Commit Graph

1554 Commits

Author SHA1 Message Date
Rich Felker
42c36f957d fix overlap of thread stacks with thread tls segments 2012-10-14 21:10:44 -04:00
Rich Felker
c62b9f3980 fix main program TLS alignment for dynamic-linked programs
this change brings the behavior in line with the static-linked code,
which seems to be correct.
2012-10-14 19:56:50 -04:00
Rich Felker
36be5284c2 workaround broken hidden-visibility handling in pcc
with this change, pcc-built musl libc.so seems to work correctly. the
problem is that pcc generates GOT lookups for external-linkage symbols
even if they are hidden, rather than using GOT-relative addressing.
the entire reason we're using hidden visibility on the __libc object
is to make it accessible prior to relocations -- not to mention
inexpensive to access. unfortunately, the workaround makes it even
more expensive on pcc.

when the pcc issue is fixed, an appropriate version test should be
added so new pcc can use the much more efficient variant.
2012-10-13 23:53:18 -04:00
Rich Felker
185a977074 ensure pointer decay in inline-asm arg for i386 syscall6
this is actually a rather subtle issue: do arrays decay to pointers
when used as inline asm args? gcc says yes, but currently pcc says no.
hopefully this discrepency in pcc will be fixed, but since the
behavior is not clearly defined anywhere I can find, I'm using an
explicit operation to cause the decay to occur.
2012-10-13 23:46:51 -04:00
Rich Felker
e23d358fd6 fix namespace clash (libc) in dynlink.c
this makes it so the #undef libc and __libc name are no longer needed,
which were problematic because the "accessor function" mode for
accessing the libc struct could not be used, breaking build on any
compiler without (working) visibility.
2012-10-13 23:25:20 -04:00
Rich Felker
31f340a17a remove dead code from dynamic linker 2012-10-13 23:23:29 -04:00
Rich Felker
216dca82f6 comment possibly-confusing i386 vsyscall asm 2012-10-11 23:09:17 -04:00
Rich Felker
964e9f3c4c avoid the thread-ptr-init behavior of sigaction when not installing handler
this is necessary because posix_spawn calls sigaction after vfork, and
if the thread pointer is not already initialized, initializing it in
the child corrupts the parent process's state.
2012-10-11 22:51:05 -04:00
Rich Felker
12e9b4faf6 i386 vsyscall support (vdso-provided sysenter/syscall instruction based)
this doubles the performance of the fastest syscalls on the atom I
tested it on; improvement is reportedly much more dramatic on
worst-case cpus. cannot be used for cancellable syscalls.
2012-10-11 22:47:07 -04:00
Rich Felker
f2b1f1af83 ensure that buffer for decoding auxv at startup is initially zero 2012-10-08 11:20:31 -04:00
Rich Felker
0a96a37f06 clean up and refactor program initialization
the code in __libc_start_main is now responsible for parsing auxv,
rather than duplicating the parsing all over the place. this should
shave off a few cycles and some code size. __init_libc is left as an
external-linkage function despite the fact that it could be static, to
prevent it from being inlined and permanently wasting stack space when
main is called.

a few other minor changes are included, like eliminating per-thread
ssp canaries (they were likely broken when combined with certain
dlopen usages, and completely unnecessary) and some other unnecessary
checks. since this code gets linked into every program, it should be
as small and simple as possible.
2012-10-07 21:43:46 -04:00
Rich Felker
017bf140ff fix breakage due to initializing thread pointer when loading libs
at initial program load, all libraries must be loaded before the
thread pointer can be setup, since the TP-relative addresses of all
initial TLS objects must be constant.
2012-10-07 20:19:11 -04:00
Rich Felker
00902c7384 make new TLS setup block even implementation-internals signals
this is needed to ensure async-cancel-safety, i.e. to make it safe to
access TLS objects when async cancellation is enabled. otherwise, if
cancellation were acter upon after the atomic fetch/add but before the
thread saved the obtained memory, another access to the same TLS in
the cancellation handler could end up performing the atomic fetch/add
again, consuming more memory than is actually available and
overflowing into other objects on the heap.
2012-10-06 23:57:51 -04:00
Rich Felker
92e1cd9b0b don't crash if TLS library is loaded into process with no thread pointer 2012-10-06 16:56:35 -04:00
Rich Felker
6a2eaa3c5b fix buggy TLS size/alignment computations in static-linked TLS 2012-10-06 16:51:03 -04:00
Rich Felker
bd17431a2c fix symbol acceptance/rejection rules for TLS
symbol value of 0 is not "undefined" for TLS; it's the address of the
first symbol in the TLS segment. however, non-definition TLS
references also have values of 0, so check the section.

hopefully the new logic is more clear, too.
2012-10-06 01:36:11 -04:00
Rich Felker
cf3fd3d002 TLS fixes, mainly alignment handling
compute offsets from the thread pointer statically when loading the
library, rather than repeating the logic on each thread creation. not
only is the latter less efficient at runtime; it also fails to provide
solid guarantees that the offsets will remain the same when the
initial alignment of memory is different. the new alignment handling
is both more rigorous and simpler.

the old code was also clobbering TLS bss with random image data in
some cases due to using tls_size (size of TLS segment) instead of
tls_len (length of the TLS data image).
2012-10-06 01:22:51 -04:00
Rich Felker
f4f77c068f fix/improve shared library ctor/dtor handling, allow recursive dlopen
some libraries call dlopen from their constructors, resulting in
recursive calls to dlopen. previously, this resulted in deadlock. I'm
now unlocking the dlopen lock before running constructors (this is
especially important since the lock also blocked pthread_create and
was being held while application code runs!) and using a separate
recursive mutex protecting the ctor/dtor state instead.

in order to prevent the same ctor from being called more than once, a
module is considered "constructed" just before the ctor runs.

also, switch from using atexit to register each dtor to using a single
atexit call to register the dynamic linker's dtor processing as just
one handler. this is necessary because atexit performs allocation and
may fail, but the library has already been loaded and cannot be
backed-out at the time dtor registration is performed. this change
also ensures that all dtors run after all atexit functions, rather
than in mixed order.
2012-10-05 13:09:09 -04:00
Rich Felker
5f88c0edd5 small dynamic linker module search fix
libraries loaded more than once by pathname should not get shortnames
that would cause them to later be used to satisfy non-pathname load
requests.
2012-10-05 12:09:54 -04:00
Rich Felker
dcd6037150 support for TLS in dynamic-loaded (dlopen) modules
unlike other implementations, this one reserves memory for new TLS in
all pre-existing threads at dlopen-time, and dlopen will fail with no
resources consumed and no new libraries loaded if memory is not
available. memory is not immediately distributed to running threads;
that would be too complex and too costly. instead, assurances are made
that threads needing the new TLS can obtain it in an async-signal-safe
way from a buffer belonging to the dynamic linker/new module (via
atomic fetch-and-add based allocator).

I've re-appropriated the lock that was previously used for __synccall
(synchronizing set*id() syscalls between threads) as a general
pthread_create lock. it's a "backwards" rwlock where the "read"
operation is safe atomic modification of the live thread count, which
multiple threads can perform at the same time, and the "write"
operation is making sure the count does not increase during an
operation that depends on it remaining bounded (__synccall or dlopen).
in static-linked programs that don't use __synccall, this lock is a
no-op and has no cost.
2012-10-05 11:51:50 -04:00
Rich Felker
642b7593c3 fix race condition in dlopen
orig_tail was being saved before the lock was obtained, allowing
dlopen failure to roll-back other dlopens that had succeeded.
2012-10-05 01:15:25 -04:00
Rich Felker
99a2af6f45 fix incorrect TLS reloc macro names in x86_64 reloc.h 2012-10-05 01:00:40 -04:00
Rich Felker
9c74856af7 dynamic-linked TLS support for everything but dlopen'd libs
currently, only i386 is tested. x86_64 and arm should probably work.
the necessary relocation types for mips and microblaze have not been
added because I don't understand how they're supposed to work, and I'm
not even sure if it's defined yet on microblaze. I may be able to
reverse engineer the requirements out of gcc/binutils output.
2012-10-04 22:48:33 -04:00
Rich Felker
c91aa03d24 remove freeing of dynamic linker data when dlopen/dlsym are not used
this was an optimization to save/recover a minimal amount of extra
memory for use by malloc, that's becoming increasingly costly to keep
around. freeing this data:

1. breaks debugging with gdb (it can't find library symbols)
2. breaks thread-local storage in shared libraries

it would be possible to disable freeing when TLS is used, but in
addition to the above breakages, tracking whether dlopen/dlsym is used
adds a cost to every symbol lookup, possibly making program startup
slower for large programs. combined with the complexity, it's not
worth it. we already save/recover plenty of memory in the dynamic
linker with reclaim_gaps.
2012-10-04 21:08:53 -04:00
Rich Felker
9b153c043e beginnings of full TLS support in shared libraries
this code will not work yet because the necessary relocations are not
supported, and cannot be supported without some internal changes to
how relocation processing works (coming soon).
2012-10-04 21:01:56 -04:00
Rich Felker
bc6a35fb7b partial TLS support for dynamic-linked programs
only TLS in the main program is supported so far; TLS defined in
shared libraries will not work yet.
2012-10-04 20:04:13 -04:00
Rich Felker
8431d7972f TLS (GNU/C11 thread-local storage) support for static-linked programs
the design for TLS in dynamic-linked programs is mostly complete too,
but I have not yet implemented it. cost is nonzero but still low for
programs which do not use TLS and/or do not use threads (a few hundred
bytes of new code, plus dependency on memcpy). i believe it can be
made smaller at some point by merging __init_tls and __init_security
into __libc_start_main and avoiding duplicate auxv-parsing code.

at the same time, I've also slightly changed the logic pthread_create
uses to allocate guard pages to ensure that guard pages are not
counted towards commit charge.
2012-10-04 16:35:46 -04:00
Rich Felker
adefe830dd tell the assembler to mark all files as not requiring executable stack
for some reason this option is undocumented. not sure when it was
added, so I'm using a configure test. gcc was already setting the mark
correctly for C files, but assembler source files would need ugly
.note boilerplate in every single file to achieve this without the
option to the assembler.

blame whoever thought it would be a good idea to make the stack
executable by default rather than doing it the other way around...
2012-10-03 11:49:58 -04:00
Rich Felker
030e526392 add getopt reset support
based on proposed patches by Daniel Cegiełka, with minor changes:
- use a weak symbol for optreset so it doesn't clash with namespace
- also reset optpos (position in multi-option arg like -lR)
- also make getopt_long support reset
2012-09-30 20:00:38 -04:00
Rich Felker
e44849f5cf protect sem_open against cancellation
also fix one minor bug: failure to free the early-reserved slot when
the semaphore later found to already be mapped.
2012-09-30 19:44:45 -04:00
Rich Felker
bf258341b7 overhaul sem_open
this function was overly complicated and not even obviously correct.
avoid using openat/linkat just like in shm_open, and instead expand
pathname using code shared with shm_open. remove bogus (and dangerous,
with priorities) use of spinlocks.

this commit also heavily streamlines the code and ensures there are no
failure cases that can happen after a new semaphore has been created
in the filesystem, since that case is unreportable.
2012-09-30 19:35:40 -04:00
Rich Felker
6e2372a86c clean up, bugfixes, and general improvement for shm_open/shm_unlink
1. don't make non-cloexec file descriptors
2. cancellation safety (cleanup handlers were missing, now unneeded)
3. share name validation/mapping code between open/unlink functions
4. avoid wasteful/slow syscalls
2012-09-30 17:53:54 -04:00
Rich Felker
2e3648b85d define some _POSIX_* macros that were omitted; required for XSI conformance 2012-09-30 01:52:17 -04:00
Rich Felker
d712dd396d more close-on-exec fixes, mostly using new "e" flag to fopen 2012-09-29 18:14:46 -04:00
Rich Felker
8582a6e9f2 add 'e' modifier (close-on-exec) to fopen and fdopen
this feature will be in the next version of POSIX, and can be used
internally immediately. there are many internal uses of fopen where
close-on-exec is needed to fix bugs.
2012-09-29 18:09:34 -04:00
Rich Felker
f2d08cf755 fix some more O_CLOEXEC/SOCK_CLOEXEC issues 2012-09-29 17:59:50 -04:00
Rich Felker
3609e019f3 always expose accept4
it will be in the next version of POSIX
2012-09-29 17:44:33 -04:00
Rich Felker
9735d50070 always expose dup3 and pipe2
they will be in the next version of POSIX
2012-09-29 17:42:21 -04:00
Rich Felker
dc62790dee move accept4, dup3, and pipe2 to non-linux-specific locations
these interfaces have been adopted by the Austin Group for inclusion
in the next version of POSIX.
2012-09-29 17:40:42 -04:00
Rich Felker
79a5e73e51 emulate SOCK_CLOEXEC and SOCK_NONBLOCK for old (pre-2.6.27) kernels
also update syslog to use SOCK_CLOEXEC rather than separate fcntl
step, to make it safe in multithreaded programs that run external
programs.

emulation is not atomic; it could be made atomic by holding a lock on
forking during the operation, but this seems like overkill. my goal is
not to achieve perfect behavior on old kernels (which have plenty of
other imperfect behavior already) but to avoid catastrophic breakage
in (1) syslog, which would give no output on old kernels with the
change to use SOCK_CLOEXEC, and (2) programs built on a new kernel
where configure scripts detected a working SOCK_CLOEXEC, which later
get run on older kernels (they may otherwise fail to work completely).
2012-09-29 17:36:27 -04:00
Rich Felker
3d8d90c5cc sem_open should make process-shared semaphores
this did not matter because we don't yet treat process-shared special.
when private futex support is added, however, it will matter.
2012-09-29 16:49:32 -04:00
Rich Felker
39f296a95b use O_CLOEXEC to open semaphore files in sem_open 2012-09-29 16:48:52 -04:00
Rich Felker
c983e6415a fix some indention-with-spaces that crept in 2012-09-29 01:14:07 -04:00
Rich Felker
8c0a3d9e5c microblaze port
based on initial work by rdp, with heavy modifications. some features
including threads are untested because qemu app-level emulation seems
to be broken and I do not have a proper system image for testing.
2012-09-29 01:05:31 -04:00
Rich Felker
e0ea44cb76 fix arm clone syscall bug (no effect unless app uses clone)
the code to exit the new thread/process after the start function
returns was mixed up in its syscall convention.
2012-09-27 18:56:10 -04:00
Rich Felker
68dbd05039 optimize strchrnul/strcspn not to scan string twice on no-match
when strchr fails, and important piece of information already
computed, the string length, is thrown away. have strchrnul (with
namespace protection) be the underlying function so this information
can be kept, and let strchr be a wrapper for it. this also allows
strcspn to be considerably faster in the case where the match set has
a single element that's not matched.
2012-09-27 17:19:09 -04:00
Rich Felker
3f9ff1514e slightly cleaner strlen, also seems to compile to better code
testing with gcc 4.6.3 on x86, -Os, the old version does a duplicate
null byte check after the first loop. this is purely the compiler
being stupid, but the old code was also stupid and unintuitive in how
it expressed the check.
2012-09-27 16:56:33 -04:00
Rich Felker
507faa63cb fix dirname to handle input of form "foo/" correctly
also optimized a bit.
2012-09-26 00:56:07 -04:00
Rich Felker
82dc1e2e78 fix handling of EINTR during close()
austin group interpretation for defect #529
(http://austingroupbugs.net/view.php?id=529) tightens the
requirements on close such that, if it returns with EINTR, the file
descriptor must not be closed. the linux kernel developers vehemently
disagree with this, and will not change it. we catch and remap EINTR
to EINPROGRESS, which the standard allows close() to return when the
operation was not finished but the file descriptor has been closed.
2012-09-24 22:39:08 -04:00
Rich Felker
4b49060da0 fix getaddrinfo to accept port 0 (zero)
new behavior can be summarized as:
inputs that parse completely as a decimal number are treated as one,
and rejected only if the result is out of 16-bit range.
inputs that do not parse as a decimal number (where strtoul leaves
anything left over in the input) are searched in /etc/services.
2012-09-22 16:19:06 -04:00