Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why do system calls return EFAULT instead of sending a segfault?

Tags:

c

posix

standards

segmentation-fault

signals

To be clear, this is a design rather than an implementation question

I want to know the rationale behind why POSIX behaves this way. POSIX system calls when given an invalid memory location return EFAULT rather than crashing the userspace program (by sending a sigsegv), which makes their behavior inconsistent with userspace functions.

Why? Doesn't this just hide memory bugs? Is it a historical mistake or is there a good reason for it?

like image 356
Joseph Garvin Avatar asked Mar 07 '12 16:03

Joseph Garvin

People also ask

How segfault works?

A segmentation fault occurs when a program attempts to access a memory location that it is not allowed to access, or attempts to access a memory location in a way that is not allowed (for example, attempting to write to a read-only location, or to overwrite part of the operating system).

What is a segmentation fault in linux?

What Is Segmentation Fault? In a nutshell, segmentation fault refers to errors due to a process's attempts to access memory regions that it shouldn't. When the kernel detects odd memory access behaviors, it terminates the process issuing a segmentation violation signal (SIGSEGV).

1 Answers

Because system calls are executed by the kernel, not by the user program --- when the system call occurs, the user process halts and waits for the kernel to finish.

The kernel itself, of course, isn't allowed to seg fault, so it has to manually check all the address areas the user process gives it. If one of these checks fails, the system call fails with EFAULT. So in this situation a segmentation fault hasn't actually happening --- it's been avoided by the kernel explicitly checking to make sure all the addresses are valid. Hence it makes sense that no signal is sent.

In addition, if a signal were sent, there'd be no way the kernel could attach a meaningful program counter to the signal, the user process isn't actually executing when the system call is running. This means there'd be no way for the user process to produce decent diagnostics, restart the failed instruction, etc.

To summarise: mostly historical, but there is actual logic to the reasoning. Like EINTR, this doesn't make it any less irritating to deal with.

like image 198
David Given Avatar answered Sep 26 '22 03:09

David Given
Sign in to Comment

Related questions

How to Send/Receive in MPI using all processors
-Wtype-limits on attempt to limit an unsigned integer
How are multiple prior declarations resolved for a new declaration with extern?
How to reliably reproduce curl_multi timeout while testing public proxies
What does POSIX mean when it says stderr is expected to be open for reading and writing?
Why is gcc's right-shift code different in C and C++ mode?
ctypes memory management: how and when free the allocated resources?
C - Starting a big project. File/Directory structure and names. Good example required [closed]
HAT-trie in ANSI C implementation?
How are POSIX cancellation points supposed to behave?
Verify Authenticode signature as being from our company for automatic updater
Implementing cancellable syscalls in userspace
efficient 2d mean filter implementation that minimises redundant memory loads?
Where to find a comparison of Flex/Bison, Ragel, ANTLR and others?
How to measure ARM performance?
Floating Point Exception Core Dump
Why i am not getting the expected output in the following c programme? [duplicate]
Adding self-signed SSL certificate for libcurl
Writing to multiple file-descriptors
libuv: how to gracefully exit application on an error?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!