about summary refs log tree commit diff
path: root/src/thread
Commit message (Collapse)AuthorAgeFilesLines
* clean up sloppy nested inclusion from pthread_impl.hRich Felker2012-11-0812-8/+13
| | | | | | | | | | | | | | this mirrors the stdio_impl.h cleanup. one header which is not strictly needed, errno.h, is left in pthread_impl.h, because since pthread functions return their error codes rather than using errno, nearly every single pthread function needs the errno constants. in a few places, rather than bringing in string.h to use memset, the memset was replaced by direct assignment. this seems to generate much better code anyway, and makes many functions which were previously non-leaf functions into leaf functions (possibly eliminating a great deal of bloat on some platforms where non-leaf functions require ugly prologue and/or epilogue).
* fix order of syscall args for microblaze clone syscallRich Felker2012-10-191-3/+2
| | | | | with this commit, based on testing with patches to qemu which are not yet upstream,
* ensure microblaze __set_thread_area returns successRich Felker2012-10-181-1/+2
| | | | | since it did not set the return-value register, the caller could wrongly interpret this as failure.
* fix microblaze asm relocations for shared libcRich Felker2012-10-171-1/+1
| | | | | | only @PLT relocations are considered functions for purposes of -Bsymbolic-functions, so always use @PLT. it should not hurt in the static-linked case.
* add support for TLS variant I, presently needed for arm and mipsRich Felker2012-10-153-2/+6
| | | | | | | | | | | | | | | | | | | | | | despite documentation that makes it sound a lot different, the only ABI-constraint difference between TLS variants II and I seems to be that variant II stores the initial TLS segment immediately below the thread pointer (i.e. the thread pointer points to the end of it) and variant I stores the initial TLS segment above the thread pointer, requiring the thread descriptor to be stored below. the actual value stored in the thread pointer register also tends to have per-arch random offsets applied to it for silly micro-optimization purposes. with these changes applied, TLS should be basically working on all supported archs except microblaze. I'm still working on getting the necessary information and a working toolchain that can build TLS binaries for microblaze, but in theory, static-linked programs with TLS and dynamic-linked programs where only the main executable uses TLS should already work on microblaze. alignment constraints have not yet been heavily tested, so it's possible that this code does not always align TLS segments correctly on archs that need TLS variant I.
* fix overlap of thread stacks with thread tls segmentsRich Felker2012-10-141-2/+1
|
* clean up and refactor program initializationRich Felker2012-10-071-1/+1
| | | | | | | | | | | | | | | the code in __libc_start_main is now responsible for parsing auxv, rather than duplicating the parsing all over the place. this should shave off a few cycles and some code size. __init_libc is left as an external-linkage function despite the fact that it could be static, to prevent it from being inlined and permanently wasting stack space when main is called. a few other minor changes are included, like eliminating per-thread ssp canaries (they were likely broken when combined with certain dlopen usages, and completely unnecessary) and some other unnecessary checks. since this code gets linked into every program, it should be as small and simple as possible.
* support for TLS in dynamic-loaded (dlopen) modulesRich Felker2012-10-053-23/+28
| | | | | | | | | | | | | | | | | | | | | unlike other implementations, this one reserves memory for new TLS in all pre-existing threads at dlopen-time, and dlopen will fail with no resources consumed and no new libraries loaded if memory is not available. memory is not immediately distributed to running threads; that would be too complex and too costly. instead, assurances are made that threads needing the new TLS can obtain it in an async-signal-safe way from a buffer belonging to the dynamic linker/new module (via atomic fetch-and-add based allocator). I've re-appropriated the lock that was previously used for __synccall (synchronizing set*id() syscalls between threads) as a general pthread_create lock. it's a "backwards" rwlock where the "read" operation is safe atomic modification of the live thread count, which multiple threads can perform at the same time, and the "write" operation is making sure the count does not increase during an operation that depends on it remaining bounded (__synccall or dlopen). in static-linked programs that don't use __synccall, this lock is a no-op and has no cost.
* beginnings of full TLS support in shared librariesRich Felker2012-10-042-0/+8
| | | | | | this code will not work yet because the necessary relocations are not supported, and cannot be supported without some internal changes to how relocation processing works (coming soon).
* TLS (GNU/C11 thread-local storage) support for static-linked programsRich Felker2012-10-042-14/+33
| | | | | | | | | | | | | the design for TLS in dynamic-linked programs is mostly complete too, but I have not yet implemented it. cost is nonzero but still low for programs which do not use TLS and/or do not use threads (a few hundred bytes of new code, plus dependency on memcpy). i believe it can be made smaller at some point by merging __init_tls and __init_security into __libc_start_main and avoiding duplicate auxv-parsing code. at the same time, I've also slightly changed the logic pthread_create uses to allocate guard pages to ensure that guard pages are not counted towards commit charge.
* protect sem_open against cancellationRich Felker2012-09-301-13/+19
| | | | | also fix one minor bug: failure to free the early-reserved slot when the semaphore later found to already be mapped.
* overhaul sem_openRich Felker2012-09-301-105/+96
| | | | | | | | | | | this function was overly complicated and not even obviously correct. avoid using openat/linkat just like in shm_open, and instead expand pathname using code shared with shm_open. remove bogus (and dangerous, with priorities) use of spinlocks. this commit also heavily streamlines the code and ensures there are no failure cases that can happen after a new semaphore has been created in the filesystem, since that case is unreportable.
* sem_open should make process-shared semaphoresRich Felker2012-09-291-1/+1
| | | | | this did not matter because we don't yet treat process-shared special. when private futex support is added, however, it will matter.
* use O_CLOEXEC to open semaphore files in sem_openRich Felker2012-09-291-2/+2
|
* fix some indention-with-spaces that crept inRich Felker2012-09-291-4/+4
|
* microblaze portRich Felker2012-09-294-0/+65
| | | | | | based on initial work by rdp, with heavy modifications. some features including threads are untested because qemu app-level emulation seems to be broken and I do not have a proper system image for testing.
* fix arm clone syscall bug (no effect unless app uses clone)Rich Felker2012-09-271-2/+1
| | | | | the code to exit the new thread/process after the start function returns was mixed up in its syscall convention.
* update mips cancellation-point syscall asm with 7-arg and r25 fixesRich Felker2012-09-151-2/+5
| | | | | these fixes were already made to the normal syscall asm but not the cancellation point version.
* fix mips syscall_cp_asm code (saved register usage)Rich Felker2012-09-091-2/+2
|
* further use of _Noreturn, for non-plain-C functionsRich Felker2012-09-061-2/+2
| | | | | | | | | | | | | | | | | | | note that POSIX does not specify these functions as _Noreturn, because POSIX is aligned with C99, not the new C11 standard. when POSIX is eventually updated to C11, it will almost surely give these functions the _Noreturn attribute. for now, the actual _Noreturn keyword is not used anyway when compiling with a c99 compiler, which is what POSIX requires; the GCC __attribute__ is used instead if it's available, however. in a few places, I've added infinite for loops at the end of _Noreturn functions to silence compiler warnings. presumably __buildin_unreachable could achieve the same thing, but it would only work on newer GCCs and would not be portable. the loops should have near-zero code size cost anyway. like the previous _Noreturn commit, this one is based on patches contributed by philomath.
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-0626-26/+26
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* fix extremely rare but dangerous race condition in robust mutexesRich Felker2012-08-173-20/+33
| | | | | | | | | | if new shared mappings of files/devices/shared memory can be made between the time a robust mutex is unlocked and its subsequent removal from the pending slot in the robustlist header, the kernel can inadvertently corrupt data in the newly-mapped pages when the process terminates. i am fixing the bug by using the same global vm lock mechanism that was used to fix the race condition with unmapping barriers after pthread_barrier_wait returns.
* fix (hopefully) all hard-coded 8's for kernel sigset_t sizeRich Felker2012-08-094-7/+12
| | | | | | | | | | some minor changes to how hard-coded sets for thread-related purposes are handled were also needed, since the old object sizes were not necessarily sufficient. things have gotten a bit ugly in this area, and i think a cleanup is in order at some point, but for now the goal is just to get the code working on all supported archs including mips, which was badly broken by linux rejecting syscalls with the wrong sigset_t size.
* retry on cas failures in sem_trywaitRich Felker2012-07-241-2/+2
| | | | | | | | | this seems counter-intuitive since sem_trywait is supposed to just try once, not wait for the semaphore. however, the retry loop is not a wait. instead, it's to handle the case where the value changes due to a simultaneous post or wait from another thread while the semaphore value remains positive. in such a case, it's absolutely wrong for sem_trywait to fail with EAGAIN because the semaphore is not busy.
* avoid blx instruction which does not exist on armv4t or armv4Rich Felker2012-07-141-1/+2
|
* fix several locks that weren't updated right for new futex-based __lockRich Felker2012-07-123-7/+7
| | | | | | these could have caused memory corruption due to invalid accesses to the next field. all should be fixed now; I found the errors with fgrep -r '__lock(&', which is bogus since the argument should be an array.
* fix pthread_kill unlockingRich Felker2012-07-121-1/+1
| | | | it had not been updated for the futex-based locks
* fix potential race condition in detached threadsRich Felker2012-07-112-4/+10
| | | | | | | after the thread unmaps its own stack/thread structure, the kernel, performing child tid clear and futex wake, could clobber a new mapping made at the same location as the just-removed thread's tid field. disable kernel clearing of child tid to prevent this.
* mips clone: don't free stack space used to copy argRich Felker2012-07-111-1/+0
| | | | | | the mips abi reserves stack space equal to the size of the in-register args for the callee to save the args, if desired. this would cause the beginning of the thread structure to be clobbered...
* fix mips clone() on real linux kernelRich Felker2012-07-111-4/+7
| | | | | | the old code worked in qemu app-level emulation, but not on real kernels where the clone syscall does not copy the register values to the new thread. save arguments on the new thread stack instead.
* fix clone() on mips (args were in wrong order)Rich Felker2012-07-111-3/+2
| | | | with this change, threads on mips seem to be working
* first attempt at making threads work on mipsRich Felker2012-07-113-0/+67
|
* generic c version of __set_thread_area for archs where it worksRich Felker2012-07-111-1/+5
| | | | on other archs, like x86[_64], asm version is required
* add pthread_attr_setstack interface (and get)Rich Felker2012-06-093-9/+37
| | | | | | | | | | | | | i originally omitted these (optional, per POSIX) interfaces because i considered them backwards implementation details. however, someone later brought to my attention a fairly legitimate use case: allocating thread stacks in memory that's setup for sharing and/or fast transfer between CPU and GPU so that the thread can move data to a GPU directly from automatic-storage buffers without having to go through additional buffer copies. perhaps there are other situations in which these interfaces are useful too.
* remove implementation-reserved bits when saving signal maskRich Felker2012-06-021-1/+11
| | | | | | | | this fix is necessary because a program could be started with some of the implementation-reserved signals masked (e.g. due to exec having been called from a signal handler, or from a non-musl program) and then could obtain an invalid-to-use-later sigset_t as the old/saved signal mask.
* remove no-longer-needed unblocking of signals in pthread_createRich Felker2012-06-021-1/+0
| | | | | | | this action is now performed in pthread_self initialization; it must be performed there in case the first call to pthread_create is from a signal handler, in which case the old signal mask could be restored on return from the signal.
* ensure pthread-internal signals are unblocked before threads are usedRich Felker2012-05-251-0/+1
| | | | | | | | | | | if the process started with these signals blocked, cancellation could fail or setxid could deadlock. there is no way to globally unblock them after threads have been created. by unblocking them in the pthread_self initialization for the main thread, we ensure that they're unblocked before any other threads are created and also outside of any signal handler context (sigaction initialized pthread_self), which is important so that return from a signal handler won't re-block them.
* remove leftover cp_sp cruft from cancellation code, fix small bugRich Felker2012-05-251-3/+1
| | | | | | | | | | | the bug was that cancellation requests which arrived while a cancellation point was interrupted by a signal handler would not be acted upon when the signal handler returns. this was because cp_sp was never set; it's no longer needed or used. instead, just always re-raise the signal when cancellation was not acted upon. this wastes a tiny amount of time in the rare case where it even matters, but it ensures correctness and simplifies the code.
* fix bad opcode in arm syscall_cp_asmRich Felker2012-05-231-1/+1
|
* fix issue with longjmp out of signal handlers and cancellationRich Felker2012-05-234-52/+35
| | | | | | | | | | | | | | | | | | | stale state information indicating that a thread was possibly blocked at a cancellation point could get left behind if longjmp was used to exit a signal handler that interrupted a cancellation point. to fix the issue, we throw away the state information entirely and simply compare the saved instruction pointer to a range of code addresses in the __syscall_cp_asm function. all the ugly PIC work (which becomes minimal anyway with this approach) is defered to cancellation time instead of happening at every syscall, which should improve performance too. this commit also fixes cancellation on arm, which was mildly broken (race condition, not checking cancellation flag once inside the cancellation point zone). apparently i forgot to implement that. the new arm code is untested, but appears correct; i'll test and fix it later if there are problems.
* simplify cancellation push/pop slightlyRich Felker2012-05-232-12/+9
| | | | | no need to pass unnecessary extra arguments on to the core code in pthread_create.c. this just wastes cycles and code bloat.
* remove everything related to forkallRich Felker2012-05-222-76/+0
| | | | | | | | | | i made a best attempt, but the intended semantics of this function are fundamentally contradictory. there is no consistent way to handle ownership of locks when forking a multi-threaded process. the code could have worked by accident for programs that only used normal mutexes and nothing else (since they don't actually store or care about their owner), but that's about it. broken-by-design interfaces that aren't even in glibc (only solaris) don't belong in musl.
* update license of njk contributed code (x86_64 asm)Rich Felker2012-05-052-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | these changes are based on the following communication via email: "I hereby grant that all of the code I have contributed to musl on or before April 23, 2012 may be licensed under the terms of the following MIT license: Copyright (c) 2011-2012 Nicholas J. Kain Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
* make pthread stacks non-executableRich Felker2012-05-041-1/+1
| | | | | | | | | | | | | this change is necessary or pthread_create will always fail on security-hardened kernels. i considered first trying to make the stack executable and simply retrying without execute permissions when the first try fails, but (1) this would incur a serious performance penalty on hardened systems, and (2) having the stack be executable is just a bad idea from a security standpoint. if there is real-world "GNU C" code that uses nested functions with threads, and it can't be fixed, we'll have to consider other ways of solving the problem, but for now this seems like the best fix.
* overhaul SSP support to use a real canaryRich Felker2012-05-031-0/+1
| | | | | | | | | | | | | pthread structure has been adjusted to match the glibc/GCC abi for where the canary is stored on i386 and x86_64. it will need variants for other archs to provide the added security of the canary's entropy, but even without that it still works as well as the old "minimal" ssp support. eventually such changes will be made anyway, since they are also needed for GCC/C11 thread-local storage support (not yet implemented). care is taken not to attempt initializing the thread pointer unless the program actually uses SSP (by reference to __stack_chk_fail).
* ditch the priority inheritance locks; use malloc's version of lockRich Felker2012-04-242-28/+8
| | | | | | | | | | | | | | | | | | | i did some testing trying to switch malloc to use the new internal lock with priority inheritance, and my malloc contention test got 20-100 times slower. if priority inheritance futexes are this slow, it's simply too high a price to pay for avoiding priority inversion. maybe we can consider them somewhere down the road once the kernel folks get their act together on this (and perferably don't link it to glibc's inefficient lock API)... as such, i've switch __lock to use malloc's implementation of lightweight locks, and updated all the users of the code to use an array with a waiter count for their locks. this should give optimal performance in the vast majority of cases, and it's simple. malloc is still using its own internal copy of the lock code because it seems to yield measurably better performance with -O3 when it's inlined (20% or more difference in the contention stress test).
* internal locks: new owner of contended lock must set waiters flagRich Felker2012-04-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | this bug probably would have gone unnoticed since it's only used in the fallback code for systems where priority-inheritance locking fails. unfortunately this approach results in one spurious wake syscall on the final unlock, when there are no waiters remaining. the alternative (possibly better) would be to use broadcast wakes instead of reflagging the waiter unconditionally, and let each waiter reflag itself; this saves one syscall at the expense of invoking the "thundering herd" effect (worse performance degredation) when there are many waiters. ideally we would be able to update all of our locks to use an array of two ints rather than a single int, and use a separate counter system like proper mutexes use; then we could avoid all spurious wake calls without resorting to broadcasts. however, it's not clear to me that priority inheritance futexes support this usage. the kernel sets the waiters flag for them (just like we're doing now) and i can't tell if it's safe to bypass the kernel when unlocking just because we know (from private data, the waiter count) that there are no waiters. this is something that could be explored in the future.
* new internal locking primitive; drop spinlocksRich Felker2012-04-241-6/+27
| | | | | | we use priority inheritance futexes if possible so that the library cannot hit internal priority inversion deadlocks in the presence of realtime priority scheduling (full support to be added later).
* fix pthread_cleanup_pop(1) crash in non-thread-capable, static-linked programsRich Felker2012-02-282-2/+2
|
* work around "signal loses thread pointer" issue with "approach 2"Rich Felker2012-02-271-2/+3
| | | | | | | | | | | | this was discussed on the mailing list and no consensus on the preferred solution was reached, so in anticipation of a release, i'm just committing a minimally-invasive solution that avoids the problem by ensuring that multi-threaded-capable programs will always have initialized the thread pointer before any signal handler can run. in the long term we may switch to initializing the thread pointer at program start time whenever the program has the potential to access any per-thread data.