1SIGNAL-SAFETY(7) Linux Programmer's Manual SIGNAL-SAFETY(7)
2
6 signal-safety - async-signal-safe functions
7
9 An async-signal-safe function is one that can be safely called from
10 within a signal handler. Many functions are not async-signal-safe. In
11 particular, nonreentrant functions are generally unsafe to call from a
12 signal handler.
13 The kinds of issues that render a function unsafe can be quickly under‐
15 stood when one considers the implementation of the stdio library, all
16 of whose functions are not async-signal-safe.
17 When performing buffered I/O on a file, the stdio functions must main‐
19 tain a statically allocated data buffer along with associated counters
20 and indexes (or pointers) that record the amount of data and the cur‐
21 rent position in the buffer. Suppose that the main program is in the
22 middle of a call to a stdio function such as printf(3) where the buffer
23 and associated variables have been partially updated. If, at that
24 moment, the program is interrupted by a signal handler that also calls
25 printf(3), then the second call to printf(3) will operate on inconsis‐
26 tent data, with unpredictable results.
27 To avoid problems with unsafe functions, there are two possible
29 choices:
30 1. Ensure that (a) the signal handler calls only async-signal-safe
32 functions, and (b) the signal handler itself is reentrant with
33 respect to global variables in the main program.
34 2. Block signal delivery in the main program when calling functions
36 that are unsafe or operating on global data that is also accessed by
37 the signal handler.
38 Generally, the second choice is difficult in programs of any complex‐
40 ity, so the first choice is taken.
41 POSIX.1 specifies a set of functions that an implementation must make
43 async-signal-safe. (An implementation may provide safe implementations
44 of additional functions, but this is not required by the standard and
45 other implementations may not provide the same guarantees.) In gen‐
46 eral, a function is async-signal-safe either because it is reentrant or
47 because it is atomic with respect to signals (i.e., its execution can't
48 be interrupted by a signal handler).
49 The set of functions required to be async-signal-safe by POSIX.1 is
51 shown in the following table. The functions not otherwise noted were
52 required to be async-signal-safe in POSIX.1-2001; the table details
53 changes in the subsequent standards.
54 Function Notes
56 abort(3) Added in POSIX.1-2003
57 accept(2)
58 access(2)
59 aio_error(3)
60 aio_return(3)
61 aio_suspend(3) See notes below
62 alarm(2)
63 bind(2)
64 cfgetispeed(3)
65 cfgetospeed(3)
66 cfsetispeed(3)
68 cfsetospeed(3)
69 chdir(2)
70 chmod(2)
71 chown(2)
72 clock_gettime(2)
73 close(2)
74 connect(2)
75 creat(2)
76 dup(2)
77 dup2(2)
78 execl(3) Added in POSIX.1-2008; see notes below
79 execle(3) See notes below
80 execv(3) Added in POSIX.1-2008
81 execve(2)
82 _exit(2)
83 _Exit(2)
84 faccessat(2) Added in POSIX.1-2008
85 fchdir(2) Added in POSIX.1-2013
86 fchmod(2)
87 fchmodat(2) Added in POSIX.1-2008
88 fchown(2)
89 fchownat(2) Added in POSIX.1-2008
90 fcntl(2)
91 fdatasync(2)
92 fexecve(3) Added in POSIX.1-2008
93 ffs(3) Added in POSIX.1-2016
94 fork(2) See notes below
95 fstat(2)
96 fstatat(2) Added in POSIX.1-2008
97 fsync(2)
98 ftruncate(2)
99 futimens(3) Added in POSIX.1-2008
100 getegid(2)
101 geteuid(2)
102 getgid(2)
103 getgroups(2)
104 getpeername(2)
105 getpgrp(2)
106 getpid(2)
107 getppid(2)
108 getsockname(2)
109 getsockopt(2)
110 getuid(2)
111 htonl(3) Added in POSIX.1-2016
112 htons(3) Added in POSIX.1-2016
113 kill(2)
114 link(2)
115 linkat(2) Added in POSIX.1-2008
116 listen(2)
117 longjmp(3) Added in POSIX.1-2016; see notes below
118 lseek(2)
119 lstat(2)
120 memccpy(3) Added in POSIX.1-2016
121 memchr(3) Added in POSIX.1-2016
122 memcmp(3) Added in POSIX.1-2016
123 memcpy(3) Added in POSIX.1-2016
124 memmove(3) Added in POSIX.1-2016
125 memset(3) Added in POSIX.1-2016
126 mkdir(2)
127 mkdirat(2) Added in POSIX.1-2008
128 mkfifo(3)
129 mkfifoat(3) Added in POSIX.1-2008
130 mknod(2) Added in POSIX.1-2008
131 mknodat(2) Added in POSIX.1-2008
132 ntohl(3) Added in POSIX.1-2016
134 ntohs(3) Added in POSIX.1-2016
135 open(2)
136 openat(2) Added in POSIX.1-2008
137 pause(2)
138 pipe(2)
139 poll(2)
140 posix_trace_event(3)
141 pselect(2)
142 pthread_kill(3) Added in POSIX.1-2013
143 pthread_self(3) Added in POSIX.1-2013
144 pthread_sigmask(3) Added in POSIX.1-2013
145 raise(3)
146 read(2)
147 readlink(2)
148 readlinkat(2) Added in POSIX.1-2008
149 recv(2)
150 recvfrom(2)
151 recvmsg(2)
152 rename(2)
153 renameat(2) Added in POSIX.1-2008
154 rmdir(2)
155 select(2)
156 sem_post(3)
157 send(2)
158 sendmsg(2)
159 sendto(2)
160 setgid(2)
161 setpgid(2)
162 setsid(2)
163 setsockopt(2)
164 setuid(2)
165 shutdown(2)
166 sigaction(2)
167 sigaddset(3)
168 sigdelset(3)
169 sigemptyset(3)
170 sigfillset(3)
171 sigismember(3)
172 siglongjmp(3) Added in POSIX.1-2016; see notes below
173 signal(2)
174 sigpause(3)
175 sigpending(2)
176 sigprocmask(2)
177 sigqueue(2)
178 sigset(3)
179 sigsuspend(2)
180 sleep(3)
181 sockatmark(3) Added in POSIX.1-2004
182 socket(2)
183 socketpair(2)
184 stat(2)
185 stpcpy(3) Added in POSIX.1-2016
186 stpncpy(3) Added in POSIX.1-2016
187 strcat(3) Added in POSIX.1-2016
188 strchr(3) Added in POSIX.1-2016
189 strcmp(3) Added in POSIX.1-2016
190 strcpy(3) Added in POSIX.1-2016
191 strcspn(3) Added in POSIX.1-2016
192 strlen(3) Added in POSIX.1-2016
193 strncat(3) Added in POSIX.1-2016
194 strncmp(3) Added in POSIX.1-2016
195 strncpy(3) Added in POSIX.1-2016
196 strnlen(3) Added in POSIX.1-2016
197 strpbrk(3) Added in POSIX.1-2016
198 strrchr(3) Added in POSIX.1-2016
200 strspn(3) Added in POSIX.1-2016
201 strstr(3) Added in POSIX.1-2016
202 strtok_r(3) Added in POSIX.1-2016
203 symlink(2)
204 symlinkat(2) Added in POSIX.1-2008
205 tcdrain(3)
206 tcflow(3)
207 tcflush(3)
208 tcgetattr(3)
209 tcgetpgrp(3)
210 tcsendbreak(3)
211 tcsetattr(3)
212 tcsetpgrp(3)
213 time(2)
214 timer_getoverrun(2)
215 timer_gettime(2)
216 timer_settime(2)
217 times(2)
218 umask(2)
219 uname(2)
220 unlink(2)
221 unlinkat(2) Added in POSIX.1-2008
222 utime(2)
223 utimensat(2) Added in POSIX.1-2008
224 utimes(2) Added in POSIX.1-2008
225 wait(2)
226 waitpid(2)
227 wcpcpy(3) Added in POSIX.1-2016
228 wcpncpy(3) Added in POSIX.1-2016
229 wcscat(3) Added in POSIX.1-2016
230 wcschr(3) Added in POSIX.1-2016
231 wcscmp(3) Added in POSIX.1-2016
232 wcscpy(3) Added in POSIX.1-2016
233 wcscspn(3) Added in POSIX.1-2016
234 wcslen(3) Added in POSIX.1-2016
235 wcsncat(3) Added in POSIX.1-2016
236 wcsncmp(3) Added in POSIX.1-2016
237 wcsncpy(3) Added in POSIX.1-2016
238 wcsnlen(3) Added in POSIX.1-2016
239 wcspbrk(3) Added in POSIX.1-2016
240 wcsrchr(3) Added in POSIX.1-2016
241 wcsspn(3) Added in POSIX.1-2016
242 wcsstr(3) Added in POSIX.1-2016
243 wcstok(3) Added in POSIX.1-2016
244 wmemchr(3) Added in POSIX.1-2016
245 wmemcmp(3) Added in POSIX.1-2016
246 wmemcpy(3) Added in POSIX.1-2016
247 wmemmove(3) Added in POSIX.1-2016
248 wmemset(3) Added in POSIX.1-2016
249 write(2)
250 Notes:
252 * POSIX.1-2001 and POSIX.1-2004 required the functions fpathconf(3),
254 pathconf(3), and sysconf(3) to be async-signal-safe, but this
255 requirement was removed in POSIX.1-2008.
256 * If a signal handler interrupts the execution of an unsafe function,
258 and the handler terminates via a call to longjmp(3) or siglongjmp(3)
259 and the program subsequently calls an unsafe function, then the
260 behavior of the program is undefined.
261 * POSIX.1-2003 clarified that if an application calls fork(2) from a
263 signal handler and any of the fork handlers registered by
264 pthread_atfork(3) calls a function that is not async-signal-safe,
265 the behavior is undefined. A future revision of the standard is
266 likely to remove fork(2) from the list of async-signal-safe func‐
267 tions.
268 Deviations in the GNU C library
270 The following known deviations from the standard occur in the GNU C
271 library:
272 * Before glibc 2.24, execl(3) and execle(3) employed realloc(3) inter‐
274 nally and were consequently not async-signal-safe. This was fixed
275 in glibc 2.24.
276 * The glibc implementation of aio_suspend(3) is not async-signal-safe
278 because it uses pthread_mutex_lock(3) internally.
279
281 sigaction(2), signal(7), standards(7)
282
284 This page is part of release 4.16 of the Linux man-pages project. A
285 description of the project, information about reporting bugs, and the
286 latest version of this page, can be found at
287 https://www.kernel.org/doc/man-pages/.
288Linux 2017-03-13 SIGNAL-SAFETY(7)