about summary refs log tree commit diff
path: root/src/unistd
Commit message (Collapse)AuthorAgeFilesLines
* add mips64 portRich Felker2016-03-061-0/+19
| | | | | patch by Mahesh Bodapati and Jaydeep Patil of Imagination Technologies.
* switch to using trap number 31 for syscalls on shRich Felker2015-06-161-1/+1
| | | | | | | | | | | | | | | | | | | nominally the low bits of the trap number on sh are the number of syscall arguments, but they have never been used by the kernel, and some code making syscalls does not even know the number of arguments and needs to pass an arbitrary high number anyway. sh3/sh4 traditionally used the trap range 16-31 for syscalls, but part of this range overlapped with hardware exceptions/interrupts on sh2 hardware, so an incompatible range 32-47 was chosen for sh2. using trap number 31 everywhere, since it's in the existing sh3/sh4 range and does not conflict with sh2 hardware, is a proposed unification of the kernel syscall convention that will allow binaries to be shared between sh2 and sh3/sh4. if this is not accepted into the kernel, we can refit the sh2 target with runtime selection mechanisms for the trap number, but doing so would be invasive and would entail non-trivial overhead.
* fix possible isatty false positives and unwanted device state changesRich Felker2015-02-231-3/+4
| | | | | | | | | | | | | | | | | | | | | | | the equivalent checks for newly opened stdio output streams, used to determine buffering mode, are also fixed. on most archs, the TCGETS ioctl command shares a value with SNDCTL_TMR_TIMEBASE, part of the OSS sound API which was apparently used with certain MIDI and timer devices. for file descriptors referring to such a device, TCGETS will not fail with ENOTTY as expected; it may produce a different error, or may succeed, and if it succeeds it changes the mode of the device. while it's unlikely that such devices are in use, this is in principle very harmful behavior for an operation which is supposed to do nothing but query whether the fd refers to a tty. TIOCGWINSZ, used to query logical window size for a terminal, was chosen as an alternate ioctl to perform the isatty check. it does not share a value with any other ioctl commands, and it succeeds on any tty device. this change also cleans up strace output to be less ugly and misleading.
* map interruption of close by signal to success rather than EINPROGRESSRich Felker2015-02-201-1/+1
| | | | | | | | | commit 82dc1e2e783815e00a90cd3f681436a80d54a314 addressed the resolution of Austin Group issue 529, which requires close to leave the fd open when failing with EINTR, by returning the newly defined error code EINPROGRESS. this turns out to be a bad idea, though, since legacy applications not aware of the new specification are likely to interpret any error from close except EINTR as a hard failure.
* overhaul aio implementation for correctnessRich Felker2015-02-131-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | previously, aio operations were not tracked by file descriptor; each operation was completely independent. this resulted in non-conforming behavior for non-seekable/append-mode writes (which are required to be ordered) and made it impossible to implement aio_cancel, which in turn made closing file descriptors with outstanding aio operations unsafe. the new implementation is significantly heavier (roughly twice the size, and seems to be slightly slower) and presently aims mainly at correctness, not performance. most of the public interfaces have been moved into a single file, aio.c, because there is little benefit to be had from splitting them. whenever any aio functions are used, aio_cancel and the internal queue lifetime management and fd-to-queue mapping code must be linked, and these functions make up the bulk of the code size. the close function's interaction with aio is implemented with weak alias magic, to avoid pulling in heavy aio cancellation code in programs that don't use aio, and the expensive cancellation path (which includes signal blocking) is optimized out when there are no active aio queues.
* make fsync, fdatasync, and msync cancellation pointsTrutz Behn2015-01-302-2/+2
| | | | | these are mandatory cancellation points per POSIX, so their omission was a conformance bug.
* for multithreaded set*id/setrlimit, handle case where callback does not runRich Felker2015-01-151-1/+1
| | | | | | | | in the current version of __synccall, the callback is always run, so failure to handle this case did not matter. however, the upcoming overhaul of __synccall will have failure cases, in which case the callback does not run and errno is already set. the changes being committed now are in preparation for that.
* remove rlimit hacks from multi-threaded set*id() codeRich Felker2015-01-121-23/+15
| | | | | | | | | | | | | | | | | | | | | | | the code being removed was introduced to work around "partial failure" of multi-threaded set*id() operations, where some threads would succeed in changing their ids but an RLIMIT_NPROC setting would prevent the rest from succeeding, leaving the process in an inconsistent and dangerous state. however, the workaround code did not handle important usage cases like swapping real and effective uids then restoring their original values, and the wrongful kernel enforcement of RLIMIT_NPROC at setuid time was removed in Linux 3.1, making the workaround obsolete. since the partial failure still is dangerous on old kernels, and could in principle happen on post-fix kernels as well if set*id() syscalls fail for another spurious reason such as resource-related failures, new code is added to detect and forcibly kill the process if/when such a situation arises. future documentation releases should be updated to reflect that setting RLIMIT_NPROC to RLIM_INFINITY is necessary to avoid this forced-kill on old kernels. ideally, at some point the kernel will get proper multi-threaded set*id() syscalls capable of performing their actions atomically, and all of the userspace code to emulate them can be treated as a fallback for outdated kernels.
* simplify ctermidRich Felker2015-01-121-14/+2
| | | | | | | | | | opening /dev/tty then using ttyname_r on it does not produce a canonical terminal name; it simply yields "/dev/tty". it would be possible to make ctermid determine the actual controlling terminal device via field 7 of /proc/self/stat, but doing so would introduce a buffer overflow into applications built with L_ctermid==9, which glibc defines, adversely affecting the quality of ABI compat.
* support linux kernel apis (new archs) with old syscalls removedRich Felker2014-05-2914-1/+69
| | | | | | | | | | | | | | | | | | | | | | | | such archs are expected to omit definitions of the SYS_* macros for syscalls their kernels lack from arch/$ARCH/bits/syscall.h. the preprocessor is then able to select the an appropriate implementation for affected functions. two basic strategies are used on a case-by-case basis: where the old syscalls correspond to deprecated library-level functions, the deprecated functions have been converted to wrappers for the modern function, and the modern function has fallback code (omitted at the preprocessor level on new archs) to make use of the old syscalls if the new syscall fails with ENOSYS. this also improves functionality on older kernels and eliminates the incentive to program with deprecated library-level functions for the sake of compatibility with older kernels. in other situations where the old syscalls correspond to library-level functions which are not deprecated but merely lack some new features, such as the *at functions, the old syscalls are still used on archs which support them. this may change at some point in the future if or when fallback code is added to the new functions to make them usable (possibly with reduced functionality) on old kernels.
* rename superh port to "sh" for consistencyRich Felker2014-02-271-0/+0
| | | | | | | | | linux, gcc, etc. all use "sh" as the name for the superh arch. there was already some inconsistency internally in musl: the dynamic linker was searching for "ld-musl-sh.path" as its path file despite its own name being "ld-musl-superh.so.1". there was some sentiment in both directions as to how to resolve the inconsistency, but overall "sh" was favored.
* superh portBobby Bingham2014-02-231-0/+27
|
* fix failure of fchmod, fstat, fchdir, and fchown to produce EBADFRich Felker2013-12-192-2/+6
| | | | | | | | | | | | | | | | | | | the workaround/fallback code for supporting O_PATH file descriptors when the kernel lacks support for performing these operations on them caused EBADF to get replaced by ENOENT (due to missing entry in /proc/self/fd). this is unlikely to affect real-world code (calls that might yield EBADF are generally unsafe, especially in library code) but it was breaking some test cases. the fix I've applied is something of a tradeoff: it adds one syscall to these operations on kernels where the workaround is needed. the alternative would be to catch ENOENT from the /proc lookup and translate it to EBADF, but I want to avoid doing that in the interest of not touching/depending on /proc at all in these functions as long as the kernel correctly supports the operations. this is following the general principle of isolating hacks to code paths that are taken on broken systems, and keeping the code for correct systems completely hack-free.
* include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy2013-12-125-6/+1
|
* add posix_close, accepted for inclusion in the next issue of POSIXRich Felker2013-12-061-0/+6
| | | | | this is purely a wrapper for close since Linux does not support EINTR semantics for the close syscall.
* simplify faccessat AT_EACCESS path and eliminate resource dependenceRich Felker2013-11-011-14/+21
| | | | | | | now that we're waiting for the exit status of the child process, the result can be conveyed in the exit status rather than via a pipe. since the error value might not fit in 7 bits, a table is used to translate possible meaningful error values to small integers.
* fix faccessat AT_EACCESS path not to leave zombie processesRich Felker2013-11-011-2/+6
| | | | | | I mistakenly assumed that clone without a signal produced processes that would not become zombies; however, waitpid with __WCLONE is required to release their pids.
* in faccessat slow path, add close-on-exec to pipe fdsRich Felker2013-10-181-1/+1
| | | | | as usual, this is needed to avoid fd leaks. as a better solution, the use of fds could possibly be replaced with mmap and a futex.
* fix uid/gid-setting error in faccessat with AT_EACCESS flagRich Felker2013-10-121-2/+2
| | | | | | | | | | | | | | | | this fixes an issue reported by Daniel Thau whereby faccessat with the AT_EACCESS flag did not work in cases where the process is running suid or sgid but without root privileges. per POSIX, when the process does not have "appropriate privileges", setuid changes the euid, not the real uid, and the target uid must be equal to the current real or saved uid; if this condition is not met, EPERM results. this caused the faccessat child process to fail. using the setreuid syscall rather than setuid works. POSIX leaves it unspecified whether setreuid can set the real user id to the effective user id on processes without "appropriate privileges", but Linux allows this; if it's not allowed, there would be no way for this function to work.
* fix errno value for getcwd when size argument is zeroRich Felker2013-10-081-1/+7
| | | | | | | | | based on patch by Michael Forney. at the same time, I've changed the if branch to be more clear, avoiding the comma operator. the underlying issue is that Linux always returns ERANGE when size is too short, even when it's zero, rather than returning EINVAL for the special case of zero as required by POSIX.
* fix missing return value warning in faccessat, minor cleanupRich Felker2013-08-311-1/+1
| | | | | clone will pass the return value of the start function to SYS_exit anyway; there's no need to call the syscall directly.
* block all signals, even implementation-internal ones, in faccessat childRich Felker2013-08-091-1/+1
| | | | | | the child process's stack may be insufficient size to support a signal frame, and there is no reason these signal handlers should run in the child anyway.
* fix faccessat to support AT_EACCESS flagRich Felker2013-08-031-1/+46
| | | | | | | | | | | | | | this is another case of the kernel syscall failing to support flags where it needs to, leading to horrible workarounds in userspace. this time the workaround requires changing uid/gid, and that's not safe to do in the current process. in the worst case, kernel resource limits might prevent recovering the original values, and then there would be no way to safely return. so, use the safe but horribly inefficient alternative: forking. clone is used instead of fork to suppress signals from the child. fortunately this worst-case code is only needed when effective and real ids mismatch, which mainly happens in suid programs.
* make fchdir, fchmod, fchown, and fstat support O_PATH file descriptorsRich Felker2013-08-022-2/+18
| | | | | | | | | on newer kernels, fchdir and fstat work anyway. this same fix should be applied to any other syscalls that are similarly affected. with this change, the current definitions of O_SEARCH and O_EXEC as O_PATH are mostly conforming to POSIX requirements. the main remaining issue is that O_NOFOLLOW has different semantics.
* debloat code that depends on /proc/self/fd/%d with shared functionRich Felker2013-08-021-1/+3
| | | | | | | I intend to add more Linux workarounds that depend on using these pathnames, and some of them will be in "syscall" functions that, from an anti-bloat standpoint, should not depend on the whole snprintf framework.
* fix bogus lazy allocation in ctermid and missing malloc failure checkRich Felker2013-07-091-10/+7
| | | | | | also clean up, optimize, and simplify the code, removing branches by simply pre-setting the result string to an empty string, which will be preserved if other operations fail.
* fix fd leak on races and cancellation in ctermidRich Felker2013-07-091-2/+3
|
* in pipe2, use pipe() rather than __syscall(SYS_pipe, ...) for fallbackRich Felker2013-03-251-3/+3
| | | | | | | SYS_pipe is not usable directly in general, since mips has a very broken calling convention for the pipe syscall. instead, just call the function, so that the mips-specific ugliness is isolated in mips/pipe.s and not copied elsewhere.
* streamline old-kernel fallback path of pipe2 to use syscalls directlyRich Felker2013-02-031-4/+4
| | | | | | also, don't waste code/time on F_GETFL since pipes always have blank flags initially (at least on old kernels, which are all this fallback code matters for).
* fix double errno-decoding in the old-kernel fallback path of pipe2Rich Felker2012-12-111-1/+1
| | | | | this bug seems to have caused any failure by pipe2 on such systems to set errno to 1, rather than the proper error code.
* greatly improve freopen behaviorRich Felker2012-10-241-2/+13
| | | | | | | | | | | | | 1. don't open /dev/null just as a basis to copy flags; use shared __fmodeflags function to get the right file flags for the mode. 2. handle the case (probably invalid, but whatever) case where the original stream's file descriptor was closed; previously, the logic re-closed it. 3. accept the "e" mode flag for close-on-exec; update dup3 to fallback to using dup2 so we can simply call __dup3 instead of putting fallback logic in freopen itself.
* overhaul system() and popen() to use vfork; fix various related bugsRich Felker2012-10-181-3/+17
| | | | | | | | | | | | | | | | since we target systems without overcommit, special care should be taken that system() and popen(), like posix_spawn(), do not fail in processes whose commit charges are too high to allow ordinary forking. this in turn requires special precautions to ensure that the parent process's signal handlers do not end up running in the shared-memory child, where they could corrupt the state of the parent process. popen has also been updated to use pipe2, so it does not have a fd-leak race in multi-threaded programs. since pipe2 is missing on older kernels, (non-atomic) emulation has been added. some silly bugs in the old code should be gone too.
* move accept4, dup3, and pipe2 to non-linux-specific locationsRich Felker2012-09-292-0/+18
| | | | | these interfaces have been adopted by the Austin Group for inclusion in the next version of POSIX.
* fix some indention-with-spaces that crept inRich Felker2012-09-291-1/+1
|
* fix handling of EINTR during close()Rich Felker2012-09-241-1/+4
| | | | | | | | | | austin group interpretation for defect #529 (http://austingroupbugs.net/view.php?id=529) tightens the requirements on close such that, if it returns with EINTR, the file descriptor must not be closed. the linux kernel developers vehemently disagree with this, and will not change it. we catch and remap EINTR to EINPROGRESS, which the standard allows close() to return when the operation was not finished but the file descriptor has been closed.
* fix up lfs64 junk for preadv/pwritevRich Felker2012-09-092-2/+2
|
* add preadv/pwritev syscall wrappersRich Felker2012-09-092-0/+26
|
* add acct syscall source file, omitted in last syscalls commitRich Felker2012-09-081-0/+9
|
* further use of _Noreturn, for non-plain-C functionsRich Felker2012-09-061-1/+1
| | | | | | | | | | | | | | | | | | | note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-062-2/+2
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* fix broken ttyname[_r] (failure to null-terminate result)Rich Felker2012-09-061-1/+4
|
* initial version of mips (o32) port, based on work by Richard Pennington (rdp)Rich Felker2012-07-111-0/+20
| | | | | | | | | | | | | basically, this version of the code was obtained by starting with rdp's work from his ellcc source tree, adapting it to musl's build system and coding style, auditing the bits headers for discrepencies with kernel definitions or glibc/LSB ABI or large file issues, fixing up incompatibility with the old binutils from aboriginal linux, and adding some new special cases to deal with the oddities of sigaction and pipe syscall interfaces on mips. at present, minimal test programs work, but some interfaces are broken or missing. threaded programs probably will not link.
* fix mistake in length test in getlogin_rRich Felker2012-06-191-1/+1
| | | | | this was actually dangerously wrong, but presumably nobody uses this broken function anymore anyway..
* fix dummied-out fsyncRich Felker2012-06-191-2/+1
| | | | | | | if we eventually have build options, it might be nice to make an option to dummy this out again, in case anybody needs a system-wide disable for disk/ssd-thrashing, etc. that some daemons do when logging...
* fix dummied-out fdatasyncRich Felker2012-06-191-1/+1
|
* avoid deprecated (by linux) alarm syscall; use setitimer insteadRich Felker2012-05-241-1/+4
|
* support null buffer argument to getcwd, auto-allocating behaviorRich Felker2012-03-011-1/+6
| | | | | | | this is a popular extension some programs depend on, and by using a temporary buffer and strdup rather than malloc prior to the syscall, i've avoided the dependency on free and thus minimized the bloat cost of supporting this feature.
* cleanup various minor issues reported by nszRich Felker2011-09-261-1/+1
| | | | | | | | | the changes to syscall_ret are mostly no-ops in the generated code, just cleanup of type issues and removal of some implementation-defined behavior. the one exception is the change in the comparison value, which is fixed so that 0xf...f000 (which in principle could be a valid return value for mmap, although probably never in reality) is not treated as an error return.
* update syscalls with off_t arguments to handle argument alignment, if neededRich Felker2011-09-214-4/+4
| | | | | | the arm syscall abi requires 64-bit arguments to be aligned on an even register boundary. these new macros facilitate meeting the abi requirement without imposing significant ugliness on the code.
* fix various errors in function signatures/prototypes found by nszRich Felker2011-09-132-2/+2
|