relocations for shared libcRich Felker1-2/+2
only @PLT relocations are considered functions for purposes of -Bsymbolic-functions, so always use @PLT. it should not hurt in the static-linked case.
2012-10-11avoid the thread-ptr-init behavior of sigaction when not installing handlerRich Felker1-1/+2
this is necessary because posix_spawn calls sigaction after vfork, and if the thread pointer is not already initialized, initializing it in the child corrupts the parent process's state.
2012-09-29microblaze portRich Felker2-0/+20
based on initial work by rdp, with heavy modifications. some features including threads are untested because qemu app-level emulation seems to be broken and I do not have a proper system image for testing.
2012-09-06further use of _Noreturn, for non-plain-C functionsRich Felker1-1/+1
note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
2012-09-06use restrict everywhere it's required by c99 and/or posix 2008Rich Felker7-8/+8
to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
2012-08-09fix (hopefully) all hard-coded 8's for kernel sigset_t sizeRich Felker5-7/+9
some minor changes to how hard-coded sets for thread-related purposes are handled were also needed, since the old object sizes were not necessarily sufficient. things have gotten a bit ugly in this area, and i think a cleanup is in order at some point, but for now the goal is just to get the code working on all supported archs including mips, which was badly broken by linux rejecting syscalls with the wrong sigset_t size.
2012-07-12sigsetjmp asm for mipsRich Felker1-0/+27
2012-07-11initial version of mips (o32) port, based on work by Richard Pennington (rdp)Rich Felker1-0/+13
basically, this version of the code was obtained by starting with rdp's work from his ellcc source tree, adapting it to musl's build system and coding style, auditing the bits headers for discrepencies with kernel definitions or glibc/LSB ABI or large file issues, fixing up incompatibility with the old binutils from aboriginal linux, and adding some new special cases to deal with the oddities of sigaction and pipe syscall interfaces on mips. at present, minimal test programs work, but some interfaces are broken or missing. threaded programs probably will not link.
2012-07-11remove unused var in new sigaction codeRich Felker1-1/+1
2012-07-11changes to kernel sigaction struct handling in preparation for mips portRich Felker2-14/+17
2012-07-03jmp_buf overhaul fixing several issuesRich Felker2-10/+7
on arm, the location of the saved-signal-mask flag and mask were off by one between sigsetjmp and siglongjmp, causing incorrect behavior restoring the signal mask. this is because the siglongjmp code assumed an extra slot was in the non-sig jmp_buf for the flag, but arm did not have this. now, the extra slot is removed for all archs since it was useless. also, arm eabi requires jmp_buf to have 8-byte alignment. we achieve that using long long as the type rather than with non-portable gcc attribute tags.
2012-07-02fix sigsetjmp on arm (needs asm)Rich Felker1-0/+13
no idea why gcc refuses to compile the C code to use a tail call, but it's best to use asm anyway so we don't have to rely on the quality of the compiler's optimizations for correct code.
2012-05-05update license of njk contributed code (x86_64 asm)Rich Felker1-1/+1
these changes are based on the following communication via email: "I hereby grant that all of the code I have contributed to musl on or before April 23, 2012 may be licensed under the terms of the following MIT license: Copyright (c) 2011-2012 Nicholas J. Kain Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
2012-02-27work around "signal loses thread pointer" issue with "approach 2"Rich Felker1-0/+5
this was discussed on the mailing list and no consensus on the preferred solution was reached, so in anticipation of a release, i'm just committing a minimally-invasive solution that avoids the problem by ensuring that multi-threaded-capable programs will always have initialized the thread pointer before any signal handler can run. in the long term we may switch to initializing the thread pointer at program start time whenever the program has the potential to access any per-thread data.
2011-09-18initial commit of the arm portRich Felker1-0/+11
this port assumes eabi calling conventions, eabi linux syscall convention, and presence of the kernel helpers at 0xffff0f?0 needed for threads support. otherwise it makes very few assumptions, and the code should work even on armv4 without thumb support, as well as on systems with thumb interworking. the bits headers declare this a little endian system, but as far as i can tell the code should work equally well on big endian. some small details are probably broken; so far, testing has been limited to qemu/aboriginal linux.
2011-09-16fix generic sigsetjmp (unused anyway) pointer signedness errorRich Felker1-1/+1
2011-09-12implement gnu sigisemptysetRich Felker1-0/+9
2011-09-02fix missing prototypes/wrong signature for psiginfo, psignalRich Felker1-1/+1
2011-08-05fix off-by-one bug in siglongjmp that caused unpredictable behaviorRich Felker1-1/+1
if saved, signal mask would not be restored unless some low signals were masked. if not saved, signal mask could be wrongly restored to uninitialized values. in any, wrong mask would be restored. i believe this function was written for a very old version of the jmp_buf structure which did not contain a final 0 field for compatibility with siglongjmp, and never updated...
2011-07-30fix race condition in sigqueueRich Felker1-2/+8
this race is fundamentally due to linux's bogus requirement that userspace, rather than kernelspace, fill in the siginfo structure. an intervening signal handler that calls fork could cause both the parent and child process to send signals claiming to be from the parent, which could in turn have harmful effects depending on what the recipient does with the signal. we simply block all signals for the interval between getuid and sigqueue syscalls (much like what raise() does already) to prevent the race and make the getuid/sigqueue pair atomic. this will be a non-issue if linux is fixed to validate the siginfo structure or fill it in from kernelspace.
2011-07-30clean up pthread_sigmask/sigprocmask dependency orderRich Felker1-8/+4
it's nicer for the function that doesn't use errno to be independent, and have the other one call it. saves some time and avoids clobbering errno.
2011-06-14restore use of .type in asm, but use modern @function (vs %function)Rich Felker4-0/+6
this seems to be necessary to make the linker accept the functions in a shared library (perhaps to generate PLT entries?) strictly speaking libc-internal asm should not need it. i might clean that up later.
2011-06-13remove all .size and .type directives for functions from the asmRich Felker2-10/+0
these are useless and have caused problems for users trying to build with non-gnu tools like tcc's assembler.
2011-06-08implement psignal and psiginfoRich Felker2-0/+20
2011-05-07overhaul implementation-internal signal protectionsRich Felker8-29/+18
the new approach relies on the fact that the only ways to create sigset_t objects without invoking UB are to use the sig*set() functions, or from the masks returned by sigprocmask, sigaction, etc. or in the ucontext_t argument to a signal handler. thus, as long as sigfillset and sigaddset avoid adding the "protected" signals, there is no way the application will ever obtain a sigset_t including these bits, and thus no need to add the overhead of checking/clearing them when sigprocmask or sigaction is called. note that the old code actually *failed* to remove the bits from sa_mask when sigaction was called. the new implementations are also significantly smaller, simpler, and faster due to ignoring the useless "GNU HURD signals" 65-1024, which are not used and, if there's any sanity in the world, never will be used.
2011-04-17overhaul pthread cancellationRich Felker2-12/+3
this patch improves the correctness, simplicity, and size of cancellation-related code. modulo any small errors, it should now be completely conformant, safe, and resource-leak free. the notion of entering and exiting cancellation-point context has been completely eliminated and replaced with alternative syscall assembly code for cancellable syscalls. the assembly is responsible for setting up execution context information (stack pointer and address of the syscall instruction) which the cancellation signal handler can use to determine whether the interrupted code was in a cancellable state. these changes eliminate race conditions in the previous generation of cancellation handling code (whereby a cancellation request received just prior to the syscall would not be processed, leaving the syscall to block, potentially indefinitely), and remedy an issue where non-cancellable syscalls made from signal handlers became cancellable if the signal handler interrupted a cancellation point. x86_64 asm is untested and may need a second try to get it right.