/* $NetBSD: refuse_signals.c,v 1.1 2022/01/22 07:53:06 pho Exp $ */
/*
* Copyright (c) 2021 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
#if !defined(lint)
__RCSID("$NetBSD: refuse_signals.c,v 1.1 2022/01/22 07:53:06 pho Exp $");
#endif /* !lint */
#include <assert.h>
#include <fuse_internal.h>
#if defined(MULTITHREADED_REFUSE)
# include <pthread.h>
#endif
#include <signal.h>
#include <stdlib.h>
#include <string.h>
/* Signal handling routines
*
* FUSE only supports running a single filesystem per process. ReFUSE
* is going to allow a process to run a filesystem per thread. In
* order to support this, our implementation of
* fuse_set_signal_handlers() installs a set of signal handlers which,
* when invoked, terminates all the filesystems that called the
* function. This means our fuse_remove_signal_handlers() must not
* actually remove the signal handlers until the last thread calls the
* function.
*
* FUSE installs a signal handler for a signal only if its sa_handler
* is set to SIG_DFL. This obviously has a bad consequence: if the
* caller process already has a non-default signal handler for SIGINT,
* Ctrl-C will not stop the main loop of FUSE. See
* https://stackoverflow.com/q/5044375/3571336
*
* Maybe we should do the same knowing it's bad, but it's probably
* better to call our handler along with the old one. We may change
* this behavior if this turns out to cause serious compatibility
* issues.
*
* Also note that it is tempting to use puffs_unmountonsignal(3) but
* we can't, because there is no way to revert its effect.
*/
#if defined(MULTITHREADED_REFUSE)
/* A mutex to protect the global state regarding signal handlers. When
* a thread is going to lock this, it must block all the signals (with
* pthread_sigmask(3)) that we install a handler for, or otherwise it
* may deadlock for trying to acquire a lock that is already held by
* itself. */
static pthread_mutex_t signal_mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/* Saved sigaction for each signal before we modify them. */
static struct sigaction* saved_actions[NSIG];
/* A linked list of "struct fuse*" which should be terminated upon
* receiving a signal. */
struct refuse_obj_elem {
struct fuse* fuse;
struct refuse_obj_elem* next;
};
static struct refuse_obj_elem* fuse_head;
#if defined(MULTITHREADED_REFUSE)
static int
block_signals(sigset_t* oset) {
sigset_t set;
if (sigemptyset(&set) != 0)
return -1;
if (sigaddset(&set, SIGHUP) != 0)
return -1;
if (sigaddset(&set, SIGINT) != 0)
return -1;
if (sigaddset(&set, SIGTERM) != 0)
return -1;
return pthread_sigmask(SIG_BLOCK, &set, oset);
}
static int
unblock_signals(const sigset_t* oset) {
return pthread_sigmask(SIG_SETMASK, oset, NULL);
}
#endif /* defined(MULTITHREADED_REFUSE) */
/* handler == NULL means the signal should be ignored. */
static int
set_signal_handler(int sig, void (*handler)(int, siginfo_t*, void*)) {
struct sigaction* saved;
struct sigaction act;
saved = malloc(sizeof(*saved));
if (!saved)
return -1;
if (sigaction(sig, NULL, saved) != 0) {
free(saved);
return -1;
}
saved_actions[sig] = saved;
memset(&act, 0, sizeof(act));
if (handler) {
act.sa_sigaction = handler;
act.sa_flags = SA_SIGINFO;
}
else {
/* Ignore the signal only if the signal doesn't have a
* handler. */
if (!(saved->sa_flags & SA_SIGINFO) && saved->sa_handler == SIG_DFL)
act.sa_handler = SIG_IGN;
else
return 0;
}
if (sigemptyset(&act.sa_mask) != 0) {
free(saved);
saved_actions[sig] = NULL;
return -1;
}
return sigaction(sig, &act, NULL);
}
static int
restore_signal_handler(int sig, void (*handler)(int, siginfo_t*, void*)) {
struct sigaction oact;
struct sigaction* saved;
saved = saved_actions[sig];
assert(saved != NULL);
if (sigaction(sig, NULL, &oact) != 0)
return -1;
/* Has the sigaction changed since we installed our handler? Do
* nothing if so. */
if (handler) {
if (!(oact.sa_flags & SA_SIGINFO) || oact.sa_sigaction != handler)
goto done;
}
else {
if (oact.sa_handler != SIG_IGN)
goto done;
}
if (sigaction(sig, saved, NULL) != 0)
return -1;
done:
free(saved);
saved_actions[sig] = NULL;
return 0;
}
static void
exit_handler(int sig, siginfo_t* info, void* ctx) {
struct refuse_obj_elem* elem;
struct sigaction* saved;
#if defined(MULTITHREADED_REFUSE)
int rv;
/* pthread_mutex_lock(3) is NOT an async-signal-safe function. We
* assume it's okay, as the thread running this handler shouldn't
* be locking this mutex. */
rv = pthread_mutex_lock(&signal_mutex);
assert(rv == 0);
#endif
for (elem = fuse_head; elem != NULL; elem = elem->next)
fuse_exit(elem->fuse);
#if defined(MULTITHREADED_REFUSE)
rv = pthread_mutex_unlock(&signal_mutex);
assert(rv == 0);
#endif
saved = saved_actions[sig];
assert(saved != NULL);
if (saved->sa_handler != SIG_DFL && saved->sa_handler != SIG_IGN) {
if (saved->sa_flags & SA_SIGINFO)
saved->sa_sigaction(sig, info, ctx);
else
saved->sa_handler(sig);
}
}
/* The original function appeared on FUSE 2.5 takes a pointer to
* "struct fuse_session" instead of "struct fuse". We have no such
* things as fuse sessions.
*/
int
__fuse_set_signal_handlers(struct fuse* fuse) {
int ret = 0;
struct refuse_obj_elem* elem;
#if defined(MULTITHREADED_REFUSE)
int rv;
sigset_t oset;
rv = block_signals(&oset);
assert(rv == 0);
rv = pthread_mutex_lock(&signal_mutex);
assert(rv == 0);
#endif
/* Have we already installed our signal handlers? If the list is
* empty, it means we have not. */
if (fuse_head == NULL) {
if (set_signal_handler(SIGHUP, exit_handler) != 0 ||
set_signal_handler(SIGINT, exit_handler) != 0 ||
set_signal_handler(SIGTERM, exit_handler) != 0 ||
set_signal_handler(SIGPIPE, NULL) != 0) {
ret = -1;
goto done;
}
}
/* Add ourselves to the list of filesystems that want to be
* terminated upon receiving a signal. But only if we aren't
* already in the list. */
for (elem = fuse_head; elem != NULL; elem = elem->next) {
if (elem->fuse == fuse)
goto done;
}
elem = malloc(sizeof(*elem));
if (!elem) {
ret = -1;
goto done;
}
elem->fuse = fuse;
elem->next = fuse_head;
fuse_head = elem;
done:
#if defined(MULTITHREADED_REFUSE)
rv = pthread_mutex_unlock(&signal_mutex);
assert(rv == 0);
rv = unblock_signals(&oset);
assert(rv == 0);
#endif
return ret;
}
int
__fuse_remove_signal_handlers(struct fuse* fuse) {
int ret = 0;
struct refuse_obj_elem* prev;
struct refuse_obj_elem* elem;
#if defined(MULTITHREADED_REFUSE)
int rv;
sigset_t oset;
rv = block_signals(&oset);
assert(rv == 0);
rv = pthread_mutex_lock(&signal_mutex);
assert(rv == 0);
#endif
/* Remove ourselves from the list. */
for (prev = NULL, elem = fuse_head;
elem != NULL;
prev = elem, elem = elem->next) {
if (elem->fuse == fuse) {
if (prev)
prev->next = elem->next;
else
fuse_head = elem->next;
free(elem);
}
}
/* Restore handlers if we were the last one. */
if (fuse_head == NULL) {
if (restore_signal_handler(SIGHUP, exit_handler) == -1 ||
restore_signal_handler(SIGINT, exit_handler) == -1 ||
restore_signal_handler(SIGTERM, exit_handler) == -1 ||
restore_signal_handler(SIGPIPE, NULL) == -1) {
ret = -1;
}
}
#if defined(MULTITHREADED_REFUSE)
rv = pthread_mutex_unlock(&signal_mutex);
assert(rv == 0);
rv = unblock_signals(&oset);
assert(rv == 0);
#endif
return ret;
}