1 /* POSIX compatible signal blocking.
2    Copyright (C) 2008-2018 Free Software Foundation, Inc.
3    Written by Eric Blake <ebb9@byu.net>, 2008.
4 
5    This program is free software: you can redistribute it and/or modify
6    it under the terms of the GNU General Public License as published by
7    the Free Software Foundation; either version 3 of the License, or
8    (at your option) any later version.
9 
10    This program is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13    GNU General Public License for more details.
14 
15    You should have received a copy of the GNU General Public License
16    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
17 
18 #include <config.h>
19 
20 /* Specification.  */
21 #include <signal.h>
22 
23 #include <errno.h>
24 #include <stdint.h>
25 #include <stdlib.h>
26 
27 /* This implementation of sigaction is tailored to native Windows behavior:
28    signal() has SysV semantics (ie. the handler is uninstalled before
29    it is invoked).  This is an inherent data race if an asynchronous
30    signal is sent twice in a row before we can reinstall our handler,
31    but there's nothing we can do about it.  Meanwhile, sigprocmask()
32    is not present, and while we can use the gnulib replacement to
33    provide critical sections, it too suffers from potential data races
34    in the face of an ill-timed asynchronous signal.  And we compound
35    the situation by reading static storage in a signal handler, which
36    POSIX warns is not generically async-signal-safe.  Oh well.
37 
38    Additionally:
39      - We don't implement SA_NOCLDSTOP or SA_NOCLDWAIT, because SIGCHLD
40        is not defined.
41      - We don't implement SA_ONSTACK, because sigaltstack() is not present.
42      - We ignore SA_RESTART, because blocking native Windows API calls are
43        not interrupted anyway when an asynchronous signal occurs, and the
44        MSVCRT runtime never sets errno to EINTR.
45      - We don't implement SA_SIGINFO because it is impossible to do so
46        portably.
47 
48    POSIX states that an application should not mix signal() and
49    sigaction().  We support the use of signal() within the gnulib
50    sigprocmask() substitute, but all other application code linked
51    with this module should stick with only sigaction().  */
52 
53 /* Check some of our assumptions.  */
54 #if defined SIGCHLD || defined HAVE_SIGALTSTACK || defined HAVE_SIGINTERRUPT
55 # error "Revisit the assumptions made in the sigaction module"
56 #endif
57 
58 /* Out-of-range substitutes make a good fallback for uncatchable
59    signals.  */
60 #ifndef SIGKILL
61 # define SIGKILL (-1)
62 #endif
63 #ifndef SIGSTOP
64 # define SIGSTOP (-1)
65 #endif
66 
67 /* On native Windows, as of 2008, the signal SIGABRT_COMPAT is an alias
68    for the signal SIGABRT.  Only one signal handler is stored for both
69    SIGABRT and SIGABRT_COMPAT.  SIGABRT_COMPAT is not a signal of its own.  */
70 #if defined _WIN32 && ! defined __CYGWIN__
71 # undef SIGABRT_COMPAT
72 # define SIGABRT_COMPAT 6
73 #endif
74 
75 /* A signal handler.  */
76 typedef void (*handler_t) (int signal);
77 
78 /* Set of current actions.  If sa_handler for an entry is NULL, then
79    that signal is not currently handled by the sigaction handler.  */
80 static struct sigaction volatile action_array[NSIG] /* = 0 */;
81 
82 /* Signal handler that is installed for signals.  */
83 static void
sigaction_handler(int sig)84 sigaction_handler (int sig)
85 {
86   handler_t handler;
87   sigset_t mask;
88   sigset_t oldmask;
89   int saved_errno = errno;
90   if (sig < 0 || NSIG <= sig || !action_array[sig].sa_handler)
91     {
92       /* Unexpected situation; be careful to avoid recursive abort.  */
93       if (sig == SIGABRT)
94         signal (SIGABRT, SIG_DFL);
95       abort ();
96     }
97 
98   /* Reinstall the signal handler when required; otherwise update the
99      bookkeeping so that the user's handler may call sigaction and get
100      accurate results.  We know the signal isn't currently blocked, or
101      we wouldn't be in its handler, therefore we know that we are not
102      interrupting a sigaction() call.  There is a race where any
103      asynchronous instance of the same signal occurring before we
104      reinstall the handler will trigger the default handler; oh
105      well.  */
106   handler = action_array[sig].sa_handler;
107   if ((action_array[sig].sa_flags & SA_RESETHAND) == 0)
108     signal (sig, sigaction_handler);
109   else
110     action_array[sig].sa_handler = NULL;
111 
112   /* Block appropriate signals.  */
113   mask = action_array[sig].sa_mask;
114   if ((action_array[sig].sa_flags & SA_NODEFER) == 0)
115     sigaddset (&mask, sig);
116   sigprocmask (SIG_BLOCK, &mask, &oldmask);
117 
118   /* Invoke the user's handler, then restore prior mask.  */
119   errno = saved_errno;
120   handler (sig);
121   saved_errno = errno;
122   sigprocmask (SIG_SETMASK, &oldmask, NULL);
123   errno = saved_errno;
124 }
125 
126 /* Change and/or query the action that will be taken on delivery of
127    signal SIG.  If not NULL, ACT describes the new behavior.  If not
128    NULL, OACT is set to the prior behavior.  Return 0 on success, or
129    set errno and return -1 on failure.  */
130 int
sigaction(int sig,const struct sigaction * restrict act,struct sigaction * restrict oact)131 sigaction (int sig, const struct sigaction *restrict act,
132            struct sigaction *restrict oact)
133 {
134   sigset_t mask;
135   sigset_t oldmask;
136   int saved_errno;
137 
138   if (sig < 0 || NSIG <= sig || sig == SIGKILL || sig == SIGSTOP
139       || (act && act->sa_handler == SIG_ERR))
140     {
141       errno = EINVAL;
142       return -1;
143     }
144 
145 #ifdef SIGABRT_COMPAT
146   if (sig == SIGABRT_COMPAT)
147     sig = SIGABRT;
148 #endif
149 
150   /* POSIX requires sigaction() to be async-signal-safe.  In other
151      words, if an asynchronous signal can occur while we are anywhere
152      inside this function, the user's handler could then call
153      sigaction() recursively and expect consistent results.  We meet
154      this rule by using sigprocmask to block all signals before
155      modifying any data structure that could be read from a signal
156      handler; this works since we know that the gnulib sigprocmask
157      replacement does not try to use sigaction() from its handler.  */
158   if (!act && !oact)
159     return 0;
160   sigfillset (&mask);
161   sigprocmask (SIG_BLOCK, &mask, &oldmask);
162   if (oact)
163     {
164       if (action_array[sig].sa_handler)
165         *oact = action_array[sig];
166       else
167         {
168           /* Safe to change the handler at will here, since all
169              signals are currently blocked.  */
170           oact->sa_handler = signal (sig, SIG_DFL);
171           if (oact->sa_handler == SIG_ERR)
172             goto failure;
173           signal (sig, oact->sa_handler);
174           oact->sa_flags = SA_RESETHAND | SA_NODEFER;
175           sigemptyset (&oact->sa_mask);
176         }
177     }
178 
179   if (act)
180     {
181       /* Safe to install the handler before updating action_array,
182          since all signals are currently blocked.  */
183       if (act->sa_handler == SIG_DFL || act->sa_handler == SIG_IGN)
184         {
185           if (signal (sig, act->sa_handler) == SIG_ERR)
186             goto failure;
187           action_array[sig].sa_handler = NULL;
188         }
189       else
190         {
191           if (signal (sig, sigaction_handler) == SIG_ERR)
192             goto failure;
193           action_array[sig] = *act;
194         }
195     }
196   sigprocmask (SIG_SETMASK, &oldmask, NULL);
197   return 0;
198 
199  failure:
200   saved_errno = errno;
201   sigprocmask (SIG_SETMASK, &oldmask, NULL);
202   errno = saved_errno;
203   return -1;
204 }
205