1#![doc(test(attr(deny(warnings))))]
2#![warn(missing_docs)]
3#![allow(unknown_lints, renamed_and_remove_lints, bare_trait_objects)]
4
5//! Backend of the [signal-hook] crate.
6//!
7//! The [signal-hook] crate tries to provide an API to the unix signals, which are a global
8//! resource. Therefore, it is desirable an application contains just one version of the crate
9//! which manages this global resource. But that makes it impossible to make breaking changes in
10//! the API.
11//!
12//! Therefore, this crate provides very minimal and low level API to the signals that is unlikely
13//! to have to change, while there may be multiple versions of the [signal-hook] that all use this
14//! low-level API to provide different versions of the high level APIs.
15//!
16//! It is also possible some other crates might want to build a completely different API. This
17//! split allows these crates to still reuse the same low-level routines in this crate instead of
18//! going to the (much more dangerous) unix calls.
19//!
20//! # What this crate provides
21//!
22//! The only thing this crate does is multiplexing the signals. An application or library can add
23//! or remove callbacks and have multiple callbacks for the same signal.
24//!
25//! It handles dispatching the callbacks and managing them in a way that uses only the
26//! [async-signal-safe] functions inside the signal handler. Note that the callbacks are still run
27//! inside the signal handler, so it is up to the caller to ensure they are also
28//! [async-signal-safe].
29//!
30//! # What this is for
31//!
32//! This is a building block for other libraries creating reasonable abstractions on top of
33//! signals. The [signal-hook] is the generally preferred way if you need to handle signals in your
34//! application and provides several safe patterns of doing so.
35//!
36//! # Rust version compatibility
37//!
38//! Currently builds on 1.26.0 an newer and this is very unlikely to change. However, tests
39//! require dependencies that don't build there, so tests need newer Rust version (they are run on
40//! stable).
41//!
42//! # Portability
43//!
44//! This crate includes a limited support for Windows, based on `signal`/`raise` in the CRT.
45//! There are differences in both API and behavior:
46//!
47//! - Due to lack of `siginfo_t`, we don't provide `register_sigaction` or `register_unchecked`.
48//! - Due to lack of signal blocking, there's a race condition.
49//! After the call to `signal`, there's a moment where we miss a signal.
50//! That means when you register a handler, there may be a signal which invokes
51//! neither the default handler or the handler you register.
52//! - Handlers registered by `signal` in Windows are cleared on first signal.
53//! To match behavior in other platforms, we re-register the handler each time the handler is
54//! called, but there's a moment where we miss a handler.
55//! That means when you receive two signals in a row, there may be a signal which invokes
56//! the default handler, nevertheless you certainly have registered the handler.
57//!
58//! [signal-hook]: https://docs.rs/signal-hook
59//! [async-signal-safe]: http://www.man7.org/linux/man-pages/man7/signal-safety.7.html
60
61extern crate libc;
62
63mod half_lock;
64
65use std::collections::hash_map::Entry;
66use std::collections::{BTreeMap, HashMap};
67use std::io::Error;
68use std::mem;
69#[cfg(not(windows))]
70use std::ptr;
71// Once::new is now a const-fn. But it is not stable in all the rustc versions we want to support
72// yet.
73#[allow(deprecated)]
74use std::sync::ONCE_INIT;
75use std::sync::{Arc, Once};
76
77#[cfg(not(windows))]
78use libc::{c_int, c_void, sigaction, siginfo_t};
79#[cfg(windows)]
80use libc::{c_int, sighandler_t};
81
82#[cfg(not(windows))]
83use libc::{SIGFPE, SIGILL, SIGKILL, SIGSEGV, SIGSTOP};
84#[cfg(windows)]
85use libc::{SIGFPE, SIGILL, SIGSEGV};
86
87use half_lock::HalfLock;
88
89// These constants are not defined in the current version of libc, but it actually
90// exists in Windows CRT.
91#[cfg(windows)]
92const SIG_DFL: sighandler_t = 0;
93#[cfg(windows)]
94const SIG_IGN: sighandler_t = 1;
95#[cfg(windows)]
96const SIG_GET: sighandler_t = 2;
97#[cfg(windows)]
98const SIG_ERR: sighandler_t = !0;
99
100// To simplify implementation. Not to be exposed.
101#[cfg(windows)]
102#[allow(non_camel_case_types)]
103struct siginfo_t;
104
105// # Internal workings
106//
107// This uses a form of RCU. There's an atomic pointer to the current action descriptors (in the
108// form of IndependentArcSwap, to be able to track what, if any, signal handlers still use the
109// version). A signal handler takes a copy of the pointer and calls all the relevant actions.
110//
111// Modifications to that are protected by a mutex, to avoid juggling multiple signal handlers at
112// once (eg. not calling sigaction concurrently). This should not be a problem, because modifying
113// the signal actions should be initialization only anyway. To avoid all allocations and also
114// deallocations inside the signal handler, after replacing the pointer, the modification routine
115// needs to busy-wait for the reference count on the old pointer to drop to 1 and take ownership ‒
116// that way the one deallocating is the modification routine, outside of the signal handler.
117
118#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)]
119struct ActionId(u128);
120
121/// An ID of registered action.
122///
123/// This is returned by all the registration routines and can be used to remove the action later on
124/// with a call to [`unregister`].
125#[derive(Copy, Clone, Debug, Eq, PartialEq, Ord, PartialOrd, Hash)]
126pub struct SigId {
127 signal: c_int,
128 action: ActionId,
129}
130
131// This should be dyn Fn(...), but we want to support Rust 1.26.0 and that one doesn't allow dyn
132// yet.
133#[allow(unknown_lints, bare_trait_objects)]
134type Action = Fn(&siginfo_t) + Send + Sync;
135
136#[derive(Clone)]
137struct Slot {
138 prev: Prev,
139 // We use BTreeMap here, because we want to run the actions in the order they were inserted.
140 // This works, because the ActionIds are assigned in an increasing order.
141 actions: BTreeMap<ActionId, Arc<Action>>,
142}
143
144impl Slot {
145 #[cfg(windows)]
146 fn new(signal: libc::c_int) -> Result<Self, Error> {
147 let old = unsafe { libc::signal(signal, handler as sighandler_t) };
148 if old == SIG_ERR {
149 return Err(Error::last_os_error());
150 }
151 Ok(Slot {
152 prev: Prev { signal, info: old },
153 actions: BTreeMap::new(),
154 })
155 }
156
157 #[cfg(not(windows))]
158 fn new(signal: libc::c_int) -> Result<Self, Error> {
159 // C data structure, expected to be zeroed out.
160 let mut new: libc::sigaction = unsafe { mem::zeroed() };
161 #[cfg(not(target_os = "aix"))]
162 { new.sa_sigaction = handler as usize; }
163 #[cfg(target_os = "aix")]
164 { new.sa_union.__su_sigaction = handler; }
165 // Android is broken and uses different int types than the rest (and different depending on
166 // the pointer width). This converts the flags to the proper type no matter what it is on
167 // the given platform.
168 let flags = libc::SA_RESTART;
169 #[allow(unused_assignments)]
170 let mut siginfo = flags;
171 siginfo = libc::SA_SIGINFO as _;
172 let flags = flags | siginfo;
173 new.sa_flags = flags as _;
174 // C data structure, expected to be zeroed out.
175 let mut old: libc::sigaction = unsafe { mem::zeroed() };
176 // FFI ‒ pointers are valid, it doesn't take ownership.
177 if unsafe { libc::sigaction(signal, &new, &mut old) } != 0 {
178 return Err(Error::last_os_error());
179 }
180 Ok(Slot {
181 prev: Prev { signal, info: old },
182 actions: BTreeMap::new(),
183 })
184 }
185}
186
187#[derive(Clone)]
188struct SignalData {
189 signals: HashMap<c_int, Slot>,
190 next_id: u128,
191}
192
193#[derive(Clone)]
194struct Prev {
195 signal: c_int,
196 #[cfg(windows)]
197 info: sighandler_t,
198 #[cfg(not(windows))]
199 info: sigaction,
200}
201
202impl Prev {
203 #[cfg(windows)]
204 fn detect(signal: c_int) -> Result<Self, Error> {
205 let old = unsafe { libc::signal(signal, SIG_GET) };
206 if old == SIG_ERR {
207 return Err(Error::last_os_error());
208 }
209 Ok(Prev { signal, info: old })
210 }
211
212 #[cfg(not(windows))]
213 fn detect(signal: c_int) -> Result<Self, Error> {
214 // C data structure, expected to be zeroed out.
215 let mut old: libc::sigaction = unsafe { mem::zeroed() };
216 // FFI ‒ pointers are valid, it doesn't take ownership.
217 if unsafe { libc::sigaction(signal, ptr::null(), &mut old) } != 0 {
218 return Err(Error::last_os_error());
219 }
220
221 Ok(Prev { signal, info: old })
222 }
223
224 #[cfg(windows)]
225 fn execute(&self, sig: c_int) {
226 let fptr = self.info;
227 if fptr != 0 && fptr != SIG_DFL && fptr != SIG_IGN {
228 // FFI ‒ calling the original signal handler.
229 unsafe {
230 let action = mem::transmute::<usize, extern "C" fn(c_int)>(fptr);
231 action(sig);
232 }
233 }
234 }
235
236 #[cfg(not(windows))]
237 unsafe fn execute(&self, sig: c_int, info: *mut siginfo_t, data: *mut c_void) {
238 #[cfg(not(target_os = "aix"))]
239 let fptr = self.info.sa_sigaction;
240 #[cfg(target_os = "aix")]
241 let fptr = self.info.sa_union.__su_sigaction as usize;
242 if fptr != 0 && fptr != libc::SIG_DFL && fptr != libc::SIG_IGN {
243 // Android is broken and uses different int types than the rest (and different
244 // depending on the pointer width). This converts the flags to the proper type no
245 // matter what it is on the given platform.
246 //
247 // The trick is to create the same-typed variable as the sa_flags first and then
248 // set it to the proper value (does Rust have a way to copy a type in a different
249 // way?)
250 #[allow(unused_assignments)]
251 let mut siginfo = self.info.sa_flags;
252 siginfo = libc::SA_SIGINFO as _;
253 if self.info.sa_flags & siginfo == 0 {
254 let action = mem::transmute::<usize, extern "C" fn(c_int)>(fptr);
255 action(sig);
256 } else {
257 type SigAction = extern "C" fn(c_int, *mut siginfo_t, *mut c_void);
258 let action = mem::transmute::<usize, SigAction>(fptr);
259 action(sig, info, data);
260 }
261 }
262 }
263}
264
265/// Lazy-initiated data structure with our global variables.
266///
267/// Used inside a structure to cut down on boilerplate code to lazy-initialize stuff. We don't dare
268/// use anything fancy like lazy-static or once-cell, since we are not sure they are
269/// async-signal-safe in their access. Our code uses the [Once], but only on the write end outside
270/// of signal handler. The handler assumes it has already been initialized.
271struct GlobalData {
272 /// The data structure describing what needs to be run for each signal.
273 data: HalfLock<SignalData>,
274
275 /// A fallback to fight/minimize a race condition during signal initialization.
276 ///
277 /// See the comment inside [`register_unchecked_impl`].
278 race_fallback: HalfLock<Option<Prev>>,
279}
280
281static mut GLOBAL_DATA: Option<GlobalData> = None;
282#[allow(deprecated)]
283static GLOBAL_INIT: Once = ONCE_INIT;
284
285impl GlobalData {
286 fn get() -> &'static Self {
287 unsafe { GLOBAL_DATA.as_ref().unwrap() }
288 }
289 fn ensure() -> &'static Self {
290 GLOBAL_INIT.call_once(|| unsafe {
291 GLOBAL_DATA = Some(GlobalData {
292 data: HalfLock::new(SignalData {
293 signals: HashMap::new(),
294 next_id: 1,
295 }),
296 race_fallback: HalfLock::new(None),
297 });
298 });
299 Self::get()
300 }
301}
302
303#[cfg(windows)]
304extern "C" fn handler(sig: c_int) {
305 if sig != SIGFPE {
306 // Windows CRT `signal` resets handler every time, unless for SIGFPE.
307 // Reregister the handler to retain maximal compatibility.
308 // Problems:
309 // - It's racy. But this is inevitably racy in Windows.
310 // - Interacts poorly with handlers outside signal-hook-registry.
311 let old = unsafe { libc::signal(sig, handler as sighandler_t) };
312 if old == SIG_ERR {
313 // MSDN doesn't describe which errors might occur,
314 // but we can tell from the Linux manpage that
315 // EINVAL (invalid signal number) is mostly the only case.
316 // Therefore, this branch must not occur.
317 // In any case we can do nothing useful in the signal handler,
318 // so we're going to abort silently.
319 unsafe {
320 libc::abort();
321 }
322 }
323 }
324
325 let globals = GlobalData::get();
326 let fallback = globals.race_fallback.read();
327 let sigdata = globals.data.read();
328
329 if let Some(ref slot) = sigdata.signals.get(&sig) {
330 slot.prev.execute(sig);
331
332 for action in slot.actions.values() {
333 action(&siginfo_t);
334 }
335 } else if let Some(prev) = fallback.as_ref() {
336 // In case we get called but don't have the slot for this signal set up yet, we are under
337 // the race condition. We may have the old signal handler stored in the fallback
338 // temporarily.
339 if sig == prev.signal {
340 prev.execute(sig);
341 }
342 // else -> probably should not happen, but races with other threads are possible so
343 // better safe
344 }
345}
346
347#[cfg(not(windows))]
348extern "C" fn handler(sig: c_int, info: *mut siginfo_t, data: *mut c_void) {
349 let globals = GlobalData::get();
350 let fallback = globals.race_fallback.read();
351 let sigdata = globals.data.read();
352
353 if let Some(slot) = sigdata.signals.get(&sig) {
354 unsafe { slot.prev.execute(sig, info, data) };
355
356 let info = unsafe { info.as_ref() };
357 let info = info.unwrap_or_else(|| {
358 // The info being null seems to be illegal according to POSIX, but has been observed on
359 // some probably broken platform. We can't do anything about that, that is just broken,
360 // but we are not allowed to panic in a signal handler, so we are left only with simply
361 // aborting. We try to write a message what happens, but using the libc stuff
362 // (`eprintln` is not guaranteed to be async-signal-safe).
363 unsafe {
364 const MSG: &[u8] =
365 b"Platform broken, got NULL as siginfo to signal handler. Aborting";
366 libc::write(2, MSG.as_ptr() as *const _, MSG.len());
367 libc::abort();
368 }
369 });
370
371 for action in slot.actions.values() {
372 action(info);
373 }
374 } else if let Some(prev) = fallback.as_ref() {
375 // In case we get called but don't have the slot for this signal set up yet, we are under
376 // the race condition. We may have the old signal handler stored in the fallback
377 // temporarily.
378 if prev.signal == sig {
379 unsafe { prev.execute(sig, info, data) };
380 }
381 // else -> probably should not happen, but races with other threads are possible so
382 // better safe
383 }
384}
385
386/// List of forbidden signals.
387///
388/// Some signals are impossible to replace according to POSIX and some are so special that this
389/// library refuses to handle them (eg. SIGSEGV). The routines panic in case registering one of
390/// these signals is attempted.
391///
392/// See [`register`].
393pub const FORBIDDEN: &[c_int] = FORBIDDEN_IMPL;
394
395#[cfg(windows)]
396const FORBIDDEN_IMPL: &[c_int] = &[SIGILL, SIGFPE, SIGSEGV];
397#[cfg(not(windows))]
398const FORBIDDEN_IMPL: &[c_int] = &[SIGKILL, SIGSTOP, SIGILL, SIGFPE, SIGSEGV];
399
400/// Registers an arbitrary action for the given signal.
401///
402/// This makes sure there's a signal handler for the given signal. It then adds the action to the
403/// ones called each time the signal is delivered. If multiple actions are set for the same signal,
404/// all are called, in the order of registration.
405///
406/// If there was a previous signal handler for the given signal, it is chained ‒ it will be called
407/// as part of this library's signal handler, before any actions set through this function.
408///
409/// On success, the function returns an ID that can be used to remove the action again with
410/// [`unregister`].
411///
412/// # Panics
413///
414/// If the signal is one of (see [`FORBIDDEN`]):
415///
416/// * `SIGKILL`
417/// * `SIGSTOP`
418/// * `SIGILL`
419/// * `SIGFPE`
420/// * `SIGSEGV`
421///
422/// The first two are not possible to override (and the underlying C functions simply ignore all
423/// requests to do so, which smells of possible bugs, or return errors). The rest can be set, but
424/// generally needs very special handling to do so correctly (direct manipulation of the
425/// application's address space, `longjmp` and similar). Unless you know very well what you're
426/// doing, you'll shoot yourself into the foot and this library won't help you with that.
427///
428/// # Errors
429///
430/// Since the library manipulates signals using the low-level C functions, all these can return
431/// errors. Generally, the errors mean something like the specified signal does not exist on the
432/// given platform ‒ after a program is debugged and tested on a given OS, it should never return
433/// an error.
434///
435/// However, if an error *is* returned, there are no guarantees if the given action was registered
436/// or not.
437///
438/// # Safety
439///
440/// This function is unsafe, because the `action` is run inside a signal handler. The set of
441/// functions allowed to be called from within is very limited (they are called async-signal-safe
442/// functions by POSIX). These specifically do *not* contain mutexes and memory
443/// allocation/deallocation. They *do* contain routines to terminate the program, to further
444/// manipulate signals (by the low-level functions, not by this library) and to read and write file
445/// descriptors. Calling program's own functions consisting only of these is OK, as is manipulating
446/// program's variables ‒ however, as the action can be called on any thread that does not have the
447/// given signal masked (by default no signal is masked on any thread), and mutexes are a no-go,
448/// this is harder than it looks like at first.
449///
450/// As panicking from within a signal handler would be a panic across FFI boundary (which is
451/// undefined behavior), the passed handler must not panic.
452///
453/// If you find these limitations hard to satisfy, choose from the helper functions in the
454/// [signal-hook](https://docs.rs/signal-hook) crate ‒ these provide safe interface to use some
455/// common signal handling patters.
456///
457/// # Race condition
458///
459/// Upon registering the first hook for a given signal into this library, there's a short race
460/// condition under the following circumstances:
461///
462/// * The program already has a signal handler installed for this particular signal (through some
463/// other library, possibly).
464/// * Concurrently, some other thread installs a different signal handler while it is being
465/// installed by this library.
466/// * At the same time, the signal is delivered.
467///
468/// Under such conditions signal-hook might wrongly "chain" to the older signal handler for a short
469/// while (until the registration is fully complete).
470///
471/// Note that the exact conditions of the race condition might change in future versions of the
472/// library. The recommended way to avoid it is to register signals before starting any additional
473/// threads, or at least not to register signals concurrently.
474///
475/// Alternatively, make sure all signals are handled through this library.
476///
477/// # Performance
478///
479/// Even when it is possible to repeatedly install and remove actions during the lifetime of a
480/// program, the installation and removal is considered a slow operation and should not be done
481/// very often. Also, there's limited (though huge) amount of distinct IDs (they are `u128`).
482///
483/// # Examples
484///
485/// ```rust
486/// extern crate signal_hook_registry;
487///
488/// use std::io::Error;
489/// use std::process;
490///
491/// fn main() -> Result<(), Error> {
492/// let signal = unsafe {
493/// signal_hook_registry::register(signal_hook::consts::SIGTERM, || process::abort())
494/// }?;
495/// // Stuff here...
496/// signal_hook_registry::unregister(signal); // Not really necessary.
497/// Ok(())
498/// }
499/// ```
500pub unsafe fn register<F>(signal: c_int, action: F) -> Result<SigId, Error>
501where
502 F: Fn() + Sync + Send + 'static,
503{
504 register_sigaction_impl(signal, move |_: &_| action())
505}
506
507/// Register a signal action.
508///
509/// This acts in the same way as [`register`], including the drawbacks, panics and performance
510/// characteristics. The only difference is the provided action accepts a [`siginfo_t`] argument,
511/// providing information about the received signal.
512///
513/// # Safety
514///
515/// See the details of [`register`].
516#[cfg(not(windows))]
517pub unsafe fn register_sigaction<F>(signal: c_int, action: F) -> Result<SigId, Error>
518where
519 F: Fn(&siginfo_t) + Sync + Send + 'static,
520{
521 register_sigaction_impl(signal, action)
522}
523
524unsafe fn register_sigaction_impl<F>(signal: c_int, action: F) -> Result<SigId, Error>
525where
526 F: Fn(&siginfo_t) + Sync + Send + 'static,
527{
528 assert!(
529 !FORBIDDEN.contains(&signal),
530 "Attempted to register forbidden signal {}",
531 signal,
532 );
533 register_unchecked_impl(signal, action)
534}
535
536/// Register a signal action without checking for forbidden signals.
537///
538/// This acts in the same way as [`register_unchecked`], including the drawbacks, panics and
539/// performance characteristics. The only difference is the provided action doesn't accept a
540/// [`siginfo_t`] argument.
541///
542/// # Safety
543///
544/// See the details of [`register`].
545pub unsafe fn register_signal_unchecked<F>(signal: c_int, action: F) -> Result<SigId, Error>
546where
547 F: Fn() + Sync + Send + 'static,
548{
549 register_unchecked_impl(signal, move |_: &_| action())
550}
551
552/// Register a signal action without checking for forbidden signals.
553///
554/// This acts the same way as [`register_sigaction`], but without checking for the [`FORBIDDEN`]
555/// signals. All the signals passed are registered and it is up to the caller to make some sense of
556/// them.
557///
558/// Note that you really need to know what you're doing if you change eg. the `SIGSEGV` signal
559/// handler. Generally, you don't want to do that. But unlike the other functions here, this
560/// function still allows you to do it.
561///
562/// # Safety
563///
564/// See the details of [`register`].
565#[cfg(not(windows))]
566pub unsafe fn register_unchecked<F>(signal: c_int, action: F) -> Result<SigId, Error>
567where
568 F: Fn(&siginfo_t) + Sync + Send + 'static,
569{
570 register_unchecked_impl(signal, action)
571}
572
573unsafe fn register_unchecked_impl<F>(signal: c_int, action: F) -> Result<SigId, Error>
574where
575 F: Fn(&siginfo_t) + Sync + Send + 'static,
576{
577 let globals = GlobalData::ensure();
578 let action = Arc::from(action);
579
580 let mut lock = globals.data.write();
581
582 let mut sigdata = SignalData::clone(&lock);
583 let id = ActionId(sigdata.next_id);
584 sigdata.next_id += 1;
585
586 match sigdata.signals.entry(signal) {
587 Entry::Occupied(mut occupied) => {
588 assert!(occupied.get_mut().actions.insert(id, action).is_none());
589 }
590 Entry::Vacant(place) => {
591 // While the sigaction/signal exchanges the old one atomically, we are not able to
592 // atomically store it somewhere a signal handler could read it. That poses a race
593 // condition where we could lose some signals delivered in between changing it and
594 // storing it.
595 //
596 // Therefore we first store the old one in the fallback storage. The fallback only
597 // covers the cases where the slot is not yet active and becomes "inert" after that,
598 // even if not removed (it may get overwritten by some other signal, but for that the
599 // mutex in globals.data must be unlocked here - and by that time we already stored the
600 // slot.
601 //
602 // And yes, this still leaves a short race condition when some other thread could
603 // replace the signal handler and we would be calling the outdated one for a short
604 // time, until we install the slot.
605 globals
606 .race_fallback
607 .write()
608 .store(Some(Prev::detect(signal)?));
609
610 let mut slot = Slot::new(signal)?;
611 slot.actions.insert(id, action);
612 place.insert(slot);
613 }
614 }
615
616 lock.store(sigdata);
617
618 Ok(SigId { signal, action: id })
619}
620
621/// Removes a previously installed action.
622///
623/// This function does nothing if the action was already removed. It returns true if it was removed
624/// and false if the action wasn't found.
625///
626/// It can unregister all the actions installed by [`register`] as well as the ones from downstream
627/// crates (like [`signal-hook`](https://docs.rs/signal-hook)).
628///
629/// # Warning
630///
631/// This does *not* currently return the default/previous signal handler if the last action for a
632/// signal was just unregistered. That means that if you replaced for example `SIGTERM` and then
633/// removed the action, the program will effectively ignore `SIGTERM` signals from now on, not
634/// terminate on them as is the default action. This is OK if you remove it as part of a shutdown,
635/// but it is not recommended to remove termination actions during the normal runtime of
636/// application (unless the desired effect is to create something that can be terminated only by
637/// SIGKILL).
638pub fn unregister(id: SigId) -> bool {
639 let globals = GlobalData::ensure();
640 let mut replace = false;
641 let mut lock = globals.data.write();
642 let mut sigdata = SignalData::clone(&lock);
643 if let Some(slot) = sigdata.signals.get_mut(&id.signal) {
644 replace = slot.actions.remove(&id.action).is_some();
645 }
646 if replace {
647 lock.store(sigdata);
648 }
649 replace
650}
651
652// We keep this one here for strict backwards compatibility, but the API is kind of bad. One can
653// delete actions that don't belong to them, which is kind of against the whole idea of not
654// breaking stuff for others.
655#[deprecated(
656 since = "1.3.0",
657 note = "Don't use. Can influence unrelated parts of program / unknown actions"
658)]
659#[doc(hidden)]
660pub fn unregister_signal(signal: c_int) -> bool {
661 let globals = GlobalData::ensure();
662 let mut replace = false;
663 let mut lock = globals.data.write();
664 let mut sigdata = SignalData::clone(&lock);
665 if let Some(slot) = sigdata.signals.get_mut(&signal) {
666 if !slot.actions.is_empty() {
667 slot.actions.clear();
668 replace = true;
669 }
670 }
671 if replace {
672 lock.store(sigdata);
673 }
674 replace
675}
676
677#[cfg(test)]
678mod tests {
679 use std::sync::atomic::{AtomicUsize, Ordering};
680 use std::sync::Arc;
681 use std::thread;
682 use std::time::Duration;
683
684 #[cfg(not(windows))]
685 use libc::{pid_t, SIGUSR1, SIGUSR2};
686
687 #[cfg(windows)]
688 use libc::SIGTERM as SIGUSR1;
689 #[cfg(windows)]
690 use libc::SIGTERM as SIGUSR2;
691
692 use super::*;
693
694 #[test]
695 #[should_panic]
696 fn panic_forbidden() {
697 let _ = unsafe { register(SIGILL, || ()) };
698 }
699
700 /// Registering the forbidden signals is allowed in the _unchecked version.
701 #[test]
702 #[allow(clippy::redundant_closure)] // Clippy, you're wrong. Because it changes the return value.
703 fn forbidden_raw() {
704 unsafe { register_signal_unchecked(SIGFPE, || std::process::abort()).unwrap() };
705 }
706
707 #[test]
708 fn signal_without_pid() {
709 let status = Arc::new(AtomicUsize::new(0));
710 let action = {
711 let status = Arc::clone(&status);
712 move || {
713 status.store(1, Ordering::Relaxed);
714 }
715 };
716 unsafe {
717 register(SIGUSR2, action).unwrap();
718 libc::raise(SIGUSR2);
719 }
720 for _ in 0..10 {
721 thread::sleep(Duration::from_millis(100));
722 let current = status.load(Ordering::Relaxed);
723 match current {
724 // Not yet
725 0 => continue,
726 // Good, we are done with the correct result
727 _ if current == 1 => return,
728 _ => panic!("Wrong result value {}", current),
729 }
730 }
731 panic!("Timed out waiting for the signal");
732 }
733
734 #[test]
735 #[cfg(not(windows))]
736 fn signal_with_pid() {
737 let status = Arc::new(AtomicUsize::new(0));
738 let action = {
739 let status = Arc::clone(&status);
740 move |siginfo: &siginfo_t| {
741 // Hack: currently, libc exposes only the first 3 fields of siginfo_t. The pid
742 // comes somewhat later on. Therefore, we do a Really Ugly Hack and define our
743 // own structure (and hope it is correct on all platforms). But hey, this is
744 // only the tests, so we are going to get away with this.
745 #[repr(C)]
746 struct SigInfo {
747 _fields: [c_int; 3],
748 #[cfg(all(target_pointer_width = "64", target_os = "linux"))]
749 _pad: c_int,
750 pid: pid_t,
751 }
752 let s: &SigInfo = unsafe {
753 (siginfo as *const _ as usize as *const SigInfo)
754 .as_ref()
755 .unwrap()
756 };
757 status.store(s.pid as usize, Ordering::Relaxed);
758 }
759 };
760 let pid;
761 unsafe {
762 pid = libc::getpid();
763 register_sigaction(SIGUSR2, action).unwrap();
764 libc::raise(SIGUSR2);
765 }
766 for _ in 0..10 {
767 thread::sleep(Duration::from_millis(100));
768 let current = status.load(Ordering::Relaxed);
769 match current {
770 // Not yet (PID == 0 doesn't happen)
771 0 => continue,
772 // Good, we are done with the correct result
773 _ if current == pid as usize => return,
774 _ => panic!("Wrong status value {}", current),
775 }
776 }
777 panic!("Timed out waiting for the signal");
778 }
779
780 /// Check that registration works as expected and that unregister tells if it did or not.
781 #[test]
782 fn register_unregister() {
783 let signal = unsafe { register(SIGUSR1, || ()).unwrap() };
784 // It was there now, so we can unregister
785 assert!(unregister(signal));
786 // The next time unregistering does nothing and tells us so.
787 assert!(!unregister(signal));
788 }
789}
790