about summary refs log tree commit diff
path: root/src/signal
Commit message (Collapse)AuthorAgeFilesLines
* fix sigemptyset and sigfillset for mipsRich Felker2013-09-162-1/+10
| | | | they were leaving junk in the upper bits.
* fix breakage in synccall due to incorrect signal restoration in sigqueueRich Felker2013-08-311-2/+3
| | | | | | | | | | | | commit 07827d1a82fb33262f686eda959857f0d28cd8fa seems to have introduced this issue. sigqueue is called from the synccall core, at which time, even implementation-internal signals are blocked. however, pthread_sigmask removes the implementation-internal signals from the old mask before returning, so that a process which began life with them blocked will not be able to save a signal mask that has them blocked, possibly causing them to become re-blocked later. however, this was causing sigqueue to unblock the implementation-internal signals during synccall, leading to deadlock.
* fix _NSIG and SIGRTMAX on mipsRich Felker2013-08-101-1/+3
| | | | | | | | | | | | | | | | | | | | | a mips signal mask contains 128 bits, enough for signals 1 through 128. however, the exit status obtained from the wait-family functions only has room for values up to 127. reportedly signal 128 was causing kernelspace bugs, so it was removed from the kernel recently; even without that issue, however, it was impossible to support it correctly in userspace. at the same time, the bug was masked on musl by SIGRTMAX incorrectly yielding 64 on mips, rather than the "correct" value of 128. now that the _NSIG issue is fixed, SIGRTMAX can be fixed at the same time, exposing the full range of signals for application use. note that the (nonstandardized) libc _NSIG value is actually one greater than the max signal number, and also one greater than the kernel headers' idea of _NSIG. this is the reason for the discrepency with the recent kernel changes. since reducing _NSIG by one brought it down from 129 to 128, rather than from 128 to 127, _NSIG/8, used widely in the musl sources, is unchanged.
* change sigset_t functions to restrict to _NSIGRich Felker2013-08-094-5/+5
| | | | | | | the idea here is to avoid advertising signals that don't exist and to make these functions safe to call (e.g. from within other parts of the implementation) on fake sigset_t objects which do not have the HURD padding.
* optimize posix_spawn to avoid spurious sigaction syscallsRich Felker2013-08-092-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | the trick here is that sigaction can track for us which signals have ever had a signal handler set for them, and only those signals need to be considered for reset. this tracking mask may have false positives, since it is impossible to remove bits from it without race conditions. false negatives are not possible since the mask is updated with atomic operations prior to making the sigaction syscall. implementation-internal signals are set to SIG_IGN rather than SIG_DFL so that a signal raised in the parent (e.g. calling pthread_cancel on the thread executing pthread_spawn) does not have any chance make it to the child, where it would cause spurious termination by signal. this change reduces the minimum/typical number of syscalls in the child from around 70 to 4 (including execve). this should greatly improve the performance of posix_spawn and other interfaces which use it (popen and system). to facilitate these changes, sigismember is also changed to return 0 rather than -1 for invalid signals, and to return the actual status of implementation-internal signals. POSIX allows but does not require an error on invalid signal numbers, and in fact returning an error tends to confuse applications which wrongly assume the return value of sigismember is boolean.
* use separate sigaction buffers for old and new dataTimo Teräs2013-07-302-8/+8
| | | | | | in signal() it is needed since __sigaction uses restrict in parameters and sharing the buffer is technically an aliasing error. do the same for the syscall, as at least qemu-user does not handle it properly.
* change jmp_buf to share an underlying type and struct tag with sigjmp_bufRich Felker2013-07-242-2/+2
| | | | | | | | | | this is necessary to meet the C++ ABI target. alternatives were considered to avoid the size increase for non-sig jmp_buf objects, but they seemed to have worse properties. moreover, the relative size increase is only extreme on x86[_64]; one way of interpreting this is that, if the size increase from this patch makes jmp_buf use too much memory, then the program was already using too much memory when built for non-x86 archs.
* fix off-by-one error in checks for implementation-internal signal numbersRich Felker2013-07-183-3/+3
|
* transition to using functions for internal signal blocking/restoringRich Felker2013-04-263-4/+48
| | | | | | | | | | there are several reasons for this change. one is getting rid of the repetition of the syscall signature all over the place. another is sharing the constant masks without costly GOT accesses in PIC. the main motivation, however, is accurately representing whether we want to block signals that might be handled by the application, or all signals.
* optimize/debloat raiseRich Felker2013-04-261-2/+2
| | | | | use __syscall rather than syscall when failure is not possible or not to be considered.
* fix reversed argument order x86_64 sigsetjmp's call to sigprocmaskRich Felker2013-04-221-2/+2
| | | | | | this caused sigsetjmp not to save the signal mask but instead to clobber it with whatever happened to be in the sigjmb_buf prior to the call.
* remove __SYSCALL_SSLEN arch macro in favor of using public _NSIGRich Felker2013-03-265-6/+6
| | | | | | | | | | | | | | the issue at hand is that many syscalls require as an argument the kernel-ABI size of sigset_t, intended to allow the kernel to switch to a larger sigset_t in the future. previously, each arch was defining this size in syscall_arch.h, which was redundant with the definition of _NSIG in bits/signal.h. as it's used in some not-quite-portable application code as well, _NSIG is much more likely to be recognized and understood immediately by someone reading the code, and it's also shorter and less cluttered. note that _NSIG is actually 65/129, not 64/128, but the division takes care of throwing away the off-by-one part.
* fix sigorset/sigandset: _NSIG/8 is the size in bytesrofl0r2012-12-062-2/+2
|
* sigandset/sigorset: do not check for NULL pointers.rofl0r2012-12-062-10/+0
| | | | | that way it's consistent with existing sig* functions, and saves some code size.
* fixup sigandsetrofl0r2012-12-062-2/+2
|
* add sigandset and sigorset (needed for qemu)rofl0r2012-12-062-0/+34
|
* fix powerpc sigsetjmp asm to match the new jmp_buf size/offsetsRich Felker2012-11-231-2/+2
|
* powerpc: handle syscall error in clone.rofl0r2012-11-191-14/+15
| | | | sigsetjmp: store temporaries in jmp_buf rather than on stack.
* fix powerpc asm not to store data in volatile space below stack pointerRich Felker2012-11-181-8/+8
| | | | | | | | | | | it's essential to decrement the stack pointer before writing to new stack space, rather than afterwards. otherwise there is a race condition during which asynchronous code (signals) could clobber the data being stored. it may be possible to optimize the code further using stwu, but I wanted to avoid making any changes to the actual stack layout in this commit. further improvements can be made separately if desired.
* fix indention with spaces in powerpc asmRich Felker2012-11-142-10/+10
|
* Merge remote-tracking branch 'ppc-port/ppc-squashed'Rich Felker2012-11-142-0/+45
|\
| * PPC port cleaned up, static linking works well now.rofl0r2012-11-134-25/+45
| |
| * import preliminary ppc work by rdp.Richard Pennington2012-11-132-0/+25
| |
* | clean up sloppy nested inclusion from pthread_impl.hRich Felker2012-11-081-0/+1
|/ | | | | | | | | | | | | | this mirrors the stdio_impl.h cleanup. one header which is not strictly needed, errno.h, is left in pthread_impl.h, because since pthread functions return their error codes rather than using errno, nearly every single pthread function needs the errno constants. in a few places, rather than bringing in string.h to use memset, the memset was replaced by direct assignment. this seems to generate much better code anyway, and makes many functions which were previously non-leaf functions into leaf functions (possibly eliminating a great deal of bloat on some platforms where non-leaf functions require ugly prologue and/or epilogue).
* fix (hopefully; untested) completely broken/incomplete microblaze sigsetjmpRich Felker2012-10-181-3/+12
|
* fix microblaze asm relocations for shared libcRich Felker2012-10-171-2/+2
| | | | | | only @PLT relocations are considered functions for purposes of -Bsymbolic-functions, so always use @PLT. it should not hurt in the static-linked case.
* avoid the thread-ptr-init behavior of sigaction when not installing handlerRich Felker2012-10-111-1/+2
| | | | | | this is necessary because posix_spawn calls sigaction after vfork, and if the thread pointer is not already initialized, initializing it in the child corrupts the parent process's state.
* microblaze portRich Felker2012-09-292-0/+20
| | | | | | based on initial work by rdp, with heavy modifications. some features including threads are untested because qemu app-level emulation seems to be broken and I do not have a proper system image for testing.
* further use of _Noreturn, for non-plain-C functionsRich Felker2012-09-061-1/+1
| | | | | | | | | | | | | | | | | | | note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-067-8/+8
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* fix (hopefully) all hard-coded 8's for kernel sigset_t sizeRich Felker2012-08-095-7/+9
| | | | | | | | | | some minor changes to how hard-coded sets for thread-related purposes are handled were also needed, since the old object sizes were not necessarily sufficient. things have gotten a bit ugly in this area, and i think a cleanup is in order at some point, but for now the goal is just to get the code working on all supported archs including mips, which was badly broken by linux rejecting syscalls with the wrong sigset_t size.
* sigsetjmp asm for mipsRich Felker2012-07-121-0/+27
|
* initial version of mips (o32) port, based on work by Richard Pennington (rdp)Rich Felker2012-07-111-0/+13
| | | | | | | | | | | | | basically, this version of the code was obtained by starting with rdp's work from his ellcc source tree, adapting it to musl's build system and coding style, auditing the bits headers for discrepencies with kernel definitions or glibc/LSB ABI or large file issues, fixing up incompatibility with the old binutils from aboriginal linux, and adding some new special cases to deal with the oddities of sigaction and pipe syscall interfaces on mips. at present, minimal test programs work, but some interfaces are broken or missing. threaded programs probably will not link.
* remove unused var in new sigaction codeRich Felker2012-07-111-1/+1
|
* changes to kernel sigaction struct handling in preparation for mips portRich Felker2012-07-112-14/+17
|
* jmp_buf overhaul fixing several issuesRich Felker2012-07-032-10/+7
| | | | | | | | | | | | | on arm, the location of the saved-signal-mask flag and mask were off by one between sigsetjmp and siglongjmp, causing incorrect behavior restoring the signal mask. this is because the siglongjmp code assumed an extra slot was in the non-sig jmp_buf for the flag, but arm did not have this. now, the extra slot is removed for all archs since it was useless. also, arm eabi requires jmp_buf to have 8-byte alignment. we achieve that using long long as the type rather than with non-portable gcc attribute tags.
* fix sigsetjmp on arm (needs asm)Rich Felker2012-07-021-0/+13
| | | | | | no idea why gcc refuses to compile the C code to use a tail call, but it's best to use asm anyway so we don't have to rely on the quality of the compiler's optimizations for correct code.
* update license of njk contributed code (x86_64 asm)Rich Felker2012-05-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | these changes are based on the following communication via email: "I hereby grant that all of the code I have contributed to musl on or before April 23, 2012 may be licensed under the terms of the following MIT license: Copyright (c) 2011-2012 Nicholas J. Kain Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
* work around "signal loses thread pointer" issue with "approach 2"Rich Felker2012-02-271-0/+5
| | | | | | | | | | | | this was discussed on the mailing list and no consensus on the preferred solution was reached, so in anticipation of a release, i'm just committing a minimally-invasive solution that avoids the problem by ensuring that multi-threaded-capable programs will always have initialized the thread pointer before any signal handler can run. in the long term we may switch to initializing the thread pointer at program start time whenever the program has the potential to access any per-thread data.
* initial commit of the arm portRich Felker2011-09-181-0/+11
| | | | | | | | | | | | | this port assumes eabi calling conventions, eabi linux syscall convention, and presence of the kernel helpers at 0xffff0f?0 needed for threads support. otherwise it makes very few assumptions, and the code should work even on armv4 without thumb support, as well as on systems with thumb interworking. the bits headers declare this a little endian system, but as far as i can tell the code should work equally well on big endian. some small details are probably broken; so far, testing has been limited to qemu/aboriginal linux.
* fix generic sigsetjmp (unused anyway) pointer signedness errorRich Felker2011-09-161-1/+1
|
* implement gnu sigisemptysetRich Felker2011-09-121-0/+9
|
* fix missing prototypes/wrong signature for psiginfo, psignalRich Felker2011-09-021-1/+1
|
* fix off-by-one bug in siglongjmp that caused unpredictable behaviorRich Felker2011-08-051-1/+1
| | | | | | | | | | if saved, signal mask would not be restored unless some low signals were masked. if not saved, signal mask could be wrongly restored to uninitialized values. in any, wrong mask would be restored. i believe this function was written for a very old version of the jmp_buf structure which did not contain a final 0 field for compatibility with siglongjmp, and never updated...
* fix race condition in sigqueueRich Felker2011-07-301-2/+8
| | | | | | | | | | | | | | | this race is fundamentally due to linux's bogus requirement that userspace, rather than kernelspace, fill in the siginfo structure. an intervening signal handler that calls fork could cause both the parent and child process to send signals claiming to be from the parent, which could in turn have harmful effects depending on what the recipient does with the signal. we simply block all signals for the interval between getuid and sigqueue syscalls (much like what raise() does already) to prevent the race and make the getuid/sigqueue pair atomic. this will be a non-issue if linux is fixed to validate the siginfo structure or fill it in from kernelspace.
* clean up pthread_sigmask/sigprocmask dependency orderRich Felker2011-07-301-8/+4
| | | | | | it's nicer for the function that doesn't use errno to be independent, and have the other one call it. saves some time and avoids clobbering errno.
* restore use of .type in asm, but use modern @function (vs %function)Rich Felker2011-06-144-0/+6
| | | | | | | | this seems to be necessary to make the linker accept the functions in a shared library (perhaps to generate PLT entries?) strictly speaking libc-internal asm should not need it. i might clean that up later.
* remove all .size and .type directives for functions from the asmRich Felker2011-06-132-10/+0
| | | | | these are useless and have caused problems for users trying to build with non-gnu tools like tcc's assembler.
* implement psignal and psiginfoRich Felker2011-06-082-0/+20
|
* overhaul implementation-internal signal protectionsRich Felker2011-05-078-29/+18
| | | | | | | | | | | | | | | | | | | the new approach relies on the fact that the only ways to create sigset_t objects without invoking UB are to use the sig*set() functions, or from the masks returned by sigprocmask, sigaction, etc. or in the ucontext_t argument to a signal handler. thus, as long as sigfillset and sigaddset avoid adding the "protected" signals, there is no way the application will ever obtain a sigset_t including these bits, and thus no need to add the overhead of checking/clearing them when sigprocmask or sigaction is called. note that the old code actually *failed* to remove the bits from sa_mask when sigaction was called. the new implementations are also significantly smaller, simpler, and faster due to ignoring the useless "GNU HURD signals" 65-1024, which are not used and, if there's any sanity in the world, never will be used.