105436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* POSIX compatible signal blocking.
205436638acc7c010349a69c3395f1a57c642dc62Ying Wang   Copyright (C) 2008-2012 Free Software Foundation, Inc.
305436638acc7c010349a69c3395f1a57c642dc62Ying Wang   Written by Eric Blake <ebb9@byu.net>, 2008.
405436638acc7c010349a69c3395f1a57c642dc62Ying Wang
505436638acc7c010349a69c3395f1a57c642dc62Ying Wang   This program is free software: you can redistribute it and/or modify
605436638acc7c010349a69c3395f1a57c642dc62Ying Wang   it under the terms of the GNU General Public License as published by
705436638acc7c010349a69c3395f1a57c642dc62Ying Wang   the Free Software Foundation; either version 3 of the License, or
805436638acc7c010349a69c3395f1a57c642dc62Ying Wang   (at your option) any later version.
905436638acc7c010349a69c3395f1a57c642dc62Ying Wang
1005436638acc7c010349a69c3395f1a57c642dc62Ying Wang   This program is distributed in the hope that it will be useful,
1105436638acc7c010349a69c3395f1a57c642dc62Ying Wang   but WITHOUT ANY WARRANTY; without even the implied warranty of
1205436638acc7c010349a69c3395f1a57c642dc62Ying Wang   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
1305436638acc7c010349a69c3395f1a57c642dc62Ying Wang   GNU General Public License for more details.
1405436638acc7c010349a69c3395f1a57c642dc62Ying Wang
1505436638acc7c010349a69c3395f1a57c642dc62Ying Wang   You should have received a copy of the GNU General Public License
1605436638acc7c010349a69c3395f1a57c642dc62Ying Wang   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
1705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
1805436638acc7c010349a69c3395f1a57c642dc62Ying Wang#include <config.h>
1905436638acc7c010349a69c3395f1a57c642dc62Ying Wang
2005436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* Specification.  */
2105436638acc7c010349a69c3395f1a57c642dc62Ying Wang#include <signal.h>
2205436638acc7c010349a69c3395f1a57c642dc62Ying Wang
2305436638acc7c010349a69c3395f1a57c642dc62Ying Wang#include <errno.h>
2405436638acc7c010349a69c3395f1a57c642dc62Ying Wang#include <stdint.h>
2505436638acc7c010349a69c3395f1a57c642dc62Ying Wang#include <stdlib.h>
2605436638acc7c010349a69c3395f1a57c642dc62Ying Wang
2705436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* This implementation of sigaction is tailored to native Windows behavior:
2805436638acc7c010349a69c3395f1a57c642dc62Ying Wang   signal() has SysV semantics (ie. the handler is uninstalled before
2905436638acc7c010349a69c3395f1a57c642dc62Ying Wang   it is invoked).  This is an inherent data race if an asynchronous
3005436638acc7c010349a69c3395f1a57c642dc62Ying Wang   signal is sent twice in a row before we can reinstall our handler,
3105436638acc7c010349a69c3395f1a57c642dc62Ying Wang   but there's nothing we can do about it.  Meanwhile, sigprocmask()
3205436638acc7c010349a69c3395f1a57c642dc62Ying Wang   is not present, and while we can use the gnulib replacement to
3305436638acc7c010349a69c3395f1a57c642dc62Ying Wang   provide critical sections, it too suffers from potential data races
3405436638acc7c010349a69c3395f1a57c642dc62Ying Wang   in the face of an ill-timed asynchronous signal.  And we compound
3505436638acc7c010349a69c3395f1a57c642dc62Ying Wang   the situation by reading static storage in a signal handler, which
3605436638acc7c010349a69c3395f1a57c642dc62Ying Wang   POSIX warns is not generically async-signal-safe.  Oh well.
3705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
3805436638acc7c010349a69c3395f1a57c642dc62Ying Wang   Additionally:
3905436638acc7c010349a69c3395f1a57c642dc62Ying Wang     - We don't implement SA_NOCLDSTOP or SA_NOCLDWAIT, because SIGCHLD
4005436638acc7c010349a69c3395f1a57c642dc62Ying Wang       is not defined.
4105436638acc7c010349a69c3395f1a57c642dc62Ying Wang     - We don't implement SA_ONSTACK, because sigaltstack() is not present.
4205436638acc7c010349a69c3395f1a57c642dc62Ying Wang     - We ignore SA_RESTART, because blocking native Windows API calls are
4305436638acc7c010349a69c3395f1a57c642dc62Ying Wang       not interrupted anyway when an asynchronous signal occurs, and the
4405436638acc7c010349a69c3395f1a57c642dc62Ying Wang       MSVCRT runtime never sets errno to EINTR.
4505436638acc7c010349a69c3395f1a57c642dc62Ying Wang     - We don't implement SA_SIGINFO because it is impossible to do so
4605436638acc7c010349a69c3395f1a57c642dc62Ying Wang       portably.
4705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
4805436638acc7c010349a69c3395f1a57c642dc62Ying Wang   POSIX states that an application should not mix signal() and
4905436638acc7c010349a69c3395f1a57c642dc62Ying Wang   sigaction().  We support the use of signal() within the gnulib
5005436638acc7c010349a69c3395f1a57c642dc62Ying Wang   sigprocmask() substitute, but all other application code linked
5105436638acc7c010349a69c3395f1a57c642dc62Ying Wang   with this module should stick with only sigaction().  */
5205436638acc7c010349a69c3395f1a57c642dc62Ying Wang
5305436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* Check some of our assumptions.  */
5405436638acc7c010349a69c3395f1a57c642dc62Ying Wang#if defined SIGCHLD || defined HAVE_SIGALTSTACK || defined HAVE_SIGINTERRUPT
5505436638acc7c010349a69c3395f1a57c642dc62Ying Wang# error "Revisit the assumptions made in the sigaction module"
5605436638acc7c010349a69c3395f1a57c642dc62Ying Wang#endif
5705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
5805436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* Out-of-range substitutes make a good fallback for uncatchable
5905436638acc7c010349a69c3395f1a57c642dc62Ying Wang   signals.  */
6005436638acc7c010349a69c3395f1a57c642dc62Ying Wang#ifndef SIGKILL
6105436638acc7c010349a69c3395f1a57c642dc62Ying Wang# define SIGKILL (-1)
6205436638acc7c010349a69c3395f1a57c642dc62Ying Wang#endif
6305436638acc7c010349a69c3395f1a57c642dc62Ying Wang#ifndef SIGSTOP
6405436638acc7c010349a69c3395f1a57c642dc62Ying Wang# define SIGSTOP (-1)
6505436638acc7c010349a69c3395f1a57c642dc62Ying Wang#endif
6605436638acc7c010349a69c3395f1a57c642dc62Ying Wang
6705436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* On native Windows, as of 2008, the signal SIGABRT_COMPAT is an alias
6805436638acc7c010349a69c3395f1a57c642dc62Ying Wang   for the signal SIGABRT.  Only one signal handler is stored for both
6905436638acc7c010349a69c3395f1a57c642dc62Ying Wang   SIGABRT and SIGABRT_COMPAT.  SIGABRT_COMPAT is not a signal of its own.  */
7005436638acc7c010349a69c3395f1a57c642dc62Ying Wang#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
7105436638acc7c010349a69c3395f1a57c642dc62Ying Wang# undef SIGABRT_COMPAT
7205436638acc7c010349a69c3395f1a57c642dc62Ying Wang# define SIGABRT_COMPAT 6
7305436638acc7c010349a69c3395f1a57c642dc62Ying Wang#endif
7405436638acc7c010349a69c3395f1a57c642dc62Ying Wang
7505436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* A signal handler.  */
7605436638acc7c010349a69c3395f1a57c642dc62Ying Wangtypedef void (*handler_t) (int signal);
7705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
7805436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* Set of current actions.  If sa_handler for an entry is NULL, then
7905436638acc7c010349a69c3395f1a57c642dc62Ying Wang   that signal is not currently handled by the sigaction handler.  */
8005436638acc7c010349a69c3395f1a57c642dc62Ying Wangstatic struct sigaction volatile action_array[NSIG] /* = 0 */;
8105436638acc7c010349a69c3395f1a57c642dc62Ying Wang
8205436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* Signal handler that is installed for signals.  */
8305436638acc7c010349a69c3395f1a57c642dc62Ying Wangstatic void
8405436638acc7c010349a69c3395f1a57c642dc62Ying Wangsigaction_handler (int sig)
8505436638acc7c010349a69c3395f1a57c642dc62Ying Wang{
8605436638acc7c010349a69c3395f1a57c642dc62Ying Wang  handler_t handler;
8705436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigset_t mask;
8805436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigset_t oldmask;
8905436638acc7c010349a69c3395f1a57c642dc62Ying Wang  int saved_errno = errno;
9005436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if (sig < 0 || NSIG <= sig || !action_array[sig].sa_handler)
9105436638acc7c010349a69c3395f1a57c642dc62Ying Wang    {
9205436638acc7c010349a69c3395f1a57c642dc62Ying Wang      /* Unexpected situation; be careful to avoid recursive abort.  */
9305436638acc7c010349a69c3395f1a57c642dc62Ying Wang      if (sig == SIGABRT)
9405436638acc7c010349a69c3395f1a57c642dc62Ying Wang        signal (SIGABRT, SIG_DFL);
9505436638acc7c010349a69c3395f1a57c642dc62Ying Wang      abort ();
9605436638acc7c010349a69c3395f1a57c642dc62Ying Wang    }
9705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
9805436638acc7c010349a69c3395f1a57c642dc62Ying Wang  /* Reinstall the signal handler when required; otherwise update the
9905436638acc7c010349a69c3395f1a57c642dc62Ying Wang     bookkeeping so that the user's handler may call sigaction and get
10005436638acc7c010349a69c3395f1a57c642dc62Ying Wang     accurate results.  We know the signal isn't currently blocked, or
10105436638acc7c010349a69c3395f1a57c642dc62Ying Wang     we wouldn't be in its handler, therefore we know that we are not
10205436638acc7c010349a69c3395f1a57c642dc62Ying Wang     interrupting a sigaction() call.  There is a race where any
10305436638acc7c010349a69c3395f1a57c642dc62Ying Wang     asynchronous instance of the same signal occurring before we
10405436638acc7c010349a69c3395f1a57c642dc62Ying Wang     reinstall the handler will trigger the default handler; oh
10505436638acc7c010349a69c3395f1a57c642dc62Ying Wang     well.  */
10605436638acc7c010349a69c3395f1a57c642dc62Ying Wang  handler = action_array[sig].sa_handler;
10705436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if ((action_array[sig].sa_flags & SA_RESETHAND) == 0)
10805436638acc7c010349a69c3395f1a57c642dc62Ying Wang    signal (sig, sigaction_handler);
10905436638acc7c010349a69c3395f1a57c642dc62Ying Wang  else
11005436638acc7c010349a69c3395f1a57c642dc62Ying Wang    action_array[sig].sa_handler = NULL;
11105436638acc7c010349a69c3395f1a57c642dc62Ying Wang
11205436638acc7c010349a69c3395f1a57c642dc62Ying Wang  /* Block appropriate signals.  */
11305436638acc7c010349a69c3395f1a57c642dc62Ying Wang  mask = action_array[sig].sa_mask;
11405436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if ((action_array[sig].sa_flags & SA_NODEFER) == 0)
11505436638acc7c010349a69c3395f1a57c642dc62Ying Wang    sigaddset (&mask, sig);
11605436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigprocmask (SIG_BLOCK, &mask, &oldmask);
11705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
11805436638acc7c010349a69c3395f1a57c642dc62Ying Wang  /* Invoke the user's handler, then restore prior mask.  */
11905436638acc7c010349a69c3395f1a57c642dc62Ying Wang  errno = saved_errno;
12005436638acc7c010349a69c3395f1a57c642dc62Ying Wang  handler (sig);
12105436638acc7c010349a69c3395f1a57c642dc62Ying Wang  saved_errno = errno;
12205436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigprocmask (SIG_SETMASK, &oldmask, NULL);
12305436638acc7c010349a69c3395f1a57c642dc62Ying Wang  errno = saved_errno;
12405436638acc7c010349a69c3395f1a57c642dc62Ying Wang}
12505436638acc7c010349a69c3395f1a57c642dc62Ying Wang
12605436638acc7c010349a69c3395f1a57c642dc62Ying Wang/* Change and/or query the action that will be taken on delivery of
12705436638acc7c010349a69c3395f1a57c642dc62Ying Wang   signal SIG.  If not NULL, ACT describes the new behavior.  If not
12805436638acc7c010349a69c3395f1a57c642dc62Ying Wang   NULL, OACT is set to the prior behavior.  Return 0 on success, or
12905436638acc7c010349a69c3395f1a57c642dc62Ying Wang   set errno and return -1 on failure.  */
13005436638acc7c010349a69c3395f1a57c642dc62Ying Wangint
13105436638acc7c010349a69c3395f1a57c642dc62Ying Wangsigaction (int sig, const struct sigaction *restrict act,
13205436638acc7c010349a69c3395f1a57c642dc62Ying Wang           struct sigaction *restrict oact)
13305436638acc7c010349a69c3395f1a57c642dc62Ying Wang{
13405436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigset_t mask;
13505436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigset_t oldmask;
13605436638acc7c010349a69c3395f1a57c642dc62Ying Wang  int saved_errno;
13705436638acc7c010349a69c3395f1a57c642dc62Ying Wang
13805436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if (sig < 0 || NSIG <= sig || sig == SIGKILL || sig == SIGSTOP
13905436638acc7c010349a69c3395f1a57c642dc62Ying Wang      || (act && act->sa_handler == SIG_ERR))
14005436638acc7c010349a69c3395f1a57c642dc62Ying Wang    {
14105436638acc7c010349a69c3395f1a57c642dc62Ying Wang      errno = EINVAL;
14205436638acc7c010349a69c3395f1a57c642dc62Ying Wang      return -1;
14305436638acc7c010349a69c3395f1a57c642dc62Ying Wang    }
14405436638acc7c010349a69c3395f1a57c642dc62Ying Wang
14505436638acc7c010349a69c3395f1a57c642dc62Ying Wang#ifdef SIGABRT_COMPAT
14605436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if (sig == SIGABRT_COMPAT)
14705436638acc7c010349a69c3395f1a57c642dc62Ying Wang    sig = SIGABRT;
14805436638acc7c010349a69c3395f1a57c642dc62Ying Wang#endif
14905436638acc7c010349a69c3395f1a57c642dc62Ying Wang
15005436638acc7c010349a69c3395f1a57c642dc62Ying Wang  /* POSIX requires sigaction() to be async-signal-safe.  In other
15105436638acc7c010349a69c3395f1a57c642dc62Ying Wang     words, if an asynchronous signal can occur while we are anywhere
15205436638acc7c010349a69c3395f1a57c642dc62Ying Wang     inside this function, the user's handler could then call
15305436638acc7c010349a69c3395f1a57c642dc62Ying Wang     sigaction() recursively and expect consistent results.  We meet
15405436638acc7c010349a69c3395f1a57c642dc62Ying Wang     this rule by using sigprocmask to block all signals before
15505436638acc7c010349a69c3395f1a57c642dc62Ying Wang     modifying any data structure that could be read from a signal
15605436638acc7c010349a69c3395f1a57c642dc62Ying Wang     handler; this works since we know that the gnulib sigprocmask
15705436638acc7c010349a69c3395f1a57c642dc62Ying Wang     replacement does not try to use sigaction() from its handler.  */
15805436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if (!act && !oact)
15905436638acc7c010349a69c3395f1a57c642dc62Ying Wang    return 0;
16005436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigfillset (&mask);
16105436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigprocmask (SIG_BLOCK, &mask, &oldmask);
16205436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if (oact)
16305436638acc7c010349a69c3395f1a57c642dc62Ying Wang    {
16405436638acc7c010349a69c3395f1a57c642dc62Ying Wang      if (action_array[sig].sa_handler)
16505436638acc7c010349a69c3395f1a57c642dc62Ying Wang        *oact = action_array[sig];
16605436638acc7c010349a69c3395f1a57c642dc62Ying Wang      else
16705436638acc7c010349a69c3395f1a57c642dc62Ying Wang        {
16805436638acc7c010349a69c3395f1a57c642dc62Ying Wang          /* Safe to change the handler at will here, since all
16905436638acc7c010349a69c3395f1a57c642dc62Ying Wang             signals are currently blocked.  */
17005436638acc7c010349a69c3395f1a57c642dc62Ying Wang          oact->sa_handler = signal (sig, SIG_DFL);
17105436638acc7c010349a69c3395f1a57c642dc62Ying Wang          if (oact->sa_handler == SIG_ERR)
17205436638acc7c010349a69c3395f1a57c642dc62Ying Wang            goto failure;
17305436638acc7c010349a69c3395f1a57c642dc62Ying Wang          signal (sig, oact->sa_handler);
17405436638acc7c010349a69c3395f1a57c642dc62Ying Wang          oact->sa_flags = SA_RESETHAND | SA_NODEFER;
17505436638acc7c010349a69c3395f1a57c642dc62Ying Wang          sigemptyset (&oact->sa_mask);
17605436638acc7c010349a69c3395f1a57c642dc62Ying Wang        }
17705436638acc7c010349a69c3395f1a57c642dc62Ying Wang    }
17805436638acc7c010349a69c3395f1a57c642dc62Ying Wang
17905436638acc7c010349a69c3395f1a57c642dc62Ying Wang  if (act)
18005436638acc7c010349a69c3395f1a57c642dc62Ying Wang    {
18105436638acc7c010349a69c3395f1a57c642dc62Ying Wang      /* Safe to install the handler before updating action_array,
18205436638acc7c010349a69c3395f1a57c642dc62Ying Wang         since all signals are currently blocked.  */
18305436638acc7c010349a69c3395f1a57c642dc62Ying Wang      if (act->sa_handler == SIG_DFL || act->sa_handler == SIG_IGN)
18405436638acc7c010349a69c3395f1a57c642dc62Ying Wang        {
18505436638acc7c010349a69c3395f1a57c642dc62Ying Wang          if (signal (sig, act->sa_handler) == SIG_ERR)
18605436638acc7c010349a69c3395f1a57c642dc62Ying Wang            goto failure;
18705436638acc7c010349a69c3395f1a57c642dc62Ying Wang          action_array[sig].sa_handler = NULL;
18805436638acc7c010349a69c3395f1a57c642dc62Ying Wang        }
18905436638acc7c010349a69c3395f1a57c642dc62Ying Wang      else
19005436638acc7c010349a69c3395f1a57c642dc62Ying Wang        {
19105436638acc7c010349a69c3395f1a57c642dc62Ying Wang          if (signal (sig, sigaction_handler) == SIG_ERR)
19205436638acc7c010349a69c3395f1a57c642dc62Ying Wang            goto failure;
19305436638acc7c010349a69c3395f1a57c642dc62Ying Wang          action_array[sig] = *act;
19405436638acc7c010349a69c3395f1a57c642dc62Ying Wang        }
19505436638acc7c010349a69c3395f1a57c642dc62Ying Wang    }
19605436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigprocmask (SIG_SETMASK, &oldmask, NULL);
19705436638acc7c010349a69c3395f1a57c642dc62Ying Wang  return 0;
19805436638acc7c010349a69c3395f1a57c642dc62Ying Wang
19905436638acc7c010349a69c3395f1a57c642dc62Ying Wang failure:
20005436638acc7c010349a69c3395f1a57c642dc62Ying Wang  saved_errno = errno;
20105436638acc7c010349a69c3395f1a57c642dc62Ying Wang  sigprocmask (SIG_SETMASK, &oldmask, NULL);
20205436638acc7c010349a69c3395f1a57c642dc62Ying Wang  errno = saved_errno;
20305436638acc7c010349a69c3395f1a57c642dc62Ying Wang  return -1;
20405436638acc7c010349a69c3395f1a57c642dc62Ying Wang}
205