| blob | 1e42246ee6cd75d23738c9272bffac5ed9d97129 |
1 /* Copyright (C) 1991-2020 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <string.h>
23 #include <pthreadP.h>
24 #include <mach.h>
25 #include <mach/thread_switch.h>
26 #include <mach/mig_support.h>
28 #include <hurd.h>
29 #include <hurd/id.h>
30 #include <hurd/signal.h>
36 #include <libc-diag.h>
43 /* Port that receives signals and other miscellaneous messages. */
44 mach_port_t _hurd_msgport;
46 /* Thread listening on it. */
47 thread_t _hurd_msgport_thread;
49 /* These are set up by _hurdsig_init. */
53 /* Linked-list of per-thread signal state. */
56 /* Sigstate for the task-global signals. */
59 /* Timeout for RPC's after interrupt_operation. */
61 \f
62 static void
64 {
73 }
77 {
84 {
91 /* Initialize default state. */
102 {
103 /* Process-wide sigstate, use the system defaults. */
106 /* The global sigstate is not added to the _hurd_sigstates list.
107 It is created with _hurd_thread_sigstate (MACH_PORT_NULL)
108 but should be accessed through _hurd_global_sigstate. */
109 }
110 else
111 {
112 /* Use the global actions as a default for new threads. */
115 {
119 }
120 else
125 }
126 }
129 }
132 /* Destroy a sigstate structure. Called by libpthread just before the
133 * corresponding thread is terminated (the kernel thread port must remain valid
134 * until this function is called.) */
135 void
137 {
152 }
154 /* Make SS a global receiver, with pthread signal semantics. */
155 void
157 {
160 }
162 /* Check whether SS is a global receiver. */
163 static int
165 {
168 }
171 /* Lock/unlock a hurd_sigstate structure. If the accessors below require
172 it, the global sigstate will be locked as well. */
173 void
175 {
179 }
180 void
182 {
186 }
189 /* Retreive a thread's full set of pending signals, including the global
190 ones if appropriate. SS must be locked. */
191 sigset_t
193 {
198 }
200 /* Clear a pending signal and return the associated detailed
201 signal information. SS must be locked, and must have signal SIGNO
202 pending, either directly or through the global sigstate. */
203 static struct hurd_signal_detail
205 {
208 {
211 }
216 }
220 /* Retreive a thread's action vector. SS must be locked. */
223 {
226 else
228 }
231 \f
232 /* Signal delivery itself is on this page. */
234 #include <hurd/fd.h>
235 #include <hurd/crash.h>
236 #include <hurd/resource.h>
237 #include <hurd/paths.h>
238 #include <setjmp.h>
239 #include <fcntl.h>
240 #include <sys/wait.h>
241 #include <thread_state.h>
242 #include <hurd/msg_server.h>
244 #include <hurd/interrupt.h>
245 #include <assert.h>
246 #include <unistd.h>
249 /* Call the crash dump server to mummify us before we die.
250 Returns nonzero if a core file was written. */
251 static int
253 {
254 error_t err;
255 mach_port_t coreserver;
259 /* Don't bother locking since we just read the one word. */
263 /* No core dumping, thank you very much. Note that this makes
264 `ulimit -c 0' prevent crash-suspension too, which is probably
265 what the user wanted. */
268 /* XXX RLIMIT_CORE:
269 When we have a protocol to make the server return an error
270 for RLIMIT_FSIZE, then tell the corefile fs server the RLIMIT_CORE
271 value in place of the RLIMIT_FSIZE value. */
273 /* First get a port to the core dumping server. */
283 /* Get a port to the directory where the new core file will reside. */
290 /* Create the new file, but don't link it into the directory yet. */
295 /* Call the core dumping server to write the core file. */
298 file,
302 MACH_MSG_TYPE_COPY_SEND);
306 /* The core dump into FILE succeeded, so now link it into the
307 directory. */
312 }
315 /* The lowest-numbered thread state flavor value is 1,
316 so we use bit 0 in machine_thread_all_state.set to
317 record whether we have done thread_abort. */
318 #define THREAD_ABORTED 1
320 /* SS->thread is suspended. Abort the thread and get its basic state. */
321 static void
324 {
328 {
331 /* Clear all thread state flavor set bits, because thread_abort may
332 have changed the state. */
334 }
340 }
342 /* Find the location of the MiG reply port cell in use by the thread whose
343 state is described by THREAD_STATE. If SIGTHREAD is nonzero, make sure
344 that this location can be set without faulting, or else return NULL. */
350 {
354 /* Faulted trying to read the TCB. */
357 DIAG_PUSH_NEEDS_COMMENT;
358 /* GCC 6 and before seem to be confused by the setjmp call inside
359 _hurdsig_catch_memory_fault and think that we may be returning a second
360 time to here with portloc uninitialized (but we never do). */
362 /* Fault now if this pointer is bogus. */
364 DIAG_POP_NEEDS_COMMENT;
370 }
371 \f
372 #include <hurd/sigpreempt.h>
373 #include <intr-msg.h>
375 /* Timeout on interrupt_operation calls. */
378 /* SS->thread is suspended.
380 Abort any interruptible RPC operation the thread is doing.
382 This uses only the constant member SS->thread and the unlocked, atomically
383 set member SS->intr_port, so no locking is needed.
385 If successfully sent an interrupt_operation and therefore the thread should
386 wait for its pending RPC to return (possibly EINTR) before taking the
387 incoming signal, returns the reply port to be received on. Otherwise
388 returns MACH_PORT_NULL.
390 SIGNO is used to find the applicable SA_RESTART bit. If SIGNO is zero,
391 the RPC fails with EINTR instead of restarting (thread_cancel).
393 *STATE_CHANGE is set nonzero if STATE->basic was modified and should
394 be applied back to the thread if it might ever run again, else zero. */
396 mach_port_t
400 {
404 mach_port_t intr_port;
410 /* No interruption needs done. */
413 /* Abort the thread's kernel context, so any pending message send or
414 receive completes immediately or aborts. */
419 {
420 /* The thread is about to do the RPC, but hasn't yet entered
421 mach_msg. Mutate the thread's state so it knows not to try
422 the RPC. */
428 }
430 /* The thread was blocked in the system call. After thread_abort,
431 the return value register indicates what state the RPC was in
432 when interrupted. */
434 {
435 /* The RPC request message was sent and the thread was waiting for
436 the reply message; now the message receive has been aborted, so
437 the mach_msg call will return MACH_RCV_INTERRUPTED. We must tell
438 the server to interrupt the pending operation. The thread must
439 wait for the reply message before running the signal handler (to
440 guarantee that the operation has finished being interrupted), so
441 our nonzero return tells the trampoline code to finish the message
442 receive operation before running the handler. */
445 state,
446 sigthread);
450 {
452 {
453 /* The interrupt didn't work.
454 Destroy the receive right the thread is blocked on. */
457 }
459 /* The system call return value register now contains
460 MACH_RCV_INTERRUPTED; when mach_msg resumes, it will retry the
461 call. Since we have just destroyed the receive right, the
462 retry will fail with MACH_RCV_INVALID_NAME. Instead, just
463 change the return value here to EINTR so mach_msg will not
464 retry and the EINTR error code will propagate up. */
467 }
471 /* All threads whose RPCs were interrupted by the interrupt_operation
472 call above will retry their RPCs unless we clear SS->intr_port.
473 So we clear it for the thread taking a signal when SA_RESTART is
474 clear, so that its call returns EINTR. */
477 }
480 }
483 /* Abort the RPCs being run by all threads but this one;
484 all other threads should be suspended. If LIVE is nonzero, those
485 threads may run again, so they should be adjusted as necessary to be
486 happy when resumed. STATE is clobbered as a scratch area; its initial
487 contents are ignored, and its contents on return are not useful. */
489 static void
491 {
492 /* We can just loop over the sigstates. Any thread doing something
493 interruptible must have one. We needn't bother locking because all
494 other threads are stopped. */
500 /* First loop over the sigstates to count them.
501 We need to know how big a vector we will need for REPLY_PORTS. */
512 else
513 {
517 /* Abort any operation in progress with interrupt_operation.
518 Record the reply port the thread is waiting on.
519 We will wait for all the replies below. */
522 NULL);
524 {
526 {
527 /* We will wait for the reply to this RPC below, so the
528 thread must issue a new RPC rather than waiting for the
529 reply to the one it sent. */
532 }
534 /* Aborting the RPC needed to change this thread's state,
535 and it might ever run again. So write back its state. */
538 MACHINE_THREAD_STATE_COUNT);
539 }
540 }
542 /* Wait for replies from all the successfully interrupted RPCs. */
545 {
546 error_t err;
547 mach_msg_header_t head;
552 {
559 }
560 }
561 }
563 /* Wake up any sigsuspend call that is blocking SS->thread. SS must be
564 locked. */
565 static void
567 {
568 error_t err;
569 mach_msg_header_t msg;
574 /* There is a sigsuspend waiting. Tell it to wake up. */
578 /* These values do not matter. */
583 MACH_PORT_NULL);
585 }
588 sigset_t _hurdsig_preempted_set;
590 /* XXX temporary to deal with spelling fix */
593 /* Mask of stop signals. */
594 #define STOPSIGS (sigmask (SIGTTIN) | sigmask (SIGTTOU) \
595 | sigmask (SIGSTOP) | sigmask (SIGTSTP))
597 /* Actual delivery of a single signal. Called with SS unlocked. When
598 the signal is delivered, return SS, locked (or, if SS was originally
599 _hurd_global_sigstate, the sigstate of the actual thread the signal
600 was delivered to). If the signal is being traced, return NULL with
601 SS unlocked. */
606 {
611 /* Mark the signal as pending. */
613 {
615 /* Save the details to be given to the handler when SIGNO is
616 unblocked. */
618 }
620 /* Suspend the process with SIGNO. */
622 {
623 /* Stop all other threads and mark ourselves stopped. */
625 ({
626 /* Hold the siglock while stopping other threads to be
627 sure it is not held by another thread afterwards. */
634 }));
636 }
637 /* Resume the process after a suspension. */
639 {
640 /* Resume the process from being stopped. */
643 error_t err;
648 /* Tell the proc server we are continuing. */
650 /* Fetch ports to all our threads and resume them. */
654 {
656 {
657 /* The thread that will run the handler is kept suspended. */
659 }
661 {
664 }
668 }
673 }
675 error_t err;
676 sighandler_t handler;
679 {
681 {
682 /* This is PTRACE_CONTINUE. */
685 }
687 /* This call is just to check for pending signals. */
690 }
696 /* If this is a global signal, try to find a thread ready to accept
697 it right away. This is especially important for untraced signals,
698 since going through the global pending mask would de-untrace them. */
700 {
705 {
709 /* The global sigstate is already locked. */
712 {
715 }
717 }
719 }
721 /* We want the preemptors to be able to update the blocking mask
722 without affecting the delivery of this signal, so we save the
723 current value to test against later. */
726 /* Check for a preempted signal. Preempted signals can arrive during
727 critical sections. */
728 {
731 do
732 {
734 {
736 {
741 }
742 else
744 }
748 }
752 /* If no thread-specific preemptor, check for a global one. */
754 {
758 }
759 }
764 /* Ignore the signal altogether. */
767 /* Run the preemption-provided handler. */
769 else
770 {
771 /* No preemption. Do normal handling. */
774 {
775 /* We are being traced. Stop to tell the debugger of the signal. */
777 /* Already stopped. Mark the signal as pending;
778 when resumed, we will notice it and stop again. */
780 else
785 }
790 /* Figure out the default action for this signal. */
792 {
794 /* A sig_post msg with SIGNO==0 is sent to
795 tell us to check for pending signals. */
828 {
829 /* We are the process group leader. Since there is no
830 user-specified handler for SIGINFO, we use a default one
831 which prints something interesting. We use the normal
832 handler mechanism instead of just doing it here to avoid
833 the signal thread faulting or blocking in this
834 potentially hairy operation. */
837 }
838 else
845 }
848 else
852 /* Stop signals clear a pending SIGCONT even if they
853 are handled or ignored (but not if preempted). */
855 else
856 {
858 /* Even if handled or ignored (but not preempted), SIGCONT clears
859 stop signals and resumes the process. */
864 }
865 }
870 {
871 /* If we would ordinarily stop for a job control signal, but we are
872 orphaned so noone would ever notice and continue us again, we just
873 quietly die, alone and in the dark. */
877 }
879 /* Handle receipt of a blocked signal, or any signal while stopped. */
881 {
884 }
886 /* Perform the chosen action for the signal. */
888 {
891 {
892 /* We are already stopped, but receiving an untraced stop
893 signal. Instead of resuming and suspending again, just
894 notify the proc server of the new stop signal. */
898 }
899 else
900 /* Suspend the process. */
906 /* Blocking or ignoring a machine exception is fatal.
907 Otherwise we could just spin on the faulting instruction. */
910 /* Nobody cares about this signal. If there was a call to resume
911 above in SIGCONT processing and we've left a thread suspended,
912 now's the time to set it going. */
914 {
919 }
922 sigbomb:
923 /* We got a fault setting up the stack frame for the handler.
924 Nothing to do but die; BSD gets SIGILL in this case. */
928 fatal:
930 /* FALLTHROUGH */
934 /* Have the proc server stop all other threads in our task. */
937 /* No more user instructions will be executed.
938 The signal can now be considered delivered. */
940 /* Abort all server operations now in progress. */
943 {
945 /* Do a core dump if desired. Only set the wait status bit saying we
946 in fact dumped core if the operation was actually successful. */
949 /* Tell proc how we died and then stick the saber in the gut. */
951 /* NOTREACHED */
952 }
955 /* Call a handler for this signal. */
956 {
962 /* Stop the thread and abort its pending RPC operations. */
964 {
967 }
969 /* Abort the thread's kernel context, so any pending message send
970 or receive completes immediately or aborts. If an interruptible
971 RPC is in progress, abort_rpcs will do this. But we must always
972 do it before fetching the thread's state, because
973 thread_get_state is never kosher before thread_abort. */
977 {
978 /* We have a previous sigcontext that sigreturn was about
979 to restore when another signal arrived. */
984 {
985 /* We faulted reading the thread's stack. Forget that
986 context and pretend it wasn't there. It almost
987 certainly crash if this handler returns, but that's it's
988 problem. */
990 }
991 else
992 {
993 /* Copy the context from the thread's stack before
994 we start diddling the stack to set up the handler. */
997 }
1005 /* This is the reply port for the context which called
1006 sigreturn. Since we are abandoning that context entirely
1007 and restoring SS->context instead, destroy this port. */
1010 /* The thread was in sigreturn, not in any interruptible RPC. */
1014 }
1015 else
1016 {
1019 wait_for_reply
1021 /* In a critical section, any RPC
1022 should be cancelled instead of
1023 restarted, regardless of
1024 SA_RESTART, so the entire
1025 "atomic" operation can be aborted
1026 as a unit. */
1029 reply)
1033 {
1034 /* The thread is in a critical section. Mark the signal as
1035 pending. When it finishes the critical section, it will
1036 check for pending signals. */
1039 /* Some cases of interrupting an RPC must change the
1040 thread state to back out the call. Normally this
1041 change is rolled into the warping to the handler and
1042 sigreturn, but we are not running the handler now
1043 because the thread is in a critical section. Instead,
1044 mutate the thread right away for the RPC interruption
1045 and resume it; the RPC will return early so the
1046 critical section can end soon. */
1049 MACHINE_THREAD_STATE_COUNT);
1050 /* */
1054 }
1055 }
1057 /* Call the machine-dependent function to set the thread up
1058 to run the signal handler, and preserve its old context. */
1064 /* Set the machine-independent parts of the signal context. */
1066 {
1067 /* Fetch the thread variable for the MiG reply port,
1068 and set it to MACH_PORT_NULL. */
1073 {
1076 }
1077 else
1080 /* Save the intr_port in use by the interrupted code,
1081 and clear the cell before running the trampoline. */
1086 {
1087 /* After the handler runs we will restore to the state in
1088 SS->context, not the state of the thread now. So restore
1089 that context's reply port and intr port. */
1095 }
1096 }
1100 /* Backdoor extra argument to signal handler. */
1103 /* Block requested signals while running the handler. */
1107 /* Also block SIGNO unless we're asked not to. */
1111 /* Reset to SIG_DFL if requested. SIGILL and SIGTRAP cannot
1112 be automatically reset when delivered; the system silently
1113 enforces this restriction. */
1118 /* Any sigsuspend call must return after the handler does. */
1121 /* Start the thread running the handler (or possibly waiting for an
1122 RPC reply before running the handler). */
1125 MACHINE_THREAD_STATE_COUNT);
1131 }
1132 }
1135 }
1137 /* Return the set of pending signals in SS which should be delivered. */
1138 static sigset_t
1140 {
1141 /* We don't worry about any pending signals if we are stopped, nor if
1142 SS is in a critical section. We are guaranteed to get a sig_post
1143 message before any of them become deliverable: either the SIGCONT
1144 signal, or a sig_post with SIGNO==0 as an explicit poll when the
1145 thread finishes its critical section. */
1150 }
1152 /* Post the specified pending signals in SS and return 1. If one of
1153 them is traced, abort immediately and return 0. SS must be locked on
1154 entry and will be unlocked in all cases. */
1155 static int
1157 {
1161 /* Make sure SS corresponds to an actual thread, since we assume it won't
1162 change in post_signal. */
1167 {
1171 /* Will reacquire the lock, except if the signal is traced. */
1174 }
1176 /* No more signals pending; SS->lock is still locked. */
1180 }
1182 /* Post all the pending signals of all threads and return 1. If a traced
1183 signal is encountered, abort immediately and return 0. */
1184 static int
1186 {
1191 {
1194 {
1199 /* post_pending() below will unlock SS. */
1203 }
1210 }
1211 }
1213 /* Deliver a signal. SS is not locked. */
1214 void
1217 mach_port_t reply_port,
1218 mach_msg_type_name_t reply_port_type,
1220 {
1221 /* Reply to this sig_post message. */
1225 {
1226 error_t err;
1233 }
1239 /* The signal was neither fatal nor traced. We still hold SS->lock. */
1241 {
1242 /* The signal has either been ignored or is now being handled. We can
1243 consider it delivered and reply to the killer. */
1246 /* Post any pending signals for this thread. */
1249 }
1250 else
1251 {
1252 /* If this was a process-wide signal or a poll request, we need
1253 to check for pending signals for all threads. */
1258 /* All pending signals delivered to all threads.
1259 Now we can send the reply message even for signal 0. */
1261 }
1262 }
1263 \f
1264 /* Decide whether REFPORT enables the sender to send us a SIGNO signal.
1265 Returns zero if so, otherwise the error code to return to the sender. */
1267 static error_t
1269 {
1274 /* Can send any signal. */
1277 /* Avoid needing to check for this below. */
1282 {
1291 /* Job control signals can be sent by the controlling terminal. */
1297 {
1298 /* A continue signal can be sent by anyone in the session. */
1299 mach_port_t sessport;
1301 {
1305 }
1306 }
1311 {
1312 /* Any io object a file descriptor refers to might send us
1313 one of these signals using its async ID port for REFPORT.
1315 This is pretty wide open; it is not unlikely that some random
1316 process can at least open for reading something we have open,
1317 get its async ID port, and send us a spurious SIGIO or SIGURG
1318 signal. But BSD is actually wider open than that!--you can set
1319 the owner of an io object to any process or process group
1320 whatsoever and send them gratuitous signals.
1322 Someday we could implement some reasonable scheme for
1323 authorizing SIGIO and SIGURG signals properly. */
1329 {
1331 io_t port;
1332 mach_port_t asyncid;
1337 {
1339 /* Break out of the loop on the next iteration. */
1342 }
1344 }
1346 /* If we found a lucky winner, we've set D to -1 in the loop. */
1349 }
1350 }
1352 /* If this signal is legit, we have done `goto win' by now.
1353 When we return the error, mig deallocates REFPORT. */
1356 win:
1357 /* Deallocate the REFPORT send right; we are done with it. */
1361 }
1363 /* Implement the sig_post RPC from <hurd/msg.defs>;
1364 sent when someone wants us to get a signal. */
1365 kern_return_t
1369 mach_port_t refport)
1370 {
1371 error_t err;
1380 /* Post the signal to a global receiver thread (or mark it pending in
1381 the global sigstate). This will reply when the signal can be
1382 considered delivered. */
1388 }
1390 /* Implement the sig_post_untraced RPC from <hurd/msg.defs>;
1391 sent when the debugger wants us to really get a signal
1392 even if we are traced. */
1393 kern_return_t
1395 mach_port_t reply_port,
1396 mach_msg_type_name_t reply_port_type,
1398 mach_port_t refport)
1399 {
1400 error_t err;
1409 /* Post the signal to the designated signal-receiving thread. This will
1410 reply when the signal can be considered delivered. */
1416 }
1417 \f
1420 #include <mach/task_special_ports.h>
1422 /* Initialize the message port, _hurd_global_sigstate, and start the
1423 signal thread. */
1425 void
1427 {
1428 error_t err;
1429 vm_size_t stacksize;
1435 MACH_PORT_RIGHT_RECEIVE,
1439 /* Make a send right to the signal port. */
1441 _hurd_msgport,
1442 _hurd_msgport,
1443 MACH_MSG_TYPE_MAKE_SEND);
1446 /* Initialize the global signal state. */
1449 /* We block all signals, and let actual threads pull them from the
1450 pending mask. */
1453 /* Initialize the main thread's signal state. */
1456 /* Mark it as a process-wide signal receiver. Threads in this set use
1457 the common action vector in _hurd_global_sigstate. */
1460 /* Copy inherited signal settings from our parent (or pre-exec process
1461 state) */
1467 {
1472 }
1474 /* Start the signal thread listening on the message port. */
1476 #pragma weak __cthread_fork
1478 {
1484 _hurd_msgport_receive,
1493 /* Reinitialize the MiG support routines so they will use a per-thread
1494 variable for the cached reply port. */
1499 }
1500 else
1501 {
1502 /* When cthreads is being used, we need to make the signal thread a
1503 proper cthread. Otherwise it cannot use mutex_lock et al, which
1504 will be the cthreads versions. Various of the message port RPC
1505 handlers need to take locks, so we need to be able to call into
1506 cthreads code and meet its assumptions about how our thread and
1507 its stack are arranged. Since cthreads puts it there anyway,
1508 we'll let the signal thread's per-thread variables be found as for
1509 any normal cthread, and just leave the magic __hurd_sigthread_*
1510 values all zero so they'll be ignored. */
1511 #pragma weak __cthread_detach
1512 #pragma weak __pthread_getattr_np
1513 #pragma weak __pthread_attr_getstack
1519 {
1520 /* Record signal thread stack layout for fork() */
1521 pthread_attr_t attr;
1529 }
1531 /* XXX We need the thread port for the signal thread further on
1532 in this thread (see hurdfault.c:_hurdsigfault_init).
1533 Therefore we block until _hurd_msgport_thread is initialized
1534 by the newly created thread. This really shouldn't be
1535 necessary; we should be able to fetch the thread port for a
1536 cthread from here. */
1539 }
1541 /* Receive exceptions on the signal port. */
1542 #ifdef TASK_EXCEPTION_PORT
1545 #elif defined (EXC_MASK_ALL)
1547 EXC_MASK_ALL & ~(EXC_MASK_SYSCALL
1548 | EXC_MASK_MACH_SYSCALL
1550 _hurd_msgport,
1552 #else
1553 # error task_set_exception_port?
1554 #endif
1556 /* Sanity check. Any pending, unblocked signals should have been
1557 taken by our predecessor incarnation (i.e. parent or pre-exec state)
1558 before packing up our init ints. This assert is last (not above)
1559 so that signal handling is all set up to handle the abort. */
1561 }
1563 /* Reauthenticate with the proc server. */
1565 static void
1567 {
1573 MACH_MSG_TYPE_MAKE_SEND)
1575 MACH_MSG_TYPE_MAKE_SEND,
1581 /* Set the owner of the process here too. */
1592 }
1594 \f
1595 /* Like `getenv', but safe for the signal thread to run.
1596 If the environment is trashed, this will just return NULL. */
1600 {
1605 /* We bombed in getenv. */
1607 else
1608 {
1613 {
1618 {
1627 }
1630 }
1633 }
1634 }