summaryrefslogtreecommitdiff
path: root/src/internal
AgeCommit message (Collapse)AuthorFilesLines
2018-05-09improve design of thread-start with explicit scheduling attributesRich Felker1-2/+0
eliminate the awkward startlock mechanism and corresponding fields of the pthread structure that were only used at startup. instead of having pthread_create perform the scheduling operations and having the new thread wait for them to be completed, start the new thread with a wrapper start function that performs its own scheduling, sending the result code back via a futex. this way the new thread can use storage from the calling thread's stack rather than permanent fields in the pthread structure.
2018-05-07clean up and reduce size of internal pthread structureRich Felker1-7/+9
over time the pthread structure has accumulated a lot of cruft taking up size. this commit removes unused fields and packs booleans and other small data more efficiently. changes which would also require changing code are not included at this time. non-volatile booleans are packed as unsigned char bitfield members. the canceldisable and cancelasync fields need volatile qualification due to how they're accessed from the cancellation signal handler and cancellable syscalls called from signal handlers. since volatile bitfield semantics are not clearly defined, discrete char objects are used instead. the pid field is completely removed; it has been unused since commit 83dc6eb087633abcf5608ad651d3b525ca2ec35e. the tid field's type is changed to int because its use is as a value in futexes, which are defined as plain int. it has no conceptual relationship to pid_t. also, its position is not ABI. startlock is reduced to a length-1 array. the second element was presumably intended as a waiter count, but it was never used and made no sense, since there is at most one waiter.
2018-05-05improve joinable/detached thread state handlingRich Felker1-3/+9
previously, some accesses to the detached state (from pthread_join and pthread_getattr_np) were unsynchronized; they were harmless in programs with well-defined behavior, but ugly. other accesses (in pthread_exit and pthread_detach) were synchronized by a poorly named "exitlock", with an ad-hoc trylock operation on it open-coded in pthread_detach, whose only purpose was establishing protocol for which thread is responsible for deallocation of detached-thread resources. instead, use an atomic detach_state and unify it with the futex used to wait for thread exit. this eliminates 2 members from the pthread structure, gets rid of the hackish lock usage, and makes rigorous the trap added in commit 80bf5952551c002cf12d96deb145629765272db0 for catching attempts to join detached threads. it should also make attempt to detach an already-detached thread reliably trap.
2018-05-05improve pthread_exit synchronization with functions targeting tidRich Felker1-1/+0
if the last thread exited via pthread_exit, the logic that marked it dead did not account for the possibility of it targeting itself via atexit handlers. for example, an atexit handler calling pthread_kill(pthread_self(), SIGKILL) would return success (previously, ESRCH) rather than causing termination via the signal. move the release of killlock after the determination is made whether the exiting thread is the last thread. in the case where it's not, move the release all the way to the end of the function. this way we can clear the tid rather than spending storage on a dedicated dead-flag. clearing the tid is also preferable in that it hardens against inadvertent use of the value after the thread has terminated but before it is joined.
2018-05-02use a dedicated futex object for pthread_join instead of tid fieldRich Felker1-0/+1
the tid field in the pthread structure is not volatile, and really shouldn't be, so as not to limit the compiler's ability to reorder, merge, or split loads in code paths that may be relevant to performance (like controlling lock ownership). however, use of objects which are not volatile or atomic with futex wait is inherently broken, since the compiler is free to transform a single load into multiple loads, thereby using a different value for the controlling expression of the loop and the value passed to the futex syscall, leading the syscall to block instead of returning. reportedly glibc's pthread_join was actually affected by an equivalent issue in glibc on s390. add a separate, dedicated join_futex object for pthread_join to use.
2018-04-19reintroduce hardening against partially-replaced allocatorRich Felker1-0/+3
commit 618b18c78e33acfe54a4434e91aa57b8e171df89 removed the previous detection and hardening since it was incorrect. commit 72141795d4edd17f88da192447395a48444afa10 already handled all that remained for hardening the static-linked case. in the dynamic-linked case, have the dynamic linker check whether malloc was replaced and make that information available. with these changes, the properties documented in commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 are restored: if calloc is not provided, it will behave as malloc+memset, and any of the memalign-family functions not provided will fail with ENOMEM.
2018-04-19return chunks split off by memalign using __bin_chunk instead of freeRich Felker1-0/+3
this change serves multiple purposes: 1. it ensures that static linking of memalign-family functions will pull in the system malloc implementation, thereby causing link errors if an attempt is made to link the system memalign functions with a replacement malloc (incomplete allocator replacement). 2. it eliminates calls to free that are unpaired with allocations, which are confusing when setting breakpoints or tracing execution. as a bonus, making __bin_chunk external may discourage aggressive and unnecessary inlining of it.
2018-04-19move malloc implementation types and macros to an internal headerRich Felker1-0/+39
2018-04-19remove a_ctz_l from arch specific atomic_arch.hAndre McCurdy1-19/+23
Update atomic.h to provide a_ctz_l in all cases (atomic_arch.h should now only provide a_ctz_32 and/or a_ctz_64). The generic version of a_ctz_32 now takes advantage of a_clz_32 if available and the generic a_ctz_64 now makes use of a_ctz_32.
2018-02-24use idiomatic safe form for FUNLOCK macroRich Felker1-1/+1
previously this macro used an odd if/else form instead of the more idiomatic do/while(0), making it unsafe against omission of trailing semicolon. the omission would make the following statement conditional instead of producing an error.
2018-02-05document pthread structure ABI constraints in commentsRich Felker1-0/+7
in the original submission of the patch that became commit 7c709f2d4f9872d1b445f760b0e68da89e256b9e, and in subsequent reading of it by others, it was not clear that the new member had to be inserted before canary_at_end, or that inserting it at that location was safe. add comments to document.
2018-02-03store pthread stack guard sizes for pthread_getattr_npWilliam Pitcock1-0/+1
2018-01-09revise the definition of multiple basic locks in the codeJens Gustedt1-2/+2
In all cases this is just a change from two volatile int to one.
2018-01-09new lock algorithm with state and congestion count in one atomic intJens Gustedt1-0/+6
A variant of this new lock algorithm has been presented at SAC'16, see https://hal.inria.fr/hal-01304108. A full version of that paper is available at https://hal.inria.fr/hal-01236734. The main motivation of this is to improve on the safety of the basic lock implementation in musl. This is achieved by squeezing a lock flag and a congestion count (= threads inside the critical section) into a single int. Thereby an unlock operation does exactly one memory transfer (a_fetch_add) and never touches the value again, but still detects if a waiter has to be woken up. This is a fix of a use-after-free bug in pthread_detach that had temporarily been patched. Therefore this patch also reverts c1e27367a9b26b9baac0f37a12349fc36567c8b6 This is also the only place where internal knowledge of the lock algorithm is used. The main price for the improved safety is a little bit larger code. Under high congestion, the scheduling behavior will be different compared to the previous algorithm. In that case, a successful put-to-sleep may appear out of order compared to the arrival in the critical section.
2017-08-29add a_clz_64 helper functionSzabolcs Nagy1-0/+21
counts leading zero bits of a 64bit int, undefined on zero input. (has nothing to do with atomics, added to atomic.h so target specific helper functions are together.) there is a logarithmic generic implementation and another in terms of a 32bit a_clz_32 on targets where that's available.
2017-07-04unify the use of FUTEX_PRIVATEJens Gustedt1-1/+1
The flag 1<<7 is used in several places for different purposes that are not always easy to distinguish. Mark those usages that correspond to the flag that is used by the kernel for futexes.
2017-03-21increase limit on locale name length from 15 to 23 bytesRich Felker1-1/+1
the old limit was one byte too short to support locale names of the form xx_XX.UTF-8@modifier where modifier is more than 3 bytes, a form which various real-world locale names take. the problem could be avoided by omitting the useless ".UTF-8" part, but users may need to have it present when operating on mixed-libc systems or when it will be carried over (e.g. across ssh) to other systems. the new limit is chosen sufficient for existing/reasonable locale names while still keeping the size of setlocale's static buffer small. also add locale_impl.h to the Makefile's list of headers which force rebuild of source files, to prevent dangerously inconsistent object files from getting used after this change.
2017-01-13fix crashes in x32 __tls_get_addrrofl0r1-0/+4
x32 has another gratuitous difference to all other archs: it passes an array of 64bit values to __tls_get_addr(). usually it is an array of size_t.
2017-01-04treat base 1 as an error in strtol-family functionsRich Felker1-1/+1
ISO C and POSIX only specify behavior for base arguments of 0 and 2-36; POSIX mandates an EINVAL error for unsupported bases. it's not clear that there's a requirement for implementations not to "support" additional bases as an extension, but "base 1" did not work in any meaningful way anyway, so it should be considered unsupported and thus an error.
2016-12-06remove largish unused field from pthread structureRich Felker1-1/+0
2016-11-11add s390x portBobby Bingham1-0/+15
2016-11-11treat null vdso base same as missingBobby Bingham1-0/+1
On s390x, the kernel provides AT_SYSINFO_EHDR, but sets it to zero, if the program being run does not have a program interpreter. This causes problems when running the dynamic linker directly.
2016-11-11generalize ELF hash table types not to assume 32-bit entriesRich Felker1-1/+2
alpha and s390x gratuitously use 64-bit entries (wasting 2x space and cache utilization) despite the values always being 32-bit. based on patch by Bobby Bingham, with changes suggested by Alexander Monakov to use the public Elf_Symndx type from link.h (and make it properly variable by arch) rather than adding new internal infrastructure for handling the type.
2016-11-08fix build regression on archs with variable page sizeRich Felker1-1/+1
commit 31fb174dd295e50f7c5cf18d31fcfd5fe5a063b7 used DEFAULT_GUARD_SIZE from pthread_impl.h in a static initializer, breaking build on archs where its definition, PAGE_SIZE, is not a constant. instead, just define DEFAULT_GUARD_SIZE as 4096, the minimal page size on any arch we support. pthread_create rounds up to whole pages anyway, so defining it to 1 would also work, but a moderately meaningful value is nicer to programs that use pthread_attr_getguardsize on default-initialized attribute objects.
2016-10-20fix minor problem in previous strtod non-nearest rounding bug fixRich Felker1-1/+1
commit 6ffdc4579ffb34f4aab69ab4c081badabc7c0a9a set lnz in the code path for non-zero digits after a huge string of zeros, but the assignment of dc to lnz truncates if the value of dc does not fit in int; this is possible for some pathologically long inputs, either via strings on 64-bit systems or via scanf-family functions. instead, simply set lnz to match the point at which we add the artificial trailing 1 bit to simulate nonzero digits after a huge run of zeros.
2016-10-20fix strtod int optimization in non-nearest rounding modeSzabolcs Nagy1-1/+4
the mid-sized integer optimization relies on lnz set up properly to mark the last non-zero decimal digit, but this was not done if the non-zero digit lied outside the KMAX digits of the base 10^9 number representation. so if the fractional part was a very long list of zeros (>2048*9 on x86) followed by non-zero digits then the integer optimization could kick in discarding the tiny non-zero fraction which can mean wrong result on non-nearest rounding mode. strtof, strtod and strtold were all affected.
2016-10-20fix strtod and strtof rounding with many trailing zerosSzabolcs Nagy1-0/+3
in certain cases excessive trailing zeros could cause incorrect rounding from long double to double or float in decfloat. e.g. in strtof("9444733528689243848704.000000", 0) the argument is 0x1.000001p+73, exactly halfway between two representible floats, this incorrectly got rounded to 0x1.000002p+73 instead of 0x1p+73, but with less trailing 0 the rounding was fine. the fix makes sure that the z index always points one past the last non-zero digit in the base 10^9 representation, this way trailing zeros don't affect the rounding logic.
2016-08-11fix pread/pwrite syscall calling convention on shRich Felker1-0/+4
despite sh not generally using register-pair alignment for 64-bit syscall arguments, there are arch-specific versions of the syscall entry points for pread and pwrite which include a dummy argument for alignment before the 64-bit offset argument.
2016-05-08add powerpc64 portBobby Bingham1-0/+17
2016-04-18add mips n32 port (ILP32 ABI for mips64)Rich Felker1-0/+19
based on patch submitted by Jaydeep Patil, with minor changes.
2016-03-06add mips64 portRich Felker1-0/+19
patch by Mahesh Bodapati and Jaydeep Patil of Imagination Technologies.
2016-03-06generalize mips-specific reloc code not to hard-code sym/type encodingRich Felker1-0/+2
this change is made in preparation for adding the mips64 port, which needs a 64-bit (and mips64-specific) form of the R_INFO macro, but it's a better abstraction anyway. based on part of the mips64 port patch by Mahesh Bodapati and Jaydeep Patil of Imagination Technologies.
2016-02-23allow implementing a_cas_p with pointer-sized ll/scBobby Bingham1-0/+18
No current ports do this, but it will be useful for porting to 64-bit ll/sc architectures, such as mips64 and powerpc64.
2016-02-10fix line-buffered flush omission for odd usage of putc-family functionsRich Felker1-1/+2
as specified, the int argument providing the character to write is converted to type unsigned char. for the actual write to buffer, conversion happened implicitly via the assignment operator; however, the logic to check whether the argument was a newline used the original int value. thus usage such as putchar('\n'+0x100) failed to produce a flush.
2016-01-30ldso: fix GDB dynamic linker info on MIPSFelix Fietkau1-0/+4
GDB is looking for a pointer to the ldso debug info in the data of the ..rld_map section. Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2016-01-26change the internal socketcall selection logicSzabolcs Nagy1-1/+1
only use SYS_socketcall if SYSCALL_USE_SOCKETCALL is defined internally, otherwise use direct syscalls. this commit does not change the current behaviour, it is preparation for adding direct syscall numbers for i386.
2016-01-22move sh port's __shcall internal function from arch/sh/src to src treeRich Felker1-0/+5
2016-01-21refactor internal atomic.hRich Felker1-0/+275
rather than having each arch provide its own atomic.h, there is a new shared atomic.h in src/internal which pulls arch-specific definitions from arc/$(ARCH)/atomic_arch.h. the latter can be extremely minimal, defining only a_cas or new ll/sc type primitives which the shared atomic.h will use to construct everything else. this commit avoids making heavy changes to the individual archs' atomic implementations. definitions which are identical or near-identical to what the new shared atomic.h would produce have been removed, but otherwise the changes made are just hooking up the arch-specific files to the new infrastructure. major changes to take advantage of the new system will come in subsequent commits.
2016-01-20exclude vis.h when compiling assembly filesKhem Raj1-1/+1
otherwise C declarations are included into preprocessed (.S) asm source files, producing errors from the assembler.
2015-11-19remove undef weak refs to init/fini array symbols in libc.soRich Felker1-6/+1
commit ad1cd43a86645ba2d4f7c8747240452a349d6bc1 eliminated preprocessor-level omission of references to the init/fini array symbols from object files going into libc.so. the references are weak, and the intent was that the linker would resolve them to zero in libc.so, but instead it leaves undefined references that could be satisfied at runtime. normally these references would be harmless, since the code using them does not even get executed, but some older binutils versions produce a linking error: when linking a program against libc.so, ld first tries to use the hidden init/fini array symbols produced by the linker script to satisfy the references in libc.so, then produces an error because the definitions are hidden. ideally ld would have already provided definitions of these symbols when linking libc.so, but the linker script for -shared omits them. to avoid this situation, the dynamic linker now provides its own dummy definitions of the init/fini array symbols for libc.so. since they are hidden, everything binds at ld time and no references remain in the dynamic symbol table. with modern binutils and --gc-sections, both the dummy empty array objects and the code referencing them get dropped at link time, anyway. the _init and _fini symbols are also switched back to using weak definitions rather than weak references since the latter behave somewhat problematically in general, and the weak definition approach was known to work well.
2015-11-12remove use of SHARED macro in dynamic linker version reportingRich Felker1-4/+1
also fix visibility of the glue function used.
2015-11-12unify static and dynamic linked implementations of thread-local storageRich Felker1-1/+8
this both allows removal of some of the main remaining uses of the SHARED macro and clears one obstacle to static-linked dlopen support, which may be added at some point in the future. specialized single-TLS-module versions of __copy_tls and __reset_tls are removed and replaced with code adapted from their dynamic-linked versions, capable of operating on a whole chain of TLS modules, and use of the dynamic linker's DSO chain (which contains large struct dso objects) by these functions is replaced with a new chain of struct tls_module objects containing only the information needed for implementing TLS. this may also yield some performance benefit initializing TLS for a new thread when a large number of modules without TLS have been loaded, since since there is no need to walk structures for modules without TLS.
2015-11-11eliminate use of SHARED macro to suppress visibility attributesRich Felker2-14/+4
this is the first and simplest stage of removal of the SHARED macro, which will eventually allow libc.a and libc.so to be produced from the same object files. the original motivation for these #ifdefs which are now being removed was to allow building a static-only libc using a compiler that does not support visibility. however, SHARED was the wrong condition to test for this anyway; various assembly-language sources refer to hidden symbols and declare them with the .hidden directive, making it wrong to define the referenced symbols as non-hidden. if there is a need in the future to build libc using compilers that lack visibility, support could be moved to the build system or perhaps the __PIC__ macro could be checked instead of SHARED.
2015-11-11fix dynamic loader library mapping for nommu systemsRich Felker1-0/+4
on linux/nommu, non-writable private mappings of files may actually use memory shared with other processes or the fs cache. the old nommu loader code (used when mmap with MAP_FIXED fails) simply wrote over top of the original file mapping, possibly clobbering this shared memory. no such breakage was observed in practice, but it should have been possible. the new code starts by mapping anonymous writable memory on archs that might support nommu, then maps load segments over top of it, falling back to read if MAP_FIXED fails. we use an anonymous map rather than a writable file map to avoid reading more data from disk than needed. since pages cannot be loaded lazily on fault, in case of large data/bss, mapping the full file may read a lot of data that will subsequently be thrown away when processing additional LOAD segments. as a result, we cannot skip the first LOAD segment when operating in this mode. these changes affect only non-FDPIC nommu support.
2015-11-10explicitly assemble all arm asm sources as UALRich Felker1-0/+1
these files are all accepted as legacy arm syntax when producing arm code, but legacy syntax cannot be used for producing thumb2 with access to the full ISA. even after switching to UAL, some asm source files contain instructions which are not valid in thumb mode, so these will need to be addressed separately.
2015-11-09remove non-working pre-armv4t support from arm asmRich Felker1-2/+0
the idea of the three-instruction sequence being removed was to be able to return to thumb code when used on armv4t+ from a thumb caller, but also to be able to run on armv4 without the bx instruction available (in which case the low bit of lr would always be 0). however, without compiler support for generating such a sequence from C code, which does not exist and which there is unlikely to be interest in implementing, there is little point in having it in the asm, and it would likely be easier to add pre-armv4t support via enhanced linker handling of R_ARM_V4BX than at the compiler level. removing this code simplifies adding support for building libc in thumb2-only form (for cortex-m).
2015-09-29eliminate protected-visibility data in libc.so with vis.h preincludeRich Felker1-0/+3
some newer binutils versions print scary warnings about protected data because most gcc versions fail to produce the right address references/relocations for such data that might be subject to copy relocations. originally vis.h explicitly assigned default visibility to all public data symbols to avoid this issue, but commit b8dda24fe1caa901a99580f7a52defb95aedb67c removed this treatment for stdin/out/err to work around a gcc 3.x bug, and since they don't actually need it (because taking their addresses is not valid C). instead, a check for the gcc 3.x bug is added to the configure check for vis.h preinclude support; this feature will simply be disabled when using a buggy version of gcc.
2015-09-23fix signal return for sh/fdpicRich Felker1-0/+2
the restorer function pointer provided in the kernel sigaction structure is interpreted by the kernel as a raw code address, not a function descriptor. this commit moves the declarations of the __restore and __restore_rt symbols to ksigaction.h so that arch versions of the file can override them, and introduces a version for sh which declares them as objects rather than functions. an alternate solution would have been defining SA_RESTORER to 0 so that the functions are not used, but this both requires executable stack (since the sh kernel does not have a vdso page with permanent restorer functions) and crashes on qemu user-level emulation.
2015-09-22add real fdpic loading of shared librariesRich Felker1-0/+4
previously, the normal ELF library loading code was used even for fdpic, so only the kernel-loaded dynamic linker and main app could benefit from separate placement of segments and shared text.
2015-09-22add general fdpic support in dynamic linker and arch support for shRich Felker1-3/+14
at this point not all functionality is complete. the dynamic linker itself, and main app if it is also loaded by the kernel, take advantage of fdpic and do not need constant displacement between segments, but additional libraries loaded by the dynamic linker follow normal ELF semantics for mapping still. this fully works, but does not admit shared text on nommu. in terms of actual functional correctness, dlsym's results are presently incorrect for function symbols, RTLD_NEXT fails to identify the caller correctly, and dladdr fails almost entirely. with the dynamic linker entry point working, support for static pie is automatically included, but linking the main application as ET_DYN (pie) probably does not make sense for fdpic anyway. ET_EXEC is equally relocatable but more efficient at representing relocations.