Fixes <https://bugs.gnu.org/70144>.
Fixes a bug whereby ‘system*’ would change the handler of SIGINT and
SIGQUIT to SIG_IGN in a racy fashion, possibly competing with calls to
‘sigaction’ in Scheme in another thread.
This is a followup to 527c257d6e, which
witch to ‘posix_spawn’, ensuring signals are properly dealt with when
creating child processes.
* libguile/posix.c (restore_sigaction, scm_dynwind_sigaction): Remove.
(scm_system_star): Remove sigaction dynwind around call to
‘piped_process’.
* NEWS: Update.
Reported-by: Christopher Baines <mail@cbaines.net>
Fixes <https://bugs.gnu.org/68087>.
* libguile/scmsigs.h (scm_i_signals_pre_fork, scm_i_signals_post_fork):
New declarations.
(scm_i_signal_delivery_thread): Change type to SCM..
* libguile/threads.c (scm_all_threads): Adjust accordingly and exclude
threads that have ‘t->exited’. Access ‘thread_count’ after grabbing
‘thread_admin_mutex’.
* libguile/posix.c (scm_fork): Add calls to ‘scm_i_signals_pre_fork’ and
‘scm_i_signals_post_fork’.
* libguile/scmsigs.c (signal_delivery_thread): Close signal_pipe[0] upon
exit and set it to -1.
(once): New file-global variable, moved from…
(scm_i_ensure_signal_delivery_thread): … here.
(stop_signal_delivery_thread, scm_i_signals_pre_fork)
(scm_i_signals_post_fork): New functions.
* test-suite/standalone/test-sigaction-fork: New file.
* test-suite/standalone/Makefile.am (check_SCRIPTS, TESTS): Add it.
clearenv() may not be provided by non-glibc systems. As a fallback,
just set environ to NULL.
* libguile/posix.c (scm_environ)[!HAVE_CLEARENV]: add fallback logic
for clearenv()
'nice' is marked as 'warn_unused_result' on some versions
of Ubuntu which causes make distcheck to fail.
This implements the error checking logic exactly as POSIX suggests
to silence the warning.
* libguile/posix.c (scm_nice): new error checking logic.
When calling `environ', Guile set the global variable `environ' to a
list allocated with the GC. Strings in it are also allocated with the
GC.
However, if an user call the Scheme setenv() procedure, the resulting
call to putenv() in libc might reallocate `environ' to a new pointer
while copying sub-pointers owned by Guile in it.
This results in the GC marking these strings for reclamation when they
are actually still present in `environ'. Thus, the values in the
environment are now undefined.
To fix this, Guile should only manipulate the `environ' using the
standard libc functions. This ensures that concurrent modification of
it is safe in multi-threaded program. Therefore, the procedure
`environ' now call the libc clearenv() procedure to purge the
environment. Then, the desired values are put in `environ' using
scm_putenv(). At the end, no GC allocated memory is put in `environ'.
Also, since `environ' can be changed at anytime in a multi-thread
program, emit a warning stipulating that the result is undefined
behavior if multiple threads are created in the program. Consider for
example a thread iterating over `environ' while another one do a call to
putenv(). The latter would do a realloc() on `environ' and thus the old
array read by the former now contains garbage.
On system where clearenv() is not present, an atomic store of NULL with
sequential consistency to `environ' should be sufficient but see the
NOTES of clearenv(3).
* libguile/posix.c (scm_environ): Do not store GC allocated memory in
environ.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
In Guile 3.0.9, 'system*' would no longer open /dev/null for file
descriptors 0, 1, and 2 when its 'current-input-port',
'current-output-port', or 'current-output-port' is not bound to a file
port. This patch reinstates that behavior.
Fixes <https://bugs.gnu.org/63024>.
* libguile/posix.c (piped_process): Open /dev/null to use as in/out/err
if the corresponding port is not backed by a file descriptor.
* test-suite/tests/posix.test ("system*")["https://bugs.gnu.org/63024"]:
New test.
* NEWS: Update.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* configure.ac: Check for 'posix_spawn_file_actions_addclosefrom_np'.
* libguile/posix.c (HAVE_ADDCLOSEFROM): New macro.
(close_inherited_fds): Wrap in #ifdef HAVE_ADDCLOSEFROM.
(do_spawn) [HAVE_ADDCLOSEFROM]: Use 'posix_spawn_file_actions_addclosefrom_np'.
This reverts 9332b63240, thereby
reinstating the performance issue in <https://bugs.gnu.org/59321>.
This optimization was subject to race conditions in multi-threaded code:
new file descriptors could pop up at any time and thus leak in the
child.
* libguile/posix.c (close_inherited_fds): Remove.
(close_inherited_fds_slow): Rename to...
(close_inherited_fds): ... this.
Fixes <https://bugs.gnu.org/61095>.
Reported by Omar Polo <op@omarpolo.com>.
* libguile/posix.c (close_inherited_fds_slow): On systems other than
GNU/Linux, call 'addclose' only when 'fcntl' succeeds on MAX_FD.
* NEWS: Update.
Fixes <https://bugs.gnu.org/61073>.
* libguile/posix.c (FDES_FROM_PORT_OR_INTEGER): When OBJ is not an
integer, use 'SCM_VALIDATE_OPFPORT' before using 'SCM_FPORT_FDES'.
* test-suite/tests/posix.test ("spawn")["non-file port argument"]: New
test.
Fixes <https://bugs.gnu.org/60971>.
Reported by lloda <lloda@sarc.name> and Greg Troxel <gdt@lexort.com>.
On macOS and NetBSD, 'WEXITSTATUS' expects an lvalue so the expression
passed to 'verify' would be invalid.
* libguile/posix.c: Move 'verify' assertion within #ifdef.
Fixes <https://bugs.gnu.org/59321>.
Reported by <hylophile@posteo.de>.
Some systems provide "/proc/self/fd" which is a directory containing an
entry for each open file descriptor in the current process. We use this
to limit the number of close() calls needed to ensure file descriptors
aren't leaked to the child process when forking.
* libguile/posix.c (close_inherited_fds_slow):
(close_inherited_fds): New static helper functions.
(scm_spawn_process): Attempt to close inherited file descriptors
efficiently using 'close_inherited_fds', falling back to the brute-force
approach in 'close_inherited_fds_slow'.
* NEWS: Update.
This is the same strategy as used for the 'accept4' bindings introduced
in 6e0965104c.
* libguile/posix.c (scm_pipe): Rename to...
(scm_pipe2): ... this. Add an optional 'flags' parameter and honor it.
(scm_pipe): Rewrite as a call to 'scm_pipe2'.
* libguile/posix.h (scm_pipe2): New declaration.
* test-suite/tests/posix.test ("pipe"): New tests.
* configure.ac: Look for 'pipe2'.
* NEWS: Update.
Fixes <https://bugs.gnu.org/55596>.
Reported by Hugo Nobrega <hugonobrega@ic.ufrj.br>
and Jack Hill <jackhill@jackhill.us>.
* libguile/posix.c (start_child): Close OUT only if it's greater than 2.
* test-suite/tests/posix.test ("system*")["exit code for nonexistent file"]
["https://bugs.gnu.org/55596"]: New tests.
Partly fixes <https://bugs.gnu.org/41948>.
Previously, the child process could end up using the same 'sleep_pipe'
as its parent, leading to a race condition handling signals.
* libguile/posix.c (do_fork): New function.
(scm_fork): Call 'do_fork' via 'scm_without_guile'.
* test-suite/standalone/test-signal-fork: New test.
* test-suite/standalone/Makefile.am (check_SCRIPTS, TESTS): Add it.
* doc/ref/posix.texi (File System): Update to document mkstemp only.
* libguile/filesys.c: Make a mkstemp that doesn't modify the input
template. Instead the caller has to get the file name from
port-filename.
(scm_mkstemp): Use the new mkstemp to implement mkstemp!. Can't
deprecate yet though as the replacement hasn't been there for long
enough.
* libguile/posix.c (scm_tempnam): Update to mention mkstemp instead.
* module/system/base/compile.scm (call-with-output-file/atomic): Use
mkstemp.
* test-suite/tests/posix.test:
* test-suite/tests/r6rs-files.test: Use mkstemp.
* NEWS: Update.
Previously, in the case where OUT is 0, or ERR is 0 or 1,
e.g. when (current-error-port) points to STDOUT, the code in
'start_child' to relocate OUT/ERR out of the way to another file
descriptor had multiple bugs:
(1) It neglected to close the original file descriptor.
(2) It checked 'errno' without first checking the return value of
dup(2). This doesn't work because dup(2) leaves 'errno' unchanged
if there's no error.
(3) In case 'errno' contained EINTR, the retry code failed because
OUT (or ERR) was overwritten by the result of the previous failed
dup(2) call.
This commit fixes these problems, as well as another problem with
'execvp' error reporting.
* libguile/posix.c (renumber_file_descriptor): New static helper
function.
(start_child): Use 'renumber_file_descriptor'. If 'execvp' fails, write
the error message to file descriptor 2. Previously, we wrote the error
message to ERR, which was the old file descriptor before being relocated
to 2.
Partial fix for <https://bugs.gnu.org/33044>.
Reported by Tom de Vries <tdevries@suse.de>.
Fix several instances of the mistake of using 'scm_from_locale_*' for C
strings that originally came from a C string literal. Change several
uses of 'scm_from_latin1_*' as well, to promote the practice of writing
code that works for arbitrary C string literals.
Also add missing years to the copyright notices of changed files, based
on the git history.
* libguile/debug-malloc.c, libguile/deprecation.c, libguile/error.c,
libguile/eval.c, libguile/expand.c, libguile/extensions.c,
libguile/filesys.c, libguile/init.c, libguile/load.c,
libguile/modules.c, libguile/pairs.c, libguile/posix.c,
libguile/print.c, libguile/random.c, libguile/read.c,
libguile/regex-posix.c, libguile/snarf.h, libguile/srfi-13.c,
libguile/stacks.c, libguile/stime.c, libguile/strports.c,
libguile/values.c: Use 'scm_from_utf8_*' where appropriate.
Partial fix for <https://bugs.gnu.org/33044>.
Reported by Tom de Vries <tdevries@suse.de>.
Fix several instances of the mistake of using 'scm_from_locale_*' for C
strings that originally came from a C string literal. Change several
uses of 'scm_from_latin1_*' as well, to promote the practice of writing
code that works for arbitrary C string literals.
Also add missing years to the copyright notices of changed files, based
on the git history.
* libguile/debug-malloc.c, libguile/deprecation.c, libguile/error.c,
libguile/eval.c, libguile/expand.c, libguile/extensions.c,
libguile/filesys.c, libguile/init.c, libguile/load.c,
libguile/modules.c, libguile/pairs.c, libguile/posix.c,
libguile/print.c, libguile/random.c, libguile/read.c,
libguile/regex-posix.c, libguile/snarf.h, libguile/srfi-13.c,
libguile/stacks.c, libguile/stime.c, libguile/strports.c,
libguile/values.c: Use 'scm_from_utf8_*' where appropriate.
* libguile/posix.c (scm_crypt): Take 'scm_i_misc_mutex' right before
calling 'crypt'. Move 'SCM_SYSERROR' call after 'scm_dynwind_end'.
* test-suite/tests/posix.test ("crypt"): New test prefix.
* libguile/scm.h (scm_tc7_values): New tc7. Never seen by Scheme, so we
don't need to update it anywhere else.
* libguile/values.h (scm_is_values): New public static inline function.
(scm_i_nvalues, scm_i_value_ref): New private static inline
functions.
(SCM_VALUESP): Use scm_is_value.
(scm_values_2, scm_values_3): New functions.
(scm_values_vtable): Remove; values objects are not structs any more.
* libguile/values.c (scm_i_extract_values_2): Adapt to new values
representation.
(print_values): Remove now-unused function.
(scm_c_nvalues): Use scm_i_nvalues.
(scm_c_value_ref): Use scm_i_value_ref.
(scm_values, scm_c_values): Make the new-style objects, which store
their values inline.
(scm_values_2, scm_values_3): New helpers, to avoid consing little
useless lists.
* libguile/vm-engine.c (halt, subr-call)
* libguile/eval.c (eval): Adapt to new values representation.
* libguile/i18n.c (scm_locale_string_to_integer)
(scm_locale_string_to_integer)
* libguile/numbers.c (scm_i_floor_divide, scm_i_ceiling_divide)
(scm_i_truncate_divide, scm_i_centered_divide, scm_i_round_divide)
(scm_i_exact_integer_sqrt)
* libguile/r6rs-ports.c (make_bytevector_output_port)
* libguile/srfi-1.c (scm_srfi1_partition, scm_srfi1_partition_x)
* libguile/srfi-14.c (scm_char_set_diff_plus_intersection)
(scm_char_set_diff_plus_intersection_x)
* libguile/posix.c (scm_getrlimit, scm_open_process): Adapt to use
scm_values_2 or scm_values_3.
* libguile/print.c (iprin1): Add printer for values objects.
As the FSF advises, 'There is no legal significance to using the
three-character sequence “(C)”, but it does no harm.' It does take up
space though! For that reason, we remove it here from our C files.
