RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2025-04-07 10:11:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
llvm-mirror/lib/Support/Unix/Signals.inc
Chandler Carruth a5e40541e4 Harden the Unix signals code to be more async signal safe. 
This is likely only the tip of the ice berg, but this particular bug
caused any double-free on a glibc system to turn into a deadlock! It is
not generally safe to either allocate or release heap memory from within
the signal handler. The 'pop_back()' in RemoveFilesToRemove was deleting
memory and causing the deadlock. What's worse, eraseFromDisk in PathV1
has lots of allocation and deallocation paths. We even passed 'true' in
a place that would have caused the *signal handler* to try to run the
'system' system call and shell out to 'rm -rf'. That was never going to
work...

This patch switches the file removal to use a vector of strings so that
the exact text needed for the 'unlink' system call can be stored there.
It switches the loop to be a boring indexed loop, and directly calls
unlink without looking at the error. It also works quite hard to ensure
that calling 'c_str()' is safe, by ensuring that the non-signal-handling
code path that manipulates the vector always leaves it in a state where
every element has already had 'c_str()' called at least once.

I dunno exactly how overkill this is, but it fixes the
deadlock-on-double free issue, and seems likely to prevent any other
issues from sneaking up.

Sorry for not having a test case, but I *really* don't know how to test
signal handling code easily....

llvm-svn: 158580
2012-06-16 00:09:41 +00:00

356 lines
11 KiB
C++
Raw Blame History

//===- Signals.cpp - Generic Unix Signals Implementation -----*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This file defines some helpful functions for dealing with the possibility of
// Unix signals occurring while your program is running.
//
//===----------------------------------------------------------------------===//
#include "Unix.h"
#include "llvm/ADT/STLExtras.h"
#include "llvm/Support/Mutex.h"
#include <string>
#include <vector>
#include <algorithm>
#if HAVE_EXECINFO_H
# include <execinfo.h> // For backtrace().
#endif
#if HAVE_SIGNAL_H
#include <signal.h>
#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#if HAVE_DLFCN_H && __GNUG__
#include <dlfcn.h>
#include <cxxabi.h>
#endif
#if HAVE_MACH_MACH_H
#include <mach/mach.h>
#endif
using namespace llvm;
static RETSIGTYPE SignalHandler(int Sig); // defined below.
static SmartMutex<true> SignalsMutex;
/// InterruptFunction - The function to call if ctrl-c is pressed.
static void (*InterruptFunction)() = 0;
static std::vector<std::string> FilesToRemove;
static std::vector<std::pair<void(*)(void*), void*> > CallBacksToRun;
// IntSigs - Signals that may interrupt the program at any time.
static const int IntSigs[] = {
SIGHUP, SIGINT, SIGQUIT, SIGPIPE, SIGTERM, SIGUSR1, SIGUSR2
};
static const int *const IntSigsEnd =
IntSigs + sizeof(IntSigs) / sizeof(IntSigs[0]);
// KillSigs - Signals that are synchronous with the program that will cause it
// to die.
static const int KillSigs[] = {
SIGILL, SIGTRAP, SIGABRT, SIGFPE, SIGBUS, SIGSEGV
#ifdef SIGSYS
, SIGSYS
#endif
#ifdef SIGXCPU
, SIGXCPU
#endif
#ifdef SIGXFSZ
, SIGXFSZ
#endif
#ifdef SIGEMT
, SIGEMT
#endif
};
static const int *const KillSigsEnd =
KillSigs + sizeof(KillSigs) / sizeof(KillSigs[0]);
static unsigned NumRegisteredSignals = 0;
static struct {
struct sigaction SA;
int SigNo;
} RegisteredSignalInfo[(sizeof(IntSigs)+sizeof(KillSigs))/sizeof(KillSigs[0])];
static void RegisterHandler(int Signal) {
assert(NumRegisteredSignals <
sizeof(RegisteredSignalInfo)/sizeof(RegisteredSignalInfo[0]) &&
"Out of space for signal handlers!");
struct sigaction NewHandler;
NewHandler.sa_handler = SignalHandler;
NewHandler.sa_flags = SA_NODEFER|SA_RESETHAND;
sigemptyset(&NewHandler.sa_mask);
// Install the new handler, save the old one in RegisteredSignalInfo.
sigaction(Signal, &NewHandler,
&RegisteredSignalInfo[NumRegisteredSignals].SA);
RegisteredSignalInfo[NumRegisteredSignals].SigNo = Signal;
++NumRegisteredSignals;
}
static void RegisterHandlers() {
// If the handlers are already registered, we're done.
if (NumRegisteredSignals != 0) return;
std::for_each(IntSigs, IntSigsEnd, RegisterHandler);
std::for_each(KillSigs, KillSigsEnd, RegisterHandler);
}
static void UnregisterHandlers() {
// Restore all of the signal handlers to how they were before we showed up.
for (unsigned i = 0, e = NumRegisteredSignals; i != e; ++i)
sigaction(RegisteredSignalInfo[i].SigNo,
&RegisteredSignalInfo[i].SA, 0);
NumRegisteredSignals = 0;
}
/// RemoveFilesToRemove - Process the FilesToRemove list. This function
/// should be called with the SignalsMutex lock held.
/// NB: This must be an async signal safe function. It cannot allocate or free
/// memory, even in debug builds.
static void RemoveFilesToRemove() {
// Note: avoid iterators in case of debug iterators that allocate or release
// memory.
for (unsigned i = 0, e = FilesToRemove.size(); i != e; ++i) {
// Note that we don't want to use any external code here, and we don't care
// about errors. We're going to try as hard as we can as often as we need
// to to make these files go away. If these aren't files, too bad.
//
// We do however rely on a std::string implementation for which repeated
// calls to 'c_str()' don't allocate memory. We pre-call 'c_str()' on all
// of these strings to try to ensure this is safe.
unlink(FilesToRemove[i].c_str());
}
}
// SignalHandler - The signal handler that runs.
static RETSIGTYPE SignalHandler(int Sig) {
// Restore the signal behavior to default, so that the program actually
// crashes when we return and the signal reissues. This also ensures that if
// we crash in our signal handler that the program will terminate immediately
// instead of recursing in the signal handler.
UnregisterHandlers();
// Unmask all potentially blocked kill signals.
sigset_t SigMask;
sigfillset(&SigMask);
sigprocmask(SIG_UNBLOCK, &SigMask, 0);
SignalsMutex.acquire();
RemoveFilesToRemove();
if (std::find(IntSigs, IntSigsEnd, Sig) != IntSigsEnd) {
if (InterruptFunction) {
void (*IF)() = InterruptFunction;
SignalsMutex.release();
InterruptFunction = 0;
IF(); // run the interrupt function.
return;
}
SignalsMutex.release();
raise(Sig); // Execute the default handler.
return;
}
SignalsMutex.release();
// Otherwise if it is a fault (like SEGV) run any handler.
for (unsigned i = 0, e = CallBacksToRun.size(); i != e; ++i)
CallBacksToRun[i].first(CallBacksToRun[i].second);
}
void llvm::sys::RunInterruptHandlers() {
SignalsMutex.acquire();
RemoveFilesToRemove();
SignalsMutex.release();
}
void llvm::sys::SetInterruptFunction(void (*IF)()) {
SignalsMutex.acquire();
InterruptFunction = IF;
SignalsMutex.release();
RegisterHandlers();
}
// RemoveFileOnSignal - The public API
bool llvm::sys::RemoveFileOnSignal(const sys::Path &Filename,
std::string* ErrMsg) {
SignalsMutex.acquire();
std::string *OldPtr = &FilesToRemove[0];
FilesToRemove.push_back(Filename.str());
// We want to call 'c_str()' on every std::string in this vector so that if
// the underlying implementation requires a re-allocation, it happens here
// rather than inside of the signal handler. If we see the vector grow, we
// have to call it on every entry. If it remains in place, we only need to
// call it on the latest one.
if (OldPtr == &FilesToRemove[0])
FilesToRemove.back().c_str();
else
for (unsigned i = 0, e = FilesToRemove.size(); i != e; ++i)
FilesToRemove[i].c_str();
SignalsMutex.release();
RegisterHandlers();
return false;
}
// DontRemoveFileOnSignal - The public API
void llvm::sys::DontRemoveFileOnSignal(const sys::Path &Filename) {
SignalsMutex.acquire();
std::vector<std::string>::reverse_iterator RI =
std::find(FilesToRemove.rbegin(), FilesToRemove.rend(), Filename.str());
std::vector<std::string>::iterator I = FilesToRemove.end();
if (RI != FilesToRemove.rend())
I = FilesToRemove.erase(RI.base()-1);
// We need to call c_str() on every element which would have been moved by
// the erase. These elements, in a C++98 implementation where c_str()
// requires a reallocation on the first call may have had the call to c_str()
// made on insertion become invalid by being copied down an element.
for (std::vector<std::string>::iterator E = FilesToRemove.end(); I != E; ++I)
I->c_str();
SignalsMutex.release();
}
/// AddSignalHandler - Add a function to be called when a signal is delivered
/// to the process. The handler can have a cookie passed to it to identify
/// what instance of the handler it is.
void llvm::sys::AddSignalHandler(void (*FnPtr)(void *), void *Cookie) {
CallBacksToRun.push_back(std::make_pair(FnPtr, Cookie));
RegisterHandlers();
}
// PrintStackTrace - In the case of a program crash or fault, print out a stack
// trace so that the user has an indication of why and where we died.
//
// On glibc systems we have the 'backtrace' function, which works nicely, but
// doesn't demangle symbols.
static void PrintStackTrace(void *) {
#ifdef HAVE_BACKTRACE
static void* StackTrace[256];
// Use backtrace() to output a backtrace on Linux systems with glibc.
int depth = backtrace(StackTrace,
static_cast<int>(array_lengthof(StackTrace)));
#if HAVE_DLFCN_H && __GNUG__
int width = 0;
for (int i = 0; i < depth; ++i) {
Dl_info dlinfo;
dladdr(StackTrace[i], &dlinfo);
const char* name = strrchr(dlinfo.dli_fname, '/');
int nwidth;
if (name == NULL) nwidth = strlen(dlinfo.dli_fname);
else nwidth = strlen(name) - 1;
if (nwidth > width) width = nwidth;
}
for (int i = 0; i < depth; ++i) {
Dl_info dlinfo;
dladdr(StackTrace[i], &dlinfo);
fprintf(stderr, "%-2d", i);
const char* name = strrchr(dlinfo.dli_fname, '/');
if (name == NULL) fprintf(stderr, " %-*s", width, dlinfo.dli_fname);
else fprintf(stderr, " %-*s", width, name+1);
fprintf(stderr, " %#0*lx",
(int)(sizeof(void*) * 2) + 2, (unsigned long)StackTrace[i]);
if (dlinfo.dli_sname != NULL) {
int res;
fputc(' ', stderr);
char* d = abi::__cxa_demangle(dlinfo.dli_sname, NULL, NULL, &res);
if (d == NULL) fputs(dlinfo.dli_sname, stderr);
else fputs(d, stderr);
free(d);
fprintf(stderr, " + %tu",(char*)StackTrace[i]-(char*)dlinfo.dli_saddr);
}
fputc('\n', stderr);
}
#else
backtrace_symbols_fd(StackTrace, depth, STDERR_FILENO);
#endif
#endif
}
/// PrintStackTraceOnErrorSignal - When an error signal (such as SIBABRT or
/// SIGSEGV) is delivered to the process, print a stack trace and then exit.
void llvm::sys::PrintStackTraceOnErrorSignal() {
AddSignalHandler(PrintStackTrace, 0);
#if defined(__APPLE__)
// Environment variable to disable any kind of crash dialog.
if (getenv("LLVM_DISABLE_CRASH_REPORT")) {
mach_port_t self = mach_task_self();
exception_mask_t mask = EXC_MASK_CRASH;
kern_return_t ret = task_set_exception_ports(self,
mask,
MACH_PORT_NULL,
EXCEPTION_STATE_IDENTITY | MACH_EXCEPTION_CODES,
THREAD_STATE_NONE);
(void)ret;
}
#endif
}
/***/
// On Darwin, raise sends a signal to the main thread instead of the current
// thread. This has the unfortunate effect that assert() and abort() will end up
// bypassing our crash recovery attempts. We work around this for anything in
// the same linkage unit by just defining our own versions of the assert handler
// and abort.
#ifdef __APPLE__
#include <signal.h>
#include <pthread.h>
int raise(int sig) {
return pthread_kill(pthread_self(), sig);
}
void __assert_rtn(const char *func,
const char *file,
int line,
const char *expr) {
if (func)
fprintf(stderr, "Assertion failed: (%s), function %s, file %s, line %d.\n",
expr, func, file, line);
else
fprintf(stderr, "Assertion failed: (%s), file %s, line %d.\n",
expr, file, line);
abort();
}
void abort() {
raise(SIGABRT);
usleep(1000);
__builtin_trap();
}
#endif
Reference in New Issue View Git Blame Copy Permalink