summary refs log tree commit diff
path: root/nptl/pthread_create.c
Commit message (Collapse)AuthorAgeFilesLines
* nptl: Fix pthread_create.c build with clangAdhemerval Zanella2022-11-011-2/+4
| | | | | | | | | | | | | | | | clang complains that libc_hidden_data_def (__nptl_threads_events) creates an invalid alias: pthread_create.c:50:1: error: alias must point to a defined variable or function libc_hidden_data_def (__nptl_threads_events) ^ ../include/libc-symbols.h:621:37: note: expanded from macro 'libc_hidden_data_def' It seems that clang requires that a proper prototype is defined prior the hidden alias creation. Reviewed-by: Fangrui Song <maskray@google.com>
* Use atomic_exchange_release/acquireWilco Dijkstra2022-09-261-1/+1
| | | | | | | Rename atomic_exchange_rel/acq to use atomic_exchange_release/acquire since these map to the standard C11 atomic builtins. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use C11 atomics instead of atomic_decrement_and_testWilco Dijkstra2022-09-231-1/+1
| | | | | | | | | | Replace atomic_decrement_and_test with atomic_fetch_add_relaxed. These are simple counters which do not protect any shared data from concurrent accesses. Also remove the unused file cond-perf.c. Passes regress on AArch64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use C11 atomics instead of atomic_increment(_val)Wilco Dijkstra2022-09-231-1/+1
| | | | | | | | | | | Replace atomic_increment and atomic_increment_val with atomic_fetch_add_relaxed. One case in sem_post.c uses release semantics (see comment above it). The others are simple counters and do not protect any shared data from concurrent accesses. Passes regress on AArch64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use C11 atomics instead of atomic_and/orWilco Dijkstra2022-09-231-1/+1
| | | | | | | | | | Remove the 4 uses of atomic_and and atomic_or with atomic_fetch_and_acquire and atomic_fetch_or_acquire. This is preserves existing implied semantics, however relaxed MO on FUTEX_OWNER_DIED accesses may be correct. Passes regress on AArch64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use relaxed atomics since there is no MO dependenceWilco Dijkstra2022-09-131-1/+1
| | | | | | | | Replace the 3 uses of atomic_bit_set and atomic_bit_test_set with atomic_fetch_or_relaxed. Using relaxed MO is correct since the atomics are used to ensure memory is released only once. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Use C11 atomics instead of atomic_decrement(_val)Wilco Dijkstra2022-09-091-1/+1
| | | | | | | Replace atomic_decrement and atomic_decrement_val with atomic_fetch_add_relaxed. Reviewed-by: DJ Delorie <dj@redhat.com>
* Refactor internal-signals.hAdhemerval Zanella2022-06-301-8/+8
| | | | | | | | | | | | | | | | | | The main drive is to optimize the internal usage and required size when sigset_t is embedded in other data structures. On Linux, the current supported signal set requires up to 8 bytes (16 on mips), was lower than the user defined sigset_t (128 bytes). A new internal type internal_sigset_t is added, along with the functions to operate on it similar to the ones for sigset_t. The internal-signals.h is also refactored to remove unused functions Besides small stack usage on some functions (posix_spawn, abort) it lower the struct pthread by about 120 bytes (112 on mips). Checked on x86_64-linux-gnu. Reviewed-by: Arjun Shankar <arjun@redhat.com>
* misc: Optimize internal usage of __libc_single_threadedAdhemerval Zanella2022-06-241-1/+4
| | | | | | | | | | | | | | | By adding an internal alias to avoid the GOT indirection. On some architecture, __libc_single_thread may be accessed through copy relocations and thus it requires to update also the copies default copy. This is done by adding a new internal macro, libc_hidden_data_{proto,def}, which has an addition argument that specifies the alias name (instead of default __GI_ one). Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Fangrui Song <maskray@google.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* nptl: rseq failure after registration on main thread is fatalFlorian Weimer2021-12-091-1/+2
| | | | | | | | | | | | | | | | | | | | This simplifies the application programming model. Browser sandboxes have already been fixed: Sandbox is incompatible with rseq registration <https://bugzilla.mozilla.org/show_bug.cgi?id=1651701> Allow rseq in the Linux sandboxes. r=gcp <https://hg.mozilla.org/mozilla-central/rev/042425712eb1> Sandbox needs to support rseq system call <https://bugs.chromium.org/p/chromium/issues/detail?id=1104160> Linux sandbox: Allow rseq(2) <https://chromium.googlesource.com/chromium/src.git/+/230675d9ac8f1> Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
* nptl: Add glibc.pthread.rseq tunable to control rseq registrationFlorian Weimer2021-12-091-1/+9
| | | | | | | | This tunable allows applications to register the rseq area instead of glibc. Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* nptl: Add rseq registrationFlorian Weimer2021-12-091-0/+13
| | | | | | | | | | | | The rseq area is placed directly into struct pthread. rseq registration failure is not treated as an error, so it is possible that threads run with inconsistent registration status. <sys/rseq.h> is not yet installed as a public header. Co-Authored-By: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* nptl: Do not set signal mask on second setjmp return [BZ #28607]Florian Weimer2021-11-241-2/+2
| | | | | | | | | | | | __libc_signal_restore_set was in the wrong place: It also ran when setjmp returned the second time (after pthread_exit or pthread_cancel). This is observable with blocked pending signals during thread exit. Fixes commit b3cae39dcbfa2432b3f3aa28854d8ac57f0de1b8 ("nptl: Start new threads with all signals blocked [BZ #25098]"). Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Avoid setxid deadlock with blocked signals in thread exit [BZ #28361]Florian Weimer2021-09-231-2/+10
| | | | | | | | | | | | | | | | | | | | | | As part of the fix for bug 12889, signals are blocked during thread exit, so that application code cannot run on the thread that is about to exit. This would cause problems if the application expected signals to be delivered after the signal handler revealed the thread to still exist, despite pthread_kill can no longer be used to send signals to it. However, glibc internally uses the SIGSETXID signal in a way that is incompatible with signal blocking, due to the way the setxid handshake delays thread exit until the setxid operation has completed. With a blocked SIGSETXID, the handshake can never complete, causing a deadlock. As a band-aid, restore the previous handshake protocol by not blocking SIGSETXID during thread exit. The new test sysdeps/pthread/tst-pthread-setuid-loop.c is based on a downstream test by Martin Osvald. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Fix race between pthread_kill and thread exit (bug 12889)Florian Weimer2021-09-131-0/+14
| | | | | | | | | | | A new thread exit lock and flag are introduced. They are used to detect that the thread is about to exit or has exited in __pthread_kill_internal, and the signal is not sent in this case. The test sysdeps/pthread/tst-pthread_cancel-select-loop.c is derived from a downstream test originally written by Marek Polacek. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Add an internal wrapper for clone, clone2 and clone3H.J. Lu2021-07-141-16/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The clone3 system call (since Linux 5.3) provides a superset of the functionality of clone and clone2. It also provides a number of API improvements, including the ability to specify the size of the child's stack area which can be used by kernel to compute the shadow stack size when allocating the shadow stack. Add: extern int __clone_internal (struct clone_args *__cl_args, int (*__func) (void *__arg), void *__arg); to provide an abstract interface for clone, clone2 and clone3. 1. Simplify stack management for thread creation by passing both stack base and size to create_thread. 2. Consolidate clone vs clone2 differences into a single file. 3. Call __clone3 if HAVE_CLONE3_WAPPER is defined. If __clone3 returns -1 with ENOSYS, fall back to clone or clone2. 4. Use only __clone_internal to clone a thread. Since the stack size argument for create_thread is now unconditional, always pass stack size to create_thread. 5. Enable the public clone3 wrapper in the future after it has been added to all targets. NB: Sandbox will return ENOSYS on clone3 in both Chromium: The following revision refers to this bug: https://chromium.googlesource.com/chromium/src/+/218438259dd795456f0a48f67cbe5b4e520db88b commit 218438259dd795456f0a48f67cbe5b4e520db88b Author: Matthew Denton <mpdenton@chromium.org> Date: Thu Jun 03 20:06:13 2021 Linux sandbox: return ENOSYS for clone3 Because clone3 uses a pointer argument rather than a flags argument, we cannot examine the contents with seccomp, which is essential to preventing sandboxed processes from starting other processes. So, we won't be able to support clone3 in Chromium. This CL modifies the BPF policy to return ENOSYS for clone3 so glibc always uses the fallback to clone. Bug: 1213452 Change-Id: I7c7c585a319e0264eac5b1ebee1a45be2d782303 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2936184 Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Matthew Denton <mpdenton@chromium.org> Cr-Commit-Position: refs/heads/master@{#888980} [modify] https://crrev.com/218438259dd795456f0a48f67cbe5b4e520db88b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc and Firefox: https://hg.mozilla.org/integration/autoland/rev/ecb4011a0c76 Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Force building with -fno-commonFlorian Weimer2021-07-091-2/+2
| | | | | | | | | | As a result, is not necessary to specify __attribute__ ((nocommon)) on individual definitions. GCC 10 defaults to -fno-common on all architectures except ARC, but this change is compatible with older GCC versions and ARC, too. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Export libthread_db-used symbols under GLIBC_PRIVATEFlorian Weimer2021-06-281-5/+8
| | | | | | | This allows distributions to strip debugging information from libc.so.6 without impacting the debugging experience. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Avoid async cancellation to wrongly update __nptl_nthreads (BZ #19366)Adhemerval Zanella2021-06-091-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The testcase provided on BZ#19366 may update __nptl_nthreads in a wrong order, triggering an early process exit because the thread decrement the value twice. The issue is once the thread exits without acting on cancellation, it decreaments '__nptl_nthreads' and then atomically set 'cancelhandling' with EXITING_BIT (thus preventing further cancellation handler to act). The issue happens if a SIGCANCEL is received between checking '__ntpl_nthreads' and setting EXITING_BIT. To avoid it, the '__nptl_nthreads' decrement is moved after EXITING_BIT. It does fully follow the POSIX XSH 2.9.5 Thread Cancellation under the heading Thread Cancellation Cleanup Handlers that states that when a cancellation request is acted upon, or when a thread calls pthread_exit(), the thread first disables cancellation by setting its cancelability state to PTHREAD_CANCEL_DISABLE and its cancelability type to PTHREAD_CANCEL_DEFERRED. The issue is '__pthread_enable_asynccancel' explicit enabled assynchrnous cancellation, so an interrupted syscall within the cancellation cleanup handlers might see an invalid cancelling type (a possible fix might be possible with my proposed solution to BZ#12683). Trying to come up with a test is quite hard since it requires to mimic the timing issue described below, however I see that the bug report reproducer does not early exit anymore. Checked on x86_64-linux-gnu.
* nptl: Install cancellation handler on pthread_cancelAdhemerval Zanella2021-06-091-15/+0
| | | | | | | | Now that cancellation is not used anymore to handle thread setup creation failure, the sighandle can be installed only when pthread_cancel is actually used. Checked on x86_64-linux-gnu and aarch64-linux-gnu.
* nptl: Deallocate the thread stack on setup failure (BZ #19511)Adhemerval Zanella2021-06-091-86/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To setup either the thread scheduling parameters or affinity, pthread_create enforce synchronization on created thread to wait until its parent either release PD ownership or send a cancellation signal if a failure occurs. However, cancelling the thread does not deallocate the newly created stack since cancellation expects that a pthread_join to deallocate any allocated thread resouces (threads stack or TLS). This patch changes on how the thread resource is deallocate in case of failure to be synchronous, where the creating thread will signal the created thread to exit early so it could be joined. The creating thread will be reponsible for the resource cleanup before returning to the caller. To signal the creating thread that a failure has occured, an unused 'struct pthread' member, parent_cancelhandling_unsed, now indicates whether the setup has failed so creating thread can proper exit. This strategy also simplifies by not using thread cancellation and thus not running libgcc_so load in the signal handler (which is avoided in thread cancellation since 'pthread_cancel' is the one responsible to dlopen libgcc_s). Another advantage is since the early exit is move to first step at thread creation, the signal mask is not already set and thus it can not act on change ID setxid handler. Checked on x86_64-linux-gnu and aarch64-linux-gnu.
* nptl: Remove exit-thread.hAdhemerval Zanella2021-06-041-2/+2
| | | | | No function change. The code is used only for Linux, besides being included in generic code.
* nptl: Move createthread to pthread_createAdhemerval Zanella2021-05-271-13/+115
| | | | | | | | The 'create_thread' function is moved to pthread_create.c. It removes the START_THREAD_DEFN and START_THREAD_SELF macros and make the lock usage more clear (no need to cross-reference multiple files). No functional change.
* nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914]Florian Weimer2021-05-271-2/+5
| | | | | | | | | | | | | | The signal is sent to all threads, some of which may have switched to very small stacks. If they have also installed an alternate signal stack, SA_ONSTACK makes this work. The Go runtime needs this: runtime: C.setuid/C.setgid smashes Go stack <https://github.com/golang/go/issues/9400> Doing this for SIGCANCEL is less obviously beneficial and needs further testing. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Move pthread_create, thrd_create into libcFlorian Weimer2021-05-211-2/+9
| | | | | | | | | | | | | | | | | | | The symbols were moved using scripts/move-symbol-to-libc.py. The libpthread placeholder symbols need some changes because some symbol versions have gone away completely. But __errno_location@@GLIBC_2.0 still exists, so the GLIBC_2.0 version is still there. The internal __pthread_create symbol now points to the correct function, so the sysdeps/nptl/thrd_create.c override is no longer necessary. There was an issue how the hidden alias of pthread_getattr_default_np was defined, so this commit cleans up that aspects and removes the GLIBC_PRIVATE export altogether. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Move semi-public __pthread_get_minstack symbol into libcFlorian Weimer2021-05-211-0/+4
| | | | | | | | | No abilist updates here because it is a GLIBC_PRIVATE symbol. It's also necessary to move nptl_version into pthread_create, so that it still ends up in static binaries. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Perform signal initialization upon pthread_createFlorian Weimer2021-05-211-2/+43
| | | | | | | | | | | | | Install signal handlers and unblock signals before pthread_create creates the first thread. create_thread in sysdeps/unix/sysv/linux/createthread.c can send SIGCANCEL to the current thread, so the SIGCANCEL handler is currently needed even if pthread_cancel is never called. (The way timer_create uses SIGCANCEL does not need a signal handler; both SIG_DFL and SIG_IGN dispositions should work.) Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Move __free_tcb into libcFlorian Weimer2021-05-111-26/+1
| | | | | | Under the name __nptl_free_tcb. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Move stack cache management, __libpthread_freeres into libcFlorian Weimer2021-05-111-2/+2
| | | | | | | | | | | | | This replaces the FREE_P macro with the __nptl_stack_in_use inline function. stack_list_del is renamed to __nptl_stack_list_del, stack_list_add to __nptl_stack_list_add, __deallocate_stack to __nptl_deallocate_stack, free_stacks to __nptl_free_stacks. It is convenient to move __libpthread_freeres into libc at the same time. This removes the temporary __default_pthread_attr_freeres export and restores full freeres coverage for __default_pthread_attr. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Remove always-disabled debugging supportFlorian Weimer2021-05-111-49/+0
| | | | | | | This removes the DEBUGGING_P macro and the __pthread_debug variable. The __find_in_stack_list function is now unused and deleted as well. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Consolidate async cancel enable/disable implementation in libcFlorian Weimer2021-05-051-2/+2
| | | | | | | | | | | | | | Previously, the source file nptl/cancellation.c was compiled multiple times, for libc, libpthread, librt. This commit switches to a single implementation, with new __pthread_enable_asynccancel@@GLIBC_PRIVATE, __pthread_disable_asynccancel@@GLIBC_PRIVATE exports. The almost-unused CANCEL_ASYNC and CANCEL_RESET macros are replaced by LIBC_CANCEL_ASYNC and LIBC_CANCEL_ASYNC macros. They call the __pthread_* functions unconditionally now. The macros are still needed because shared code uses them; Hurd has different definitions. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Move part of TCB initialization from libpthread to __tls_init_tpFlorian Weimer2021-04-211-2/+2
| | | | | | | | | | | | | | | | | | | This initalization should only happen once for the main thread's TCB. At present, auditors can achieve this by not linking against libpthread. If libpthread becomes part of libc, doing this initialization in libc would happen for every audit namespace, or too late (if it happens from the main libc only). That's why moving this code into ld.so seems the right thing to do, right after the TCB initialization. For !__ASSUME_SET_ROBUST_LIST ports, this also moves the symbol __set_robust_list_avail into ld.so, as __nptl_set_robust_list_avail. It also turned into a proper boolean flag. Inline the __pthread_initialize_pids function because it seems no longer useful as a separate function. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Move __nptl_deallocate_tsd into libcFlorian Weimer2021-04-211-94/+0
| | | | | | | This prepares moving pthread_exit, and later the pthread_key_create infrastructure. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl: Move internal __nptl_nthreads variable into libcFlorian Weimer2021-04-211-4/+0
| | | | Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* nptl_db: Support different libpthread/ld.so load orders (bug 27744)Florian Weimer2021-04-211-0/+8
| | | | | | | | | | | | | | | | | | libthread_db is loaded once GDB encounters libpthread, and at this point, ld.so may not have been processed by GDB yet. As a result, _rtld_global cannot be accessed by regular means from libthread_db. To make this work until GDB can be fixed, acess _rtld_global through a pointer stored in libpthread. The new test does not reproduce bug 27744 with --disable-hardcoded-path-in-tests, but is still a valid smoke test. With --enable-hardcoded-path-in-tests, it is necessary to avoid add-symbol-file because this can tickle a GDB bug. Fixes commit 1daccf403b1bd86370eb94edca794dc106d02039 ("nptl: Move stack list variables into _rtld_global"). Tested-by: Emil Velikov <emil.velikov@collabora.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-021-1/+1
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* nptl: Move stack list variables into _rtld_globalFlorian Weimer2020-11-161-4/+4
| | | | | | | | | Now __thread_gscope_wait (the function behind THREAD_GSCOPE_WAIT, formerly __wait_lookup_done) can be implemented directly in ld.so, eliminating the unprotected GL (dl_wait_lookup_done) function pointer. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Disable spurious -Wstringop-overflow for setjmp/longjmp (bug 26647)Joseph Myers2020-10-301-0/+10
| | | | | | | | | | | | | | | | | Building glibc with GCC 11 fails with (among other warnings) spurious -Wstringop-overflow warnings from calls to setjmp and longjmp with a pointer to a pthread_unwind_buf that is smaller than jmp_buf. As discussed in bug 26647, the warning in libc-start.c is a false positive, because setjmp and longjmp do not access anything (the signal mask) beyond the common prefix of the two structures, so this patch disables the warning for that call to setjmp, as well as for two calls in NPTL code that produce the same warning and look like false positives for the same reason. Tested with build-many-glibcs.py for arm-linux-gnueabi, where this allows the build to get further. Reviewed-by: DJ Delorie <dj@redhat.com>
* Linux: Remove rseq supportFlorian Weimer2020-07-161-13/+0
| | | | | | | | | | | | | | | | | | The kernel ABI is not finalized, and there are now various proposals to change the size of struct rseq, which would make the glibc ABI dependent on the version of the kernels used for building glibc. This is of course not acceptable. This reverts commit 48699da1c468543ade14777819bd1b4d652709de ("elf: Support at least 32-byte alignment in static dlopen"), commit 8f4632deb3545b2949cec5454afc3cb21a0024ea ("Linux: rseq registration tests"), commit 6e29cb3f61ff5432c78a1c84b0d9b123a350ab36 ("Linux: Use rseq in sched_getcpu if available"), and commit 0c76fc3c2b346dc5401dc055d97d4279632b0fb3 ("Linux: Perform rseq registration at C startup and thread creation"), resolving the conflicts introduced by the ARC port and the TLS static surplus changes. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Add the __libc_single_threaded variableFlorian Weimer2020-07-061-0/+5
| | | | | | | | | | | | | | The variable is placed in libc.so, and it can be true only in an outer libc, not libcs loaded via dlmopen or static dlopen. Since thread creation from inner namespaces does not work, pthread_create can update __libc_single_threaded directly. Using __libc_early_init and its initial flag, implementation of this variable is very straightforward. A future version may reset the flag during fork (but not in an inner namespace), or after joining all threads except one. Reviewed-by: DJ Delorie <dj@redhat.com>
* Linux: Perform rseq registration at C startup and thread creationMathieu Desnoyers2020-07-061-0/+13
| | | | | | | | | | | | | | | | | | | Register rseq TLS for each thread (including main), and unregister for each thread (excluding main). "rseq" stands for Restartable Sequences. See the rseq(2) man page proposed here: https://lkml.org/lkml/2018/9/19/647 Those are based on glibc master branch commit 3ee1e0ec5c. The rseq system call was merged into Linux 4.18. The TLS_STATIC_SURPLUS define is increased to leave additional room for dlopen'd initial-exec TLS, which keeps elf/tst-auditmany working. The increase (76 bytes) is larger than 32 bytes because it has not been increased in quite a while. The cost in terms of additional TLS storage is quite significant, but it will also obscure some initial-exec-related dlopen failures.
* nptl: Don't madvise user provided stackSzabolcs Nagy2020-06-251-2/+3
| | | | | | | | | | | | | | | User provided stack should not be released nor madvised at thread exit because it's owned by the user. If the memory is shared or file based then MADV_DONTNEED can have unwanted effects. With memory tagging on aarch64 linux the tags are dropped and thus it may invalidate pointers. Tested on aarch64-linux-gnu with MTE, it fixes FAIL: nptl/tst-stack3 FAIL: nptl/tst-stack3-mem
* nptl: Add pthread_attr_setsigmask_np, pthread_attr_getsigmask_npFlorian Weimer2020-06-021-8/+17
| | | | | Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Make pthread_attr_t dynamically extensibleFlorian Weimer2020-06-021-1/+1
| | | | | | | This introduces the function __pthread_attr_extension to allocate the extension space, which is freed by pthread_attr_destroy. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Change type of __default_pthread_attrFlorian Weimer2020-06-021-4/+4
| | | | | | | | | | | | union pthread_attr_transparent has always the correct size, even if pthread_attr_t has padding that is not present in struct pthread_attr. This should not result in an observable behavioral change. The existing code appears to have been correct, but it was brittle because it was not clear which functions were allowed to write to an entire pthread_attr_t argument (e.g., by copying it). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nptl: Use __pthread_getattr_default_np in pthread_createFlorian Weimer2020-06-021-25/+7
| | | | | | This removes another instance of custom attribute copying code. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* nptl: wait for pending setxid request also in detached thread (bug 25942)Andreas Schwab2020-05-121-5/+6
| | | | | | | | | | | | | There is a race between __nptl_setxid and exiting detached thread, which causes a deadlock on stack_cache_lock. The deadlock happens in this state: T1: setgroups -> __nptl_setxid (holding stack_cache_lock, waiting on cmdp->cntr == 0) T2 (detached, exiting): start_thread -> __deallocate_stack (waiting on stack_cache_lock) more threads waiting on stack_cache_lock in pthread_create For non-detached threads, start_thread waits for its own setxid handler to finish before exiting. Do this for detached threads as well.
* nptl: Start new threads with all signals blocked [BZ #25098]Florian Weimer2020-04-271-21/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | New threads inherit the signal mask from the current thread. This means that signal handlers can run on the newly created thread immediately after the kernel has created the userspace thread, even before glibc has initialized the TCB. Consequently, new threads can observe uninitialized ctype data, among other things. To address this, block all signals before starting the thread, and pass the original signal mask to the start routine wrapper. On the new thread, first perform all thread initialization, and then unblock signals. The cost of doing this is two rt_sigprocmask system calls on the old thread, and one rt_sigprocmask system call on the new thread. (If there was a way to clone a new thread with a signals disabled, this could be brought down to one system call each.) The thread descriptor increases in size, too, and sigset_t is fairly large. This increase could be brought down by reusing space the in the descriptor which is not needed before running user code, or by switching to an internal sigset_t definition which only covers the signals supported by the kernel definition. (Part of the thread descriptor size increase is already offset by reduced stack usage in the thread start wrapper routine after this commit.) Reviewed-by: Carlos O'Donell <carlos@redhat.com>