about summary refs log tree commit diff
path: root/src/signal
Commit message (Collapse)AuthorAgeFilesLines
* remove invalid PLT calls from microblaze asmRich Felker2015-04-191-2/+3
| | | | analogous to commit 646cb9a4a04e5ed78e2dd928bf9dc6e79202f609 for sh.
* remove invalid PLT calls from sh asmRich Felker2015-04-191-2/+3
| | | | | | these are perfectly fine with ld-time symbol binding, but if the calls go through a PLT thunk, they are invalid because the caller does not setup a GOT register. use a hidden alias to bypass the issue.
* remove potentially PIC-incompatible relocations from x86_64 and x32 asmRich Felker2015-04-182-4/+4
| | | | analogous to commit 8ed66ecbcba1dd0f899f22b534aac92a282f42d5 for i386.
* remove the last of possible-textrels from i386 asmRich Felker2015-04-181-2/+3
| | | | | | | | | | | | none of these are actual textrels because of ld-time binding performed by -Bsymbolic-functions, but I'm changing them with the goal of making ld-time binding purely an optimization rather than relying on it for semantic purposes. in the case of memmove's call to memcpy, making it explicit that the memmove asm is assuming the forward-copying behavior of the memcpy asm is desirable anyway; in case memcpy is ever changed, the semantic mismatch would be apparent while editing memmcpy.s.
* redesign sigsetjmp so that signal mask is restored after longjmpRich Felker2015-04-1712-133/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | the conventional way to implement sigsetjmp is to save the signal mask then tail-call to setjmp; siglongjmp then restores the signal mask and calls longjmp. the problem with this approach is that a signal already pending, or arriving between unmasking of signals and restoration of the saved stack pointer, will have its signal handler run on the stack that was active before siglongjmp was called. this can lead to unbounded stack usage when siglongjmp is used to leave a signal handler. in the new design, sigsetjmp saves its own return address inside the extended part of the sigjmp_buf (outside the __jmp_buf part used by setjmp) then calls setjmp to save a jmp_buf inside its own execution. it then tail-calls to __sigsetjmp_tail, which uses the return value of setjmp to determine whether to save the current signal mask or restore a previously-saved mask. as an added bonus, this design makes it so that siglongjmp and longjmp are identical. this is useful because the __longjmp_chk function we need to add for ABI-compatibility assumes siglongjmp and longjmp are the same, but for different reasons -- it was designed assuming either can access a flag just past the __jmp_buf indicating whether the signal masked was saved, and act on that flag. however, early versions of musl did not have space past the __jmp_buf for the non-sigjmp_buf version of jmp_buf, so our setjmp cannot store such a flag without risking clobbering memory on (very) old binaries.
* add aarch64 portSzabolcs Nagy2015-03-112-0/+27
| | | | | | | | | | This adds complete aarch64 target support including bigendian subarch. Some of the long double math functions are known to be broken otherwise interfaces should be fully functional, but at this point consider this port experimental. Initial work on this port was done by Sireesh Tripurari and Kevin Bortis.
* use tkill instead of tgkill in implementing raiseRich Felker2014-12-181-3/+2
| | | | | | | | | | this shaves off a useless syscall for getting the caller's pid and brings raise into alignment with other functions which were adapted to use tkill rather than tgkill. commit 83dc6eb087633abcf5608ad651d3b525ca2ec35e documents the rationale for this change, and in particular why the tgkill syscall is useless for its designed purpose of avoiding races.
* add or1k (OpenRISC 1000) architecture portStefan Kristiansson2014-07-181-0/+22
| | | | | | | | | | | | | | | With the exception of a fenv implementation, the port is fully featured. The port has been tested in or1ksim, the golden reference functional simulator for OpenRISC 1000. It passes all libc-test tests (except the math tests that requires a fenv implementation). The port assumes an or1k implementation that has support for atomic instructions (l.lwa/l.swa). Although it passes all the libc-test tests, the port is still in an experimental state, and has yet experienced very little 'real-world' use.
* add __sysv_signal abi-compat alias for the signal functionRich Felker2014-06-221-0/+1
| | | | | | | | | | it should be noted that the "real" __sysv_signal, which we do not implement, is semantically different from signal. references to __sysv_signal arise in code built against glibc under certain combinations of feature test macros, and are almost surely unintentional since the legacy sysv signal behavior has fundamental race conditions that cannot be worked around and which make it impossible to use safely.
* add __sigsetjmp ABI-compat alias for sigsetjmpRich Felker2014-04-029-1/+28
|
* always initialize thread pointer at program startRich Felker2014-03-241-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first step in an overhaul aimed at greatly simplifying and optimizing everything dealing with thread-local state. previously, the thread pointer was initialized lazily on first access, or at program startup if stack protector was in use, or at certain random places where inconsistent state could be reached if it were not initialized early. while believed to be fully correct, the logic was fragile and non-obvious. in the first phase of the thread pointer overhaul, support is retained (and in some cases improved) for systems/situation where loading the thread pointer fails, e.g. old kernels. some notes on specific changes: - the confusing use of libc.main_thread as an indicator that the thread pointer is initialized is eliminated in favor of an explicit has_thread_pointer predicate. - sigaction no longer needs to ensure that the thread pointer is initialized before installing a signal handler (this was needed to prevent a situation where the signal handler caused the thread pointer to be initialized and the subsequent sigreturn cleared it again) but it still needs to ensure that implementation-internal thread-related signals are not blocked. - pthread tsd initialization for the main thread is deferred in a new manner to minimize bloat in the static-linked __init_tp code. - pthread_setcancelstate no longer needs special handling for the situation before the thread pointer is initialized. it simply fails on systems that cannot support a thread pointer, which are non-conforming anyway. - pthread_cleanup_push/pop now check for missing thread pointer and nop themselves out in this case, so stdio no longer needs to avoid the cancellable path when the thread pointer is not available. a number of cases remain where certain interfaces may crash if the system does not support a thread pointer. at this point, these should be limited to pthread interfaces, and the number of such cases should be fewer than before.
* fix mips sigsetjmp asm to match fixed jmp_buf sizeRich Felker2014-03-181-1/+1
| | | | this was missed in the previous commit.
* rename superh port to "sh" for consistencyRich Felker2014-02-272-0/+0
| | | | | | | | | linux, gcc, etc. all use "sh" as the name for the superh arch. there was already some inconsistency internally in musl: the dynamic linker was searching for "ld-musl-sh.path" as its path file despite its own name being "ld-musl-superh.so.1". there was some sentiment in both directions as to how to resolve the inconsistency, but overall "sh" was favored.
* superh portBobby Bingham2014-02-232-0/+51
|
* x32 port (diff against vanilla x86_64)rofl0r2014-02-231-1/+1
|
* import vanilla x86_64 code as x32rofl0r2014-02-232-0/+22
|
* fix const-correctness in sigandset/sigorset argumentsRich Felker2014-01-072-2/+2
| | | | | | this change is consistent with the corresponding glibc functions and is semantically const-correct. the incorrect argument types without const seem to have been taken from erroneous man pages.
* use 0 instead of NULL for null pointer constantsRich Felker2013-12-137-15/+8
| | | | and thereby remove otherwise-unnecessary inclusion of stddef.h
* include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy2013-12-1214-14/+5
|
* fix sigemptyset and sigfillset for mipsRich Felker2013-09-162-1/+10
| | | | they were leaving junk in the upper bits.
* fix breakage in synccall due to incorrect signal restoration in sigqueueRich Felker2013-08-311-2/+3
| | | | | | | | | | | | commit 07827d1a82fb33262f686eda959857f0d28cd8fa seems to have introduced this issue. sigqueue is called from the synccall core, at which time, even implementation-internal signals are blocked. however, pthread_sigmask removes the implementation-internal signals from the old mask before returning, so that a process which began life with them blocked will not be able to save a signal mask that has them blocked, possibly causing them to become re-blocked later. however, this was causing sigqueue to unblock the implementation-internal signals during synccall, leading to deadlock.
* fix _NSIG and SIGRTMAX on mipsRich Felker2013-08-101-1/+3
| | | | | | | | | | | | | | | | | | | | | a mips signal mask contains 128 bits, enough for signals 1 through 128. however, the exit status obtained from the wait-family functions only has room for values up to 127. reportedly signal 128 was causing kernelspace bugs, so it was removed from the kernel recently; even without that issue, however, it was impossible to support it correctly in userspace. at the same time, the bug was masked on musl by SIGRTMAX incorrectly yielding 64 on mips, rather than the "correct" value of 128. now that the _NSIG issue is fixed, SIGRTMAX can be fixed at the same time, exposing the full range of signals for application use. note that the (nonstandardized) libc _NSIG value is actually one greater than the max signal number, and also one greater than the kernel headers' idea of _NSIG. this is the reason for the discrepency with the recent kernel changes. since reducing _NSIG by one brought it down from 129 to 128, rather than from 128 to 127, _NSIG/8, used widely in the musl sources, is unchanged.
* change sigset_t functions to restrict to _NSIGRich Felker2013-08-094-5/+5
| | | | | | | the idea here is to avoid advertising signals that don't exist and to make these functions safe to call (e.g. from within other parts of the implementation) on fake sigset_t objects which do not have the HURD padding.
* optimize posix_spawn to avoid spurious sigaction syscallsRich Felker2013-08-092-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | the trick here is that sigaction can track for us which signals have ever had a signal handler set for them, and only those signals need to be considered for reset. this tracking mask may have false positives, since it is impossible to remove bits from it without race conditions. false negatives are not possible since the mask is updated with atomic operations prior to making the sigaction syscall. implementation-internal signals are set to SIG_IGN rather than SIG_DFL so that a signal raised in the parent (e.g. calling pthread_cancel on the thread executing pthread_spawn) does not have any chance make it to the child, where it would cause spurious termination by signal. this change reduces the minimum/typical number of syscalls in the child from around 70 to 4 (including execve). this should greatly improve the performance of posix_spawn and other interfaces which use it (popen and system). to facilitate these changes, sigismember is also changed to return 0 rather than -1 for invalid signals, and to return the actual status of implementation-internal signals. POSIX allows but does not require an error on invalid signal numbers, and in fact returning an error tends to confuse applications which wrongly assume the return value of sigismember is boolean.
* use separate sigaction buffers for old and new dataTimo Teräs2013-07-302-8/+8
| | | | | | in signal() it is needed since __sigaction uses restrict in parameters and sharing the buffer is technically an aliasing error. do the same for the syscall, as at least qemu-user does not handle it properly.
* change jmp_buf to share an underlying type and struct tag with sigjmp_bufRich Felker2013-07-242-2/+2
| | | | | | | | | | this is necessary to meet the C++ ABI target. alternatives were considered to avoid the size increase for non-sig jmp_buf objects, but they seemed to have worse properties. moreover, the relative size increase is only extreme on x86[_64]; one way of interpreting this is that, if the size increase from this patch makes jmp_buf use too much memory, then the program was already using too much memory when built for non-x86 archs.
* fix off-by-one error in checks for implementation-internal signal numbersRich Felker2013-07-183-3/+3
|
* transition to using functions for internal signal blocking/restoringRich Felker2013-04-263-4/+48
| | | | | | | | | | there are several reasons for this change. one is getting rid of the repetition of the syscall signature all over the place. another is sharing the constant masks without costly GOT accesses in PIC. the main motivation, however, is accurately representing whether we want to block signals that might be handled by the application, or all signals.
* optimize/debloat raiseRich Felker2013-04-261-2/+2
| | | | | use __syscall rather than syscall when failure is not possible or not to be considered.
* fix reversed argument order x86_64 sigsetjmp's call to sigprocmaskRich Felker2013-04-221-2/+2
| | | | | | this caused sigsetjmp not to save the signal mask but instead to clobber it with whatever happened to be in the sigjmb_buf prior to the call.
* remove __SYSCALL_SSLEN arch macro in favor of using public _NSIGRich Felker2013-03-265-6/+6
| | | | | | | | | | | | | | the issue at hand is that many syscalls require as an argument the kernel-ABI size of sigset_t, intended to allow the kernel to switch to a larger sigset_t in the future. previously, each arch was defining this size in syscall_arch.h, which was redundant with the definition of _NSIG in bits/signal.h. as it's used in some not-quite-portable application code as well, _NSIG is much more likely to be recognized and understood immediately by someone reading the code, and it's also shorter and less cluttered. note that _NSIG is actually 65/129, not 64/128, but the division takes care of throwing away the off-by-one part.
* fix sigorset/sigandset: _NSIG/8 is the size in bytesrofl0r2012-12-062-2/+2
|
* sigandset/sigorset: do not check for NULL pointers.rofl0r2012-12-062-10/+0
| | | | | that way it's consistent with existing sig* functions, and saves some code size.
* fixup sigandsetrofl0r2012-12-062-2/+2
|
* add sigandset and sigorset (needed for qemu)rofl0r2012-12-062-0/+34
|
* fix powerpc sigsetjmp asm to match the new jmp_buf size/offsetsRich Felker2012-11-231-2/+2
|
* powerpc: handle syscall error in clone.rofl0r2012-11-191-14/+15
| | | | sigsetjmp: store temporaries in jmp_buf rather than on stack.
* fix powerpc asm not to store data in volatile space below stack pointerRich Felker2012-11-181-8/+8
| | | | | | | | | | | it's essential to decrement the stack pointer before writing to new stack space, rather than afterwards. otherwise there is a race condition during which asynchronous code (signals) could clobber the data being stored. it may be possible to optimize the code further using stwu, but I wanted to avoid making any changes to the actual stack layout in this commit. further improvements can be made separately if desired.
* fix indention with spaces in powerpc asmRich Felker2012-11-142-10/+10
|
* Merge remote-tracking branch 'ppc-port/ppc-squashed'Rich Felker2012-11-142-0/+45
|\
| * PPC port cleaned up, static linking works well now.rofl0r2012-11-134-25/+45
| |
| * import preliminary ppc work by rdp.Richard Pennington2012-11-132-0/+25
| |
* | clean up sloppy nested inclusion from pthread_impl.hRich Felker2012-11-081-0/+1
|/ | | | | | | | | | | | | | this mirrors the stdio_impl.h cleanup. one header which is not strictly needed, errno.h, is left in pthread_impl.h, because since pthread functions return their error codes rather than using errno, nearly every single pthread function needs the errno constants. in a few places, rather than bringing in string.h to use memset, the memset was replaced by direct assignment. this seems to generate much better code anyway, and makes many functions which were previously non-leaf functions into leaf functions (possibly eliminating a great deal of bloat on some platforms where non-leaf functions require ugly prologue and/or epilogue).
* fix (hopefully; untested) completely broken/incomplete microblaze sigsetjmpRich Felker2012-10-181-3/+12
|
* fix microblaze asm relocations for shared libcRich Felker2012-10-171-2/+2
| | | | | | only @PLT relocations are considered functions for purposes of -Bsymbolic-functions, so always use @PLT. it should not hurt in the static-linked case.
* avoid the thread-ptr-init behavior of sigaction when not installing handlerRich Felker2012-10-111-1/+2
| | | | | | this is necessary because posix_spawn calls sigaction after vfork, and if the thread pointer is not already initialized, initializing it in the child corrupts the parent process's state.
* microblaze portRich Felker2012-09-292-0/+20
| | | | | | based on initial work by rdp, with heavy modifications. some features including threads are untested because qemu app-level emulation seems to be broken and I do not have a proper system image for testing.
* further use of _Noreturn, for non-plain-C functionsRich Felker2012-09-061-1/+1
| | | | | | | | | | | | | | | | | | | note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-067-8/+8
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* fix (hopefully) all hard-coded 8's for kernel sigset_t sizeRich Felker2012-08-095-7/+9
| | | | | | | | | | some minor changes to how hard-coded sets for thread-related purposes are handled were also needed, since the old object sizes were not necessarily sufficient. things have gotten a bit ugly in this area, and i think a cleanup is in order at some point, but for now the goal is just to get the code working on all supported archs including mips, which was badly broken by linux rejecting syscalls with the wrong sigset_t size.