/rust/registry/src/index.crates.io-1949cf8c6b5b557f/signal-hook-registry-1.4.2/src/lib.rs
Line | Count | Source |
1 | | #![doc(test(attr(deny(warnings))))] |
2 | | #![warn(missing_docs)] |
3 | | #![allow(unknown_lints, renamed_and_remove_lints, bare_trait_objects)] |
4 | | |
5 | | //! Backend of the [signal-hook] crate. |
6 | | //! |
7 | | //! The [signal-hook] crate tries to provide an API to the unix signals, which are a global |
8 | | //! resource. Therefore, it is desirable an application contains just one version of the crate |
9 | | //! which manages this global resource. But that makes it impossible to make breaking changes in |
10 | | //! the API. |
11 | | //! |
12 | | //! Therefore, this crate provides very minimal and low level API to the signals that is unlikely |
13 | | //! to have to change, while there may be multiple versions of the [signal-hook] that all use this |
14 | | //! low-level API to provide different versions of the high level APIs. |
15 | | //! |
16 | | //! It is also possible some other crates might want to build a completely different API. This |
17 | | //! split allows these crates to still reuse the same low-level routines in this crate instead of |
18 | | //! going to the (much more dangerous) unix calls. |
19 | | //! |
20 | | //! # What this crate provides |
21 | | //! |
22 | | //! The only thing this crate does is multiplexing the signals. An application or library can add |
23 | | //! or remove callbacks and have multiple callbacks for the same signal. |
24 | | //! |
25 | | //! It handles dispatching the callbacks and managing them in a way that uses only the |
26 | | //! [async-signal-safe] functions inside the signal handler. Note that the callbacks are still run |
27 | | //! inside the signal handler, so it is up to the caller to ensure they are also |
28 | | //! [async-signal-safe]. |
29 | | //! |
30 | | //! # What this is for |
31 | | //! |
32 | | //! This is a building block for other libraries creating reasonable abstractions on top of |
33 | | //! signals. The [signal-hook] is the generally preferred way if you need to handle signals in your |
34 | | //! application and provides several safe patterns of doing so. |
35 | | //! |
36 | | //! # Rust version compatibility |
37 | | //! |
38 | | //! Currently builds on 1.26.0 an newer and this is very unlikely to change. However, tests |
39 | | //! require dependencies that don't build there, so tests need newer Rust version (they are run on |
40 | | //! stable). |
41 | | //! |
42 | | //! # Portability |
43 | | //! |
44 | | //! This crate includes a limited support for Windows, based on `signal`/`raise` in the CRT. |
45 | | //! There are differences in both API and behavior: |
46 | | //! |
47 | | //! - Due to lack of `siginfo_t`, we don't provide `register_sigaction` or `register_unchecked`. |
48 | | //! - Due to lack of signal blocking, there's a race condition. |
49 | | //! After the call to `signal`, there's a moment where we miss a signal. |
50 | | //! That means when you register a handler, there may be a signal which invokes |
51 | | //! neither the default handler or the handler you register. |
52 | | //! - Handlers registered by `signal` in Windows are cleared on first signal. |
53 | | //! To match behavior in other platforms, we re-register the handler each time the handler is |
54 | | //! called, but there's a moment where we miss a handler. |
55 | | //! That means when you receive two signals in a row, there may be a signal which invokes |
56 | | //! the default handler, nevertheless you certainly have registered the handler. |
57 | | //! |
58 | | //! [signal-hook]: https://docs.rs/signal-hook |
59 | | //! [async-signal-safe]: http://www.man7.org/linux/man-pages/man7/signal-safety.7.html |
60 | | |
61 | | extern crate libc; |
62 | | |
63 | | mod half_lock; |
64 | | |
65 | | use std::collections::hash_map::Entry; |
66 | | use std::collections::{BTreeMap, HashMap}; |
67 | | use std::io::Error; |
68 | | use std::mem; |
69 | | #[cfg(not(windows))] |
70 | | use std::ptr; |
71 | | // Once::new is now a const-fn. But it is not stable in all the rustc versions we want to support |
72 | | // yet. |
73 | | #[allow(deprecated)] |
74 | | use std::sync::ONCE_INIT; |
75 | | use std::sync::{Arc, Once}; |
76 | | |
77 | | #[cfg(not(windows))] |
78 | | use libc::{c_int, c_void, sigaction, siginfo_t}; |
79 | | #[cfg(windows)] |
80 | | use libc::{c_int, sighandler_t}; |
81 | | |
82 | | #[cfg(not(windows))] |
83 | | use libc::{SIGFPE, SIGILL, SIGKILL, SIGSEGV, SIGSTOP}; |
84 | | #[cfg(windows)] |
85 | | use libc::{SIGFPE, SIGILL, SIGSEGV}; |
86 | | |
87 | | use half_lock::HalfLock; |
88 | | |
89 | | // These constants are not defined in the current version of libc, but it actually |
90 | | // exists in Windows CRT. |
91 | | #[cfg(windows)] |
92 | | const SIG_DFL: sighandler_t = 0; |
93 | | #[cfg(windows)] |
94 | | const SIG_IGN: sighandler_t = 1; |
95 | | #[cfg(windows)] |
96 | | const SIG_GET: sighandler_t = 2; |
97 | | #[cfg(windows)] |
98 | | const SIG_ERR: sighandler_t = !0; |
99 | | |
100 | | // To simplify implementation. Not to be exposed. |
101 | | #[cfg(windows)] |
102 | | #[allow(non_camel_case_types)] |
103 | | struct siginfo_t; |
104 | | |
105 | | // # Internal workings |
106 | | // |
107 | | // This uses a form of RCU. There's an atomic pointer to the current action descriptors (in the |
108 | | // form of IndependentArcSwap, to be able to track what, if any, signal handlers still use the |
109 | | // version). A signal handler takes a copy of the pointer and calls all the relevant actions. |
110 | | // |
111 | | // Modifications to that are protected by a mutex, to avoid juggling multiple signal handlers at |
112 | | // once (eg. not calling sigaction concurrently). This should not be a problem, because modifying |
113 | | // the signal actions should be initialization only anyway. To avoid all allocations and also |
114 | | // deallocations inside the signal handler, after replacing the pointer, the modification routine |
115 | | // needs to busy-wait for the reference count on the old pointer to drop to 1 and take ownership ‒ |
116 | | // that way the one deallocating is the modification routine, outside of the signal handler. |
117 | | |
118 | | #[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)] |
119 | | struct ActionId(u128); |
120 | | |
121 | | /// An ID of registered action. |
122 | | /// |
123 | | /// This is returned by all the registration routines and can be used to remove the action later on |
124 | | /// with a call to [`unregister`]. |
125 | | #[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)] |
126 | | pub struct SigId { |
127 | | signal: c_int, |
128 | | action: ActionId, |
129 | | } |
130 | | |
131 | | // This should be dyn Fn(...), but we want to support Rust 1.26.0 and that one doesn't allow dyn |
132 | | // yet. |
133 | | #[allow(unknown_lints, bare_trait_objects)] |
134 | | type Action = Fn(&siginfo_t) + Send + Sync; |
135 | | |
136 | | #[derive(Clone)] |
137 | | struct Slot { |
138 | | prev: Prev, |
139 | | // We use BTreeMap here, because we want to run the actions in the order they were inserted. |
140 | | // This works, because the ActionIds are assigned in an increasing order. |
141 | | actions: BTreeMap<ActionId, Arc<Action>>, |
142 | | } |
143 | | |
144 | | impl Slot { |
145 | | #[cfg(windows)] |
146 | | fn new(signal: libc::c_int) -> Result<Self, Error> { |
147 | | let old = unsafe { libc::signal(signal, handler as sighandler_t) }; |
148 | | if old == SIG_ERR { |
149 | | return Err(Error::last_os_error()); |
150 | | } |
151 | | Ok(Slot { |
152 | | prev: Prev { signal, info: old }, |
153 | | actions: BTreeMap::new(), |
154 | | }) |
155 | | } |
156 | | |
157 | | #[cfg(not(windows))] |
158 | 0 | fn new(signal: libc::c_int) -> Result<Self, Error> { |
159 | | // C data structure, expected to be zeroed out. |
160 | 0 | let mut new: libc::sigaction = unsafe { mem::zeroed() }; |
161 | | #[cfg(not(target_os = "aix"))] |
162 | 0 | { new.sa_sigaction = handler as usize; } |
163 | | #[cfg(target_os = "aix")] |
164 | | { new.sa_union.__su_sigaction = handler; } |
165 | | // Android is broken and uses different int types than the rest (and different depending on |
166 | | // the pointer width). This converts the flags to the proper type no matter what it is on |
167 | | // the given platform. |
168 | | #[cfg(target_os = "nto")] |
169 | | let flags = 0; |
170 | | // SA_RESTART is supported by qnx https://www.qnx.com/support/knowledgebase.html?id=50130000000SmiD |
171 | | #[cfg(not(target_os = "nto"))] |
172 | 0 | let flags = libc::SA_RESTART; |
173 | | #[allow(unused_assignments)] |
174 | 0 | let mut siginfo = flags; |
175 | 0 | siginfo = libc::SA_SIGINFO as _; |
176 | 0 | let flags = flags | siginfo; |
177 | 0 | new.sa_flags = flags as _; |
178 | | // C data structure, expected to be zeroed out. |
179 | 0 | let mut old: libc::sigaction = unsafe { mem::zeroed() }; |
180 | | // FFI ‒ pointers are valid, it doesn't take ownership. |
181 | 0 | if unsafe { libc::sigaction(signal, &new, &mut old) } != 0 { |
182 | 0 | return Err(Error::last_os_error()); |
183 | 0 | } |
184 | 0 | Ok(Slot { |
185 | 0 | prev: Prev { signal, info: old }, |
186 | 0 | actions: BTreeMap::new(), |
187 | 0 | }) |
188 | 0 | } |
189 | | } |
190 | | |
191 | | #[derive(Clone)] |
192 | | struct SignalData { |
193 | | signals: HashMap<c_int, Slot>, |
194 | | next_id: u128, |
195 | | } |
196 | | |
197 | | #[derive(Clone)] |
198 | | struct Prev { |
199 | | signal: c_int, |
200 | | #[cfg(windows)] |
201 | | info: sighandler_t, |
202 | | #[cfg(not(windows))] |
203 | | info: sigaction, |
204 | | } |
205 | | |
206 | | impl Prev { |
207 | | #[cfg(windows)] |
208 | | fn detect(signal: c_int) -> Result<Self, Error> { |
209 | | let old = unsafe { libc::signal(signal, SIG_GET) }; |
210 | | if old == SIG_ERR { |
211 | | return Err(Error::last_os_error()); |
212 | | } |
213 | | Ok(Prev { signal, info: old }) |
214 | | } |
215 | | |
216 | | #[cfg(not(windows))] |
217 | 0 | fn detect(signal: c_int) -> Result<Self, Error> { |
218 | | // C data structure, expected to be zeroed out. |
219 | 0 | let mut old: libc::sigaction = unsafe { mem::zeroed() }; |
220 | | // FFI ‒ pointers are valid, it doesn't take ownership. |
221 | 0 | if unsafe { libc::sigaction(signal, ptr::null(), &mut old) } != 0 { |
222 | 0 | return Err(Error::last_os_error()); |
223 | 0 | } |
224 | | |
225 | 0 | Ok(Prev { signal, info: old }) |
226 | 0 | } |
227 | | |
228 | | #[cfg(windows)] |
229 | | fn execute(&self, sig: c_int) { |
230 | | let fptr = self.info; |
231 | | if fptr != 0 && fptr != SIG_DFL && fptr != SIG_IGN { |
232 | | // FFI ‒ calling the original signal handler. |
233 | | unsafe { |
234 | | let action = mem::transmute::<usize, extern "C" fn(c_int)>(fptr); |
235 | | action(sig); |
236 | | } |
237 | | } |
238 | | } |
239 | | |
240 | | #[cfg(not(windows))] |
241 | 0 | unsafe fn execute(&self, sig: c_int, info: *mut siginfo_t, data: *mut c_void) { |
242 | | #[cfg(not(target_os = "aix"))] |
243 | 0 | let fptr = self.info.sa_sigaction; |
244 | | #[cfg(target_os = "aix")] |
245 | | let fptr = self.info.sa_union.__su_sigaction as usize; |
246 | 0 | if fptr != 0 && fptr != libc::SIG_DFL && fptr != libc::SIG_IGN { |
247 | | // Android is broken and uses different int types than the rest (and different |
248 | | // depending on the pointer width). This converts the flags to the proper type no |
249 | | // matter what it is on the given platform. |
250 | | // |
251 | | // The trick is to create the same-typed variable as the sa_flags first and then |
252 | | // set it to the proper value (does Rust have a way to copy a type in a different |
253 | | // way?) |
254 | | #[allow(unused_assignments)] |
255 | 0 | let mut siginfo = self.info.sa_flags; |
256 | 0 | siginfo = libc::SA_SIGINFO as _; |
257 | 0 | if self.info.sa_flags & siginfo == 0 { |
258 | 0 | let action = mem::transmute::<usize, extern "C" fn(c_int)>(fptr); |
259 | 0 | action(sig); |
260 | 0 | } else { |
261 | | type SigAction = extern "C" fn(c_int, *mut siginfo_t, *mut c_void); |
262 | 0 | let action = mem::transmute::<usize, SigAction>(fptr); |
263 | 0 | action(sig, info, data); |
264 | | } |
265 | 0 | } |
266 | 0 | } |
267 | | } |
268 | | |
269 | | /// Lazy-initiated data structure with our global variables. |
270 | | /// |
271 | | /// Used inside a structure to cut down on boilerplate code to lazy-initialize stuff. We don't dare |
272 | | /// use anything fancy like lazy-static or once-cell, since we are not sure they are |
273 | | /// async-signal-safe in their access. Our code uses the [Once], but only on the write end outside |
274 | | /// of signal handler. The handler assumes it has already been initialized. |
275 | | struct GlobalData { |
276 | | /// The data structure describing what needs to be run for each signal. |
277 | | data: HalfLock<SignalData>, |
278 | | |
279 | | /// A fallback to fight/minimize a race condition during signal initialization. |
280 | | /// |
281 | | /// See the comment inside [`register_unchecked_impl`]. |
282 | | race_fallback: HalfLock<Option<Prev>>, |
283 | | } |
284 | | |
285 | | static mut GLOBAL_DATA: Option<GlobalData> = None; |
286 | | #[allow(deprecated)] |
287 | | static GLOBAL_INIT: Once = ONCE_INIT; |
288 | | |
289 | | impl GlobalData { |
290 | 0 | fn get() -> &'static Self { |
291 | 0 | unsafe { GLOBAL_DATA.as_ref().unwrap() } |
292 | 0 | } |
293 | 0 | fn ensure() -> &'static Self { |
294 | 0 | GLOBAL_INIT.call_once(|| unsafe { |
295 | 0 | GLOBAL_DATA = Some(GlobalData { |
296 | 0 | data: HalfLock::new(SignalData { |
297 | 0 | signals: HashMap::new(), |
298 | 0 | next_id: 1, |
299 | 0 | }), |
300 | 0 | race_fallback: HalfLock::new(None), |
301 | 0 | }); |
302 | 0 | }); |
303 | 0 | Self::get() |
304 | 0 | } |
305 | | } |
306 | | |
307 | | #[cfg(windows)] |
308 | | extern "C" fn handler(sig: c_int) { |
309 | | if sig != SIGFPE { |
310 | | // Windows CRT `signal` resets handler every time, unless for SIGFPE. |
311 | | // Reregister the handler to retain maximal compatibility. |
312 | | // Problems: |
313 | | // - It's racy. But this is inevitably racy in Windows. |
314 | | // - Interacts poorly with handlers outside signal-hook-registry. |
315 | | let old = unsafe { libc::signal(sig, handler as sighandler_t) }; |
316 | | if old == SIG_ERR { |
317 | | // MSDN doesn't describe which errors might occur, |
318 | | // but we can tell from the Linux manpage that |
319 | | // EINVAL (invalid signal number) is mostly the only case. |
320 | | // Therefore, this branch must not occur. |
321 | | // In any case we can do nothing useful in the signal handler, |
322 | | // so we're going to abort silently. |
323 | | unsafe { |
324 | | libc::abort(); |
325 | | } |
326 | | } |
327 | | } |
328 | | |
329 | | let globals = GlobalData::get(); |
330 | | let fallback = globals.race_fallback.read(); |
331 | | let sigdata = globals.data.read(); |
332 | | |
333 | | if let Some(ref slot) = sigdata.signals.get(&sig) { |
334 | | slot.prev.execute(sig); |
335 | | |
336 | | for action in slot.actions.values() { |
337 | | action(&siginfo_t); |
338 | | } |
339 | | } else if let Some(prev) = fallback.as_ref() { |
340 | | // In case we get called but don't have the slot for this signal set up yet, we are under |
341 | | // the race condition. We may have the old signal handler stored in the fallback |
342 | | // temporarily. |
343 | | if sig == prev.signal { |
344 | | prev.execute(sig); |
345 | | } |
346 | | // else -> probably should not happen, but races with other threads are possible so |
347 | | // better safe |
348 | | } |
349 | | } |
350 | | |
351 | | #[cfg(not(windows))] |
352 | 0 | extern "C" fn handler(sig: c_int, info: *mut siginfo_t, data: *mut c_void) { |
353 | 0 | let globals = GlobalData::get(); |
354 | 0 | let fallback = globals.race_fallback.read(); |
355 | 0 | let sigdata = globals.data.read(); |
356 | | |
357 | 0 | if let Some(slot) = sigdata.signals.get(&sig) { |
358 | 0 | unsafe { slot.prev.execute(sig, info, data) }; |
359 | | |
360 | 0 | let info = unsafe { info.as_ref() }; |
361 | 0 | let info = info.unwrap_or_else(|| { |
362 | | // The info being null seems to be illegal according to POSIX, but has been observed on |
363 | | // some probably broken platform. We can't do anything about that, that is just broken, |
364 | | // but we are not allowed to panic in a signal handler, so we are left only with simply |
365 | | // aborting. We try to write a message what happens, but using the libc stuff |
366 | | // (`eprintln` is not guaranteed to be async-signal-safe). |
367 | | unsafe { |
368 | | const MSG: &[u8] = |
369 | | b"Platform broken, got NULL as siginfo to signal handler. Aborting"; |
370 | 0 | libc::write(2, MSG.as_ptr() as *const _, MSG.len()); |
371 | 0 | libc::abort(); |
372 | | } |
373 | | }); |
374 | | |
375 | 0 | for action in slot.actions.values() { |
376 | 0 | action(info); |
377 | 0 | } |
378 | 0 | } else if let Some(prev) = fallback.as_ref() { |
379 | | // In case we get called but don't have the slot for this signal set up yet, we are under |
380 | | // the race condition. We may have the old signal handler stored in the fallback |
381 | | // temporarily. |
382 | 0 | if prev.signal == sig { |
383 | 0 | unsafe { prev.execute(sig, info, data) }; |
384 | 0 | } |
385 | | // else -> probably should not happen, but races with other threads are possible so |
386 | | // better safe |
387 | 0 | } |
388 | 0 | } |
389 | | |
390 | | /// List of forbidden signals. |
391 | | /// |
392 | | /// Some signals are impossible to replace according to POSIX and some are so special that this |
393 | | /// library refuses to handle them (eg. SIGSEGV). The routines panic in case registering one of |
394 | | /// these signals is attempted. |
395 | | /// |
396 | | /// See [`register`]. |
397 | | pub const FORBIDDEN: &[c_int] = FORBIDDEN_IMPL; |
398 | | |
399 | | #[cfg(windows)] |
400 | | const FORBIDDEN_IMPL: &[c_int] = &[SIGILL, SIGFPE, SIGSEGV]; |
401 | | #[cfg(not(windows))] |
402 | | const FORBIDDEN_IMPL: &[c_int] = &[SIGKILL, SIGSTOP, SIGILL, SIGFPE, SIGSEGV]; |
403 | | |
404 | | /// Registers an arbitrary action for the given signal. |
405 | | /// |
406 | | /// This makes sure there's a signal handler for the given signal. It then adds the action to the |
407 | | /// ones called each time the signal is delivered. If multiple actions are set for the same signal, |
408 | | /// all are called, in the order of registration. |
409 | | /// |
410 | | /// If there was a previous signal handler for the given signal, it is chained ‒ it will be called |
411 | | /// as part of this library's signal handler, before any actions set through this function. |
412 | | /// |
413 | | /// On success, the function returns an ID that can be used to remove the action again with |
414 | | /// [`unregister`]. |
415 | | /// |
416 | | /// # Panics |
417 | | /// |
418 | | /// If the signal is one of (see [`FORBIDDEN`]): |
419 | | /// |
420 | | /// * `SIGKILL` |
421 | | /// * `SIGSTOP` |
422 | | /// * `SIGILL` |
423 | | /// * `SIGFPE` |
424 | | /// * `SIGSEGV` |
425 | | /// |
426 | | /// The first two are not possible to override (and the underlying C functions simply ignore all |
427 | | /// requests to do so, which smells of possible bugs, or return errors). The rest can be set, but |
428 | | /// generally needs very special handling to do so correctly (direct manipulation of the |
429 | | /// application's address space, `longjmp` and similar). Unless you know very well what you're |
430 | | /// doing, you'll shoot yourself into the foot and this library won't help you with that. |
431 | | /// |
432 | | /// # Errors |
433 | | /// |
434 | | /// Since the library manipulates signals using the low-level C functions, all these can return |
435 | | /// errors. Generally, the errors mean something like the specified signal does not exist on the |
436 | | /// given platform ‒ after a program is debugged and tested on a given OS, it should never return |
437 | | /// an error. |
438 | | /// |
439 | | /// However, if an error *is* returned, there are no guarantees if the given action was registered |
440 | | /// or not. |
441 | | /// |
442 | | /// # Safety |
443 | | /// |
444 | | /// This function is unsafe, because the `action` is run inside a signal handler. The set of |
445 | | /// functions allowed to be called from within is very limited (they are called async-signal-safe |
446 | | /// functions by POSIX). These specifically do *not* contain mutexes and memory |
447 | | /// allocation/deallocation. They *do* contain routines to terminate the program, to further |
448 | | /// manipulate signals (by the low-level functions, not by this library) and to read and write file |
449 | | /// descriptors. Calling program's own functions consisting only of these is OK, as is manipulating |
450 | | /// program's variables ‒ however, as the action can be called on any thread that does not have the |
451 | | /// given signal masked (by default no signal is masked on any thread), and mutexes are a no-go, |
452 | | /// this is harder than it looks like at first. |
453 | | /// |
454 | | /// As panicking from within a signal handler would be a panic across FFI boundary (which is |
455 | | /// undefined behavior), the passed handler must not panic. |
456 | | /// |
457 | | /// If you find these limitations hard to satisfy, choose from the helper functions in the |
458 | | /// [signal-hook](https://docs.rs/signal-hook) crate ‒ these provide safe interface to use some |
459 | | /// common signal handling patters. |
460 | | /// |
461 | | /// # Race condition |
462 | | /// |
463 | | /// Upon registering the first hook for a given signal into this library, there's a short race |
464 | | /// condition under the following circumstances: |
465 | | /// |
466 | | /// * The program already has a signal handler installed for this particular signal (through some |
467 | | /// other library, possibly). |
468 | | /// * Concurrently, some other thread installs a different signal handler while it is being |
469 | | /// installed by this library. |
470 | | /// * At the same time, the signal is delivered. |
471 | | /// |
472 | | /// Under such conditions signal-hook might wrongly "chain" to the older signal handler for a short |
473 | | /// while (until the registration is fully complete). |
474 | | /// |
475 | | /// Note that the exact conditions of the race condition might change in future versions of the |
476 | | /// library. The recommended way to avoid it is to register signals before starting any additional |
477 | | /// threads, or at least not to register signals concurrently. |
478 | | /// |
479 | | /// Alternatively, make sure all signals are handled through this library. |
480 | | /// |
481 | | /// # Performance |
482 | | /// |
483 | | /// Even when it is possible to repeatedly install and remove actions during the lifetime of a |
484 | | /// program, the installation and removal is considered a slow operation and should not be done |
485 | | /// very often. Also, there's limited (though huge) amount of distinct IDs (they are `u128`). |
486 | | /// |
487 | | /// # Examples |
488 | | /// |
489 | | /// ```rust |
490 | | /// extern crate signal_hook_registry; |
491 | | /// |
492 | | /// use std::io::Error; |
493 | | /// use std::process; |
494 | | /// |
495 | | /// fn main() -> Result<(), Error> { |
496 | | /// let signal = unsafe { |
497 | | /// signal_hook_registry::register(signal_hook::consts::SIGTERM, || process::abort()) |
498 | | /// }?; |
499 | | /// // Stuff here... |
500 | | /// signal_hook_registry::unregister(signal); // Not really necessary. |
501 | | /// Ok(()) |
502 | | /// } |
503 | | /// ``` |
504 | 0 | pub unsafe fn register<F>(signal: c_int, action: F) -> Result<SigId, Error> |
505 | 0 | where |
506 | 0 | F: Fn() + Sync + Send + 'static, |
507 | | { |
508 | 0 | register_sigaction_impl(signal, move |_: &_| action()) Unexecuted instantiation: signal_hook_registry::register::<tokio::signal::unix::signal_enable::{closure#0}::{closure#0}>::{closure#0}Unexecuted instantiation: signal_hook_registry::register::<_>::{closure#0} |
509 | 0 | } Unexecuted instantiation: signal_hook_registry::register::<tokio::signal::unix::signal_enable::{closure#0}::{closure#0}>Unexecuted instantiation: signal_hook_registry::register::<_> |
510 | | |
511 | | /// Register a signal action. |
512 | | /// |
513 | | /// This acts in the same way as [`register`], including the drawbacks, panics and performance |
514 | | /// characteristics. The only difference is the provided action accepts a [`siginfo_t`] argument, |
515 | | /// providing information about the received signal. |
516 | | /// |
517 | | /// # Safety |
518 | | /// |
519 | | /// See the details of [`register`]. |
520 | | #[cfg(not(windows))] |
521 | 0 | pub unsafe fn register_sigaction<F>(signal: c_int, action: F) -> Result<SigId, Error> |
522 | 0 | where |
523 | 0 | F: Fn(&siginfo_t) + Sync + Send + 'static, |
524 | | { |
525 | 0 | register_sigaction_impl(signal, action) |
526 | 0 | } |
527 | | |
528 | 0 | unsafe fn register_sigaction_impl<F>(signal: c_int, action: F) -> Result<SigId, Error> |
529 | 0 | where |
530 | 0 | F: Fn(&siginfo_t) + Sync + Send + 'static, |
531 | | { |
532 | 0 | assert!( |
533 | 0 | !FORBIDDEN.contains(&signal), |
534 | 0 | "Attempted to register forbidden signal {}", |
535 | | signal, |
536 | | ); |
537 | 0 | register_unchecked_impl(signal, action) |
538 | 0 | } Unexecuted instantiation: signal_hook_registry::register_sigaction_impl::<signal_hook_registry::register<tokio::signal::unix::signal_enable::{closure#0}::{closure#0}>::{closure#0}>Unexecuted instantiation: signal_hook_registry::register_sigaction_impl::<_> |
539 | | |
540 | | /// Register a signal action without checking for forbidden signals. |
541 | | /// |
542 | | /// This acts in the same way as [`register_unchecked`], including the drawbacks, panics and |
543 | | /// performance characteristics. The only difference is the provided action doesn't accept a |
544 | | /// [`siginfo_t`] argument. |
545 | | /// |
546 | | /// # Safety |
547 | | /// |
548 | | /// See the details of [`register`]. |
549 | 0 | pub unsafe fn register_signal_unchecked<F>(signal: c_int, action: F) -> Result<SigId, Error> |
550 | 0 | where |
551 | 0 | F: Fn() + Sync + Send + 'static, |
552 | | { |
553 | 0 | register_unchecked_impl(signal, move |_: &_| action()) |
554 | 0 | } |
555 | | |
556 | | /// Register a signal action without checking for forbidden signals. |
557 | | /// |
558 | | /// This acts the same way as [`register_sigaction`], but without checking for the [`FORBIDDEN`] |
559 | | /// signals. All the signals passed are registered and it is up to the caller to make some sense of |
560 | | /// them. |
561 | | /// |
562 | | /// Note that you really need to know what you're doing if you change eg. the `SIGSEGV` signal |
563 | | /// handler. Generally, you don't want to do that. But unlike the other functions here, this |
564 | | /// function still allows you to do it. |
565 | | /// |
566 | | /// # Safety |
567 | | /// |
568 | | /// See the details of [`register`]. |
569 | | #[cfg(not(windows))] |
570 | 0 | pub unsafe fn register_unchecked<F>(signal: c_int, action: F) -> Result<SigId, Error> |
571 | 0 | where |
572 | 0 | F: Fn(&siginfo_t) + Sync + Send + 'static, |
573 | | { |
574 | 0 | register_unchecked_impl(signal, action) |
575 | 0 | } |
576 | | |
577 | 0 | unsafe fn register_unchecked_impl<F>(signal: c_int, action: F) -> Result<SigId, Error> |
578 | 0 | where |
579 | 0 | F: Fn(&siginfo_t) + Sync + Send + 'static, |
580 | | { |
581 | 0 | let globals = GlobalData::ensure(); |
582 | 0 | let action = Arc::from(action); |
583 | | |
584 | 0 | let mut lock = globals.data.write(); |
585 | | |
586 | 0 | let mut sigdata = SignalData::clone(&lock); |
587 | 0 | let id = ActionId(sigdata.next_id); |
588 | 0 | sigdata.next_id += 1; |
589 | | |
590 | 0 | match sigdata.signals.entry(signal) { |
591 | 0 | Entry::Occupied(mut occupied) => { |
592 | 0 | assert!(occupied.get_mut().actions.insert(id, action).is_none()); |
593 | | } |
594 | 0 | Entry::Vacant(place) => { |
595 | | // While the sigaction/signal exchanges the old one atomically, we are not able to |
596 | | // atomically store it somewhere a signal handler could read it. That poses a race |
597 | | // condition where we could lose some signals delivered in between changing it and |
598 | | // storing it. |
599 | | // |
600 | | // Therefore we first store the old one in the fallback storage. The fallback only |
601 | | // covers the cases where the slot is not yet active and becomes "inert" after that, |
602 | | // even if not removed (it may get overwritten by some other signal, but for that the |
603 | | // mutex in globals.data must be unlocked here - and by that time we already stored the |
604 | | // slot. |
605 | | // |
606 | | // And yes, this still leaves a short race condition when some other thread could |
607 | | // replace the signal handler and we would be calling the outdated one for a short |
608 | | // time, until we install the slot. |
609 | 0 | globals |
610 | 0 | .race_fallback |
611 | 0 | .write() |
612 | 0 | .store(Some(Prev::detect(signal)?)); |
613 | | |
614 | 0 | let mut slot = Slot::new(signal)?; |
615 | 0 | slot.actions.insert(id, action); |
616 | 0 | place.insert(slot); |
617 | | } |
618 | | } |
619 | | |
620 | 0 | lock.store(sigdata); |
621 | | |
622 | 0 | Ok(SigId { signal, action: id }) |
623 | 0 | } Unexecuted instantiation: signal_hook_registry::register_unchecked_impl::<signal_hook_registry::register<tokio::signal::unix::signal_enable::{closure#0}::{closure#0}>::{closure#0}>Unexecuted instantiation: signal_hook_registry::register_unchecked_impl::<_> |
624 | | |
625 | | /// Removes a previously installed action. |
626 | | /// |
627 | | /// This function does nothing if the action was already removed. It returns true if it was removed |
628 | | /// and false if the action wasn't found. |
629 | | /// |
630 | | /// It can unregister all the actions installed by [`register`] as well as the ones from downstream |
631 | | /// crates (like [`signal-hook`](https://docs.rs/signal-hook)). |
632 | | /// |
633 | | /// # Warning |
634 | | /// |
635 | | /// This does *not* currently return the default/previous signal handler if the last action for a |
636 | | /// signal was just unregistered. That means that if you replaced for example `SIGTERM` and then |
637 | | /// removed the action, the program will effectively ignore `SIGTERM` signals from now on, not |
638 | | /// terminate on them as is the default action. This is OK if you remove it as part of a shutdown, |
639 | | /// but it is not recommended to remove termination actions during the normal runtime of |
640 | | /// application (unless the desired effect is to create something that can be terminated only by |
641 | | /// SIGKILL). |
642 | 0 | pub fn unregister(id: SigId) -> bool { |
643 | 0 | let globals = GlobalData::ensure(); |
644 | 0 | let mut replace = false; |
645 | 0 | let mut lock = globals.data.write(); |
646 | 0 | let mut sigdata = SignalData::clone(&lock); |
647 | 0 | if let Some(slot) = sigdata.signals.get_mut(&id.signal) { |
648 | 0 | replace = slot.actions.remove(&id.action).is_some(); |
649 | 0 | } |
650 | 0 | if replace { |
651 | 0 | lock.store(sigdata); |
652 | 0 | } |
653 | 0 | replace |
654 | 0 | } |
655 | | |
656 | | // We keep this one here for strict backwards compatibility, but the API is kind of bad. One can |
657 | | // delete actions that don't belong to them, which is kind of against the whole idea of not |
658 | | // breaking stuff for others. |
659 | | #[deprecated( |
660 | | since = "1.3.0", |
661 | | note = "Don't use. Can influence unrelated parts of program / unknown actions" |
662 | | )] |
663 | | #[doc(hidden)] |
664 | 0 | pub fn unregister_signal(signal: c_int) -> bool { |
665 | 0 | let globals = GlobalData::ensure(); |
666 | 0 | let mut replace = false; |
667 | 0 | let mut lock = globals.data.write(); |
668 | 0 | let mut sigdata = SignalData::clone(&lock); |
669 | 0 | if let Some(slot) = sigdata.signals.get_mut(&signal) { |
670 | 0 | if !slot.actions.is_empty() { |
671 | 0 | slot.actions.clear(); |
672 | 0 | replace = true; |
673 | 0 | } |
674 | 0 | } |
675 | 0 | if replace { |
676 | 0 | lock.store(sigdata); |
677 | 0 | } |
678 | 0 | replace |
679 | 0 | } |
680 | | |
681 | | #[cfg(test)] |
682 | | mod tests { |
683 | | use std::sync::atomic::{AtomicUsize, Ordering}; |
684 | | use std::sync::Arc; |
685 | | use std::thread; |
686 | | use std::time::Duration; |
687 | | |
688 | | #[cfg(not(windows))] |
689 | | use libc::{pid_t, SIGUSR1, SIGUSR2}; |
690 | | |
691 | | #[cfg(windows)] |
692 | | use libc::SIGTERM as SIGUSR1; |
693 | | #[cfg(windows)] |
694 | | use libc::SIGTERM as SIGUSR2; |
695 | | |
696 | | use super::*; |
697 | | |
698 | | #[test] |
699 | | #[should_panic] |
700 | | fn panic_forbidden() { |
701 | | let _ = unsafe { register(SIGILL, || ()) }; |
702 | | } |
703 | | |
704 | | /// Registering the forbidden signals is allowed in the _unchecked version. |
705 | | #[test] |
706 | | #[allow(clippy::redundant_closure)] // Clippy, you're wrong. Because it changes the return value. |
707 | | fn forbidden_raw() { |
708 | | unsafe { register_signal_unchecked(SIGFPE, || std::process::abort()).unwrap() }; |
709 | | } |
710 | | |
711 | | #[test] |
712 | | fn signal_without_pid() { |
713 | | let status = Arc::new(AtomicUsize::new(0)); |
714 | | let action = { |
715 | | let status = Arc::clone(&status); |
716 | | move || { |
717 | | status.store(1, Ordering::Relaxed); |
718 | | } |
719 | | }; |
720 | | unsafe { |
721 | | register(SIGUSR2, action).unwrap(); |
722 | | libc::raise(SIGUSR2); |
723 | | } |
724 | | for _ in 0..10 { |
725 | | thread::sleep(Duration::from_millis(100)); |
726 | | let current = status.load(Ordering::Relaxed); |
727 | | match current { |
728 | | // Not yet |
729 | | 0 => continue, |
730 | | // Good, we are done with the correct result |
731 | | _ if current == 1 => return, |
732 | | _ => panic!("Wrong result value {}", current), |
733 | | } |
734 | | } |
735 | | panic!("Timed out waiting for the signal"); |
736 | | } |
737 | | |
738 | | #[test] |
739 | | #[cfg(not(windows))] |
740 | | fn signal_with_pid() { |
741 | | let status = Arc::new(AtomicUsize::new(0)); |
742 | | let action = { |
743 | | let status = Arc::clone(&status); |
744 | | move |siginfo: &siginfo_t| { |
745 | | // Hack: currently, libc exposes only the first 3 fields of siginfo_t. The pid |
746 | | // comes somewhat later on. Therefore, we do a Really Ugly Hack and define our |
747 | | // own structure (and hope it is correct on all platforms). But hey, this is |
748 | | // only the tests, so we are going to get away with this. |
749 | | #[repr(C)] |
750 | | struct SigInfo { |
751 | | _fields: [c_int; 3], |
752 | | #[cfg(all(target_pointer_width = "64", target_os = "linux"))] |
753 | | _pad: c_int, |
754 | | pid: pid_t, |
755 | | } |
756 | | let s: &SigInfo = unsafe { |
757 | | (siginfo as *const _ as usize as *const SigInfo) |
758 | | .as_ref() |
759 | | .unwrap() |
760 | | }; |
761 | | status.store(s.pid as usize, Ordering::Relaxed); |
762 | | } |
763 | | }; |
764 | | let pid; |
765 | | unsafe { |
766 | | pid = libc::getpid(); |
767 | | register_sigaction(SIGUSR2, action).unwrap(); |
768 | | libc::raise(SIGUSR2); |
769 | | } |
770 | | for _ in 0..10 { |
771 | | thread::sleep(Duration::from_millis(100)); |
772 | | let current = status.load(Ordering::Relaxed); |
773 | | match current { |
774 | | // Not yet (PID == 0 doesn't happen) |
775 | | 0 => continue, |
776 | | // Good, we are done with the correct result |
777 | | _ if current == pid as usize => return, |
778 | | _ => panic!("Wrong status value {}", current), |
779 | | } |
780 | | } |
781 | | panic!("Timed out waiting for the signal"); |
782 | | } |
783 | | |
784 | | /// Check that registration works as expected and that unregister tells if it did or not. |
785 | | #[test] |
786 | | fn register_unregister() { |
787 | | let signal = unsafe { register(SIGUSR1, || ()).unwrap() }; |
788 | | // It was there now, so we can unregister |
789 | | assert!(unregister(signal)); |
790 | | // The next time unregistering does nothing and tells us so. |
791 | | assert!(!unregister(signal)); |
792 | | } |
793 | | } |