about summary refs log tree commit diff
path: root/src/unistd
Commit message (Collapse)AuthorAgeFilesLines
* block all signals, even implementation-internal ones, in faccessat childRich Felker2013-08-091-1/+1
| | | | | | the child process's stack may be insufficient size to support a signal frame, and there is no reason these signal handlers should run in the child anyway.
* fix faccessat to support AT_EACCESS flagRich Felker2013-08-031-1/+46
| | | | | | | | | | | | | | this is another case of the kernel syscall failing to support flags where it needs to, leading to horrible workarounds in userspace. this time the workaround requires changing uid/gid, and that's not safe to do in the current process. in the worst case, kernel resource limits might prevent recovering the original values, and then there would be no way to safely return. so, use the safe but horribly inefficient alternative: forking. clone is used instead of fork to suppress signals from the child. fortunately this worst-case code is only needed when effective and real ids mismatch, which mainly happens in suid programs.
* make fchdir, fchmod, fchown, and fstat support O_PATH file descriptorsRich Felker2013-08-022-2/+18
| | | | | | | | | on newer kernels, fchdir and fstat work anyway. this same fix should be applied to any other syscalls that are similarly affected. with this change, the current definitions of O_SEARCH and O_EXEC as O_PATH are mostly conforming to POSIX requirements. the main remaining issue is that O_NOFOLLOW has different semantics.
* debloat code that depends on /proc/self/fd/%d with shared functionRich Felker2013-08-021-1/+3
| | | | | | | I intend to add more Linux workarounds that depend on using these pathnames, and some of them will be in "syscall" functions that, from an anti-bloat standpoint, should not depend on the whole snprintf framework.
* fix bogus lazy allocation in ctermid and missing malloc failure checkRich Felker2013-07-091-10/+7
| | | | | | also clean up, optimize, and simplify the code, removing branches by simply pre-setting the result string to an empty string, which will be preserved if other operations fail.
* fix fd leak on races and cancellation in ctermidRich Felker2013-07-091-2/+3
|
* in pipe2, use pipe() rather than __syscall(SYS_pipe, ...) for fallbackRich Felker2013-03-251-3/+3
| | | | | | | SYS_pipe is not usable directly in general, since mips has a very broken calling convention for the pipe syscall. instead, just call the function, so that the mips-specific ugliness is isolated in mips/pipe.s and not copied elsewhere.
* streamline old-kernel fallback path of pipe2 to use syscalls directlyRich Felker2013-02-031-4/+4
| | | | | | also, don't waste code/time on F_GETFL since pipes always have blank flags initially (at least on old kernels, which are all this fallback code matters for).
* fix double errno-decoding in the old-kernel fallback path of pipe2Rich Felker2012-12-111-1/+1
| | | | | this bug seems to have caused any failure by pipe2 on such systems to set errno to 1, rather than the proper error code.
* greatly improve freopen behaviorRich Felker2012-10-241-2/+13
| | | | | | | | | | | | | 1. don't open /dev/null just as a basis to copy flags; use shared __fmodeflags function to get the right file flags for the mode. 2. handle the case (probably invalid, but whatever) case where the original stream's file descriptor was closed; previously, the logic re-closed it. 3. accept the "e" mode flag for close-on-exec; update dup3 to fallback to using dup2 so we can simply call __dup3 instead of putting fallback logic in freopen itself.
* overhaul system() and popen() to use vfork; fix various related bugsRich Felker2012-10-181-3/+17
| | | | | | | | | | | | | | | | since we target systems without overcommit, special care should be taken that system() and popen(), like posix_spawn(), do not fail in processes whose commit charges are too high to allow ordinary forking. this in turn requires special precautions to ensure that the parent process's signal handlers do not end up running in the shared-memory child, where they could corrupt the state of the parent process. popen has also been updated to use pipe2, so it does not have a fd-leak race in multi-threaded programs. since pipe2 is missing on older kernels, (non-atomic) emulation has been added. some silly bugs in the old code should be gone too.
* move accept4, dup3, and pipe2 to non-linux-specific locationsRich Felker2012-09-292-0/+18
| | | | | these interfaces have been adopted by the Austin Group for inclusion in the next version of POSIX.
* fix some indention-with-spaces that crept inRich Felker2012-09-291-1/+1
|
* fix handling of EINTR during close()Rich Felker2012-09-241-1/+4
| | | | | | | | | | austin group interpretation for defect #529 (http://austingroupbugs.net/view.php?id=529) tightens the requirements on close such that, if it returns with EINTR, the file descriptor must not be closed. the linux kernel developers vehemently disagree with this, and will not change it. we catch and remap EINTR to EINPROGRESS, which the standard allows close() to return when the operation was not finished but the file descriptor has been closed.
* fix up lfs64 junk for preadv/pwritevRich Felker2012-09-092-2/+2
|
* add preadv/pwritev syscall wrappersRich Felker2012-09-092-0/+26
|
* add acct syscall source file, omitted in last syscalls commitRich Felker2012-09-081-0/+9
|
* further use of _Noreturn, for non-plain-C functionsRich Felker2012-09-061-1/+1
| | | | | | | | | | | | | | | | | | | note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-062-2/+2
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* fix broken ttyname[_r] (failure to null-terminate result)Rich Felker2012-09-061-1/+4
|
* initial version of mips (o32) port, based on work by Richard Pennington (rdp)Rich Felker2012-07-111-0/+20
| | | | | | | | | | | | | basically, this version of the code was obtained by starting with rdp's work from his ellcc source tree, adapting it to musl's build system and coding style, auditing the bits headers for discrepencies with kernel definitions or glibc/LSB ABI or large file issues, fixing up incompatibility with the old binutils from aboriginal linux, and adding some new special cases to deal with the oddities of sigaction and pipe syscall interfaces on mips. at present, minimal test programs work, but some interfaces are broken or missing. threaded programs probably will not link.
* fix mistake in length test in getlogin_rRich Felker2012-06-191-1/+1
| | | | | this was actually dangerously wrong, but presumably nobody uses this broken function anymore anyway..
* fix dummied-out fsyncRich Felker2012-06-191-2/+1
| | | | | | | if we eventually have build options, it might be nice to make an option to dummy this out again, in case anybody needs a system-wide disable for disk/ssd-thrashing, etc. that some daemons do when logging...
* fix dummied-out fdatasyncRich Felker2012-06-191-1/+1
|
* avoid deprecated (by linux) alarm syscall; use setitimer insteadRich Felker2012-05-241-1/+4
|
* support null buffer argument to getcwd, auto-allocating behaviorRich Felker2012-03-011-1/+6
| | | | | | | this is a popular extension some programs depend on, and by using a temporary buffer and strdup rather than malloc prior to the syscall, i've avoided the dependency on free and thus minimized the bloat cost of supporting this feature.
* cleanup various minor issues reported by nszRich Felker2011-09-261-1/+1
| | | | | | | | | the changes to syscall_ret are mostly no-ops in the generated code, just cleanup of type issues and removal of some implementation-defined behavior. the one exception is the change in the comparison value, which is fixed so that 0xf...f000 (which in principle could be a valid return value for mmap, although probably never in reality) is not treated as an error return.
* update syscalls with off_t arguments to handle argument alignment, if neededRich Felker2011-09-214-4/+4
| | | | | | the arm syscall abi requires 64-bit arguments to be aligned on an even register boundary. these new macros facilitate meeting the abi requirement without imposing significant ugliness on the code.
* fix various errors in function signatures/prototypes found by nszRich Felker2011-09-132-2/+2
|
* fix some bugs in setxid and update setrlimit to use __synccallRich Felker2011-07-301-8/+6
| | | | | | | | setrlimit is supposed to be per-process, not per-thread, but again linux gets it wrong. work around this in userspace. not only is it needed for correctness; setxid also depends on the resource limits for all threads being the same to avoid situations where temporarily unlimiting the limit succeeds in some threads but fails in others.
* add setxid.c for new set*id() framework. missed in last commit.Rich Felker2011-07-291-0/+49
|
* new attempt at making set*id() safe and robustRich Felker2011-07-298-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changing credentials in a multi-threaded program is extremely difficult on linux because it requires synchronizing the change between all threads, which have their own thread-local credentials on the kernel side. this is further complicated by the fact that changing the real uid can fail due to exceeding RLIMIT_NPROC, making it possible that the syscall will succeed in some threads but fail in others. the old __rsyscall approach being replaced was robust in that it would report failure if any one thread failed, but in this case, the program would be left in an inconsistent state where individual threads might have different uid. (this was not as bad as glibc, which would sometimes even fail to report the failure entirely!) the new approach being committed refuses to change real user id when it cannot temporarily set the rlimit to infinity. this is completely POSIX conformant since POSIX does not require an implementation to allow real-user-id changes for non-privileged processes whatsoever. still, setting the real uid can fail due to memory allocation in the kernel, but this can only happen if there is not already a cached object for the target user. thus, we forcibly serialize the syscalls attempts, and fail the entire operation on the first failure. this *should* lead to an all-or-nothing success/failure result, but it's still fragile and highly dependent on kernel developers not breaking things worse than they're already broken. ideally linux will eventually add a CLONE_USERCRED flag that would give POSIX conformant credential changes without any hacks from userspace, and all of this code would become redundant and could be removed ~10 years down the line when everyone has abandoned the old broken kernels. i'm not holding my breath...
* omit errno update path for syscalls that cannot failRich Felker2011-04-217-7/+7
|
* workaround bug in linux dup2Rich Felker2011-04-201-1/+4
| | | | | | the linux documentation for dup2 says it can fail with EBUSY due to a race condition with open and dup in the kernel. shield applications (and the rest of libc) from this nonsense by looping until it succeeds
* remove bogus extra logic for close cancellabilityRich Felker2011-04-181-3/+1
| | | | | | like all other syscalls, close should return to the caller if and only if it successfully performed its action. it is necessary that the application be able to determine whether the close succeeded.
* debloat: use __syscall instead of syscall where possibleRich Felker2011-04-171-1/+1
| | | | | | don't waste time (and significant code size due to function call overhead!) setting errno when the result of a syscall does not matter or when it can't fail.
* overhaul pthread cancellationRich Felker2011-04-178-38/+9
| | | | | | | | | | | | | | | | | | | | | | this patch improves the correctness, simplicity, and size of cancellation-related code. modulo any small errors, it should now be completely conformant, safe, and resource-leak free. the notion of entering and exiting cancellation-point context has been completely eliminated and replaced with alternative syscall assembly code for cancellable syscalls. the assembly is responsible for setting up execution context information (stack pointer and address of the syscall instruction) which the cancellation signal handler can use to determine whether the interrupted code was in a cancellable state. these changes eliminate race conditions in the previous generation of cancellation handling code (whereby a cancellation request received just prior to the syscall would not be processed, leaving the syscall to block, potentially indefinitely), and remedy an issue where non-cancellable syscalls made from signal handlers became cancellable if the signal handler interrupted a cancellation point. x86_64 asm is untested and may need a second try to get it right.
* consistency: change all remaining syscalls to use SYS_ rather than __NR_ prefixRich Felker2011-04-0612-12/+12
|
* move rsyscall out of pthread_create moduleRich Felker2011-04-066-12/+6
| | | | | | | | | | | | | | this is something of a tradeoff, as now set*id() functions, rather than pthread_create, are what pull in the code overhead for dealing with linux's refusal to implement proper POSIX thread-vs-process semantics. my motivations are: 1. it's cleaner this way, especially cleaner to optimize out the rsyscall locking overhead from pthread_create when it's not needed. 2. it's expected that only a tiny number of core system programs will ever use set*id() functions, whereas many programs may want to use threads, and making thread overhead tiny is an incentive for "light" programs to try threads.
* make ualarm actually work (obsolete function removed from SUS)Rich Felker2011-04-031-4/+9
|
* add setresuid/setresgid functions (nonstandard)Rich Felker2011-04-032-0/+20
|
* remove obsolete and useless useconds_t typeRich Felker2011-04-012-2/+2
|
* global cleanup to use the new syscall interfaceRich Felker2011-03-2049-50/+50
|
* syscall overhaul part two - unify public and internal syscall interfaceRich Felker2011-03-194-4/+4
| | | | | | | | | | | | | | | | with this patch, the syscallN() functions are no longer needed; a variadic syscall() macro allows syscalls with anywhere from 0 to 6 arguments to be made with a single macro name. also, manually casting each non-integer argument with (long) is no longer necessary; the casts are hidden in the macros. some source files which depended on being able to define the old macro SYSCALL_RETURNS_ERRNO have been modified to directly use __syscall() instead of syscall(). references to SYSCALL_SIGSET_SIZE and SYSCALL_LL have also been changed. x86_64 has not been tested, and may need a follow-up commit to fix any minor bugs/oversights.
* finish moving 32-bit-specific junk out of source files.Rich Felker2011-02-154-14/+4
|
* put confstr.c with the other conf functionsRich Felker2011-02-141-17/+0
|
* cleaning up syscalls in preparation for x86_64 portRich Felker2011-02-1314-24/+27
| | | | | | | | | - hide all the legacy xxxxxx32 name cruft in syscall.h so the actual source files can be clean and uniform across all archs. - cleanup llseek/lseek and mmap2/mmap handling for 32/64 bit systems - alternate implementation for nice if the target lacks nice syscall
* initial check-in, version 0.5.0 v0.5.0Rich Felker2011-02-1271-0/+646