about summary refs log tree commit diff
path: root/src/signal
Commit message (Collapse)AuthorAgeFilesLines
* fix crash when signal number 0 is passed to sigactionRich Felker2015-12-151-5/+1
| | | | | | this error case was overlooked in the old range checking logic. new check is moved out of __libc_sigaction to the public wrapper in order to unify the error path and reduce code size.
* eliminate use of SHARED macro to suppress visibility attributesRich Felker2015-11-111-2/+0
| | | | | | | | | | | | | | | | this is the first and simplest stage of removal of the SHARED macro, which will eventually allow libc.a and libc.so to be produced from the same object files. the original motivation for these #ifdefs which are now being removed was to allow building a static-only libc using a compiler that does not support visibility. however, SHARED was the wrong condition to test for this anyway; various assembly-language sources refer to hidden symbols and declare them with the .hidden directive, making it wrong to define the referenced symbols as non-hidden. if there is a need in the future to build libc using compilers that lack visibility, support could be moved to the build system or perhaps the __PIC__ macro could be checked instead of SHARED.
* explicitly assemble all arm asm sources as UALRich Felker2015-11-102-0/+3
| | | | | | | | these files are all accepted as legacy arm syntax when producing arm code, but legacy syntax cannot be used for producing thumb2 with access to the full ISA. even after switching to UAL, some asm source files contain instructions which are not valid in thumb mode, so these will need to be addressed separately.
* fix signal return for sh/fdpicRich Felker2015-09-232-4/+0
| | | | | | | | | | | | | | | | the restorer function pointer provided in the kernel sigaction structure is interpreted by the kernel as a raw code address, not a function descriptor. this commit moves the declarations of the __restore and __restore_rt symbols to ksigaction.h so that arch versions of the file can override them, and introduces a version for sh which declares them as objects rather than functions. an alternate solution would have been defining SA_RESTORER to 0 so that the functions are not used, but this both requires executable stack (since the sh kernel does not have a vdso page with permanent restorer functions) and crashes on qemu user-level emulation.
* remove unused (and invalid) C version of sigsetjmpRich Felker2015-09-091-17/+0
| | | | | | | | | originally, the comment in this code was correct and it would likely work if the compiler generated a tail call to setjmp. however, commit 583e55122e767b1586286a0d9c35e2a4027998ab redesigned sigsetjmp and siglongjmp such that the old C implementation (which was not intended to be used) is not even conceptually correct. remove it in the interest of avoiding confusion when porting to new archs.
* switch to using trap number 31 for syscalls on shRich Felker2015-06-161-2/+2
| | | | | | | | | | | | | | | | | | | nominally the low bits of the trap number on sh are the number of syscall arguments, but they have never been used by the kernel, and some code making syscalls does not even know the number of arguments and needs to pass an arbitrary high number anyway. sh3/sh4 traditionally used the trap range 16-31 for syscalls, but part of this range overlapped with hardware exceptions/interrupts on sh2 hardware, so an incompatible range 32-47 was chosen for sh2. using trap number 31 everywhere, since it's in the existing sh3/sh4 range and does not conflict with sh2 hardware, is a proposed unification of the kernel syscall convention that will allow binaries to be shared between sh2 and sh3/sh4. if this is not accepted into the kernel, we can refit the sh2 target with runtime selection mechanisms for the trap number, but doing so would be invasive and would entail non-trivial overhead.
* fix crash in x32 sigsetjmpRich Felker2015-05-021-0/+1
| | | | | | | | | | | the 64-bit push reads not only the 32-bit return address but also the first 32 signal mask bits. if any were nonzero, the return address obtained will be invalid. at some point storage of the return address should probably be moved to follow the saved mask so that there's plenty room and the same code can be used on x32 and regular x86_64, but for now I want a fix that does not risk breaking x86_64, and this simple re-zeroing works.
* fix sh jmp_buf size to match ABIRich Felker2015-04-271-2/+2
| | | | | | | | | | | | | | | | | while the sh port is still experimental and subject to ABI instability, this is not actually an application/libc boundary ABI change. it only affects third-party APIs where jmp_buf is used in a shared structure at the ABI boundary, because nothing anywhere near the end of the jmp_buf object (which includes the oversized sigset_t) is accessed by libc. both glibc and uclibc have 15-slot jmp_buf for sh. presumably the smaller version was used in musl because the slots for fpu status register and thread pointer register (gbr) were incorrect and must not be restored by longjmp, but the size should have been preserved, as it's generally treated as a libc-agnostic ABI property for the arch, and having extra slots free in case we ever need them for something is useful anyway.
* fix build regression in aarch64 sigsetjmpRich Felker2015-04-241-2/+2
| | | | | at least some assembler versions do not accept the register name lr. use the name x30 instead.
* remove invalid PLT calls from or1k asmRich Felker2015-04-191-3/+4
| | | | analogous to commit 646cb9a4a04e5ed78e2dd928bf9dc6e79202f609 for sh.
* remove possible-textrels from powerpc asmRich Felker2015-04-191-2/+3
| | | | | | | these are perfectly fine with ld-time symbol binding, but otherwise result in textrels. they cannot be replaced with @PLT jump targets because the PLT thunks require a GOT register to be setup, so use a hidden alias instead.
* remove invalid PLT calls from microblaze asmRich Felker2015-04-191-2/+3
| | | | analogous to commit 646cb9a4a04e5ed78e2dd928bf9dc6e79202f609 for sh.
* remove invalid PLT calls from sh asmRich Felker2015-04-191-2/+3
| | | | | | these are perfectly fine with ld-time symbol binding, but if the calls go through a PLT thunk, they are invalid because the caller does not setup a GOT register. use a hidden alias to bypass the issue.
* remove potentially PIC-incompatible relocations from x86_64 and x32 asmRich Felker2015-04-182-4/+4
| | | | analogous to commit 8ed66ecbcba1dd0f899f22b534aac92a282f42d5 for i386.
* remove the last of possible-textrels from i386 asmRich Felker2015-04-181-2/+3
| | | | | | | | | | | | none of these are actual textrels because of ld-time binding performed by -Bsymbolic-functions, but I'm changing them with the goal of making ld-time binding purely an optimization rather than relying on it for semantic purposes. in the case of memmove's call to memcpy, making it explicit that the memmove asm is assuming the forward-copying behavior of the memcpy asm is desirable anyway; in case memcpy is ever changed, the semantic mismatch would be apparent while editing memmcpy.s.
* redesign sigsetjmp so that signal mask is restored after longjmpRich Felker2015-04-1712-133/+177
| | | | | | | | | | | | | | | | | | | | | | | | | | | | the conventional way to implement sigsetjmp is to save the signal mask then tail-call to setjmp; siglongjmp then restores the signal mask and calls longjmp. the problem with this approach is that a signal already pending, or arriving between unmasking of signals and restoration of the saved stack pointer, will have its signal handler run on the stack that was active before siglongjmp was called. this can lead to unbounded stack usage when siglongjmp is used to leave a signal handler. in the new design, sigsetjmp saves its own return address inside the extended part of the sigjmp_buf (outside the __jmp_buf part used by setjmp) then calls setjmp to save a jmp_buf inside its own execution. it then tail-calls to __sigsetjmp_tail, which uses the return value of setjmp to determine whether to save the current signal mask or restore a previously-saved mask. as an added bonus, this design makes it so that siglongjmp and longjmp are identical. this is useful because the __longjmp_chk function we need to add for ABI-compatibility assumes siglongjmp and longjmp are the same, but for different reasons -- it was designed assuming either can access a flag just past the __jmp_buf indicating whether the signal masked was saved, and act on that flag. however, early versions of musl did not have space past the __jmp_buf for the non-sigjmp_buf version of jmp_buf, so our setjmp cannot store such a flag without risking clobbering memory on (very) old binaries.
* add aarch64 portSzabolcs Nagy2015-03-112-0/+27
| | | | | | | | | | This adds complete aarch64 target support including bigendian subarch. Some of the long double math functions are known to be broken otherwise interfaces should be fully functional, but at this point consider this port experimental. Initial work on this port was done by Sireesh Tripurari and Kevin Bortis.
* use tkill instead of tgkill in implementing raiseRich Felker2014-12-181-3/+2
| | | | | | | | | | this shaves off a useless syscall for getting the caller's pid and brings raise into alignment with other functions which were adapted to use tkill rather than tgkill. commit 83dc6eb087633abcf5608ad651d3b525ca2ec35e documents the rationale for this change, and in particular why the tgkill syscall is useless for its designed purpose of avoiding races.
* add or1k (OpenRISC 1000) architecture portStefan Kristiansson2014-07-181-0/+22
| | | | | | | | | | | | | | | With the exception of a fenv implementation, the port is fully featured. The port has been tested in or1ksim, the golden reference functional simulator for OpenRISC 1000. It passes all libc-test tests (except the math tests that requires a fenv implementation). The port assumes an or1k implementation that has support for atomic instructions (l.lwa/l.swa). Although it passes all the libc-test tests, the port is still in an experimental state, and has yet experienced very little 'real-world' use.
* add __sysv_signal abi-compat alias for the signal functionRich Felker2014-06-221-0/+1
| | | | | | | | | | it should be noted that the "real" __sysv_signal, which we do not implement, is semantically different from signal. references to __sysv_signal arise in code built against glibc under certain combinations of feature test macros, and are almost surely unintentional since the legacy sysv signal behavior has fundamental race conditions that cannot be worked around and which make it impossible to use safely.
* add __sigsetjmp ABI-compat alias for sigsetjmpRich Felker2014-04-029-1/+28
|
* always initialize thread pointer at program startRich Felker2014-03-241-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first step in an overhaul aimed at greatly simplifying and optimizing everything dealing with thread-local state. previously, the thread pointer was initialized lazily on first access, or at program startup if stack protector was in use, or at certain random places where inconsistent state could be reached if it were not initialized early. while believed to be fully correct, the logic was fragile and non-obvious. in the first phase of the thread pointer overhaul, support is retained (and in some cases improved) for systems/situation where loading the thread pointer fails, e.g. old kernels. some notes on specific changes: - the confusing use of libc.main_thread as an indicator that the thread pointer is initialized is eliminated in favor of an explicit has_thread_pointer predicate. - sigaction no longer needs to ensure that the thread pointer is initialized before installing a signal handler (this was needed to prevent a situation where the signal handler caused the thread pointer to be initialized and the subsequent sigreturn cleared it again) but it still needs to ensure that implementation-internal thread-related signals are not blocked. - pthread tsd initialization for the main thread is deferred in a new manner to minimize bloat in the static-linked __init_tp code. - pthread_setcancelstate no longer needs special handling for the situation before the thread pointer is initialized. it simply fails on systems that cannot support a thread pointer, which are non-conforming anyway. - pthread_cleanup_push/pop now check for missing thread pointer and nop themselves out in this case, so stdio no longer needs to avoid the cancellable path when the thread pointer is not available. a number of cases remain where certain interfaces may crash if the system does not support a thread pointer. at this point, these should be limited to pthread interfaces, and the number of such cases should be fewer than before.
* fix mips sigsetjmp asm to match fixed jmp_buf sizeRich Felker2014-03-181-1/+1
| | | | this was missed in the previous commit.
* rename superh port to "sh" for consistencyRich Felker2014-02-272-0/+0
| | | | | | | | | linux, gcc, etc. all use "sh" as the name for the superh arch. there was already some inconsistency internally in musl: the dynamic linker was searching for "ld-musl-sh.path" as its path file despite its own name being "ld-musl-superh.so.1". there was some sentiment in both directions as to how to resolve the inconsistency, but overall "sh" was favored.
* superh portBobby Bingham2014-02-232-0/+51
|
* x32 port (diff against vanilla x86_64)rofl0r2014-02-231-1/+1
|
* import vanilla x86_64 code as x32rofl0r2014-02-232-0/+22
|
* fix const-correctness in sigandset/sigorset argumentsRich Felker2014-01-072-2/+2
| | | | | | this change is consistent with the corresponding glibc functions and is semantically const-correct. the incorrect argument types without const seem to have been taken from erroneous man pages.
* use 0 instead of NULL for null pointer constantsRich Felker2013-12-137-15/+8
| | | | and thereby remove otherwise-unnecessary inclusion of stddef.h
* include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy2013-12-1214-14/+5
|
* fix sigemptyset and sigfillset for mipsRich Felker2013-09-162-1/+10
| | | | they were leaving junk in the upper bits.
* fix breakage in synccall due to incorrect signal restoration in sigqueueRich Felker2013-08-311-2/+3
| | | | | | | | | | | | commit 07827d1a82fb33262f686eda959857f0d28cd8fa seems to have introduced this issue. sigqueue is called from the synccall core, at which time, even implementation-internal signals are blocked. however, pthread_sigmask removes the implementation-internal signals from the old mask before returning, so that a process which began life with them blocked will not be able to save a signal mask that has them blocked, possibly causing them to become re-blocked later. however, this was causing sigqueue to unblock the implementation-internal signals during synccall, leading to deadlock.
* fix _NSIG and SIGRTMAX on mipsRich Felker2013-08-101-1/+3
| | | | | | | | | | | | | | | | | | | | | a mips signal mask contains 128 bits, enough for signals 1 through 128. however, the exit status obtained from the wait-family functions only has room for values up to 127. reportedly signal 128 was causing kernelspace bugs, so it was removed from the kernel recently; even without that issue, however, it was impossible to support it correctly in userspace. at the same time, the bug was masked on musl by SIGRTMAX incorrectly yielding 64 on mips, rather than the "correct" value of 128. now that the _NSIG issue is fixed, SIGRTMAX can be fixed at the same time, exposing the full range of signals for application use. note that the (nonstandardized) libc _NSIG value is actually one greater than the max signal number, and also one greater than the kernel headers' idea of _NSIG. this is the reason for the discrepency with the recent kernel changes. since reducing _NSIG by one brought it down from 129 to 128, rather than from 128 to 127, _NSIG/8, used widely in the musl sources, is unchanged.
* change sigset_t functions to restrict to _NSIGRich Felker2013-08-094-5/+5
| | | | | | | the idea here is to avoid advertising signals that don't exist and to make these functions safe to call (e.g. from within other parts of the implementation) on fake sigset_t objects which do not have the HURD padding.
* optimize posix_spawn to avoid spurious sigaction syscallsRich Felker2013-08-092-5/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | the trick here is that sigaction can track for us which signals have ever had a signal handler set for them, and only those signals need to be considered for reset. this tracking mask may have false positives, since it is impossible to remove bits from it without race conditions. false negatives are not possible since the mask is updated with atomic operations prior to making the sigaction syscall. implementation-internal signals are set to SIG_IGN rather than SIG_DFL so that a signal raised in the parent (e.g. calling pthread_cancel on the thread executing pthread_spawn) does not have any chance make it to the child, where it would cause spurious termination by signal. this change reduces the minimum/typical number of syscalls in the child from around 70 to 4 (including execve). this should greatly improve the performance of posix_spawn and other interfaces which use it (popen and system). to facilitate these changes, sigismember is also changed to return 0 rather than -1 for invalid signals, and to return the actual status of implementation-internal signals. POSIX allows but does not require an error on invalid signal numbers, and in fact returning an error tends to confuse applications which wrongly assume the return value of sigismember is boolean.
* use separate sigaction buffers for old and new dataTimo Teräs2013-07-302-8/+8
| | | | | | in signal() it is needed since __sigaction uses restrict in parameters and sharing the buffer is technically an aliasing error. do the same for the syscall, as at least qemu-user does not handle it properly.
* change jmp_buf to share an underlying type and struct tag with sigjmp_bufRich Felker2013-07-242-2/+2
| | | | | | | | | | this is necessary to meet the C++ ABI target. alternatives were considered to avoid the size increase for non-sig jmp_buf objects, but they seemed to have worse properties. moreover, the relative size increase is only extreme on x86[_64]; one way of interpreting this is that, if the size increase from this patch makes jmp_buf use too much memory, then the program was already using too much memory when built for non-x86 archs.
* fix off-by-one error in checks for implementation-internal signal numbersRich Felker2013-07-183-3/+3
|
* transition to using functions for internal signal blocking/restoringRich Felker2013-04-263-4/+48
| | | | | | | | | | there are several reasons for this change. one is getting rid of the repetition of the syscall signature all over the place. another is sharing the constant masks without costly GOT accesses in PIC. the main motivation, however, is accurately representing whether we want to block signals that might be handled by the application, or all signals.
* optimize/debloat raiseRich Felker2013-04-261-2/+2
| | | | | use __syscall rather than syscall when failure is not possible or not to be considered.
* fix reversed argument order x86_64 sigsetjmp's call to sigprocmaskRich Felker2013-04-221-2/+2
| | | | | | this caused sigsetjmp not to save the signal mask but instead to clobber it with whatever happened to be in the sigjmb_buf prior to the call.
* remove __SYSCALL_SSLEN arch macro in favor of using public _NSIGRich Felker2013-03-265-6/+6
| | | | | | | | | | | | | | the issue at hand is that many syscalls require as an argument the kernel-ABI size of sigset_t, intended to allow the kernel to switch to a larger sigset_t in the future. previously, each arch was defining this size in syscall_arch.h, which was redundant with the definition of _NSIG in bits/signal.h. as it's used in some not-quite-portable application code as well, _NSIG is much more likely to be recognized and understood immediately by someone reading the code, and it's also shorter and less cluttered. note that _NSIG is actually 65/129, not 64/128, but the division takes care of throwing away the off-by-one part.
* fix sigorset/sigandset: _NSIG/8 is the size in bytesrofl0r2012-12-062-2/+2
|
* sigandset/sigorset: do not check for NULL pointers.rofl0r2012-12-062-10/+0
| | | | | that way it's consistent with existing sig* functions, and saves some code size.
* fixup sigandsetrofl0r2012-12-062-2/+2
|
* add sigandset and sigorset (needed for qemu)rofl0r2012-12-062-0/+34
|
* fix powerpc sigsetjmp asm to match the new jmp_buf size/offsetsRich Felker2012-11-231-2/+2
|
* powerpc: handle syscall error in clone.rofl0r2012-11-191-14/+15
| | | | sigsetjmp: store temporaries in jmp_buf rather than on stack.
* fix powerpc asm not to store data in volatile space below stack pointerRich Felker2012-11-181-8/+8
| | | | | | | | | | | it's essential to decrement the stack pointer before writing to new stack space, rather than afterwards. otherwise there is a race condition during which asynchronous code (signals) could clobber the data being stored. it may be possible to optimize the code further using stwu, but I wanted to avoid making any changes to the actual stack layout in this commit. further improvements can be made separately if desired.
* fix indention with spaces in powerpc asmRich Felker2012-11-142-10/+10
|