summaryrefslogtreecommitdiff
path: root/src/unistd
AgeCommit message (Collapse)AuthorFilesLines
2011-07-29new attempt at making set*id() safe and robustRich Felker8-8/+12
changing credentials in a multi-threaded program is extremely difficult on linux because it requires synchronizing the change between all threads, which have their own thread-local credentials on the kernel side. this is further complicated by the fact that changing the real uid can fail due to exceeding RLIMIT_NPROC, making it possible that the syscall will succeed in some threads but fail in others. the old __rsyscall approach being replaced was robust in that it would report failure if any one thread failed, but in this case, the program would be left in an inconsistent state where individual threads might have different uid. (this was not as bad as glibc, which would sometimes even fail to report the failure entirely!) the new approach being committed refuses to change real user id when it cannot temporarily set the rlimit to infinity. this is completely POSIX conformant since POSIX does not require an implementation to allow real-user-id changes for non-privileged processes whatsoever. still, setting the real uid can fail due to memory allocation in the kernel, but this can only happen if there is not already a cached object for the target user. thus, we forcibly serialize the syscalls attempts, and fail the entire operation on the first failure. this *should* lead to an all-or-nothing success/failure result, but it's still fragile and highly dependent on kernel developers not breaking things worse than they're already broken. ideally linux will eventually add a CLONE_USERCRED flag that would give POSIX conformant credential changes without any hacks from userspace, and all of this code would become redundant and could be removed ~10 years down the line when everyone has abandoned the old broken kernels. i'm not holding my breath...
2011-04-21omit errno update path for syscalls that cannot failRich Felker7-7/+7
2011-04-20workaround bug in linux dup2Rich Felker1-1/+4
the linux documentation for dup2 says it can fail with EBUSY due to a race condition with open and dup in the kernel. shield applications (and the rest of libc) from this nonsense by looping until it succeeds
2011-04-18remove bogus extra logic for close cancellabilityRich Felker1-3/+1
like all other syscalls, close should return to the caller if and only if it successfully performed its action. it is necessary that the application be able to determine whether the close succeeded.
2011-04-17debloat: use __syscall instead of syscall where possibleRich Felker1-1/+1
don't waste time (and significant code size due to function call overhead!) setting errno when the result of a syscall does not matter or when it can't fail.
2011-04-17overhaul pthread cancellationRich Felker8-38/+9
this patch improves the correctness, simplicity, and size of cancellation-related code. modulo any small errors, it should now be completely conformant, safe, and resource-leak free. the notion of entering and exiting cancellation-point context has been completely eliminated and replaced with alternative syscall assembly code for cancellable syscalls. the assembly is responsible for setting up execution context information (stack pointer and address of the syscall instruction) which the cancellation signal handler can use to determine whether the interrupted code was in a cancellable state. these changes eliminate race conditions in the previous generation of cancellation handling code (whereby a cancellation request received just prior to the syscall would not be processed, leaving the syscall to block, potentially indefinitely), and remedy an issue where non-cancellable syscalls made from signal handlers became cancellable if the signal handler interrupted a cancellation point. x86_64 asm is untested and may need a second try to get it right.
2011-04-06consistency: change all remaining syscalls to use SYS_ rather than __NR_ prefixRich Felker12-12/+12
2011-04-06move rsyscall out of pthread_create moduleRich Felker6-12/+6
this is something of a tradeoff, as now set*id() functions, rather than pthread_create, are what pull in the code overhead for dealing with linux's refusal to implement proper POSIX thread-vs-process semantics. my motivations are: 1. it's cleaner this way, especially cleaner to optimize out the rsyscall locking overhead from pthread_create when it's not needed. 2. it's expected that only a tiny number of core system programs will ever use set*id() functions, whereas many programs may want to use threads, and making thread overhead tiny is an incentive for "light" programs to try threads.
2011-04-03make ualarm actually work (obsolete function removed from SUS)Rich Felker1-4/+9
2011-04-03add setresuid/setresgid functions (nonstandard)Rich Felker2-0/+20
2011-04-01remove obsolete and useless useconds_t typeRich Felker2-2/+2
2011-03-20global cleanup to use the new syscall interfaceRich Felker49-50/+50
2011-03-19syscall overhaul part two - unify public and internal syscall interfaceRich Felker4-4/+4
with this patch, the syscallN() functions are no longer needed; a variadic syscall() macro allows syscalls with anywhere from 0 to 6 arguments to be made with a single macro name. also, manually casting each non-integer argument with (long) is no longer necessary; the casts are hidden in the macros. some source files which depended on being able to define the old macro SYSCALL_RETURNS_ERRNO have been modified to directly use __syscall() instead of syscall(). references to SYSCALL_SIGSET_SIZE and SYSCALL_LL have also been changed. x86_64 has not been tested, and may need a follow-up commit to fix any minor bugs/oversights.
2011-02-15finish moving 32-bit-specific junk out of source files.Rich Felker4-14/+4
2011-02-14put confstr.c with the other conf functionsRich Felker1-17/+0
2011-02-13cleaning up syscalls in preparation for x86_64 portRich Felker14-24/+27
- hide all the legacy xxxxxx32 name cruft in syscall.h so the actual source files can be clean and uniform across all archs. - cleanup llseek/lseek and mmap2/mmap handling for 32/64 bit systems - alternate implementation for nice if the target lacks nice syscall
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker71-0/+646