| blob | 51989a9ac79ccbc0a6863ff16392796adaa11d62 |
1 /*
2 * interrupt-handling magic
3 */
5 /*
6 * This software is part of the SBCL system. See the README file for
7 * more information.
8 *
9 * This software is derived from the CMU CL system, which was
10 * written at Carnegie Mellon University and released into the
11 * public domain. The software is in the public domain and is
12 * provided with absolutely no warranty. See the COPYING and CREDITS
13 * files for more information.
14 */
17 /* As far as I can tell, what's going on here is:
18 *
19 * In the case of most signals, when Lisp asks us to handle the
20 * signal, the outermost handler (the one actually passed to UNIX) is
21 * either interrupt_handle_now(..) or maybe_now_maybe_later(..).
22 * In that case, the Lisp-level handler is stored in interrupt_handlers[..]
23 * and interrupt_low_level_handlers[..] is cleared.
24 *
25 * However, some signals need special handling, e.g.
26 *
27 * o the SIGSEGV (for e.g. Linux) or SIGBUS (for e.g. FreeBSD) used by the
28 * garbage collector to detect violations of write protection,
29 * because some cases of such signals (e.g. GC-related violations of
30 * write protection) are handled at C level and never passed on to
31 * Lisp. For such signals, we still store any Lisp-level handler
32 * in interrupt_handlers[..], but for the outermost handle we use
33 * the value from interrupt_low_level_handlers[..], instead of the
34 * ordinary interrupt_handle_now(..) or interrupt_handle_later(..).
35 *
36 * o the SIGTRAP (Linux/Alpha) which Lisp code uses to handle breakpoints,
37 * pseudo-atomic sections, and some classes of error (e.g. "function
38 * not defined"). This never goes anywhere near the Lisp handlers at all.
39 * See runtime/alpha-arch.c and code/signal.lisp
40 *
41 * - WHN 20000728, dan 20010128 */
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #include <signal.h>
49 #include <sys/types.h>
50 #ifndef LISP_FEATURE_WIN32
51 #include <sys/wait.h>
52 #endif
53 #include <errno.h>
71 /*
72 * This is a workaround for some slightly silly Linux/GNU Libc
73 * behaviour: glibc defines sigset_t to support 1024 signals, which is
74 * more than the kernel. This is usually not a problem, but becomes
75 * one when we want to save a signal mask from a ucontext, and restore
76 * it later into another ucontext: the ucontext is allocated on the
77 * stack by the kernel, so copying a libc-sized sigset_t into it will
78 * overflow and cause other data on the stack to be corrupted */
79 /* FIXME: do not rely on NSIG being a multiple of 8 */
80 /* See https://sourceware.org/bugzilla/show_bug.cgi?id=1780 */
82 #ifdef LISP_FEATURE_WIN32
83 # define REAL_SIGSET_SIZE_BYTES (4)
84 #else
85 # define REAL_SIGSET_SIZE_BYTES ((NSIG/8))
86 #endif
90 {
92 }
94 /* When we catch an internal error, should we pass it back to Lisp to
95 * be handled in a high-level way? (Early in cold init, the answer is
96 * 'no', because Lisp is still too brain-dead to handle anything.
97 * After sufficient initialization has been completed, the answer
98 * becomes 'yes'.) */
101 #ifndef LISP_FEATURE_WIN32
102 static
104 #endif
107 /* Under Linux on some architectures, we appear to have to restore the
108 * FPU control word from the context, as after the signal is delivered
109 * we appear to have a null FPU control word. */
110 #if defined(RESTORE_FP_CONTROL_FROM_CONTEXT)
111 #define RESTORE_FP_CONTROL_WORD(context,void_context) \
112 os_context_t *context = arch_os_get_context(&void_context); \
113 os_restore_fp_control(context);
114 #else
115 #define RESTORE_FP_CONTROL_WORD(context,void_context) \
116 os_context_t *context = arch_os_get_context(&void_context);
117 #endif
119 /* Foreign code may want to start some threads on its own.
120 * Non-targetted, truly asynchronous signals can be delivered to
121 * basically any thread, but invoking Lisp handlers in such foregign
122 * threads is really bad, so let's resignal it.
123 *
124 * This should at least bring attention to the problem, but it cannot
125 * work for SIGSEGV and similar. It is good enough for timers, and
126 * maybe all deferrables. */
128 #ifndef LISP_FEATURE_WIN32
129 static void
131 {
137 }
138 }
139 }
142 #endif
144 static boolean
146 {
147 #ifndef LISP_FEATURE_WIN32
150 corruption_warning_and_maybe_lose
151 #ifdef LISP_FEATURE_SB_THREAD
154 #else
156 signal);
157 #endif
158 }
159 {
160 sigset_t sigset;
166 }
169 #endif
171 }
173 #if INSTALL_SIG_MEMORY_FAULT_HANDLER && defined(THREAD_SANITIZER)
174 /* Under TSAN, every signal blocks every other signal regardless of the
175 * 'sa_mask' given to sigaction(). This is courtesy of an interceptor -
176 * https://github.com/llvm-mirror/compiler-rt/blob/bcc227ee4af1ef3e63033b35dcb1d5627a3b2941/lib/tsan/rtl/tsan_interceptors.cc#L1972
177 *
178 * So among other things, SIGSEGV is blocked on receipt of any random signal
179 * of interest (SIGPROF, SIGALRM, SIGPIPE, ...) that might call Lisp code.
180 * Therefore, if any handler re-enters Lisp, there is a high likelihood
181 * of SIGSEGV being delivered while blocked. Unfortunately, the OS treats
182 * blocked SIGSEGV exactly as if the specified disposition were SIG_DFL,
183 * which results in process termination and a core dump.
184 *
185 * It doesn't work to route all our signals through 'unblock_me_trampoline',
186 * because that only unblocks the specific signal that was just delivered,
187 * to work around the problem of SA_NODEFER not working. (Which says that
188 * a signal should not be blocked within in its own handler; it says nothing
189 * about all other signals.)
190 * Our trick is to unblock SIGSEGV early in every handler,
191 * so not to face sudden death if it happens to invoke Lisp.
192 */
193 # define UNBLOCK_SIGSEGV() \
194 { sigset_t mask; sigemptyset(&mask); \
196 thread_sigmask(SIG_UNBLOCK, &mask, 0); }
197 #else
198 # define UNBLOCK_SIGSEGV() {}
199 #endif
201 /* These are to be used in signal handlers. Currently all handlers are
202 * called from one of:
203 *
204 * interrupt_handle_now_handler
205 * maybe_now_maybe_later
206 * unblock_me_trampoline
207 * low_level_handle_now_handler
208 * low_level_maybe_now_maybe_later
209 * low_level_unblock_me_trampoline
210 *
211 * This gives us a single point of control (or six) over errno, fp
212 * control word, and fixing up signal context on sparc.
213 *
214 * The SPARC/Linux platform doesn't quite do signals the way we want
215 * them done. The third argument in the handler isn't filled in by the
216 * kernel properly, so we fix it up ourselves in the
217 * arch_os_get_context(..) function. -- CSR, 2002-07-23
218 */
219 #define SAVE_ERRNO(signal,context,void_context) \
220 { \
221 int _saved_errno = errno; \
222 UNBLOCK_SIGSEGV(); \
223 RESTORE_FP_CONTROL_WORD(context,void_context); \
224 if (!maybe_resignal_to_lisp_thread(signal, context)) \
225 {
227 #define RESTORE_ERRNO \
228 } \
229 errno = _saved_errno; \
230 }
234 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
239 \f
241 /* Generic signal related utilities. */
243 void
245 {
246 /* Get the current sigmask, by blocking the empty set. */
248 }
250 void
252 {
260 }
263 }
264 }
266 void
268 {
276 }
279 }
280 }
282 // Stringify sigset into the supplied result buffer.
283 static void
285 {
290 // ensure room for (generously) 3 digits + comma + null, or give up
294 }
296 }
298 }
300 /* Return 1 is all signals is sigset2 are masked in sigset, return 0
301 * if all re unmasked else die. Passing NULL for sigset is a shorthand
302 * for the current sigmask. */
303 boolean
306 {
309 sigset_t current;
313 }
318 else
320 }
321 }
326 }
329 else
331 }
332 \f
334 /* Deferrables, blockables, gc signals. */
336 void
338 {
349 #ifndef LISP_FEATURE_HPUX
352 #endif
356 }
358 void
360 {
363 }
365 void
367 {
368 #ifdef THREADS_USING_GCSIGNAL
370 #endif
371 }
373 /* initialized in interrupt_init */
374 sigset_t deferrable_sigset;
375 sigset_t blockable_sigset;
376 sigset_t gc_sigset;
378 boolean
380 {
382 }
383 #endif
385 void
387 {
388 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
391 #endif
392 }
394 void
396 {
397 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
400 #endif
401 }
403 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
404 boolean
406 {
408 }
409 #endif
411 void
413 {
414 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
417 #endif
418 }
420 void
422 {
423 #if !defined(LISP_FEATURE_WIN32)
424 /* On Windows, there are no actual signals, but since the win32 port
425 * tracks the sigmask and checks it explicitly, some functions are
426 * still required to keep the mask set up properly. (After all, the
427 * goal of the sigmask emulation is to not have to change all the
428 * call sites in the first place.)
429 *
430 * However, this does not hold for all signals equally: While
431 * deferrables matter ("is interrupt-thread okay?"), it is not worth
432 * having to set up blockables properly (which include the
433 * non-existing GC signals).
434 *
435 * Yet, as the original comment explains it:
436 * Adjusting FREE-INTERRUPT-CONTEXT-INDEX* and other aspecs of
437 * fake_foreign_function_call machinery are sometimes useful here[...].
438 *
439 * So we merely skip this assertion.
440 * -- DFL, trying to expand on a comment by AK.
441 */
444 #endif
445 }
447 #ifndef LISP_FEATURE_SB_SAFEPOINT
448 #if !defined(LISP_FEATURE_WIN32)
449 boolean
451 {
453 }
454 #endif
456 void
458 {
459 #if !defined(LISP_FEATURE_WIN32)
462 #endif
463 }
465 void
467 {
468 #if !defined(LISP_FEATURE_WIN32)
471 #endif
472 }
473 #endif
475 void
477 {
478 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
480 #endif
481 }
483 void
485 {
486 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
488 #endif
489 }
491 void
493 {
494 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
497 #ifndef LISP_FEATURE_SB_SAFEPOINT
499 #endif
501 #endif
502 }
504 #ifndef LISP_FEATURE_SB_SAFEPOINT
505 void
507 {
508 #ifndef LISP_FEATURE_WIN32
510 #endif
511 }
512 #endif
514 void
516 {
517 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
519 #ifndef LISP_FEATURE_SB_SAFEPOINT
526 }
527 #endif
530 }
531 #endif
532 }
533 \f
537 {
543 }
545 /* Save sigset (or the current sigmask if 0) if there is no pending
546 * handler, because that means that deferabbles are already blocked.
547 * The purpose is to avoid losing the pending gc signal if a
548 * deferrable interrupt async unwinds between clearing the pseudo
549 * atomic and trapping to GC.*/
550 #ifndef LISP_FEATURE_SB_SAFEPOINT
551 void
553 {
554 #ifndef LISP_FEATURE_WIN32
557 sigset_t oldset;
558 /* Obviously, this function is called when signals may not be
559 * blocked. Let's make sure we are not interrupted. */
561 #ifndef LISP_FEATURE_SB_THREAD
562 /* With threads a SIG_STOP_FOR_GC and a normal GC may also want to
563 * block. */
566 #endif
572 /* This is the sigmask of some context. */
578 /* Operating on the current sigmask. Save oldset and
579 * unblock gc signals. In the end, this is equivalent to
580 * blocking the deferrables. */
584 }
585 }
587 #endif
588 }
589 #endif
591 /* Are we leaving WITH-GCING and already running with interrupts
592 * enabled, without the protection of *GC-INHIBIT* T and there is gc
593 * (or stop for gc) pending, but we haven't trapped yet? */
594 int
596 {
601 #if defined(LISP_FEATURE_SB_THREAD)
603 #endif
604 ));
605 }
607 /* Check our baroque invariants. */
608 void
610 {
611 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
617 /* On PPC pseudo_atomic_interrupted is cleared when coming out of
618 * handle_allocation_trap. */
619 #if defined(LISP_FEATURE_GENCGC) && !GENCGC_IS_PRECISE
626 #if defined(LISP_FEATURE_SB_SAFEPOINT)
627 /* Don't try to take the gc state lock if there's a chance that
628 * we're already holding it (thread_register_gc_trigger() is
629 * called from PA, gc_stop_the_world() and gc_start_the_world()
630 * are called from WITHOUT-GCING, all other takers of the lock
631 * have deferrables blocked). */
633 WITH_GC_STATE_LOCK {
635 }
636 }
637 #endif
638 /* In the time window between leaving the *INTERRUPTS-ENABLED* NIL
639 * section and trapping, a SIG_STOP_FOR_GC would see the next
640 * check fail, for this reason sig_stop_for_gc handler does not
641 * call this function. */
645 }
649 #if defined(LISP_FEATURE_SB_THREAD)
650 {
659 }
660 #else
664 #endif
665 #endif
677 #ifndef LISP_FEATURE_SB_SAFEPOINT
678 /* If deferrables are unblocked then we are open to signals
679 * that run lisp code. */
681 #endif
682 }
683 #endif
684 }
685 \f
686 /*
687 * utility routines used by various signal handlers
688 */
690 static void
692 {
693 #ifndef LISP_FEATURE_C_STACK_IS_CONTROL_STACK
695 lispobj oldcont;
697 /* Build a fake stack frame or frames */
699 #if !defined(LISP_FEATURE_ARM) && !defined(LISP_FEATURE_ARM64)
706 /* There is a small window during call where the callee's
707 * frame isn't built yet. */
710 /* We have called, but not built the new frame, so
711 * build it for them. */
717 /* Build our frame on top of it. */
719 }
721 /* We haven't yet called, build our frame as if the
722 * partial frame wasn't there. */
724 }
726 #elif defined (LISP_FEATURE_ARM)
729 #elif defined (LISP_FEATURE_ARM64)
732 #endif
733 /* We can't tell whether we are still in the caller if it had to
734 * allocate a stack frame due to stack arguments. */
735 /* This observation provoked some past CMUCL maintainer to ask
736 * "Can anything strange happen during return?" */
737 {
738 /* normal case */
740 }
748 #endif
749 }
751 /* Stores the context for gc to scavange and builds fake stack
752 * frames. */
753 void
755 {
759 /* context_index incrementing must not be interrupted */
762 /* Get current Lisp state from context. */
763 #if defined(LISP_FEATURE_ARM) && !defined(LISP_FEATURE_GENCGC)
765 #endif
766 #ifdef reg_ALLOC
767 #ifdef LISP_FEATURE_SB_THREAD
769 #else
770 dynamic_space_free_pointer =
772 #endif
774 /* fprintf(stderr,"dynamic_space_free_pointer: %p\n", */
775 /* dynamic_space_free_pointer); */
776 #if defined(LISP_FEATURE_ALPHA) || defined(LISP_FEATURE_MIPS)
779 }
780 #endif
781 /* why doesnt PPC and SPARC do something like this: */
782 #if defined(LISP_FEATURE_HPPA)
784 lose("dead in fake_foreign_function_call, context = %x, d_s_f_p = %x\n", context, dynamic_space_free_pointer);
785 }
786 #endif
787 #endif
788 #ifdef reg_BSP
791 #endif
793 #if defined(LISP_FEATURE_ARM)
794 /* Stash our control stack pointer */
797 thread);
798 #endif
802 /* Do dynamic binding of the active interrupt context index
803 * and save the context in the context array. */
804 context_index =
809 }
816 #if !defined(LISP_FEATURE_X86) && !defined(LISP_FEATURE_X86_64)
817 /* x86oid targets don't maintain the foreign function call flag at
818 * all, so leave them to believe that they are never in foreign
819 * code. */
821 #endif
822 }
824 /* blocks all blockable signals. If you are calling from a signal handler,
825 * the usual signal mask will be restored from the context when the handler
826 * finishes. Otherwise, be careful */
827 void
829 {
831 /* Block all blockable signals. */
836 /* Undo dynamic binding of FREE_INTERRUPT_CONTEXT_INDEX */
839 #if defined(LISP_FEATURE_ARM)
840 /* Restore our saved control stack pointer */
843 thread),
844 thread);
846 #endif
848 #if defined(reg_ALLOC) && !defined(LISP_FEATURE_SB_THREAD)
849 /* Put the dynamic space free pointer back into the context. */
854 /*
855 ((uword_t)(*os_context_register_addr(context, reg_ALLOC))
856 & ~LOWTAG_MASK)
857 | ((uword_t) dynamic_space_free_pointer & LOWTAG_MASK);
858 */
859 #endif
860 #if defined(reg_ALLOC) && defined(LISP_FEATURE_SB_THREAD)
861 /* Put the pseudo-atomic bits and dynamic space free pointer back
862 * into the context (p-a-bits for p-a, and dynamic space free
863 * pointer for ROOM). */
867 /* And clear them so we don't get bit later by call-in/call-out
868 * not updating them. */
870 #endif
871 #if defined(LISP_FEATURE_ARM) && !defined(LISP_FEATURE_GENCGC)
873 #endif
874 }
876 /* a handler for the signal caused by execution of a trap opcode
877 * signalling an internal error */
878 void
880 {
887 /* There's no good way to recover from an internal error
888 * before the Lisp error handling mechanism is set up. */
890 }
892 #ifndef LISP_FEATURE_SB_SAFEPOINT
894 #endif
896 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
898 #endif
900 #if defined(LISP_FEATURE_LINUX) && defined(LISP_FEATURE_MIPS)
901 /* Workaround for blocked SIGTRAP. */
902 {
903 sigset_t newset;
907 }
908 #endif
911 #if QSHOW == 2
912 /* Display some rudimentary debugging information about the
913 * error, so that even if the Lisp error handler gets badly
914 * confused, we have a chance to determine what's going on. */
916 #endif
923 }
925 boolean
927 {
931 }
933 void
935 {
936 /* There are three ways we can get here. First, if an interrupt
937 * occurs within pseudo-atomic, it will be deferred, and we'll
938 * trap to here at the end of the pseudo-atomic block. Second, if
939 * the GC (in alloc()) decides that a GC is required, it will set
940 * *GC-PENDING* and pseudo-atomic-interrupted if not *GC-INHIBIT*,
941 * and alloc() is always called from within pseudo-atomic, and
942 * thus we end up here again. Third, when calling GC-ON or at the
943 * end of a WITHOUT-GCING, MAYBE-HANDLE-PENDING-GC will trap to
944 * here if there is a pending GC. Fourth, ahem, at the end of
945 * WITHOUT-INTERRUPTS (bar complications with nesting).
946 *
947 * A fourth way happens with safepoints: In addition to a stop for
948 * GC that is pending, there are thruptions. Both mechanisms are
949 * mostly signal-free, yet also of an asynchronous nature, so it makes
950 * sense to let interrupt_handle_pending take care of running them:
951 * It gets run precisely at those places where it is safe to process
952 * pending asynchronous tasks. */
959 }
964 #ifndef LISP_FEATURE_SB_SAFEPOINT
965 /*
966 * (On safepoint builds, there is no gc_blocked_deferrables nor
967 * SIG_STOP_FOR_GC.)
968 */
969 /* If GC/SIG_STOP_FOR_GC struck during PA and there was no pending
970 * handler, then the pending mask was saved and
971 * gc_blocked_deferrables set. Hence, there can be no pending
972 * handler and it's safe to restore the pending mask.
973 *
974 * Note, that if gc_blocked_deferrables is false we may still have
975 * to GC. In this case, we are coming out of a WITHOUT-GCING or a
976 * pseudo atomic was interrupt be a deferrable first. */
982 /* Restore the saved signal mask from the original signal (the
983 * one that interrupted us during the critical section) into
984 * the os_context for the signal we're currently in the
985 * handler for. This should ensure that when we return from
986 * the handler the blocked signals are unblocked. */
987 #ifndef LISP_FEATURE_WIN32
989 #endif
991 }
992 #endif
997 #if defined(LISP_FEATURE_SB_SAFEPOINT) && defined(LISP_FEATURE_SB_THREAD)
998 /* handles the STOP_FOR_GC_PENDING case, plus THRUPTIONS */
1000 # ifdef LISP_FEATURE_SB_THRUPTION
1003 # endif
1004 ) {
1005 /* We ought to take this chance to do a pitstop now. */
1009 }
1010 #elif defined(LISP_FEATURE_SB_THREAD)
1012 /* STOP_FOR_GC_PENDING and GC_PENDING are cleared by
1013 * the signal handler if it actually stops us. */
1017 #endif
1018 /* Test for T and not for != NIL since the value :IN-PROGRESS
1019 * used to be used in SUB-GC as part of the mechanism to
1020 * supress recursive gcs.*/
1023 /* Two reasons for doing this. First, if there is a
1024 * pending handler we don't want to run. Second, we are
1025 * going to clear pseudo atomic interrupted to avoid
1026 * spurious trapping on every allocation in SUB_GC and
1027 * having a pending handler with interrupts enabled and
1028 * without pseudo atomic interrupted breaks an
1029 * invariant. */
1033 }
1037 /* GC_PENDING is cleared in SUB-GC, or if another thread
1038 * is doing a gc already we will get a SIG_STOP_FOR_GC and
1039 * that will clear it.
1040 *
1041 * If there is a pending handler or gc was triggerred in a
1042 * signal handler then maybe_gc won't run POST_GC and will
1043 * return normally. */
1050 }
1052 /* It's not NIL or T so GC_PENDING is :IN-PROGRESS. If
1053 * GC-PENDING is not NIL then we cannot trap on pseudo
1054 * atomic due to GC (see if(GC_PENDING) logic in
1055 * cheneygc.c an gengcgc.c), plus there is a outer
1056 * WITHOUT-INTERRUPTS SUB_GC, so how did we end up
1057 * here? */
1059 }
1063 /* No GC shall be lost. If SUB_GC triggers another GC then
1064 * that should be handled on the spot. */
1067 #ifdef THREADS_USING_GCSIGNAL
1070 #endif
1071 /* Check two things. First, that gc does not clobber a handler
1072 * that's already pending. Second, that there is no interrupt
1073 * lossage: if original_pending_handler was NULL then even if
1074 * an interrupt arrived during GC (POST-GC, really) it was
1075 * handled. */
1079 }
1081 #ifndef LISP_FEATURE_WIN32
1082 /* There may be no pending handler, because it was only a gc that
1083 * had to be executed or because Lisp is a bit too eager to call
1084 * DO-PENDING-INTERRUPT. */
1087 /* No matter how we ended up here, clear both
1088 * INTERRUPT_PENDING and pseudo atomic interrupted. It's safe
1089 * because we checked above that there is no GC pending. */
1092 /* Restore the sigmask in the context. */
1095 }
1096 #ifdef LISP_FEATURE_SB_THRUPTION
1098 /* Special case for the following situation: There is a
1099 * thruption pending, but a signal had been deferred. The
1100 * pitstop at the top of this function could only take care
1101 * of GC, and skipped the thruption, so we need to try again
1102 * now that INTERRUPT_PENDING and the sigmask have been
1103 * reset. */
1105 ;
1106 #endif
1107 #endif
1108 #ifdef LISP_FEATURE_GENCGC
1111 #endif
1112 /* It is possible that the end of this function was reached
1113 * without never actually doing anything, the tests in Lisp for
1114 * when to call receive-pending-interrupt are not exact. */
1116 }
1117 \f
1119 void
1121 {
1122 boolean were_in_lisp;
1127 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
1130 #endif
1136 }
1140 {
1142 }
1146 signal));
1150 /* This can happen if someone tries to ignore or default one
1151 * of the signals we need for runtime support, and the runtime
1152 * support decides to pass on it. */
1156 /* Once we've decided what to do about contexts in a
1157 * return-elsewhere world (the original context will no longer
1158 * be available; should we copy it or was nobody using it anyway?)
1159 * then we should convert this to return-elsewhere */
1161 /* CMUCL comment said "Allocate the SAPs while the interrupts
1162 * are still disabled.". I (dan, 2003.08.21) assume this is
1163 * because we're not in pseudoatomic and allocation shouldn't
1164 * be interrupted. In which case it's no longer an issue as
1165 * all our allocation from C now goes through a PA wrapper,
1166 * but still, doesn't hurt.
1167 *
1168 * Yeah, but non-gencgc platforms don't really wrap allocation
1169 * in PA. MG - 2005-08-29 */
1172 #ifndef LISP_FEATURE_SB_SAFEPOINT
1173 /* Leave deferrable signals blocked, the handler itself will
1174 * allow signals again when it sees fit. */
1176 #else
1178 #endif
1187 info_sap,
1188 context_sap);
1189 }
1191 /* This cannot happen in sane circumstances. */
1195 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
1196 /* Allow signals again. */
1199 #endif
1200 }
1203 {
1205 }
1209 signal));
1210 }
1212 /* This is called at the end of a critical section if the indications
1213 * are that some signal was deferred during the section. Note that as
1214 * far as C or the kernel is concerned we dealt with the signal
1215 * already; we're just doing the Lisp-level processing now that we
1216 * put off then */
1217 static void
1219 {
1220 /* The pending_handler may enable interrupts and then another
1221 * interrupt may hit, overwrite interrupt_data, so reset the
1222 * pending handler before calling it. Trust the handler to finish
1223 * with the siginfo before enabling interrupts. */
1230 }
1232 #ifndef LISP_FEATURE_WIN32
1233 boolean
1236 {
1248 /* If interrupts are disabled then INTERRUPT_PENDING is set and
1249 * not PSEDUO_ATOMIC_INTERRUPTED. This is important for a pseudo
1250 * atomic section inside a WITHOUT-INTERRUPTS.
1251 *
1252 * Also, if in_leaving_without_gcing_race_p then
1253 * interrupt_handle_pending is going to be called soon, so
1254 * stashing the signal away is safe.
1255 */
1266 }
1267 /* a slightly confusing test. arch_pseudo_atomic_atomic() doesn't
1268 * actually use its argument for anything on x86, so this branch
1269 * may succeed even when context is null (gencgc alloc()) */
1278 }
1286 }
1288 static void
1292 {
1304 signal));
1309 /* the signal mask in the context (from before we were
1310 * interrupted) is copied to be restored when run_deferred_handler
1311 * happens. Then the usually-blocked signals are added to the mask
1312 * in the context so that we are running with blocked signals when
1313 * the handler returns */
1316 }
1318 static void
1320 {
1326 RESTORE_ERRNO;
1327 }
1329 static void
1332 {
1333 /* No FP control fixage needed, caller has done that. */
1337 }
1339 static void
1341 {
1349 RESTORE_ERRNO;
1350 }
1351 #endif
1353 #ifdef THREADS_USING_GCSIGNAL
1355 /* This function must not cons, because that may trigger a GC. */
1356 void
1358 {
1360 boolean was_in_lisp;
1362 /* Test for GC_INHIBIT _first_, else we'd trap on every single
1363 * pseudo atomic until gc is finally allowed. */
1372 maybe_save_gc_mask_and_block_deferrables
1375 }
1379 /* Not PA and GC not inhibited -- we can stop now. */
1384 /* need the context stored so it can have registers scavenged */
1386 }
1388 /* Not pending anymore. */
1392 /* Consider this: in a PA section GC is requested: GC_PENDING,
1393 * pseudo_atomic_interrupted and gc_blocked_deferrables are set,
1394 * deferrables are blocked then pseudo_atomic_atomic is cleared,
1395 * but a SIG_STOP_FOR_GC arrives before trapping to
1396 * interrupt_handle_pending. Here, GC_PENDING is cleared but
1397 * pseudo_atomic_interrupted is not and we go on running with
1398 * pseudo_atomic_interrupted but without a pending interrupt or
1399 * GC. GC_BLOCKED_DEFERRABLES is also left at 1. So let's tidy it
1400 * up. */
1407 }
1412 }
1417 /* While waiting for gc to finish occupy ourselves with zeroing
1418 * the unused portion of the control stack to reduce conservatism.
1419 * On the platforms with threads and exact gc it is
1420 * actually a must. */
1429 }
1433 }
1434 }
1436 #endif
1438 void
1440 {
1442 #ifndef LISP_FEATURE_WIN32
1444 #if !(defined(LISP_FEATURE_LINUX) || defined(LISP_FEATURE_ANDROID))
1446 #endif
1447 )
1450 #endif
1452 RESTORE_ERRNO;
1453 }
1455 /* manipulate the signal context and stack such that when the handler
1456 * returns, it will call function instead of whatever it was doing
1457 * previously
1458 */
1460 #if (defined(LISP_FEATURE_X86) || defined(LISP_FEATURE_X86_64))
1462 #endif
1468 void
1470 call_into_lisp_lookalike funptr,
1471 lispobj function)
1472 {
1473 #if !(defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_SAFEPOINT))
1474 check_gc_signals_unblocked_or_lose
1476 #endif
1477 #if !(defined(LISP_FEATURE_X86) || defined(LISP_FEATURE_X86_64))
1480 #endif
1482 /* Build a stack frame showing `interrupted' so that the
1483 * user's backtrace makes (as much) sense (as usual) */
1485 /* fp state is saved and restored by call_into_lisp */
1486 /* FIXME: errno is not restored, but since current uses of this
1487 * function only call Lisp code that signals an error, it's not
1488 * much of a problem. In other words, running out of the control
1489 * stack between a syscall and (GET-ERRNO) may clobber errno if
1490 * something fails during signalling or in the handler. But I
1491 * can't see what can go wrong as long as there is no CONTINUE
1492 * like restart on them. */
1493 #ifdef LISP_FEATURE_X86
1494 /* Suppose the existence of some function that saved all
1495 * registers, called call_into_lisp, then restored GP registers and
1496 * returned. It would look something like this:
1498 push ebp
1499 mov ebp esp
1500 pushfl
1501 pushal
1502 push $0
1503 push $0
1504 pushl {address of function to call}
1505 call 0x8058db0 <call_into_lisp>
1506 addl $12,%esp
1507 popal
1508 popfl
1509 leave
1510 ret
1512 * What we do here is set up the stack that call_into_lisp would
1513 * expect to see if it had been called by this code, and frob the
1514 * signal context so that signal return goes directly to call_into_lisp,
1515 * and when that function (and the lisp function it invoked) returns,
1516 * it returns to the second half of this imaginary function which
1517 * restores all registers and returns to C
1519 * For this to work, the latter part of the imaginary function
1520 * must obviously exist in reality. That would be post_signal_tramp
1521 */
1523 #ifndef LISP_FEATURE_DARWIN
1525 #endif
1527 #if defined(LISP_FEATURE_DARWIN)
1530 FSHOW_SIGNAL((stderr, "/arrange_return_to_lisp_function: preparing to go to function %x, sp: %x\n", function,
1532 FSHOW_SIGNAL((stderr, "/arrange_return_to_lisp_function: context: %x, &context %x\n", context, &context));
1534 /* 1. os_validate (malloc/mmap) register_save_block
1535 * 2. copy register state into register_save_block
1536 * 3. put a pointer to register_save_block in a register in the context
1537 * 4. set the context's EIP to point to a trampoline which:
1538 * a. builds the fake stack frame from the block
1539 * b. frees the block
1540 * c. calls the function
1541 */
1557 #else
1559 /* return address for call_into_lisp: */
1564 /* this order matches that used in POPAD */
1569 /* POPAD ignores the value of ESP: */
1580 #endif
1582 #elif defined(LISP_FEATURE_X86_64)
1585 /* return address for call_into_lisp: */
1598 /* skip RBP and RSP */
1611 #else
1614 #endif
1616 #ifdef LISP_FEATURE_X86
1618 #if !defined(LISP_FEATURE_DARWIN)
1622 #ifdef __NetBSD__
1625 #else
1630 #elif defined(LISP_FEATURE_X86_64)
1635 #else
1636 /* this much of the calling convention is common to all
1637 non-x86 ports */
1640 #ifdef reg_LIP
1643 #endif
1646 #endif
1647 #ifdef ARCH_HAS_NPC_REGISTER
1650 #endif
1651 #if defined(LISP_FEATURE_SPARC) || defined(LISP_FEATURE_ARM) || defined(LISP_FEATURE_ARM64)
1654 #endif
1657 }
1659 void
1661 {
1662 #if defined(LISP_FEATURE_DARWIN) && defined(LISP_FEATURE_X86)
1665 function);
1666 #else
1668 #endif
1669 }
1671 // These have undefined_alien_function tramp in x-assem.S
1672 #if !(defined(LISP_FEATURE_X86_64) || defined(LISP_FEATURE_ARM) || defined(LISP_FEATURE_ARM64))
1673 /* KLUDGE: Theoretically the approach we use for undefined alien
1674 * variables should work for functions as well, but on PPC/Darwin
1675 * we get bus error at bogus addresses instead, hence this workaround,
1676 * that has the added benefit of automatically discriminating between
1677 * functions and variables.
1678 */
1679 void
1681 {
1683 }
1684 #endif
1687 {
1692 }
1695 {
1701 }
1703 /* Called from the REPL, too. */
1705 {
1709 }
1710 }
1712 boolean
1714 {
1721 }
1724 /* We hit the end of the control stack: disable guard page
1725 * protection so the error handler has some headroom, protect the
1726 * previous page so that we can catch returns from the guard page
1727 * and restore it. */
1731 #ifdef LISP_FEATURE_C_STACK_IS_CONTROL_STACK
1732 /* For the unfortunate case, when the control stack is
1733 * exhausted in a signal handler. */
1735 #endif
1736 arrange_return_to_lisp_function
1739 }
1742 /* We're returning from the guard page: reprotect it, and
1743 * unprotect this one. This works even if we somehow missed
1744 * the return-guard-page, and hit it on our way to new
1745 * exhaustion instead. */
1750 }
1754 }
1761 /* For the unfortunate case, when the binding stack is
1762 * exhausted in a signal handler. */
1764 arrange_return_to_lisp_function
1767 }
1774 }
1778 }
1785 /* For the unfortunate case, when the alien stack is
1786 * exhausted in a signal handler. */
1788 arrange_return_to_lisp_function
1791 }
1798 }
1801 arrange_return_to_lisp_function
1804 }
1806 }
1807 \f
1808 /*
1809 * noise to install handlers
1810 */
1812 #ifndef LISP_FEATURE_WIN32
1813 /* In Linux 2.4 synchronous signals (sigtrap & co) can be delivered if
1814 * they are blocked, in Linux 2.6 the default handler is invoked
1815 * instead that usually coredumps. One might hastily think that adding
1816 * SA_NODEFER helps, but until ~2.6.13 if SA_NODEFER is specified then
1817 * the whole sa_mask is ignored and instead of not adding the signal
1818 * in question to the mask. That means if it's not blockable the
1819 * signal must be unblocked at the beginning of signal handlers.
1820 *
1821 * It turns out that NetBSD's SA_NODEFER doesn't DTRT in a different
1822 * way: if SA_NODEFER is set and the signal is in sa_mask, the signal
1823 * will be unblocked in the sigmask during the signal handler. -- RMK
1824 * X-mas day, 2005
1825 */
1828 #define SA_NODEFER_TEST_BLOCK_SIGNAL SIGABRT
1829 #define SA_NODEFER_TEST_KILL_SIGNAL SIGUSR1
1831 static void
1833 {
1834 sigset_t current;
1837 /* There should be exactly two blocked signals: the two we added
1838 * to sa_mask when setting up the handler. NetBSD doesn't block
1839 * the signal we're handling when SA_NODEFER is set; Linux before
1840 * 2.6.13 or so also doesn't block the other signal when
1841 * SA_NODEFER is set. */
1847 }
1850 }
1852 static void
1854 {
1863 /* Make sure no signals are blocked. */
1864 {
1865 sigset_t empty;
1868 }
1872 }
1874 #undef SA_NODEFER_TEST_BLOCK_SIGNAL
1875 #undef SA_NODEFER_TEST_KILL_SIGNAL
1877 #if defined(LISP_FEATURE_SB_SAFEPOINT_STRICTLY) && !defined(LISP_FEATURE_WIN32)
1881 {
1883 os_context_t fake_context;
1884 siginfo_t fake_info;
1885 #ifdef LISP_FEATURE_PPC
1886 mcontext_t uc_regs;
1887 #endif
1891 #ifdef LISP_FEATURE_PPC
1894 #endif
1899 #endif
1904 }
1906 static void
1908 {
1912 /* alloc() is not re-entrant and still uses pseudo atomic (even though
1913 * inline allocation does not). In this case, give up. */
1923 /* And we're back. We know that the SIGPROF handler never unwinds
1924 * non-locally, and can simply swap things back: */
1930 cleanup:
1932 RESTORE_ERRNO;
1933 }
1935 static void
1937 {
1940 pthread_attr_t attr;
1941 pthread_t th;
1952 RESTORE_ERRNO;
1955 lost:
1957 }
1958 #endif
1960 static void
1962 {
1964 sigset_t unblock;
1970 RESTORE_ERRNO;
1971 }
1973 static void
1975 {
1977 sigset_t unblock;
1983 RESTORE_ERRNO;
1984 }
1986 static void
1988 {
1991 RESTORE_ERRNO;
1992 }
1994 void
1996 interrupt_handler_t handler)
1997 {
2002 }
2011 else
2014 #ifdef LISP_FEATURE_SB_THRUPTION
2015 /* It's in `deferrable_sigset' so that we block&unblock it properly,
2016 * but we don't actually want to defer it. And if we put it only
2017 * into blockable_sigset, we'd have to special-case it around thread
2018 * creation at least. */
2021 #endif
2026 #if defined(LISP_FEATURE_C_STACK_IS_CONTROL_STACK)
2029 # ifdef LISP_FEATURE_SB_SAFEPOINT
2032 # endif
2033 }
2034 #endif
2039 }
2040 #endif
2042 /* This is called from Lisp. */
2043 uword_t
2046 {
2047 #ifndef LISP_FEATURE_WIN32
2049 sigset_t old;
2062 #ifdef LISP_FEATURE_SB_SAFEPOINT_STRICTLY
2067 #endif
2073 else
2080 }
2090 #else
2091 /* Probably-wrong Win32 hack */
2093 #endif
2094 }
2096 /* This must not go through lisp as it's allowed anytime, even when on
2097 * the altstack. */
2098 void
2100 {
2101 /* Save the interrupt context. No need to undo it, since lose()
2102 * shouldn't return. */
2105 }
2107 void
2109 {
2110 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
2113 #ifndef LISP_FEATURE_WIN32
2115 #endif
2122 #endif
2124 #ifndef LISP_FEATURE_WIN32
2125 /* Set up high level handler information. */
2128 /* (The cast here blasts away the distinction between
2129 * SA_SIGACTION-style three-argument handlers and
2130 * signal(..)-style one-argument handlers, which is OK
2131 * because it works to call the 1-argument form where the
2132 * 3-argument form is expected.) */
2134 }
2136 #endif
2138 }
2140 #ifndef LISP_FEATURE_WIN32
2141 int
2143 {
2145 }
2147 void
2149 {
2150 /* If we lose on corruption, provide LDB with debugging information. */
2153 /* To allow debugging memory faults in signal handlers and such. */
2155 addr,
2157 #ifdef ARCH_HAS_STACK_POINTER
2159 #else
2160 0
2161 #endif
2162 );
2163 #ifdef LISP_FEATURE_C_STACK_IS_CONTROL_STACK
2164 # if !(defined(LISP_FEATURE_X86) || defined(LISP_FEATURE_X86_64))
2165 # error memory fault emulation needs validating for this architecture
2166 # endif
2167 /* We're on the altstack, and don't want to run Lisp code here, so
2168 * we need to return from this signal handler. But when we get to
2169 * Lisp we'd like to have a signal context (with correct values in
2170 * it) to present to the debugger, along with knowledge of what
2171 * the faulting address was. To get a signal context on the main
2172 * stack, we arrange to return to a trap instruction. To get the
2173 * correct program counter in the context, we save it on the stack
2174 * here and restore it to the context in the trap handler. To
2175 * pass the fault address, we save it on the stack here and pick
2176 * it up in the trap handler. And the stack pointer manipulation
2177 * works as long as the on-stack side only pops items in its trap
2178 * handler. */
2184 # ifdef LISP_FEATURE_X86
2185 /* KLUDGE: x86-linux sp_addr doesn't affect the CPU on return */
2187 # else
2189 # endif
2192 /* We exit here, letting the signal handler return, picking up at
2193 * memory_fault_emulation_trap (in target-assem.S), which will
2194 * trap, and the handler calls the function below, where we
2195 * restore our state to parallel what a non-x86oid would have, and
2196 * then run the common code for handling the error in Lisp. */
2197 }
2199 void
2201 {
2205 # ifdef LISP_FEATURE_X86
2206 /* KLUDGE: x86-linux sp_addr doesn't affect the CPU on return */
2208 # else
2210 # endif
2213 /* On x86oids, we're in handle_memory_fault_emulation_trap().
2214 * On real computers, we're still in lisp_memory_fault_error(). */
2215 #ifndef LISP_FEATURE_SB_SAFEPOINT
2217 #endif
2223 }
2226 static void
2228 {
2231 #ifndef LISP_FEATURE_SB_SAFEPOINT
2233 #endif
2235 #if !defined(LISP_FEATURE_WIN32) || defined(LISP_FEATURE_SB_THREAD)
2237 #endif
2240 }
2242 /* Common logic for trapping instructions. How we actually handle each
2243 * case is highly architecture dependent, but the overall shape is
2244 * this. */
2245 void
2247 {
2249 #if !(defined(LISP_FEATURE_WIN32) && defined(LISP_FEATURE_SB_THREAD))
2255 #endif
2258 #ifdef trap_InvalidArgCount
2260 #endif
2270 #ifdef trap_AfterBreakpoint
2274 #endif
2275 #ifdef trap_SingleStepAround
2280 #endif
2281 #ifdef trap_GlobalSafepoint
2294 #endif
2295 #if defined(LISP_FEATURE_SPARC) && defined(LISP_FEATURE_GENCGC)
2300 #endif
2301 #if defined(LISP_FEATURE_C_STACK_IS_CONTROL_STACK) && !defined(LISP_FEATURE_WIN32)
2305 #endif
2311 }
2312 }