| Age | Commit message (Collapse) | Author |
|---|
|
OK kettenis@, guenther@
|
|
POSIX dictates that sem_post() needs to be async-safe here[0] and is
thus included in the list of safe functions to call from within a signal
handler here[1].
The old semaphore implementation is using spinlocks and __thrsleep to
synchronize between threads.
Let's say there are two threads: T0 and T1 and the semaphore has V=0.
T1 calls sem_wait() and it will now sleep (spinlock) until someone else
sem_post()'s. Let's say T0 sends a signal to T1 and exits.
The signal handler calls sem_post() which is meant to unblock T1 by
incrementing V. With the old semaphore implementation we we are now in a
deadlock as sem_post spinlocks on the same lock.
The new implementation does not suffer from this defect as it
uses futexes to resolve locking and thus sem_post does not need to spin.
Besides fixing this defect and making us POSIX compliant, this should
also improve performance as there should be less context switching and
thus less time spent in the kernel.
For architectures that do not provied futexes and atomic operations,
the old implementation will be used and it is now being renamed to
rthread_sem_compat as discussed with mpi@.
[0] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_post.html
[1] -- http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html
OK visa@, mpi@, guenther@
|
|
pthread_attr_setstack() error message.
OK deraadt@
|
|
Simplify sem_trywait()
ok pirofti@ mpi@
|
|
Discussing with mpi@ and guenther@, we decided to first fix the existing
semaphore implementation with regards to SA_RESTART and POSIX compliant
returns in the case where we deal with restartable signals.
Currently we return EINTR everywhere which is mostly incorrect as the
user can not know if she needs to recall the syscall or not. Return
ECANCELED to signal that SA_RESTART was set and EINTR otherwise.
Regression tests pass and so does the posixsuite. Timespec validation
bits are needed to pass the later.
OK mpi@, guenther@
|
|
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
|
|
the flag, but some problem identification can begin.
|
|
pointer beyond the space.
ok stefan, tedu
|
|
While it is not clear (to me) why that ports ends up with corrupted
shared libs, reverting those changes fixes the issue and should allow us
to close p2k17 more smoothly.
Discussed with a bunch, ok ajacoutot@ guenther@
|
|
ok jca@, deraadt@
|
|
on the stack instead of mallocing the list and move the APIs from libpthread
to libc so that they can be used inside libc.
Note: the standard was explicitly written to permit/support this
"macro with unmatched brace" style and it's what basically everyone
else already does. We xor the info with random cookies with a
random magic to detect/trip-up overwrites.
Major bump to both libc and libpthread due to the API move.
ok mpi@
|
|
implementation is now spread between libc and librthread. No changes
to the content
ok mpi@
|
|
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
|
isn't the same size on all our architectures and should only be used for
spin locks.
ok visa@, mpi@
|
|
|
|
|
|
This work was sparked by the topic posted on hn by wuch. I am still not
sure that this fixes the defect he claims to have observed because I was
not able to create a proper regress test for it to manifest.
To that end, a proof of concept is more than welcomed!
Thank you for the report!
Discussed with and OK kettenis@, tedu@.
|
|
then strays off the path to exec(). one common manifestation of this
problem occurs in pthread_join(), so we can add a little check there.
first person to hit this in real life gets to change the error message.
|
|
OK mpi@, deraadt@
|
|
vmd(8)'s regression.
|
|
Reported by Gregor Best.
|
|
ok everybody
|
|
Prodded by kettenis@ and tedu@
|
|
|
|
Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.
Tested by many including sthen@ in a bulk.
ok visa@, sthen@, kettenis@, tedu@
|
|
ok kettenis@
|
|
|
|
locking code.
ok kettenis@
|
|
ok tedu@
|
|
ok tedu@ mpi@
|
|
|
|
|
|
tested by many (thanks!) ok tedu, guenther@
|
|
|
|
annoying strict prototypes
|
|
shared libraries...and I misspelled them anyway
|
|
hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis
|
|
This stores errno, the cancelation flags, and related bits for each thread
and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable!
Make libpthread dlopen'able by moving the cancelation wrappers into libc
and doing locking and fork/errno handling via callbacks that libpthread
registers when it first initializes. 'errno' *must* be declared via
<errno.h> now!
Clean up libpthread's symbol exports like libc.
On powerpc, offset the TIB/TCB/TLS data from the register per the ELF spec.
Testing by various, particularly sthen@ and patrick@
ok kettenis@
|
|
|
|
|
|
from Kari Tristan Helgason
|
|
spotted by guenther
|
|
references. Use _thread_pagesize for the semaphore mmap size instead of
calling getpagesize() each time.
ok beck@
|
|
aliases by using a macro REDIRECT_SYSCALL() to map the symbols. Apply
that to getthrid(), sysctl(), and issetugid() as well.
ok mpi@ beck@
|
|
as osendsyslog for a while. The three argument variant is the only
one that will stay.
input kettenis@; OK deraadt@
|
|
that will be needed and make libpthread work when ld.so/libc.a provide an
initial TIB.
|
|
|
|
which run for many cycles and may even sleep. This leads to other threads
spinning for a long time waiting on the lock. Using a mutex means those
threads go to sleep and get woken up when the lock is released, which results
in a lot less CPU usage. More work is needed to improve the performance of
threaded code that suffers from malloc lock contention, but this diff makes
ports like Firefox significantly more usable.
Tested by many.
ok mpi@, guenther@, tedu@, jca@
|
|
report from Jeunder Yu
|
|
thrkill(2), rolling the kill(2) syscall number with the ABI change to
avoid breaking binaries during during the transition. thrkill(2) includes
a 'tcb' argument that eliminates the need for locking in pthread_kill()
and simplifies pthread_cancel(). Switch __stack_smash_handler() to use
thrkill(2) and explicitly unblock SIGABRT.
Minor bump to both libc and libpthread: make sure you install a new kernel!
ok semarie@
|
