1. 13 9月, 2018 7 次提交
    • R
      reduce spurious inclusion of libc.h · 5ce37379
      Rich Felker 提交于
      libc.h was intended to be a header for access to global libc state and
      related interfaces, but ended up included all over the place because
      it was the way to get the weak_alias macro. most of the inclusions
      removed here are places where weak_alias was needed. a few were
      recently introduced for hidden. some go all the way back to when
      libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented)
      cancellation points had to include it.
      
      remaining spurious users are mostly callers of the LOCK/UNLOCK macros
      and files that use the LFS64 macro to define the awful *64 aliases.
      
      in a few places, new inclusion of libc.h is added because several
      internal headers no longer implicitly include libc.h.
      
      declarations for __lockfile and __unlockfile are moved from libc.h to
      stdio_impl.h so that the latter does not need libc.h. putting them in
      libc.h made no sense at all, since the macros in stdio_impl.h are
      needed to use them correctly anyway.
      5ce37379
    • R
      remove __vfork alias · ced75472
      Rich Felker 提交于
      this was added so that posix_spawn and possibly other functionality
      could be implemented in terms of vfork, but that turned out to be
      unsafe. any such usage needs __clone with proper handling of stack
      lifetime.
      ced75472
    • R
      overhaul internally-public declarations using wrapper headers · 13d1afa4
      Rich Felker 提交于
      commits leading up to this one have moved the vast majority of
      libc-internal interface declarations to appropriate internal headers,
      allowing them to be type-checked and setting the stage to limit their
      visibility. the ones that have not yet been moved are mostly
      namespace-protected aliases for standard/public interfaces, which
      exist to facilitate implementing plain C functions in terms of POSIX
      functionality, or C or POSIX functionality in terms of extensions that
      are not standardized. some don't quite fit this description, but are
      "internally public" interfacs between subsystems of libc.
      
      rather than create a number of newly-named headers to declare these
      functions, and having to add explicit include directives for them to
      every source file where they're needed, I have introduced a method of
      wrapping the corresponding public headers.
      
      parallel to the public headers in $(srcdir)/include, we now have
      wrappers in $(srcdir)/src/include that come earlier in the include
      path order. they include the public header they're wrapping, then add
      declarations for namespace-protected versions of the same interfaces
      and any "internally public" interfaces for the subsystem they
      correspond to.
      
      along these lines, the wrapper for features.h is now responsible for
      the definition of the hidden, weak, and weak_alias macros. this means
      source files will no longer need to include any special headers to
      access these features.
      
      over time, it is my expectation that the scope of what is "internally
      public" will expand, reducing the number of source files which need to
      include *_impl.h and related headers down to those which are actually
      implementing the corresponding subsystems, not just using them.
      13d1afa4
    • R
      rework mechanism for posix_spawnp calling posix_spawn · fe61a7aa
      Rich Felker 提交于
      previously, a common __posix_spawnx backend was used that accepted an
      additional argument for the execve variant to call in the child. this
      moderately bloated up the posix_spawn function, shuffling arguments
      between stack and/or registers to call a 7-argument function from a
      6-argument one.
      
      instead, tuck the exec function pointer in an unused part of the
      (large) pthread_spawnattr_t structure, and have posix_spawnp duplicate
      the attributes and fill in a pointer to __execvpe. the net code size
      change is minimal, but the weight is shifted to the "heavier" function
      which already pulls in more dependencies.
      
      as a bonus, we get rid of an external symbol (__posix_spawnx) that had
      no really good place for a declaration because it shouldn't have
      existed to begin with.
      fe61a7aa
    • R
      declare __syscall_ret as hidden in vfork asm · aee11e5a
      Rich Felker 提交于
      without this, it's plausible that assembler or linker could complain
      about an unsatisfiable relocation.
      aee11e5a
    • P
      add arm asm for vfork · a8c53794
      Patrick Oppenlander 提交于
      a8c53794
    • R
      move and deduplicate declarations of __procfdname to make it checkable · 6fcd60dd
      Rich Felker 提交于
      syscall.h was chosen as the header to declare it, since its intended
      usage is alongside syscalls as a fallback for operations the direct
      syscall does not support.
      6fcd60dd
  2. 05 9月, 2018 1 次提交
  3. 29 8月, 2018 1 次提交
    • R
      fix return value of system on failure to spawn child process · 1d297a28
      Rich Felker 提交于
      the value 0x7f00 (as if by _exit(127)) is specified only for the case
      where the child is created but then fails to exec the shell, since
      traditional fork+exec implementations do not admit reporting an error
      via errno in this case without additional machinery. it's unclear
      whether an implementation not subject to this failure mode needs to
      emulate it; one could read the standard as requiring that. if so,
      additional code will need to be added to map posix_spawn errors into
      the form system is expected to return. but for now, returning -1 to
      indicate an error is significantly better behavior than always
      reporting failures as if the shell failed to exec after fork.
      1d297a28
  4. 22 2月, 2018 2 次提交
    • R
      convert execvp error handling to switch statement · 6d610242
      Rich Felker 提交于
      this is more extensible if we need to consider additional errors, and
      more efficient as long as the compiler does not know it can cache the
      result of __errno_location (a surprisingly complex issue detailed in
      commit a603a75a).
      6d610242
    • P
      fix execvp failing on not-dir entries in PATH. · 8e0b3806
      Przemyslaw Pawelczyk 提交于
      It's better to make execvp continue PATH search on ENOTDIR rather than
      issuing an error. Bogus entries should not render rest of PATH invalid.
      
      Maintainer's note: POSIX seems to require the search to continue like
      this as part of XBD 8.3 Other Environment Variables. Only errors that
      conclusively determine non-existence are candidates for continuing;
      otherwise for consistency we have to report the error.
      8e0b3806
  5. 11 11月, 2017 1 次提交
  6. 06 11月, 2017 1 次提交
    • R
      adjust posix_spawn dup2 action behavior to match future requirements · 6fc6ca1a
      Rich Felker 提交于
      the resolution to Austin Group issue #411 defined new semantics for
      the posix_spawn dup2 file action in the (previously useless) case
      where src and dest fd are equal. future issues will require the dup2
      file action to remove the close-on-exec flag. without this change,
      passing fds to a child with posix_spawn while avoiding fd-leak races
      in a multithreaded parent required a complex dance with temporary fds.
      
      based on patch by Petr Skocik. changes were made to preserve the
      80-column formatting of the function and to remove code that became
      unreachable as a result of the new functionality.
      6fc6ca1a
  7. 20 10月, 2017 1 次提交
    • W
      posix_spawn: use larger stack to cover worst-case in execvpe · 004dc954
      Will Dietz 提交于
      execvpe stack-allocates a buffer used to hold the full path
      (combination of a PATH entry and the program name)
      while searching through $PATH, so at least
      NAME_MAX+PATH_MAX is needed.
      
      The stack size can be made conditionally smaller
      (the current 1024 appears appropriate)
      should this larger size be burdensome in those situations.
      004dc954
  8. 23 4月, 2017 2 次提交
    • R
      have posix_spawnattr_setflags check for supported flags · f9f686b7
      Rich Felker 提交于
      per POSIX, EINVAL is not a mandatory error, only an optional one. but
      reporting unsupported flags allows an application to fallback
      gracefully when a requested feature is not supported. this is not
      helpful now, but it may be in the future if additional flags are
      added.
      
      had this checking been present before, applications would have been
      able to check for the newly-added POSIX_SPAWN_SETSID feature (added in
      commit bb439bb1) at runtime.
      f9f686b7
    • R
      implement new posix_spawn flag POSIX_SPAWN_SETSID · bb439bb1
      Rich Felker 提交于
      this functionality has been adopted for inclusion in the next issue of
      POSIX as the result of Austin Group issue #1044.
      
      based on patch by Daurnimator.
      bb439bb1
  9. 12 11月, 2016 1 次提交
  10. 16 6月, 2015 1 次提交
    • R
      switch to using trap number 31 for syscalls on sh · 10d0268c
      Rich Felker 提交于
      nominally the low bits of the trap number on sh are the number of
      syscall arguments, but they have never been used by the kernel, and
      some code making syscalls does not even know the number of arguments
      and needs to pass an arbitrary high number anyway.
      
      sh3/sh4 traditionally used the trap range 16-31 for syscalls, but part
      of this range overlapped with hardware exceptions/interrupts on sh2
      hardware, so an incompatible range 32-47 was chosen for sh2.
      
      using trap number 31 everywhere, since it's in the existing sh3/sh4
      range and does not conflict with sh2 hardware, is a proposed
      unification of the kernel syscall convention that will allow binaries
      to be shared between sh2 and sh3/sh4. if this is not accepted into the
      kernel, we can refit the sh2 target with runtime selection mechanisms
      for the trap number, but doing so would be invasive and would entail
      non-trivial overhead.
      10d0268c
  11. 11 6月, 2015 1 次提交
  12. 14 4月, 2015 1 次提交
    • R
      remove remnants of support for running in no-thread-pointer mode · 19a1fe67
      Rich Felker 提交于
      since 1.1.0, musl has nominally required a thread pointer to be setup.
      most of the remaining code that was checking for its availability was
      doing so for the sake of being usable by the dynamic linker. as of
      commit 71f099cb, this is no longer
      necessary; the thread pointer is now valid before any libc code
      (outside of dynamic linker bootstrap functions) runs.
      
      this commit essentially concludes "phase 3" of the "transition path
      for removing lazy init of thread pointer" project that began during
      the 1.1.0 release cycle.
      19a1fe67
  13. 10 4月, 2015 1 次提交
    • R
      optimize out setting up robust list with kernel when not needed · 4e98cce1
      Rich Felker 提交于
      as a result of commit 12e1e324, kernel
      processing of the robust list is only needed for process-shared
      mutexes. previously the first attempt to lock any owner-tracked mutex
      resulted in robust list initialization and a set_robust_list syscall.
      this is no longer necessary, and since the kernel's record of the
      robust list must now be cleared at thread exit time for detached
      threads, optimizing it out is more worthwhile than before too.
      4e98cce1
  14. 03 2月, 2015 1 次提交
    • R
      make execvp continue PATH search on EACCES rather than issuing an errror · 14a01171
      Rich Felker 提交于
      the specification for execvp itself is unclear as to whether
      encountering a file that cannot be executed due to EACCES during the
      PATH search is a mandatory error condition; however, XBD 8.3's
      specification of the PATH environment variable clarifies that the
      search continues until a file with "appropriate execution permissions"
      is found.
      
      since it seems undesirable/erroneous to report ENOENT rather than
      EACCES when an early path element has a non-executable file and all
      later path elements lack any file by the requested name, the new code
      stores a flag indicating that EACCES was seen and sets errno back to
      EACCES in this case.
      14a01171
  15. 06 12月, 2014 2 次提交
    • R
      use direct syscall rather than write function in posix_spawn child · 8f7bc690
      Rich Felker 提交于
      the write function is a cancellation point and accesses thread-local
      state belonging to the calling thread in the parent process. since
      cancellation is blocked for the duration of posix_spawn, this is
      probably safe, but it's fragile and unnecessary. making the syscall
      directly is just as easy and clearly safe.
      8f7bc690
    • R
      don't fail posix_spawn on failed close · 1c12c243
      Rich Felker 提交于
      the resolution of austin group issue #370 removes the requirement that
      posix_spawn fail when the close file action is performed on an
      already-closed fd. since there are no other meaningful errors for
      close, just ignoring the return value completely is the simplest fix.
      1c12c243
  16. 06 7月, 2014 1 次提交
    • R
      eliminate use of cached pid from thread structure · 83dc6eb0
      Rich Felker 提交于
      the main motivation for this change is to remove the assumption that
      the tid of the main thread is also the pid of the process. (the value
      returned by the set_tid_address syscall was used to fill both fields
      despite it semantically being the tid.) this is historically and
      presently true on linux and unlikely to change, but it conceivably
      could be false on other systems that otherwise reproduce the linux
      syscall api/abi.
      
      only a few parts of the code were actually still using the cached pid.
      in a couple places (aio and synccall) it was a minor optimization to
      avoid a syscall. caching could be reintroduced, but lazily as part of
      the public getpid function rather than at program startup, if it's
      deemed important for performance later. in other places (cancellation
      and pthread_kill) the pid was completely unnecessary; the tkill
      syscall can be used instead of tgkill. this is actually a rather
      subtle issue, since tgkill is supposedly a solution to race conditions
      that can affect use of tkill. however, as documented in the commit
      message for commit 7779dbd2, tgkill
      does not actually solve this race; it just limits it to happening
      within one process rather than between processes. we use a lock that
      avoids the race in pthread_kill, and the use in the cancellation
      signal handler is self-targeted and thus not subject to tid reuse
      races, so both are safe regardless of which syscall (tgkill or tkill)
      is used.
      83dc6eb0
  17. 02 7月, 2014 1 次提交
  18. 30 5月, 2014 2 次提交
    • R
      5cf9e8f8
    • R
      support linux kernel apis (new archs) with old syscalls removed · dd5f50da
      Rich Felker 提交于
      such archs are expected to omit definitions of the SYS_* macros for
      syscalls their kernels lack from arch/$ARCH/bits/syscall.h. the
      preprocessor is then able to select the an appropriate implementation
      for affected functions. two basic strategies are used on a
      case-by-case basis:
      
      where the old syscalls correspond to deprecated library-level
      functions, the deprecated functions have been converted to wrappers
      for the modern function, and the modern function has fallback code
      (omitted at the preprocessor level on new archs) to make use of the
      old syscalls if the new syscall fails with ENOSYS. this also improves
      functionality on older kernels and eliminates the incentive to program
      with deprecated library-level functions for the sake of compatibility
      with older kernels.
      
      in other situations where the old syscalls correspond to library-level
      functions which are not deprecated but merely lack some new features,
      such as the *at functions, the old syscalls are still used on archs
      which support them. this may change at some point in the future if or
      when fallback code is added to the new functions to make them usable
      (possibly with reduced functionality) on old kernels.
      dd5f50da
  19. 25 5月, 2014 1 次提交
    • R
      support kernels with no SYS_open syscall, only SYS_openat · 594c827a
      Rich Felker 提交于
      open is handled specially because it is used from so many places, in
      so many variants (2 or 3 arguments, setting errno or not, and
      cancellable or not). trying to do it as a function would not only
      increase bloat, but would also risk subtle breakage.
      
      this is the first step towards supporting "new" archs where linux
      lacks "old" syscalls.
      594c827a
  20. 20 4月, 2014 1 次提交
  21. 25 3月, 2014 1 次提交
    • R
      always initialize thread pointer at program start · dab441ae
      Rich Felker 提交于
      this is the first step in an overhaul aimed at greatly simplifying and
      optimizing everything dealing with thread-local state.
      
      previously, the thread pointer was initialized lazily on first access,
      or at program startup if stack protector was in use, or at certain
      random places where inconsistent state could be reached if it were not
      initialized early. while believed to be fully correct, the logic was
      fragile and non-obvious.
      
      in the first phase of the thread pointer overhaul, support is retained
      (and in some cases improved) for systems/situation where loading the
      thread pointer fails, e.g. old kernels.
      
      some notes on specific changes:
      
      - the confusing use of libc.main_thread as an indicator that the
        thread pointer is initialized is eliminated in favor of an explicit
        has_thread_pointer predicate.
      
      - sigaction no longer needs to ensure that the thread pointer is
        initialized before installing a signal handler (this was needed to
        prevent a situation where the signal handler caused the thread
        pointer to be initialized and the subsequent sigreturn cleared it
        again) but it still needs to ensure that implementation-internal
        thread-related signals are not blocked.
      
      - pthread tsd initialization for the main thread is deferred in a new
        manner to minimize bloat in the static-linked __init_tp code.
      
      - pthread_setcancelstate no longer needs special handling for the
        situation before the thread pointer is initialized. it simply fails
        on systems that cannot support a thread pointer, which are
        non-conforming anyway.
      
      - pthread_cleanup_push/pop now check for missing thread pointer and
        nop themselves out in this case, so stdio no longer needs to avoid
        the cancellable path when the thread pointer is not available.
      
      a number of cases remain where certain interfaces may crash if the
      system does not support a thread pointer. at this point, these should
      be limited to pthread interfaces, and the number of such cases should
      be fewer than before.
      dab441ae
  22. 23 2月, 2014 2 次提交
  23. 12 2月, 2014 1 次提交
  24. 12 12月, 2013 1 次提交
  25. 07 10月, 2013 1 次提交
  26. 03 10月, 2013 1 次提交
    • R
      fix new environment always being null with execle · 2b2aff37
      Rich Felker 提交于
      the va_arg call for the argv[]-terminating null pointer was missing,
      so this pointer was being wrongly used as the environment pointer.
      
      issue reported by Timo Teräs. proposed patch slightly modified to
      simplify the resulting code.
      2b2aff37
  27. 10 8月, 2013 2 次提交
    • R
      optimize posix_spawn to avoid spurious sigaction syscalls · 3c5c5e6f
      Rich Felker 提交于
      the trick here is that sigaction can track for us which signals have
      ever had a signal handler set for them, and only those signals need to
      be considered for reset. this tracking mask may have false positives,
      since it is impossible to remove bits from it without race conditions.
      false negatives are not possible since the mask is updated with atomic
      operations prior to making the sigaction syscall.
      
      implementation-internal signals are set to SIG_IGN rather than SIG_DFL
      so that a signal raised in the parent (e.g. calling pthread_cancel on
      the thread executing pthread_spawn) does not have any chance make it
      to the child, where it would cause spurious termination by signal.
      
      this change reduces the minimum/typical number of syscalls in the
      child from around 70 to 4 (including execve). this should greatly
      improve the performance of posix_spawn and other interfaces which use
      it (popen and system).
      
      to facilitate these changes, sigismember is also changed to return 0
      rather than -1 for invalid signals, and to return the actual status of
      implementation-internal signals. POSIX allows but does not require an
      error on invalid signal numbers, and in fact returning an error tends
      to confuse applications which wrongly assume the return value of
      sigismember is boolean.
      3c5c5e6f
    • R
      fix missing errno from exec failure in posix_spawn · 65d7aa4d
      Rich Felker 提交于
      failures prior to the exec attempt were reported correctly, but on
      exec failure, the return value contained junk.
      65d7aa4d
  28. 09 8月, 2013 1 次提交
    • R
      block signals during fork · d4d6d6f3
      Rich Felker 提交于
      there are several reasons for this. some of them are related to race
      conditions that arise since fork is required to be async-signal-safe:
      if fork or pthread_create is called from a signal handler after the
      fork syscall has returned but before the subsequent userspace code has
      finished, inconsistent state could result. also, there seem to be
      kernel and/or strace bugs related to arrival of signals during fork,
      at least on some versions, and simply blocking signals eliminates the
      possibility of such bugs.
      d4d6d6f3